From 08faa72f08a36a604b470979f51609c98da59e32 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 9 Jul 2018 23:28:04 +0200 Subject: [PATCH] README.md - minor fixes and updates - signed-off-by: trimstray --- README.md | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 101 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ec9fad1..57abf20 100644 --- a/README.md +++ b/README.md @@ -222,8 +222,8 @@ performance of any of your sites from across the globe.
##### :black_small_square: Security/hardening

-  :small_orange_diamond: Emerald Onion - Seattle-based encrypted-transit internet service provider.
-  :small_orange_diamond: unbound - validating, recursive, and caching DNS resolver (with TLS).
+  :small_orange_diamond: Emerald Onion - seattle-based encrypted-transit internet service provider.
+  :small_orange_diamond: Unbound - validating, recursive, and caching DNS resolver (with TLS).

#### Lists @@ -277,6 +277,7 @@ performance of any of your sites from across the globe.
* [du](#tool-du) * [inotifywait](#tool-inotifywait) * [openssl](#tool-openssl) + * [secure-delete](#tool-secure-delete) - **[HTTP/HTTPS](#http-https)** * [curl](#tool-curl) * [httpie](#tool-httpie) @@ -380,6 +381,25 @@ history | cut -c 8- fc -l -n 1 | sed 's/^\s*//' ``` +###### Run command(s) after exit session + +```bash +cat > /etc/profile << __EOF__ +_after_logout() { + + username=$(whoami) + + for _pid in $(ps afx | grep sshd | grep "$username" | awk '{print $1}') ; do + + kill -9 $_pid + + done + +} +trap _after_logout EXIT +__EOF__ +``` + ___ ##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix)) @@ -528,6 +548,14 @@ cd / tar -czvpf /mnt/system$(date +%d%m%Y%s).tgz --directory=/ --exclude=proc/* --exclude=sys/* --exclude=dev/* --exclude=mnt/* . ``` +###### System backup with exclude specific directories (pigz) + +```bash +tar cvpf /backup/snapshot-$(date +%d%m%Y%s).tgz --directory=/ \ +--exclude=proc/* --exclude=sys/* --exclude=dev/* \ +--exclude=mnt/* --exclude=tmp/* --use-compress-program=pigz . +``` + ___ ##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program)) @@ -591,6 +619,21 @@ tr : '\n' <<<$PATH chmod -R -x+X * ``` +###### Restore permission for /bin/chmod + +```bash +# 1: +cp /bin/ls chmod.01 +cp /bin/chmod chmod.01 +./chmod.01 700 file + +# 2: +/bin/busybox chmod 0700 /bin/chmod + +# 3: +setfacl --set u::rwx,g::---,o::--- /bin/chmod +``` + ___ ##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix)) @@ -621,6 +664,8 @@ ___ du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]"\t"$2}' | head -n 20 ``` +___ + ##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen) ###### Init tool everytime a file in a directory is modified @@ -629,6 +674,8 @@ du | sort -r -n | awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} pri while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done; ``` +___ + ##### Tool: [openssl](https://www.openssl.org/) ###### Testing connection to remote host @@ -747,6 +794,40 @@ openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} ) ___ +##### Tool: [secure-delete](https://wiki.archlinux.org/index.php/Securely_wipe_disk) + +###### Secure delete with shred + +```bash +shred -vfuz -n 10 file +shred --verbose --random-source=/dev/urandom -n 1 /dev/sda +``` + +###### Secure delete with scrub + +```bash +scrub -p dod /dev/sda +scrub -p dod -r file +``` + +###### Secure delete with badblocks + +```bash +badblocks -s -w -t random -v /dev/sda +badblocks -c 10240 -s -w -t random -v /dev/sda +``` + +###### Secure delete with secure-delete + +```bash +srm -vz /tmp/file +sfill -vz /local +sdmem -v +swapoff /dev/sda5 && sswap -vz /dev/sda5 +``` + +___ + ##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html) ###### Testing connection to remote host (with sni) @@ -847,6 +928,24 @@ ssh host -l user $(