From 2566e74f02cd6256d6ee0cffca3a1640abcb3f82 Mon Sep 17 00:00:00 2001 From: Mario Alegre Date: Sat, 12 Dec 2020 23:15:24 -0500 Subject: [PATCH] added docs for rrsync, updated various other docs --- ...change-hostname.txt => change-hostname.md} | 0 linux/system/find-pkg-that-owns-file.sh | 6 +++ linux/system/find-pkg-that-owns-file.txt | 3 -- linux/system/{kill-gui.txt => kill-gui.md} | 0 linux/system/mark-pkg-as-autoinstalled.md | 5 --- linux/system/mark-pkg-as-autoinstalled.sh | 5 +++ linux/system/rename-user.sh | 11 +++++ linux/system/rename-user.txt | 2 - linux/system/rrsync.md | 40 +++++++++++++++++++ linux/system/set-timezone.md | 10 ----- linux/system/set-timezone.sh | 9 +++++ 11 files changed, 71 insertions(+), 20 deletions(-) rename linux/system/{change-hostname.txt => change-hostname.md} (100%) create mode 100755 linux/system/find-pkg-that-owns-file.sh delete mode 100644 linux/system/find-pkg-that-owns-file.txt rename linux/system/{kill-gui.txt => kill-gui.md} (100%) delete mode 100644 linux/system/mark-pkg-as-autoinstalled.md create mode 100755 linux/system/mark-pkg-as-autoinstalled.sh create mode 100755 linux/system/rename-user.sh delete mode 100644 linux/system/rename-user.txt create mode 100644 linux/system/rrsync.md delete mode 100644 linux/system/set-timezone.md create mode 100755 linux/system/set-timezone.sh diff --git a/linux/system/change-hostname.txt b/linux/system/change-hostname.md similarity index 100% rename from linux/system/change-hostname.txt rename to linux/system/change-hostname.md diff --git a/linux/system/find-pkg-that-owns-file.sh b/linux/system/find-pkg-that-owns-file.sh new file mode 100755 index 0000000..7b7d56a --- /dev/null +++ b/linux/system/find-pkg-that-owns-file.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -u + +# Find package that owns a certain file +grep "$1" /var/lib/dpkg/info/*.list + diff --git a/linux/system/find-pkg-that-owns-file.txt b/linux/system/find-pkg-that-owns-file.txt deleted file mode 100644 index db20f49..0000000 --- a/linux/system/find-pkg-that-owns-file.txt +++ /dev/null @@ -1,3 +0,0 @@ -# Find package that owns a certain file -grep "${filename:?}" /var/lib/dpkg/info/*.list - diff --git a/linux/system/kill-gui.txt b/linux/system/kill-gui.md similarity index 100% rename from linux/system/kill-gui.txt rename to linux/system/kill-gui.md diff --git a/linux/system/mark-pkg-as-autoinstalled.md b/linux/system/mark-pkg-as-autoinstalled.md deleted file mode 100644 index d9809e9..0000000 --- a/linux/system/mark-pkg-as-autoinstalled.md +++ /dev/null @@ -1,5 +0,0 @@ -# mark an APT package as autoinstalled - -``` -apt-mark auto ${package_name:?} -``` diff --git a/linux/system/mark-pkg-as-autoinstalled.sh b/linux/system/mark-pkg-as-autoinstalled.sh new file mode 100755 index 0000000..20d552f --- /dev/null +++ b/linux/system/mark-pkg-as-autoinstalled.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -u + +# mark an APT package as autoinstalled +sudo apt-mark auto $1 diff --git a/linux/system/rename-user.sh b/linux/system/rename-user.sh new file mode 100755 index 0000000..6944f69 --- /dev/null +++ b/linux/system/rename-user.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -ue + +# first arg is old user name, second arg is new user name +old_user=$1 +new_user=$2 + +# rename user, user's group, and user's home dir +sudo mv /home/$old_user /home/$new_user +sudo groupmod -n $new_user $old_user +sudo usermod -l $new_user -d /home/$new_user -m $old_user diff --git a/linux/system/rename-user.txt b/linux/system/rename-user.txt deleted file mode 100644 index 71fea07..0000000 --- a/linux/system/rename-user.txt +++ /dev/null @@ -1,2 +0,0 @@ -usermod -l «new_user» -d /home/«new_user» -m «old_user» -groupmod -n «new_user» «old_user» diff --git a/linux/system/rrsync.md b/linux/system/rrsync.md new file mode 100644 index 0000000..4d4f38b --- /dev/null +++ b/linux/system/rrsync.md @@ -0,0 +1,40 @@ +# how to use rrsync to make secure backups + +## setup + +copy rrsync script to `/usr/local/bin`: +``` +sudo cp /usr/share/rsync/scripts/rrsync /usr/local/bin/ +sudo chmod +x /usr/local/bin/rrysnc +``` + +There is an option in the SSHD configuration file for allowing root logins only with the command parameter set. This allows a client to login to the server as root if they have a key in root's authorized_keys, but only if that key has the "`command`" parameter set. + +To activate this option, set the following option in `/etc/ssh/sshd_config`: +``` +PermitRootLogin forced-commands-only +``` +And don't forget to reload SSH daemon: +``` +sudo systemctl reload sshd +``` + +## usage + +The usage of rrsync is: +``` +rrsync [-ro|-wo] SUBDIR +``` +rrsync can be restricted to read-only mode by the `-ro` flag, or write-only mode by the `-wo` flag. The subdir argument sets the directory that rrsync is restricted to. Rrsync will not be allowed to read or write from anywhere other than that directory. + +To add a command directive to an authorized key, simply include the directive '`command="my_command"`' in front of the rest of the key on that line in the authorized_keys file. For example, so add a key that is restricted to only being able to run rrsync in read-only mode on the directory `/foo`, you would add the following command directive in front of the key: +``` +command="rrsync -ro /foo" +``` + +When a remote client attempts to use this key to run a command on the host, the `command` directive causes SSHD to ignore any commands sent by the client, and execute the actions specified in the `command` directive instead. Rrsync will then be able to parse your attempted rsync command, and execute it if it determines that it is an allowed action. + +Note that any remote directories in the client's rsync command must be specified *relative to the subdirectory* specified in the `command` directive. For example, if a client wants to pull the contents of the directory `/foo/bar` on the server to the same directory on the client using the key from the example above, they would run the command: +``` +rsync -av server:bar/ /foo/bar/ +``` diff --git a/linux/system/set-timezone.md b/linux/system/set-timezone.md deleted file mode 100644 index 78c1758..0000000 --- a/linux/system/set-timezone.md +++ /dev/null @@ -1,10 +0,0 @@ -# set timezone - -to list timezones available: -``` -timedatectl list-timezones -``` -to set timezone: -``` -timedatectl st-timezone ZONE -``` diff --git a/linux/system/set-timezone.sh b/linux/system/set-timezone.sh new file mode 100755 index 0000000..2d830e6 --- /dev/null +++ b/linux/system/set-timezone.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [[ -z $1 ]]; then + # list timezones available: + timedatectl list-timezones +else + # set timezone: + sudo timedatectl set-timezone $1 +fi