« Ubuntu arm 20.04 » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 199 : | Ligne 199 : | ||
# save the banned ips to /etc/iptables/ipsets so they will be ban again on startup thanks to ipset.service | # save the banned ips to /etc/iptables/ipsets so they will be ban again on startup thanks to ipset.service | ||
netfilter-persistent save | |||
</filebox> | </filebox> | ||
Version du 6 septembre 2023 à 20:34
Links
Useful commande lignes
# updates adg # sudo apt update && sudo apt upgrade sudo snap refresh sudo reboot sudo poweroff |
APT (Advanced Package Tool)
zsh - oh my zsh
# install zsh apt install zsh zsh-syntax-highlighting # zsh install zsh-common # install oh-my-zsh and set zsh as default shell for the current user sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" |
~/.zshrc |
plugins=( alias-finder colored-man-pages common-aliases copybuffer debian extract fd git ripgrep sudo systemd wd) # don't store in history commands prefixed with a space (test with: history | tail) setopt HIST_IGNORE_SPACE # add hostname to PROMPT only for ssh connection if [[ -n $SSH_CONNECTION ]]; then PROMPT="%m ${PROMPT}" fi # must be loaded last source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh |
- zsh-antigen: plugin manager
- zsh-autosuggestions: autosuggestions
- zsh-syntax-highlighting: syntax highlighting
- zsh-theme-powerlevel9k: theme (deprecated)
netplan
/etc/netplan/01-netcfg.yaml |
network: version: 2 renderer: networkd ethernets: eth0: dhcp4: yes # addresses: [192.168.0.x/24] # gateway4: 192.168.0.y nameservers: addresses: [192.168.0.x, 192.168.0.y] # set multiple DNS servers |
# test the configuration, the configuration is applied for 120 seconds then reverted sudo netplan try # apply changes sudo netplan apply # creates the file /run/systemd/network/10-netplan-eth0.network # check the DNS servers systemd-resolve --status | grep 'DNS Servers' -A2 # display current DHCP lease netplan ip leases [interface] # debugging the generation of the file /run/systemd/network/10-netplan-eth0.network sudo netplan --debug generate |
UFW configuration
sudo ufw allow OpenSSH # port 22 sudo ufw allow 'Nginx Full' # port 80 443 sudo ufw allow DNS # port 53 (dnsmasq) |
PHP 8+
sudo add-apt-repository ppa:ondrej/php sudo add-apt-repository ppa:ondrej/nginx-mainline # new features, updates, bugfixes sudo add-apt-repository ppa:ondrej/nginx # no new features, major bugfixes only, annual release sudo add-apt-repository ppa:ondrej/apache2 |
uWSGI
Doesn't seem to work with PHP 8.2 and Ubuntu 20.04 |
With Ubuntu 20.04, ondrej ppa and PHP 8.2 installed, the following dependencies are wrongly installed: php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-phpdbg php7.4-readline |
!!! UNABLE to load uWSGI plugin: libphp7.so: cannot open shared object file: No such file or directory !!! |
# better use --plugin option instead of the following workaround sudo ln -s /usr/lib/libphp8.so /usr/lib/libphp7.so |
MariaDB
ai mariadb-server # set root password, remove anonymous users, disallow root login remotely, remove test database sudo mysql_secure_installation # connection with unix_socket sudo mariadb |
Upgrade to MariaDB 11.1
# add MariaDB APT repository curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=11.1 # stop the service, then uninstall the version 10.3, then install the version 11 sc-stop mariadb-server sudo apt remove mariadb-server ai mariadb-server mariadb -V # test |
PostgreSQL 15+
# add the postgre official package repository sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' # import the GPG signing key for the repository wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null # install specifically the version 15 instead of the meta-package postgresql to avoid unwanted upgrade ai postgresql-15 |
.NET
On ARM, only manually installation is available (ref) |
# download ASP.NET Core Runtime wget https://download.visualstudio.microsoft.com/download/pr/712946ec-0b43-436c-abfb-3abab81f6cad/c83ba8df4dab39957ffa5e93604f0b32/aspnetcore-runtime-7.0.10-linux-arm64.tar.gz # extract the archive in the dotnet folder mkdir dotnet tar xf aspnetcore-runtime-7.0.10-linux-arm64.tar.gz -C dotnet sudo mv dotnet /usr/share sudo chown root:root -R /usr/share/dotnet sudo ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet dotnet --info # test |
Ban IPs with ipsum
ai ipset ipset-persistent # create a set for IPs sudo ipset create ipsum hash:ip # add an iptables rules to drop all communications from the IPs in the ipsum set iptables -I INPUT -m set --match-set ipsum src -j DROP |
/root/scripts/ban-ipsum.sh |
# cron script # flush all entries of the ipsum set ipset -q flush ipsum for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null \ | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done # save the banned ips to /etc/iptables/ipsets so they will be ban again on startup thanks to ipset.service netfilter-persistent save |
Applications
Name | Version | Comment |
---|---|---|
btop | 1.2.13 | resource monitor (snap) |
certbot | 2.6 | use snap (native 0.40) |
Dovecot | 2.3.7.2 | Mail Delivery Agent |
MariaDB | 11.1.2 | use MariaDB repository (native 10.3.38) |
NGINX | 1.24 | use ondrej ppa (native 1.22) |
PHP | 8.2.10 | use ondrej ppa (native 7.4.3) |
Postfix | 3.4.13 | Mail Transfer Agent |
PostgreSQL | 15.4 | use PDGD repository (native 12.15) |
Roundcube | 1.6.2 | Webmail, use GitHub release (native 1.4.3) |
Shell tools
Name | Description |
---|---|
bat | A cat clone with syntax highlighting and Git integration. batcat |
du-dust | more intuitive du unable to install |
exa | modern replacement for ls unable to install |
fd-find | file name search tool |
ripgrep | file content search tool |
tldr | simplified and community-driven man pages |
trash-cli | command line trash |