[WiP] LS42
This commit is contained in:
parent
1f7276c5c3
commit
de35a55090
17
IncidentResponse.md
Normal file
17
IncidentResponse.md
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# Incident Response
|
||||||
|
|
||||||
|
## hashing and comparing
|
||||||
|
### bloom-filter
|
||||||
|
|
||||||
|
## write/delete protection
|
||||||
|
|
||||||
|
## persistent /last entry
|
||||||
|
|
||||||
|
## hardening
|
||||||
|
### systemd service file
|
||||||
|
### apparmor profile
|
||||||
|
|
||||||
|
## last-line of defense
|
||||||
|
|
||||||
|
- open vsphere terminal with login
|
||||||
|
- keep atleast on ssh session to each server up
|
@ -394,7 +394,7 @@ luci-ssl
|
|||||||
luci-theme-bootstrap
|
luci-theme-bootstrap
|
||||||
luci-theme-material
|
luci-theme-material
|
||||||
miniupnpd-nftables
|
miniupnpd-nftables
|
||||||
mosquitto-client-ssl
|
mosquitto-ssl
|
||||||
mtd
|
mtd
|
||||||
netifd
|
netifd
|
||||||
nftables-json
|
nftables-json
|
||||||
|
@ -15,7 +15,7 @@ https://johnscs.com/remove-proxmox51-subscription-notice/
|
|||||||
=> breaks update
|
=> breaks update
|
||||||
|
|
||||||
### packages
|
### packages
|
||||||
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils
|
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils,clevis
|
||||||
|
|
||||||
### 0-prepare
|
### 0-prepare
|
||||||
```
|
```
|
||||||
@ -43,7 +43,7 @@ argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bi
|
|||||||
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
|
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
|
||||||
root@pve:~#
|
root@pve:~#
|
||||||
```
|
```
|
||||||
####
|
#### file storage
|
||||||
1. create dm-integrity
|
1. create dm-integrity
|
||||||
skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
|
skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
|
||||||
2. create bcache with a spare ssd or optane flash
|
2. create bcache with a spare ssd or optane flash
|
||||||
@ -77,7 +77,6 @@ Devices:
|
|||||||
2 931.51GiB /dev/sdb1
|
2 931.51GiB /dev/sdb1
|
||||||
```
|
```
|
||||||
5. create mounttarget folder and create fstab entry
|
5. create mounttarget folder and create fstab entry
|
||||||
|
|
||||||
```
|
```
|
||||||
lsblk -o uuid,name
|
lsblk -o uuid,name
|
||||||
UUID NAME
|
UUID NAME
|
||||||
@ -110,12 +109,13 @@ UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
|
|||||||
12. backup target borg
|
12. backup target borg
|
||||||
13. docker host
|
13. docker host
|
||||||
* portainer
|
* portainer
|
||||||
15.
|
|
||||||
|
|
||||||
#### maybe
|
#### maybe
|
||||||
4. armbian build
|
4. armbian build
|
||||||
5. openwrt build
|
5. openwrt build
|
||||||
|
|
||||||
|
#### secureboot
|
||||||
|
https://pve.proxmox.com/wiki/Secure_Boot_Setup
|
||||||
|
|
||||||
#### postgresql
|
#### postgresql
|
||||||
- use lxc
|
- use lxc
|
||||||
|
@ -31,3 +31,7 @@ https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about/
|
|||||||
|
|
||||||
#### systemd
|
#### systemd
|
||||||
- https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
|
- https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
|
||||||
|
|
||||||
|
### omv
|
||||||
|
install needed software:
|
||||||
|
`apt install sbsigntool efibootmgr efitools uuid-runtime`
|
Loading…
Reference in New Issue
Block a user