Haack's Wiki

User Tools

Site Tools

Trace: selfhostedwp vmserver miscadmin beaglebone
computing:miscadmin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:miscadmin [2024/01/13 00:39] oemb1905computing:miscadmin [2024/12/07 19:48] (current) oemb1905
Line 282: Line 282:
      
   mkdir ~/Repositories   mkdir ~/Repositories
-  cd ~/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git +  cd /home/user/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git 
-  sudo cp ~/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v+  sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v 
 +   
 +Unattended Upgrades
  
- --- //[[jonathan@haacksnetworking.org|oemb1905]] 2024/01/13 00:38//+  sudo apt install unattended-upgrades 
 +  sudo apt install apt-config-auto-update 
 +  sudo unattended-upgrades --dry-run --debug 
 +  sudo systemctl status unattended-upgrades 
 + 
 +Next ... ssh failed attempts 
 + 
 +  grep "Failed password" /var/log/auth.log 
 +  journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure" 
 +  faillock --user <user> 
 +  grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7-  | sort | uniq -c 
 + 
 +Display Managers (Lightdm, etc.) 
 + 
 +  sudo nano /etc/lightdm/lightdm-gtk-greeter.conf 
 +  [SeatDefaults] 
 +  allow-guest=false 
 +  greeter-hide-users=true 
 +  nano ~/.config/gtk-3.0/settings.ini 
 +  [Settings] 
 +  gtk-application-prefer-dark-theme=1 
 +  sudo nano /etc/lightdm/lightdm.conf 
 +  cd /usr/share/lightdm/light.conf.d/ 
 +   
 +Setting ufw to allow connections to only certain subnets. 
 + 
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 8006 
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 8006 
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 22 
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 22 
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 80 
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 80 
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 443 
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 443 
 + 
 +Establish NIC name using mac:ID 
 + 
 +  nano /etc/udev/rules.d/70-persistent-net.rules 
 +  SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100" 
 +   
 +Establish Nemo as default, remove desktop icons, verify nemo default 
 + 
 +  xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search 
 +  gsettings set org.gnome.desktop.background show-desktop-icons false 
 +  xdg-mime query default inode/directory 
 +   
 +Sury php 
 + 
 +  sudo apt install -y apt-transport-https lsb-release ca-certificates wget 
 +  wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg 
 +  echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list  
 +   
 +Static ipv6 in ifupdown 
 + 
 +  iface enp0s3 inet6 static 
 +    address 2001:db8:1000::
 +    netmask 64 
 +    gateway 2001:db8:1000::
 +    autoconf 0 
 +    dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844 
 +     
 +Assigning an interface a persistent name so that bridging and static ifupdown assignments don't fail on reboot. 
 + 
 +  sudo nano /etc/udev/rules.d/70-persistent-net.rules 
 +  SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="29:af:2c:34:g7:11",ATTR{type}=="1",NAME="eth100" 
 +   
 +Convert pdf to Word 
 + 
 +  libreoffice --infilter="writer_pdf_import" --convert-to docx Terms-Of-Service.pdf 
 +   
 +Instruct a client to ignore the DNS server offers made by the router on Debian.  
 + 
 +  sudo nano /etc/dhcp/dhclient.conf 
 + 
 +In that file, find the section that begins with ''request subnet-mask'' and remove domain-name-servers from it. 
 + 
 +  request subnet-mask, broadcast-address, time-offset, routers, 
 +    domain-name, __domain-name-servers__, domain-search, host-name, 
 +    dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, 
 +    netbios-name-servers, netbios-scope, interface-mtu, 
 +    rfc3442-classless-static-routes, ntp-servers; 
 + 
 +After that's removed, find the section that begins with ''prepend domain-name-servers 127.0.0.1;'' and change it as you see fit: 
 + 
 +  prepend domain-name-servers 192.168.1.20; 
 +  prepend domain-name-servers 192.168.1.21; 
 +  sudo systemctl restart networking 
 +   
 +After you restart networking, run ''cat /etc/resolv.conf'' and make sure the DNS is what you desired. In order to test whether there are DNS leaks, use tcpdump and adjust port to 53, 5335, 853, etc. 
 + 
 +  tcpdump -vv -x -X -s 1500 -i eth0 'port 853' 
 + 
 +In order to set a policy on Chrome to stop DOT, or DNS over TLS/https, do the following: 
 + 
 +  sudo nano /etc/opt/chrome/policies/managed/policies.json 
 +  { 
 +  "BrowserGuestModeEnabled": false, 
 +  "BrowserAddPersonEnabled": false, 
 +  "IncognitoModeAvailability": 1, 
 +  "DnsOverHttpsMode": false, 
 +  "ExtensionSettings": {"*": {"installation_mode": "blocked"}} 
 +  } 
 + 
 +Running Debian testing/unstable and your zfs modules suddenly won't load after a reboot and upgrade, well do the following: 
 + 
 +  sudo apt-get install linux-headers-$(uname -r) 
 + 
 +Alright .... 
 + 
 + --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/12/07 19:48//
computing/miscadmin.1705106377.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki