added more stuff about server in tutos computer

config_files/.screenrc

@@ -43,6 +43,7 @@ screen
 
 screen -t .vimrc					vim -n	./config_files/.vimrc
 screen -t .screenrc				vim -n	./config_files/.screenrc
+screen -t .zshrc					vim -n	./config_files/.zshrc
 screen -t tutos_vim				vim -n	./tutos/vim.txt
 screen -t tutos_screen		vim -n	./tutos/screen.txt
 screen -t tutos_git				vim -n	./tutos/git.txt

config_files/.zshrc

@@ -20,7 +20,21 @@
 	# load a random theme each time oh-my-zsh is loaded, in which case,
 	# to know which specific one was loaded, run: echo $RANDOM_THEME
 	# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
-	ZSH_THEME="robbyrussell"
+	#ZSH_THEME="robbyrussell"
+	ZSH_THEME="obraun"
+	#ZSH_THEME="dpoggi"
+	#ZSH_THEME="pygmalion"
+	#ZSH_THEME="aussiegeek"
+	#ZSH_THEME="bira"
+	#ZSH_THEME="candy"
+	#ZSH_THEME="dieter"
+	#ZSH_THEME="gnzh"
+	#ZSH_THEME="maran"
+	#ZSH_THEME="re5et"
+	#ZSH_THEME="risto"
+	#ZSH_THEME="ys"
+	#ZSH_THEME="fino"
+	#ZSH_THEME="dallas"
 	
 	# Set list of themes to pick from when loading at random
 	# Setting this variable when ZSH_THEME=random will cause zsh to load
@@ -184,3 +198,13 @@ alias ydl="~/bin/youtube-dl"
 alias bat="echo 'tail -n 10 /var/log/battery_status.log'; tail -n 10 /var/log/battery_status.log"
 
 
+
+# load nvm for every new zsh session
+export NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+
+# load asdf for every new zsh session
+. "$HOME/.asdf/asdf.sh"
+. "$HOME/.asdf/completions/asdf.bash"
+export EDITOR="code --wait"

tutos/computer.txt

@@ -272,29 +272,97 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |#
 
 **ecowan server :**
 	- list user : **cat /etc/passwd**
-	- change user passwd : **sudo passwd <username>**
-	- changed user "root" and "ecowan" password
-		- **sudo passwd username**
-	- created "huho" user with **sudo adduser <username>**
-	- added it to the sudo group so it can use sudo (**sudo usermod -aG sudo huho**)
-	- did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`)
-	- disabling user "ecowan" shell access with **sudo usermod --shell /sbin/nologin ecowan**
-		- https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867
-		- its possible to re-enable it with **sudo usermod --shell /bin/bash ecowan** 
-		- to see the shell of a user : **grep <username> /etc/passwd**
-	- added ssh pub key by running this command in local :
-		- **ssh-copy-id username@server_ip**
-		- then changed ssh configuration file `/etc/ssh/sshd_config` to enable ssh key connection only :
-			- Set PasswordAuthentication no to disable password-based authentication
-			- Set ChallengeResponseAuthentication no to disable any keyboard-interactive authentication
-			- Ensure that PubkeyAuthentication yes is set to allow public key authentication
+	- change users passwd :
+		- **sudo passwd <username>**
+		- first go on root with **su**
+		- then change default user passwd **passwd <username>**
+		- be carreful that if you made a mistake in the passwd you will not be abble to connect to the server again !
+		- so open a new terminal window without closing this one, and try to connect with new passwd
+		- and now you can change root passwd too
+	- install some packages :
+		- **su**
+		- **apt install sudo vim git wget curl htop**
+	- allow connection with ssh key :
+		- runn this in local : **ssh-copy-id username@server_ip**
+		- then change ssh configuration file `/etc/ssh/sshd_config` :
+			- set **PubkeyAuthentication yes** to allow public key authentication
+			- set **PasswordAuthentication no** to disable password-based authentication
+			- set **ChallengeResponseAuthentication no** to disable any keyboard-interactive authentication
 			- restart ssh with **sudo service ssh restart**
-	- create a new user "user_sav" with the same ssh key to have a backup connection
-	- if i wanted i should change file `/etc/ssh/sshd_config`, and add the 3 commented lines :
-		- #Match User user_sav
-			#PasswordAuthentication yes
-			#Match all
-			PasswordAuthentication no
-			PermitEmptyPasswords no
-		- to let user_sav be able to connect with a password instead of a ssh key
+	- add user to the sudo group so it can use sudo :
+		- **sudo usermod -aG sudo <username>**
+		- then restart the ssh session by exiting ang logging again
+		- did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`)
+	- fixed **perl: warning: Setting locale failed** :
+		- https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl
+		- **sudo locale-gen**
+		- **sudo dpkg-reconfigure locales**
+			- then choose with SPACE BAR en_US.UTF-8 and fr_FR.UTF-8
+	- changed debian10 to debian11 :
+	  - https://forum.yunohost.org/t/install-yuno-on-debian-10-13-my-hoster-does-not-support-debian-11-bullseye/23147/2
+		- which debian : **lsb_release -a**
+		- run :
+			- **sudo apt update**
+			- **sudo apt upgrade**
+			- **sudo apt full-upgrade**
+		- then change /etc/apt/sources.list file :
+		  - replace each instance of `stretch` with `buster`
+			- replace each instance of `buster/updates` with `bullseye-security`
+		- then again :
+			- **sudo apt update**
+			- **sudo apt upgrade**
+			- **sudo apt full-upgrade**
+		- **sudo systemctl reboot**
+		- **sudo apt autoremove**
+	- prevent loosing definitively ssh connection : https://www.reddit.com/r/servers/comments/17mtlxf/how_to_set_up_a_backup_connection_to_a_server_if/
+	- use IPMI to access server without ssh :
+		- need public ip address : **curl ifconfig.me**
+		- need install java : **default-jdk**
+		- need install javaws : **icedtea-netx**
+		- run viewer.jnlp(...) file with **ajaws file** or by double clicking
+		- need to change /etc/java-11-openjdk/security/java.security file by commenting SHA1 denyafter lines
+			- https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code
+			- not line 634 "SHA1 usage SignedJAR & denyAfter 2019-01-01, \"
+			- but line 700 "#SHA1 denyAfter 2019-01-01, \"
+	- create git project (having a local git project and beeing abble to push to a remote repo) :
+		- on remote :
+			- **mkdir my_project.git** ".git" is a convention for git "bare" repository
+			- **cd my_project.gut**
+			- **git init --bare** : create a bare repository (it's a repo without any content, just the commits)
+			- **cd hooks** : navigate to the hook folder
+			- **touch post-receive** : create a post-receive file
+			- **chmod +x post-receive** : make it executable
+			- inside "post-receive" file :
+				- https://stackoverflow.com/questions/7351551/writing-a-git-post-receive-hook-to-deal-with-a-specific-branch#answer-13057643
+				- create a hook that will add a worktree, which is a folder with the content of the git repo :
+						#!/bin/bash
+						TARGET="/path/to/your/destination/folder"
+						GIT_DIR="/path/to/your/bare/git/repository"
+						git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f
+		- on local :
+			- **git remote add deploy ssh://user@host:1234/path/to/bare_repo.git** : https://stackoverflow.com/questions/3596260/git-remote-add-with-other-ssh-port#answer-3596272
+			- 1234 is the port, not needed if 22
+		- on remote, inside the bare.git folder, you can change the branches :
+			- **git branch -a** : show the branches
+			- **git --work-tree=/path/to/worktree checkout <name>** : change the branch on the worktree
+			- if the worktree is a website, it's now the new branch that is being showed
+
+	- disable user shell access with **sudo usermod --shell /sbin/nologin <username>**
+		- https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867
+		- its possible to re-enable it with **sudo usermod --shell /bin/bash <userrname>** 
+		- to see the shell of a user : **grep <username> /etc/passwd**
+
+	- auditd :
+		- added rule **sudo auditctl -w /home/huho -p r -k huho_folder_access**
+		- **sudo systemctl restart auditd**
+		- **sudo ausearch -i -f /home/huho**
+		- **sudo ausearch --start 18/10/2023 14:05 -i -f /home/huho**
+
+	- todo :
+		- monitoring software (Nagios, Zabbix, Prometheus)
+		- ids (intrusion detection system) (Snort, Suricata)
+		- siem (security information and event management) (Splunk, ELK Stack, Graylog)
+		- remote logging
+		- firewall
+