[WiP] LS42

IncidentResponse.md

@@ -0,0 +1,17 @@
+# Incident Response
+
+## hashing and comparing
+### bloom-filter
+
+## write/delete protection
+
+## persistent /last entry
+
+## hardening
+### systemd service file
+### apparmor profile
+
+## last-line of defense
+
+- open vsphere terminal with login
+- keep atleast on ssh session to each server up

openwrt-selfbuild.md

@@ -394,7 +394,7 @@ luci-ssl
 luci-theme-bootstrap
 luci-theme-material
 miniupnpd-nftables
-mosquitto-client-ssl
+mosquitto-ssl
 mtd
 netifd
 nftables-json

proxmox.md

@@ -15,7 +15,7 @@ https://johnscs.com/remove-proxmox51-subscription-notice/
 => breaks update
 
 ### packages
-tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils
+tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils,clevis
 
 ### 0-prepare
 ```
@@ -43,7 +43,7 @@ argon2id      6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bi
     twofish-xts        512b       358.6 MiB/s       359.6 MiB/s
 root@pve:~# 
 ```
-####
+#### file storage
 1. create dm-integrity
     skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
 2. create bcache with a spare ssd or optane flash
@@ -77,7 +77,6 @@ Devices:
     2   931.51GiB  /dev/sdb1
 ```
 5. create mounttarget folder and create fstab entry
-
 ```
 lsblk -o uuid,name
 UUID                                   NAME
@@ -110,12 +109,13 @@ UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
  12. backup target borg
  13. docker host
      * portainer
- 15. 
  
 #### maybe
  4. armbian build
  5. openwrt build
 
+#### secureboot
+https://pve.proxmox.com/wiki/Secure_Boot_Setup
 
 #### postgresql
 - use lxc

secureboot-linux.md

@@ -31,3 +31,7 @@ https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about/
 
 #### systemd
 - https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
+
+### omv
+install needed software:
+`apt install sbsigntool efibootmgr efitools uuid-runtime`