diff --git a/config_files/.screenrc b/config_files/.screenrc index 2c2f3d8..f205a39 100644 --- a/config_files/.screenrc +++ b/config_files/.screenrc @@ -43,6 +43,7 @@ screen screen -t .vimrc vim -n ./config_files/.vimrc screen -t .screenrc vim -n ./config_files/.screenrc +screen -t .zshrc vim -n ./config_files/.zshrc screen -t tutos_vim vim -n ./tutos/vim.txt screen -t tutos_screen vim -n ./tutos/screen.txt screen -t tutos_git vim -n ./tutos/git.txt diff --git a/config_files/.zshrc b/config_files/.zshrc index 47e6e95..168ddad 100644 --- a/config_files/.zshrc +++ b/config_files/.zshrc @@ -20,7 +20,21 @@ # load a random theme each time oh-my-zsh is loaded, in which case, # to know which specific one was loaded, run: echo $RANDOM_THEME # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes - ZSH_THEME="robbyrussell" + #ZSH_THEME="robbyrussell" + ZSH_THEME="obraun" + #ZSH_THEME="dpoggi" + #ZSH_THEME="pygmalion" + #ZSH_THEME="aussiegeek" + #ZSH_THEME="bira" + #ZSH_THEME="candy" + #ZSH_THEME="dieter" + #ZSH_THEME="gnzh" + #ZSH_THEME="maran" + #ZSH_THEME="re5et" + #ZSH_THEME="risto" + #ZSH_THEME="ys" + #ZSH_THEME="fino" + #ZSH_THEME="dallas" # Set list of themes to pick from when loading at random # Setting this variable when ZSH_THEME=random will cause zsh to load @@ -184,3 +198,13 @@ alias ydl="~/bin/youtube-dl" alias bat="echo 'tail -n 10 /var/log/battery_status.log'; tail -n 10 /var/log/battery_status.log" + +# load nvm for every new zsh session +export NVM_DIR="$HOME/.nvm" +[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm +[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion + +# load asdf for every new zsh session +. "$HOME/.asdf/asdf.sh" +. "$HOME/.asdf/completions/asdf.bash" +export EDITOR="code --wait" diff --git a/tutos/computer.txt b/tutos/computer.txt index 3ad283a..95bccbd 100644 --- a/tutos/computer.txt +++ b/tutos/computer.txt @@ -272,29 +272,97 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |# **ecowan server :** - list user : **cat /etc/passwd** - - change user passwd : **sudo passwd ** - - changed user "root" and "ecowan" password - - **sudo passwd username** - - created "huho" user with **sudo adduser ** - - added it to the sudo group so it can use sudo (**sudo usermod -aG sudo huho**) - - did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`) - - disabling user "ecowan" shell access with **sudo usermod --shell /sbin/nologin ecowan** - - https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867 - - its possible to re-enable it with **sudo usermod --shell /bin/bash ecowan** - - to see the shell of a user : **grep /etc/passwd** - - added ssh pub key by running this command in local : - - **ssh-copy-id username@server_ip** - - then changed ssh configuration file `/etc/ssh/sshd_config` to enable ssh key connection only : - - Set PasswordAuthentication no to disable password-based authentication - - Set ChallengeResponseAuthentication no to disable any keyboard-interactive authentication - - Ensure that PubkeyAuthentication yes is set to allow public key authentication + - change users passwd : + - **sudo passwd ** + - first go on root with **su** + - then change default user passwd **passwd ** + - be carreful that if you made a mistake in the passwd you will not be abble to connect to the server again ! + - so open a new terminal window without closing this one, and try to connect with new passwd + - and now you can change root passwd too + - install some packages : + - **su** + - **apt install sudo vim git wget curl htop** + - allow connection with ssh key : + - runn this in local : **ssh-copy-id username@server_ip** + - then change ssh configuration file `/etc/ssh/sshd_config` : + - set **PubkeyAuthentication yes** to allow public key authentication + - set **PasswordAuthentication no** to disable password-based authentication + - set **ChallengeResponseAuthentication no** to disable any keyboard-interactive authentication - restart ssh with **sudo service ssh restart** - - create a new user "user_sav" with the same ssh key to have a backup connection - - if i wanted i should change file `/etc/ssh/sshd_config`, and add the 3 commented lines : - - #Match User user_sav - #PasswordAuthentication yes - #Match all - PasswordAuthentication no - PermitEmptyPasswords no - - to let user_sav be able to connect with a password instead of a ssh key + - add user to the sudo group so it can use sudo : + - **sudo usermod -aG sudo ** + - then restart the ssh session by exiting ang logging again + - did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`) + - fixed **perl: warning: Setting locale failed** : + - https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl + - **sudo locale-gen** + - **sudo dpkg-reconfigure locales** + - then choose with SPACE BAR en_US.UTF-8 and fr_FR.UTF-8 + - changed debian10 to debian11 : + - https://forum.yunohost.org/t/install-yuno-on-debian-10-13-my-hoster-does-not-support-debian-11-bullseye/23147/2 + - which debian : **lsb_release -a** + - run : + - **sudo apt update** + - **sudo apt upgrade** + - **sudo apt full-upgrade** + - then change /etc/apt/sources.list file : + - replace each instance of `stretch` with `buster` + - replace each instance of `buster/updates` with `bullseye-security` + - then again : + - **sudo apt update** + - **sudo apt upgrade** + - **sudo apt full-upgrade** + - **sudo systemctl reboot** + - **sudo apt autoremove** + - prevent loosing definitively ssh connection : https://www.reddit.com/r/servers/comments/17mtlxf/how_to_set_up_a_backup_connection_to_a_server_if/ + - use IPMI to access server without ssh : + - need public ip address : **curl ifconfig.me** + - need install java : **default-jdk** + - need install javaws : **icedtea-netx** + - run viewer.jnlp(...) file with **ajaws file** or by double clicking + - need to change /etc/java-11-openjdk/security/java.security file by commenting SHA1 denyafter lines + - https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code + - not line 634 "SHA1 usage SignedJAR & denyAfter 2019-01-01, \" + - but line 700 "#SHA1 denyAfter 2019-01-01, \" + - create git project (having a local git project and beeing abble to push to a remote repo) : + - on remote : + - **mkdir my_project.git** ".git" is a convention for git "bare" repository + - **cd my_project.gut** + - **git init --bare** : create a bare repository (it's a repo without any content, just the commits) + - **cd hooks** : navigate to the hook folder + - **touch post-receive** : create a post-receive file + - **chmod +x post-receive** : make it executable + - inside "post-receive" file : + - https://stackoverflow.com/questions/7351551/writing-a-git-post-receive-hook-to-deal-with-a-specific-branch#answer-13057643 + - create a hook that will add a worktree, which is a folder with the content of the git repo : + #!/bin/bash + TARGET="/path/to/your/destination/folder" + GIT_DIR="/path/to/your/bare/git/repository" + git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f + - on local : + - **git remote add deploy ssh://user@host:1234/path/to/bare_repo.git** : https://stackoverflow.com/questions/3596260/git-remote-add-with-other-ssh-port#answer-3596272 + - 1234 is the port, not needed if 22 + - on remote, inside the bare.git folder, you can change the branches : + - **git branch -a** : show the branches + - **git --work-tree=/path/to/worktree checkout ** : change the branch on the worktree + - if the worktree is a website, it's now the new branch that is being showed + + - disable user shell access with **sudo usermod --shell /sbin/nologin ** + - https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867 + - its possible to re-enable it with **sudo usermod --shell /bin/bash ** + - to see the shell of a user : **grep /etc/passwd** + + - auditd : + - added rule **sudo auditctl -w /home/huho -p r -k huho_folder_access** + - **sudo systemctl restart auditd** + - **sudo ausearch -i -f /home/huho** + - **sudo ausearch --start 18/10/2023 14:05 -i -f /home/huho** + + - todo : + - monitoring software (Nagios, Zabbix, Prometheus) + - ids (intrusion detection system) (Snort, Suricata) + - siem (security information and event management) (Splunk, ELK Stack, Graylog) + - remote logging + - firewall +