perso/huhuhu_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added more stuff about server in tutos computer

Browse Source
This commit is contained in:
asus
2023-11-05 23:39:03 +01:00
parent 12d0d1014e
commit 25702e5940
3 changed files with 118 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config_files/.screenrc
View File

@@ -43,6 +43,7 @@ screen
screen -t .vimrc vim -n ./config_files/.vimrc screen -t .vimrc vim -n ./config_files/.vimrc
screen -t .screenrc vim -n ./config_files/.screenrc screen -t .screenrc vim -n ./config_files/.screenrc
screen -t .zshrc vim -n ./config_files/.zshrc
screen -t tutos_vim vim -n ./tutos/vim.txt screen -t tutos_vim vim -n ./tutos/vim.txt
screen -t tutos_screen vim -n ./tutos/screen.txt screen -t tutos_screen vim -n ./tutos/screen.txt
screen -t tutos_git vim -n ./tutos/git.txt screen -t tutos_git vim -n ./tutos/git.txt

26
config_files/.zshrc
View File

@@ -20,7 +20,21 @@
# load a random theme each time oh-my-zsh is loaded, in which case, # load a random theme each time oh-my-zsh is loaded, in which case,
# to know which specific one was loaded, run: echo $RANDOM_THEME # to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="robbyrussell" #ZSH_THEME="robbyrussell"
ZSH_THEME="obraun"
#ZSH_THEME="dpoggi"
#ZSH_THEME="pygmalion"
#ZSH_THEME="aussiegeek"
#ZSH_THEME="bira"
#ZSH_THEME="candy"
#ZSH_THEME="dieter"
#ZSH_THEME="gnzh"
#ZSH_THEME="maran"
#ZSH_THEME="re5et"
#ZSH_THEME="risto"
#ZSH_THEME="ys"
#ZSH_THEME="fino"
#ZSH_THEME="dallas"
# Set list of themes to pick from when loading at random # Set list of themes to pick from when loading at random
# Setting this variable when ZSH_THEME=random will cause zsh to load # Setting this variable when ZSH_THEME=random will cause zsh to load
@@ -184,3 +198,13 @@ alias ydl="~/bin/youtube-dl"
alias bat="echo 'tail -n 10 /var/log/battery_status.log'; tail -n 10 /var/log/battery_status.log" alias bat="echo 'tail -n 10 /var/log/battery_status.log'; tail -n 10 /var/log/battery_status.log"
# load nvm for every new zsh session
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
# load asdf for every new zsh session
. "$HOME/.asdf/asdf.sh"
. "$HOME/.asdf/completions/asdf.bash"
export EDITOR="code --wait"

116
tutos/computer.txt
View File

@@ -272,29 +272,97 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |#
**ecowan server :** **ecowan server :**
- list user : **cat /etc/passwd** - list user : **cat /etc/passwd**
- change user passwd : **sudo passwd <username>** - change users passwd :
- changed user "root" and "ecowan" password - **sudo passwd <username>**
- **sudo passwd username** - first go on root with **su**
- created "huho" user with **sudo adduser <username>** - then change default user passwd **passwd <username>**
- added it to the sudo group so it can use sudo (**sudo usermod -aG sudo huho**) - be carreful that if you made a mistake in the passwd you will not be abble to connect to the server again !
- did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`) - so open a new terminal window without closing this one, and try to connect with new passwd
- disabling user "ecowan" shell access with **sudo usermod --shell /sbin/nologin ecowan** - and now you can change root passwd too
- https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867 - install some packages :
- its possible to re-enable it with **sudo usermod --shell /bin/bash ecowan** - **su**
- to see the shell of a user : **grep <username> /etc/passwd** - **apt install sudo vim git wget curl htop**
- added ssh pub key by running this command in local : - allow connection with ssh key :
- **ssh-copy-id username@server_ip** - runn this in local : **ssh-copy-id username@server_ip**
- then changed ssh configuration file `/etc/ssh/sshd_config` to enable ssh key connection only : - then change ssh configuration file `/etc/ssh/sshd_config` :
- Set PasswordAuthentication no to disable password-based authentication - set **PubkeyAuthentication yes** to allow public key authentication
- Set ChallengeResponseAuthentication no to disable any keyboard-interactive authentication - set **PasswordAuthentication no** to disable password-based authentication
- Ensure that PubkeyAuthentication yes is set to allow public key authentication - set **ChallengeResponseAuthentication no** to disable any keyboard-interactive authentication
- restart ssh with **sudo service ssh restart** - restart ssh with **sudo service ssh restart**
- create a new user "user_sav" with the same ssh key to have a backup connection - add user to the sudo group so it can use sudo :
- if i wanted i should change file `/etc/ssh/sshd_config`, and add the 3 commented lines : - **sudo usermod -aG sudo <username>**
- #Match User user_sav - then restart the ssh session by exiting ang logging again
#PasswordAuthentication yes - did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`)
#Match all - fixed **perl: warning: Setting locale failed** :
PasswordAuthentication no - https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl
PermitEmptyPasswords no - **sudo locale-gen**
- to let user_sav be able to connect with a password instead of a ssh key - **sudo dpkg-reconfigure locales**
- then choose with SPACE BAR en_US.UTF-8 and fr_FR.UTF-8
- changed debian10 to debian11 :
- https://forum.yunohost.org/t/install-yuno-on-debian-10-13-my-hoster-does-not-support-debian-11-bullseye/23147/2
- which debian : **lsb_release -a**
- run :
- **sudo apt update**
- **sudo apt upgrade**
- **sudo apt full-upgrade**
- then change /etc/apt/sources.list file :
- replace each instance of `stretch` with `buster`
- replace each instance of `buster/updates` with `bullseye-security`
- then again :
- **sudo apt update**
- **sudo apt upgrade**
- **sudo apt full-upgrade**
- **sudo systemctl reboot**
- **sudo apt autoremove**
- prevent loosing definitively ssh connection : https://www.reddit.com/r/servers/comments/17mtlxf/how_to_set_up_a_backup_connection_to_a_server_if/
- use IPMI to access server without ssh :
- need public ip address : **curl ifconfig.me**
- need install java : **default-jdk**
- need install javaws : **icedtea-netx**
- run viewer.jnlp(...) file with **ajaws file** or by double clicking
- need to change /etc/java-11-openjdk/security/java.security file by commenting SHA1 denyafter lines
- https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code
- not line 634 "SHA1 usage SignedJAR & denyAfter 2019-01-01, \"
- but line 700 "#SHA1 denyAfter 2019-01-01, \"
- create git project (having a local git project and beeing abble to push to a remote repo) :
- on remote :
- **mkdir my_project.git** ".git" is a convention for git "bare" repository
- **cd my_project.gut**
- **git init --bare** : create a bare repository (it's a repo without any content, just the commits)
- **cd hooks** : navigate to the hook folder
- **touch post-receive** : create a post-receive file
- **chmod +x post-receive** : make it executable
- inside "post-receive" file :
- https://stackoverflow.com/questions/7351551/writing-a-git-post-receive-hook-to-deal-with-a-specific-branch#answer-13057643
- create a hook that will add a worktree, which is a folder with the content of the git repo :
#!/bin/bash
TARGET="/path/to/your/destination/folder"
GIT_DIR="/path/to/your/bare/git/repository"
git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f
- on local :
- **git remote add deploy ssh://user@host:1234/path/to/bare_repo.git** : https://stackoverflow.com/questions/3596260/git-remote-add-with-other-ssh-port#answer-3596272
- 1234 is the port, not needed if 22
- on remote, inside the bare.git folder, you can change the branches :
- **git branch -a** : show the branches
- **git --work-tree=/path/to/worktree checkout <name>** : change the branch on the worktree
- if the worktree is a website, it's now the new branch that is being showed
- disable user shell access with **sudo usermod --shell /sbin/nologin <username>**
- https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867
- its possible to re-enable it with **sudo usermod --shell /bin/bash <userrname>**
- to see the shell of a user : **grep <username> /etc/passwd**
- auditd :
- added rule **sudo auditctl -w /home/huho -p r -k huho_folder_access**
- **sudo systemctl restart auditd**
- **sudo ausearch -i -f /home/huho**
- **sudo ausearch --start 18/10/2023 14:05 -i -f /home/huho**
- todo :
- monitoring software (Nagios, Zabbix, Prometheus)
- ids (intrusion detection system) (Snort, Suricata)
- siem (security information and event management) (Splunk, ELK Stack, Graylog)
- remote logging
- firewall