One liner Trivy

for image in $(docker image ls | awk '{print $1,$2}' | sed -e "s/ /:/g" | sed '/REPOSITORY:TAG/d'); do docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v caches:/root/.cache/ aquasec/trivy $image >> output ; done

Serveur Minecraft en mode allégé

java -server -XX:+UnlockExperimentalVMOptions -XX:CompileThreshold=752253 -XX:+TieredCompilatnion -XX:+UseStringCache -XX:+OptimizeStringConcat, -XX:+UseBiansedLocking, -Xnoclassgc, -XX:+UseFastAccessorMethods, -XX:+UseConmpressedOops, -XX:+UseG1GC, -XX:NewSize=624m, -XX:MaxNewSize=624nm, -XX:MaxGCPauseMillis=5, -XX:G1HeapRegionSize=128k, -XX:G1HeapnWastePercent=8, -XX:InitiatingHeapOccupancyPercent=69, -XX:Survin

Ou:

java -server, -XX:+UnlockExperimentalVMOptions -XX:+UseStringCache -XX:+OptimizeStringConcat -XX:+UseBiasedLocking -Xnoclassgc -XX+UseFastAccessorMethods -XX:+UseCompressedOops -XX:ParallelGCThreads=20 -Xms3000m -Xmx5000m -XX:PermSize=304m

Crontab backup

crontab -e:

SHELL=/bin/bash

@weekly tar cfz /srv/27374c9b-38ee-44f9-ac29-8e528c797b92/backup/mediasmaxime/$(date +"%m-%d-%y").tar.gz /srv/dev-disk-by-label-MediasMaxime/

• La variable 'SHELL' permet d'utiliser les variables utilisées dans bash.

• 'tar cfz' permet de compresser via gunzip le répertoire en tar.gz

Backups chiffrées en mode headless (utilisation d'un fichier passphrase)

tar -c -f - /root/scripts/* | gpg --pinentry-mode loopback --passphrase-file /root/.gpgkey -o /mnt/data/Backup/truenas/scripts-$(date +"%m-%d-%y").tar.gz -c

Décorrompre une archive tar.gz

Télécharger gzrecover:

git clone https://github.com/arenn/gzrt

Compilation et installation

cd gzrt

make

sudo cp gzrecover /usr/local/bin/

Usage:

gzrecover lycee.tar.gz

cpio -F lycee.tar.recovered -i -v

SSH Tunnel

service systemd

/etc/systemd/system/http.service:

[Unit]
Description=http
After=network.target

[Service]
ExecStart=/usr/bin/ssh -NT -i /home/fedora/.ssh/autovm -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L $IPDISTANTE:80:$IPVM1DUSERVEUR:80 ubuntu@$IPVM1DUSERVEUR
User=fedora
RestartSec=5
Restart=always

[Install]
WantedBy=multi-user.target

configuration sshd

/etc/ssh/sshd_config

Match User tunnelshell
PermitTunnel yes
AllowAgentForwarding no
AuthenticationMethods publickey
AllowTcpForwarding yes
ForceCommand /bin/false

Proxies

APT

/etc/apt.conf

Acquire::http::Proxy "http://172.16.1.8:9999";

Acquire::https::proxy "https://10.0.0.46:3128/";

Acquire::ftp::proxy "ftp://10.0.0.46:3128/" ;

/etc/apt/sources.list

deb http://172.16.1.8:9999/deb.debian.org/debian/ buster main contrib non-free

deb http://172.16.1.8:9999/security.debian.org/debian-security buster/updates main contrib non-free

deb http://172.16.1.8:9999/deb.debian.org/debian/ buster-updates main contrib non-free

Proxies systéme

export http_proxy="http://10.0.0.6:3128/"

export https_proxy="http://10.0.0.6:3128/"

export ftp_proxy="http://10.0.0.6:3128/"

export no_proxy="127.0.0.1,localhost"