From f6448395e59e5085865488e2dd621af20871181a Mon Sep 17 00:00:00 2001 From: Bruno 21 Date: Fri, 14 Jun 2019 17:22:29 +0200 Subject: [PATCH] Mint --- docs/Divers/Changer_shell.md | 53 +++ docs/Divers/zsh/antibody.md | 88 +++++ docs/Linux/conditions.md | 18 +- docs/Mint/Mint.md | 657 ++-------------------------------- docs/Mint/systemctl.md | 38 ++ docs/Mint/vsftpd.md | 61 ++++ docs/Mint/webserver.md | 674 +++++++++++++++++++++++++++++++++++ 7 files changed, 962 insertions(+), 627 deletions(-) create mode 100644 docs/Divers/Changer_shell.md create mode 100644 docs/Divers/zsh/antibody.md create mode 100644 docs/Mint/systemctl.md create mode 100644 docs/Mint/vsftpd.md create mode 100644 docs/Mint/webserver.md diff --git a/docs/Divers/Changer_shell.md b/docs/Divers/Changer_shell.md new file mode 100644 index 0000000..4293540 --- /dev/null +++ b/docs/Divers/Changer_shell.md @@ -0,0 +1,53 @@ +# Changer de shell + + + +On utilise la commande **chsh**. + +Mais il faut que le nouveau shell soit déclaré dans /etc/shells. + +```bash +# List of acceptable shells for chpass(1). +# Ftpd will not allow users to connect who are not using +# one of these shells. + +/bin/bash +/bin/csh +/bin/ksh +/bin/sh +/bin/tcsh +/bin/zsh +``` + +Sinon, on l'ajoute: + +```bash +$ grep -q -f $(which zsh) /etc/shells || echo $(which zsh) | sudo tee -a /etc/shells +``` + + + +Pour changer de shell et mettre zsh par défaut: + +```bash +$ chsh -s $(which zsh) +``` + + + +**En mode GUI:** + +*ubuntu:* +In your terminal window, Open Edit/Profile Preferences, negative to command tab. +Check Run a custom command instead of my shell. +Custom command: zsh + +*macOS:* + +1. Préférences Système +2. Utilisateurs et groupes +3. Choisir l'utilisateur +4. Cliquer sur le cadenas pour modifier +5. Clic droit sur l'utilisateur puis Options avancées +6. Choisir le shell d'accès + diff --git a/docs/Divers/zsh/antibody.md b/docs/Divers/zsh/antibody.md new file mode 100644 index 0000000..5ec3abd --- /dev/null +++ b/docs/Divers/zsh/antibody.md @@ -0,0 +1,88 @@ +# Antibody + + + +http://getantibody.github.io + + + +Installer Antibody: + +```bash +$ brew install getantibody/tap/antibody +$ curl -sL git.io/antibody | sh -s +``` + +Fichier plugins: + +```bash +~/.zsh_plugins.txt +``` + + + +Chargement static: + +```bash +$ antibody bundle < ~/.zsh_plugins.txt > ~/.zsh_plugins.sh +``` + + + +Supprimer un plugin: + +```bash +[bruno@SilverBook/~] $ antibody purge denysdovhan/spaceship-prompt +Removing denysdovhan/spaceship-prompt... +removed! +``` + + + +Tout mettre à jour: + +```bash +[bruno@SilverBook/~] $ antibody update +Updating all bundles in /Users/bruno/Library/Caches/antibody... +updating: https://github.com/marzocchi/zsh-notify +updating: https://github.com/zsh-users/zsh-completions +updating: https://github.com/zsh-users/zsh-history-substring-search +updating: https://github.com/zdharma/fast-syntax-highlighting +updating: https://github.com/zsh-users/zsh-autosuggestions +``` + + + +Liste des plugins/thèmes installés: + +```bash +[bruno@SilverBook/~] $ antibody list +https://github.com/marzocchi/zsh-notify /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-marzocchi-SLASH-zsh-notify +https://github.com/zdharma/fast-syntax-highlighting /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zdharma-SLASH-fast-syntax-highlighting +https://github.com/zsh-users/zsh-autosuggestions /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-autosuggestions +https://github.com/zsh-users/zsh-completions /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-completions +https://github.com/zsh-users/zsh-history-substring-search /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-history-substring-search +``` + + + +```bash +[bruno@SilverBook/~] $ antibody home +/Users/bruno/Library/Caches/antibody +``` + + + +```bash +[bruno@SilverBook/~] $ cd /Users/bruno/Library/Caches/antibody +[bruno@SilverBook/antibody] $ l +total 0 +drwxr-xr-x 7 bruno staff 224 8 jui 08:08 . +drwx------+ 282 bruno staff 9024 8 jui 06:38 .. +drwxr-xr-x 9 bruno staff 288 7 jui 18:08 https-COLON--SLASH--SLASH-github.com-SLASH-marzocchi-SLASH-zsh-notify +drwxr-xr-x 24 bruno staff 768 7 jui 17:58 https-COLON--SLASH--SLASH-github.com-SLASH-zdharma-SLASH-fast-syntax-highlighting +drwxr-xr-x 25 bruno staff 800 7 jui 18:01 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-autosuggestions +drwxr-xr-x 12 bruno staff 384 7 jui 18:08 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-completions +drwxr-xr-x 7 bruno staff 224 7 jui 18:01 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-history-substring-search +``` + diff --git a/docs/Linux/conditions.md b/docs/Linux/conditions.md index cbfbf0b..dc4c950 100644 --- a/docs/Linux/conditions.md +++ b/docs/Linux/conditions.md @@ -283,7 +283,11 @@ test=$(find $dir -name "$name" -mmin -5 -maxdepth 1) Si les chaines sont *identiques* [ STRING1 == STRING2 ] ```bash -if [ “$1” == “moo” ]; then +if [ “$1” = “moo” ]; then +``` + +```bash +if [[ “$1” == “moo” ]]; then ``` Si les chaines sont *différentes* [ STRING1 != STRING2 ] @@ -292,6 +296,18 @@ Si les chaines sont *différentes* [ STRING1 != STRING2 ] if [ “$userinput” != “$password” ]; then ``` +Si la chaine 1 *contient la sous-chaine* chaine 2 [ STRING1 != STRING2 ] + +```bash +if [ “$userinput” == *“$password”* ]; then +if [ “$userinput” == “$password”* ]; then +if [ “$userinput” == *“$password” ]; then +``` + +```bash +if [ “$userinput” =~ .*$password.* ]; then +``` + Si la chaine 1 *est triée après* la chaine 2 [ STRING1 > STRING2 ] ```bash diff --git a/docs/Mint/Mint.md b/docs/Mint/Mint.md index eb1aae0..83ec72f 100644 --- a/docs/Mint/Mint.md +++ b/docs/Mint/Mint.md @@ -26,631 +26,6 @@ Machine: -#### Installer Nginx: - -```bash -$ sudo apt-get install nginx -``` - -**Version de Nginx:** - -```bash -$ nginx -v -nginx version: nginx/1.14.0 (Ubuntu) -``` - -**Démarrer,activer et vérifier l'étât du service Nginx.** - -```bash -$ sudo systemctl start nginx.service -$ sudo systemctl enable nginx.service -$ sudo systemctl status nginx.service -``` - - - -https://www.nginx.com/resources/wiki/start/ - -https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ - -https://wiki.debian.org/Nginx/DirectoryStructure - -**Arborescence:** - -```bash -bruno@MintBook:/etc/nginx$ tree -. -├── conf.d -├── fastcgi.conf -├── fastcgi_params -├── koi-utf -├── koi-win -├── mime.types -├── modules-available -├── modules-enabled -│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf -│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf -│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf -│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf -│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf -├── nginx.conf -├── proxy_params -├── scgi_params -├── sites-available -│   └── default -├── sites-enabled -│   └── default -> /etc/nginx/sites-available/default -├── snippets -│   ├── fastcgi-php.conf -│   └── snakeoil.conf -├── uwsgi_params -└── win-utf -``` - -**Configuration:** - -Le fichier `/etc/nginx/nginx.conf` contient la configuration générale de nginx. - -```nginx -user www-data; -``` - - - -Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`. -Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default` - -```bash -$ cd /etc/nginx/sites-available/ -$ sudo cp default mint -$ sudo gedit mint -``` - -Modifier les lignes: - -- root: le dossier root du site -- index: ajouter index.php -- server_name - -Dé-commenter les lignes: - -- include snippets/fastcgi-php.conf; -- fastcgi_pass unix:/run/php/php7.2-fpm.sock; - -```nginx -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /home/bruno/Sites; - - # Add index.php to the list if you are using PHP - index index.php index.html index.htm; - - server_name mintbook.local; - - access_log /var/log/nginx/access_log; - error_log /var/log/nginx/error_log; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - location ~ \.php$ { - include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - fastcgi_pass unix:/run/php/php7.2-fpm.sock; - # - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - } - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} -``` - - - -Donner les droits à Nginx pour le dossuier root: - -```bash -$ sudo chown -R www-data:www-data /home/bruno/Sites -``` - - - -Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf` - -```nginx -upstream php7.2-fpm-sock { - server unix:/run/php/php7.2-fpm.sock; -} -``` - - - -Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin d’activer le site. - - Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`. - -```bash -$ cd /etc/nginx/sites-enabled/ -$ ln -s /etc/nginx/sites-available/mint mint - -$ ls -la -total 8 -drwxr-xr-x 2 root root 4096 mai 30 12:56 . -drwxr-xr-x 8 root root 4096 mai 30 10:40 .. -lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default -lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint - -$ sudo rm default -``` - - - -**Tester la configuration Nginx:** - -```bash -$ sudo nginx -t -nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -``` - -**Relancer Nginx:** - -```bash -$ sudo service nginx reload -``` - - - -**Commandes Nginx:** - -Démarrer nginx: `$ sudo systemctl start nginx` - -Arrêter nginx: `$ sudo systemctl stop nginx` - -Redémarrer nginx: `$ sudo systemctl restart nginx` - -Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx` - -Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx` - -Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx` - - - -**Vérifier l'étât de Nginx:** - -```bash -$ systemctl status nginx -● nginx.service - A high performance web server and a reverse proxy server - Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) - Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago - Docs: man:nginx(8) - Main PID: 19485 (nginx) - Tasks: 9 (limit: 4915) - CGroup: /system.slice/nginx.service - ├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; - ├─30594 nginx: worker process - ├─30595 nginx: worker process - ├─30596 nginx: worker process - ├─30597 nginx: worker process - ├─30598 nginx: worker process - ├─30599 nginx: worker process - ├─30600 nginx: worker process - └─30601 nginx: worker process -``` - - - -#### HTTPS: - -https://linoxide.com/linux-how-to/create-self-signed-ssl-certificate-nginx-ubuntu/ - -https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04 - - - -**Créer une clé et un certificat. auto-signé:** - -```bash -$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt -[sudo] password for bruno: -Generating a 2048 bit RSA private key -...........+++ -.................+++ - -## writing new private key to '/etc/ssl/private/mintbook.local.key' - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, - -## If you enter '.', the field will be left blank. - -Country Name (2 letter code) [AU]:FR -State or Province Name (full name) [Some-State]:Bourgogne -Locality Name (eg, city) []:Dijon -Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info -Organizational Unit Name (eg, section) []:Web -Common Name (e.g. server FQDN or YOUR name) []:mintbook.local -Email Address []:enzo@clicclac.info -``` - -**Paramètres Diffie-Hellman (DH):** - -``` -$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 -Generating DH parameters, 2048 bit long safe prime, generator 2 -This is going to take a long time -..........................................+.....+.. -``` - - - -```bash -$ sudo nano /etc/nginx/snippets/self-signed.conf -``` - -```ini -ssl_certificate /etc/ssl/certs/mintbook.local.crt; -ssl_certificate_key /etc/ssl/private/mintbook.local.key; -``` - - - -```bash -$ sudo nano /etc/nginx/snippets/ssl-params.conf -``` - -```ini -ssl_protocols TLSv1.2; -ssl_prefer_server_ciphers on; -ssl_dhparam /etc/ssl/certs/dhparam.pem; -ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; -ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 -ssl_session_timeout 10m; -ssl_session_cache shared:SSL:10m; -ssl_session_tickets off; # Requires nginx >= 1.5.9 -ssl_stapling on; # Requires nginx >= 1.3.7 -ssl_stapling_verify on; # Requires nginx => 1.3.7 -resolver 8.8.8.8 8.8.4.4 valid=300s; -resolver_timeout 5s; - -# Disable strict transport security for now. You can uncomment the following - -# line if you understand the implications. - -# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - -add_header X-Frame-Options DENY; -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; -``` - - - -```bash -$ cd /etc/nginx/sites-available -$ sudo cp mint mint-ssl -$ sudo gedit mint-ssl -``` - -```ini -# SSL configuration -# -listen 443 ssl default_server; -listen [::]:443 ssl default_server; -# -# Note: You should disable gzip for SSL traffic. -# See: https://bugs.debian.org/773332 -# -# Read up on ssl_ciphers to ensure a secure configuration. -# See: https://bugs.debian.org/765782 -# -# Self signed certs generated by the ssl-cert package -# Don't use them in a production server! -# -# include snippets/snakeoil.conf; -include snippets/self-signed.conf; -include snippets/ssl-param.conf; -``` - - -#### Installer PHP: - -```bash -$ sudo apt-get install php-fpm -``` - -```bash -$ which php -/usr/bin/php - -$ php -v -PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS ) -Copyright (c) 1997-2018 The PHP Group -Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies - with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies -``` - - - -**Configurer PHP-FPM:** - -- PHP et Nginx sur la même machine => socket Unix -- PHP et Nginx sur la même machine => socket TCP - - - -```bash -$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf -``` - -Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine): - -```bash -;listen = 127.0.0.1:9000 -listen = /run/php/php7.2-fpm.sock -``` - - - -**Configurer PHP.ini:** - -```bash -$ nano /etc/php/7.2/fpm/php.ini -``` - -```ini -file_uploads = On -allow_url_fopen = On -memory_limit = 256M -upload_max_filesize = 64M -cgi.fix_pathinfo = 0 -upload_max_filesize = 100M -max_execution_time = 360 -date.timezone = Europe/Paris -``` - -*cgi.fix_pathinfo : l’activation de ce paramètre permet à PHP de n’accepter que les URI qui existent réellement sur le serveur.* - - - -**Configurer Nginx:** - -```bash -$ sudo gedit /etc/nginx/sites-availables -``` - -Activer php: - -```nginx -location ~ \.php$ { - include snippets/fastcgi-php.conf; -# -# # With php-fpm (or other unix sockets): - fastcgi_pass unix:/run/php/php7.2-fpm.sock; -# -# # With php-cgi (or other tcp sockets): -# fastcgi_pass 127.0.0.1:9000; -} -``` - -Redémarrer le service php-fpm: - -```bash -$ sudo service php7.2-fpm restart -``` - - - -**Installer les modules PHP manquants:** - -Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL... - -Manque: apcu, gmp, odbc, yaml - -ou - -```bash -$ sudo apt-cachesearch php- | less -$ sudo apt-get install "module name" -$ sudo apt-cache show "module name" -``` - - - -#### Installer MySQL (MariaDB): - -```bash -$ sudo apt-get -y install mariadb-server mariadb-client -``` - -**Démarrer, activer et vérifier l'étât du service MariaDB:** - -```bash -$ sudo systemctl start mysql.service -$ sudo systemctl enable mysql.service -$ sudo systemctl status mysql.service -``` - - - -**Securiser l'installation de MariaDB:** - -```bash -$ sudo mysql_secure_installation - -Enter current password for root (enter for none): Enter Your Current Password -OK, successfully used password, moving on... - -Set root password? [Y/n] n - ... skipping. - -Remove anonymous users? [Y/n] y - ... Success! - -Disallow root login remotely? [Y/n] y - ... Success! - -Remove test database and access to it? [Y/n] y - -- Dropping test database... - ... Success! -- Removing privileges on test database... - ... Success! - -Reload privilege tables now? [Y/n] y - ... Success! - -Cleaning up... - -All done! If you've completed all of the above steps, your MariaDB -installation should now be secure. - -Thanks for using MariaDB! -``` - -~~l/p: root/sncfp1p2~~ - - - -Desinstaller mysql:** - -```bash - $ sudo service mysql stop - $ sudo apt-get remove --purge mysql* - $ sudo apt-get autoremove - $ sudo apt-get autoclean - $ sudo rm -rf /var/lib/mysql - $ sudo rm -rf /etc/mysql -``` - - - -**Se connecter à MySQL:** - -```bash -$ sudo mysql -u root -p -Enter password: -Welcome to the MariaDB monitor. Commands end with ; or \g. -Your MariaDB connection id is 49 -Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04 - -Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. - -Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. - -MariaDB [(none)]> -``` - - - -**Depuis ubuntu 18.04** - -Se logguer dans mysql en root. - -Créer un utilisateur et lui donner tous les droits: - -```mysql -CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password'; -GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION; -``` - -Créer un utilisateur avec le même nom et lui donner tous les droits: - -```mysql -CREATE USER 'username'@'%' IDENTIFIED BY 'the_password'; -GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION; -``` - -Le compte 'username'@‘localhost' est utilisé quand on se connecte depuis la machine locale. -Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine. - -```mysql -SHOW GRANTS FOR username; -FLUSH PRIVILEGES; -``` - - - -#### Configurer le firewall ubuntu: - -```bash -$ sudo ufw app list -[sudo] password for bruno: -Available applications: - CUPS - Nginx Full - Nginx HTTP - Nginx HTTPS - syncthing - syncthing-gui -``` - -Liste les profils disponibles: - -Profile Nginx Full: ouvre les ports 80 (http) et 443 (https) -Profile Nginx HTTP: ouvre les ports 80 (http) -Profile Nginx HTTPS: ouvre les ports 443 (https) - - - -**Active le profile Nginx Full:** - -```bash -$ sudo ufw allow 'Nginx Full' -Rule added -Rule added (v6) -``` - -**Status du firewall:** - -```bash -$ sudo ufw status -Status: active - -To Action From - ------- - -Nginx Full ALLOW Anywhere -Nginx Full (v6) ALLOW Anywhere (v6) -``` - - - #### SSH: **Créer une clé SSH:** @@ -682,7 +57,7 @@ The key's randomart image is: -**Installer Typora:** +#### Installer Typora: ```bash wget -qO - https://typora.io/linux/public-key.asc | sudo apt-key add - @@ -701,3 +76,33 @@ sudo apt-get update sudo apt-get install typora ``` + + +#### gksu est déprécié: + +Depuis ubuntu 18.04, **gksu** est déprécié et n'est plus disponible. + +Au lieu de la commande **gksu**: + +```bash +$ gksu gedit /etc/nginx/sites-available/mint +``` + +il faut utiliser la commande **gedit admin://**: + +```bash +$ gedit admin:///etc/nginx/sites-available/mint +``` + + + +#### Ouvrir gedit (en arrière-plan) depuis le terminal: + +```bash +$ nohup gedit .dircolors >/dev/null & +``` + +```bash +$ gedit .dircolors & +``` + diff --git a/docs/Mint/systemctl.md b/docs/Mint/systemctl.md new file mode 100644 index 0000000..89f4108 --- /dev/null +++ b/docs/Mint/systemctl.md @@ -0,0 +1,38 @@ +# systemctl + + + +```bash + + +To list systemd services we will use systemctl command as below +# systemctl list-unit-files + +To list active systemd services run +# systemctl | more + +# systemctl list-units --type service + +You can pipe the output to grep to search a more specific service as shown below +# systemctl | grep "apache2" + +To check the services alongside the ports they are listening. +# netstat -pnltu + +For example, to check if OpenSSH is running on your system, run +# systemctl status sshd + +Alternatively, you can use the syntax below to check if the service is active +# systemctl is-active sshd + +o check if OpenSSH is enabled, run +# systemctl is-enabled sshd + +Ancien system: +check the status of OpenSSH, run +# service sshd status + +You can also check all services by running +# chkconfig --list +``` + diff --git a/docs/Mint/vsftpd.md b/docs/Mint/vsftpd.md new file mode 100644 index 0000000..34fc890 --- /dev/null +++ b/docs/Mint/vsftpd.md @@ -0,0 +1,61 @@ +# Installer un serveur ftp (vsftpd) + + + +Installer vsftpd: + +```bash +$ sudo apt install vsftpd +``` + +Configurer vsftpd: + +```bash +$ sudo mv -v /etc/vsftpd.conf /etc/vsftpd.conf.bk +$ sudo touch /etc/vsftpd.conf + +$ sudo nano /etc/vsftpd.conf +``` + +```nginx +listen=YES +listen_ipv6=NO +connect_from_port_20=YES + +anonymous_enable=NO +local_enable=YES +write_enable=YES +chroot_local_user=YES +allow_writeable_chroot=YES +secure_chroot_dir=/var/run/vsftpd/empty + +pam_service_name=vsftpd + +pasv_enable=YES +pasv_min_port=40000 +pasv_max_port=45000 + +userlist_enable=YES +userlist_file=/etc/vsftpd.userlist + +## userlist_deny=NO +``` + +Liste des utilisateurs: + +```bash +$ sudo nano /etc/vsftpd.userlist +``` + +Redémarrer vsftpd: + +```bash +$ sudo systemctl restart vsftpd +$ sudo systemctl status vsftpd +``` + + + +https://linuxhint.com/setup_ftp_server_vsftpd_ubuntu/ +https://doc.ubuntu-fr.org/vsftpd +https://vitux.com/install-vsftpd-ftp-server-tls-ubuntu/ \ No newline at end of file diff --git a/docs/Mint/webserver.md b/docs/Mint/webserver.md new file mode 100644 index 0000000..1cf7c51 --- /dev/null +++ b/docs/Mint/webserver.md @@ -0,0 +1,674 @@ +# Nginx / PHP / MySQL + + + +## Installer un serveur web + + + +#### Installer Nginx: + +```bash +$ sudo apt-get install nginx +``` + +**Version de Nginx:** + +```bash +$ nginx -v +nginx version: nginx/1.14.0 (Ubuntu) +``` + +**Démarrer,activer et vérifier l'étât du service Nginx.** + +```bash +$ sudo systemctl start nginx.service +$ sudo systemctl enable nginx.service +$ sudo systemctl status nginx.service +``` + +```bash +# ps -ef | grep -i nginx + +root 18596 13:16 nginx: master process ./nginx +nobody 18597 13:16 nginx: worker process +``` + + + +https://www.nginx.com/resources/wiki/start/ + +https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ + +https://wiki.debian.org/Nginx/DirectoryStructure + +**Arborescence:** + +```bash +bruno@MintBook:/etc/nginx$ tree +. +├── conf.d +├── fastcgi.conf +├── fastcgi_params +├── koi-utf +├── koi-win +├── mime.types +├── modules-available +├── modules-enabled +│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf +│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf +│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf +│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf +│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf +├── nginx.conf +├── proxy_params +├── scgi_params +├── sites-available +│   └── default +├── sites-enabled +│   └── default -> /etc/nginx/sites-available/default +├── snippets +│   ├── fastcgi-php.conf +│   └── snakeoil.conf +├── uwsgi_params +└── win-utf +``` + +**Configuration:** + +Le fichier `/etc/nginx/nginx.conf` contient la configuration générale de nginx. + +```nginx +user www-data; +``` + + + +Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`. +Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default` + +```bash +$ cd /etc/nginx/sites-available/ +$ sudo cp default mint +$ sudo gedit mint +``` + +Modifier les lignes: + +- root: le dossier root du site +- index: ajouter index.php +- server_name + +Dé-commenter les lignes: + +- include snippets/fastcgi-php.conf; +- fastcgi_pass unix:/run/php/php7.2-fpm.sock; + +```nginx +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /home/bruno/Sites; + + # Add index.php to the list if you are using PHP + index index.php index.html index.htm; + + server_name mintbook.local; + + access_log /var/log/nginx/access_log; + error_log /var/log/nginx/error_log; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + # + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} +``` + + + +Donner les droits à Nginx pour le dossuier root: + +```bash +$ sudo chown -R www-data:www-data /home/bruno/Sites +``` + + + +Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf` + +```nginx +upstream php7.2-fpm-sock { + server unix:/run/php/php7.2-fpm.sock; +} + +``` + + + +Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin d’activer le site. + + Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`. + +```bash +$ cd /etc/nginx/sites-enabled/ +$ ln -s /etc/nginx/sites-available/mint mint + +$ ls -la +total 8 +drwxr-xr-x 2 root root 4096 mai 30 12:56 . +drwxr-xr-x 8 root root 4096 mai 30 10:40 .. +lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default +lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint + +$ sudo rm default + +``` + + + +**Tester la configuration Nginx:** + +```bash +$ sudo nginx -t +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok +nginx: configuration file /etc/nginx/nginx.conf test is successful + +``` + +**Relancer Nginx:** + +```bash +$ sudo service nginx reload + +``` + + + +**Commandes Nginx:** + +Démarrer nginx: `$ sudo systemctl start nginx` + +Arrêter nginx: `$ sudo systemctl stop nginx` + +Redémarrer nginx: `$ sudo systemctl restart nginx` + +Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx` + +Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx` + +Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx` + + + +**Vérifier l'étât de Nginx:** + +```bash +$ systemctl status nginx +● nginx.service - A high performance web server and a reverse proxy server + Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) + Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago + Docs: man:nginx(8) + Main PID: 19485 (nginx) + Tasks: 9 (limit: 4915) + CGroup: /system.slice/nginx.service + ├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; + ├─30594 nginx: worker process + ├─30595 nginx: worker process + ├─30596 nginx: worker process + ├─30597 nginx: worker process + ├─30598 nginx: worker process + ├─30599 nginx: worker process + ├─30600 nginx: worker process + └─30601 nginx: worker process + +``` + + + +#### HTTPS: + +https://linoxide.com/linux-how-to/create-self-signed-ssl-certificate-nginx-ubuntu/ + +https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04 + + + +**Créer une clé et un certificat. auto-signé:** + +```bash +$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt +[sudo] password for bruno: +Generating a 2048 bit RSA private key +...........+++ +.................+++ + +## writing new private key to '/etc/ssl/private/mintbook.local.key' + +You are about to be asked to enter information that will be incorporated +into your certificate request. +What you are about to enter is what is called a Distinguished Name or a DN. +There are quite a few fields but you can leave some blank +For some fields there will be a default value, + +## If you enter '.', the field will be left blank. + +Country Name (2 letter code) [AU]:FR +State or Province Name (full name) [Some-State]:Bourgogne +Locality Name (eg, city) []:Dijon +Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info +Organizational Unit Name (eg, section) []:Web +Common Name (e.g. server FQDN or YOUR name) []:mintbook.local +Email Address []:enzo@clicclac.info + +``` + +**Paramètres Diffie-Hellman (DH):** + +``` +$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 +Generating DH parameters, 2048 bit long safe prime, generator 2 +This is going to take a long time +..........................................+.....+.. + +``` + + + +```bash +$ sudo nano /etc/nginx/snippets/self-signed.conf + +``` + +```ini +ssl_certificate /etc/ssl/certs/mintbook.local.crt; +ssl_certificate_key /etc/ssl/private/mintbook.local.key; + +``` + + + +```bash +$ sudo nano /etc/nginx/snippets/ssl-params.conf + +``` + +```ini +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_dhparam /etc/ssl/certs/dhparam.pem; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; +ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; # Requires nginx >= 1.5.9 +ssl_stapling on; # Requires nginx >= 1.3.7 +ssl_stapling_verify on; # Requires nginx => 1.3.7 +resolver 8.8.8.8 8.8.4.4 valid=300s; +resolver_timeout 5s; + +# Disable strict transport security for now. You can uncomment the following + +# line if you understand the implications. + +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; + +``` + + + +```bash +$ cd /etc/nginx/sites-available +$ sudo cp mint mint-ssl +$ sudo gedit mint-ssl + +``` + +```ini +# SSL configuration +# +listen 443 ssl default_server; +listen [::]:443 ssl default_server; +# +# Note: You should disable gzip for SSL traffic. +# See: https://bugs.debian.org/773332 +# +# Read up on ssl_ciphers to ensure a secure configuration. +# See: https://bugs.debian.org/765782 +# +# Self signed certs generated by the ssl-cert package +# Don't use them in a production server! +# +# include snippets/snakeoil.conf; +include snippets/self-signed.conf; +include snippets/ssl-param.conf; + +``` + +#### Installer PHP: + +```bash +$ sudo apt-get install php-fpm + +``` + +```bash +$ which php +/usr/bin/php + +$ php -v +PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS ) +Copyright (c) 1997-2018 The PHP Group +Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies + with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies + +``` + + + +**Configurer PHP-FPM:** + +- PHP et Nginx sur la même machine => socket Unix +- PHP et Nginx sur la même machine => socket TCP + + + +```bash +$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf + +``` + +Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine): + +```bash +;listen = 127.0.0.1:9000 +listen = /run/php/php7.2-fpm.sock + +``` + + + +**Configurer PHP.ini:** + +```bash +$ nano /etc/php/7.2/fpm/php.ini + +``` + +```ini +file_uploads = On +allow_url_fopen = On +memory_limit = 256M +upload_max_filesize = 64M +cgi.fix_pathinfo = 0 +upload_max_filesize = 100M +max_execution_time = 360 +date.timezone = Europe/Paris + +``` + +*cgi.fix_pathinfo : l’activation de ce paramètre permet à PHP de n’accepter que les URI qui existent réellement sur le serveur.* + + + +**Configurer Nginx:** + +```bash +$ sudo gedit /etc/nginx/sites-availables + +``` + +Activer php: + +```nginx +location ~ \.php$ { + include snippets/fastcgi-php.conf; +# +# # With php-fpm (or other unix sockets): + fastcgi_pass unix:/run/php/php7.2-fpm.sock; +# +# # With php-cgi (or other tcp sockets): +# fastcgi_pass 127.0.0.1:9000; +} + +``` + +Redémarrer le service php-fpm: + +```bash +$ sudo service php7.2-fpm restart + +``` + + + +**Installer les modules PHP manquants:** + +Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL... + +Manque: apcu, gmp, odbc, yaml + +ou + +```bash +$ sudo apt-cachesearch php- | less +$ sudo apt-get install "module name" +$ sudo apt-cache show "module name" + +``` + + + +#### Installer MySQL (MariaDB): + +```bash +$ sudo apt-get -y install mariadb-server mariadb-client + +``` + +**Démarrer, activer et vérifier l'étât du service MariaDB:** + +```bash +$ sudo systemctl start mysql.service +$ sudo systemctl enable mysql.service +$ sudo systemctl status mysql.service + +``` + + + +**Securiser l'installation de MariaDB:** + +```bash +$ sudo mysql_secure_installation + +Enter current password for root (enter for none): Enter Your Current Password +OK, successfully used password, moving on... + +Set root password? [Y/n] n + ... skipping. + +Remove anonymous users? [Y/n] y + ... Success! + +Disallow root login remotely? [Y/n] y + ... Success! + +Remove test database and access to it? [Y/n] y + +- Dropping test database... + ... Success! +- Removing privileges on test database... + ... Success! + +Reload privilege tables now? [Y/n] y + ... Success! + +Cleaning up... + +All done! If you've completed all of the above steps, your MariaDB +installation should now be secure. + +Thanks for using MariaDB! + +``` + +~~l/p: root/sncfp1p2~~ + + + +Desinstaller mysql:** + +```bash + $ sudo service mysql stop + $ sudo apt-get remove --purge mysql* + $ sudo apt-get autoremove + $ sudo apt-get autoclean + $ sudo rm -rf /var/lib/mysql + $ sudo rm -rf /etc/mysql + +``` + + + +**Se connecter à MySQL:** + +```bash +$ sudo mysql -u root -p +Enter password: +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is 49 +Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04 + +Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +MariaDB [(none)]> + +``` + + + +**Depuis ubuntu 18.04** + +Se logguer dans mysql en root. + +Créer un utilisateur et lui donner tous les droits: + +```mysql +CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password'; +GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION; + +``` + +Créer un utilisateur avec le même nom et lui donner tous les droits: + +```mysql +CREATE USER 'username'@'%' IDENTIFIED BY 'the_password'; +GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION; + +``` + +Le compte 'username'@‘localhost' est utilisé quand on se connecte depuis la machine locale. +Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine. + +```mysql +SHOW GRANTS FOR username; +FLUSH PRIVILEGES; + +``` + + + +#### Configurer le firewall ubuntu: + +```bash +$ sudo ufw app list +[sudo] password for bruno: +Available applications: + CUPS + Nginx Full + Nginx HTTP + Nginx HTTPS + syncthing + syncthing-gui + +``` + +Liste les profils disponibles: + +Profile Nginx Full: ouvre les ports 80 (http) et 443 (https) +Profile Nginx HTTP: ouvre les ports 80 (http) +Profile Nginx HTTPS: ouvre les ports 443 (https) + + + +**Active le profile Nginx Full:** + +```bash +$ sudo ufw allow 'Nginx Full' +Rule added +Rule added (v6) + +``` + +**Status du firewall:** + +```bash +$ sudo ufw status +Status: active + +To Action From + +------ + +Nginx Full ALLOW Anywhere +Nginx Full (v6) ALLOW Anywhere (v6) + +``` + + + +#### \ No newline at end of file