Autoriser le Ping / Windows 7Pro
- Ouvrir les paramètres avancés du pare-feu
- Ajouter une règle entrante : Protocole ICMPV4 (pour l’IPv4)
Maintenance RKhunter
Maintenance RKhunter
- rkhunter –update
- rkhunter –propupd
- rkhunter -c : lancer une vérification
Opensim Tuto Debian
Opensim insta
llation :
Installer un serveur et client ssh sur le serveur : apt-get install openssh-client openssh-server
Installation de Mono :
Ajouter deb http://debian.meebey.net/pkg-mono ./ à nano /etc/apt/sources.list et pour mono ajouter : http://packages.debian.org/source/stable/mono
Ensuite :
apt-get install subversion
apt-get install mono (voir : http://www.mono-project.com/download/#download-lin-debian )
apt-get install nant
apt-get install mono-gmcs
apt-get install mono-mjs
apt-get install libmono-microsoft8.0-cil
apt-get install libmono-system-runtime2.0-cil
apt-get install unzip
Télécharger OSGRID:
cd /tmp/
wget http://danbanner.onikenkon.com/osgrid/osgrid-opensim-01222017.v0.9.1.c673ef7.zip (pensez à vérifier les mises à jour sur le site)
unzip os*
MySQL Replication
MySQL Replication
Passer par l'interface PhpMyAdmin A : Configurer Master / My.cnf : - Restart Mysql : service mysql restart - Verification du log binaire : mysql> show master status; - Blocage des transactin Mysql : mysql> FLUSH TABLES WITH READ LOCK; - Arret du service Mysql : service mysql stop - Sauvegarder bases: recupération des bases dans /var/lib/mysql et upload sur serveur Slave. - Démarrage du service Mysql : service mysql start - Déblocage des transactions Mysql : mysql> UNLOCK TABLES; B : configurer Slave / My.cnf - Arret du service Mysql : service mysql stop - Démarrage du service Mysql : service mysql start --NOMDHOTE-host - Démarrage du porcess Slave : mysql> START SLAVE; --------------- Commande Mysql| --------------- - mysql -u root -p - SHOW MASTER STATUS; - SHOW SLAVE STATUS;
My.cnf-Master :
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
log-bin=/var/log/mysql/mysql-bin.log
log-error=/var/log/mysql/mysql-error.log
server-id=1
binlog-do-db = test1
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
bind-address = IP Local
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover = BACKUP
query_cache_limit = 1M
query_cache_size = 16M
expire_logs_days = 10
max_binlog_size = 100M
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
!includedir /etc/mysql/conf.d/
My.cnf-Slave
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
log-bin=mysql-bin
server-id=1414677401
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
bind-address = 127.0.0.1
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover = BACKUP
query_cache_limit = 1M
query_cache_size = 16M
log_slow_queries = /var/log/mysql/mysql-slow.log
long_query_time = 2
log-queries-not-using-indexes
expire_logs_days = 10
max_binlog_size = 100M
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
!includedir /etc/mysql/conf.d/
Munin PortSentry
Munin PortSentry
portsentry_tcp :
#!/usr/bin/perl -w
#
# Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.
#
# If you improve this script please send your version to my email address
# with the copyright notice upgrade with your name.
#
# Plugin to monitor number of tcp ports attack detected by portsentry
#
# $Log$
# Revision 1.1 2006/03/28 21:04:01 rodo
# Created by Rodolphe Quiedeville
#
# Add following lines to etc/munin/plugin-conf.d/munin-node file
#
# [portsentry*]
# user root
#
#%# family=network
#%# capabilities=autoconf
use strict;
my ($port,$number,$name);
my (%ports, %names);
my $a = « </var/lib/portsentry/portsentry.blocked.tcp »;
my $line = undef;
if ($ARGV[0] and $ARGV[0] eq « config »)
{
print « graph_title Portsentry TCP Attacks Detected\n »;
print « graph_args –base 1000 -l 0\n »;
print « graph_category network\n »;
print « graph_vlabel attacks blocked\n »;
print « graph_total total\n »;
open(PTCP,$a) || die « cannot open $a: $! »;
while ($line = <PTCP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) TCP Blocked$/;
}
close(PTCP);
my @np = (keys(%ports));
foreach my $x (@np) {
$names{$x} = « inconnu »;
open(PETC, »grep $x/tcp /etc/services| ») || die « cannot open /etc/services : $! »;
while ($line = <PETC>){
$names{$x} = $1 if $line =~ /^(\w*)\s*$x\/tcp.*/;
}
close(PETC);
}
while (($port,$number) = each(%ports))
{
print « port_$port.label Port $port\n »;
print « port_$port.info $names{$port}\n »;
}
exit 0;
}
open(PTCP,$a) || die « cannot open $a: $! »;
while ($line = <PTCP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) TCP Blocked$/;
}
close(PTCP);
while (($port,$number) = each(%ports))
{
print « port_$port.value $number\n »;
}
# vim:syntax=perl
portsentry_udp :
#!/usr/bin/perl -w
#
# Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.
#
# If you improve this script please send your version to my email address
# with the copyright notice upgrade with your name.
#
# Plugin to monitor number of tcp ports attack detected by portsentry
#
# $Log$
# Revision 1.1 2006/03/28 21:04:01 rodo
# Created by Rodolphe Quiedeville
#
#%# family=network
#%# capabilities=autoconf
use strict;
my ($port,$number);
my %ports;
my $a = « /var/lib/portsentry/portsentry.blocked.udp »;
my $line = undef;
if ($ARGV[0] and $ARGV[0] eq « config »)
{
print « graph_title Portsentry UDP Attacks Detected\n »;
print « graph_args –base 1000 -l 0\n »;
print « graph_category network\n »;
print « graph_vlabel attacks blocked\n »;
open(PUDP,$a) || die « cannot open $a: $! »;
while ($line = <PUDP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) UDP Blocked$/;
}
close(PUDP);
while (($port,$number) = each(%ports))
{
print « port_$port.label Port $port\n »;
print « port_$port.info Port UDP $port\n »;
}
exit 0;
}
open(PUDP,$a) || die « cannot open $a: $! »;
while ($line = <PUDP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) UDP Blocked$/;
}
close(PUDP);
while (($port,$number) = each(%ports))
{
print « port_$port.value $number\n »;
}
# vim:syntax=perl
Installation CloneZilla
Install
ation CloneZilla
Télécharger : wget http://drbl.sourceforge.net/GPG-KEY-DRBL puis apt-key add GPG-KEY-DRBL
Editer : nano /etc/apt/sources.list et y ajouter :
deb http://drbl.sourceforge.net/drbl-core drbl stable
deb http://ftp.us.debian.org/debian/ squeeze main
Faire un apt-get update puis apt-get install drbl
Les fichiers de configuration sont dans :
- /opt/DRBL/sbin/drblsvr-i
- /opt/DRBL/sbin/drblpush -i
- /opt/DRBL/sbin/dcs
GUI pour CloneZilla : Restonux
!!! Les points de montage doivent toujours se trouver à la racine.
!!! Virtualisation toujours sur eth0
- Maintenance des disques : /usr/bin/testdisk
Installation d’apache sous Debian
Installation d’Apache sous debian
apt-get install apache2
apt-get install mysql-server php5-mysql
apt-get install php5 libapache2-mod-php5 php5-mcrypt
Sécurisation : ici
Copy folder SSH
Comment copier un dossier en ssh sur un serveur distant !
- scp -r /chemin/du/dossier USER@IPSERVEURDISTANT:/chemin/du/dossier/de/destination
ISPConfig – StarSSL
ISPConfig – StarSSL
– Créer un certificat dans ISP
– Copier la « requete SSL » générée dans ISP
– Coller dans le champ « CSR » sur le site de starssl
– Cliquer sur « Submit »
– Télécharger le certificat « ZIP »
– Ouvrir le dossier « ApacheServer.zip » et copier le contenu du fichier *.crt pour le coller dans isp dans le champ « Certificat SSL »
– Copier le contenu du fichier root_bundle.crt pour coller dans isp dans le champ « SSL Bundle »
Mysql : Lister user et host
Mysql : Lister user et host
SELECT User, Host, Password FROM mysql.user;