Mario Alegre
5 years ago
11 changed files with 71 additions and 20 deletions
@ -0,0 +1,6 @@ |
|||
#!/bin/bash |
|||
set -u |
|||
|
|||
# Find package that owns a certain file |
|||
grep "$1" /var/lib/dpkg/info/*.list |
|||
|
|||
@ -1,3 +0,0 @@ |
|||
# Find package that owns a certain file |
|||
grep "${filename:?}" /var/lib/dpkg/info/*.list |
|||
|
|||
@ -1,5 +0,0 @@ |
|||
# mark an APT package as autoinstalled |
|||
|
|||
``` |
|||
apt-mark auto ${package_name:?} |
|||
``` |
|||
@ -0,0 +1,5 @@ |
|||
#!/bin/bash |
|||
set -u |
|||
|
|||
# mark an APT package as autoinstalled |
|||
sudo apt-mark auto $1 |
|||
@ -0,0 +1,11 @@ |
|||
#!/bin/bash |
|||
set -ue |
|||
|
|||
# first arg is old user name, second arg is new user name |
|||
old_user=$1 |
|||
new_user=$2 |
|||
|
|||
# rename user, user's group, and user's home dir |
|||
sudo mv /home/$old_user /home/$new_user |
|||
sudo groupmod -n $new_user $old_user |
|||
sudo usermod -l $new_user -d /home/$new_user -m $old_user |
|||
@ -1,2 +0,0 @@ |
|||
usermod -l «new_user» -d /home/«new_user» -m «old_user» |
|||
groupmod -n «new_user» «old_user» |
|||
@ -0,0 +1,40 @@ |
|||
# how to use rrsync to make secure backups |
|||
|
|||
## setup |
|||
|
|||
copy rrsync script to `/usr/local/bin`: |
|||
``` |
|||
sudo cp /usr/share/rsync/scripts/rrsync /usr/local/bin/ |
|||
sudo chmod +x /usr/local/bin/rrysnc |
|||
``` |
|||
|
|||
There is an option in the SSHD configuration file for allowing root logins only with the command parameter set. This allows a client to login to the server as root if they have a key in root's authorized_keys, but only if that key has the "`command`" parameter set. |
|||
|
|||
To activate this option, set the following option in `/etc/ssh/sshd_config`: |
|||
``` |
|||
PermitRootLogin forced-commands-only |
|||
``` |
|||
And don't forget to reload SSH daemon: |
|||
``` |
|||
sudo systemctl reload sshd |
|||
``` |
|||
|
|||
## usage |
|||
|
|||
The usage of rrsync is: |
|||
``` |
|||
rrsync [-ro|-wo] SUBDIR |
|||
``` |
|||
rrsync can be restricted to read-only mode by the `-ro` flag, or write-only mode by the `-wo` flag. The subdir argument sets the directory that rrsync is restricted to. Rrsync will not be allowed to read or write from anywhere other than that directory. |
|||
|
|||
To add a command directive to an authorized key, simply include the directive '`command="my_command"`' in front of the rest of the key on that line in the authorized_keys file. For example, so add a key that is restricted to only being able to run rrsync in read-only mode on the directory `/foo`, you would add the following command directive in front of the key: |
|||
``` |
|||
command="rrsync -ro /foo" <key> |
|||
``` |
|||
|
|||
When a remote client attempts to use this key to run a command on the host, the `command` directive causes SSHD to ignore any commands sent by the client, and execute the actions specified in the `command` directive instead. Rrsync will then be able to parse your attempted rsync command, and execute it if it determines that it is an allowed action. |
|||
|
|||
Note that any remote directories in the client's rsync command must be specified *relative to the subdirectory* specified in the `command` directive. For example, if a client wants to pull the contents of the directory `/foo/bar` on the server to the same directory on the client using the key from the example above, they would run the command: |
|||
``` |
|||
rsync -av server:bar/ /foo/bar/ |
|||
``` |
|||
@ -1,10 +0,0 @@ |
|||
# set timezone |
|||
|
|||
to list timezones available: |
|||
``` |
|||
timedatectl list-timezones |
|||
``` |
|||
to set timezone: |
|||
``` |
|||
timedatectl st-timezone ZONE |
|||
``` |
|||
@ -0,0 +1,9 @@ |
|||
#!/bin/bash |
|||
|
|||
if [[ -z $1 ]]; then |
|||
# list timezones available: |
|||
timedatectl list-timezones |
|||
else |
|||
# set timezone: |
|||
sudo timedatectl set-timezone $1 |
|||
fi |
|||
Loading…
Reference in new issue