Update all code blocks

This commit is contained in:
Benoit S 2021-02-20 15:06:15 +09:00
parent 5bd12c70c7
commit 1d67e73eff
14 changed files with 237 additions and 246 deletions

View file

@ -6,7 +6,7 @@ hide:
[PDF version](CV.pdf)
```
```console
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: THIS RESUME IS SO GEEK!!!11 @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

View file

@ -2,14 +2,14 @@
Upgrade from 8 to Stream.
```
dnf install centos-release-stream && dnf update
```console
# dnf install centos-release-stream && dnf update
```
Exclude path when unpacking package. Useful for unprivileged containers.
```console
# dnf reinstall --downloadonly filesystem
# find /var/cache -iname "*filesy*"
# rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
```
dnf reinstall --downloadonly filesystem
find /var/cache -iname "*filesy*"
rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm
```

View file

@ -1,31 +1,31 @@
## Monitor mode
For my RTL8188EUS:
```
ip link set wlanX down
iw dev wlanX set type monitor
```console
# ip link set wlanX down
# iw dev wlanX set type monitor
```
## Scan networks
All channels:
```
airodump-ng wlanX
```console
# airodump-ng wlanX
```
Specific channel:
```
airodump-ng -c 6 wlanX
```console
# airodump-ng -c 6 wlanX
```
## Save a capture of chosen BSSID
```
airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
```console
# airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
```
You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
```
aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
```console
# aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
```
`-a` is access point
`-c` is client
@ -36,8 +36,8 @@ Then you should have an EAPOL/WPA handshake.
### For a 8 digits scheme
```
crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
```console
$ crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
```
## Wireshark
@ -46,8 +46,8 @@ PSK Generator: <https://www.wireshark.org/tools/wpa-psk.html>
## PMKID method
```
hcxdumptool -i wlanX -o PMKID --enable_status=1
```console
$ hcxdumptool -i wlanX -o PMKID --enable_status=1
```
TODO...
@ -56,8 +56,8 @@ TODO...
AP must have WPS enabled with a PIN. Not PBC, push button.
```
reaver -i wlanX -b 00:23:B1:82:84:xx
```console
# reaver -i wlanX -b 00:23:B1:82:84:xx
```
## Resources

View file

@ -1,17 +1,17 @@
# Convert
## Convert
# MKV to WebM
### MKV to WebM
~~~
```console
$ ffmpeg -i input.mkv -c:v libvpx -qmin 0 -qmax 50 -crf 10 -b:v 2M -c:a libvorbis output.webm
~~~
# Recording Screen
## Within a specified zone
```
avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
```
With sound from microphone and monitor of input.
## Recording Screen
### Within a specified zone
```console
$ avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm
```
With sound from microphone and monitor of input.

View file

@ -1,35 +1,35 @@
# HowtoGPG
## Some commands:
```
gpg --card-status
gpg --export-ssh-key keyID
gpg --armor --export keyID > pubkey.asc
```console
$ gpg --card-status
$ gpg --export-ssh-key keyID
$ gpg --armor --export keyID > pubkey.asc
```
## Use Nitrokey from new system:
```
gpg --import pubkey.asc
gpg --card-status
```console
$ gpg --import pubkey.asc
$ gpg --card-status
```
## Use GPG Agent as SSH Agent
```
vim .gnupg/gpg-agent.conf
```console
$ vim .gnupg/gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-qt
systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
vim .bashrc
$ vim .bashrc
export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh"
```
## Export your public key to your web server:
```
```console
$ mkdir openpgpkey
$ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key
```
@ -43,22 +43,22 @@ My public key is available via: <https://openpgpkey.benpro.fr/.well-known/openpg
WKD mean Web Key Directory. Interesting website: <https://metacode.biz/openpgp/web-key-directory>
```
gpg --locate-key user@example.com
```console
$ gpg --locate-key user@example.com
```
### From keyserver
#### With keys.openpgp.org
```
echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
gpg --auto-key-locate keyserver --locate-keys user@example.com
```console
$ echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
$ gpg --auto-key-locate keyserver --locate-keys user@example.com
```
#### With sks-keyservers.net
```
gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
```console
$ gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
```

View file

@ -1,28 +1,28 @@
Some commands:
```
lxc image alias list images:
lxc info <name>
lxc config edit <name>
lxc config sonw <name>
lxc exec <name> bash
lxc config set <name> limits.memory 512MB
lxc config set <name> limits.cpu 2
lxc config device set <name> root size 20GB
lxc launch images:debian/stretch/amd64 <name>
lxc config set <name> environment.LC_ALL=en_US.UTF-8
lxc list
lxc storage volume list <storagename>
# mode privileged
lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
# Create a backups volume in the local (default) pool (ZFS) and use it for backups
lxc storage volume create local backups
lxc config set storage.backups_volume local/backups
# Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
lxc storage volume create local images
lxc config set storage.images_volume local/images
lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
```console
$ lxc image alias list images:
$ lxc info <name>
$ lxc config edit <name>
$ lxc config sonw <name>
$ lxc exec <name> bash
$ lxc config set <name> limits.memory 512MB
$ lxc config set <name> limits.cpu 2
$ lxc config device set <name> root size 20GB
$ lxc launch images:debian/stretch/amd64 <name>
$ lxc config set <name> environment.LC_ALL=en_US.UTF-8
$ lxc list
$ lxc storage volume list <storagename>
$ #mode privileged
$ lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true
$ lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
$ #Create a backups volume in the local (default) pool (ZFS) and use it for backups
$ lxc storage volume create local backups
$ lxc config set storage.backups_volume local/backups
$ #Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
$ lxc storage volume create local images
$ lxc config set storage.images_volume local/images
$ lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
```
Chemins :
@ -41,7 +41,7 @@ dnsutils
N'est plus nécessaire sur les images récentes :
```
```console
# systemctl disable getty@tty{1..4}
# reboot
```
@ -57,17 +57,16 @@ etckeeper
vim
```
```
sed -i 's/^tty/# tty/g' /etc/inittab
```console
# sed -i 's/^tty/# tty/g' /etc/inittab
# clean messages
# #clean messages
rm /var/log/messages
```
Nginx :
```
```nginx
set_real_ip_from W.X.Y.Z;
#real_ip_recursive on;
real_ip_header X-Forwarded-For;
@ -79,6 +78,6 @@ access_log /var/log/nginx/access.log custom;
Aller dans le namespace de LXD (snap0 pour faire des actions genre mount/umount :
```
```console
# nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```
```

View file

@ -2,7 +2,7 @@
Thermal info:
```
sudo powermetrics s thermal
sudo powermetrics -s thermal | grep -A2 -i thermal
```console
$ sudo powermetrics s thermal
$ sudo powermetrics -s thermal | grep -A2 -i thermal
```

View file

@ -1,8 +1,11 @@
---
title: Howto Serveur de mail sécurisé avec Mailcow et Scaleway
categories: sysadmin mail
---
???+ Danger
Documentation obsolète !
# Intro
Ce Howto explique comment monter un serveur de mail sécurisé en utilisant [Mailcow](https://github.com/andryyy/mailcow) et un serveur virtuel chez [Scaleway](https://www.scaleway.com/). L'introduction est à lire sur mon [blog](https://www.lekernelpanique.fr/2017/03/05/votre-propre-serveur-de-mail-securise-pour-3emois/).
@ -15,7 +18,7 @@ La première étape consiste évidement à créer l'instance sur la console de S
L'image Debian de Scaleway n'étant pas « buildé » tous les jours, il se peut qu'il y ait quelques mises à jour à faire. On fait donc une upgrade.
```
```console
# apt update
# apt upgrade
```
@ -26,7 +29,7 @@ Ce volume accueillera vos mails et journaux systèmes. Il est donc intéressant
Création du fichier image et montage sur `/dev/loop0`.
```
```console
# dd if=/dev/zero of=/var.img bs=1M count=35000
# chmod 600 /var.img
# losetup /dev/loop0 /var.img
@ -34,7 +37,7 @@ Création du fichier image et montage sur `/dev/loop0`.
On en profite pour aussi créer une swap de 1G tant qu'à faire.
```
```console
# dd if=/dev/zero of=/swapfile.img bs=1M count=1000
# chmod 600 /swapfile.img
# mkswap -LSWAP
@ -43,7 +46,7 @@ On en profite pour aussi créer une swap de 1G tant qu'à faire.
On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous aller devoir la taper à chaque démarrage dans la console de Scaleway. Pas très souvent si tout est stable ! :-)
```
```console
# apt install cryptsetup
# cryptsetup luksFormat --hash sha256 --key-size=512 /dev/loop0
# cryptsetup luksOpen /dev/loop0 crypted-var
@ -51,7 +54,7 @@ On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous
On formate le tout en EXT4, on monte le volume, on stoppe les services qui utilisent actuellement `/var` et on rsync le tout.
```
```console
# mkfs.ext4 -LVAR /dev/mapper/crypted-var
# mount /dev/mapper/crypted-var /mnt/
# for pid in $(lsof | grep /var | tr -s '\t' ' ' | cut -d' ' -f2 | sort | uniq | grep -v "^1$"); do kill $pid; done
@ -64,7 +67,7 @@ On indique le volume chiffré dans `crypttab` et le point de montage dans `fstab
> **Note** : On désactive `unattended-upgrades` qui va planter l'arrêt à cause du /var qui n'existe plus.
```
```console
# echo "crypted-var /var.img none luks" >> /etc/crypttab
# echo "/dev/mapper/crypted-var /var ext4 defaults 0 2" >> /etc/fstab
# systemctl disable unattended-upgrades.service
@ -89,7 +92,7 @@ Au niveau de vos entrées DNS, il vous faudra un champ A et un MX. Plus de déta
On supprime exim4, car Mailcow utilise postfix.
```
```console
# apt purge exim4 exim4-base exim4-config exim4-daemon-light
```
@ -97,7 +100,7 @@ On supprime exim4, car Mailcow utilise postfix.
Puis on télécharge le script d'installation, on édite la configuration et on lance l'installation.
```
```console
# wget -O - https://github.com/andryyy/mailcow/archive/v0.14.tar.gz | tar xfz -
# cd mailcow-0.14
# vim mailcow.config
@ -107,7 +110,7 @@ Puis on télécharge le script d'installation, on édite la configuration et on
Laissez-vous guider par le script d'installation.
```
```console
# ./install.sh
```
@ -125,7 +128,7 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
## ShellPKI
```
```console
# cd /usr/local
# git clone https://forge.evolix.org/shellpki.git
# cd shellpki
@ -137,20 +140,20 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J'
Éditer `/etc/shellpki/openssl.cnf` et initialiser shellPKI. Le plus important est de remplir le « Common Name », par exemple `Myname Root Certificate`.
```
```console
# vim /etc/shellpki/openssl.cnf
# ./shellpki.sh init
```
On génère un certificat client (sans passphrase), soit un utilisateur par exemple. Il faudra choisir un « Common Name » du type `user@domain.tld`.
```
```console
# ./shellpki.sh create
```
Puis on le convertit au format `PKCS#12` avec une passphrase d'export. Cette passphrase sera demandé à l'import dans un navigateur ou smartphone par exemple.
```
```console
# cd /etc/ssl/clients
# openssl pkcs12 -export -in user@mail.domain.tld.crt -inkey user@mail.domain.tld.key -out user@mail.domain.tld.p12
```
@ -161,12 +164,12 @@ La dernière étape consiste à dire à dovecot et nginx qu'il est nécessaire d
## Nginx
```
```nginx
ssl_client_certificate /etc/shellpki/ca/cacert.pem;
ssl_verify_client on;
```
```
```console
# systemctl restart nginx
```
@ -174,7 +177,7 @@ ssl_verify_client on;
> **Note** : Attention, si vous avez un webmail qui se connecte en local, imap non chiffré, l'activation de `auth_ssl_require_client_cert`, va imposer d'utiliser un certificat… Cassant votre webmail. Il n'y a pas à ce jour la possibilité d'activer `auth_ssl_require_client_cert` seulement pour imaps… Si vous utilisez un webmail, n'activez pas ceci sur dovecot.
```
```dovecot
# Client certificate
ssl_ca = </etc/shellpki/ca/cacert.pem
ssl_verify_client_cert = yes
@ -187,7 +190,7 @@ protocol !smtp {
}
```
```
```console
# systemctl restart dovecot.service
```
@ -197,8 +200,8 @@ Vous devez maintenant faire le nécessaire côté client (Thunderbird, K9-Mail
Voici une liste de tâches non exhaustives à faire de votre côté que je ne documente pas, non obligatoire mais conseillé…
- Monter un serveur de MX secondaire ;
- Activer un pare-feu sur votre machine, par exemple `ufw` ;
- Monitorer votre serveur ;
- S'assurer du suivi des mises à jour ;
- Faire des sauvegardes.
- [ ] Monter un serveur de MX secondaire ;
- [ ] Activer un pare-feu sur votre machine, par exemple `ufw` ;
- [ ] Monitorer votre serveur ;
- [ ] S'assurer du suivi des mises à jour ;
- [ ] Faire des sauvegardes.

View file

@ -1,152 +1,152 @@
Get Github or Gitlab user key:
```
curl https://github.com/<username>.keys
curl https://gitlab.com/<username>.keys
```console
$ curl https://github.com/<username>.keys
$ curl https://gitlab.com/<username>.keys
```
Enter a namespace, for example LXD (which is in a NS by Snap).
```
nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```console
$ nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
```
SSH into a machine without checking host key. Useful when servers are in a rescue mode.
~~~
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
~~~
```console
$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
```
Certbot manual example.
~~~
certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
~~~
```console
# certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
```
GPG-agent list SSH key and remove.
~~~
```
gpg-connect-agent
KEYINFO --ssh-list --ssh-fpr
DELETE_KEY $HASH
~~~
```
Show md5 fingerprint of SSH key.
~~~
ssh-keygen -l -E md5 -f .ssh/key.pub
~~~
```console
$ ssh-keygen -l -E md5 -f .ssh/key.pub
```
Password recovery. At grub stage, press `e` to edit the kernel line and add `init=/bin/bash`. It will drop you in a shell before init system (systemd).
~~~
mount -o remount,rw /
passwd
~~~
```console
# mount -o remount,rw /
# passwd
```
Mount partitions on an image file using losetup.
~~~
losetup -P -f --show my.img
~~~
```console
# losetup -P -f --show my.img
```
List all software installed from particular component (non-free, contrib)
~~~
```console
$ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free
~~~
```
Manually rotate a file without logrotate, with savelog(8).
~~~
```console
$ savelog
~~~
```
What processes uses swap?
~~~
for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
~~~
```console
$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
```
MySQL "fast" shutdown.
~~~
```console
> set global innodb_max_dirty_pages_pct = 0;
$ mysqladmin ext -i10 | grep dirty
~~~
```
mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …).
~~~
mkfs.ext4 -O ^64bit,^metadata_csum
~~~
```console
# mkfs.ext4 -O ^64bit,^metadata_csum
```
Send a mail from queue.
```
postcat -q ID > mail
< mail sendmail -f FROM TO
```console
$ postcat -q ID > mail
$ < mail sendmail -f FROM TO
```
Python Simple HTTP Server (useful for Munin for example).
```
cd /var/cache/munin/www
python -m SimpleHTTPServer 8080
```console
$ cd /var/cache/munin/www
$ python -m SimpleHTTPServer 8080
```
Show custom certs (not a link) and expiration in `/etc/ssl/certs`.
```
find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
```console
# find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
```
Edit Bind DNS serial (needs modifications, not generic).
```
sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
```console
$ sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
```
After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages.
```
for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
```console
# for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
```
Debug php with strace and php-cgi (especially useful for wp multisites).
```
HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
```console
$ HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
```
```ps``` with long user fields (here 20).
`ps` with long user fields (here 20).
```
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
```console
$ ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
```
WTF is happening in apache (or other)? Let's strace all apache processes.
```
```console
# strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999
```
WTF is happening? Let's tail all logs.
```
```console
# tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ')
```
Search for suspects POST in apache.log (often attacks).
```{.bash}
grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
```console
# grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
```
Check for crashed MySQL table in syslog and launch a repair.
```{.bash}
```bash
#!/bin/bash
tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ')
for tableC in $tables; do
@ -157,37 +157,36 @@ done
```
Get the groups of an user and add another user into these groups.
```{.bash}
for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
```console
# for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
```
Get the last acceded URLs in Squid Access list.
```{.bash}
tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
```console
# tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
```
Migrate MySQL users.
```{.bash}
# SRC Server
mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
```console
# #SRC Server
# mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
# mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
# DST Server
scp server:/tmp/mysql_{db,user} /tmp
chmod 664 /tmp/mysql_{db,user}
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
# #DST Server
# scp server:/tmp/mysql_{db,user} /tmp
# chmod 664 /tmp/mysql_{db,user}
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
```
Find userid of mails in mailq.
```{.bash}
for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
sort -n /tmp/userid | uniq
```console
$ for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
$ sort -n /tmp/userid | uniq
```
Kill every MySQL SELECT older than X seconds Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
```{.bash}
```bash
#!/bin/bash
# From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
SEC=$1
@ -210,10 +209,10 @@ abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<
```
itk change rights.
```{.bash}
```console
find /tmp/ -user www-user.old -exec chown www-user:user {} \;
find /tmp/ -user user.old -exec chown user:user {} \;
# find /tmp/ -user www-user.old -exec chown www-user:user {} \;
# find /tmp/ -user user.old -exec chown user:user {} \;
* Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \;
* Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \;
@ -222,16 +221,15 @@ find /tmp/ -user user.old -exec chown user:user {} \;
```
Get useradd command for migrating account.
```{.bash}
for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
```console
# for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
Output :
useradd -m -s /bin/bash -u USERID -p 'USERPWD' username
```
Find files newert than (mtime) a precise date, and execute an action.
```{.bash}
find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
```bash
# find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
```

View file

@ -1,27 +1,27 @@
Some commands:
```console
# apt install zfsutils-linux
# zpool create local /dev/xxx
# zpool list
# zfs create local/home
# zfs list
# zfs set compression=lz4 local/home
# zfs get compression
# zfs get compressratio local/home
# zfs set dedup=on local/home
# zpool get dedupratio local
# zfs set mountpoint=/home local/home
# apt install nfs-kernel-server nfs-common
# systemctl enable --now rpc-statd.service nfs-server.service
# zfs set sharenfs="rw=@10.0.1.0/24" local/home
# zfs share local/home
# zfs get sharenfs
# #Import pool after boot/cryptsetup Open
# zpool import local
# zfs snapshot local/containers/archive@backup
# zfs list -t snapshot
# zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
# zfs destroy local/containers/archive@backup
# zfs clone local/containers/archive@backup local/containers/archive-clone
```
apt install zfsutils-linux
zpool create local /dev/xxx
zpool list
zfs create local/home
zfs list
zfs set compression=lz4 local/home
zfs get compression
zfs get compressratio local/home
zfs set dedup=on local/home
zpool get dedupratio local
zfs set mountpoint=/home local/home
apt install nfs-kernel-server nfs-common
systemctl enable --now rpc-statd.service nfs-server.service
zfs set sharenfs="rw=@10.0.1.0/24" local/home
zfs share local/home
zfs get sharenfs
# Import pool after boot/cryptsetup Open
zpool import local
zfs snapshot local/containers/archive@backup
zfs list -t snapshot
zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive
zfs destroy local/containers/archive@backup
zfs clone local/containers/archive@backup local/containers/archive-clone
```

View file

@ -1,8 +1,6 @@
---
format: Markdown
toc: yes
title: Backup Strategy
...
???+ Danger
Deprecated, todo...
# Servers
@ -37,4 +35,4 @@ $ adb shell 'dd if=/dev/block/mmcblk0' | lz4 > mmcblk0.img.lz4
$ adb shell 'dd if=/dev/block/mmcblk1' | lz4 > mmcblk1.img.lz4
```
Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization.
Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization.

View file

@ -1,12 +1,8 @@
---
title: Basic CPU Benchmark on GCP/Vultr/Hetzner/Scaleway
...
*Updated whenever I can.*
Encoding a 2h video (live concert from Japanese TV, MPEG-2, dark scene with grain) at 1280x720 resolution.
```
HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
```console
$ HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0
```
- Scaleway bare-metal 8 CPU C2L:

View file

@ -1,13 +1,10 @@
---
format: Markdown
toc: yes
categories: Nihongo
title: Mémo/Cours de Japonais 1ère année
...
---
# Deprecated
???+ Danger
> **Note** : Je ne tiens plus à jour cette page.
Obsolète ! Je ne tiens plus à jour cette page.
Cette page me sert de mémo pour mon apprentissage du Japonais (1ère année) et part du principe que les Hiragana et Katakana sont maîtrisés :) !
(Ce mémo est inspiré de l'application [Human Japanese sur Android](https://play.google.com/store/apps/details?id=com.braksoftware.HumanJapanese&hl=fr) pour la structure et de mes cours à [Toulouse-Manga](http://toulousemanga.fr/les-cours-de-manga-a-toulouse/cours-de-japonais/)).
@ -847,4 +844,4 @@ Kanji
さん
...が わかります
Comprendre ... (Qqch)
Comprendre ... (Qqch)

View file

@ -2,8 +2,8 @@
## IP address in Japan with WG+Socks
```
for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
```console
$ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done
217.138.252.227
2001:ac8:40:b6::a06d
217.138.252.243
@ -20,4 +20,4 @@ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.ne
2001:ac8:40:bc::a12d
91.193.7.83
2001:ac8:40:bd::a13d
```
```