Difference between revisions of "Very Windy"

From 6bit.ch wiki
Jump to navigation Jump to search
Line 50: Line 50:
</direct></nowiki>
</direct></nowiki>


Show all direct rules (/etc/firewalld/direct.xml)<br>
Show all direct rules (/etc/firewalld/direct.xml):<br>
<code>firewall-cmd --get-all-rules --direct</code>
<code>firewall-cmd --get-all-rules --direct</code>


Revision as of 10:26, 18 February 2026

Very Windy

git

git submodule update --init Submodule laden
git submodule update --init --recursive Submodule laden
git submodule update --remote Submodule aktualisieren

openssl

Check CSR:
openssl req -in sample.csr -noout -text

ansible

playbooks/all.yml
role -> tags (nginx) will apply:
group_vars/all/nginx.yml

ansible-playbook -C -D playbooks/all.yml -u windy -t nginx -C (check, dry run), -D (diff, show differences) -u (remote user) -t (tags)

ln

ln -s ../files

curl

curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch check connection with hardcoded dns

New Systems

Size: 2CPU, 2G RAM, 40G Disk
VG Name: system
/: 10G
Swap: 4G
/var-log: 4G

IPTables / firewalld

 <?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
</direct>

Show all direct rules (/etc/firewalld/direct.xml):
firewall-cmd --get-all-rules --direct

Clear root Password / disable root login

-d --delete: delete user's password
-l --lock: lock user's password
# passwd -dl root

Retrieved from "http://wiki.6bit.ch/index.php?title=Very_Windy&oldid=298"