Files to txt.

This commit is contained in:
Miguel Scapolla 2017-10-02 07:47:49 -03:00
parent 22fd4214ed
commit 2d28feea7c
11 changed files with 409 additions and 46 deletions

View File

@ -0,0 +1,96 @@
### Debian GNU/Linux with read only root filesystem.
* Example:
/dev/sda: SSD disk (solid state disk)
/dev/sdb: HDD disk (mechanical disk)
/dev/sda1: /
/dev/sdb1: swap
/dev/sdb2: /home /tmp /var/tmp
* Install Debian in /dev/sda1
* Boot Debian in /dev/sda1
* Update & upgrade
apt-get update
apt-get dist-upgrade
* Mount HDD disk
mount /dev/sdb2 /mnt
* Make /tmp directory
mkdir /mnt/tmp
chmod 1777 /mnt/tmp
chown 0.0 /mnt/tmp
* If needed, copy all users data from SSD to HDD
rsync -av /home/ /mnt/
rm -fr /home/* ; rm -fr /home/.* <-- CAUTION!
* Get the UUID of the partitions
Example:
blkid
/dev/sda1: UUID="505267d4-ad80-4eae-b6ed-ebfec59e4748" TYPE="ext4" PARTUUID="60a30271-01"
/dev/sdb1: UUID="6b684928-5786-4882-af6d-b9d8c98bccf0" TYPE="swap" PARTUUID="5e1c8d9b-01"
/dev/sdb2: UUID="30e81e2b-faaa-43a4-b188-db37c13588a6" TYPE="ext4" PARTUUID="5e1c8d9b-02"
* Edit /etc/fstab
UUID=505267d4-ad80-4eae-b6ed-ebfec59e4748 / ext4 noatime,errors=remount-ro 0 1
UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home ext4 noatime,errors=remount-ro,x-systemd.requires=/ 0 1
UUID=6b684928-5786-4882-af6d-b9d8c98bccf0 none swap sw 0 0
/home/tmp /tmp none bind,x-systemd.requires=/home 0 0
/home/tmp /var/tmp none bind,x-systemd.requires=/home 0 0
* For optional NFS server, add in /etc/fstab
[NFSSERVER_IP]:/path/to/nfs/share1 /media/share1 nfs _netdev,rw,noauto,user,users,noexec,nosuid,nolock,noatime,nfsvers=3,sec=sys,udp,rsize=32768,wsize=32768 0 0
* Reboot. Check if all working fine.
* Install bilibop.
apt-get install bilibop
Do you intend to install bilibop-rules on a Live System ? --> No
What kind of GRUB device map do you want to use ? --> a dynamically updated device map
* Clean.
apt-get clean
apt-get autoremove
* Make root filesystem as readonly.
Edit /etc/bilibop/bilibop.conf
BILIBOP_LOCKFS=true
BILIBOP_LOCKFS_POLICY=hard
BILIBOP_LOCKFS_SWAP_POLICY=soft
BILIBOP_LOCKFS_WHITELIST="UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home/tmp"
BILIBOP_LOCKFS_SIZE="/=64M"
BILIBOP_LOCKFS_NOTIFY_POLICY=never
BILIBOP_LOCKFS_WHITELIST: partitions from /etc/fstab in read-write
mode. Whitespace separated list of mountpoints or device names
as known in fstab.
BILIBOP_LOCKFS_SIZE: RAM size of the overlay writable branch.
Whitespace separated list of mountpoint=size pairs.
Sizes can be absolute (suffixed with k, K, m, M, g or G),
or relative to the total amount of RAM (and suffixed with %).
* Rebuild the initram-fs.
dpkg-reconfigure bilibop-lockfs
* Reboot.
* Later, to make permanent changes:
Reboot
In grub menu, press 'e' to edit the item.
Add 'nolockfs'.
Press CTRL-X to boot.
Make the changes.
Rebuild the initram-fs.
dpkg-reconfigure bilibop-lockfs
Reboot.
* Done!.

View File

@ -0,0 +1,185 @@
### Install text only Debian GNU/Linux as qemu guest
* Create the hdd disk image.
qemu-img create -f qcow2 debian.qcow2 16G
* Basic networking: NAT
As root:
tunctl -t tap0 -u username
ifconfig tap0 192.168.45.1 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
* Run qemu to install the guest operating system.
qemu-system-x86_64 \
-name DEBIAN1 \
-m 512 \
-k en-us \
-smp cpus=1 \
-enable-kvm \
-hda debian.qcow2 \
-cdrom /path/to/debian-x.x.x-amd64-DVD-1.iso \
-serial telnet::2000,server,nowait \
-monitor tcp:127.0.0.1:4000,server,nowait \
-curses \
-boot d \
-net none \
-net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \
-net tap,vlan=1,ifname=tap0,script=no,downscript=no
* The text "640 x 480 Graphic mode" appears in the center of screen.
Press ESC to see the prompt "boot:".
Enter "help" to see the menu.
Press F3 to see the available boot methods.
Press F8 to see how to disable framebuffer.
To install in text mode, use:
"install vga=normal fb=false" or
"expert vga=normal fb=false"
* Make a normal installation.
Select keyboard: EN US
* When the installation is done, the guest machine reboot and
goes back to the CD installer.
Enter to monitor mode with ESC+2 or "telnet 127.0.0.1 4000"
from another terminal and execute "quit", or kill the qemu
process to poweroff the guest machine.
* Disable framebuffer in the guest operating system.
* Mount the guest hdd file.
modprobe nbd max_part=63
qemu-nbd -c /dev/nbd0 debian.qcow2
mount /dev/nbd0p1 /mnt/
* Disable framebuffer in grub.
Edit /mnt/etc/default/grub.
GRUB_TERMINAL=console
GRUB_TERMINAL_OUTPUT=console
GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset"
GRUB_CMDLINE_LINUX="vga=normal nomodeset"
GRUB_GFXPAYLOAD_LINUX="text"
* Update grub.
mount --bind /dev /mnt/dev
mount --bind /dev/pts /mnt/dev/pts
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub-install /dev/nbd0
grub-install --recheck /dev/nbd0
update-grub
exit
umount /mnt/sys
umount /mnt/proc
umount /mnt/dev/pts
umount /mnt/dev
* Umount the guest hdd file.
umount /mnt/
qemu-nbd -d /dev/nbd0
rmmod nbd
* Boot the virtual machine.
qemu-system-x86_64 \
-name DEBIAN1 \
-m 512 \
-k en-us \
-smp cpus=1 \
-enable-kvm \
-hda debian.qcow2 \
-serial telnet::2000,server,nowait \
-monitor tcp:127.0.0.1:4000,server,nowait \
-curses \
-boot c \
-net none \
-net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \
-net tap,vlan=1,ifname=tap0,script=no,downscript=no
* In the grub menu, edit the first entry.
* Change root=/dev/nbd0p1 to root=/dev/sda1
* CTRL-x to boot
* Login as root.
* Update grub.
update-grub
* To change the keyboard layout:
dpkg-reconfigure keyboard-configuration
* Reboot.
reboot
* Change /etc/apt/sources.list to a mirror near you.
Disable the "deb cdrom" entry.
* Update & upgrade.
apt-get update
apt-get dist-upgrade
* Install packages.
apt-get install aria2 bridge-utils bmon ccrypt \
dnsutils elinks ethtool flip fping ftp git \
hdparm hping3 ifstat iperf3 iperf iptraf \
joe less locate lsb-release lshw lsof lynx \
mc mtr netdiag net-tools nload nmap nmon \
p7zip psutils rar rename rsync screen socat \
ssh tcpdump tcptraceroute telnet traceroute \
tshark uml-utilities unzip vlan wput wipe \
zip man dstat ifstat nicstat sysstat
* Clean.
apt-get clean
apt-get autoremove
* Disable daemons.
systemctl disable cron.service
systemctl disable rsync.service
systemctl disable rsyslog.service
systemctl disable sysstat.service
systemctl disable uml-utilities.service
systemctl disable systemd-timesyncd.service
* If necessary, edit /etc/network/interfaces to
configure a fixed IP address.
* Reboot.
reboot
* Remove unnecessary files.
* Zero out the disk.
dd if=/dev/zero of=/tmp/zero
sync
rm -f /tmp/zero
sync
poweroff
* Shrink the disk file.
mv debian.qcow2 debian.backup
qemu-img convert -O qcow2 debian.backup debian.qcow2
* The debian.qcow2 file contain a clean Debian GNU/Linux.
You can make a backup for future use.
* To start in daemon mode:
qemu-system-x86_64 \
-name DEBIAN1 \
-m 512 \
-k en-us \
-smp cpus=1 \
-enable-kvm \
-hda debian.qcow2 \
-serial telnet::2000,server,nowait \
-monitor tcp:127.0.0.1:4000,server,nowait \
-display none \
-daemonize \
-boot c \
-net none \
-net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 -net tap,vlan=1,ifname=tap0,script=no,downscript=no \
-net nic,model=e1000,vlan=2,macaddr=00:01:00:ff:01:02 -net socket,vlan=2,udp=127.0.0.1:9012,localaddr=:9002 \
-net nic,model=e1000,vlan=3,macaddr=00:01:00:ff:01:03 -net socket,vlan=3,udp=127.0.0.1:9013,localaddr=:9003 \
-net nic,model=e1000,vlan=4,macaddr=00:01:00:ff:01:04 -net socket,vlan=4,udp=127.0.0.1:9014,localaddr=:9004
* Done!

View File

@ -1,44 +0,0 @@
#
# /etc/network/interfaces
#
# Loopback.
auto lo
iface lo inet loopback
# Another loopback.
auto lo:50
iface lo:50 inet static
address 192.168.0.1
netmask 255.255.255.255
# VLANs.
auto eth0
auto eth0.100
auto eth0.333
auto eth0.333.400
# Physical interface,
iface eth0 inet manual
mtu 1508
pre-up /sbin/ifconfig eth0 mtu 1508
# Vlan 100.
iface eth0.100 inet static
address <IP_ADDR>
netmask <IP_MASK>
gateway <GATEWAY>
dns-nameservers <DNS1> <DNS2>
mtu 1500
# Vlan 333.
iface eth0.333 inet manual
mtu 1500
up /sbin/vconfig add eth0.333 400
# Vlan 333.400.
iface eth0.333.400 inet static
address <IP_ADDR>
netmask <IP_MASK>
mtu 1500
pre-up /sbin/ifconfig eth0.333 up

60
linux/interfaces.txt Normal file
View File

@ -0,0 +1,60 @@
#
# /etc/network/interfaces
#
# Loopback.
auto lo
iface lo inet loopback
# Another IPv4 loopback.
auto lo:50
iface lo:50 inet static
address 192.168.0.1
netmask 255.255.255.255
# Another IPv6 loopback.
iface lo inet6 static
address 2000:www:xxx::zzzz
netmask 128
# Physical interface.
auto eth0
iface eth0 inet manual
mtu 1508
pre-up /sbin/ifconfig eth0 mtu 1508
# Vlan 100: IPv4 address.
auto eth0.100
iface eth0.100 inet static
address <IP_ADDR>
netmask <IP_MASK>
gateway <GATEWAY>
dns-nameservers <DNS1> <DNS2>
mtu 1500
# Vlan 333.
auto eth0.333
iface eth0.333 inet manual
mtu 1500
up /sbin/vconfig add eth0.333 400
# Vlan 333.400: IPv4 address.
auto eth0.333.400
iface eth0.333.400 inet static
address 10.10.10.2
netmask 255.255.255.0
mtu 1500
pre-up /sbin/ifconfig eth0.333 up
post-up /sbin/ip route add 10.3.0.0/16 via 10.10.10.1 src 192.168.0.1
post-up /sbin/ip route add 10.4.0.0/16 via 10.10.10.1 src 192.168.0.1
post-up /sbin/ip route add default via 10.10.10.1 src 192.168.0.1
# Vlan 555: IPv6 address.
auto eth0.555
iface eth0.555 inet6 static
address 2001:wwww:xxxx::2
netmask 64
mtu 1500
post-up /sbin/ip -6 route add default via 2001:wwww:xxxx::1 src 2000:www:xxx::zzzz
# End.

View File

@ -0,0 +1,65 @@
### Connect a qemu guest to real network.
* Guest: Debian GNU/Linux - eth0
* Host: Debian GNU/Linux - eth0.201
guest host host host
eth0 <---> tap0 <---> bridge0 <---> eth0.201 <---> real network
* One time:
apt-get install bridge-utils
apt-get install uml-utilities
apt-get install vlan
* Bridge connection with vlan
As root:
vconfig add eth0 201
tunctl -t tap0 -u username
brctl addbr bridge0
brctl stp bridge0 off
brctl addif bridge0 eth0.201
brctl addif bridge0 tap0
ifconfig eth0.201 up
ifconfig tap0 up
ifconfig bridge0 up
* Bridge connection to physical interface
As root:
tunctl -t tap0 -u username
ifconfig eth0 0.0.0.0
brctl addbr bridge0
brctl stp bridge0 off
brctl addif bridge0 eth0
brctl addif bridge0 tap0
ifconfig eth0 up
ifconfig tap0 up
ifconfig bridge0 192.168.45.X netmask 255.255.255.0 up
route add default gw 192.168.45.Z
* NAT connection
As root:
tunctl -t tap0 -u username
ifconfig tap0 192.168.45.1 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
* As normal user, run the qemu guest:
qemu-system-x86_64 \
-name DEVICE1 \
-m 512 \
-smp cpus=1 \
-enable-kvm \
-hda device1.qcow2 \
-serial telnet::2000,server,nowait \
-monitor tcp:127.0.0.1:4000,server,nowait \
-display none \
-daemonize \
-net none \
-net nic,model=e1000,vlan=1,macaddr=00:01:00:ff:01:01 \
-net nic,model=e1000,vlan=2,macaddr=00:01:00:ff:01:02 \
-net nic,model=e1000,vlan=3,macaddr=00:01:00:ff:01:03 \
-net nic,model=e1000,vlan=4,macaddr=00:01:00:ff:01:04 \
-net tap,vlan=1,ifname=tap0,script=no,downscript=no \
-net socket,vlan=2,udp=127.0.0.1:9012,localaddr=:9002 \
-net socket,vlan=3,udp=127.0.0.1:9013,localaddr=:9003 \
-net socket,vlan=4,udp=127.0.0.1:9014,localaddr=:9004

View File

@ -7,7 +7,7 @@
To create the local user automatically: To create the local user automatically:
Enable the pam-radius module. Enable the pam-radius module.
Enable rsyslog and cron. Enable rsyslog and cron.
The user try to login the first time. The user try to login the first time (and fail).
The the ssh daemon log the incident. The the ssh daemon log the incident.
Cron execute a script every minute: Cron execute a script every minute:
Read the log file and find the username. Read the log file and find the username.

View File

@ -1,4 +1,5 @@
### Compile snoopy in Debian. ### Compile snoopy in Debian.
snoopy: log all commands executed by all users.
* Install * Install
apt-get install dh-autoreconf socat git apt-get install dh-autoreconf socat git

View File

@ -1,4 +1,4 @@
#----- VirtualBox command line ----- #### VirtualBox command line.
# Set the directory for the vms. # Set the directory for the vms.
VBoxManage setproperty machinefolder /home/user/path/to/vms/ VBoxManage setproperty machinefolder /home/user/path/to/vms/