From 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf Mon Sep 17 00:00:00 2001 From: doc Date: Mon, 30 Jun 2025 20:06:28 +0000 Subject: uploading documentation --- cheatsheets/rclone_cheat_sheet.md | 133 +++++++++++++++++++ cheatsheets/server_hardening_disaster_recovery.md | 87 ++++++++++++ cheatsheets/zfs_cheat_sheet.md | 153 ++++++++++++++++++++++ 3 files changed, 373 insertions(+) create mode 100644 cheatsheets/rclone_cheat_sheet.md create mode 100644 cheatsheets/server_hardening_disaster_recovery.md create mode 100644 cheatsheets/zfs_cheat_sheet.md (limited to 'cheatsheets') diff --git a/cheatsheets/rclone_cheat_sheet.md b/cheatsheets/rclone_cheat_sheet.md new file mode 100644 index 0000000..4637fcd --- /dev/null +++ b/cheatsheets/rclone_cheat_sheet.md @@ -0,0 +1,133 @@ +# ๐Ÿ“˜ Rclone Command Cheat Sheet + +## โš™๏ธ Configuration + +### Launch Configuration Wizard +```bash +rclone config +``` + +### Show Current Config +```bash +rclone config show +``` + +### List Remotes +```bash +rclone listremotes +``` + +## ๐Ÿ“ Basic File Operations + +### Copy Files +```bash +rclone copy source:path dest:path +``` + +### Sync Files +```bash +rclone sync source:path dest:path +``` + +### Move Files +```bash +rclone move source:path dest:path +``` + +### Delete Files or Dirs +```bash +rclone delete remote:path +rclone purge remote:path # Delete entire path +``` + +### Check Differences +```bash +rclone check source:path dest:path +``` + +## ๐Ÿ” Listing and Info + +### List Directory +```bash +rclone ls remote:path +rclone lsd remote:path # List only directories +rclone lsl remote:path # Long list with size and modification time +``` + +### Tree View +```bash +rclone tree remote:path +``` + +### File Size and Count +```bash +rclone size remote:path +``` + +## ๐Ÿ“ฆ Mounting + +### Mount Remote (Linux/macOS) +```bash +rclone mount remote:path /mnt/mountpoint +``` + +### Mount with Aggressive Caching (Windows) +```bash +rclone mount remote:path X: \ + --vfs-cache-mode full \ + --cache-dir C:\path\to\cache \ + --vfs-cache-max-size 100G \ + --vfs-read-chunk-size 512M \ + --vfs-read-ahead 1G +``` + +## ๐Ÿ” Sync with Filtering + +### Include / Exclude Files +```bash +rclone sync source:path dest:path --exclude "*.tmp" +rclone sync source:path dest:path --include "*.jpg" +``` + +## ๐Ÿ“„ Logging and Dry Runs + +### Verbose and Dry Run +```bash +rclone sync source:path dest:path -v --dry-run +``` + +### Log to File +```bash +rclone sync source:path dest:path --log-file=rclone.log -v +``` + +## ๐Ÿ“ก Remote Control (RC) + +### Start RC Server +```bash +rclone rcd --rc-web-gui +``` + +### Use RC Command +```bash +rclone rc core/stats +rclone rc vfs/stats +``` + +## ๐Ÿ› ๏ธ Miscellaneous + +### Serve Over HTTP/WebDAV/SFTP +```bash +rclone serve http remote:path +rclone serve webdav remote:path +rclone serve sftp remote:path +``` + +### Crypt Operations +```bash +rclone config create secure crypt remote:path +``` + +--- + +> โœ… **Tip**: Always use `--dry-run` when testing `sync`, `move`, or `delete` to prevent accidental data loss. diff --git a/cheatsheets/server_hardening_disaster_recovery.md b/cheatsheets/server_hardening_disaster_recovery.md new file mode 100644 index 0000000..fd23c40 --- /dev/null +++ b/cheatsheets/server_hardening_disaster_recovery.md @@ -0,0 +1,87 @@ +# ๐Ÿ›ก๏ธ Server Hardening & Disaster Recovery Cheat Sheet + +## ๐Ÿ” Server Hardening Checklist + +### ๐Ÿ”’ OS & User Security +- โœ… Use **key-based SSH authentication** (`~/.ssh/authorized_keys`) +- โœ… Disable root login: + ```bash + sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config + sudo systemctl restart sshd + ``` +- โœ… Change default SSH port and rate-limit with Fail2Ban or UFW +- โœ… Set strong password policies: + ```bash + sudo apt install libpam-pwquality + sudo nano /etc/security/pwquality.conf + ``` +- โœ… Lock down `/etc/sudoers`, remove unnecessary sudo privileges + +### ๐Ÿ”ง Kernel & System Hardening +- โœ… Install and configure `ufw` or `iptables`: + ```bash + sudo ufw default deny incoming + sudo ufw allow ssh + sudo ufw enable + ``` +- โœ… Disable unused filesystems: + ```bash + echo "install cramfs /bin/true" >> /etc/modprobe.d/disable-filesystems.conf + ``` +- โœ… Set kernel parameters: + ```bash + sudo nano /etc/sysctl.d/99-sysctl.conf + # Example: net.ipv4.ip_forward = 0 + sudo sysctl -p + ``` + +### ๐Ÿงพ Logging & Monitoring +- โœ… Enable and configure `auditd`: + ```bash + sudo apt install auditd audispd-plugins + sudo systemctl enable auditd + ``` +- โœ… Centralize logs using `rsyslog`, `logrotate`, or Fluentbit +- โœ… Use `fail2ban`, `CrowdSec`, or `Wazuh` for intrusion detection + +## ๐Ÿ’พ Disaster Recovery Checklist + +### ๐Ÿ“ฆ Backups +- โœ… Automate **daily database dumps** (e.g., `pg_dump`, `mysqldump`) +- โœ… Use **ZFS snapshots** for versioned backups +- โœ… Sync offsite via `rclone`, `rsync`, or cloud storage +- โœ… Encrypt backups using `gpg` or `age` + +### ๐Ÿ” Testing & Recovery +- โœ… **Verify backup integrity** regularly: + ```bash + gpg --verify backup.sql.gpg + pg_restore --list backup.dump + ``` +- โœ… Practice **bare-metal restores** in a test environment +- โœ… Use **PITR** (Point-In-Time Recovery) for PostgreSQL + +### ๐Ÿ›‘ Emergency Scripts +- โœ… Create service restart scripts: + ```bash + systemctl restart mastodon + docker restart azuracast + ``` +- โœ… Pre-stage `rescue.sh` to rebuild key systems +- โœ… Include Mastodon/Gitea/etc. reconfig tools + +### ๐Ÿ—‚๏ธ Documentation +- โœ… Maintain a **runbook** with: + - Service recovery steps + - IPs, ports, login methods + - Admin contacts and escalation + +### ๐Ÿงช Chaos Testing +- โœ… Simulate failure of: + - A disk or volume (use `zpool offline`) + - A network link (`iptables -A OUTPUT ...`) + - A database node (use Patroni/pg_auto_failover tools) + +--- + +> โœ… **Pro Tip**: Integrate all hardening and backup tasks into your Ansible playbooks for consistency and redeployability. diff --git a/cheatsheets/zfs_cheat_sheet.md b/cheatsheets/zfs_cheat_sheet.md new file mode 100644 index 0000000..760aeb1 --- /dev/null +++ b/cheatsheets/zfs_cheat_sheet.md @@ -0,0 +1,153 @@ +# ๐Ÿ“˜ ZFS Command Cheat Sheet + +## ๐Ÿ› ๏ธ Pool Management + +### Create a Pool +```bash +zpool create +zpool create mirror +zpool create raidz1 ... +``` + +### List Pools +```bash +zpool list +``` + +### Destroy a Pool +```bash +zpool destroy +``` + +### Add Devices to a Pool +```bash +zpool add +``` + +### Export / Import Pool +```bash +zpool export +zpool import +zpool import -d /dev/disk/by-id +``` + +## ๐Ÿ” Pool Status and Health + +### Check Pool Status +```bash +zpool status +zpool status -v +``` + +### Scrub a Pool +```bash +zpool scrub +``` + +### Clear Errors +```bash +zpool clear +``` + +## ๐Ÿงฑ Dataset Management + +### Create a Dataset +```bash +zfs create / +``` + +### List Datasets +```bash +zfs list +zfs list -t all +``` + +### Destroy a Dataset +```bash +zfs destroy / +``` + +## ๐Ÿ“ฆ Mounting and Properties + +### Set Mount Point +```bash +zfs set mountpoint=/your/path / +``` + +### Mount / Unmount +```bash +zfs mount +zfs unmount +``` + +### Auto Mount +```bash +zfs set canmount=on|off|noauto +``` + +## ๐Ÿ“ Snapshots & Clones + +### Create a Snapshot +```bash +zfs snapshot /@ +``` + +### List Snapshots +```bash +zfs list -t snapshot +``` + +### Roll Back to Snapshot +```bash +zfs rollback /@ +``` + +### Destroy a Snapshot +```bash +zfs destroy /@ +``` + +### Clone a Snapshot +```bash +zfs clone /@ / +``` + +## ๐Ÿ” Sending & Receiving + +### Send Snapshot to File or Pipe +```bash +zfs send > file +zfs send -R | zfs receive / +``` + +### Receive Snapshot +```bash +zfs receive / +``` + +## ๐Ÿงฎ Useful Info & Tuning + +### Check Available Space +```bash +zfs list +``` + +### Set Quota or Reservation +```bash +zfs set quota=10G +zfs set reservation=5G +``` + +### Enable Compression +```bash +zfs set compression=lz4 +``` + +### Enable Deduplication (use cautiously) +```bash +zfs set dedup=on +``` + +--- + +> โœ… **Tip**: Always test ZFS commands in a safe environment before using them on production systems! -- cgit v1.2.3