diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/conf/etc/dnsmasq.conf | 49 | ||||
| -rw-r--r-- | tools/conf/etc/iptables/iptables-br.sh | 95 | ||||
| -rw-r--r-- | tools/conf/etc/iptables/vlan.v4 | 214 | ||||
| -rw-r--r-- | tools/index.html | 5 | ||||
| -rw-r--r-- | tools/lvm.html | 53 | ||||
| -rw-r--r-- | tools/postgresql.html | 11 | ||||
| -rw-r--r-- | tools/qemu.html | 105 | ||||
| -rw-r--r-- | tools/scripts/autoport.sh | 24 | ||||
| -rw-r--r-- | tools/scripts/external-ports.sh | 8 | ||||
| -rw-r--r-- | tools/storage.html | 17 |
10 files changed, 358 insertions, 223 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index f8f7201..b8da62e 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -33,7 +33,7 @@ proxy-dnssec # record somewhere between the root and the domain does not exist. # The cost of setting this is that even queries in unsigned domains will need # one or more extra DNS queries to verify. -#dnssec-check-unsigned +dnssec-check-unsigned # Uncomment this to filter useless windows-originated DNS requests # which can trigger dial-on-demand links needlessly. @@ -52,7 +52,7 @@ proxy-dnssec # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf -#strict-order +strict-order # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then @@ -66,8 +66,10 @@ no-poll # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 -server=127.0.0.1#40 +#server=127.0.0.1#40 #server=213.73.91.35 +#server=37.235.1.174 +server=84.200.69.80 # Example of routing PTR queries to nameservers: this will send all # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 @@ -75,7 +77,7 @@ server=127.0.0.1#40 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/core/ +local=/c9/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -102,22 +104,27 @@ local=/core/ # than the default, edit the following lines. #user=nobody #group=nobody - +# NOT READY FOR PRODUCTION +user=root +group=root # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=lo interface=br0 +#interface=wlp7s0 # Or you can specify which interface _not_ to listen on -except-interface=wlp7s0 -except-interface=enp8s0 +#except-interface=wlp7s0 +#except-interface=enp8s0 # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) -listen-address=127.0.0.1 -#listen-address=10.0.0.1 +#listen-address=127.0.0.1 +#listen-address=10.0.0.254 +#listen-address=192.168.1.33 + # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. @@ -132,7 +139,7 @@ no-dhcp-interface=lo # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. -bind-interfaces +#bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. @@ -153,7 +160,8 @@ expand-hosts # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" -domain=core +domain=c9,10.0.0.0/8 +dhcp-option=15,c9 # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 @@ -167,7 +175,7 @@ domain=core # repeat this for each network on which you want to supply DHCP # service. #dhcp-range=192.168.0.50,192.168.0.150,12h -dhcp-range=br0,10.0.0.5,10.0.0.50,2h +dhcp-range=10.0.0.100,10.0.0.200,255.0.0.0,2h # This is an example of a DHCP range where the netmask is given. This # is needed for networks we reach the dnsmasq DHCP server via a relay @@ -239,7 +247,11 @@ dhcp-range=br0,10.0.0.5,10.0.0.50,2h # Always allocate the host with Ethernet address 11:22:33:44:55:66 # The IP address 192.168.0.60 #dhcp-host=11:22:33:44:55:66,192.168.0.60 +#dhcp-host=54:60:BE:EF:5C:72,10.0.0.2 +dhcp-host=50:67:f0:a1:bc:ab,cr1,10.0.0.1,infinite +dhcp-host=00:14:BF:6E:61:21,cr2,10.0.0.2,infinite +dhcp-host=54:60:BE:EF:5C:64,c14,10.0.0.4,infinite # Always set the name of the host with hardware address # 11:22:33:44:55:66 to be "fred" #dhcp-host=11:22:33:44:55:66,fred @@ -339,9 +351,12 @@ dhcp-range=br0,10.0.0.5,10.0.0.50,2h # are some options which are recommended, they are detailed at the # end of this section. +dhcp-option=1,255.0.0.0 + # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. -#dhcp-option=3,1.2.3.4 +#dhcp-option=3,10.0.0.1 +dhcp-option=3,10.0.0.1 # Do the same thing, but using the option name #dhcp-option=option:router,1.2.3.4 @@ -352,6 +367,9 @@ dhcp-range=br0,10.0.0.5,10.0.0.50,2h # for all other option numbers. #dhcp-option=3 +# DNS +dhcp-option=6,10.0.0.254,10.0.0.254 + # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 @@ -416,6 +434,7 @@ dhcp-range=br0,10.0.0.5,10.0.0.50,2h # Send RFC-3442 classless static routes (note the netmask encoding) #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 +dhcp-option=33,10.0.0.1 # Send vendor-class specific options encapsulated in DHCP option 43. # The meaning of the options is defined by the vendor-class so @@ -567,7 +586,7 @@ dhcp-range=br0,10.0.0.5,10.0.0.50,2h #dhcp-script=/bin/echo # Set the cachesize here. -cache-size=30000 +cache-size=60000 # If you want to disable negative caching, uncomment this. no-negcache @@ -666,7 +685,7 @@ local-ttl=60 log-queries # Log lots of extra information about DHCP transactions. -#log-dhcp +log-dhcp # Include another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf diff --git a/tools/conf/etc/iptables/iptables-br.sh b/tools/conf/etc/iptables/iptables-br.sh index 25a3331..96475f4 100644 --- a/tools/conf/etc/iptables/iptables-br.sh +++ b/tools/conf/etc/iptables/iptables-br.sh @@ -148,7 +148,8 @@ SPAMLIST="blockedip" SPAMDROPMSG="BLOCKED IP DROP" # public interface to network/internet #PUB_IF="wlp7s0" -PUB_IF="br0" +PUB_IF="enp8s0" +BR_IF="br0" PUB_IP="10.0.0.254" NET_ADDR="10.0.0.0/8" GW="10.0.0.1" @@ -186,6 +187,8 @@ echo "Starting ipv4 firewall tables..." # Unlimited on loopback $IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT $IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT +$IPT -A INPUT -i lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT +$IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT #modprobe ip_conntrack #modprobe ip_conntrack_ftp @@ -222,15 +225,21 @@ $IPT -A blocker -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP $IPT -A blocker -j RETURN ####### server input Chain ###### +echo "server_in chain: Allow to VNC Server" +$IPT -A server_in -p tcp --dport 5900 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +echo "server_in chain: Allow to DataBase Server" +$IPT -A server_in -p tcp --dport 5432 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "server_in chain: Allow to SSH server" $IPT -A server_in -p tcp --dport 2222 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "server_in chain: Allow input to HTTPS Server" $IPT -A server_in -p tcp --dport 443 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT -#echo "server_in chain: Allow input to HTTP Server" -#$IPT -A server_in -p tcp --dport 80 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +echo "server_in chain: Allow input to HTTP Server" +$IPT -A server_in -p tcp --dport 80 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "server_in chain: Allow input to DNS Server" $IPT -A server_in -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT $IPT -A server_in -p tcp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +echo "server_in chain: Allow output from GIT server" +$IPT -A server_in -p tcp --dport 9418 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT ## Return to caller $IPT -A server_in -j RETURN @@ -239,12 +248,18 @@ $IPT -A server_in -j RETURN echo "server_out chain: Allow output from DNS server" $IPT -A server_out -p udp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A server_out -p tcp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +echo "server_out chain: Allow output from GIT server" +$IPT -A server_out -p tcp --sport 9418 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT echo "server_out chain: Allow output from https server" $IPT -A server_out -p tcp --sport 443 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT -#echo "server_out chain: Allow output from http server" -#$IPT -A server_out -p tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +echo "server_out chain: Allow output from http server" +$IPT -A server_out -p tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT echo "server_out chain: Allow output from SSH server" $IPT -A server_out -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +echo "server_out chain: Allow output from Data Base server" +$IPT -A server_out -p tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +echo "FORWARD chain: Allow output from VNC server" +$IPT -A server_out -p tcp --sport 5900 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT ## Return to caller $IPT -A server_out -j RETURN @@ -260,16 +275,18 @@ echo "client_in chain: Allow input from POP3S server" $IPT -A client_in -p tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT echo "client_in chain: Allow input from SMTPS server" $IPT -A client_in -p tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -#echo "client_in chain: Allow input from HTTP Server" -#$IPT -A client_in -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +echo "client_in chain: Allow input from HTTP Server" +$IPT -A client_in -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT echo "client_in chain: Allow input from HTTPS server" $IPT -A client_in -p tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT #$IPT -A client_in -p udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT echo "client_in chain: Allow input from DNS Server" $IPT -A client_in -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT echo "client_in chain: Allow input from SSH Server" -$IPT -A client_in -p udp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -$IPT -A client_in -p udp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A client_in -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A client_in -p tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +echo "client_in chain: Allow input from GPG key Server" +$IPT -A client_in -p tcp --sport 11371 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT ## Return to caller $IPT -A client_in -j RETURN @@ -287,14 +304,17 @@ echo "client_out chain: Allow output to SMTPS server" $IPT -A client_out -p tcp --dport 465 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "client_out chain: Allow output to HTTPS server" $IPT -A client_out -p tcp --dport 443 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT -#$IPT -A client_out -p udp --dport 443 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT -##echo "Allow to HTTP server" -#$IPT -A client_out -p tcp --dport 80 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A client_out -p udp --dport 443 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +echo "Allow to HTTP server" +$IPT -A client_out -p tcp --dport 80 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "client_out chain: Allow output to DNS server" $IPT -A client_out -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT echo "client_out chain: Allow output to SSH server" -$IPT -A client_out -p tcp --dport 22 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT $IPT -A client_out -p tcp --dport 2222 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A client_out -p tcp --dport 22 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT +echo "client_out chain: Allow output to GPG key Server" +$IPT -A client_out -p tcp --dport 11371 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT + ## Return to caller $IPT -A client_out -j RETURN @@ -331,24 +351,27 @@ $IPT -A netconf_out -j RETURN ####### AP rules ###### $IPT -A FORWARD -j blocker -#$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -s ${NET_ADDR} -d ${NET_ADDR} -j ACCEPT -$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -d ${NET_ADDR} -j netconf_in -$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -d ${NET_ADDR} -j netconf_out -$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -d ${NET_ADDR} -j client_in -$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -s ${NET_ADDR} -j client_out -#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} +#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -s ${NET_ADDR} -d ${NET_ADDR} -j ACCEPT +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d ${NET_ADDR} -j netconf_in +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d ${NET_ADDR} -j netconf_out +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d ${NET_ADDR} -j client_in +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -s ${NET_ADDR} -j client_out +#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -d ${NET_ADDR} -j server_in +$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -s ${NET_ADDR} -j server_out + +#$IPT -t nat -A POSTROUTING -o ${BR_IF} -j SNAT --to ${PUB_IP} ####### Input Chain ###### $IPT -A INPUT -j blocker -$IPT -A INPUT -i ${PUB_IF} -j server_in -$IPT -A INPUT -i ${PUB_IF} -j client_in -$IPT -A INPUT -i ${PUB_IF} -j netconf_in +$IPT -A INPUT -i ${BR_IF} -s ${NET_ADDR} -d ${PUB_IP} -j server_in +$IPT -A INPUT -i ${BR_IF} -d ${NET_ADDR} -j client_in +$IPT -A INPUT -i ${BR_IF} -j netconf_in ####### Output Chain ###### $IPT -A OUTPUT -j blocker -$IPT -A OUTPUT -o ${PUB_IF} -j server_out -$IPT -A OUTPUT -o ${PUB_IF} -j client_out -$IPT -A OUTPUT -o ${PUB_IF} -j netconf_out +$IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${NET_ADDR} -j server_out +$IPT -A OUTPUT -o ${BR_IF} -s ${NET_ADDR} -j client_out +$IPT -A OUTPUT -o ${BR_IF} -j netconf_out ## log everything else and drop @@ -357,25 +380,3 @@ $IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " $IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " exit 0 - -#$IPT -A FORWARD -i ${PUB_IF} -o ${PRIV_IF} -s ${NET_ADDR} -j ACCEPT -#$IPT -A FORWARD -i ${PRIV_IF} -o ${PUB_IF} -d ${NET_ADDR} -j ACCEPT -#$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -p udp --sport 68 --dport 67 -j ACCEPT -#$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -p udp --sport 520 --dport 520 -j ACCEPT -# -## You Dirty bitch -#$IPT -A FORWARD -i ${PUB_IF} -o ${PUB_IF} -s ${NET_ADDR} -d ${NET_ADDR} -j ACCEPT - -## Unlimited on loopback -#$IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT -##$IPT -A OUTPUT -o lo -d ${PRIV_IP} -j ACCEPT -# -## Unlimited on local -#$IPT -A OUTPUT -o ${PRIV_IF} -j ACCEPT -# -### less logs -# - -#echo "Allow output DHCP protocol" -#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -s ${NET_ADDR} -d ${NET_ADDR} -j ACCEPT - diff --git a/tools/conf/etc/iptables/vlan.v4 b/tools/conf/etc/iptables/vlan.v4 index 7954521..61da499 100644 --- a/tools/conf/etc/iptables/vlan.v4 +++ b/tools/conf/etc/iptables/vlan.v4 @@ -1,112 +1,136 @@ -# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 +# Generated by iptables-save v1.6.2 on Tue Apr 3 02:25:27 2018 *security -:INPUT ACCEPT [85:6694] +:INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [3:179] +:OUTPUT ACCEPT [0:0] COMMIT -# Completed on Wed Mar 15 20:53:45 2017 -# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 +# Completed on Tue Apr 3 02:25:27 2018 +# Generated by iptables-save v1.6.2 on Tue Apr 3 02:25:27 2018 *raw -:PREROUTING ACCEPT [97:7863] -:OUTPUT ACCEPT [3:179] +:PREROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] COMMIT -# Completed on Wed Mar 15 20:53:45 2017 -# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 +# Completed on Tue Apr 3 02:25:27 2018 +# Generated by iptables-save v1.6.2 on Tue Apr 3 02:25:27 2018 *nat -:PREROUTING ACCEPT [6:683] -:INPUT ACCEPT [2:138] -:OUTPUT ACCEPT [2:131] -:POSTROUTING ACCEPT [2:131] +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Wed Mar 15 20:53:45 2017 -# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 +# Completed on Tue Apr 3 02:25:27 2018 +# Generated by iptables-save v1.6.2 on Tue Apr 3 02:25:27 2018 *mangle -:PREROUTING ACCEPT [8:624] -:INPUT ACCEPT [8:624] +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT -# Completed on Wed Mar 15 20:53:45 2017 -# Generated by iptables-save v1.6.1 on Wed Mar 15 20:53:45 2017 +# Completed on Tue Apr 3 02:25:27 2018 +# Generated by iptables-save v1.6.2 on Tue Apr 3 02:25:27 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -:ACCEPTLOG - [0:0] -:DROPLOG - [0:0] -:REJECTLOG - [0:0] -:RELATED_ICMP - [0:0] -:SYN_FLOOD - [0:0] --A INPUT -i lo -j ACCEPT --A INPUT -p icmp -m limit --limit 1/sec --limit-burst 2 -j ACCEPT --A INPUT -p icmp -m limit --limit 1/sec --limit-burst 2 -j LOG --log-prefix "PING-DROP:" --A INPUT -p icmp -j DROP --A INPUT -p icmp -f -j DROPLOG --A INPUT -p icmp -m state --state ESTABLISHED -m limit --limit 3/sec --limit-burst 8 -j ACCEPT --A INPUT -p icmp -m state --state RELATED -m limit --limit 3/sec --limit-burst 8 -j RELATED_ICMP --A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 8 -j ACCEPT --A INPUT -p icmp -j DROPLOG --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP --A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP --A INPUT -m state --state INVALID -j DROP --A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP --A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP --A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROPLOG --A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYN_FLOOD --A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROPLOG --A INPUT -f -j DROPLOG --A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT --A INPUT -j DROPLOG --A FORWARD -p icmp -f -j DROPLOG --A FORWARD -p icmp -j DROPLOG --A FORWARD -m state --state INVALID -j DROP --A FORWARD -j REJECTLOG --A OUTPUT -o lo -j ACCEPT --A OUTPUT -p icmp -j ACCEPT --A OUTPUT -p icmp -f -j DROPLOG --A OUTPUT -p icmp -m state --state ESTABLISHED -m limit --limit 3/sec --limit-burst 8 -j ACCEPT --A OUTPUT -p icmp -m state --state RELATED -m limit --limit 3/sec --limit-burst 8 -j RELATED_ICMP --A OUTPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 8 -j ACCEPT --A OUTPUT -p icmp -j DROPLOG --A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state INVALID -j DROP --A OUTPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT --A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT --A OUTPUT -j DROPLOG --A ACCEPTLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: ACCEPT " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options --A ACCEPTLOG -j ACCEPT --A DROPLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: DROP " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options --A DROPLOG -j DROP --A REJECTLOG -m limit --limit 3/sec --limit-burst 8 -j LOG --log-prefix "iptables: REJECT " --log-level 7 --log-tcp-sequence --log-tcp-options --log-ip-options --A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset --A REJECTLOG -j REJECT --reject-with icmp-port-unreachable --A RELATED_ICMP -p icmp -m icmp --icmp-type 3 -j ACCEPT --A RELATED_ICMP -p icmp -m icmp --icmp-type 11 -j ACCEPT --A RELATED_ICMP -p icmp -m icmp --icmp-type 12 -j ACCEPT --A RELATED_ICMP -j DROPLOG --A SYN_FLOOD -m limit --limit 2/sec --limit-burst 6 -j RETURN --A SYN_FLOOD -j DROP +:blocker - [0:0] +:client_in - [0:0] +:client_out - [0:0] +:netconf_in - [0:0] +:netconf_out - [0:0] +:server_in - [0:0] +:server_out - [0:0] +-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT +-A INPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -i lo -j ACCEPT +-A INPUT -j blocker +-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j server_in +-A INPUT -d 10.0.0.0/8 -i br0 -j client_in +-A INPUT -i br0 -j netconf_in +-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7 +-A FORWARD -j blocker +-A FORWARD -d 10.0.0.0/8 -i br0 -o br0 -j netconf_in +-A FORWARD -d 10.0.0.0/8 -i br0 -o br0 -j netconf_out +-A FORWARD -d 10.0.0.0/8 -i br0 -o br0 -j client_in +-A FORWARD -s 10.0.0.0/8 -i br0 -o br0 -j client_out +-A FORWARD -s 10.0.0.0/8 -i br0 -o br0 -j server_out +-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7 +-A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT +-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -o lo -j ACCEPT +-A OUTPUT -j blocker +-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j server_out +-A OUTPUT -s 10.0.0.0/8 -o br0 -j client_out +-A OUTPUT -o br0 -j netconf_out +-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7 +-A blocker -s 8.8.0.0/24 -j LOG --log-prefix "iptables: blocker google: " --log-level 7 +-A blocker -s 8.8.0.0/24 -j DROP +-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7 +-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP +-A blocker -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: " +-A blocker -f -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: " +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP +-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs" +-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: " +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: " +-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP +-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP +-A blocker -j RETURN +-A client_in -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -p tcp -m tcp --sport 11371 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A client_in -j RETURN +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -p tcp -m tcp --sport 1024:65535 --dport 11371 -m state --state NEW,ESTABLISHED -j ACCEPT +-A client_out -j RETURN +-A netconf_in -p udp -m udp --sport 68 --dport 67 -j ACCEPT +-A netconf_in -s 10.0.0.0/8 -d 10.0.0.0/8 -p udp -m udp --sport 520 --dport 520 -j ACCEPT +-A netconf_in -p icmp -j LOG --log-prefix "iptables: netconf_in ICMP: " --log-level 7 +-A netconf_in -p icmp -j ACCEPT +-A netconf_in -j RETURN +-A netconf_out -s 10.0.0.0/8 -d 10.0.0.0/8 -p udp -m udp --sport 67 --dport 68 -j ACCEPT +-A netconf_out -s 10.0.0.0/8 -d 10.0.0.0/8 -p udp -m udp --sport 520 --dport 520 -j ACCEPT +-A netconf_out -p icmp -j LOG --log-prefix "iptables: netconf_out ICMP: " --log-level 7 +-A netconf_out -p icmp -j ACCEPT +-A netconf_out -j RETURN +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 5900 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT +-A server_in -j RETURN +-A server_out -p udp -m udp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +-A server_out -p tcp -m tcp --sport 5900 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A server_out -j RETURN COMMIT -# Completed on Wed Mar 15 20:53:45 2017 +# Completed on Tue Apr 3 02:25:27 2018 diff --git a/tools/index.html b/tools/index.html index 2f84114..1c4eb00 100644 --- a/tools/index.html +++ b/tools/index.html @@ -78,8 +78,9 @@ </li> <li><a href="storage.html">Storage</a> <ul> - <li><a href="storage.html#maint">1. Maintenance</a></li> + <li><a href="storage.html#fsck">1. Maintenance</a></li> <li><a href="storage.html#mv">2. Moving data</a></li> + <li><a href="storage.html#resize">2. Resize</a></li> </ul> </li> <li><a href="lvm.html">LVM</a> @@ -88,7 +89,7 @@ <li><a href="lvm.html#pv">2. Create physical volume</a></li> <li><a href="lvm.html#vg">3. Create volume group</a></li> <li><a href="lvm.html#lv">4. Create logical volume</a></li> - <li><a href="lvm.html#maint">5. Maintenance</a></li> + <li><a href="lvm.html#fsck">5. Maintenance</a></li> </ul> </li> <li><a href="syslog-ng.html">Syslog-ng</a> diff --git a/tools/lvm.html b/tools/lvm.html index 898a8d3..b6c7678 100644 --- a/tools/lvm.html +++ b/tools/lvm.html @@ -16,11 +16,6 @@ <a href="https://wiki.archlinux.org/index.php/Software_RAID_and_LVM">Arch Wiki</a> article about Sofware RAID and LVM.</p> - <p>Basic idea behind RAID is to deal with independent disks - as an array of drives. Raid 0 uses two or more disks as one, - with performance gains without fault-tolerance. From raid 1 - to 6 they offer diferent fault tolerance mechanisms.</p> - <p>LVM or Logic Volume Manager bring one more layer, read <a href="http://www.tuxradar.com/content/lvm-made-easy">Lvm made easy</a>. Partitions under lvm are easy to be resized, moved and there is @@ -28,6 +23,12 @@ disk names exp; production, development, backups...</p> + <p>Basic idea behind RAID is to deal with independent disks + as an array of drives. Raid 0 uses two or more disks as one, + with performance gains without fault-tolerance. From raid 1 + to 6 they offer diferent fault tolerance mechanisms.</p> + + <p>Until now "from install" there is only one partition, it is good idea to have a system with diferent partitions for each propos. If is a "fresh install";</p> @@ -40,17 +41,19 @@ <h2 id="lvmpart">1. LVM Partition</h2> - <p>Create a LVM partition, fdisk should - show something like this;</p> + <p>There is no need to create a partition with fdisk or parted + if all device will be used for lvm, just <a href="#pv">pvcreate</a> + against the device (pvcreate /dev/sda).</p> + + <p>Create a LVM partition with parted;</p> <pre> - # parted /dev/sda + parted --script ${DEV} \ + unit mib \ + mkpart primary 1000 4000 \ + set 1 lvm on </pre> - <p>I use defaults unless to define system partition last sector, - where in this example is size, +80G</p> - - <h2 id="pv">2. Create physical volume</h2> <pre> @@ -125,7 +128,31 @@ # </pre> - <h2 id="maint">5. Maintenance</h2> + <h2 id="fsck">5. Maintenance</h2> + + <h3 id="resize">Resize</h3> + + <p>First umount all lvm partitions;</p> + + <pre> + # pvs + </pre> + + <pre> + # pvresize /dev/sdb + </pre> + + <pre> + # vgs + </pre> + + <pre> + # lvresize --resizefs --size +25GB /dev/mapper/vg_system-lv_ports + </pre> + + <pre> + # vgs + </pre> <h2 id="encrypt">7. Encryption</h2> diff --git a/tools/postgresql.html b/tools/postgresql.html index 0399ec6..155f30c 100644 --- a/tools/postgresql.html +++ b/tools/postgresql.html @@ -300,15 +300,18 @@ db_flyspray=# create schema public; </pre> - <h3 id="backup">7.4. Backup</h3> + <h2 id="backup">8. Backup</h3> + <h3>8.1. Dump databases</h3> - <p>Backup Database</p> + <pre> + $ pg_dumpall -U postgres | gzip > cluster_dump.gz + </pre> - <h3 id="backup">7.5. Restore</h3> + <h3>8.2. Restore</h3> <pre> - $ psql db_flyspray < database_dump + $ gzip -c cluster_dump.gz | psql -U postgres </pre> <a href="index.html">Tools Index</a> diff --git a/tools/qemu.html b/tools/qemu.html index f79b955..e32d03f 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -46,12 +46,14 @@ $ qemu-img create -f qcow2 crux-img.qcow2 2000M </pre> + <h3 id="mount">2.1. Mount images</h3> + <p>Qemu disk images can be treated as regular disks using qemu disk network block device server;</p> <pre> $ sudo modprobe nbd - $ sudo qemu-nbd -c /dev/nbd0 /crux-img.qcow2 + $ sudo qemu-nbd -c /dev/nbd0 crux-img.qcow2 </pre> <p>Information about preparing @@ -64,10 +66,10 @@ parted --script ${DEV} \ mklabel gpt \ unit mib \ - mkpart primary 1 3 \ + mkpart primary 2 4 \ set 1 bios_grub on \ name 1 grub \ - mkpart ESP fat32 3 59 \ + mkpart ESP fat32 4 59 \ set 2 boot on \ name 2 efi \ mkpart primary ext4 103 200 \ @@ -122,7 +124,68 @@ $ sudo qemu-nbd -d /dev/nbd0 </pre> - <h2 id="net">2. Network</h2> + <h3 id="resize">2.2. Resize images</h3> + + <p>Verify disk image information;</p> + + <pre> + $ qemu-img info c1-storage.qcow2 + </pre> + + <pre> + image: c1-storage.qcow2 + file format: qcow2 + virtual size: 10G (10737418240 bytes) + disk size: 7.6G + cluster_size: 65536 + Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + corrupt: false + $ + </pre> + + <p>In this example is added 25G to the image;</p> + + <pre> + $ qemu-img resize c1-storage.qcow2 +25G + </pre> + + <p>Read <a href="lvm.html#resize">lvm resize</a> if image + is using lvm, or use resize2fs. If size is not provided to resize2fs, + by default it will grow file system to all partition;</p> + + <pre> + $ sudo qemu-nbd -c /dev/nbd0 /srv/qemu/img/c1-server.qcow2 + </pre> + + <pre> + # kpartx -a -s -l -u /dev/nbd0 + GPT:Primary header thinks Alt. header is not at the end of the disk. + GPT:Alternate GPT header not at the end of the disk. + GPT: Use GNU Parted to correct GPT errors. + + # parted /dev/nbd0 + GNU Parted 3.2 + Using /dev/nbd0 + Welcome to GNU Parted! Type 'help' to view a list of commands. + (parted) print + Warning: Not all of the space available to /dev/nbd0 appears to be used, you can + fix the GPT to use all of the space (an extra 16777216 blocks) or continue with + the current setting? + Fix/Ignore? Fix + + (parted) resize 3 100% + (parted) quit + </pre> + + <pre> + # resize2fs /dev/mapper/nbd0p3 + # e2fsck /dev/mapper/nbd0p3 + </pre> + + <h2 id="net">3. Network</h2> <p>Network configuration;</p> @@ -140,7 +203,7 @@ KERNEL=="tun", GROUP="kvm", MODE="0660", OPTIONS+="static_node=net/tun" </pre> - <h3>2.1. Routing</h3> + <h3>3.1. Routing</h3> <p>Create interface with correct permissions set for kvm group.</p> @@ -152,7 +215,7 @@ # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE </pre> - <h3>2.2. Public Bridge</h3> + <h3>3.2. Public Bridge</h3> <p>Create <a href="network.html#bridge">bridge</a>, create new tap and add it to bridge;</p> @@ -162,7 +225,7 @@ ADDR=10.0.0.254 NET=10.0.0.0 - GW=192.168.1.254 + GW=10.0.0.1 MASK=24 # one tap for each cpu core @@ -213,7 +276,7 @@ # End of file </pre> - <h2 id="guest">Guest System</h2> + <h2 id="guest">4. Guest System</h2> <p>See <a href="scripts/runvm/runvm.sh">scripts/runvm/runvm.sh</a>, as template. Example scripts;</p> @@ -253,7 +316,7 @@ <p>Set guests machines to run under the total resolution provided by host system configure grub on the guest with gfxmode;</p> - <h3 id="guest">Guest Graphics</h3> + <h3 id="graphics">4.1. Guest Graphics</h3> <p>Get current resolution on host machine;</p> @@ -275,7 +338,7 @@ # update-grub </pre> - <h3 id="sound">Guest Sound</h3> + <h3 id="sound">4.2. Guest Sound</h3> <p>Check if DMAR is enable on kernel configuration, Intel and AMD uses different technology. To check on @@ -298,11 +361,12 @@ other="-soundhw hda -vga std -display sdl" </pre> - <h3 id="sound">Guest USB</h3> + <h3 id="usb">4.3. Guest USB</h3> <pre> # lsusb # ls /dev/v4l + # ls /dev/bus/usb </pre> <pre> @@ -319,9 +383,26 @@ mac="54:60:be:ef:5c:72" other="-soundhw hda -vga std -display sdl -usb -device usb-host,vendorid=0x13d3,productid=0x5652" </pre> + + <h2 id="bootusb">5. Boot iso on usb</h2> + + <pre> + # lsusb + # ls /dev/bus/usb + </pre> + + <pre> + # chown root:kvm /dev/bus/usb/003/012 + </pre> + + + <pre> + $ qemu-system-x86_64 -m 512 -enable-kvm -vnc :0 -usb -device usb-host,hostbus=3,hostaddr=12 + </pre> + <a href="index.html">Tools Index</a> <p>This is part of the c9 Manual. - Copyright (C) 2016 + Copyright (C) 2018 c9 team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> diff --git a/tools/scripts/autoport.sh b/tools/scripts/autoport.sh deleted file mode 100644 index 9965936..0000000 --- a/tools/scripts/autoport.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Root Directory -DIR=$(dirname "$PWD"); - -DIR_CONF=$DIR"/conf" -COL_DIR=$DIR"/c9-ports/" - -#rm ck4up.conf -for port in ${COL_DIR}*/ ; do - - echo "Checking port $port" - # (cd $port && git clean -f -d . ) - # prtwash -p -s $port - prtverify -m clean-repo $port - - #echo "${port}Pkgfile;" - #source ${port}Pkgfile; - - #echo "$name md5 ${source[0]} @TAR@" >> ck4up.conf -done - -portspage --title=c9-ports . > index.html -httpup-repgen $COL_DIR diff --git a/tools/scripts/external-ports.sh b/tools/scripts/external-ports.sh deleted file mode 100644 index 21f42cb..0000000 --- a/tools/scripts/external-ports.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -prt-get printf "%i %p %n \n" | grep "yes /usr/ports" \ - | grep -v "ports/contrib" \ - | grep -v "ports/opt" \ - | grep -v "ports/core" \ - | grep -v "ports/xorg" \ - | grep -v "ports/c9-ports" diff --git a/tools/storage.html b/tools/storage.html index 109c6fa..2fc95d4 100644 --- a/tools/storage.html +++ b/tools/storage.html @@ -9,7 +9,7 @@ <h1>Storage</h1> - <h2 id="maint">1. Maintenance</h2> + <h2 id="fsck">1. Maintenance</h2> <p>SMART provides statistics of disk firmware, this system handle errors has their occur. Badblocks detect bad blocks @@ -30,14 +30,14 @@ <h2 id="mv">2. Moving data</h2> - <p>Temp partition with 20M-50M;</dd> + <p>Temp partition with 20M-50M;</p> <pre> (parted) mkpart primary ext4 4000MiB 4050MiB </pre> <p>Ports partition with 120G allows to host sources, package - backups and ports;</dd> + backups and ports;</p> <pre> (parted) mkpart primary ext4 192000MiB 312000MiB @@ -78,6 +78,17 @@ <p>Reboot in normal mode.</p> + <h2 id="resize">2. Resize filesystem</h2> + + <p>If partition is using lvm read + <a href="lvm.html#resize">lvm resize</a>, if you are using qemu + images read <a href="qemu.html#resize">resize images</a></p> + + <pre> + # resize2fs /dev/sda3 + # e2fsck /dev/sda3 + </pre> + <a href="index.html">Tools Index</a> <p> This is part of the c9-doc Manual. |