http://wiki.tuxtrooper.fr/ 2026-04-10T00:59:08+00:00 http://wiki.tuxtrooper.fr/ http://wiki.tuxtrooper.fr/lib/tpl/bootstrap3/images/favicon.ico text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:auditd&rev=1728939596&do=diff AuditD Rules # auditd-attack # A Linux Auditd configuration mapped to MITRE's Attack Framework # Most of my inspiration came from various individuals so I wont name them all, but you're work does not go # unnoticed! ### Special Thanks To #[Eric Gershman](https://github.com/EricGershman/auditd-examples) #[iase.disa.mil](https://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx) #[cyb3rops](https://gist.github.com/Neo23x0/9fe88c0c5979e017a389b90fd19ddfee) #[ugurengin](https://gist.githu… text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:git&rev=1728939596&do=diff Git Sign commit [user] name = John Doe email = john.doe@mail.com signingkey = <id_key> [commit] gpgsign = true text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:gitlab&rev=1728939596&do=diff Gitlab Docker in Docker image: docker:stable before_script: - docker info build: stage: build script: - cat ${PASSWORD} | docker login -u <login> --password-stdin <hub> - docker build -t <hub>/<img> . - docker push <hub>/<img> text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:glusterfs&rev=1728939596&do=diff Glusterfs * Installation on each of the N nodes yum install glusterfs-server systemctl enable glusterd systemctl start glusterd mkdir -p /glusterfs/data /mnt/<mountpoint> * Configure /etc/hosts with all nodes * Connect all nodes together on each nodes text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:journald&rev=1728939596&do=diff Journald Remote Upload server configuration This one is actually simple, online example are correct and only need to touch one configuration file. Use following command to install systemd-journal-remote sudo apt-get install systemd-journal-remote text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:nginx&rev=1728939596&do=diff Nginx Reverse proxy * conf.d/proxy.conf proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; client_header_buffer_size 64k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 16k; proxy_buffers 32 16k; proxy_busy_buffers_size 64k… text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:selinux&rev=1728939596&do=diff Selinux Mode SELinux propose trois modes différents. * Dans le mode strict (Enforcing), les accès sont restreints en fonction des règles SELinux en vigueur sur la machine. * Le mode permissif (Permissive) peut être considéré comme un mode de débogage. Les règles SELinux sont interrogées, les erreurs d’accès sont enregistrées dans les logs, mais l’accès ne sera pas bloqué. text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:sysctl&rev=1728939596&do=diff Sysctl # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies # Turn on SYN-flood protections net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_r… text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:yubikey&rev=1728939596&do=diff Yubikey Auth 2FA Linux Install pam U2F module $ sudo pacman -S pam-u2f At this point, you can check whether your system recognizes the YubiKey: $ dmesg Generate U2F config with pam2fcfg $ pamu2fcfg > ~/.config/Yubico/u2f_keys $ chmod 440 ~/.config/Yubico/u2f_keys text/html 2024-10-14T20:59:56+00:00 Anonymous (anonymous@undisclosed.example.com) http://wiki.tuxtrooper.fr/doku.php?id=confs:zoom&rev=1728939596&do=diff Zoom Limit ressources used by Zoom #!/usr/bin/bash -xe mkdir -p "${HOME}/.config/systemd/user" cat <<EOF > "${HOME}/.config/systemd/user/zoom.slice" [Slice] AllowedCPUs=0-4 MemoryHigh=6G EOF sed -E 's#^(Exec=).*$#Exec=/usr/bin/systemd-run --user --slice=zoom.slice /opt/zoom/ZoomLauncher#' /usr/share/applications/Zoom.desktop > "${HOME}/.local/share/applications/Zoom.desktop" update-desktop-database ~/.local/share/applications