Adding more notes ... still a bit raw

rezen · Jul 18, 2017 · 6e131f8 · 6e131f8
1 parent 35e4517
commit 6e131f8
Show file tree

Hide file tree

Showing 4 changed files with 123 additions and 0 deletions.
diff --git a/aide.md b/aide.md
@@ -0,0 +1,27 @@
+# Aide
+
+- https://mailman.cs.tut.fi/pipermail/aide/2008-February/000903.html
+- https://www.digitalocean.com/community/tutorials/how-to-install-aide-on-a-digitalocean-vps
+- https://help.ubuntu.com/community/FileIntegrityAIDE#Installing_AIDE
+- http://aide.sourceforge.net/stable/manual.html
+- http://www.debianhelp.co.uk/aide.htm
+- https://stelfox.net/knowledge_base/linux/aide/
+- http://xmodulo.com/host-intrusion-detection-system-centos.html
+- https://ushamim.wordpress.com/2016/03/23/hardening-linux-server-with-aide/
+- https://www.rfxn.com/data-integrity-aide-for-host-based-intrusion-detection/
+- http://www.eric.gruver.net/man_aide.config.html
+
+After modifying any config files you need to reinitialise the database. I suggest
+`update-aide.conf && aideinit -y -f`
+
+## Install
+```shell
+apt-get update
+apt-get install -y aide
+sudo aideinit
+aide.wrapper
+sudo update-aide.conf
+sudo aide-attributes
+aide -v
+cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
+```
diff --git a/network-tools.md b/network-tools.md
@@ -0,0 +1,31 @@
+# Network Tools
+
+- https://image.slidesharecdn.com/devoxxbelgium2016-debuggingdistributedsystems-161110141549/95/debugging-distributed-systems-devoxx-belgium-2016-extended-64-1024.jpg?cb=1478787475
+- https://www.slideshare.net/DonnyNadolny/debugging-distributed-systems-devoxx-belgium-2016-extended
+
+**Add latency**  
+`tc qdisc add dev eth0 root netem delay 500ms 100ms loss 25%`  
+
+**Remove latency**  
+`tc qdisc add del dev eth0 root netem`  
+
+**Restrict bandwith**  
+```shell
+tc qdisc add dev eth0 handle 1: root htb default 11
+tc qdisc add dev eth0 parent 1: classid 1:1 htb rate 100kbps
+tc qdisc add dev eth0 parent 1:1 classid 1:11 htb rate 100kbps
+```
+
+**Remove bandwith restriction**  
+`tc qdisc del dev eth0 root`  
+
+**Tip** - when doing latency/loss/bandwitch restriction run 
+`sleep 60 && <tc delete command> && disown` in case you lose ssh access
+
+Configure database/app local data directory to be /mnt then use tools above against 123.45.67.89  
+`sshfs [email protected]:/tmp/data /mnt`  
+
+alternative: nbd (network block device)
+
+- `netstat -peanut` Network connections, regular kerl view
+- `conntrack -L`  Network connections iptables view
diff --git a/quotas.md b/quotas.md
@@ -0,0 +1,36 @@
+# Quotas
+
+Set user quotes for disk space usage!
+
+- https://www.shellhacks.com/remount-etc-fstab-without-reboot-linux/
+- https://www.digitalocean.com/community/tutorials/how-to-enable-user-and-group-quotas
+- https://www.howtoforge.com/how-to-set-up-journaled-quota-on-debian-lenny
+- http://www.thegeekstuff.com/2010/07/disk-quota/
+- https://ubuntuforums.org/showthread.php?t=1540938
+- https://www.nicovs.be/ubuntu_quota/
+- http://souptonuts.sourceforge.net/quota_tutorial.html !! Good post
+- http://www.linuxquestions.org/questions/linux-server-73/directory-quota-601140/
+- http://www.golinuxhub.com/2012/09/quota-implementation.html
+- https://www.howtoforge.com/community/threads/problems-installing-quota.38106/
+
+```shell
+sudo apt install -y linux-image-extra-virtual quota quotatool
+echo 'quota_v2' >> /etc/modules
+modprobe quota_v1
+modprobe quota_v2
+
+
+LABEL=/home    /home   ext2   defaults,usrquota,grpquota  1 2
+
+sudo quotatool -u *username* -bq 30000Mb -l "35000 Mb" /home -v
+
+touch /home/aquota.user /home/aquota.group
+chmod 600 /home/aquota.*
+
+quotacheck -avugm
+quotaon -avug
+
+sudo quotatool -u willy -bq 1Mb -l "1 Mb" /quota -v
+
+repquota -a
+```
diff --git a/vault.md b/vault.md
@@ -0,0 +1,29 @@
+# Vault & Secrets
+
+## Resources
+- https://www.amon.cx/blog/managing-all-secrets-with-vault/
+- https://github.com/hashicorp/vault
+- https://www.vaultproject.io/docs/secrets/index.html
+- https://github.com/hashicorp/docker-vault
+- https://github.com/nyxcharon/vault-ui
+- https://www.codementor.io/devops/tutorial/how-to-install-vault-hashicorp-secure-deployment-secrets
+- https://www.vaultproject.io/docs/auth/ldap.html
+- https://github.com/ianunruh/hvac
+- https://infinum.co/the-capsized-eight/articles/hiding-secrets-in-vault
+
+## Secrets!
+- https://www.vaultproject.io/intro/
+- https://github.com/peff/pass
+- https://www.passwordstore.org/
+- https://www.linode.com/docs/security/gpg-key-for-ssh-authentication
+- https://github.com/mozilla/mig/blob/master/client/client.go#L1219 MakeSignedToken()
+
+## GPG Rest Secrets 
+- REST API
+- Auth with gpg+ldap
+- Expire passwords
+- Generate passwords
+- Directory owned by individual/org
+- Password rotation
+- Revoke secret or directory
+- Audit access/generation of secrets