Na hostu (Proxmox): sudo apt-get install libmnl-dev libelf-dev pve-headers-$(uname -r) build-essential pkg-config git git clone https://git.zx2c4.com/WireGuard cd WireGuard/src make make install wg modprobe wireguard echo „wireguard“ >> /etc/modules lsmod |grep wireguard V kontejneru (LXC): lsmod |grep wireguard echo „deb http://deb.debian.org/debian/ unstable main“ > /etc/apt/sources.list.d/unstable-wireguard.list printf ‚Package: *\nPin: release a=unstable\nPin-Priority: 90\n‘ > /etc/apt/preferences.d/limit-unstable apt update && […]
Čas včetně roku v logu: sed -i -e ‚s/RSYSLOG_TraditionalFileFormat/RSYSLOG_FileFormat/g‘ /etc/rsyslog.conf && systemctl restart rsyslog Zapne logování času v ISO 8601
for disk in `lsblk -I 8 -d | tail -n +2 | awk ‚{print $ 1}’`; do sudo hdparm -I /dev/$disk | grep -e ‚Physical‘ -e ‚/dev‘ -e ‚Model‘; done
/app/nexus/bin/jsw/conf/wrapper.conf wrapper.java.command=/usr/lib/jvm/java-8-oracle/bin/java
—————————– /etc/apache2/conf-enabled/security.conf ServerSignature Off ServerTokens Prod —————————– /etc/apache2/mods-enabled/ssl.conf SSLCipherSuite AES256+EECDH:AES256+EDH:AES128+EECDH:AES128+EDH SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 SSLStrictSNIVHostCheck Off SSLCompression off SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000) —————————– vhost conf Protocols h2 http/1.1 SSLUseStapling on SSLStaplingReturnResponderErrors off SSLStaplingResponderTimeout 5 Header always set Strict-Transport-Security „max-age=63072000; includeSubDomains; preload“ Header always set X-Frame-Options DENY Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure […]
sed -i ‚s/main/main contrib non-free/g‘ /etc/apt/sources.list apt-get update apt -y install linux-headers-$(uname -r) ln -s /bin/rm /usr/bin/rm apt-get -y install zfs-dkms /sbin/modprobe zfs systemctl restart zfs-import-cache systemctl restart zfs-import-scan systemctl restart zfs-mount systemctl restart zfs-share truncate -s 100M /root/z zpool create tank /root/z zfs set compression=on tank zpool status systemctl preset zfs-import-cache zfs-import-scan zfs-mount zfs-share […]
zfs set volsize=1200g storage/iscsi/elk zfs get volsize,reservation storage/iscsi/elk virsh pool-list virsh pool-destroy elk tgt-admin –show tgt-admin –update tid=12 tgt-admin –show virsh pool-start elk virsh pool-autostart elk virsh start elk.cesal.cz sudo fdisk /dev/sda # sudo fdisk /dev/sda Welcome to fdisk (util-linux 2.29). Changes will remain in memory only, until you decide to write them. Be careful […]
apt-get install -y opendkim opendkim-tools postfix-policyd-spf-python postfix-pcre adduser postfix opendkim
Instalace a vytvoření složky apt-get -y install ipset mkdir -p /etc/ipblock/ Skript zajišťující aktualizaci seznamu IP adres #!/bin/bash echo „Updating firehol IP lists..“ cd /etc/ipblock/firehol/ git pull origin master ipset -! create alwaysallow hash:ip ipset -! create blockedips hash:net echo „Adding allowed IPs..“ ipset -q -A alwaysallow XXX.XXX.XXX.XXX ipset -q -A alwaysallow YYY.YYY.YYY.YYY tmpname=$(mktemp) echo […]
/etc/ssh/sshd_config PermitRootLogin yes sudo passwd root sudo passwd -u root service ssh reload