Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notification à la perte de l'alimentation - Enable power failure notification
Voir :
~/bin/powerlost-notify.sh
#! /bin/bash export DISPLAY=:0 USER_TMP=jean PID_TMP=$(pgrep -o -u $USER_TMP lxqt-session) OPTS="env $(xargs --null --max-args=1 echo < /proc/${PID_TMP}/environ |grep ^DBUS_SESSION_BUS_ADDRESS=)" acpi -a |grep -q off-line && \ sudo -u $USER_TMP $OPTS notify-send -i /usr/share/icons/oxygen/base/48x48/status/battery-charging-caution.png -u critical "Power Lost" ""
crontab -e
# m h dom mon dow command * * * * * $HOME/bin/powerlost-notify.sh
Client XMPP / Jabber
gajim-bosh
Gajim Sur ubuntu https://trac-plugins.gajim.org/wiki/UbuntuIntegrationPlugin Systray Systray au démarrage https://trac.gajim.org/ticket/875
Open “advanced preferences” and change the value of 'show_roster_on_startup' to False Config BOSH (XMPP over HTTPS)
Exemple de config Bosh. Capture d'écran
XMPP over HTTPS (BOSH)
Outils - Certificates - Ajouter
Fingerprint (SHA1): eb:1e:46:38:89:2a:4f:52:e8:ef:e4:9c:7a:f9:e3:e9:02:a7:34:17
Compte :
Nom : toto Domaine : acme.fr Mot de passe : P@ssword
Avancé : Néc
Port de connexion : 443 URL BOSH : https://acme.fr/http-bind/
Notes Zabbix
Quel template correspond au templateid ?
Zabbix agent
Ping
zabbix_get -s 192.168.11.23 -k agent.ping
Notes Yubikey MFA U2F FIDO
Voir :
- 2FA MFA U2F WebAuthn
Faille :
FIDO2 :
# dmesg [ 4283.840605] usb 4-2: new full-speed USB device number 10 using ohci-pci [ 4284.041632] usb 4-2: New USB device found, idVendor=1050, idProduct=0120, bcdDevice= 5.27 [ 4284.041647] usb 4-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 4284.041653] usb 4-2: Product: Security Key by Yubico [ 4284.041657] usb 4-2: Manufacturer: Yubico [ 4284.048451] hid-generic 0003:1050:0120.0009: hiddev0,hidraw0: USB HID v1.10 Device [Yubico Security Key by Yubico] on usb-0000:00:12.0-2/input0
$ lsusb |grep -i yubi Bus 003 Device 007: ID 1050:0120 Yubico.com Yubikey Touch U2F Security Key $ ykman mode Current connection mode is: FIDO Supported USB interfaces are: FIDO
sudo apt-get install yubikey-manager
$ ykman list Security Key by Yubico [FIDO] $ ykman info Device type: Security Key NFC Serial number: Not set or unreadable Firmware version: 5.2.7 Form factor: Keychain (USB-A) Enabled USB interfaces: FIDO NFC interface is enabled. Applications USB NFC OTP Not available Not available FIDO U2F Enabled Enabled OpenPGP Not available Not available PIV Not available Not available OATH Not available Not available FIDO2 Enabled Enabled
Configure le PIN
ykman fido set-pin
Reset PIN
ykman fido set-pin
Désactiver le NFS
ykman config nfc --disable-all
Pour vérifier
ykman info
ykman otp settings --no-enter 1
Pb
Ne fonctionne pas chez moi
Debian 10 avec la clef Yubikey Touch U2F Security Key
$ sudo apt-get install yubikey-personalization $ ykinfo -a Yubikey core error: no yubikey present
Ainsi que le paquet apt-get install yubikey-personalization-gui
Config
Nécessaire ?
Using Your U2F YubiKey with Linux Source : https://support.yubico.com/hc/en-us/articles/360013708900-Using-Your-U2F-YubiKey-with-Linux
curl https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules |sudo tee /etc/udev/rules.d/70-u2f.rules
Debian - Config PAM
Source https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
sudo apt-get install pamu2fcfg
$ pamu2fcfg Enter PIN for /dev/hidraw0: error: fido_dev_make_cred (58) FIDO_ERR_ACTION_TIMEOUT
L'erreur FIDO_ERR_ACTION_TIMEOUT est due au fait que je n'avais pas appuyé rapidement sur le bouton de la clef.
Avec la 1ere clef
pamu2fcfg > ~/.config/Yubico/u2f_keys
Nous déconnectons la clef, puis nous insérons notre 2eme clef. C'est une clef de secoure.
pamu2fcfg -n >> ~/.config/Yubico/u2f_keys
sudo apt-get install libpam-u2f
La config de PAM consiste à ajouter la ligne ci-dessous à @include common-auth :
auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log
Protection Sudo
- /etc/pam.d/sudo
#%PAM-1.0 @include common-auth # For YubiKey add line : auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log @include common-account @include common-session-noninteractive
- /etc/pam.d/sudo-i
#%PAM-1.0 # Set up user limits from /etc/security/limits.conf. session required pam_limits.so @include common-auth # For YubiKey add line : auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log @include common-account @include common-session
Protection accès interface graphique
- /etc/pam.d/gdm-password
@include common-auth # For YubiKey add line : auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log
- /etc/pam.d/sddm
#%PAM-1.0 # Block login if they are globally disabled auth requisite pam_nologin.so auth required pam_succeed_if.so user != root quiet_success # auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth # For YubiKey add line : auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log # gnome_keyring breaks QProcess -auth optional pam_gnome_keyring.so -auth optional pam_kwallet5.so @include common-account # SELinux needs to be the first session rule. This ensures that any # lingering context has been cleared. Without this it is possible that a # module could execute code in the wrong domain. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close # Create a new session keyring. session optional pam_keyinit.so force revoke session required pam_limits.so session required pam_loginuid.so @include common-session # SELinux needs to intervene at login time to ensure that the process starts # in the proper default security context. Only sessions which are intended # to run in the user's context should be run after this. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet5.so auto_start @include common-password # From the pam_env man page # Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. # Load environment from /etc/environment session required pam_env.so # Load environment from /etc/default/locale and ~/.pam_environment session required pam_env.so envfile=/etc/default/locale user_readenv=1
Protection accès TTY
- /etc/pam.d/login
@include common-auth # For YubiKey add line : auth required pam_u2f.so # debug debug_file=/var/log/pam_u2f.log
Autres
sudo apt-get install libccid pcscd
sudo systemctl status pcscd
Notes YubiKey Keepass HMAC-SHA1 challenge
Pas compatible avec les Yubikey Touch U2F Security Key
Voir https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass
Test
Source : https://developers.yubico.com/yubikey-personalization/Manuals/ykchalresp.1.html
The YubiKey challenge-response operation can be demonstrated using the NIST PUB 198 A.2 test vector.
First, program a YubiKey with the test vector :
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a303132333435363738393a3b3c3d3e3f40414243 ... Commit? (y/n) [n]: y $
Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :
ykchalresp -2 'Sample #2' 0922d3405faa3d194f82a45830737d5cc6c75d24
Action
sudo apt-get install keepassxc
ouid=$(dd if=/dev/urandom 2>/dev/null | tr -d '[:upper:]' | tr -cd '[:xdigit:]' | fold -w40 | head -1) ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a${ouid} # Même chose avec la clef de secoure ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a${ouid}