Your browser doesn't appear to support the HTML5 canvas element.

UNIX HOMEDIR SNIPPETS, WINDOWS GEMS + PRICELESS INTERNETS ARTEFACTS

This is a pastebin on little snippets I can get to easilly when moving from computer to computer. There's nothing to see here, please move along.

aptitude

Install some basic packages:

	apt install net-tools tmux screen mtr wireshark vlock dnsutils curl finger \
         apparmor-utils aptitude tcsh gparted texlive \
         gmtp mtp-tools jmtpfs hunspell-es texlive-full \
         pdfarranger postfix mailutils maven ksnip \
         android-sdk-platform-tools-common fwupd \
         postfix mailx rsyslog sshfs apf-firewall \
         i3-wm
    
    
System maintenance / initial upgrade:

	apt-get update
	apt-get upgrade
	apt-get dist-upgrade # may break things (if its AWS, keep the existing GRUB configs)
	apt autoremove
    
    fwupdmgr security
    fwupdmgr update
    
    systemctl disable bluetooth
    systemctl disable cups
    
    cat << ++ >> /etc/rsyslog.conf
    *.* /var/log/messages
    ++
    
Enabling process accounting:

	apt-get install acct
	systemctl enable acct
	systemctl start acct
	(@see Tecmint & DistroWatch)

sysctl.conf


Harden /etc/sysctl.conf by adding the following:

	kernel.sysrq=0
	net.ipv6.conf.all.disable_ipv6 = 1
	net.ipv6.conf.default.disable_ipv6 = 1
	net.ipv6.conf.lo.disable_ipv6 = 1
	net.ipv4.conf.all.accept_redirects=0
	net.ipv4.conf.all.secure_redirects=0
	net.ipv4.conf.all.send_redirects=0
	net.ipv4.conf.default.rp_filter=2
	net.ipv4.conf.all.rp_filter=2
    
	(@see CentOS Server Hardening Security Tips – Part 2)

Notify ssh/console/X windows logins by email

cat << ++ > /etc/ssh/login-notify.sh && chmod 700 /etc/ssh/login-notify.sh
#!/bin/sh

# Change these two lines:
sender="root"
recepient="root"

if [ "$PAM_TYPE" != "close_session" ]; then
    host="`hostname`"
    user=$PAM_USER
    ip=$PAM_RHOST
    if [ -z $ip ]; then
        ip="`who -m --ips | awk '{print $5}'`"
    fi
    if [ -z $user ]; then
        user="$USER"
    fi
    subject="Login: $PAM_SERVICE on $user@$host from $ip"
    # Message to send, e.g. the current environment variables.
    message="`who -m`"
    message="$message\r\n\r\n`env`"
    echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"
fi
++
Don't forget to setup an alias for root & run newaliases
cat << ++ >> /etc/pam.d/common-session
session optional pam_exec.so seteuid /etc/ssh/login-notify.sh
++
And disable a bunch of stuff in /etc/ssh/sshd_config:
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no

Additional Hardening

Installing & configuring BFD (Brute Force Detection) (requires APF to be configured)

Installing Tripwire | Configuring Tripwire
Put /var/lib/tripwire, /var/lib/tw* and /usr/sbin/tripwire onto RO SD card storage before running tripwire --init
Don't forget to backup the tripwire database

Installing fail2ban
apt install fail2ban && systemctl enable fail2ban && systemctl restart fail2ban
dont forget to enable action_mwl for email

SSH? See scponly | Setting up scponly

Install & configure AppArmour 

Setup host-level egress filtering whitelist on servers

Minimise:

    ss -lu
    netstat -an
    ps -aef

Make SSL certs non world readable:

	chwon root:ssl-cert /etc/ssl/private/*
	chmod 640 /etc/ssl/private/*
    
Setup a fast DNSSEC friendly local resolver:

	apt-get install unbound dnssec-trigger
	/usr/sbin/unbound-control-setup
	cat << ++ > /etc/unbound/unbound.conf
	remote-control:
	   control-interface: 127.0.0.1
	   control-enable: yes
	server:
	   interface: 0.0.0.0
	++
	    
*Need to hard-wire default DNS resolver to Cloud9/Google/CloudFlare to subvert DHCP spoofing attacks. Test DNSSEC first.

Installing python for scientific computing

@todo This is a bit old. Add:
  • latest OpenCV build from source
  • SAMIAM
  • *that python MCMC library I use*
  • GLFW
  • compile librealsense2 from source
  • Octave
  • PyTorch
  • Tensorflow

	#Essential scientific libraries
	apt-get install python3-numpy python3-matplotlib python3-scipy python3-pandas python3-simpy
	
	#IPython
	apt-get install ipython3 ipython3-notebook
	
	#OpenGL
	apt-get install python3-opengl
	
	#GUI development
	apt-get install python3-pyqt5 python3-pyqt5.qtopengl python3-pyqt5.qtquick
	
	#Data storage
	apt-get install python3-h5py

	#Computer Vision
	apt-get install python3-skimage and sudo apt-get install libatlas-dev libatlas3gf-base && sudo pip3 install scikit-learn
	
	#IDE for python
	apt-get install spyder3
	pip3 install rope_py3k

	(@see Install Python for scientific computing on Ubuntu or Debian)
    
    (@see Anaconda Spyder installation)

.vimrc / .exrc

set tabstop=8
set shiftwidth=4
set softtabstop=4
set expandtab

set backspace=indent,eol,start

set autoindent

set number

/etc/profile

export PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export TMOUT=500

Useful # prompt commands

dmesg -HwTp

dump.sh





Checking LUKS

List the disks:
lsblk --fs

Then (used encryption):
cryptsetup luksDump /dev/sdb1

Or (used encryption):
cryptsetup status crypt_sdb1 

In addition (kernel supported encryption and bench):
cat /proc/crypto

ls /lib/modules/$(uname -r)/kernel/crypto/

#cryptsetup benchmark --cipher aes-xts --key-size 256 
cryptsetup benchmark

Yubikey Authentication & Encryption links on Linux

apt install libpam-u2f libpam-ssh-agent-auth

Numerical Recipies & Hacker's Delight

Academic Paper Style

Some LaTeX Macros I have known and love:

%
% template for producing ~IEEE-format articles using LaTex.
% --------------------------------------------------------

% Based on the template written by Matthew Ward, CS Department, Worcester Polytechnic Institute. 
% use at your own risk. Complaints to /dev/null.
% make two column with no page numbering, default is 10-point 
% Updated to Latex2e by ap@andrewprendergast.com

\documentclass[twocolumn]{article}

%\usepackage{twocolumn}
\usepackage{epsfig}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{mathrsfs}
\usepackage{listings}
\usepackage{xcolor}
\usepackage{titlesec}
\usepackage{amssymb}
\usepackage{soul}
\usepackage{graphics}
\usepackage{caption}
\usepackage{subfig}
\usepackage{comment}
\usepackage[
        bookmarks=true,
        pdftitle={Software Engineering Manual of Style, 3rd Edition (2023) draft},
        hidelinks,
        breaklinks=true
        ]{hyperref}
\usepackage[anythingbreaks]{breakurl}
\usepackage{multirow}
\usepackage{picture}
\usepackage{graphs}
\usepackage{lscape}
\usepackage{hypdvips}
\usepackage{fancyhdr}

%\pagestyle{empty}

%set dimensions of columns, gap between columns, and paragraph indent 
\setlength{\textheight}{8.75in}
\setlength{\columnsep}{2.0pc}
\setlength{\textwidth}{6.8in}
%\setlength{\footheight}{0.0in}
\setlength{\topmargin}{0.0in}
\setlength{\headheight}{0.0in}
\setlength{\headsep}{0.0in}
\setlength{\oddsidemargin}{-.19in}
\setlength{\parindent}{1pc}
%I copied stuff out of art10.sty and modified them to conform to IEEE format
\makeatletter
%as Latex considers descenders in its calculation of interline spacing,
%to get 12 point spacing for normalsize text, must set it to 10 points 
\def\@normalsize{\@setsize\normalsize{10pt}\xpt\@xpt
\abovedisplayskip 10pt plus2pt minus5pt\belowdisplayskip 
\abovedisplayskip \abovedisplayshortskip \z@ 
plus3pt\belowdisplayshortskip 6pt plus3pt 
minus3pt\let\@listi\@listI}
%need an 11 pt font size for subsection and abstract headings 
\def\subsize{\@setsize\subsize{12pt}\xipt\@xipt}
%make section titles bold and 12 point, 2 blank lines before, 1 after 
\def\section{\@startsection {section}{1}{\z@}{1.0ex plus 1ex minus .2ex}{.2ex plus .2ex}{\large\bf}}
%make subsection titles bold and 11 point, 1 blank line  before, 1 after 
\def\subsection{\@startsection {subsection}{2}{\z@}{.2ex plus 1ex} {.2ex plus .2ex}{\subsize\bf}}
\makeatother

%
% define code syntax highlighting style
% -------------------------------------

\definecolor{codegreen}{rgb}{0,0.6,0}
\definecolor{codegray}{rgb}{0.5,0.5,0.5}
\definecolor{codepurple}{rgb}{0.58,0,0.82}
\definecolor{backcolour}{rgb}{0.95,0.95,0.92}

\lstdefinestyle{mystyle}{
    backgroundcolor=\color{backcolour},   
    commentstyle=\color{codegreen},
    keywordstyle=\color{magenta},
    numberstyle=\tiny\color{codegray},
    stringstyle=\color{codepurple},
    basicstyle=\ttfamily\footnotesize,
    breakatwhitespace=false,         
    breaklines=true,                 
    captionpos=b,                    
    keepspaces=true,                 
    numbers=left,                    
    numbersep=5pt,                  
    showspaces=false,                
    showstringspaces=false,
    showtabs=false,                  
    tabsize=2
}

\lstset{style=mystyle}
\lstset{tabsize=2}

% Defines a Listings definition for JavaScript (ECMAscript 2016).

\RequirePackage{listings}

\lstdefinelanguage{JavaScript}{%
  keywords={const, let, typeof, instanceof, new, true, false, catch, function, return, null, undefined, 
        catch, switch, var, if, in, while, for, do, else, case, break},
  keywordstyle=\bfseries,
  ndkeywords={class, export, throw, import, this},
  ndkeywordstyle=\bfseries,
  sensitive=false,
  comment=[l]{//},
  morecomment=[s]{/*}{*/},
  commentstyle=\ttfamily,
  commentstyle=\color{codegreen},
  keywordstyle=\color{magenta},
  numberstyle=\tiny\color{codegray},
  stringstyle=\color{blue}\ttfamily,
  basicstyle=\ttfamily\footnotesize,
  morestring=[b]',
  morestring=[b]`,
  morestring=[b]"
}

%
% document specific macros
% ------------------------

% $\QEDA$ and $\QEDB$ black square (filled and open respectively)
\newcommand*{\QEDA}{\null\nobreak\hfill\blacksquare}%
\newcommand*{\QEDB}{\null\nobreak\hfill\square}%

% \TODO{@todo ...} style - This has an issie with blank lines atm.
\newcommand{\TODO}[1]{\vspace{2mm}\emph{\textbf{\color{red} @TODO #1}}\vspace{2mm}}
\newcommand{\TODODONE}[1]{}

% Citing ChatGPT with \CITECHATGPT 
\newcommand{\CITECHATGPT}[1]{\footnotemark\footnotetext{Portions of this section 
        licensed under fair use rules from ChatGPT. 
        @see https://chat.openai.com/ \cite{bib:Brown2020-ChatGPT}.}}

% \COMMENT{...} gets removed 
% @see https://tex.stackexchange.com/questions/17816/commenting-out-large-sections
\newcommand{\COMMENT}[1]{}

%\subsubsubsection{}
\newcommand{\subsubsubsection}[1]{\paragraph{\normalfont\emph{#1}}\mbox{}\\}



% PAGE NUMBERING
% @see https://stackoverflow.com/questions/2753477/how-do-i-make-custom-page-numbering-in-latex

% Set footer w/page #
\pagenumbering{arabic}
\setcounter{secnumdepth}{0}
\lfoot[\fancyplain{}{}]{\fancyplain{}{\footnotesize (C) COPYRIGHT 2023, Andrew Prendergast. All rights reserved.}}
\cfoot[\fancyplain{}{}]{\fancyplain{}{}}
\rfoot[\fancyplain{}{}]{\fancyplain{}{\footnotesize Page \thepage}}

\renewcommand{\headrulewidth}{0pt}
\lhead{}
\chead{}
\rhead{}

%\lhead[\fancyplain{}{\footnotesize\nouppercase\leftmark}]{\fancyplain{}{}}
%\chead{}
%\rhead[\fancyplain{}{}]{\fancyplain{}{\footnotesize\nouppercase\sc\leftmark}} 

% don't forget to tweak over/under-full h/vbox width/height/badness:
% @see https://www.overleaf.com/learn/how-to/Understanding_underfull_and_overfull_box_warnings

\begin{document}

\pagestyle{fancy} % applies the page numbering settings above

Removing the default textlive & replacing with latest version so CTAN works:

REMOVE EXISTING TEXLIVE:

apt remove "texlive"
apt remove "texlive-*"
apt purge "texlive"
apt purge "texlive-*"
apt clean
apt autoremove

INSTALL LATEST TEXTLIVE:

su
cd /tmp 
wget https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
zcat install-tl-unx.tar.gz | tar xvf -
cd install-tl-*
perl ./install-tl --no-interaction
cp /etc/profile ~/profile.bak
echo "export PATH=\$PATH:/usr/local/texlive/2022/bin/x86_64-linux" >> /etc/profile
echo "export MANPATH=\$PATH:/usr/local/texlive/2022/texmf-dist/doc/man" >> /etc/profile
echo "export INFOPATH=\$INFOPATH:/usr/local/texlive/2022/texmf-dist/doc/info" >> /etc/profile
export MANPATH=$PATH:/usr/local/texlive/2022/texmf-dist/doc/man
apt install mandoc
makewhatis
reboot

Chrome Plugins

Useful web-dev, high-tech, academic & full-stack & DevSecOps Links

...

No comments: