diff options
| -rw-r--r-- | core/bash.html | 153 | ||||
| -rwxr-xr-x | core/conf/rc.d/net | 50 | ||||
| -rwxr-xr-x | core/conf/rc.d/wlan | 55 | ||||
| -rw-r--r-- | core/index.html | 82 | ||||
| -rw-r--r-- | core/linux.html | 116 | ||||
| -rw-r--r-- | core/network.html | 304 | ||||
| -rw-r--r-- | core/prtget.html | 161 | ||||
| -rw-r--r-- | core/scripts/backup-system.sh | 26 | ||||
| -rw-r--r-- | core/scripts/iptables.sh | 319 | ||||
| -rw-r--r-- | core/scripts/mkparted.sh | 9 | ||||
| -rw-r--r-- | core/tar.html | 119 | ||||
| -rw-r--r-- | core/tmux.html | 118 | ||||
| -rw-r--r-- | core/vim.html | 159 | ||||
| -rw-r--r-- | tools/index.html | 101 |
14 files changed, 1736 insertions, 36 deletions
diff --git a/core/bash.html b/core/bash.html new file mode 100644 index 0000000..ab1350d --- /dev/null +++ b/core/bash.html @@ -0,0 +1,153 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>4. Bash</title> + </head> + <body> + <a href="index.html">Systools Index</a> + + <h1 id="bash">4. Bash</h1> + + <p>First create skeleton directory to place the default user + files to be copied to its home directory by + <a href="users.html#useradd">useradd</a> command.</p> + + <pre> + $ sudo mkdir /etc/skel + </pre> + + <p>Just to be sure, setup bash as default;<p> + + <pre> + $ chsh + </pre> + + <h3>Description of configuration files</h3> + + <dl> + <dt>~/.bash_profile</dt> + <dd>Minimal file that just load .profile and then .bashrc, + in this order.</dd> + + <dt>~/.profile<dt> + <dd>Not specifically related to bash, such as + environment variables (PATH). Only for login shells (sh) + or graphical applications.</dd> + + <dt>~/.bashrc</dt> + <dd>Related to interactive command line, such as bash + alias, editor.</dd> + </dl> + + <h2 id="profile">4.1. Profile</h2> + + <p>Example of ~/.profile;</p> + + <pre> + $ sudo vim /etc/skel/.profile + </pre> + + <pre> + PATH=~/.composer/vendor/bin:${PATH} + + export GPG_AGENT_INFO # the env file does not contain the export statement + export SSH_AUTH_SOCK # enable gpg-agent for ssh + </pre> + + <h2 id="bashrc">4.2. Bash RC</h2> + + <p>Example of bashrc;</p> + + <pre> + $ sudo vim /etc/skel/.bashrc + </pre> + + <pre> + # If not running interactively, don't do anything + case $- in + *i*) ;; + *) return;; + esac + + + # check the window size after each command and, if necessary, + # update the values of LINES and COLUMNS. + shopt -s checkwinsize + + + # don't put duplicate lines or lines starting with space in the history. + # See bash(1) for more options + HISTCONTROL=ignoreboth + + # append to the history file, don't overwrite it + shopt -s histappend + + # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + HISTSIZE=1000 + HISTFILESIZE=2000 + + alias tmux="tmux -2" + + alias rm='rm -i' + #alias cp='cp -i' + alias mv='mv -i' + # Prevents accidentally clobbering files. + alias mkdir='mkdir -p' + + alias h='history' + alias j='jobs -l' + alias which='type -a' + alias ..='cd ..' + + # Generate a password + genpasswd () { + local l=$1 + [ "$l" == "" ] && l=20 + tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs + } + + # Git graph log + glog () { + git log --graph --abbrev-commit --decorate --date=relative --all + } + + if [[ -z "$TMUX" ]] ;then + ID="`tmux ls | grep -vm1 attached | cut -d: -f1`" # get the id of a deattached session + if [[ -z "$ID" ]] ;then # if not available create a new one + tmux new-session + else + tmux attach-session -t "$ID" # if available attach to it + fi + fi + </pre> + + <h2 id="bash_profile">4.3. Bash profile</h2> + + <pre> + $ sudo vim /etc/skel/.bash_profile + </pre> + + <pre> + #!/bin/bash + if [ -f ~/.profile ]; then + source ~/.profile + fi + + if [ -f ~/.bashrc ]; then + source ~/.bashrc + fi + </pre> + + + <a href="index.html">Systools Index</a> + <p> + This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + + </body> +</html> diff --git a/core/conf/rc.d/net b/core/conf/rc.d/net new file mode 100755 index 0000000..d111a25 --- /dev/null +++ b/core/conf/rc.d/net @@ -0,0 +1,50 @@ +#!/bin/sh +# +# /etc/rc.d/net: start/stop network interface +# + +# Connection type: "DHCP" or "static" +TYPE="static" + +# For "static" connections, specify your settings here: +# To see your available devices run "ip link". +DEV=enp8s0 +ADDR=192.168.1.33 +MASK=24 +GW=192.168.1.1 + +# Optional settings: +DHCPOPTS="-h $(/bin/hostname) -C resolv.conf $DEV" + +case $1 in + start) + if [ "${TYPE}" = "DHCP" ]; then + /sbin/dhcpcd ${DHCPOPTS} + else + /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + /sbin/ip link set ${DEV} up + /sbin/ip route add default via ${GW} + fi + ;; + stop) + if [ "${TYPE}" = "DHCP" ]; then + /usr/bin/pkill -F /var/run/dhcpcd-${DEV}.pid + + else + # /sbin/ip route del default + /sbin/ip route flush dev ${DEV} + /sbin/ip link set ${DEV} down + # /sbin/ip addr del ${ADDR}/${MASK} dev ${DEV} + /sbin/ip addr flush dev ${DEV} + fi + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/core/conf/rc.d/wlan b/core/conf/rc.d/wlan new file mode 100755 index 0000000..263cf42 --- /dev/null +++ b/core/conf/rc.d/wlan @@ -0,0 +1,55 @@ +#!/bin/sh +# +# /etc/rc.d/wlan: start/stop wireless interface +# +DEV=wlp7s0 + +SSD=/sbin/start-stop-daemon +PROG_DHCP=/sbin/dhcpcd +PROG_WIFI=/usr/sbin/wpa_supplicant +PID_DHCP=/var/run/dhcpcd-${DEV}.pid +PID_WIFI=/var/run/wpa_supplicant.pid + +OPTS_DHCP="-h $(/bin/hostname) -C resolv.conf $DEV" +OPTS_WIFI="-B -P $PID_WIFI -D nl80211,wext -c /etc/wpa_supplicant.conf -i $DEV" + +print_status() { + $SSD --status --pidfile $2 + case $? in + 0) echo "$1 is running with pid $(cat $2)" ;; + 1) echo "$1 is not running but the pid file $2 exists" ;; + 3) echo "$1 is not running" ;; + 4) echo "Unable to determine the program status" ;; + esac +} + +case $1 in + start) + $SSD --start --pidfile $PID_WIFI --exec $PROG_WIFI -- $OPTS_WIFI && \ + $SSD --start --pidfile $PID_DHCP --exec $PROG_DHCP -- $OPTS_DHCP + RETVAL=$? + ;; + stop) + ( $SSD --stop --retry 10 --pidfile $PID_DHCP + $SSD --stop --retry 10 --pidfile $PID_WIFI ) + RETVAL=$? + /sbin/ip link set ${DEV} down + /sbin/ip addr flush dev ${DEV} + ;; + restart) + $0 stop + $0 start + ;; + status) + print_status $PROG_WIFI $PID_WIFI + print_status $PROG_DHCP $PID_DHCP + ;; + *) + echo "Usage: $0 [start|stop|restart|status]" + ;; +esac + +exit $RETVAL + +# End of file + diff --git a/core/index.html b/core/index.html index 631aa04..6456372 100644 --- a/core/index.html +++ b/core/index.html @@ -68,65 +68,75 @@ <h2>System Administration</h2> <ul> - <li><a href="tar.html">1. Tar</a> + <li><a href="network.html">1. Network</a> <ul> - <li><a href="tar.html#tarbkup">1.1. Create Backup</a></li> - <li><a href="tar.html#tarview">1.2. View content of tar</a></li> - <li><a href="tar.html#tarextract">1.3. Extract content from tar</a></li> - <li><a href="tar.html#taradd">1.4. Add content to tar</a></li> - <li><a href="tar.html#tarrm">1.5. Remove content from tar</a></li> + <li><a href="network.html#iptables">1.1. Iptables</a></li> + <li><a href="network.html#resolv">1.2. Resolver</a></li> + <li><a href="network.html#wpa">1.3. Wpa and dhcpd</a></li> + <li><a href="network.html#static">1.4. Static ip</a></li> + <li><a href="network.html#sysctl">1.5. Sysctl</a></li> </ul> </li> - <li> - <a href="bash.html">2. Bash</a> + <li><a href="prtget.html">2. Prt-get tool</a> <ul> - <li><a href="bash.html#profile">2.1. Profile</a></li> - <li><a href="bash.html#bashrc">2.2. Bash RC</a></li> - <li><a href="bash.html#bash_profile">2.2. Bash profile</a></li> + <li><a href="prtget.html#sysup">2.1. Update system</a></li> + <li><a href="prtget.html#depinst">2.2. Install ports and dependencies</a></li> + <li><a href="prtget.html#c9ports">2.3. Activate c9-ports</a></li> + <li><a href="prtget.html#info">2.3. Show port information</a></li> + <li><a href="prtget.html#depends">2.4. Show port dependencies</a></li> + <li><a href="prtget.html#printf">2.5. Print information</a></li> </ul> </li> - <li> - <a href="vim.html">3. Vim</a> + <li><a href="linux.html">3. Linux Kernel</a> <ul> - <li><a href="vim.html#vimrc">3.1. Vim RC</a></li> - <li><a href="vim.html#color">3.2. Color schemes</a></li> - <li><a href="vim.html#spacetab">3.3. Spaces and tabs</a></li> - <li><a href="vim.html#block">3.4. Editing Files</a></li> - <li><a href="vim.html#spellcheck">3.5. Spell check</a></li> - <li><a href="vim.html#plugin">3.6. Plugins</a></li> + <li><a href="linux.html#linuxlibre">3.1. Port Linux libre</a></li> + <li><a href="linux.html#kinstall">3.2. Manual install</a></li> + <li><a href="linux.html#kuninstall">3.3. Manual remove</a></li> </ul> </li> + </ul> + <h2>System Tools</h2> - <li><a href="network.html">4. Network</a> + <ul> + <li><a href="tar.html">Tar</a> <ul> - <li><a href="network.html#iptables">4.1. Iptables</a></li> - <li><a href="network.html#resolv">4.2. Resolver</a></li> - <li><a href="network.html#wpa">4.3. Wpa and dhcpd</a></li> - <li><a href="network.html#static">4.4. Static ip</a></li> - <li><a href="network.html#sysctl">4.5. Sysctl</a></li> + <li><a href="tar.html#tarbkup">1.1. Create Backup</a></li> + <li><a href="tar.html#tarview">1.2. View content of tar</a></li> + <li><a href="tar.html#tarextract">1.3. Extract content from tar</a></li> + <li><a href="tar.html#taradd">1.4. Add content to tar</a></li> + <li><a href="tar.html#tarrm">1.5. Remove content from tar</a></li> </ul> </li> - <li><a href="prtget.html">5. Prt-get tool</a> + + <li><a href="bash.html">Bash</a> <ul> - <li><a href="prtget.html#sysup">5.1. Update system</a></li> - <li><a href="prtget.html#depinst">3.2. Install ports and dependencies</a></li> - <li><a href="prtget.html#c9ports">3.3. Activate c9-ports</a></li> - <li><a href="prtget.html#info">3.3. Show port information</a></li> - <li><a href="prtget.html#depends">3.4. Show port dependencies</a></li> - <li><a href="prtget.html#printf">3.5. Print information</a></li> + <li><a href="bash.html#profile">1.1. Profile</a></li> + <li><a href="bash.html#bashrc">1.2. Bash RC</a></li> + <li><a href="bash.html#bash_profile">1.2. Bash profile</a></li> </ul> </li> - <li><a href="linux.html">6. Linux Kernel</a> + + <li><a href="vim.html">Vim</a> <ul> - <li><a href="linux.html#linuxlibre">6.1. Port Linux libre</a></li> - <li><a href="linux.html#kinstall">6.2. Manual install</a></li> - <li><a href="linux.html#kuninstall">6.3. Manual remove</a></li> + <li><a href="vim.html#vimrc">1.1. Vim RC</a></li> + <li><a href="vim.html#color">1.2. Color schemes</a></li> + <li><a href="vim.html#spacetab">1.3. Spaces and tabs</a></li> + <li><a href="vim.html#block">1.4. Editing Files</a></li> + <li><a href="vim.html#spellcheck">1.5. Spell check</a></li> + <li><a href="vim.html#plugin">1.6. Plugins</a></li> </ul> </li> + + <li><a href="tmux.html">Tmux</a> + <ul> + <li><a href="tmux.html#cpypst">1.1. Copy Paste</a></li> + </ul> + </li> + </ul> <p> diff --git a/core/linux.html b/core/linux.html new file mode 100644 index 0000000..8a77980 --- /dev/null +++ b/core/linux.html @@ -0,0 +1,116 @@ + <!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>3. Kernel Linux</title> + </head> + <body> + + <a href="index.html">Systools Index</a> + <h1 id="kernel">3.6. Kernel Linux</h1> + + <p>Linux is a monolith kernel, a big one !!!.</p> + + <p>This instructions are done + with <a href="install.html#step6">active chroot</a> + and inside chroot;</p> + + <pre> + # chroot $CHROOT /bin/bash + </pre> + + <h2 id="#linuxlibre">3.6.1. Port Linux Libre</h2> + + <p>This will install <a href="../ports/linux-libre/">linux-libre</a> port + and dracut;</p> + + <pre> + $ prt-get depinst linux-libre + </pre> + + <h2 id="kinstall">3.6.2. Manual Install</h2> + + <p>Download Linux Source from <a href="http://linux-libre.fsfla.org/pub/linux-libre/releases/">linux libre</a>, this ensure that kernel is free of blobs.</p> + + <pre> + $ pkgmk -do + </pre> + + <p>Crux iso comes with config that you can use as + a starting point.</p> + + <pre> + + cp ../linux-4.5.5.defconfig .config + $ make oldefconfig + </pre> + + + <p>If you like <a href="https://github.com/graysky2/kernel_gcc_patch/">graysky2</a> kernel_gcc_patch (<a href="https://github.com/graysky2/kernel_gcc_patch/archive/master.zip">download master</a>) that adds more cpu options (FLAGS native)</p> + + <pre> + $ unzip kernel_gcc_patch-master.zip + </pre> + + <pre> + $ cd ~/linux-4.5.5/ + $ patch -p1 < ../kernel_gcc_patch-master/enable_additional_cpu_optimizations_fo + r_gcc_v4.9+_kernel_v3.15+.patch + patching file arch/x86/include/asm/module.h + patching file arch/x86/Kconfig.cpu + patching file arch/x86/Makefile + Hunk #1 succeeded at 85 (offset -7 lines). + patching file arch/x86/Makefile_32.cpu + </pre> + + <p><a href="https://en.wikibooks.org/wiki/Grsecurity/Configuring_and_Installing_grsecurity#Patching_Your_Kernel_with_grsecurity">Gresecurity</a></p> + + <pre> + patch -p1 < $SRC/grsecurity-3.1-4.5.5-201605291201.patch + </pre> + + <p>Configure kernel according to your current kernel + hardware support run;</p> + + <pre> + $ make localmodconfig + </pre> + + <p>This will disable all unloaded modules, + you can use localyesconfig mark all loaded + to be built in the kernel. This example + get information about which graphic + module (driver) is in use;</p> + + <pre> + # lspci -nnk | grep -i vga -A3 | grep 'in use' + Kernel driver in use: i915 + # + </pre> + + + <pre> + $ cd ~/linux-4.5.5/ + $ make -j $(nproc) all + $ sudo make modules_install + $ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-4.5.5 + $ sudo cp System.map /boot/System.map-4.5.5 + </pre> + + <h2 id="kuninstall">3.6.3. Manual Remove</h2> + + <pre> + $ sudo rm -r /lib/modules/4.5.5-gnu + $ sudo rm /boot/vmlinuz-4.5.5 + $ sudo rm /boot/System.map-4.5.5 + </pre> + + <a href="index.html">Systools Index</a> + <p>This is part of the SysDoc Manual. +Copyright (C) 2016 +Silvino Silva. +See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> +for copying conditions.</p> + + </body> +</html> diff --git a/core/network.html b/core/network.html new file mode 100644 index 0000000..e8813e2 --- /dev/null +++ b/core/network.html @@ -0,0 +1,304 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>2. Network</title> + </head> + <body> + <a href="index.html">Core Doc Index</a> + + <h1>4. Network</h1> + + <p>Examples describe a network that will be configured with + two interfaces Ethernet and Wireless. Ethernet interface will + be configured as default route, wireless interface covered here + is simple alternative to Ethernet connection.</p> + + <dl> + <dt><a href="conf/etc/rc.d/net">/etc/rc.d/net</a></dt> + <dd>Configure Ethernet interface and static or dynamic (dhcp) + connection to the router and add as default gateway.</dd> + <dt><a href="conf/etc/rc.d/wlan">/etc/rc.d/wlan</a></dt> + <dd>Configure Wireless interface, wpa_supplicant and dynamic (dhcp) + connection to router and add as default gateway.</dd> + </dl> + + <p>If is first boot after install configure iptables and + one of above described scripts then proceed to upgrade your + system.</p> + + <h2 id="iptables">4.1. Iptables</h2> + + <p>You can use + <a href="scripts/iptables.sh">iptables script</a> + at boot time and iptables-save and iptables-restore tools to + configure nat and filtering;</p> + + <pre> + # mkdir /etc/iptables + # cp conf/iptables.sh /etc/iptables/ + </pre> + + <p>Adjust iptables to your needs, then;</p> + + <pre> + # cd /etc/iptables + # sh iptables.sh + # iptables-save > rules.v4 + </pre> + + <p>Copy init script, edit if you dont like to + let drop when you call stop.</p> + + <pre> + # cp /home/user/sysdoc/conf/etc/rc.d/iptables /etc/rc.d/ + # vim /etc/rc.d/iptables + # chmod +x /etc/rc.d/iptables + </pre> + + <h2 id="resolv">4.2. Resolver</h2> + + <h2 id="wpa">4.3. Wpa and dhcpd</h2> + + <p>There is more information on + <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a>.</p> + + <pre> + # ip link + </pre> + + <pre> + # iwlist wlp2s0 scan + </pre> + + <pre> + # iwconfig wlp2s0 essid NAME key s:ABCDE12345 + </pre> + + <pre> + # ip addr add 192.168.1.65 dev wlp2s0 + </pre> + + <h3>4.3.1. Wpa Supplicant</h3> + + <p>Configure wpa supplicant edit;</p> + + <pre> + # vim /etc/wpa_supplicant.conf + </pre> + + <pre> + ctrl_interface=/var/run/wpa_supplicant + update_config=1 + fast_reauth=1 + ap_scan=1 + </pre> + + <pre> + # wpa_passphrase <ssid> <password> >> /etc/wpa_supplicant.conf + </pre> + + <p>Now start wpa_supplicant with:</p> + + <pre> + # wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.conf + Successfully initialized wpa_supplicant + </pre> + + <p>Use <a href="conf/etc/rc.d/wlan">/etc/rc.d/wlan</a> + init script to auto load wpa configuration and dhcp + client.</p> + + <h3>4.3.2. Wpa Cli</h3> + + <pre> + # wpa_cli + > status + </pre> + + <pre> + > add_network + 3 + </pre> + + <pre> + > set_network 3 ssid "Valcovo-Network" + OK + </pre> + + <pre> + > set_network 3 psk "uber-secret-pass" + OK + </pre> + + <pre> + > enable_network 3 + OK + </pre> + + <pre> + > list_networks + </pre> + + <pre> + > select_network 3 + </pre> + + <pre> + > save_config + </pre> + + + <h2 id="static">4.4. Static IP</h2> + + <pre> + # ip link + # ip addr flush dev ${DEV} + # ip route flush dev ${DEV} + </pre> + + <pre> + # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + # ip link set ${DEV} up + # ip route add default via ${GW} + </pre> + + <h2 id="sysctl">4.5. Sysctl</h2> + + <p>Sysctl references + <a href="https://wiki.archlinux.org/index.php/sysctl#TCP.2FIP_stack_hardening">Arch TCP/IP stack hardening</a>, + <a href="http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html">Cyberciti Nginx Hardning</a>, + <a href="http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/">Cyberciti Security Hardening</a>, + edit /etc/sysctl.conf;</p> + + <pre> + # + # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5) + # + + kernel.printk = 1 4 1 7 + + # Disable ipv6 + net.ipv6.conf.all.disable_ipv6 = 1 + net.ipv6.conf.default.disable_ipv6 = 1 + net.ipv6.conf.lo.disable_ipv6 = 1 + + # Tuen IPv6 + # net.ipv6.conf.default.router_solicitations = 0 + # net.ipv6.conf.default.accept_ra_rtr_pref = 0 + # net.ipv6.conf.default.accept_ra_pinfo = 0 + # net.ipv6.conf.default.accept_ra_defrtr = 0 + # net.ipv6.conf.default.autoconf = 0 + # net.ipv6.conf.default.dad_transmits = 0 + # net.ipv6.conf.default.max_addresses = 0 + + # Avoid a smurf attack + net.ipv4.icmp_echo_ignore_broadcasts = 1 + + # Turn on protection for bad icmp error messages + net.ipv4.icmp_ignore_bogus_error_responses = 1 + + # Turn on syncookies for SYN flood attack protection + net.ipv4.tcp_syncookies = 1 + + ## protect against tcp time-wait assassination hazards + ## drop RST packets for sockets in the time-wait state + ## (not widely supported outside of linux, but conforms to RFC) + net.ipv4.tcp_rfc1337 = 1 + + ## tcp timestamps + ## + protect against wrapping sequence numbers (at gigabit speeds) + ## + round trip time calculation implemented in TCP + ## - causes extra overhead and allows uptime detection by scanners like nmap + ## enable @ gigabit speeds + net.ipv4.tcp_timestamps = 0 + #net.ipv4.tcp_timestamps = 1 + + # Turn on and log spoofed, source routed, and redirect packets + net.ipv4.conf.all.log_martians = 1 + net.ipv4.conf.default.log_martians = 1 + + ## ignore echo broadcast requests to prevent being part of smurf attacks (default) + net.ipv4.icmp_echo_ignore_broadcasts = 1 + + # No source routed packets here + net.ipv4.conf.all.accept_source_route = 0 + net.ipv4.conf.default.accept_source_route = 0 + + ## sets the kernels reverse path filtering mechanism to value 1(on) + ## will do source validation of the packet's recieved from all the interfaces on the machine + ## protects from attackers that are using ip spoofing methods to do harm + net.ipv4.conf.all.rp_filter = 1 + net.ipv4.conf.default.rp_filter = 1 + net.ipv6.conf.default.rp_filter = 1 + net.ipv6.conf.all.rp_filter = 1 + + # Make sure no one can alter the routing tables + net.ipv4.conf.all.accept_redirects = 0 + net.ipv4.conf.default.accept_redirects = 0 + net.ipv4.conf.all.secure_redirects = 0 + net.ipv4.conf.default.secure_redirects = 0 + + # Act as a router, necessary for Access Point + net.ipv4.ip_forward = 0 + net.ipv4.conf.all.send_redirects = 0 + net.ipv4.conf.default.send_redirects = 0 + + kernel.shmmax = 500000000 + # Turn on execshild + kernel.exec-shield = 1 + kernel.randomize_va_space = 1 + + # Optimization for port usefor LBs + # Increase system file descriptor limit + fs.file-max = 65535 + + # Allow for more PIDs (to reduce rollover problems); may break some programs 32768 + kernel.pid_max = 65536 + + # Increase system IP port limits + net.ipv4.ip_local_port_range = 2000 65000 + + # Increase TCP max buffer size setable using setsockopt() + net.ipv4.tcp_rmem = 4096 87380 8388608 + net.ipv4.tcp_wmem = 4096 87380 8388608 + + # Increase Linux auto tuning TCP buffer limits + # min, default, and max number of bytes to use + # set max to at least 4MB, or higher if you use very high BDP paths + # Tcp Windows etc + net.core.rmem_max = 8388608 + net.core.wmem_max = 8388608 + net.core.netdev_max_backlog = 5000 + net.ipv4.tcp_window_scaling = 1 + + # End of file + </pre> + + <p>Change to act as a router;</p> + + <pre> + # Act as a router, necessary for Access Point + net.ipv4.ip_forward = 1 + net.ipv4.conf.all.send_redirects = 1 + net.ipv4.conf.default.send_redirects = 1 + </pre> + + + <p>Load new settings;</p> + + <pre> + # sysctl -p + </pre> + + <a href="index.html">Systools Index</a> + <p> + This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + + </body> +</html> diff --git a/core/prtget.html b/core/prtget.html new file mode 100644 index 0000000..5d6d714 --- /dev/null +++ b/core/prtget.html @@ -0,0 +1,161 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>5. Prt-get tool</title> + </head> + <body> + + <a href="index.html">Core Doc Index</a> + + <h1>5. Prt-get tool</h1> + + <p>For more information read crux handbook: + <a href="https://crux.nu/Handbook3-1#ntoc20">Package management front-end: prt-get</a> + </p> + + <p>For more information read crux handbook: + <a href="https://crux.nu/Main/Handbook3-2#ntoc14">Introduction to pkgutils</a>.</p> + + <dl> + <dt>pkgmk(8)</dt> + + <dd>Makes a software package. A package is an archive of + files (.pkg.tar.gz, .pkg.tar.bz2 or .pkg.tar.xz) + that can be installed using pkgadd(8).</dd> + + <dt>pkgadd(8)</dt> + + <dd>install a software package. A package is an + archive of files (.pkg.tar.gz).</dd> + + <dt>pkginfo(8)</dt> + + <dd>Displays information about software packages that + are installed on the system or that reside in a + particular directory.</dd> + + <dt>pkgrm(8)</dt> + + <dd>Removes/uninstalls a previously installed software + packages.</dd> + + <dt>prt-get(8)</dt> + + <dd>prt-get is a package management tool which + provides additional functionality to crux' package + management system. It works with the local ports tree + and is therefore fully compatible with ports(8) and + pkgmk(8)/pkgadd(8)</dd> + </dl> + + + <p>Test configuration by runing prt-get as user installing + ports that are related;</p> + + <pre> + $ prt-get depinst prt-utils prt-get-bashcompletion + </pre> + + <h2 id="sysup">3.1. Update System</h2> + + <p>Before build software get latest version of port collections;</p> + + <pre> + $ sudo ports -u + </pre> + + <p>When coming from install or there is to much updates, I prefer to + update gcc, glibc, libtool and binutils before doing a sysup;</p> + + <pre> + $ prt-get update gcc + $ prt-get update glibc + $ prt-get update libtool + $ prt-get update binutils + </pre> + + <p>Rebuild any revision dependency;</p> + + <pre> + $ prt-get update -fr $(revdep) + </pre> + + <p>Build and install updated versions of ports;</p> + + <pre> + $ prt-get sysup + </pre> + + <h2 id="depinst">3.2. Install port and dependencies</h2> + + <pre> + $ prt-grt depinst iw + $ prt-get depinst gnupg + $ prt-get depinst shorewall + $ prt-get depinst logrotate + # samhain at this point add /etc/logrotate.d/samhain + $ prt-get -if depinst samhain + $ prt-get depinst dnsmasq + $ prt-get depinst tmux + $ prt-get depinst git + </pre> + + <h3 id="sysdoc">3.3. Activate Sysdoc ports</h3> + + <p>Clone this documentation;</p> + + <pre> + $ git clone https://github.com/s1lvino/sysdoc.git + </pre> + + <p>Install sysdoc port collection;</p> + + <pre> + $ sudo cp sysdoc/ports/sysdoc.httpup /etc/ports/ + </pre> + + <p>Edit /etc/prt-get.conf to activate sysdoc collection;</p> + + <pre> + prtdir /usr/ports/sysdoc + # the following line enables the user maintained contrib collection + prtdir /usr/ports/contrib + </pre> + + <p>Get sysdoc ports;</p> + + <pre> + $ sudo ports -u sysdoc + </pre> + + <h2 id="info">3.4. Show port information</h2> + + <pre> + $ prt-get info port_name + </pre> + + <h2 id="depends">3.5. Show port dependencies</h2> + + <pre> + $ prt-get depends port_name + </pre> + + <h2 id="printf">3.6. Print information</h2> + + <p>Example how to get ports installed from contrib. Maybe there is + a "cleaner" way to this, for now is ok;</p> + + <pre> + prt-get printf "%p %i %n %v\n" | grep "/usr/ports/contrib yes" + </pre> + + <a href="index.html">Systools Index</a> + <p>This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> diff --git a/core/scripts/backup-system.sh b/core/scripts/backup-system.sh new file mode 100644 index 0000000..3fa1ab2 --- /dev/null +++ b/core/scripts/backup-system.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +echo -n "root directory you want backup (/mnt/): " +read ROOT_DIR + +echo -n "where you want to save (/home/user): " +read DEST_DIR + +echo -n "backup name (system_name): " +read BCK_NAME + +echo $DES_DIR +echo $ROOT_DIR + +tar --xattrs -zcpf $DEST_DIR/$BCK_NAME-`date '+%Y-%j-%H-%M-%S'`.tar.gz \ + --directory=$ROOT_DIR \ + --exclude=var/ports \ + --exclude=var/run \ + --exclude=usr/src \ + --exclude=mnt \ + --exclude=home \ + --exclude=dev \ + --exclude=run \ + --exclude=tmp \ + --exclude=proc \ + --exclude=sys . diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh new file mode 100644 index 0000000..b450bb3 --- /dev/null +++ b/core/scripts/iptables.sh @@ -0,0 +1,319 @@ +#!/bin/sh + +# +# XXXXXXXXXXXXXXXXXX +# XXX Network XXX +# XXXXXXXXXXXXXXXXXX +# + +# | +# v +# +-------------+ +------------------+ +# |table: filter| <---+ | table: nat | +# |chain: INPUT | | | chain: PREROUTING| +# +-----+-------+ | +--------+---------+ +# | | | +# v | v +# [local process] | **************** +--------------+ +# | +---------+ Routing decision +------> |table: filter | +# v **************** |chain: FORWARD| +# **************** +------+-------+ +# Routing decision | +# **************** | +# | | +# v **************** | +# +-------------+ +------> Routing decision <---------------+ +# |table: nat | | **************** +# |chain: OUTPUT| | + +# +-----+-------+ | | +# | | v +# v | +-------------------+ +# +--------------+ | | table: nat | +# |table: filter | +----+ | chain: POSTROUTING| +# |chain: OUTPUT | +--------+----------+ +# +--------------+ | +# v +# XXXXXXXXXXXXXXXXXX +# XXX Network XXX +# XXXXXXXXXXXXXXXXXX +# +# iptables [-t table] {-A|-C|-D} chain rule-specification +# +# iptables [-t table] {-A|-C|-D} chain rule-specification +# +# iptables [-t table] -I chain [rulenum] rule-specification +# +# iptables [-t table] -R chain rulenum rule-specification +# +# iptables [-t table] -D chain rulenum +# +# iptables [-t table] -S [chain [rulenum]] +# +# iptables [-t table] {-F|-L|-Z} [chain [rulenum]] [options...] +# +# iptables [-t table] -N chain +# +# iptables [-t table] -X [chain] +# +# iptables [-t table] -P chain target +# +# iptables [-t table] -E old-chain-name new-chain-name +# +# rule-specification = [matches...] [target] +# +# match = -m matchname [per-match-options] +# +# +# Targets +# +# can be a user defined chain +# +# ACCEPT - accepts the packet +# DROP - drop the packet on the floor +# QUEUE - packet will be stent to queue +# RETURN - stop traversing this chain and +# resume ate the next rule in the +# previeus (calling) chain. +# +# if packet reach the end of the chain or +# a target RETURN, default policy for that +# chain is applayed. +# +# Target Extensions +# +# AUDIT +# CHECKSUM +# CLASSIFY +# DNAT +# DSCP +# LOG +# Torn on kernel logging, will print some +# some information on all matching packets. +# Log data can be read with dmesg or syslogd. +# This is a non-terminating target and a rule +# should be created with matching criteria. +# +# --log-level level +# Level of logging (numeric or see sys- +# log.conf(5) +# +# --log-prefix prefix +# Prefix log messages with specified prefix +# up to 29 chars log +# +# --log-uid +# Log the userid of the process with gener- +# ated the packet +# NFLOG +# This target pass the packet to loaded logging +# backend to log the packet. One or more userspace +# processes may subscribe to the group to receive +# the packets. +# +# ULOG +# This target provides userspace logging of maching +# packets. One or more userspace processes may then +# then subscribe to various multicast groups and +# then receive the packets. +# +# +# Commands +# +# -A, --append chain rule-specification +# -C, --check chain rule-specification +# -D, --delete chain rule-specification +# -D, --delete chain rulenum +# -I, --insert chain [rulenum] rule-specification +# -R, --replace chain rulenum rule-specification +# -L, --list [chain] +# -P, --policy chain target +# +# Parameters +# +# -p, --protocol protocol +# tcp, udp, udplite, icmp, esp, ah, sctp, all +# -s, --source address[/mask][,...] +# -d, --destination address[/mask][,...] +# -j, --jump target +# -g, --goto chain +# -i, --in-interface name +# -o, --out-interface name +# -f, --fragment +# -m, --match options module-name +# iptables can use extended packet matching +# modules. +# -c, --set-counters packets bytes + +IPT="/usr/sbin/iptables" +SPAMLIST="blockedip" +SPAMDROPMSG="BLOCKED IP DROP" +PUB_IF="wlp7s0" +#PUB_IP="192.168.1.65" +#PRIV_IF="wlp3s0" + +modprobe ip_conntrack +modprobe ip_conntrack_ftp + +echo "Stopping ipv4 firewall and deny everyone..." + +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X + +echo "Starting ipv4 firewall filter table..." + +# Set Default Rules +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT DROP + +#unlimited +$IPT -A INPUT -i lo -j ACCEPT +$IPT -A OUTPUT -o lo -j ACCEPT + +# Block sync +$IPT -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 7 --log-prefix "iptables: drop sync: " +$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP + +# Block Fragments +$IPT -A INPUT -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop frag: " +$IPT -A INPUT -f -j DROP + +# Block bad stuff +$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP +$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j DROP + +$IPT -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop null: " +$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets + +$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP + +$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop xmas: " +$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS + +$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop fin scan: " +$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans + +$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP + +##### Add your AP rules below ###### + +#echo 1 > /proc/sys/net/ipv4/ip_forward +#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} +#$IPT -A FORWARD -i ${PRIV_IF} -o ${PUB_IF} -j ACCEPT +#$IPT -A FORWARD -i ${PUB_IF} -o ${PRIV_IF} -j ACCEPT + +#$IPT -A INPUT -i ${PRIV_IF} -j ACCEPT +#$IPT -A OUTPUT -o ${PRIV_IF} -j ACCEPT + +##### Server rules below ###### + +#echo "Allow ICMP" +#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/12 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/12 -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/12 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/12 -j ACCEPT + +#echo "Allow DNS Server" +#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -d 192.168.0.0/16 -j ACCEPT + +#echo "Allow HTTP and HTTPS server" +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT + +#echo "Allow ssh server" +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT + +##### Add your rules below ###### + +echo "Allow DNS Client" + +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT + +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow Whois Client" + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 43 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 43 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow HTTP Client" + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow Rsync Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow POP3S Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow SMTPS Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow NTP Client" +$IPT -A OUTPUT -o ${PUB_IF} -p udp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 123 -m state --state ESTABLISHED -j ACCEPT + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow IRC Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 6667 -m state --state NEW -j ACCEPT + +echo "Allow Active FTP Client" +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 20 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow Git" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9418 -m state --state NEW -j ACCEPT + +echo "Allow ssh client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +#echo "Allow Passive Connections" +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + + +# echo "Allow FairCoin" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 46392 -m state --state NEW,ESTABLISHED -j ACCEPT +# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 46392 -m state --state ESTABLISHED -j ACCEPT +# +# echo "Allow Dashcoin" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 29080 -m state --state NEW,ESTABLISHED -j ACCEPT +# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT +# +# echo "Allow warzone2100" +# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/12 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT +# +# echo "Allow wesnoth" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT + +##### END your rules ############ + +# log everything else and drop +$IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " +$IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " +$IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + +exit 0 diff --git a/core/scripts/mkparted.sh b/core/scripts/mkparted.sh new file mode 100644 index 0000000..b71d6b2 --- /dev/null +++ b/core/scripts/mkparted.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +DEVICE=/dev/sda + + +#parted --script /sda \ +# mklabel gpt \ +# mkpart primary 1MiB 100MiB \ +# mkpart primary 100MiB 200MiB \ diff --git a/core/tar.html b/core/tar.html new file mode 100644 index 0000000..a5dd1c4 --- /dev/null +++ b/core/tar.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>1. Tar</title> + </head> + <body> + + <a href="index.html">Systolls Index</a> + <h1>2. Tar</h1> + + + <h2 id="tarbkup">2.1. Create Backup</h2> + + <p>Script in core/scripts/<a href="scripts/backup-system.sh">backup-system.sh</a> use tldp + <a href="http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/server-backup.html">server backup</a> + and <a href="http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/server-restore.html">restore</a> + as a reference.</p> + + <pre> + #!/bin/sh + + echo -n "root directory you want backup (/mnt/): " + read ROOT_DIR + + echo -n "where you want to save (/home/user): " + read DEST_DIR + + echo -n "backup name (system_name): " + read BCK_NAME + + echo $DES_DIR + echo $ROOT_DIR + + tar --xattrs -zcpf $DEST_DIR/$BCK_NAME-`date '+%Y-%j-%H-%M-%S'`.tar.gz \ + --directory=$ROOT_DIR \ + --exclude=srv \ + --exclude=var/ports \ + --exclude=var/run \ + --exclude=usr/src \ + --exclude=mnt \ + --exclude=home \ + --exclude=dev \ + --exclude=run \ + --exclude=tmp \ + --exclude=proc \ + --exclude=sys . + </pre> + + <h2 id="tarview">1.2. View content of tar</h2> + + <p>List files inside tar;</p> + + <pre> + $tar -tvf backup.tar.gz + </pre> + + <p>To restore is better to use first t flag and then x, + this prevents any --absolute-paths problem;<p> + + <pre> + $ tar -ztvpf full-backup-11-November-2045.tar.gz > file.lst + </pre> + + <h2 id="tarextract">1.3. Extract content from tar</h2> + + <p>If you want to extrat to different directory;</p> + + <pre> + $ tar xf full-backup-11-November-2045.tar.gz --directory=/mnt + </pre> + + <p>If path is fine, extract everything;</p> + + <pre> + $ tar --xattrs -xpvf full-backup-11-November-2045.tar.gz + </pre> + + <p>Extract just one file;</p> + + <pre> + $ tar --extract --file=core.tar.gz libidn#1.32-1.pkg.tar.gz + </pre> + + <h2 id="taradd">1.4. Add content to tar</h2> + + <p>Only uncompressed tar can append files without having + to extract and compress again.</p> + + <p>First create a tar with all files in the current directory;</p> + + <pre> + $ tar cpf core.tar *.tar.gz + </pre> + + <p>List files before appending new file and after;</p> + + <pre> + $ tar -tvf core.tar + $ tar --append --file=core.tar libidn#1.32-1.pkg.tar.gz + $ tar -tvf core.tar + </pre> + + <h2 id="tarrm">1.5. Remove content of tar</h2> + + <pre> + $ tar -tvf core.tar + $ tar --delete --file=core.tar libidn#1.32-1.pkg.tar.gz + $ tar -tvf core.tar + </pre> + + <a href="index.html">Systolls Index</a> + <p> + This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> + </body> +</html> diff --git a/core/tmux.html b/core/tmux.html new file mode 100644 index 0000000..a2a7d9c --- /dev/null +++ b/core/tmux.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>6. Tmux</title> + </head> + + <body> + + <a href="index.html">Systools Index</a> + <h1 id="tmux">6. Tmux</h1> + + <p>Install tmux, improves cli work efficiency;</p> + + <pre> + $ sudo prt-get depinst tmux + </pre> + + <p>Create skeleton configuration file for users;</p> + + <pre> + $ sudo vim /etc/skel/.tumx.conf + </pre> + + <pre> + set -g default-terminal "screen-256color" + + set-window-option -g mode-keys vi + + # Vim style + # copy tmux's selection buffer into the primary X selection with PREFIX+CTRL+Y + bind-key u run "tmux save-buffer - | xsel -ib" + # copy primary X selection into tmux's selection buffer with PREFIX+CTRL+P + bind-key e run "xsel -o | tmux load-buffer -" + + bind-key -t vi-copy 'v' begin-selection + bind-key -t vi-copy 'y' copy-selection + + set-option -g set-titles on + set-option -g set-titles-string '#S> #I.#P #W' + + set -g visual-activity on + set -g monitor-activity on + set -g visual-bell on + set -g bell-action any + + ## Join windows: <prefix> s, <prefix> j + bind-key j command-prompt -p "join pane from:" "join-pane -s '%%'" + bind-key s command-prompt -p "send pane to:" "join-pane -t '%%'" + </pre> + + <p>Copy to your current home and start tmux;</p> + + <pre> + $ cp /etc/skel/.tmux.conf ~/ + $ tmux + </pre> + + <p>Get help;</p> + + <pre> + ctrl + b ? + </pre> + + <pre> + key = bind-key (default ctrl + b) + + Window + key c new window + key " split-window + key n next window + key p previous window + + Panes + key ; last-pane + key space next-layout + key ! break-pane + key { swap pane + key } swap pane + </pre> + + <h2 id="cpypst">6.1. Copy paste</h2> + + <p>This instructions are valid if tmux.conf file discribed + in this document is used;</p> + + <pre> + 1) enter copy mode using Control+b [ + 2) navigate to beginning of text, you want to select and hit v + 3) move around using arrow keys to select region + 4) when you reach end of region simply hit y to copy the region + 5) now Control+b ] will paste the selection + </pre> + + <p>Paste in X with xsel;</p> + + <pre> + 6) update buffer of xsel using Control+b u + <pre> + + <p>Copy from X with xsel;</p> + + <pre> + 0) update tmux buffer Control+b e + </pre> + + <p>Before pasting on vim, set paste mode and then set nopaste.</p> + + <a href="index.html">Systools Index</a> + <p> + This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> diff --git a/core/vim.html b/core/vim.html new file mode 100644 index 0000000..f09bbb8 --- /dev/null +++ b/core/vim.html @@ -0,0 +1,159 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>5. Vim</title> + </head> + <body> + + <a href="index.html">Systools Index</a> + <h1 id="vim">5. Vim</h1> + + <p><leader> with default configuration is key \, so when + you see <leader>-W means pressing \W</p> + + <h2 id="vimrc">5.1. Vim RC</h2> + + <p>Read + <a href="http://dougblack.io/words/a-good-vimrc.htm">"A good vimrc"</a> + for more information.</p> + + <dl> + <dt>/usr/share/vim/vimrc</dt> + <dd>System wide Vim initializations.</dd> + <dt>~/.vimrc</dt> + <dd>Your personal Vim initializations.</dd> + </dl> + + <p>Copy vimrc skeleton example, so that each user have a base to start + personalizing it;</p> + + <pre> + $ sudo cp ~/sysdoc/conf/etc/skel/.vimrc /etc/skel/ + $ sudo mkdir /etc/skel/.vim + $ sudo mkdir /etc/skel/.vim/swap + $ sudo mkdir /etc/skel/.vim/views + $ sudo mkdir /etc/skel/.vim/undodir + $ sudo mkdir /etc/skel/.vim/backup + $ wget -O wombat256mod.vim http://www.vim.org/scripts/download_script.php?src_id=4055 + $ mv wombat256mod.vim /usr/share/vim/colors/ + </pre> + + <h2 id="color">5.2. Color schemes</h2> + + <p>Default vimrc skeleton is configured to use wombat256mod, + which is installed by adduser skeleton.</p> + + <h2 id="spacetab">5.3. Split and tab</h2> + + <p>:sp</p> + + <h2 id="edit">5.4. Editing files</h2> + + <h3>Modes</h3> + + <p>To enter visual block mode press ctrl-v. To insert block + first select area then press I, insert text normally, when + you pres ESC the text will be inserted on previously selected + area.</p> + + <p>Come from background;</p> + + <pre> + $ fg + </pre> + + <h3>Moving in vim</h3> + + <p>Moving page up and page down;</p> + + <dl> + <dt>[Control][b]</dt> + <dd>Move back one full screen</dd> + <dt>[Control][f]</dt> + <dd>Move forward one full screen</dd> + <dt>[Control][d]</dt> + <dd>Move forward 1/2 screen</dd> + <dt>[Control][u]</dt> + <dd>Move back (up) 1/2 screen</dd> + </dl> + + <h3>How to use vim</h3> + + <p>In vim you can apply predefined number of times to a operator, + selection or object. For example to delete the next + two words press: d + 2 + w. List of important operators objects, + selections;</p> + <pre> + + <pre> + operator + count + object + </pre> + + <p>Operator;</p> + + <dl> + <dt>d</dt> + <dd>Delete</dd> + <dt>c</dt> + <dd>Change (d + i)</dd> + <dt>y</dt> + <dd>Copy</dd> + <dt>v</dt> + <dd>Visual Select</dd> + </dl> + + <p>Objects;</p> + <dl> + <dt>w</dt> + <dd>Word</dd> + <dt>s</dt> + <dd>Sentences</dd> + <dt>p</dt> + <dd>Paragraphs</dd> + <dt>t</dt> + <dd>Tags</dd> + </dl> + + <p>Selections are like objects, for example d + i + w + will delete "inner" word, c + a + w do the same plus + the space;</p> + + <dl> + <dt>a</dt> + <dd>All</dd> + <dt>i</dt> + <dd>in</dd> + <dt>t</dt> + <dd>Until</dd> + <dt>f</dt> + <dd>Find forward</dd> + <dt>F</dt> + <dd>Find backward</dd> + </dl> + + <p>Selection of useful combinations;</p> + <dl> + <dt>vat</dt> + <dd>Select whole tag block.</dt> + <dt>cit</dt> + <dd>Change inside tag.</dt> + <dt>yat</dt> + <dd>Copy whole tag.</dd> + </dl> + + <h2 id="spellcheck">5.5. Spell check</h2> + + <p>Press z= over the bad written word and select desired one.</p> + + <h2 id="plugin">5.6. Plugins</h2> + + <a href="index.html">Systools Index</a> + <p>This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> diff --git a/tools/index.html b/tools/index.html new file mode 100644 index 0000000..5fdcee3 --- /dev/null +++ b/tools/index.html @@ -0,0 +1,101 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>Tools</title> + </head> + <body> + + <a href="../index.html">Documentation Index</a> + <h1>Tools</h1> + + <p>Selection of system tools that extends core documentation.<p> + + <h2>System Administration</h2> + <ul> + <li><a href="pkgutils.html">Pkgutils</a></li> + <li><a href="lynx.html">Lynx</a></li> + <li><a href="irssi.html">Irssi</a></li> + <li><a href="wireless.html">Wireless</a></li> + <li><a href="nmap.html">Nmap</a></li> + <li><a href="tcpdump.html">Tcpdump</a></li> + </ul> + + <h2>System Services</h2> + <ul> + <li> + <a href="storage.html">Storage</a> + <ul> + <li><a href="storage.html#mv">Moving partitions</a></li> + <li><a href="storage.html#lvm">LVM</a></li> + <li><a href="storage.html#btrfs">BTRFS</a></li> + </ul> + </li> + + + <li> + <a href="syslog-ng.html">Syslog-ng</a> + <ul> + <li><a href="syslog-ng.html#eventlog">Install event log</a></li> + <li><a href="syslog-ng.html#install">Install syslog-ng</a></li> + <li><a href="syslog-ng.html#syslogrc">Syslog-ng RC</a></li> + <li><a href="syslog-ng.html#syslog-conf">Syslog-ng configuration</a></li> + </ul> + </li> + <li><a href="logrotate.html">Logrotate</a></li> + <li> + <a href="logwatch.html">Logwatch</a> + <ul> + <li><a href="logwatch.html#conf">Configure Logwatch</a></li> + <li><a href="logwatch.html#cron">Set cron task</a></li> + </ul> + </li> + <li> + <a href="fail2ban.html">Fail2Ban</a> + <ul> + <li><a href="fail2ban.html#conf">Configure Fail2ban</a></li> + </ul> + </li> + </ul> + <h2>Network Services</h2> + <ul> + <li> + <a href="openssh.html">OpenSSH</a> + <ul> + <li><a href="openssh.html#sshd">Server</a></li> + <li><a href="openssh.html#sshdconf">Configure Server</a></li> + <li><a href="openssh.html#ssh">Client</a></li> + <li><a href="openssh.html#reverse">Reverse connection</a></li> + </ul> + </li> + <li><a href="gitolite.html">Gitolite</a> + <ul> + <li><a href="gitolite.html#install">Install Gitolite</a></li> + <li><a href="gitolite.html#config">Configure Gitolite</a></li> + <li><a href="gitolite.html#admin">Gitolite Administration</a></li> + <li><a href="gitolite.html#hooks">Gitolite Hooks</a></li> + </ul> + </li> + <li><a href="postgresql.html">Postgresql</a> + <ul> + <li><a href="postgresql.html#install">Install Postgresql</a></li> + <li><a href="postgresql.html#config">Configure Server</a></li> + <li><a href="postgresql.html#createuser">Create User</a></li> + <li><a href="postgresql.html#createdb">Create Database</a></li> + <li><a href="postgresql.html#dropdb">Drop Database</a></li> + <li><a href="postgresql.html#dropuser">Drop User</a></li> + <li><a href="postgresql.html#psql">Psql</a></li> + </ul> + </li> + <li><a href="nginx.html">Nginx</a> + <ul> + <li><a href="nginx.html#install">Install Nginx</a></li> + <li><a href="nginx.html#logs">Logs</a></li> + <li><a href="nginx.html#userdir">User Directory</a></li> + <li><a href="nginx.html#certs">Certificates</a></li> + <li><a href="nginx.html#nginxconf">Nginx Configuration</a></li> + <li><a href="nginx.html#server">Laravel Server</a></li> + </li> + </ul> + </body> +</html> |