diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/apparmor.html | 402 | ||||
| -rw-r--r-- | core/conf/dracut.conf | 19 | ||||
| -rw-r--r-- | core/conf/fstab | 1 | ||||
| -rw-r--r-- | core/conf/pkgmk.conf | 10 | ||||
| -rw-r--r-- | core/conf/prt-get.conf | 32 | ||||
| -rw-r--r-- | core/conf/skel/.bashrc | 6 | ||||
| -rw-r--r-- | core/conf/skel/.profile | 3 | ||||
| -rw-r--r-- | core/conf/sysctl.conf | 17 | ||||
| -rw-r--r-- | core/index.html | 319 |
9 files changed, 448 insertions, 361 deletions
diff --git a/core/apparmor.html b/core/apparmor.html index 65ee7c3..22b5183 100644 --- a/core/apparmor.html +++ b/core/apparmor.html @@ -1,202 +1,248 @@ <!DOCTYPE html> <html dir="ltr" lang="en"> <head> - <meta charset='utf-8'> - <title>2.6.1. AppArmor</title> + <meta charset='utf-8'> + <title>2.6.1. AppArmor</title> </head> <body> - <a href="index.html">Core OS Index</a> + <a href="index.html">Core OS Index</a> - <h1>2.6.1. AppArmor</h1> + <h1>2.6.1. AppArmor</h1> - <p>Check <a href="linux.html#configure">kernel configuration</a> or - use the provided with <a href="reboot.html#linux">linux-gnu</a> port - to support apparmor. <a href="https://gitlab.com/apparmor/apparmor/wikis/home">AppArmor</a> enforce rules on applications based - on security policies. User space tools are provided by apparmor port - and its dependencies, install them;</p> + <p>Check <a href="linux.html#configure">kernel configuration</a> or + use the provided with <a href="reboot.html#linux">linux-gnu</a> port + to support apparmor. <a href="https://gitlab.com/apparmor/apparmor/wikis/home">AppArmor</a> enforce rules on applications based + on security policies.</p> - <pre> - $ sudo prt-get depinst apparmor - </pre> - <p>Enable apparmor on linux by command line, create /etc/default/grub;</p> + <h2 id="install">2.6.1.1 Install</h2> - <pre> - GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" - </pre> + <p>User space tools are provided by apparmor port + and its dependencies, install them;</p> - <p>Add SecurityFS to /etc/fstab;</p> + <pre> + $ sudo prt-get depinst apparmor + </pre> - <pre> - none /sys/kernel/security securityfs defaults 0 0 - </pre> + <p>Enable apparmor on linux by command line, create /etc/default/grub;</p> - <p>Check status;</p> + <pre> + GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor" + </pre> - <pre> - # apparmor_status - </pre> + <p>Add SecurityFS to /etc/fstab;</p> - <p>Utilities;</p> + <pre> + none /sys/kernel/security securityfs defaults 0 0 + </pre> - <pre> - aa-audit aa-disable aa-genprof aa-status - aa-autodep aa-easyprof aa-logprof aa-unconfined - aa-cleanprof aa-enabled aa-mergeprof - aa-complain aa-enforce aa-notify - aa-decode aa-exec aa-remove-unknown - </pre> + <p>Check status;</p> - <h2 id="profiles">Profiles</h2> + <pre> + # apparmor_status + </pre> - <p>Profiles are located at /etc/apparmor.d/ and - /usr/share/apparmor/extra-profiles contain profiles - that require testing;</p> - - <pre> - # cp -r /usr/share/apparmor/extra-profiles/* /etc/apparmor.d/ - # sudo rm /etc/apparmor.d/README - # bash /etc/rc.d/apparmor restart - </pre> - - <p>Profiles are parsed using - apparmor_parser;</p> - - <pre> - Usage: apparmor_parser [options] [profile] - - Options: - -------- - -a, --add Add apparmor definitions [default] - -r, --replace Replace apparmor definitions - -R, --remove Remove apparmor definitions - -C, --Complain Force the profile into complain mode - -B, --binary Input is precompiled profile - -N, --names Dump names of profiles in input. - -S, --stdout Dump compiled profile to stdout - -o n, --ofile n Write output to file n - -b n, --base n Set base dir and cwd - -I n, --Include n Add n to the search path - -f n, --subdomainfs n Set location of apparmor filesystem - -m n, --match-string n Use only features n - -M n, --features-file n Use only features in file n - -n n, --namespace n Set Namespace for the profile - -X, --readimpliesX Map profile read permissions to mr - -k, --show-cache Report cache hit/miss details - -K, --skip-cache Do not attempt to load or save cached profiles - -T, --skip-read-cache Do not attempt to load cached profiles - -W, --write-cache Save cached profile (force with -T) - --skip-bad-cache Don't clear cache if out of sync - --purge-cache Clear cache regardless of its state - --debug-cache Debug cache file checks - -L, --cache-loc n Set the location of the profile cache - -q, --quiet Don't emit warnings - -v, --verbose Show profile names as they load - -Q, --skip-kernel-load Do everything except loading into kernel - -V, --version Display version info and exit - -d [n], --debug Debug apparmor definitions OR [n] - -p, --preprocess Dump preprocessed profile - -D [n], --dump Dump internal info for debugging - -O [n], --Optimize Control dfa optimizations - -h [cmd], --help[=cmd] Display this text or info about cmd - -j n, --jobs n Set the number of compile threads - --max-jobs n Hard cap on --jobs. Default 8*cpus - --abort-on-error Abort processing of profiles on first error - --skip-bad-cache-rebuild Do not try rebuilding the cache if it is rejected by the kernel - --warn n Enable warnings (see --help=warn) - </pre> - - <h3 id="auto_profiles">Create profile with audit</h3> - - <p>Tools use log as a source to build profiles, it is - necessary to disable log rate limit;</p> - - <pre> - # sysctl -w kernel.printk_ratelimit=0 - </pre> - - <p>Start aa-genprof;</p> - - <pre> - $ sudo aa-genprof /usr/bin/lynx - </pre> - - <p>Execute application with all common application options - and parts. After initial automatic configuration enable profile in - complain mode. Use aa-logprof when rules need to be adapted.</p> - - <pre> - # aa-logprof -f /var/log/kernel - </pre> - - <p>Once profile rules become well defined enable profile in - enforce mode with aa-enforce;</p> - - <p>Monitor logs with aa-notify;</p> - - <pre> - # aa-notify --file=/var/log/kernel -u username -l - </pre> - - <p>And keep adjusting the rules with logprof;</p> - - <pre> - # aa-logprof -f /var/log/kernel - </pre> - - - <h3 id="man_profiles">Create profile manually</h3> - - <p>To create a new profile, let's say for lynx, - first find where the application is;</p> - - <pre> - $ whereis lynx - lynx: /usr/bin/lynx /usr/etc/lynx.lss /usr/etc/lynx.cfg /usr/etc/lynx.cfg~ /usr/share/man/man1/lynx.1.gz - </pre> - - <p>Now create a file with path to executable in - /etc/apparmor.d;</p> - - <pre> - # vim /etc/apparmor.d/usr.bin.lynx - </pre> - - <p>Create basic profile template;</p> - - <pre> - #include <tunables/global> - - profile lynx /usr/bin/lynx { - #include <abstractions/base> - } - </pre> - - <h3>Seed up profile loading</h3> - - <p>Every time apparmor loads a profile in text it needs - to compile into binary format, this takes some time if - there is many profiles to load at boot time. To optimize - edit /etc/apparmor/parser.conf;</p> - - <pre> - ## Turn creating/updating of the cache on by default - write-cache - </pre> - - <p>To change default location add;</p> + <p>Utilities;</p> + + <pre> + aa-audit aa-disable aa-genprof aa-status + aa-autodep aa-easyprof aa-logprof aa-unconfined + aa-cleanprof aa-enabled aa-mergeprof + aa-complain aa-enforce aa-notify + aa-decode aa-exec aa-remove-unknown + </pre> - <pre> - chache-loc=/var/cache/apparmor - </pre> + <h2 id="configure">6.2.1.2 Configure</h2> - <a href="index.html">Core OS Index</a> - <p>This is part of the Tribu System Documentation. - Copyright (C) 2020 - Tribu Team. - See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> - for copying conditions.</p> + <p>Profiles are located at /etc/apparmor.d/ and + /usr/share/apparmor/extra-profiles contain profiles + that require testing;</p> + + <pre> + # cp -r /usr/share/apparmor/extra-profiles/* /etc/apparmor.d/ + # sudo rm /etc/apparmor.d/README + # bash /etc/rc.d/apparmor restart + </pre> + + <h2 id="profiles">6.2.1.3 Profiles</h2> + + <p>Profiles are parsed using + apparmor_parser;</p> + + <pre> + Usage: apparmor_parser [options] [profile] + + Options: + -------- + -a, --add Add apparmor definitions [default] + -r, --replace Replace apparmor definitions + -R, --remove Remove apparmor definitions + -C, --Complain Force the profile into complain mode + -B, --binary Input is precompiled profile + -N, --names Dump names of profiles in input. + -S, --stdout Dump compiled profile to stdout + -o n, --ofile n Write output to file n + -b n, --base n Set base dir and cwd + -I n, --Include n Add n to the search path + -f n, --subdomainfs n Set location of apparmor filesystem + -m n, --match-string n Use only features n + -M n, --features-file n Use only features in file n + -n n, --namespace n Set Namespace for the profile + -X, --readimpliesX Map profile read permissions to mr + -k, --show-cache Report cache hit/miss details + -K, --skip-cache Do not attempt to load or save cached profiles + -T, --skip-read-cache Do not attempt to load cached profiles + -W, --write-cache Save cached profile (force with -T) + --skip-bad-cache Don't clear cache if out of sync + --purge-cache Clear cache regardless of its state + --debug-cache Debug cache file checks + -L, --cache-loc n Set the location of the profile cache + -q, --quiet Don't emit warnings + -v, --verbose Show profile names as they load + -Q, --skip-kernel-load Do everything except loading into kernel + -V, --version Display version info and exit + -d [n], --debug Debug apparmor definitions OR [n] + -p, --preprocess Dump preprocessed profile + -D [n], --dump Dump internal info for debugging + -O [n], --Optimize Control dfa optimizations + -h [cmd], --help[=cmd] Display this text or info about cmd + -j n, --jobs n Set the number of compile threads + --max-jobs n Hard cap on --jobs. Default 8*cpus + --abort-on-error Abort processing of profiles on first error + --skip-bad-cache-rebuild Do not try rebuilding the cache if it is rejected by the kernel + --warn n Enable warnings (see --help=warn) + </pre> + + <h2 id="audit">2.6.1.4 Profile with audit</h2> + + <p>Tools use log as a source to build profiles, it is + necessary to disable log rate limit;</p> + + <pre> + # sysctl -w kernel.printk_ratelimit=0 + </pre> + + <p>Start aa-genprof;</p> + + <pre> + $ sudo aa-genprof /usr/bin/lynx + </pre> + + <p>Execute application with all common application options + and parts. After initial automatic configuration enable profile in + complain mode.</p> + + <pre> + $ sudo aa-complain lynx + </pre> + + <p>Use aa-logprof when rules need to be adapted.</p> + + <pre> + # aa-logprof -f /var/log/kernel + </pre> + + <p>Reload profile with the new settings;</p> + + <pre> + # apparmor_parser -r lynx + </pre> + + <p>Once profile rules become well defined enable profile in + enforce mode with aa-enforce;</p> + + <p>Monitor logs with aa-notify;</p> + + <pre> + # aa-notify --file=/var/log/kernel -u username -l + </pre> + + <p>And keep adjusting the rules with logprof;</p> + + <pre> + # aa-logprof -f /var/log/kernel + </pre> + + <h2 id="edit">2.6.1.5 Edit profiles</h2> + + <h3>File Globing</h3> + + <dl> + <dt>/dir/file</dt><dd>match a specific file</dd> + <dt>/dir/*</dt><dd>match any files in a directory (including dot files)</dd> + <dt>/dir/a*</dt><dd>match any file in a directory starting with 'a'</dd> + <dt>/dir/*.png</dt><dd>match any file in a directory ending with '.png'</dd> + <dt>/dir/[^.]*</dt><dd>match any file in a directory except dot files</dd> + <dt>/dir/</dt><dd>match a directory</dd> + <dt>/dir/*/</dt><dd>match any directory within /dir/</dd> + <dt>/dir/a*/</dt><dd>match any directory within /dir/ starting with a</dd> + <dt>/dir/*a/</dt><dd>match any directory within /dir/ ending with a</dd> + <dt>/dir/**</dt><dd>match any file or directory in or below /dir/</dd> + <dt>/dir/**/</dt><dd>match any directory in or below /dir/</dd> + <dt>/dir/**[^/]</dt><dd>match any file in or below /dir/</dd> + <dt>/dir{,1,2}/**</dt><dd> - match any file or directory in or below /dir/, /dir1/, and /dir2/</dd> + </dl> + + <h3>File Permissions</h3> + + <dl> + <dt>r</dt><dd>read</dd> + <dt>w</dt><dd>write</dd> + <dt>a</dt><dd>append (implied by w)</dd> + <dt>m</dt><dd>memory map executable</dd> + <dt>k</dt><dd>lock (requires r or w, AppArmor 2.1 and later)</dd> + <dt>l</dt><dd>link</dd> + + <dt>x</dt><dd>execute</dd> + </dl> + + <dl> + <dt>ux</dt><dd>Execute unconfined (preserve environment) -- WARNING: should only be used in very special cases</dd> + <dt>Ux</dt><dd>Execute unconfined (scrub the environment)</dd> + <dt>px</dt><dd>Execute under a specific profile (preserve the environment) -- WARNING: should only be used in special cases</dd> + <dt>Px</dt><dd>Execute under a specific profile (scrub the environment)</dd> + <dt>pix</dt><dd>as px but fallback to inheriting the current profile if the target profile is not found</dd> + <dt>Pix</dt><dd>as Px but fallback to inheriting the current profile if the target profile is not found</dd> + <dt>pux</dt><dd>as px but fallback to executing unconfined if the target profile is not found</dd> + <dt>Pux</dt><dd>as Px but fallback to executing unconfined if the target profile is not found</dd> + <dt>ix<dt><dd>Execute and inherit the current profile</dd> + <dt>cx<dt><dd>Execute and transition to a child profile (preserve the environment)</dd> + <dt>Cx<dt><dd>Execute and transition to a child profile (scrub the environment)</dd> + <dt>cix<dt><dd>as cx but fallback to inheriting the current profile if the target profile is not found</dd> + <dt>Cix<dt><dd>as Cx but fallback to inheriting the current profile if the target profile is not found</dd> + <dt>cux<dt><dd>as cx but fallback to executing unconfined if the target profile is not found</dd> + <dt>Cux<dt><dd>as Cx but fallback to executing unconfined if the target profile is not found</dd> + </dl> + + <p>The owner keyword can be used as a qualifier making permission conditional on owning the file (process fsuid == file's uid).</p> + + <p>Read <a href="https://gitlab.com/apparmor/apparmor/-/wikis/QuickProfileLanguage">Profile Language</a> for more information.</p> + + <h2 id="speedup">2.6.1.6 Speedup startup</h2> + + <p>Every time apparmor loads a profile in text it needs + to compile into binary format, this takes some time if + there is many profiles to load at boot time. To optimize + edit /etc/apparmor/parser.conf;</p> + + <pre> + ## Turn creating/updating of the cache on by default + write-cache + </pre> + + <p>To change default location add;</p> + + <pre> + chache-loc=/var/cache/apparmor + </pre> + + <a href="index.html">Core OS Index</a> + <p>This is part of the Tribu System Documentation. + Copyright (C) 2020 + Tribu Team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> </body> </html> diff --git a/core/conf/dracut.conf b/core/conf/dracut.conf new file mode 100644 index 0000000..eda69fd --- /dev/null +++ b/core/conf/dracut.conf @@ -0,0 +1,19 @@ +# PUT YOUR CONFIG IN separate files +# in /etc/dracut.conf.d named "<name>.conf" + +# Equivalent to -H +hostonly="no" + +# Mount / and /usr read-only by default. +ro_mnt="yes" + +# Equivalent to -m "module module module" +dracutmodules+="dash kernel-modules rootfs-block udev-rules usrmount base fs-lib shutdown" + +# Equivalent to -a "module" +add_dracutmodules+="caps debug crypt lvm" + +# Equivalent to -o "module" +omit_dracutmodules+="systemd systemd-bootchart systemd-networkd systemd-initrd" + +# SEE man dracut.conf(5) for options diff --git a/core/conf/fstab b/core/conf/fstab index 99fead9..23dd98c 100644 --- a/core/conf/fstab +++ b/core/conf/fstab @@ -25,6 +25,7 @@ none /sys/kernel/security securityfs defau devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 shm /dev/shm tmpfs defaults 0 0 tmp /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,size=128M 0 0 + UUID=3b408790-65e1-4638-9591-7ba61f266913 /boot ext4 defaults,ro,noatime 0 2 UUID=962D-0DE1 /boot/efi vfat ro,noauto,umask=0077 0 2 UUID=f2336a56-fbe6-444c-bdbf-f0e6c209c237 /var ext4 defaults,nodev,noexec,nosuid,errors=remount-ro 0 2 diff --git a/core/conf/pkgmk.conf b/core/conf/pkgmk.conf index 643abcc..3ae582d 100644 --- a/core/conf/pkgmk.conf +++ b/core/conf/pkgmk.conf @@ -12,18 +12,14 @@ export MAKEFLAGS="-j $JOBS" # ccache settings #export PATH="/usr/lib/ccache/:$PATH" #export CCACHE_DIR="/usr/ports/ccache" -#export CCACHE_COMPILERCHECK="%compiler% -dumpversion; crux" - -# compile using ccache and distcc #export CCACHE_PREFIX="distcc" -#export DISTCC_HOSTS="localhost/4 c11/2" +#export CCACHE_COMPILERCHECK="%compiler% -dumpversion; crux" ## compile using distcc without ccache -#export PATH="/usr/lib/distcc/:$PATH" -#export DISTCC_HOSTS="localhost/4,lzo,cpp xborg/4,lzo,cpp" -#export PUMP_BUILD=yes +##export PATH="/usr/lib/distcc/:$PATH" # distcc settings +#export DISTCC_HOSTS="localhost/4,lzo,cpp xborg/4,lzo,cpp" #export JOBS=$(/usr/bin/distcc -j 2> /dev/null) #export DISTCC_DIR="/usr/ports/distcc" #export MAKEFLAGS="-j ${JOBS}" diff --git a/core/conf/prt-get.conf b/core/conf/prt-get.conf index 8e88333..d248d24 100644 --- a/core/conf/prt-get.conf +++ b/core/conf/prt-get.conf @@ -4,18 +4,31 @@ # note: the order matters: the package found first is used prtdir /usr/ports/core +prtdir /usr/ports/ports prtdir /usr/ports/opt prtdir /usr/ports/xorg +prtdir /usr/ports/contrib +prtdir /usr/ports/mate +#prtdir /usr/ports/kde5 +#prtdir /usr/ports/romster +#prtdir /usr/ports/tb +#prtdir /usr/ports/timcowchip +#prtdir /usr/ports/6c37 +#prtdir /usr/ports/nilp +#prtdir /usr/ports/nullspoon +#prtdir /usr/ports/dbrooke +#prtdir /usr/ports/pitillo + +# 6c37 team provides a collection with freetype-iu, fontconfig-iu +# and cairo-iu ports. +# the following line enables the user maintained contrib collection +# prtdir /usr/ports/6c37-dropin +# prtdir /usr/ports/6c37 + # the following line enables the multilib compat-32 collection #prtdir /usr/ports/compat-32 -# the following line enables the user maintained contrib collection -prtdir /usr/ports/contrib -prtdir /usr/ports/ports -prtdir /usr/ports/mate -prtdir /usr/ports/kde5 - ### use mypackage form local directory # prtdir /home/packages/build:mypackage @@ -23,7 +36,7 @@ prtdir /usr/ports/kde5 writelog enabled # (enabled|disabled) logmode overwrite # (append|overwrite) rmlog_on_success yes # (no|yes) -logfile /usr/ports/pkgbuild/%n.log +logfile /usr/ports/pkgbuild/%n-%v-%r.log # path, %p=path to port dir, %n=port name # %v=version, %r=release @@ -34,7 +47,7 @@ logfile /usr/ports/pkgbuild/%n.log readme verbose # (verbose|compact|disabled) ### prefer higher versions in sysup / diff -preferhigher yes # (yes|no) +preferhigher yes # (yes|no) ### use regexp search # useregex no # (yes|no) @@ -43,10 +56,11 @@ preferhigher yes # (yes|no) ### --install-scripts option runscripts yes # (no|yes) + ### EXPERT SECTION ### ### alternative commands -makecommand sudo -H -u pkgmk fakeroot pkgmk +makecommand sudo -H -u pkgmk -g pkgmk fakeroot pkgmk addcommand sudo pkgadd removecommand sudo pkgrm runscriptcommand sudo sh diff --git a/core/conf/skel/.bashrc b/core/conf/skel/.bashrc index 55d1c78..f562e3c 100644 --- a/core/conf/skel/.bashrc +++ b/core/conf/skel/.bashrc @@ -55,9 +55,9 @@ gloga () { alias tmux="tmux -2" # Virtual Crux machine -alias c1.ank="ssh c1.ank -t tmux a" -alias c2.ank="ssh c2.ank -t tmux a" -alias c9.ank="ssh c9.ank -t tmux a" +alias c1.ank="ssh c1 -t tmux a" +alias c2.ank="ssh c2 -t tmux a" +alias c9.ank="ssh c9 -t tmux a" alias pkg_mirror="pkg_bin -f /usr/ports/mirror_bin_db" alias pkg_update="pkg_bin -r /usr/ports/mirror_bin_db" diff --git a/core/conf/skel/.profile b/core/conf/skel/.profile index 1c8aa8b..7e15d10 100644 --- a/core/conf/skel/.profile +++ b/core/conf/skel/.profile @@ -11,7 +11,8 @@ function start_agent { echo succeeded chmod 600 "${SSH_ENV}" . "${SSH_ENV}" > /dev/null - /usr/bin/ssh-add; + # KEY_NAME with default key to load + /usr/bin/ssh-add ~/.ssh/KEY_NAME; } # Source SSH settings, if applicable diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index 3cc54d1..2a8723b 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -34,6 +34,8 @@ kernel.kptr_restrict = 2 # net.core.bpf_jit_enable = 0 +# harden all code +net.core.bpf_jit_harden = 2 # Increase Linux auto tuning TCP buffer limits # min, default, and max number of bytes to use @@ -54,13 +56,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -#net.ipv6.conf.default.router_solicitations = 0 -#net.ipv6.conf.default.accept_ra_rtr_pref = 0 -#net.ipv6.conf.default.accept_ra_pinfo = 0 -#net.ipv6.conf.default.accept_ra_defrtr = 0 -#net.ipv6.conf.default.autoconf = 0 -#net.ipv6.conf.default.dad_transmits = 0 -#net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack, ping scanning net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -140,4 +142,3 @@ net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_synack_retries = 3 # End of file - diff --git a/core/index.html b/core/index.html index 639ffda..5a914fd 100644 --- a/core/index.html +++ b/core/index.html @@ -1,164 +1,173 @@ <!DOCTYPE html> <html dir="ltr" lang="en"> <head> - <meta charset='utf-8'> - <title>Core OS</title> + <meta charset='utf-8'> + <title>Core OS</title> </head> <body> - <a href="../index.html">Documentation Index</a> - - <h1>Core OS</h1> - - <p>Core OS covers installation and configuration of - basic functionality of Crux 3.5 Gnu\Linux operating system. - This documentation try's to follow Crux HandBook installation - method diverges, for example, by only installing and - documenting gpt and grub2.<p> - - <p>Read <a href="https://crux.nu/Main/Handbook3-5">Crux HandBook</a>, - you can ask for help on freenode #crux. Check <a href="scripts/">scripts</a> - folder the install process is automated and <a href="ports/">ports</a> - for extra ports used during the installation.</p> - - <h2>1. Install Crux 3.5 Gnu/Linux</h2> - - <ul> - <li><a href="install.html">1.1. Install Crux 3.5</a> - <ul> - <li><a href="install.html#step1">1.1.1. Download</a></li> - <li><a href="install.html#step2">1.1.2. Prepare target</a></li> - <li><a href="install.html#step3">1.1.3. Prepare install</a></li> - <li><a href="install.html#step4">1.1.4. Install</a></li> - <li><a href="install.html#step5">1.1.5. Install extra packages</a></li> - <li><a href="install.html#step6">1.1.6. Install extra ports</a></li> - <li><a href="install.html#step7">1.1.7. DNS Resolver</a></li> - <li><a href="install.html#step8">1.1.8. Install Handbook</a></li> - <li><a href="install.html#step9">1.1.9. Install Skeletons</a></li> - </ul> - </li> - - <li><a href ="configure.html">1.2. Configure</a> - <ul> - <li><a href="configure.html#hostname">1.2.1. Set hostname and hosts</a></li> - <li><a href="configure.html#time">1.2.2. Set timezone</a></li> - <li><a href="configure.html#locale">1.2.3. Set lacale</a></li> - <li><a href="configure.html#user">1.2.4. Users</a></li> - <li><a href="configure.html#fstab">1.2.5. File system table</a></li> - <li><a href="configure.html#rcconf">1.2.6. Initialization scripts</a></li> - </ul> - </li> - <li><a href="reboot.html">1.3. Boot</a> - <ul> - <li><a href="reboot.html#linux">1.3.1. Kernel</a></li> - <li><a href="reboot.html#dracut">1.3.2. Dracut</a></li> - <li><a href="reboot.html#grub">1.3.3. Grub</a></li> - <li><a href="reboot.html#recover">1.3.4. Recover</a></li> - <li><a href="reboot.html#checkup">1.3.5. Checkup</a></li> - </ul> - </li> - - <li><a href="ports.html">1.4. Ports</a> - <ul> - <li><a href="ports.html#filesystem">1.4.1. Ports layout</a></li> - <li><a href="ports.html#fakeroot">1.4.2. Build as user</a></li> - <li><a href="ports.html#pkgmk">1.4.3. Configure pkgmk</a></li> - <li><a href="ports.html#prtget">1.4.4. Configure prt-get</a></li> - <li><a href="ports.html#distcc">1.4.5. Ccache and distcc</a></li> - </ul> - </li> - - - </ul> - - <h2>2. System Administration</h2> - - <ul> - - <li><a href="linux.html">2.1. Linux Kernel</a> - <ul> - <li><a href="linux.html#download">2.1.1. Download</a></li> - - <li><a href="linux.html#configure">2.1.2. Configure</a> - <ul> - <li><a href="linux.html#general">2.1.2.1. General Setup</a></li> - <li><a href="linux.html#mod">2.1.2.2, Enable loadable module support</a></li> - <li><a href="linux.html#block">2.1.2.3. Enable the block layer</a></li> - <li><a href="linux.html#proc">2.1.2.4. Processor type and features</a></li> - <li><a href="linux.html#acpi">2.1.2.5 Power management and ACPI options</a></li> - <li><a href="linux.html#bus">2.1.2.6. Bus options (PCI etc.)</a></li> - <li><a href="linux.html#exec">2.1.2.7. Executable file formats / Emulations</a></li> - <li><a href="linux.html#net">2.1.2.8. Networking support</a></li> - <li><a href="linux.html#drivers">2.1.2.9. Device Drivers</a></li> - <li><a href="linux.html#firm">2.1.2.10. Firmware Drivers</a></li> - <li><a href="linux.html#fs">2.1.2.11. File systems</a></li> - <li><a href="linux.html#hack">2.1.2.12. Kernel hacking</a></li> - <li><a href="linux.html#sec">2.1.2.13. Security options</a></li> - <li><a href="linux.html#crypt">2.1.2.14. Cryptographic API</a></li> - <li><a href="linux.html#virt">2.1.2.15. Virtualization</a></li> - <li><a href="linux.html#lib">2.1.2.16. Library routines</a></li> - </ul> - - </li> - <li><a href="linux.html#build">2.1.3. Build</a></li> - <li><a href="linux.html#install">2.1.5. Install</a></li> - <li><a href="linux.html#remove">2.1.6. Remove</a></li> - </ul> - </li> - <li><a href="network.html">2.2. Network</a> - <ul> - <li><a href="network.html#resolv">2.2.1. Resolver</a></li> - <li><a href="network.html#static">2.2.2. Static ip</a></li> - <li><a href="network.html#iptables">2.2.3. Iptables</a></li> - <li><a href="network.html#wpa">2.2.4. Wpa and dhcpd</a></li> - <li><a href="network.html#nm">2.2.5. NetworkManager</a></li> - </ul> - </li> - <li><a href="package.html">2.3. Package Management</a> - <ul> - <li><a href="package.html#sysup">2.3.1. Update system</a></li> - <li><a href="package.html#depinst">2.3.2. Install ports and dependencies</a></li> - <li><a href="package.html#ports">2.3.3. Ports collections</a></li> - <li><a href="package.html#info">2.3.3. Show port information</a></li> - <li><a href="package.html#depends">2.3.4. Show port dependencies</a></li> - <li><a href="package.html#printf">2.3.5. Print information</a></li> - </ul> - </li> - <li><a href="tty-terminal.html">2.4. Terminals and shells</a> - <ul> - <li><a href="dash.html">2.4.1. Dash</a></li> - <li><a href="bash.html">2.4.2. Bash</a></li> - <li><a href="tmux.html">2.4.3. Tmux</a></li> - </ul> - </li> - <li><a href="exim.html">2.5. Exim</a> - <ul> - <li><a href="exim.html#conf">2.5.1. Exim configuration</a></li> - <li><a href="exim.html#cert">2.5.2. Certificates</a></li> - <li><a href="exim.html#alias">2.5.3. Aliases</a></li> - <li><a href="exim.html#smarthost">2.5.4. Smarthost</a></li> - <li><a href="exim.html#fetchmail">2.5.5. Fetchmail</a></li> - </ul> - </li> - <li><a href="hardening.html">2.6. Hardening</a> - <ul> - <li><a href="apparmor.html">2.6.1. AppArmor</a></li> - <li><a href="sysctl.html">2.6.2. Sysctl</a></li> - <li><a href="toolchain.html">2.6.3. Toolchain</a></li> - <li><a href="samhain.html">2.6.4. Samhain</a></li> - </ul> - </li> - - </ul> - - <a href="../index.html">Documentation Index</a> - - <p> - This is part of the Tribu System Documentation. - Copyright (C) 2020 - Tribu Team. - See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> - for copying conditions.</p> + <a href="../index.html">Documentation Index</a> + + <h1>Core OS</h1> + + <p>Core OS covers installation and configuration of + basic functionality of Crux 3.5 Gnu\Linux operating system. + This documentation try's to follow Crux HandBook installation + method diverges, for example, by only installing and + documenting gpt and grub2.<p> + + <p>Read <a href="https://crux.nu/Main/Handbook3-5">Crux HandBook</a>, + you can ask for help on freenode #crux. Check <a href="scripts/">scripts</a> + folder the install process is automated and <a href="ports/">ports</a> + for extra ports used during the installation.</p> + + <h2>1. Install Crux 3.5 Gnu/Linux</h2> + + <ul> + <li><a href="install.html">1.1. Install Crux 3.5</a> + <ul> + <li><a href="install.html#step1">1.1.1. Download</a></li> + <li><a href="install.html#step2">1.1.2. Prepare target</a></li> + <li><a href="install.html#step3">1.1.3. Prepare install</a></li> + <li><a href="install.html#step4">1.1.4. Install</a></li> + <li><a href="install.html#step5">1.1.5. Install extra packages</a></li> + <li><a href="install.html#step6">1.1.6. Install extra ports</a></li> + <li><a href="install.html#step7">1.1.7. DNS Resolver</a></li> + <li><a href="install.html#step8">1.1.8. Install Handbook</a></li> + <li><a href="install.html#step9">1.1.9. Install Skeletons</a></li> + </ul> + </li> + + <li><a href ="configure.html">1.2. Configure</a> + <ul> + <li><a href="configure.html#hostname">1.2.1. Set hostname and hosts</a></li> + <li><a href="configure.html#time">1.2.2. Set timezone</a></li> + <li><a href="configure.html#locale">1.2.3. Set lacale</a></li> + <li><a href="configure.html#user">1.2.4. Users</a></li> + <li><a href="configure.html#fstab">1.2.5. File system table</a></li> + <li><a href="configure.html#rcconf">1.2.6. Initialization scripts</a></li> + </ul> + </li> + <li><a href="reboot.html">1.3. Boot</a> + <ul> + <li><a href="reboot.html#linux">1.3.1. Kernel</a></li> + <li><a href="reboot.html#dracut">1.3.2. Dracut</a></li> + <li><a href="reboot.html#grub">1.3.3. Grub</a></li> + <li><a href="reboot.html#recover">1.3.4. Recover</a></li> + <li><a href="reboot.html#checkup">1.3.5. Checkup</a></li> + </ul> + </li> + + <li><a href="ports.html">1.4. Ports</a> + <ul> + <li><a href="ports.html#filesystem">1.4.1. Ports layout</a></li> + <li><a href="ports.html#fakeroot">1.4.2. Build as user</a></li> + <li><a href="ports.html#pkgmk">1.4.3. Configure pkgmk</a></li> + <li><a href="ports.html#prtget">1.4.4. Configure prt-get</a></li> + <li><a href="ports.html#distcc">1.4.5. Ccache and distcc</a></li> + </ul> + </li> + + + </ul> + + <h2>2. System Administration</h2> + + <ul> + + <li><a href="linux.html">2.1. Linux Kernel</a> + <ul> + <li><a href="linux.html#download">2.1.1. Download</a></li> + + <li><a href="linux.html#configure">2.1.2. Configure</a> + <ul> + <li><a href="linux.html#general">2.1.2.1. General Setup</a></li> + <li><a href="linux.html#mod">2.1.2.2, Enable loadable module support</a></li> + <li><a href="linux.html#block">2.1.2.3. Enable the block layer</a></li> + <li><a href="linux.html#proc">2.1.2.4. Processor type and features</a></li> + <li><a href="linux.html#acpi">2.1.2.5 Power management and ACPI options</a></li> + <li><a href="linux.html#bus">2.1.2.6. Bus options (PCI etc.)</a></li> + <li><a href="linux.html#exec">2.1.2.7. Executable file formats / Emulations</a></li> + <li><a href="linux.html#net">2.1.2.8. Networking support</a></li> + <li><a href="linux.html#drivers">2.1.2.9. Device Drivers</a></li> + <li><a href="linux.html#firm">2.1.2.10. Firmware Drivers</a></li> + <li><a href="linux.html#fs">2.1.2.11. File systems</a></li> + <li><a href="linux.html#hack">2.1.2.12. Kernel hacking</a></li> + <li><a href="linux.html#sec">2.1.2.13. Security options</a></li> + <li><a href="linux.html#crypt">2.1.2.14. Cryptographic API</a></li> + <li><a href="linux.html#virt">2.1.2.15. Virtualization</a></li> + <li><a href="linux.html#lib">2.1.2.16. Library routines</a></li> + </ul> + + </li> + <li><a href="linux.html#build">2.1.3. Build</a></li> + <li><a href="linux.html#install">2.1.5. Install</a></li> + <li><a href="linux.html#remove">2.1.6. Remove</a></li> + </ul> + </li> + <li><a href="network.html">2.2. Network</a> + <ul> + <li><a href="network.html#resolv">2.2.1. Resolver</a></li> + <li><a href="network.html#static">2.2.2. Static ip</a></li> + <li><a href="network.html#iptables">2.2.3. Iptables</a></li> + <li><a href="network.html#wpa">2.2.4. Wpa and dhcpd</a></li> + <li><a href="network.html#nm">2.2.5. NetworkManager</a></li> + </ul> + </li> + <li><a href="package.html">2.3. Package Management</a> + <ul> + <li><a href="package.html#sysup">2.3.1. Update system</a></li> + <li><a href="package.html#depinst">2.3.2. Install ports and dependencies</a></li> + <li><a href="package.html#ports">2.3.3. Ports collections</a></li> + <li><a href="package.html#info">2.3.3. Show port information</a></li> + <li><a href="package.html#depends">2.3.4. Show port dependencies</a></li> + <li><a href="package.html#printf">2.3.5. Print information</a></li> + </ul> + </li> + <li><a href="tty-terminal.html">2.4. Terminals and shells</a> + <ul> + <li><a href="dash.html">2.4.1. Dash</a></li> + <li><a href="bash.html">2.4.2. Bash</a></li> + <li><a href="tmux.html">2.4.3. Tmux</a></li> + </ul> + </li> + <li><a href="exim.html">2.5. Exim</a> + <ul> + <li><a href="exim.html#conf">2.5.1. Exim configuration</a></li> + <li><a href="exim.html#cert">2.5.2. Certificates</a></li> + <li><a href="exim.html#alias">2.5.3. Aliases</a></li> + <li><a href="exim.html#smarthost">2.5.4. Smarthost</a></li> + <li><a href="exim.html#fetchmail">2.5.5. Fetchmail</a></li> + </ul> + </li> + <li><a href="hardening.html">2.6. Hardening</a> + <ul> + <li><a href="apparmor.html">2.6.1. AppArmor</a> + <ul> + <li><a href="apparmor#install">2.6.1.1 Install</h2></li> + <li><a href="apparmor#configure">6.2.1.2 Configure</h2></li> + <li><a href="apparmor#profiles">6.2.1.3 Profiles</h2></li> + <li><a href="apparmor#audit">2.6.1.4 Profile with audit</h2></li> + <li><a href="apparmor#edit">2.6.1.5 Edit profiles</h2></li> + <li><a href="apparmor#speedup">2.6.1.6 Speedup startup</h2></li> + </ul> + </li> + <li><a href="sysctl.html">2.6.2. Sysctl</a></li> + <li><a href="toolchain.html">2.6.3. Toolchain</a></li> + <li><a href="samhain.html">2.6.4. Samhain</a></li> + </ul> + </li> + + </ul> + + <a href="../index.html">Documentation Index</a> + + <p> + This is part of the Tribu System Documentation. + Copyright (C) 2020 + Tribu Team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> </body> </html> |