[WiP] LS42

2024-04-28 20:51:32 +02:00 · 2024-04-28 20:51:32 +02:00 · de35a55090
commit de35a55090
parent 1f7276c5c3
4 changed files with 30 additions and 9 deletions
--- a/IncidentResponse.md
+++ b/IncidentResponse.md
@ -0,0 +1,17 @@
+# Incident Response
+
+## hashing and comparing
+### bloom-filter
+
+## write/delete protection
+
+## persistent /last entry
+
+## hardening
+### systemd service file
+### apparmor profile
+
+## last-line of defense
+
+- open vsphere terminal with login
+- keep atleast on ssh session to each server up
--- a/openwrt-selfbuild.md
+++ b/openwrt-selfbuild.md
@ -394,7 +394,7 @@ luci-ssl
 luci-theme-bootstrap
 luci-theme-material
 miniupnpd-nftables
-mosquitto-client-ssl
+mosquitto-ssl
 mtd
 netifd
 nftables-json
--- a/proxmox.md
+++ b/proxmox.md
@ -15,7 +15,7 @@ https://johnscs.com/remove-proxmox51-subscription-notice/
 => breaks update

 ### packages
-tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils
+tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils,clevis

 ### 0-prepare
 ```
@ -43,7 +43,7 @@ argon2id      6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bi
    twofish-xts        512b       358.6 MiB/s       359.6 MiB/s
 root@pve:~# 
 ```
-####
+#### file storage
 1. create dm-integrity
    skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
 2. create bcache with a spare ssd or optane flash
@ -77,7 +77,6 @@ Devices:
    2   931.51GiB  /dev/sdb1
 ```
 5. create mounttarget folder and create fstab entry
-
 ```
 lsblk -o uuid,name
 UUID                                   NAME
@ -92,10 +91,10 @@ UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
 6. Create under Rechenzentrum->Storage->Hinzufügen->BTRFS
 7. update templates: `pveam update`
    
- ### ToDo
+### ToDo
    https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
    
- ### established services
+### established services
 1. homer
 2. NTP with NTS + GPS USB
 3. www-stack protection shadowd
@ -110,12 +109,13 @@ UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
 12. backup target borg
 13. docker host
     * portainer
- 15. 
 
- #### maybe
+#### maybe
 4. armbian build
 5. openwrt build

+#### secureboot
+https://pve.proxmox.com/wiki/Secure_Boot_Setup

 #### postgresql
 - use lxc
--- a/secureboot-linux.md
+++ b/secureboot-linux.md
@ -30,4 +30,8 @@ the kernel deploys the efi vars as sysfs entries. To manipulate those, the sbsig
 https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about/

 #### systemd
- https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
+- https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
+
+### omv
+install needed software:
+`apt install sbsigntool efibootmgr efitools uuid-runtime`