diff --git a/linux/bridge-stp.sh b/linux/bridge-stp.txt similarity index 100% rename from linux/bridge-stp.sh rename to linux/bridge-stp.txt diff --git a/linux/debian-readonly-root-fs.txt b/linux/debian-readonly-root-fs.txt new file mode 100644 index 0000000..2cc6678 --- /dev/null +++ b/linux/debian-readonly-root-fs.txt @@ -0,0 +1,96 @@ +### Debian GNU/Linux with read only root filesystem. + +* Example: + /dev/sda: SSD disk (solid state disk) + /dev/sdb: HDD disk (mechanical disk) + + /dev/sda1: / + /dev/sdb1: swap + /dev/sdb2: /home /tmp /var/tmp + +* Install Debian in /dev/sda1 + +* Boot Debian in /dev/sda1 + +* Update & upgrade + apt-get update + apt-get dist-upgrade + +* Mount HDD disk + mount /dev/sdb2 /mnt + +* Make /tmp directory + mkdir /mnt/tmp + chmod 1777 /mnt/tmp + chown 0.0 /mnt/tmp + +* If needed, copy all users data from SSD to HDD + rsync -av /home/ /mnt/ + rm -fr /home/* ; rm -fr /home/.* <-- CAUTION! + +* Get the UUID of the partitions + Example: + blkid + /dev/sda1: UUID="505267d4-ad80-4eae-b6ed-ebfec59e4748" TYPE="ext4" PARTUUID="60a30271-01" + /dev/sdb1: UUID="6b684928-5786-4882-af6d-b9d8c98bccf0" TYPE="swap" PARTUUID="5e1c8d9b-01" + /dev/sdb2: UUID="30e81e2b-faaa-43a4-b188-db37c13588a6" TYPE="ext4" PARTUUID="5e1c8d9b-02" + +* Edit /etc/fstab + UUID=505267d4-ad80-4eae-b6ed-ebfec59e4748 / ext4 noatime,errors=remount-ro 0 1 + UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home ext4 noatime,errors=remount-ro,x-systemd.requires=/ 0 1 + UUID=6b684928-5786-4882-af6d-b9d8c98bccf0 none swap sw 0 0 + /home/tmp /tmp none bind,x-systemd.requires=/home 0 0 + /home/tmp /var/tmp none bind,x-systemd.requires=/home 0 0 + +* For optional NFS server, add in /etc/fstab + [NFSSERVER_IP]:/path/to/nfs/share1 /media/share1 nfs _netdev,rw,noauto,user,users,noexec,nosuid,nolock,noatime,nfsvers=3,sec=sys,udp,rsize=32768,wsize=32768 0 0 + +* Reboot. Check if all working fine. + +* Install bilibop. + apt-get install bilibop + + Do you intend to install bilibop-rules on a Live System ? --> No + What kind of GRUB device map do you want to use ? --> a dynamically updated device map + +* Clean. + apt-get clean + apt-get autoremove + +* Make root filesystem as readonly. + Edit /etc/bilibop/bilibop.conf + BILIBOP_LOCKFS=true + BILIBOP_LOCKFS_POLICY=hard + BILIBOP_LOCKFS_SWAP_POLICY=soft + BILIBOP_LOCKFS_WHITELIST="UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home/tmp" + BILIBOP_LOCKFS_SIZE="/=64M" + BILIBOP_LOCKFS_NOTIFY_POLICY=never + + BILIBOP_LOCKFS_WHITELIST: partitions from /etc/fstab in read-write + mode. Whitespace separated list of mountpoints or device names + as known in fstab. + + BILIBOP_LOCKFS_SIZE: RAM size of the overlay writable branch. + Whitespace separated list of mountpoint=size pairs. + Sizes can be absolute (suffixed with k, K, m, M, g or G), + or relative to the total amount of RAM (and suffixed with %). + +* Rebuild the initram-fs. + dpkg-reconfigure bilibop-lockfs + +* Reboot. + +* Later, to make permanent changes: + Reboot + In grub menu, press 'e' to edit the item. + Add 'nolockfs'. + Press CTRL-X to boot. + + Make the changes. + + Rebuild the initram-fs. + dpkg-reconfigure bilibop-lockfs + + Reboot. + +* Done!. diff --git a/linux/debian-textonly-qemu.txt b/linux/debian-textonly-qemu.txt new file mode 100644 index 0000000..3fdafa8 --- /dev/null +++ b/linux/debian-textonly-qemu.txt @@ -0,0 +1,185 @@ +### Install text only Debian GNU/Linux as qemu guest + +* Create the hdd disk image. + qemu-img create -f qcow2 debian.qcow2 16G + +* Basic networking: NAT + As root: + tunctl -t tap0 -u username + ifconfig tap0 192.168.45.1 netmask 255.255.255.0 up + echo 1 > /proc/sys/net/ipv4/ip_forward + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +* Run qemu to install the guest operating system. + qemu-system-x86_64 \ + -name DEBIAN1 \ + -m 512 \ + -k en-us \ + -smp cpus=1 \ + -enable-kvm \ + -hda debian.qcow2 \ + -cdrom /path/to/debian-x.x.x-amd64-DVD-1.iso \ + -serial telnet::2000,server,nowait \ + -monitor tcp:127.0.0.1:4000,server,nowait \ + -curses \ + -boot d \ + -net none \ + -net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \ + -net tap,vlan=1,ifname=tap0,script=no,downscript=no + +* The text "640 x 480 Graphic mode" appears in the center of screen. + Press ESC to see the prompt "boot:". + Enter "help" to see the menu. + Press F3 to see the available boot methods. + Press F8 to see how to disable framebuffer. + To install in text mode, use: + "install vga=normal fb=false" or + "expert vga=normal fb=false" + +* Make a normal installation. + Select keyboard: EN US + +* When the installation is done, the guest machine reboot and + goes back to the CD installer. + Enter to monitor mode with ESC+2 or "telnet 127.0.0.1 4000" + from another terminal and execute "quit", or kill the qemu + process to poweroff the guest machine. + +* Disable framebuffer in the guest operating system. + + * Mount the guest hdd file. + modprobe nbd max_part=63 + qemu-nbd -c /dev/nbd0 debian.qcow2 + mount /dev/nbd0p1 /mnt/ + + * Disable framebuffer in grub. + Edit /mnt/etc/default/grub. + GRUB_TERMINAL=console + GRUB_TERMINAL_OUTPUT=console + GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset" + GRUB_CMDLINE_LINUX="vga=normal nomodeset" + GRUB_GFXPAYLOAD_LINUX="text" + + * Update grub. + mount --bind /dev /mnt/dev + mount --bind /dev/pts /mnt/dev/pts + mount --bind /proc /mnt/proc + mount --bind /sys /mnt/sys + chroot /mnt + grub-install /dev/nbd0 + grub-install --recheck /dev/nbd0 + update-grub + exit + umount /mnt/sys + umount /mnt/proc + umount /mnt/dev/pts + umount /mnt/dev + + * Umount the guest hdd file. + umount /mnt/ + qemu-nbd -d /dev/nbd0 + rmmod nbd + +* Boot the virtual machine. + qemu-system-x86_64 \ + -name DEBIAN1 \ + -m 512 \ + -k en-us \ + -smp cpus=1 \ + -enable-kvm \ + -hda debian.qcow2 \ + -serial telnet::2000,server,nowait \ + -monitor tcp:127.0.0.1:4000,server,nowait \ + -curses \ + -boot c \ + -net none \ + -net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \ + -net tap,vlan=1,ifname=tap0,script=no,downscript=no + +* In the grub menu, edit the first entry. + * Change root=/dev/nbd0p1 to root=/dev/sda1 + * CTRL-x to boot + +* Login as root. + +* Update grub. + update-grub + +* To change the keyboard layout: + dpkg-reconfigure keyboard-configuration + +* Reboot. + reboot + +* Change /etc/apt/sources.list to a mirror near you. + Disable the "deb cdrom" entry. + +* Update & upgrade. + apt-get update + apt-get dist-upgrade + +* Install packages. + apt-get install aria2 bridge-utils bmon ccrypt \ + dnsutils elinks ethtool flip fping ftp git \ + hdparm hping3 ifstat iperf3 iperf iptraf \ + joe less locate lsb-release lshw lsof lynx \ + mc mtr netdiag net-tools nload nmap nmon \ + p7zip psutils rar rename rsync screen socat \ + ssh tcpdump tcptraceroute telnet traceroute \ + tshark uml-utilities unzip vlan wput wipe \ + zip man dstat ifstat nicstat sysstat + +* Clean. + apt-get clean + apt-get autoremove + +* Disable daemons. + systemctl disable cron.service + systemctl disable rsync.service + systemctl disable rsyslog.service + systemctl disable sysstat.service + systemctl disable uml-utilities.service + systemctl disable systemd-timesyncd.service + +* If necessary, edit /etc/network/interfaces to + configure a fixed IP address. + +* Reboot. + reboot + +* Remove unnecessary files. + +* Zero out the disk. + dd if=/dev/zero of=/tmp/zero + sync + rm -f /tmp/zero + sync + poweroff + +* Shrink the disk file. + mv debian.qcow2 debian.backup + qemu-img convert -O qcow2 debian.backup debian.qcow2 + +* The debian.qcow2 file contain a clean Debian GNU/Linux. + You can make a backup for future use. + +* To start in daemon mode: + qemu-system-x86_64 \ + -name DEBIAN1 \ + -m 512 \ + -k en-us \ + -smp cpus=1 \ + -enable-kvm \ + -hda debian.qcow2 \ + -serial telnet::2000,server,nowait \ + -monitor tcp:127.0.0.1:4000,server,nowait \ + -display none \ + -daemonize \ + -boot c \ + -net none \ + -net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 -net tap,vlan=1,ifname=tap0,script=no,downscript=no \ + -net nic,model=e1000,vlan=2,macaddr=00:01:00:ff:01:02 -net socket,vlan=2,udp=127.0.0.1:9012,localaddr=:9002 \ + -net nic,model=e1000,vlan=3,macaddr=00:01:00:ff:01:03 -net socket,vlan=3,udp=127.0.0.1:9013,localaddr=:9003 \ + -net nic,model=e1000,vlan=4,macaddr=00:01:00:ff:01:04 -net socket,vlan=4,udp=127.0.0.1:9014,localaddr=:9004 + +* Done! diff --git a/linux/delay-jitter-packetloss.sh b/linux/delay-jitter-packetloss.txt similarity index 100% rename from linux/delay-jitter-packetloss.sh rename to linux/delay-jitter-packetloss.txt diff --git a/linux/interfaces.sh b/linux/interfaces.sh deleted file mode 100644 index 865ecb3..0000000 --- a/linux/interfaces.sh +++ /dev/null @@ -1,44 +0,0 @@ -# -# /etc/network/interfaces -# - -# Loopback. -auto lo -iface lo inet loopback - -# Another loopback. -auto lo:50 -iface lo:50 inet static - address 192.168.0.1 - netmask 255.255.255.255 - -# VLANs. -auto eth0 -auto eth0.100 -auto eth0.333 -auto eth0.333.400 - -# Physical interface, -iface eth0 inet manual - mtu 1508 - pre-up /sbin/ifconfig eth0 mtu 1508 - -# Vlan 100. -iface eth0.100 inet static - address - netmask - gateway - dns-nameservers - mtu 1500 - -# Vlan 333. -iface eth0.333 inet manual - mtu 1500 - up /sbin/vconfig add eth0.333 400 - -# Vlan 333.400. -iface eth0.333.400 inet static - address - netmask - mtu 1500 - pre-up /sbin/ifconfig eth0.333 up diff --git a/linux/interfaces.txt b/linux/interfaces.txt new file mode 100644 index 0000000..8fb7749 --- /dev/null +++ b/linux/interfaces.txt @@ -0,0 +1,60 @@ +# +# /etc/network/interfaces +# + +# Loopback. +auto lo +iface lo inet loopback + +# Another IPv4 loopback. +auto lo:50 +iface lo:50 inet static + address 192.168.0.1 + netmask 255.255.255.255 + +# Another IPv6 loopback. +iface lo inet6 static + address 2000:www:xxx::zzzz + netmask 128 + +# Physical interface. +auto eth0 +iface eth0 inet manual + mtu 1508 + pre-up /sbin/ifconfig eth0 mtu 1508 + +# Vlan 100: IPv4 address. +auto eth0.100 +iface eth0.100 inet static + address + netmask + gateway + dns-nameservers + mtu 1500 + +# Vlan 333. +auto eth0.333 +iface eth0.333 inet manual + mtu 1500 + up /sbin/vconfig add eth0.333 400 + +# Vlan 333.400: IPv4 address. +auto eth0.333.400 +iface eth0.333.400 inet static + address 10.10.10.2 + netmask 255.255.255.0 + mtu 1500 + pre-up /sbin/ifconfig eth0.333 up + post-up /sbin/ip route add 10.3.0.0/16 via 10.10.10.1 src 192.168.0.1 + post-up /sbin/ip route add 10.4.0.0/16 via 10.10.10.1 src 192.168.0.1 + post-up /sbin/ip route add default via 10.10.10.1 src 192.168.0.1 + +# Vlan 555: IPv6 address. +auto eth0.555 +iface eth0.555 inet6 static + address 2001:wwww:xxxx::2 + netmask 64 + mtu 1500 + post-up /sbin/ip -6 route add default via 2001:wwww:xxxx::1 src 2000:www:xxx::zzzz + +# End. diff --git a/linux/qemu-to-real-network.txt b/linux/qemu-to-real-network.txt new file mode 100644 index 0000000..6552e1c --- /dev/null +++ b/linux/qemu-to-real-network.txt @@ -0,0 +1,65 @@ +### Connect a qemu guest to real network. + +* Guest: Debian GNU/Linux - eth0 +* Host: Debian GNU/Linux - eth0.201 + + guest host host host + eth0 <---> tap0 <---> bridge0 <---> eth0.201 <---> real network + +* One time: + apt-get install bridge-utils + apt-get install uml-utilities + apt-get install vlan + +* Bridge connection with vlan + As root: + vconfig add eth0 201 + tunctl -t tap0 -u username + brctl addbr bridge0 + brctl stp bridge0 off + brctl addif bridge0 eth0.201 + brctl addif bridge0 tap0 + ifconfig eth0.201 up + ifconfig tap0 up + ifconfig bridge0 up + +* Bridge connection to physical interface + As root: + tunctl -t tap0 -u username + ifconfig eth0 0.0.0.0 + brctl addbr bridge0 + brctl stp bridge0 off + brctl addif bridge0 eth0 + brctl addif bridge0 tap0 + ifconfig eth0 up + ifconfig tap0 up + ifconfig bridge0 192.168.45.X netmask 255.255.255.0 up + route add default gw 192.168.45.Z + +* NAT connection + As root: + tunctl -t tap0 -u username + ifconfig tap0 192.168.45.1 netmask 255.255.255.0 up + echo 1 > /proc/sys/net/ipv4/ip_forward + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +* As normal user, run the qemu guest: + qemu-system-x86_64 \ + -name DEVICE1 \ + -m 512 \ + -smp cpus=1 \ + -enable-kvm \ + -hda device1.qcow2 \ + -serial telnet::2000,server,nowait \ + -monitor tcp:127.0.0.1:4000,server,nowait \ + -display none \ + -daemonize \ + -net none \ + -net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \ + -net nic,model=e1000,vlan=2,macaddr=00:01:00:ff:01:02 \ + -net nic,model=e1000,vlan=3,macaddr=00:01:00:ff:01:03 \ + -net nic,model=e1000,vlan=4,macaddr=00:01:00:ff:01:04 \ + -net tap,vlan=1,ifname=tap0,script=no,downscript=no \ + -net socket,vlan=2,udp=127.0.0.1:9012,localaddr=:9002 \ + -net socket,vlan=3,udp=127.0.0.1:9013,localaddr=:9003 \ + -net socket,vlan=4,udp=127.0.0.1:9014,localaddr=:9004 diff --git a/linux/radius-client.sh b/linux/radius-client.txt similarity index 97% rename from linux/radius-client.sh rename to linux/radius-client.txt index ae0e5f0..2180fcf 100644 --- a/linux/radius-client.sh +++ b/linux/radius-client.txt @@ -7,7 +7,7 @@ To create the local user automatically: Enable the pam-radius module. Enable rsyslog and cron. - The user try to login the first time. + The user try to login the first time (and fail). The the ssh daemon log the incident. Cron execute a script every minute: Read the log file and find the username. diff --git a/linux/snoopy.txt b/linux/snoopy.txt index d27ab00..2487c9f 100644 --- a/linux/snoopy.txt +++ b/linux/snoopy.txt @@ -1,4 +1,5 @@ ### Compile snoopy in Debian. + snoopy: log all commands executed by all users. * Install apt-get install dh-autoreconf socat git diff --git a/linux/virtualbox.sh b/linux/virtualbox.txt similarity index 99% rename from linux/virtualbox.sh rename to linux/virtualbox.txt index 41e79d8..b1a036e 100644 --- a/linux/virtualbox.sh +++ b/linux/virtualbox.txt @@ -1,4 +1,4 @@ -#----- VirtualBox command line ----- +#### VirtualBox command line. # Set the directory for the vms. VBoxManage setproperty machinefolder /home/user/path/to/vms/ diff --git a/linux/vrf.sh b/linux/vrf.txt similarity index 100% rename from linux/vrf.sh rename to linux/vrf.txt