added all core files

1 files changed, 304 insertions, 0 deletions

diff --git a/core/network.html b/core/network.html
new file mode 100644
index 0000000..e8813e2
--- /dev/null
+++ b/core/network.html
@@ -0,0 +1,304 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+        <meta charset='utf-8'>
+        <title>2. Network</title>
+    </head>
+    <body>
+        <a href="index.html">Core Doc Index</a>
+
+        <h1>4. Network</h1>
+
+        <p>Examples describe a network that will be configured with
+        two interfaces Ethernet and Wireless. Ethernet interface will
+        be configured as default route, wireless interface covered here
+        is simple alternative to Ethernet connection.</p>
+
+        <dl>
+            <dt><a href="conf/etc/rc.d/net">/etc/rc.d/net</a></dt>
+            <dd>Configure Ethernet interface and static or dynamic (dhcp)
+            connection to the router and add as default gateway.</dd>
+            <dt><a href="conf/etc/rc.d/wlan">/etc/rc.d/wlan</a></dt>
+            <dd>Configure Wireless interface, wpa_supplicant and dynamic (dhcp)
+            connection to router and add as default gateway.</dd>
+        </dl>
+
+	<p>If is first boot after install configure iptables and
+	one of above described scripts then proceed to upgrade your
+	system.</p>
+
+	<h2 id="iptables">4.1. Iptables</h2>
+
+        <p>You can use
+        <a href="scripts/iptables.sh">iptables script</a>
+        at boot time and iptables-save and iptables-restore tools to
+        configure nat and filtering;</p>
+
+        <pre>
+        # mkdir /etc/iptables
+        # cp conf/iptables.sh /etc/iptables/
+        </pre>
+
+        <p>Adjust iptables to your needs, then;</p>
+
+        <pre>
+        # cd /etc/iptables
+        # sh iptables.sh
+        # iptables-save > rules.v4
+        </pre>
+
+        <p>Copy init script, edit if you dont like to
+        let drop when you call stop.</p>
+
+        <pre>
+        # cp /home/user/sysdoc/conf/etc/rc.d/iptables /etc/rc.d/
+        # vim /etc/rc.d/iptables
+        # chmod +x /etc/rc.d/iptables
+        </pre>
+
+        <h2 id="resolv">4.2. Resolver</h2>
+
+        <h2 id="wpa">4.3. Wpa and dhcpd</h2>
+
+        <p>There is more information on
+        <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a>.</p>
+
+        <pre>
+        # ip link
+        </pre>
+
+        <pre>
+        # iwlist wlp2s0 scan
+        </pre>
+
+        <pre>
+        # iwconfig wlp2s0 essid NAME key s:ABCDE12345
+        </pre>
+
+        <pre>
+        # ip addr add 192.168.1.65 dev wlp2s0
+        </pre>
+
+        <h3>4.3.1. Wpa Supplicant</h3>
+
+        <p>Configure wpa supplicant edit;</p>
+
+        <pre>
+        # vim /etc/wpa_supplicant.conf
+        </pre>
+
+        <pre>
+        ctrl_interface=/var/run/wpa_supplicant
+        update_config=1
+        fast_reauth=1
+        ap_scan=1
+        </pre>
+
+        <pre>
+        # wpa_passphrase &lt;ssid&gt; &lt;password&gt; &gt;&gt; /etc/wpa_supplicant.conf
+        </pre>
+
+        <p>Now start wpa_supplicant with:</p>
+
+        <pre>
+        # wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.conf
+        Successfully initialized wpa_supplicant
+        </pre>
+
+        <p>Use <a href="conf/etc/rc.d/wlan">/etc/rc.d/wlan</a>
+	init script to auto load wpa configuration and dhcp
+        client.</p>
+
+	<h3>4.3.2. Wpa Cli</h3>
+
+        <pre>
+        # wpa_cli
+        &gt; status
+        </pre>
+
+        <pre>
+        &gt; add_network
+        3
+        </pre>
+
+        <pre>
+        &gt; set_network 3 ssid "Valcovo-Network"
+        OK
+        </pre>
+
+        <pre>
+        &gt; set_network 3 psk "uber-secret-pass"
+        OK
+        </pre>
+
+        <pre>
+        &gt; enable_network 3
+        OK
+        </pre>
+
+        <pre>
+        &gt; list_networks
+        </pre>
+
+        <pre>
+        &gt; select_network 3
+        </pre>
+
+        <pre>
+        &gt; save_config
+        </pre>
+
+
+        <h2 id="static">4.4. Static IP</h2>
+
+        <pre>
+        # ip link
+        # ip addr flush dev ${DEV}
+        # ip route flush dev ${DEV}
+        </pre>
+
+        <pre>
+        # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+        # ip link set ${DEV} up
+        # ip route add default via ${GW}
+        </pre>
+
+        <h2 id="sysctl">4.5. Sysctl</h2>
+
+        <p>Sysctl references
+        <a href="https://wiki.archlinux.org/index.php/sysctl#TCP.2FIP_stack_hardening">Arch TCP/IP stack hardening</a>,
+        <a href="http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html">Cyberciti Nginx Hardning</a>,
+        <a href="http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/">Cyberciti Security Hardening</a>,
+        edit /etc/sysctl.conf;</p>
+
+        <pre>
+        #
+        # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5)
+        #
+
+        kernel.printk = 1 4 1 7
+
+        # Disable ipv6
+    net.ipv6.conf.all.disable_ipv6 = 1
+    net.ipv6.conf.default.disable_ipv6 = 1
+    net.ipv6.conf.lo.disable_ipv6 = 1
+
+        # Tuen IPv6
+        # net.ipv6.conf.default.router_solicitations = 0
+        # net.ipv6.conf.default.accept_ra_rtr_pref = 0
+        # net.ipv6.conf.default.accept_ra_pinfo = 0
+        # net.ipv6.conf.default.accept_ra_defrtr = 0
+        # net.ipv6.conf.default.autoconf = 0
+        # net.ipv6.conf.default.dad_transmits = 0
+        # net.ipv6.conf.default.max_addresses = 0
+
+        # Avoid a smurf attack
+        net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+        # Turn on protection for bad icmp error messages
+        net.ipv4.icmp_ignore_bogus_error_responses = 1
+
+        # Turn on syncookies for SYN flood attack protection
+        net.ipv4.tcp_syncookies = 1
+
+    ## protect against tcp time-wait assassination hazards
+    ## drop RST packets for sockets in the time-wait state
+    ## (not widely supported outside of linux, but conforms to RFC)
+    net.ipv4.tcp_rfc1337 = 1
+
+    ## tcp timestamps
+    ## + protect against wrapping sequence numbers (at gigabit speeds)
+    ## + round trip time calculation implemented in TCP
+    ## - causes extra overhead and allows uptime detection by scanners like nmap
+    ## enable @ gigabit speeds
+    net.ipv4.tcp_timestamps = 0
+    #net.ipv4.tcp_timestamps = 1
+
+        # Turn on and log spoofed, source routed, and redirect packets
+        net.ipv4.conf.all.log_martians = 1
+        net.ipv4.conf.default.log_martians = 1
+
+    ## ignore echo broadcast requests to prevent being part of smurf attacks (default)
+    net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+        # No source routed packets here
+        net.ipv4.conf.all.accept_source_route = 0
+        net.ipv4.conf.default.accept_source_route = 0
+
+    ## sets the kernels reverse path filtering mechanism to value 1(on)
+    ## will do source validation of the packet's recieved from all the interfaces on the machine
+    ## protects from attackers that are using ip spoofing methods to do harm
+        net.ipv4.conf.all.rp_filter = 1
+        net.ipv4.conf.default.rp_filter = 1
+        net.ipv6.conf.default.rp_filter = 1
+    net.ipv6.conf.all.rp_filter = 1
+
+        # Make sure no one can alter the routing tables
+        net.ipv4.conf.all.accept_redirects = 0
+        net.ipv4.conf.default.accept_redirects = 0
+        net.ipv4.conf.all.secure_redirects = 0
+        net.ipv4.conf.default.secure_redirects = 0
+
+        # Act as a router, necessary for Access Point
+        net.ipv4.ip_forward = 0
+        net.ipv4.conf.all.send_redirects = 0
+        net.ipv4.conf.default.send_redirects = 0
+
+        kernel.shmmax = 500000000
+        # Turn on execshild
+        kernel.exec-shield = 1
+        kernel.randomize_va_space = 1
+
+        # Optimization for port usefor LBs
+        # Increase system file descriptor limit
+        fs.file-max = 65535
+
+        # Allow for more PIDs (to reduce rollover problems); may break some programs 32768
+        kernel.pid_max = 65536
+
+        # Increase system IP port limits
+        net.ipv4.ip_local_port_range = 2000 65000
+
+        # Increase TCP max buffer size setable using setsockopt()
+        net.ipv4.tcp_rmem = 4096 87380 8388608
+        net.ipv4.tcp_wmem = 4096 87380 8388608
+
+        # Increase Linux auto tuning TCP buffer limits
+        # min, default, and max number of bytes to use
+        # set max to at least 4MB, or higher if you use very high BDP paths
+        # Tcp Windows etc
+        net.core.rmem_max = 8388608
+        net.core.wmem_max = 8388608
+        net.core.netdev_max_backlog = 5000
+        net.ipv4.tcp_window_scaling = 1
+
+        # End of file
+        </pre>
+
+        <p>Change to act as a router;</p>
+
+        <pre>
+    	# Act as a router, necessary for Access Point
+        net.ipv4.ip_forward = 1
+        net.ipv4.conf.all.send_redirects = 1
+        net.ipv4.conf.default.send_redirects = 1
+        </pre>
+
+
+        <p>Load new settings;</p>
+
+        <pre>
+        # sysctl -p
+        </pre>
+
+        <a href="index.html">Systools Index</a>
+        <p>
+        This is part of the SysDoc Manual.
+        Copyright (C) 2016
+        Silvino Silva.
+        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
+
+
+    </body>
+</html>