SSL TLS in Python – certificates

Place *.pem certificates into folder /usr/share/ca-certificatesrun update-ca-certificates

Upgrade Debianu na vyšší verzi

lsb_release -a sed -i ‚s/stretch/buster/g‘ /etc/apt/sources.list && apt update apt-get upgrade apt-get dist-upgrade

Aktualizace znapzend

wget https://github.com/oetiker/znapzend/releases/download/v0.20.0/znapzend-0.20.0.tar.gz tar zxvf znapzend-0.20.0.tar.gz cd znapzend-0.20.0 ./configure –prefix=/opt/znapzend-0.20.0 make -j4 make install rm /usr/local/bin/znapzend* rm -r /opt/znapzend/* && rmdir /opt/znapzend ln -s /opt/znapzend-0.20.0/ /opt/znapzend for x in /opt/znapzend/bin/*; do ln -s $x /usr/local/bin; done znapzend –version systemctl restart znapzend && systemctl status znapzend && tail -f /var/log/znapzend.log

Kiosk mód Chromium na Debianu

vi /opt/kiosk.sh #!/bin/bash xset -dpms xset s off xset s noblank openbox-session & start-pulseaudio-x11 # while true; do # startx /etc/kiosk.conf # openbox-session & # start-pulseaudio-x11 while true; do # x11vnc -q -bg -reopen -forever chromium –kiosk –no-first-run –disable-translate –no-default-browser-check –no-proxy-server –noerrdialogs –disable-background-mode ‚https://somewhere.cz‘ done sudo apt-get install xserver-xorg-legacy Edit /etc/X11/Xwrapper.config allowed_users=anybody needs_root_rights=yes V /etc/xdg/openbox/rc.xml […]

Rsync z Windows na Linux přes SSH

Stáhnout, rozbalit – https://www.itefix.net/cwrsync Vygenerovat SSH key – ssh-keygen rsync –chmod=770 .ssh/id_rsa.bak .ssh/id_rsa rsync -rltvDx -e „ssh -i .ssh/id_rsa -o UserKnownHostsFile=.ssh/known_hosts -T -c arcfour -o Compression=no -x“ –modify-window=1 –stats –progress –info=progress2 –timeout=60 –no-p –no-o –exclude „.m2“ –exclude „$RECYCLE.BIN“ „/cygdrive/r/folder/“ root@server:“/home/folder/“

Instalace Java 13 v Debian 10

wget https://download.java.net/java/GA/jdk13.0.2/d4173c853231432d94f001e99d882ca7/8/GPL/openjdk-13.0.2_linux-x64_bin.tar.gz sudo mkdir /usr/lib/jdk tar xvf openjdk-13*_bin.tar.gz -C /usr/lib/jdk sudo update-alternatives –install „/usr/bin/java“ „java“ „/usr/lib/jdk/jdk-13.0.2/bin/java“ 0 sudo update-alternatives –install „/usr/bin/javac“ „javac“ „/usr/lib/jdk/jdk-13.0.2/bin/javac“ 0 sudo update-alternatives –set java /usr/lib/jdk/jdk-13.0.2/bin/java sudo update-alternatives –set javac /usr/lib/jdk/jdk-13.0.2/bin/javac sudo update-alternatives –config java ln -s /usr/bin/java /bin/java

Wireguard v LXC kontejneru (Proxmox)

Na hostu (Proxmox): sudo apt-get install libmnl-dev libelf-dev pve-headers-$(uname -r) build-essential pkg-config git git clone https://git.zx2c4.com/WireGuard cd WireGuard/src make make install wg modprobe wireguard echo „wireguard“ >> /etc/modules lsmod |grep wireguard V kontejneru (LXC): lsmod |grep wireguard echo „deb http://deb.debian.org/debian/ unstable main“ > /etc/apt/sources.list.d/unstable-wireguard.list printf ‚Package: *\nPin: release a=unstable\nPin-Priority: 90\n‘ > /etc/apt/preferences.d/limit-unstable apt update && […]

Logování z mikrotiků na rsyslog server

Na Mikrotiku 7.8.9.0 (rsyslog server je 1.2.3.4): /system logging action add bsd-syslog=yes name=rsyslogserver remote=1.2.3.4 src-address=\ 7.8.9.0 syslog-facility=syslog syslog-severity=info target=remote /system logging add action=rsyslogserver prefix=info topics=info,!firewall,!system add action=rsyslogserver prefix=fw topics=firewall add action=rsyslogserver prefix=sys topics=system vi /etc/rsyslog.conf # Mikrotik $template Mikrotik,“/var/log/mikrotik/ip-%fromhost-ip%-%$YEAR%-%$MONTH%-%$DAY%.log“ :fromhost-ip, isequal, „7.8.9.0“ ?Mikrotik & stop :fromhost-ip, isequal, „7.8.9.1“ ?Mikrotik & stop

Poslání logů z filebeat do logstash znovu

Zastavit logstash Smazat vše v Elasticsearch (postman, DELETE na http://elaip:9200/_all service filebeat stop && rm /var/lib/filebeat/registry && service filebeat start Spustit logstash

Apache2 a basic zabezpečení

apache virtual host: DBDriver mysql DBDParams „host=1.2.3.4 port=3306 dbname=dbname user=dbuser pass=dbpass“ DBDMin 1 DBDKeep 1 DBDMax 10 DBDExptime 200 <Location /> AuthType Basic AuthName „Realm“ AuthBasicProvider socache dbd AuthnCacheProvideFor dbd AuthnCacheContext some-ctx Require valid-user AuthDBDUserPWQuery „SELECT passhash FROM users WHERE username = %s LIMIT 1“ </Location> sudo apt-get install apache2-dev libapr1-dev libaprutil1-dev libapr1 libapr1-dev libaprutil1-dbd-mysql […]