Update all code blocks

This commit is contained in:
Benoit S 2021-02-20 15:06:15 +09:00
parent 5bd12c70c7
commit 1d67e73eff
14 changed files with 237 additions and 246 deletions

View file

@ -6,7 +6,7 @@ hide:
[PDF version](CV.pdf)
```
```console
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: THIS RESUME IS SO GEEK!!!11 @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

View file

@ -2,14 +2,14 @@
Upgrade from 8 to Stream.
```
dnf install centos-release-stream && dnf update
```console
# dnf install centos-release-stream && dnf update
```
Exclude path when unpacking package. Useful for unprivileged containers.
```
dnf reinstall --downloadonly filesystem
find /var/cache -iname "*filesy*"
rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
```console
# dnf reinstall --downloadonly filesystem
# find /var/cache -iname "*filesy*"
# rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
```

View file

@ -1,31 +1,31 @@
## Monitor mode
For my RTL8188EUS:
```
ip link set wlanX down
iw dev wlanX set type monitor
```console
# ip link set wlanX down
# iw dev wlanX set type monitor
```
## Scan networks
All channels:
```
airodump-ng wlanX
```console
# airodump-ng wlanX
```
Specific channel:
```
airodump-ng -c 6 wlanX
```console
# airodump-ng -c 6 wlanX
```
## Save a capture of chosen BSSID
```
airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
```console
# airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
```
You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
```
aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
```console
# aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
```
`-a` is access point
`-c` is client
@ -36,8 +36,8 @@ Then you should have an EAPOL/WPA handshake.
### For a 8 digits scheme
```
crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
```console
$ crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
```
## Wireshark
@ -46,8 +46,8 @@ PSK Generator: <https://www.wireshark.org/tools/wpa-psk.html>
## PMKID method
```
hcxdumptool -i wlanX -o PMKID --enable_status=1
```console
$ hcxdumptool -i wlanX -o PMKID --enable_status=1
```
TODO...
@ -56,8 +56,8 @@ TODO...
AP must have WPS enabled with a PIN. Not PBC, push button.
```
reaver -i wlanX -b 00:23:B1:82:84:xx
```console
# reaver -i wlanX -b 00:23:B1:82:84:xx
```
## Resources

View file

@ -1,17 +1,17 @@
# Convert
## Convert
# MKV to WebM
### MKV to WebM
~~~
```console
$ ffmpeg -i input.mkv -c:v libvpx -qmin 0 -qmax 50 -crf 10 -b:v 2M -c:a libvorbis output.webm
~~~
# Recording Screen
## Within a specified zone
```
avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
## Recording Screen
### Within a specified zone
```console
$ avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
```
With sound from microphone and monitor of input.

View file

@ -1,35 +1,35 @@
# HowtoGPG
## Some commands:
```
gpg --card-status
gpg --export-ssh-key keyID
gpg --armor --export keyID > pubkey.asc
```console
$ gpg --card-status
$ gpg --export-ssh-key keyID
$ gpg --armor --export keyID > pubkey.asc
```
## Use Nitrokey from new system:
```
gpg --import pubkey.asc
gpg --card-status
```console
$ gpg --import pubkey.asc
$ gpg --card-status
```
## Use GPG Agent as SSH Agent
```
vim .gnupg/gpg-agent.conf
```console
$ vim .gnupg/gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-qt
systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
vim .bashrc
$ vim .bashrc
export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh"
```
## Export your public key to your web server:
```
```console
$ mkdir openpgpkey
$ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key
```
@ -43,22 +43,22 @@ My public key is available via: <https://openpgpkey.benpro.fr/.well-known/openpg
WKD mean Web Key Directory. Interesting website: <https://metacode.biz/openpgp/web-key-directory>
```
gpg --locate-key user@example.com
```console
$ gpg --locate-key user@example.com
```
### From keyserver
#### With keys.openpgp.org
```
echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
gpg --auto-key-locate keyserver --locate-keys user@example.com
```console
$ echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
$ gpg --auto-key-locate keyserver --locate-keys user@example.com
```
#### With sks-keyservers.net
```
gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
```console
$ gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
```

View file

@ -1,28 +1,28 @@
Some commands:
```
lxc image alias list images:
lxc info <name>
lxc config edit <name>
lxc config sonw <name>
lxc exec <name> bash
lxc config set <name> limits.memory 512MB
lxc config set <name> limits.cpu 2
lxc config device set <name> root size 20GB
lxc launch images:debian/stretch/amd64 <name>
lxc config set <name> environment.LC_ALL=en_US.UTF-8
lxc list
lxc storage volume list <storagename>
# mode privileged
lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
# Create a backups volume in the local (default) pool (ZFS) and use it for backups
lxc storage volume create local backups
lxc config set storage.backups_volume local/backups
# Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
lxc storage volume create local images
lxc config set storage.images_volume local/images
lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
```console
$ lxc image alias list images:
$ lxc info <name>
$ lxc config edit <name>
$ lxc config sonw <name>
$ lxc exec <name> bash
$ lxc config set <name> limits.memory 512MB
$ lxc config set <name> limits.cpu 2
$ lxc config device set <name> root size 20GB
$ lxc launch images:debian/stretch/amd64 <name>
$ lxc config set <name> environment.LC_ALL=en_US.UTF-8
$ lxc list
$ lxc storage volume list <storagename>
$ #mode privileged
$ lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
$ lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
$ #Create a backups volume in the local (default) pool (ZFS) and use it for backups
$ lxc storage volume create local backups
$ lxc config set storage.backups_volume local/backups
$ #Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
$ lxc storage volume create local images
$ lxc config set storage.images_volume local/images
$ lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
```
Chemins :
@ -41,7 +41,7 @@ dnsutils
N'est plus nécessaire sur les images récentes :
```
```console
# systemctl disable getty@tty{1..4}
# reboot
```
@ -57,17 +57,16 @@ etckeeper
vim
```
```
sed -i 's/^tty/# tty/g' /etc/inittab
```console
# sed -i 's/^tty/# tty/g' /etc/inittab
# clean messages
# #clean messages
rm /var/log/messages
```
Nginx :
```
```nginx
set_real_ip_from W.X.Y.Z;
#real_ip_recursive on;
real_ip_header X-Forwarded-For;
@ -79,6 +78,6 @@ access_log /var/log/nginx/access.log custom;
Aller dans le namespace de LXD (snap0 pour faire des actions genre mount/umount :
```
```console
# nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```

View file

@ -2,7 +2,7 @@
Thermal info:
```
sudo powermetrics s thermal
sudo powermetrics -s thermal | grep -A2 -i thermal
```console
$ sudo powermetrics s thermal
$ sudo powermetrics -s thermal | grep -A2 -i thermal
```

View file

@ -1,8 +1,11 @@
---
title: Howto Serveur de mail sécurisé avec Mailcow et Scaleway
categories: sysadmin mail
---
???+ Danger
Documentation obsolète !
# Intro
Ce Howto explique comment monter un serveur de mail sécurisé en utilisant [Mailcow](https://github.com/andryyy/mailcow) et un serveur virtuel chez [Scaleway](https://www.scaleway.com/). L'introduction est à lire sur mon [blog](https://www.lekernelpanique.fr/2017/03/05/votre-propre-serveur-de-mail-securise-pour-3emois/).
@ -15,7 +18,7 @@ La première étape consiste évidement à créer l'instance sur la console de S
L'image Debian de Scaleway n'étant pas « buildé » tous les jours, il se peut qu'il y ait quelques mises à jour à faire. On fait donc une upgrade.
```
```console
# apt update
# apt upgrade
```
@ -26,7 +29,7 @@ Ce volume accueillera vos mails et journaux systèmes. Il est donc intéressant
Création du fichier image et montage sur `/dev/loop0`.
```
```console
# dd if=/dev/zero of=/var.img bs=1M count=35000
# chmod 600 /var.img
# losetup /dev/loop0 /var.img
@ -34,7 +37,7 @@ Création du fichier image et montage sur `/dev/loop0`.
On en profite pour aussi créer une swap de 1G tant qu'à faire.
```
```console
# dd if=/dev/zero of=/swapfile.img bs=1M count=1000
# chmod 600 /swapfile.img
# mkswap -LSWAP
@ -43,7 +46,7 @@ On en profite pour aussi créer une swap de 1G tant qu'à faire.
On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous aller devoir la taper à chaque démarrage dans la console de Scaleway. Pas très souvent si tout est stable ! :-)
```
```console
# apt install cryptsetup
# cryptsetup luksFormat --hash sha256 --key-size=512 /dev/loop0
# cryptsetup luksOpen /dev/loop0 crypted-var
@ -51,7 +54,7 @@ On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous
On formate le tout en EXT4, on monte le volume, on stoppe les services qui utilisent actuellement `/var` et on rsync le tout.
```
```console
# mkfs.ext4 -LVAR /dev/mapper/crypted-var
# mount /dev/mapper/crypted-var /mnt/
# for pid in $(lsof | grep /var | tr -s '\t' ' ' | cut -d' ' -f2 | sort | uniq | grep -v "^1$"); do kill $pid; done
@ -64,7 +67,7 @@ On indique le volume chiffré dans `crypttab` et le point de montage dans `fstab
> **Note** : On désactive `unattended-upgrades` qui va planter l'arrêt à cause du /var qui n'existe plus.
```
```console
# echo "crypted-var /var.img none luks" >> /etc/crypttab
# echo "/dev/mapper/crypted-var /var ext4 defaults 0 2" >> /etc/fstab
# systemctl disable unattended-upgrades.service
@ -89,7 +92,7 @@ Au niveau de vos entrées DNS, il vous faudra un champ A et un MX. Plus de déta
On supprime exim4, car Mailcow utilise postfix.
```
```console
# apt purge exim4 exim4-base exim4-config exim4-daemon-light
```
@ -97,7 +100,7 @@ On supprime exim4, car Mailcow utilise postfix.
Puis on télécharge le script d'installation, on édite la configuration et on lance l'installation.
```
```console
# wget -O - https://github.com/andryyy/mailcow/archive/v0.14.tar.gz | tar xfz -
# cd mailcow-0.14
# vim mailcow.config
@ -107,7 +110,7 @@ Puis on télécharge le script d'installation, on édite la configuration et on
Laissez-vous guider par le script d'installation.
```
```console
# ./install.sh
```
@ -125,7 +128,7 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
## ShellPKI
```
```console
# cd /usr/local
# git clone https://forge.evolix.org/shellpki.git
# cd shellpki
@ -137,20 +140,20 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
Éditer `/etc/shellpki/openssl.cnf` et initialiser shellPKI. Le plus important est de remplir le « Common Name », par exemple `Myname Root Certificate`.
```
```console
# vim /etc/shellpki/openssl.cnf
# ./shellpki.sh init
```
On génère un certificat client (sans passphrase), soit un utilisateur par exemple. Il faudra choisir un « Common Name » du type `user@domain.tld`.
```
```console
# ./shellpki.sh create
```
Puis on le convertit au format `PKCS#12` avec une passphrase d'export. Cette passphrase sera demandé à l'import dans un navigateur ou smartphone par exemple.
```
```console
# cd /etc/ssl/clients
# openssl pkcs12 -export -in user@mail.domain.tld.crt -inkey user@mail.domain.tld.key -out user@mail.domain.tld.p12
```
@ -161,12 +164,12 @@ La dernière étape consiste à dire à dovecot et nginx qu'il est nécessaire d
## Nginx
```
```nginx
ssl_client_certificate /etc/shellpki/ca/cacert.pem;
ssl_verify_client on;
```
```
```console
# systemctl restart nginx
```
@ -174,7 +177,7 @@ ssl_verify_client on;
> **Note** : Attention, si vous avez un webmail qui se connecte en local, imap non chiffré, l'activation de `auth_ssl_require_client_cert`, va imposer d'utiliser un certificat… Cassant votre webmail. Il n'y a pas à ce jour la possibilité d'activer `auth_ssl_require_client_cert` seulement pour imaps… Si vous utilisez un webmail, n'activez pas ceci sur dovecot.
```
```dovecot
# Client certificate
ssl_ca = </etc/shellpki/ca/cacert.pem
ssl_verify_client_cert = yes
@ -187,7 +190,7 @@ protocol !smtp {
}
```
```
```console
# systemctl restart dovecot.service
```
@ -197,8 +200,8 @@ Vous devez maintenant faire le nécessaire côté client (Thunderbird, K9-Mail
Voici une liste de tâches non exhaustives à faire de votre côté que je ne documente pas, non obligatoire mais conseillé…
- Monter un serveur de MX secondaire ;
- Activer un pare-feu sur votre machine, par exemple `ufw` ;
- Monitorer votre serveur ;
- S'assurer du suivi des mises à jour ;
- Faire des sauvegardes.
- [ ] Monter un serveur de MX secondaire ;
- [ ] Activer un pare-feu sur votre machine, par exemple `ufw` ;
- [ ] Monitorer votre serveur ;
- [ ] S'assurer du suivi des mises à jour ;
- [ ] Faire des sauvegardes.

View file

@ -1,152 +1,152 @@
Get Github or Gitlab user key:
```
curl https://github.com/<username>.keys
curl https://gitlab.com/<username>.keys
```console
$ curl https://github.com/<username>.keys
$ curl https://gitlab.com/<username>.keys
```
Enter a namespace, for example LXD (which is in a NS by Snap).
```
nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```console
$ nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```
SSH into a machine without checking host key. Useful when servers are in a rescue mode.
~~~
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
~~~
```console
$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
```
Certbot manual example.
~~~
certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
~~~
```console
# certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
```
GPG-agent list SSH key and remove.
~~~
```
gpg-connect-agent
KEYINFO --ssh-list --ssh-fpr
DELETE_KEY $HASH
~~~
```
Show md5 fingerprint of SSH key.
~~~
ssh-keygen -l -E md5 -f .ssh/key.pub
~~~
```console
$ ssh-keygen -l -E md5 -f .ssh/key.pub
```
Password recovery. At grub stage, press `e` to edit the kernel line and add `init=/bin/bash`. It will drop you in a shell before init system (systemd).
~~~
mount -o remount,rw /
passwd
~~~
```console
# mount -o remount,rw /
# passwd
```
Mount partitions on an image file using losetup.
~~~
losetup -P -f --show my.img
~~~
```console
# losetup -P -f --show my.img
```
List all software installed from particular component (non-free, contrib)
~~~
```console
$ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free
~~~
```
Manually rotate a file without logrotate, with savelog(8).
~~~
```console
$ savelog
~~~
```
What processes uses swap?
~~~
for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
~~~
```console
$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
```
MySQL "fast" shutdown.
~~~
```console
> set global innodb_max_dirty_pages_pct = 0;
$ mysqladmin ext -i10 | grep dirty
~~~
```
mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …).
~~~
mkfs.ext4 -O ^64bit,^metadata_csum
~~~
```console
# mkfs.ext4 -O ^64bit,^metadata_csum
```
Send a mail from queue.
```
postcat -q ID > mail
< mail sendmail -f FROM TO
```console
$ postcat -q ID > mail
$ < mail sendmail -f FROM TO
```
Python Simple HTTP Server (useful for Munin for example).
```
cd /var/cache/munin/www
python -m SimpleHTTPServer 8080
```console
$ cd /var/cache/munin/www
$ python -m SimpleHTTPServer 8080
```
Show custom certs (not a link) and expiration in `/etc/ssl/certs`.
```
find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
```console
# find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
```
Edit Bind DNS serial (needs modifications, not generic).
```
sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
```console
$ sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
```
After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages.
```
for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
```console
# for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
```
Debug php with strace and php-cgi (especially useful for wp multisites).
```
HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
```console
$ HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
```
```ps``` with long user fields (here 20).
`ps` with long user fields (here 20).
```
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
```console
$ ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
```
WTF is happening in apache (or other)? Let's strace all apache processes.
```
```console
# strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999
```
WTF is happening? Let's tail all logs.
```
```console
# tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ')
```
Search for suspects POST in apache.log (often attacks).
```{.bash}
grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
```console
# grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
```
Check for crashed MySQL table in syslog and launch a repair.
```{.bash}
```bash
#!/bin/bash
tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ')
for tableC in $tables; do
@ -157,37 +157,36 @@ done
```
Get the groups of an user and add another user into these groups.
```{.bash}
for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
```console
# for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
```
Get the last acceded URLs in Squid Access list.
```{.bash}
tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
```console
# tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
```
Migrate MySQL users.
```{.bash}
# SRC Server
mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
```console
# #SRC Server
# mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
# mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
# DST Server
scp server:/tmp/mysql_{db,user} /tmp
chmod 664 /tmp/mysql_{db,user}
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
# #DST Server
# scp server:/tmp/mysql_{db,user} /tmp
# chmod 664 /tmp/mysql_{db,user}
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
```
Find userid of mails in mailq.
```{.bash}
for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
sort -n /tmp/userid | uniq
```console
$ for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
$ sort -n /tmp/userid | uniq
```
Kill every MySQL SELECT older than X seconds Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
```{.bash}
```bash
#!/bin/bash
# From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
SEC=$1
@ -210,10 +209,10 @@ abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<
```
itk change rights.
```{.bash}
```console
find /tmp/ -user www-user.old -exec chown www-user:user {} \;
find /tmp/ -user user.old -exec chown user:user {} \;
# find /tmp/ -user www-user.old -exec chown www-user:user {} \;
# find /tmp/ -user user.old -exec chown user:user {} \;
* Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \;
* Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \;
@ -222,16 +221,15 @@ find /tmp/ -user user.old -exec chown user:user {} \;
```
Get useradd command for migrating account.
```{.bash}
for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
```console
# for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
Output :
useradd -m -s /bin/bash -u USERID -p 'USERPWD' username
```
Find files newert than (mtime) a precise date, and execute an action.
```{.bash}
find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
```bash
# find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
```

View file

@ -1,27 +1,27 @@
Some commands:
```
apt install zfsutils-linux
zpool create local /dev/xxx
zpool list
zfs create local/home
zfs list
zfs set compression=lz4 local/home
zfs get compression
zfs get compressratio local/home
zfs set dedup=on local/home
zpool get dedupratio local
zfs set mountpoint=/home local/home
apt install nfs-kernel-server nfs-common
systemctl enable --now rpc-statd.service nfs-server.service
zfs set sharenfs="rw=@10.0.1.0/24" local/home
zfs share local/home
zfs get sharenfs
# Import pool after boot/cryptsetup Open
zpool import local
zfs snapshot local/containers/archive@backup
zfs list -t snapshot
zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
zfs destroy local/containers/archive@backup
zfs clone local/containers/archive@backup local/containers/archive-clone
```console
# apt install zfsutils-linux
# zpool create local /dev/xxx
# zpool list
# zfs create local/home
# zfs list
# zfs set compression=lz4 local/home
# zfs get compression
# zfs get compressratio local/home
# zfs set dedup=on local/home
# zpool get dedupratio local
# zfs set mountpoint=/home local/home
# apt install nfs-kernel-server nfs-common
# systemctl enable --now rpc-statd.service nfs-server.service
# zfs set sharenfs="rw=@10.0.1.0/24" local/home
# zfs share local/home
# zfs get sharenfs
# #Import pool after boot/cryptsetup Open
# zpool import local
# zfs snapshot local/containers/archive@backup
# zfs list -t snapshot
# zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
# zfs destroy local/containers/archive@backup
# zfs clone local/containers/archive@backup local/containers/archive-clone
```

View file

@ -1,8 +1,6 @@
---
format: Markdown
toc: yes
title: Backup Strategy
...
???+ Danger
Deprecated, todo...
# Servers

View file

@ -1,12 +1,8 @@
---
title: Basic CPU Benchmark on GCP/Vultr/Hetzner/Scaleway
...
*Updated whenever I can.*
Encoding a 2h video (live concert from Japanese TV, MPEG-2, dark scene with grain) at 1280x720 resolution.
```
HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
```console
$ HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
```
- Scaleway bare-metal 8 CPU C2L:

View file

@ -1,13 +1,10 @@
---
format: Markdown
toc: yes
categories: Nihongo
title: Mémo/Cours de Japonais 1ère année
...
---
# Deprecated
???+ Danger
> **Note** : Je ne tiens plus à jour cette page.
Obsolète ! Je ne tiens plus à jour cette page.
Cette page me sert de mémo pour mon apprentissage du Japonais (1ère année) et part du principe que les Hiragana et Katakana sont maîtrisés :) !
(Ce mémo est inspiré de l'application [Human Japanese sur Android](https://play.google.com/store/apps/details?id=com.braksoftware.HumanJapanese&hl=fr) pour la structure et de mes cours à [Toulouse-Manga](http://toulousemanga.fr/les-cours-de-manga-a-toulouse/cours-de-japonais/)).

View file

@ -2,8 +2,8 @@
## IP address in Japan with WG+Socks
```
for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
```console
$ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
217.138.252.227
2001:ac8:40:b6::a06d
217.138.252.243