install-script #7
0
io/audio.md
Normal file
0
io/audio.md
Normal file
9
io/prof_audio.md
Normal file
9
io/prof_audio.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Professional Audio Configuration in Arch Linux
|
||||||
|
|
||||||
|
Semi-Pro*
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
* [Wiki](https://wiki.archlinux.org/title/Professional_audio)
|
||||||
|
* `pacman -Sg pro-audio` to view all the packages in that group
|
||||||
|
* Uses [JACK](https://wiki.archlinux.org/title/JACK_Audio_Connection_Kit)
|
11
scripts/install.sh
Normal file
11
scripts/install.sh
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# install yay
|
||||||
|
cd ~
|
||||||
|
git clone https://aur.archlinux.org/yay.git
|
||||||
|
cd yay
|
||||||
|
makepkg -si
|
||||||
|
cd ..
|
||||||
|
sudo rm -rf yay
|
10
services/aide/README.md
Normal file
10
services/aide/README.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# AIDE - Advanced Intrusion Detection Environment
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
AIDE is a file integrity checker.
|
||||||
|
|
||||||
|
## Installation and Setup
|
||||||
|
|
||||||
|
* Inspect and install the AUR package `aide`.
|
||||||
|
* It seems to have sane defaults and the file is heavily commented, it can be found along `/etc/aide.conf`.
|
145
services/aide/aide/aide.conf
Normal file
145
services/aide/aide/aide.conf
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
# Example configuration file for AIDE.
|
||||||
|
#
|
||||||
|
@@define DBDIR /var/lib/aide
|
||||||
|
@@define LOGDIR /var/log/aide
|
||||||
|
|
||||||
|
# The location of the database to be read.
|
||||||
|
database=file:@@{DBDIR}/aide.db.gz
|
||||||
|
|
||||||
|
# The location of the database to be written.
|
||||||
|
#database_out=sql:host:port:database:login_name:passwd:table
|
||||||
|
#database_out=file:aide.db.new
|
||||||
|
database_out=file:@@{DBDIR}/aide.db.new.gz
|
||||||
|
|
||||||
|
# Whether to gzip the output to database
|
||||||
|
gzip_dbout=yes
|
||||||
|
|
||||||
|
# Default.
|
||||||
|
verbose=5
|
||||||
|
|
||||||
|
report_url=file:@@{LOGDIR}/aide.log
|
||||||
|
report_url=stdout
|
||||||
|
#report_url=stderr
|
||||||
|
#
|
||||||
|
# Here are all the attributes we can check
|
||||||
|
#p: permissions
|
||||||
|
#i: inode
|
||||||
|
#n: number of links
|
||||||
|
#l: link name
|
||||||
|
#u: user
|
||||||
|
#g: group
|
||||||
|
#s: size
|
||||||
|
###b: block count
|
||||||
|
#m: mtime
|
||||||
|
#a: atime
|
||||||
|
#c: ctime
|
||||||
|
#S: check for growing size
|
||||||
|
#I: ignore changed filename
|
||||||
|
#ANF: allow new files
|
||||||
|
#ARF: allow removed files
|
||||||
|
#
|
||||||
|
|
||||||
|
# Here are all the digests we can use
|
||||||
|
#md5: md5 checksum
|
||||||
|
#sha1: sha1 checksum
|
||||||
|
#sha256: sha256 checksum
|
||||||
|
#sha512: sha512 checksum
|
||||||
|
#rmd160: rmd160 checksum
|
||||||
|
#tiger: tiger checksum
|
||||||
|
#haval: haval checksum
|
||||||
|
#crc32: crc32 checksum
|
||||||
|
#gost: gost checksum
|
||||||
|
#whirlpool: whirlpool checksum
|
||||||
|
|
||||||
|
# These are the default rules
|
||||||
|
#R: p+i+l+n+u+g+s+m+c+md5
|
||||||
|
#L: p+i+l+n+u+g
|
||||||
|
#E: Empty group
|
||||||
|
#>: Growing logfile p+l+u+g+i+n+S
|
||||||
|
|
||||||
|
# You can create custom rules - my home made rule definition goes like this
|
||||||
|
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
||||||
|
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||||
|
# Everything but access time (Ie. all changes)
|
||||||
|
EVERYTHING = R+ALLXTRAHASHES
|
||||||
|
|
||||||
|
# Sane, with multiple hashes
|
||||||
|
# NORMAL = R+rmd160+sha256+whirlpool
|
||||||
|
NORMAL = R+rmd160+sha256
|
||||||
|
|
||||||
|
# For directories, don't bother doing hashes
|
||||||
|
DIR = p+i+n+u+g+acl+xattrs
|
||||||
|
|
||||||
|
# Access control only
|
||||||
|
PERMS = p+i+u+g+acl
|
||||||
|
|
||||||
|
# Logfile are special, in that they often change
|
||||||
|
LOG = >
|
||||||
|
|
||||||
|
# Just do md5 and sha256 hashes
|
||||||
|
LSPP = R+sha256
|
||||||
|
|
||||||
|
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||||
|
# but we want to know when the data inside them changes
|
||||||
|
DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
|
||||||
|
|
||||||
|
|
||||||
|
# Next decide what directories/files you want in the database.
|
||||||
|
|
||||||
|
/boot NORMAL
|
||||||
|
/bin NORMAL
|
||||||
|
/sbin NORMAL
|
||||||
|
/lib NORMAL
|
||||||
|
/lib64 NORMAL
|
||||||
|
/opt NORMAL
|
||||||
|
/usr NORMAL
|
||||||
|
/root NORMAL
|
||||||
|
# These are too volatile
|
||||||
|
!/usr/src
|
||||||
|
!/usr/tmp
|
||||||
|
|
||||||
|
# Check only permissions, inode, user and group for /etc, but
|
||||||
|
# cover some important files closely.
|
||||||
|
/etc PERMS
|
||||||
|
!/etc/mtab
|
||||||
|
# Ignore backup files
|
||||||
|
!/etc/.*~
|
||||||
|
/etc/exports NORMAL
|
||||||
|
/etc/fstab NORMAL
|
||||||
|
/etc/passwd NORMAL
|
||||||
|
/etc/group NORMAL
|
||||||
|
/etc/gshadow NORMAL
|
||||||
|
/etc/shadow NORMAL
|
||||||
|
/etc/security/opasswd NORMAL
|
||||||
|
|
||||||
|
/etc/hosts.allow NORMAL
|
||||||
|
/etc/hosts.deny NORMAL
|
||||||
|
|
||||||
|
/etc/sudoers NORMAL
|
||||||
|
/etc/skel NORMAL
|
||||||
|
|
||||||
|
/etc/logrotate.d NORMAL
|
||||||
|
|
||||||
|
/etc/resolv.conf DATAONLY
|
||||||
|
|
||||||
|
/etc/nscd.conf NORMAL
|
||||||
|
/etc/securetty NORMAL
|
||||||
|
|
||||||
|
# Shell/X starting files
|
||||||
|
/etc/profile NORMAL
|
||||||
|
/etc/bashrc NORMAL
|
||||||
|
/etc/bash_completion.d/ NORMAL
|
||||||
|
/etc/login.defs NORMAL
|
||||||
|
/etc/zprofile NORMAL
|
||||||
|
/etc/zshrc NORMAL
|
||||||
|
/etc/zlogin NORMAL
|
||||||
|
/etc/zlogout NORMAL
|
||||||
|
/etc/profile.d/ NORMAL
|
||||||
|
/etc/X11/ NORMAL
|
||||||
|
|
||||||
|
# Ignore logs
|
||||||
|
!/var/lib/pacman/.*
|
||||||
|
!/var/cache/.*
|
||||||
|
!/var/log/.*
|
||||||
|
!/var/run/.*
|
||||||
|
!/var/spool/.*
|
39
services/audit-framework/README.md
Normal file
39
services/audit-framework/README.md
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# Audit Framework
|
||||||
|
|
||||||
|
## Kernel
|
||||||
|
|
||||||
|
To ensure that all process which may have started before `auditd` are marked as auditable use boot time kernel param `audit=1`.
|
||||||
|
|
||||||
|
## Userspace
|
||||||
|
|
||||||
|
* Install the `audit` package, enable and start the `auditd.service`.
|
||||||
|
* The config file is `auditd.conf`.
|
||||||
|
* The rules are defined in `/etc/audit/audit.rules`.
|
||||||
|
* `auditctl` can be used to edit rules on the fly.
|
||||||
|
* `ausearch` and `aureport` are used to summarize and view data.
|
||||||
|
|
||||||
|
|
||||||
|
## Rules
|
||||||
|
|
||||||
|
* Read from `/etc/audit/auditd.rules`
|
||||||
|
|
||||||
|
* If for example `/etc/audit/rules.d/syscalls.rules` is the sort of structure being followed,
|
||||||
|
`augenrules` is used to merge all the component rules files.
|
||||||
|
* It is recommended to run first with the `--check` flag and `--load` can be used if there were no errors found.
|
||||||
|
* The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
|
||||||
|
|
||||||
|
* rulesets:
|
||||||
|
* syscalls
|
||||||
|
* format: `-a action,list -S syscall -F field=value -k keyname`
|
||||||
|
* files
|
||||||
|
* format: `-w path-to-file -p permissions -k keyname`
|
||||||
|
* ..?
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Further Reading
|
||||||
|
|
||||||
|
* `man` pages (list here)
|
||||||
|
* archwiki article
|
||||||
|
* syscalls docs
|
||||||
|
* update the format for rules
|
20
services/audit-framework/auditd/.auread-aliases
Normal file
20
services/audit-framework/auditd/.auread-aliases
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# aureport and ausearch
|
||||||
|
|
||||||
|
alias aurepwk='aureport --start this-week'
|
||||||
|
alias aurepwkv='aureport --start this-week --key --summary'
|
||||||
|
|
||||||
|
# syscall audit rule for failure to open files due to EPERM with key field access
|
||||||
|
|
||||||
|
# add to syscall.rules
|
||||||
|
# -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
|
||||||
|
|
||||||
|
# check which files have been attempted
|
||||||
|
alias aurfilist='ausearch --start this-week -k access --raw | aureport --file --summary'
|
||||||
|
|
||||||
|
# check the user accounts implicated
|
||||||
|
|
||||||
|
alias aurlusfi='ausearch --start this-week -k access --raw | aureport --user --summary'
|
||||||
|
|
||||||
|
|
0
services/audit-framework/auditd/auditd.conf
Normal file
0
services/audit-framework/auditd/auditd.conf
Normal file
0
services/audit-framework/auditd/auditd.rules
Normal file
0
services/audit-framework/auditd/auditd.rules
Normal file
3
services/audit-framework/auditd/rules.d/file.rules
Normal file
3
services/audit-framework/auditd/rules.d/file.rules
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
-w /etc/passwd -p rwxa
|
||||||
|
-w /etc/sudoers -p rwxa
|
||||||
|
-w /etc/nftables.conf -p rwxa
|
4
services/audit-framework/auditd/rules.d/syscalls.rules
Normal file
4
services/audit-framework/auditd/rules.d/syscalls.rules
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
|
||||||
|
-a entry,always -S chmod
|
||||||
|
-a entry,always -S chown
|
||||||
|
|
7
services/logwatch/logwatch.md
Normal file
7
services/logwatch/logwatch.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Logwatch
|
||||||
|
|
||||||
|
## Installation and Setup
|
||||||
|
|
||||||
|
* Install `logwatch` package.
|
||||||
|
* The `logwatch.timer` needs to be started and/or enabled
|
||||||
|
* Reference: `/usr/share/logwatch/HOWTO-Customize-LogWatch`
|
7
services/performance-monitoring/performance-stats.md
Normal file
7
services/performance-monitoring/performance-stats.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Hardware Performance Measurment
|
||||||
|
|
||||||
|
## Tools and Commands
|
||||||
|
|
||||||
|
1. `i7z`
|
||||||
|
2. `turbostat`
|
||||||
|
3. TODO: Expand
|
20
services/power-management/tools.md
Normal file
20
services/power-management/tools.md
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# Power Management Tools
|
||||||
|
|
||||||
|
## Tools and their configurations
|
||||||
|
|
||||||
|
### cpupower
|
||||||
|
|
||||||
|
* `cpupower` and the AUR `cpupower-gui` are the relevant packages.
|
||||||
|
* These are a set of userspace utilities designed to assist with CPU frequency scaling.
|
||||||
|
* the configuration is located at `/etc/default/cpupower`
|
||||||
|
* __Enable__ and _start_ the systemd service.
|
||||||
|
|
||||||
|
### Power Profile Daemons
|
||||||
|
|
||||||
|
* look into [PPD](https://wiki.archlinux.org/title/CPU_frequency_scaling#power-profiles-daemon)
|
||||||
|
* using 'performance'.
|
||||||
|
|
||||||
|
## thermald
|
||||||
|
|
||||||
|
* The `thermald` package is a Linux daemon used to prevent the overheating of Intel CPUs. This daemon monitors temperature and applies compensation using available cooling methods.
|
||||||
|
* _Start_ and __enable__ the systemd service
|
Reference in New Issue
Block a user