diff --git a/prestashop.md b/prestashop.md new file mode 100644 index 0000000..2873e6f --- /dev/null +++ b/prestashop.md @@ -0,0 +1,37 @@ +# Prestashop + +### Zip + +``` +apt install --no-install-recommends php-zip +phpenmod zip +``` + +### XML + +``` +apt install --no-install-recommends php-xml +phpenmod xml +``` + +### cURL + +``` +apt install --no-install-recommends php-curl +phpenmod curl +``` + +### GD + +``` +apt install --no-install-recommends php-gd +phpenmod gd +``` + +### Extensions requises + +Intl Mbstring + +``` +apt install --no-install-recommends php-bcmath php-curl php-gd php-intl php-mbstring php-xml php-zip php-memcached +``` diff --git a/rsync.md b/rsync.md new file mode 100644 index 0000000..f94079c --- /dev/null +++ b/rsync.md @@ -0,0 +1,22 @@ +# RSync + +```shell +rsync -aHhP --numeric-ids --delete /home/neotech/phpmyadmin/ root@192.168.137.44:/home/neotech/phpmyadmin +``` + +-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X) + -r, --recursive recurse into directories + -l, --links copy symlinks as symlinks + -p, --perms preserve permissions + -t, --times preserve modification times + -g, --group preserve group + -o, --owner preserve owner (super-user only) + +-H, --hard-links preserve hard links +-h, --human-readable output numbers in a human-readable format +-P same as --partial --progress +--partial keep partially transferred files +--progress show progress during transfer + + +--delete delete extraneous files from dest dirs diff --git a/security/reaction.md b/security/reaction.md new file mode 100644 index 0000000..fd91fcf --- /dev/null +++ b/security/reaction.md @@ -0,0 +1,90 @@ +# Reaction + +Reaction est un service qui scan les sorties des fichiers et effectue des actions dand un usage est détecté. + + +```shell +apt install ./reaction_2.2.1-1_amd64.deb +systemctl enable --now reaction@reaction.jsonnet +``` + +```shell +reaction show +``` + +``` +local banFor(time) = { + ban: { + cmd: ['nft', 'add', 'element', 'inet', 'reaction', 'banned_ips', '{ }'], + }, + unban: { + cmd: ['nft', 'delete', 'element', 'inet', 'reaction', 'banned_ips', '{ }'], + after: time, + }, +}; + +{ + patterns: { + ip: { + type: 'ipv4', + }, + }, + + start: [ + // Table + ['nft', 'add', 'table', 'inet', 'reaction'], + + // Set pour IP bannies + [ + 'nft', 'add', 'set', 'inet', 'reaction', 'banned_ips', + '{', 'type', 'ipv4_addr', ';', 'flags', 'interval', ';', '}' + ], + + // Chaîne INPUT + [ + 'nft', 'add', 'chain', 'inet', 'reaction', 'input_filter', + '{', 'type', 'filter', 'hook', 'input', 'priority', '0', ';', '}' + ], + + // Chaîne FORWARD + [ + 'nft', 'add', 'chain', 'inet', 'reaction', 'forward_filter', + '{', 'type', 'filter', 'hook', 'forward', 'priority', '0', ';', '}' + ], + + // Règles d'utilisation du set + [ + 'nft', 'add', 'rule', 'inet', 'reaction', 'input_filter', + 'ip', 'saddr', '@banned_ips', 'drop' + ], + [ + 'nft', 'add', 'rule', 'inet', 'reaction', 'forward_filter', + 'ip', 'saddr', '@banned_ips', 'drop' + ], + ], + + stop: [ + // Une seule commande supprime tout proprement + ['nft', 'delete', 'table', 'inet', 'reaction'], + ], + + streams: { + ssh: { + cmd: ['journalctl', '-fu', 'ssh.service'], + filters: { + failedlogin: { + regex: [ + @'authentication failure;.*rhost=', + @'Failed password for .* from ', + @'banner exchange: Connection from port [0-9]*: invalid format', + @'Invalid user .* from ', + ], + retry: 3, + retryperiod: '6h', + actions: banFor('96h'), + }, + }, + } + }, +} +```