blog
Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes vie privée
https://ssd.eff.org/en/module/attending-protest https://github.com/frombeirutwithlove/ProtestTips/blob/master/organizing.md#law-enforcement--data-collection
Anonymiser
Voir mat
Surveillance Ville
Guide
Fichage / GAFA / Bigdata
- https://fr.wikipedia.org/wiki/Exploitation_documentaire_et_valorisation_de_l'information_g%C3%A9n%C3%A9rale
Logiciel anonymat
Tuto EFF
Recommendations:
- Use different browsers for different use cases. More private browsers like DuckDuckGo, Brave, and Firefox are better for more sensitive activities. Keeping separate browsers can protect against accidental data spillover from one aspect of your life into another.
- Use a secondary email address and/or phone number to register sensitive accounts or give to contacts with whom you don’t want to associate too closely. Google Voice is a free secondary phone number. Protonmail and Tutanota are free email services that offer many privacy protections that more common providers like Gmail do not, such as end-to-end encryption when emailing others also on Protonmail and Tutanota, and fewer embedded tracking mechanisms on the service itself.
- Use a VPN when you need to dissociate your internet connection from what you’re doing online. Be wary of VPN products that sell themselves as cure-all solutions.
- If you're going to/from a location that's more likely to have increased surveillance, or if you're particularly worried about who might know you're there, turning off your devices or their location services can help keep your location private.
Safe Browsing
- Install privacy-preserving browser extensions on any browsers you use. Privacy Badger, uBlock Origin, and DuckDuckGo are great options.
- Use a privacy-focused search engine, like DuckDuckGo.
- Carefully look at the privacy settings on each app and account you use. Turn off location services on phone apps that don’t need them. Raise the bar on privacy settings for most, if not all, your online accounts.
- Disable the ad identifier on mobile devices. Ad IDs are specifically designed to facilitate third-party tracking, and disabling them makes it harder to profile you. Instructions for Android devices and iOS devices are here.
- Choose a browser that’s more private by design. DuckDuckGo on mobile and Firefox (with privacy settings turned up) on the desktop are both good options.
Numéro portable / SIM
Louer des numéros temporaires anonymement.
- OnOff (pas libre et contient des trackers)
Notes vidéo - logiciels édition
éditeurs de vidéo non linéaires :
- blender
- cinelerra
- flowblade
- kdenlive
- lightworks
- olive video editor
- openshot
- pitivi
- shotcut
Notes Varnish
Varnish
Voir :
apt-get install varnish varnish-doc
/etc/systemd/system/varnish.service.d/plop.conf
# To add or override specific settings for the Varnish service, place a copy of # this file in /etc/systemd/system/varnish.service.d/ with a ".conf" suffix, # and edit to taste. See man:systemd.directives for what you can change. # # To activate, run: # * "systemctl daemon-reload" # * "systemctl restart varnish" # Add a documentation link to my own system documentation [Unit] Documentation=https://doc.example.com/client_a/varnish_service [Service] # Clear existing ExecStart= (required) ExecStart= # Set a new ExecStart= ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:8080 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,16g
/etc/varnish/default.vcl
# # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; # Default backend definition. Set this to point to your content server. backend default { .host = "127.0.0.1"; .port = "8080"; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. } sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. }
VCL configuration Varnish will automatically append to your VCL file during compilation/loading :
/usr/share/doc/varnish/examples/builtin.vcl.gz
Deux services :
- varnish
- varnishncsa (Display Varnish logs in Apache / NCSA combined log format)
mkdir /lib/systemd/system/varnish.service.d #cp -p /lib/systemd/system/varnish.service /lib/systemd/system/varnish.service.d/plop.conf cp -p /usr/share/doc/varnish/examples/systemd/varnish.commandline.conf /lib/systemd/system/varnish.service.d/plop.conf vim !$
Varnish admin CLI
#varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
Reload Varnish
Reload Varnish VCL without losing cache data
/usr/local/bin/varnish_reload.sh
#!/bin/bash TIME=$(date +%s) varnishadm vcl.load r_$TIME /etc/varnish/default.vcl varnishadm vcl.use r_$TIME
/lib/systemd/system/varnish.service.d/reload.conf
[Service] ExecReload=/usr/local/bin/varnish_reload.sh
chmod +x /usr/local/bin/varnish_reload.sh systemctl daemon-reload # Now you can reload with : #systemctl reload varnish
VCL
Voir :
VCL
Actions coté client et backend :
- fail (Transition vers
vcl_synth)
Actions coté client :
- synth (synthérique, Transition vers
vcl_synth - pass (OK, ne pas utiliser le cache, eveltuelle transition vers
vcl_pass) - pipe (bypass Varnish, Transition vers
vcl_pipe) - restart
Actions coté backend :
- abandon (Unless the backend request was a background fetchTransition vers
vcl_synth)
Les Built-in subroutines coté client :
- vcl_recv (point d'entrée)
- vcl_pipe (bypass)
- etc…
Debug
varnishd -d -f /etc/varnish/default.vcl
Pour avoir la command de lancement du daemon avec les arguments :
systemctl status varnish
On enlève le -F et on le remplace par un -d
#sudo /usr/sbin/varnishd -j unix,user=vcache -d -F -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m sudo /usr/sbin/varnishd -j unix,user=vcache -d -d -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
Tapez start pour lancer le service
Vérifier la syntax du fichier VCL
varnishd -Cf /etc/varnish/default.vcl
Changer les headers
sub vcl_deliver { unset resp.http.Via; #unset resp.http.X-Powered-By; unset resp.http.X-Varnish; #unset resp.http.Age; unset resp.http.Server; }
Purge du cache
curl -X PURGE -H "host: www.example.com" "www.example.com/foo" # HTTPie http PURGE "www.example.com/foo"
Bloquer (BAN)
varnishadm ban req.http.host == example.com '&&' req.url '~' '\\.png$
Autres
Architecture :
varnishlog -g raw varnishstat -l varnishstat -1 -n varnish_instancename sudo varnishlog -n varnish_instancename -q 'ReqHeader ~ "Host: plop.fr"'
purge :
sub vcl_recv { # Add a unique header containing the client address remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; # [...] }
Notes vagrant
Install du module pour KVM/Libvirt
Voir https://github.com/vagrant-libvirt/vagrant-libvirt
sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev vagrant plugin install vagrant-libvirt
Test avec CentOS7
vagrant init centos/7 # Semble être ignoré. ''--provider=libvirt'' Nécessaire #export VAGRANT_DEFAULT_PROVIDER=libvirt export LIBVIRT_DEFAULT_URI="qemu:///system" vagrant up --provider=libvirt
Pb
vagrant up --provider=libvirt
Bringing machine 'default' up with 'libvirt' provider...
/home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:32:in `info': Call to virStorageVolGetInfo failed: Storage volume not found: no storage vol with matching path '/tmp/systemd-private-04e45e030a974efa97ce503d7fb920ce-cups.service-AQNzoq' (Libvirt::RetrieveError)
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:32:in `volume_to_attributes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:10:in `block (2 levels) in list_volumes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:9:in `each'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:9:in `block in list_volumes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:44:in `block in raw_volumes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:42:in `each'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:42:in `raw_volumes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/requests/compute/list_volumes.rb:8:in `list_volumes'
from /home/jean/.vagrant.d/gems/gems/fog-libvirt-0.0.3/lib/fog/libvirt/models/compute/volumes.rb:11:in `all'
from /home/jean/.vagrant.d/gems/gems/vagrant-libvirt-0.0.33/lib/vagrant-libvirt/action/handle_box_image.rb:63:in `block in call'
from /home/jean/.vagrant.d/gems/gems/vagrant-libvirt-0.0.33/lib/vagrant-libvirt/action/handle_box_image.rb:60:in `synchronize'
from /home/jean/.vagrant.d/gems/gems/vagrant-libvirt-0.0.33/lib/vagrant-libvirt/action/handle_box_image.rb:60:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/builtin/handle_box.rb:56:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /home/jean/.vagrant.d/gems/gems/vagrant-libvirt-0.0.33/lib/vagrant-libvirt/action/handle_storage_pool.rb:50:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /home/jean/.vagrant.d/gems/gems/vagrant-libvirt-0.0.33/lib/vagrant-libvirt/action/set_name_of_domain.rb:35:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:95:in `block in finalize_action'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/builder.rb:116:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/runner.rb:66:in `block in run'
from /usr/lib/ruby/vendor_ruby/vagrant/util/busy.rb:19:in `busy'
from /usr/lib/ruby/vendor_ruby/vagrant/action/runner.rb:66:in `run'
from /usr/lib/ruby/vendor_ruby/vagrant/action/builtin/call.rb:53:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/builtin/config_validate.rb:25:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/warden.rb:34:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/builder.rb:116:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/action/runner.rb:66:in `block in run'
from /usr/lib/ruby/vendor_ruby/vagrant/util/busy.rb:19:in `busy'
from /usr/lib/ruby/vendor_ruby/vagrant/action/runner.rb:66:in `run'
from /usr/lib/ruby/vendor_ruby/vagrant/machine.rb:196:in `action_raw'
from /usr/lib/ruby/vendor_ruby/vagrant/machine.rb:173:in `block in action'
from /usr/lib/ruby/vendor_ruby/vagrant/environment.rb:440:in `lock'
from /usr/lib/ruby/vendor_ruby/vagrant/machine.rb:161:in `call'
from /usr/lib/ruby/vendor_ruby/vagrant/machine.rb:161:in `action'
from /usr/lib/ruby/vendor_ruby/vagrant/batch_action.rb:82:in `block (2 levels) in run'
Solution
https://kushaldas.in/posts/storage-volume-error-in-libvirt-with-vagrant.html
virsh pool-list
Name State Autostart ------------------------------------------- default active yes presseed active yes tmp active yes
virsh pool-refresh tmp virsh pool-refresh default
Connexion à la machine
vagrant ssh-config >> ~/.ssh/config
Notes userhelper - usermode
userhelper - usermode
Voir :
- consolehelper
Voir aussi :
usermode contains the userhelper program, which can be used to allow configured programs to be run with superuser privileges by ordinary users, and several graphical tools for users:
- userinfo allows users to change their finger information.
- usermount lets users mount, unmount, and format filesystems.
- userpasswd allows users to change their passwords.
sudo /usr/sbin/userhelper -t -w subscription-manager identity
/etc/security/console.apps/config-util
USER=root UGROUPS=wheel
/etc/security/console.apps/subscription-manager
USER=root PROGRAM=/usr/sbin/subscription-manager SESSION=true
# ls -l /usr/bin/subscription-manager lrwxrwxrwx. 1 root root 22 Feb 23 07:16 /usr/bin/subscription-manager -> /usr/bin/consolehelper # grep '^PROGRAM=' /etc/security/console.apps/subscription-manager PROGRAM=/usr/sbin/subscription-manager
Test
/etc/pam.d/sleep
#%PAM-1.0 auth include config-util account include config-util session include config-util
ou
/etc/pam.d/sleep
#%PAM-1.0 auth sufficient pam_rootok.so auth required pam_warn.so auth required pam_deny.so auth include system-auth account include system-auth password include system-auth session include system-auth
/etc/security/console.apps/sleep
USER=root #UGROUPS=wheel PROGRAM=/usr/bin/sleep SESSION=true #KEEP_ENV_VARS=http_proxy,ftp_proxy #FALLBACK=yes
/usr/sbin/userhelper -t -w sleep 1
blog.txt · Dernière modification : de 127.0.0.1