mirror of
https://github.com/trimstray/the-book-of-secret-knowledge
synced 2024-12-27 09:58:30 +01:00
README.md - minor fixes and updates
- signed-off-by: trimstray <trimstray@gmail.com>
This commit is contained in:
parent
bdef638173
commit
08faa72f08
1 changed files with 101 additions and 2 deletions
103
README.md
103
README.md
|
@ -222,8 +222,8 @@ performance of any of your sites from across the globe.<br>
|
||||||
##### :black_small_square: Security/hardening
|
##### :black_small_square: Security/hardening
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
:small_orange_diamond: <a href="https://emeraldonion.org/"><b>Emerald Onion</b></a> - Seattle-based encrypted-transit internet service provider.<br>
|
:small_orange_diamond: <a href="https://emeraldonion.org/"><b>Emerald Onion</b></a> - seattle-based encrypted-transit internet service provider.<br>
|
||||||
:small_orange_diamond: <a href="https://www.unbound.net/"><b>unbound</b></a> - validating, recursive, and caching DNS resolver (with TLS).<br>
|
:small_orange_diamond: <a href="https://www.unbound.net/"><b>Unbound</b></a> - validating, recursive, and caching DNS resolver (with TLS).<br>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
#### Lists
|
#### Lists
|
||||||
|
@ -277,6 +277,7 @@ performance of any of your sites from across the globe.<br>
|
||||||
* [du](#tool-du)
|
* [du](#tool-du)
|
||||||
* [inotifywait](#tool-inotifywait)
|
* [inotifywait](#tool-inotifywait)
|
||||||
* [openssl](#tool-openssl)
|
* [openssl](#tool-openssl)
|
||||||
|
* [secure-delete](#tool-secure-delete)
|
||||||
- **[HTTP/HTTPS](#http-https)**
|
- **[HTTP/HTTPS](#http-https)**
|
||||||
* [curl](#tool-curl)
|
* [curl](#tool-curl)
|
||||||
* [httpie](#tool-httpie)
|
* [httpie](#tool-httpie)
|
||||||
|
@ -380,6 +381,25 @@ history | cut -c 8-
|
||||||
fc -l -n 1 | sed 's/^\s*//'
|
fc -l -n 1 | sed 's/^\s*//'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### Run command(s) after exit session
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cat > /etc/profile << __EOF__
|
||||||
|
_after_logout() {
|
||||||
|
|
||||||
|
username=$(whoami)
|
||||||
|
|
||||||
|
for _pid in $(ps afx | grep sshd | grep "$username" | awk '{print $1}') ; do
|
||||||
|
|
||||||
|
kill -9 $_pid
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
}
|
||||||
|
trap _after_logout EXIT
|
||||||
|
__EOF__
|
||||||
|
```
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix))
|
##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix))
|
||||||
|
@ -528,6 +548,14 @@ cd /
|
||||||
tar -czvpf /mnt/system$(date +%d%m%Y%s).tgz --directory=/ --exclude=proc/* --exclude=sys/* --exclude=dev/* --exclude=mnt/* .
|
tar -czvpf /mnt/system$(date +%d%m%Y%s).tgz --directory=/ --exclude=proc/* --exclude=sys/* --exclude=dev/* --exclude=mnt/* .
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### System backup with exclude specific directories (pigz)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
tar cvpf /backup/snapshot-$(date +%d%m%Y%s).tgz --directory=/ \
|
||||||
|
--exclude=proc/* --exclude=sys/* --exclude=dev/* \
|
||||||
|
--exclude=mnt/* --exclude=tmp/* --use-compress-program=pigz .
|
||||||
|
```
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program))
|
##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program))
|
||||||
|
@ -591,6 +619,21 @@ tr : '\n' <<<$PATH
|
||||||
chmod -R -x+X *
|
chmod -R -x+X *
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### Restore permission for /bin/chmod
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# 1:
|
||||||
|
cp /bin/ls chmod.01
|
||||||
|
cp /bin/chmod chmod.01
|
||||||
|
./chmod.01 700 file
|
||||||
|
|
||||||
|
# 2:
|
||||||
|
/bin/busybox chmod 0700 /bin/chmod
|
||||||
|
|
||||||
|
# 3:
|
||||||
|
setfacl --set u::rwx,g::---,o::--- /bin/chmod
|
||||||
|
```
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix))
|
##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix))
|
||||||
|
@ -621,6 +664,8 @@ ___
|
||||||
du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]"\t"$2}' | head -n 20
|
du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]"\t"$2}' | head -n 20
|
||||||
```
|
```
|
||||||
|
|
||||||
|
___
|
||||||
|
|
||||||
##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen)
|
##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen)
|
||||||
|
|
||||||
###### Init tool everytime a file in a directory is modified
|
###### Init tool everytime a file in a directory is modified
|
||||||
|
@ -629,6 +674,8 @@ du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} pri
|
||||||
while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done;
|
while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done;
|
||||||
```
|
```
|
||||||
|
|
||||||
|
___
|
||||||
|
|
||||||
##### Tool: [openssl](https://www.openssl.org/)
|
##### Tool: [openssl](https://www.openssl.org/)
|
||||||
|
|
||||||
###### Testing connection to remote host
|
###### Testing connection to remote host
|
||||||
|
@ -747,6 +794,40 @@ openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} )
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
|
##### Tool: [secure-delete](https://wiki.archlinux.org/index.php/Securely_wipe_disk)
|
||||||
|
|
||||||
|
###### Secure delete with shred
|
||||||
|
|
||||||
|
```bash
|
||||||
|
shred -vfuz -n 10 file
|
||||||
|
shred --verbose --random-source=/dev/urandom -n 1 /dev/sda
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Secure delete with scrub
|
||||||
|
|
||||||
|
```bash
|
||||||
|
scrub -p dod /dev/sda
|
||||||
|
scrub -p dod -r file
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Secure delete with badblocks
|
||||||
|
|
||||||
|
```bash
|
||||||
|
badblocks -s -w -t random -v /dev/sda
|
||||||
|
badblocks -c 10240 -s -w -t random -v /dev/sda
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Secure delete with secure-delete
|
||||||
|
|
||||||
|
```bash
|
||||||
|
srm -vz /tmp/file
|
||||||
|
sfill -vz /local
|
||||||
|
sdmem -v
|
||||||
|
swapoff /dev/sda5 && sswap -vz /dev/sda5
|
||||||
|
```
|
||||||
|
|
||||||
|
___
|
||||||
|
|
||||||
##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html)
|
##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html)
|
||||||
|
|
||||||
###### Testing connection to remote host (with sni)
|
###### Testing connection to remote host (with sni)
|
||||||
|
@ -847,6 +928,24 @@ ssh host -l user $(<cmd.txt)
|
||||||
ssh-keygen -y -f ~/.ssh/id_rsa
|
ssh-keygen -y -f ~/.ssh/id_rsa
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### Get all fingerprints
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh-keygen -l -f .ssh/known_hosts
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Ssh authentication with user password
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@remote_host
|
||||||
|
```
|
||||||
|
|
||||||
|
###### Ssh authentication with publickey
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes -i id_rsa user@remote_host
|
||||||
|
```
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|
||||||
##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html)
|
##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html)
|
||||||
|
|
Loading…
Reference in a new issue