minor

linux_hardening.md

@@ -749,14 +749,17 @@ ERC settings: `smartctl -l scterc /dev/sda` or setting `smartctl -l scterc,150,1
  - https://man7.org/linux/man-pages/man8/integritysetup.8.html
 
 
-## pacman based integrity check
+
+### package manager integrity
+##### pacman based integrity check
 ```
 pacutils: sudo paccheck --md5sum --quiet
 AUR: sudo check-pacman-mtree.lua -a
 ```
 
-## apt based integrity check
-<!-- 
+##### apt based integrity check
+
+```
 (https://askubuntu.com/posts/891158/timeline)
 
 For checking the integrity of an individual file in a package against the repositories, there's no easy way short of downloading the package. The repositories typically provide these files:
@@ -776,14 +779,19 @@ So, if you don't trust the local system:
 If a `Contents` file is not available, and you don't trust the local system, have fun downloading _every_ package to see what provided the file.
 
 This does not scale.
--->
+```
 
+```
+debsums --silent -a
+```
 ```
 #!/usr/bin/bash
 
 sed -n '/Conffiles/,/Description/p' /var/lib/dpkg/status | grep -v Conffiles | grep -v Description | awk '{print $2 " " $1}' > dpkg_hash.md5sum
 md5sum -c --quiet dpkg_hash.md5sum
 echo $?
-debsums
+```
+```
+cd /; for sumfile in /var****/lib/dpkg/info/*.md5sums; do /usr/bin/md5sum --quiet -c "$sumfile"; done;
 ```
 At least this gets you a step in front of someone.

openwrt-selfbuild.md

@@ -162,7 +162,7 @@ luci-theme-bootstrap
 luci-theme-material
 luci-app-commands
 luci-app-nlbwmon
-luci-app-ntpc
+# luci-app-ntpc chrony-nts
 luci-app-upnp
 luci-app-wireguard
 luci-app-wol
@@ -180,9 +180,9 @@ kmod-nls-cp850
 kmod-nls-iso8859-1
 kmod-nls-utf8
 kmod-loop
-kmod-fs-ext4
+# kmod-fs-ext4
 kmod-fs-vfat
-kmod-fs-exfat
+# kmod-fs-exfat
 kmod-usb-serial
 kmod-usb-serial-ch341
 kmod-usb-serial-cp210x