Skip to main content

Posts

Showing posts from February, 2023

systemd service hardening

  /usr/bin/systemd-analyze security UNIT                                 EXPOSURE PREDICATE HAPPY alsa-state.service                        9.6 UNSAFE    😨 dbus.service                              9.6 UNSAFE    😨 emergency.service                         9.5 UNSAFE    😨 [email protected]                        9.6 UNSAFE    😨 iwd.service                               6.0 MEDIUM    😐 lynis.service                             9.6 UNSAFE    😨 polkit.service                            9.6 UNSAFE    😨 rc-local.service                          9.6 UNSAFE    😨 rescue.service                            9.5 UNSAFE    😨 systemd-ask-password-console.service      9.4 UNSAFE    😨 systemd-ask-password-wall.service         9.4 UNSAFE    😨 systemd-fsckd.service                     9.5 UNSAFE    😨 systemd-initctl.service                   9.4 UNSAFE    😨 systemd-journald.service                  4.3 OK        🙂 systemd-logind.service                    2.8 OK        🙂 systemd-networkd.

setting locale without locales package debian

see available locales locale -a C C.utf8 POSIX set new locale   cat /etc/default/locale LANG=C.UTF-8 LC_ALL=C.UTF-8   all locale vars locale LANG=C.UTF-8 LANGUAGE= LC_CTYPE="C.UTF-8" LC_NUMERIC="C.UTF-8" LC_TIME="C.UTF-8" LC_COLLATE="C.UTF-8" LC_MONETARY="C.UTF-8" LC_MESSAGES="C.UTF-8" LC_PAPER="C.UTF-8" LC_NAME="C.UTF-8" LC_ADDRESS="C.UTF-8" LC_TELEPHONE="C.UTF-8" LC_MEASUREMENT="C.UTF-8" LC_IDENTIFICATION="C.UTF-8" LC_ALL=C.UTF-8   for auto config  dpkg-reconfigure locale   src: https://wiki.debian.org/Locale  

fix partition alignment for ventoy non destructive install / rename partition name

 ventoy needs 1mb free space at begining which is set when partitioning using windows or linux fdisk/sfdisk/ if error then fix is  apk add sfdisk  1. backup partition table  doas sfdisk -d /dev/sda > sda.bkp cat sda.bkp  label: gpt label-id: 6DFF8D76-C66D-9E4C-8227-04F623080190 device: /dev/sda unit: sectors first-lba: 34 last-lba: 1953525134 sector-size: 512 /dev/sda3 : start=   451397632, size=   473753600, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=021FDF9E-AB47-A64C-8530-EE4D2CD93A8B /dev/sda2 : start=   925151232, size=   139851776, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=1343503D-421C-85FB-3BCD-E854496DE7FB /dev/sda4 : start=  1065005056, size=   886421497, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=A2EDA5A4-8697-8948-8D46-5C85636E8DB4 /dev/sda1 : start=        4096, size=   451393536, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=8E65E7F2-5AB3-F148-88F7-4A4F1D410FE1   2. rename so that first sector starting is sda1 others dont matter rename whatever desire

bootable usb via android ( magisk rooted android only) / access android via usb storage

 boot iso via android folder tested on my rmx2185(realme c15 mtk edition) download magisk module  zip from  https://github.com/overzero-git/DriveDroid-fix-Magisk-module/releases/tag/PublicBeta   open magisk and install module from storage    reboot system ui or reboot  open app > grant root access > select iso folder > select  usb system as standard android >  on usb mass storage setion select android shows up in os > complete setup using next its uses test image drivedroid.img to test bootable working so skip      select desired iso and host image either read only or writeable   src links       https://play.google.com/store/apps/details?id=com.softwarebakery.drivedroid&hl=en&gl=US    https://github.com/overzero-git/DriveDroid-fix-Magisk-module   https://github.com/overzero-git/DriveDroid-fix-Magisk-module/tags      

nano mouse friendly and nano completions

 nano .nanorc  set linenumbers set indicator set zap set mouse include "~/.nano/awk.nanorc" include "~/.nano/c.nanorc" include "~/.nano/conf.nanorc" include "~/.nano/css.nanorc" include "~/.nano/cython.nanorc" include "~/.nano/dot.nanorc" include "~/.nano/dotenv.nanorc" include "~/.nano/etc-hosts.nanorc" include "~/.nano/git.nanorc" include "~/.nano/gitcommit.nanorc" include "~/.nano/html.nanorc" include "~/.nano/html.j2.nanorc" include "~/.nano/ini.nanorc" include "~/.nano/inputrc.nanorc" include "~/.nano/lua.nanorc" include "~/.nano/man.nanorc" include "~/.nano/markdown.nanorc" include "~/.nano/nanorc.nanorc" include "~/.nano/python.nanorc" include "~/.nano/sh.nanorc" include "~/.nano/vi.nanorc" include "~/.nano/sway.nanorc" wget https://raw.githubusercontent.com/scop

dmenu ntfs mounter

 cat mox #!/bin/sh case "$(printf "Apps\\nMedia\\nLibrary\\nPo"| dmenu -l 6 -i -p "Mount Ntfs:")" in Apps)   doas ntfs-3g /dev/sda1 /home/kai/mnt/aps ;; Media) doas ntfs-3g /dev/sda2 /home/kai/mnt/media;; Library) doas ntfs-3g /dev/sda3 /home/kai/mnt/lib;; esac  $USER=username  cat /etc/doas.conf permit nopass $USER as root cmd reboot cat umox #!/bin/sh set -e lsblkoutput="$(lsblk -nrpo "name,type,size,mountpoint")" mounteddrives="$(echo "$lsblkoutput" | awk '($2=="part"||$2="crypt")&&$4!~/\/boot|\/home$|SWAP/&&length($4)>1{printf "💾%s (%s)\n",$4,$3}')" allunmountable="$(echo "$mounteddroids $mounteddrives" | sed "/^$/d;s/ *$//")" test -n "$allunmountable" chosen="$(echo "$allunmountable" | dmenu -i -p "Unmount which drive?")" chosen="${chosen%% *}" test -n "$chosen" doas

void android connect

  doas xbps-install -S go-mtpfs   ╰─➤  cat /usr/lib/udev/rules.d/69-libmtp.rules # UDEV-style hotplug map for libmtp # Put this file in /etc/udev/rules.d ACTION!="add", ACTION!="bind", GOTO="libmtp_rules_end" ENV{MAJOR}!="?*", GOTO="libmtp_rules_end" SUBSYSTEM=="usb", GOTO="libmtp_usb_rules" GOTO="libmtp_rules_end" LABEL="libmtp_usb_rules" # If we have a hwdb entry for this device, act immediately! ENV{ID_MTP_DEVICE}=="1", SYMLINK+="libmtp-%k", GROUP="plugdev", GOTO="libmtp_rules_end" # Fall back to probing. # Some sensitive devices we surely don't wanna probe # Color instruments ATTR{idVendor}=="0670", GOTO="libmtp_rules_end" ATTR{idVendor}=="0765", GOTO="libmtp_rules_end" ATTR{idVendor}=="085c", GOTO="libmtp_rules_end" ATTR{idVendor}=="0971", GOTO="libmtp_rules_end" # Canon

jwm config

 cat .jwmrc <?xml version="1.0"?> <JWM>     <RootMenu onroot="3">         <Program icon="/home/kai/.config/jwm/term.svg" label="Terminal">lxterminal</Program>         <Program icon="/home/kai/opt/firefox/browser/chrome/icons/default/default32.png" label="Browser">firefox</Program>         <Restart label="Restart" icon="restart.png" />         <Exit label="Exit" confirm="true" icon="quit.png" />     </RootMenu>     <Group>         <Option>tiled</Option>         <Option>aerosnap</Option>     </Group>     <Group>         <Class>Pidgin</Class>         <Option>sticky</Option>     </Group>     <Group>         <Name>xclock</Name>         <Option>drag</Option>         <Option>notitle</Option>     </Group>   

xbps

 xbps-install -Su   xbps-install  -n dry run -S sync -A auto mode    xtools-minimal   xcheckrestart     To search available repositories for packages, use xbps-query(1) : $ xbps-query -Rs <search_pattern>    -R flag specifies that repositories should be searched. Without it, -s searches for locally-installed packages.   list the files provided by that package: $ xbps-query -f <package_name>       list package without version xbps-query -l | awk '{ print $2 }' | xargs -n1 xbps-uhelper getpkgname     xbps-alternatives Usage: xbps-alternatives [OPTIONS] MODE OPTIONS -C --config <dir> Path to confdir (xbps.d) -d --debug Debug mode shown to stderr -g --group <name> Group of alternatives to match -h --help Print usage help -r --rootdir <dir> Full path to rootdir -v --verbose Verbose messages -V --version Show XBPS version MODE -l --list [PKG] List all alternatives or from PKG -s --set PKG Set a

daemonless notification without dbus using herbe voidlinux

  pkill -SIGUSR1 herbe Dismissed notifications return exit code 2. Actions   ACTION_BUTTON (defaults to right mouse button) or the SIGUSR2 signal herbe " Notification body " && echo " This is an action "   herbe " First line " " Second line " " Third line " ... in bash  herbe $' First line \n Second line \n Third line '   herbe " $( ps axch -o cmd:15,%cpu --sort=-%cpu |   head ) "       Notifications are put in a queue and shown  using fifo rule   if stuck  pkill -SIGKILL herbe   # same as pkill -SIGTERM herbe, terminates every running herbe process $ pkill herbe $ pkill -SIGUSR1 herbe $ pkill -SIGUSR2 herbe     dummy notify send using herbe  #!/bin/sh # Shell script to redirect notify-send calls to herbe. The purpose is to ignore # options passed to notify-send. # # Option parser generated by getoptions # URL: https://github.com/ko1nksm/getoptions # LICENSE: Creative Commons Zero v1.0 Universal us

void autologin

  cp -R /etc/sv/agetty-tty1 /etc/sv/agetty-autologin-tty1   nano /etc/sv/agetty-autologin-tty1/conf GETTY_ARGS="--skip-login --nonewline --noissue --autologin kai --noclear " TERM_NAME=foot rm /var/service/agetty-tty1 ln -s /etc/sv/agetty-autologin-tty1 /var/service   nano .bashrc  # [[ -t 0 && $(tty) == /dev/tty1 && ! $DISPLAY ]] && sway #[[ -t 0 && $(tty) == /dev/tty1 && ! $DISPLAY ]] && exec sway &> /dev/null  src: https://wiki.voidlinux.org/voidlinux_en_all_2021-04/A/Automatic_Login_to_Graphical_Environment    

void ignore conf

cat /etc/xbps.d/ignore.conf   ignorepkg=linux-firmware-amd ignorepkg=linux-firmware-intel ignorepkg=linux-firmware-nvidia ignorepkg=linux-firmware-broadcom ignorepkg=linux-firmware-network ignorepkg=dbus ignorepkg=dbus-x11 ignorepkg=nvi ignorepkg=ffplay ignorepkg=dracut

ubuntu exclude path from installing like pacman noextract

 cat /etc/dpkg/dpkg.cfg.d/excludes # Drop locales except English path-exclude=/usr/share/locale/* path-include=/usr/share/locale/en/* path-include=/usr/share/locale/en_US/* path-include=/usr/share/locale/locale.alias # Drop translated manual pages except French path-exclude=/usr/share/man/* path-include=/usr/share/man/man[1-9]/* path-include=/usr/share/man/en*/*       en@quot is a variant of English message catalogs ( en ) which uses real quotation marks instead of the ugly looking asymmetric ASCII substitutes ‘ ` ’ and ‘ ' ’. en@boldquot is a variant of en@quot that additionally outputs quoted pieces of text in a bold font, when used in a terminal emulator which supports the VT100 escape sequences (such as xterm or the Linux console, but not Emacs in M-x shell mode). These extra message catalogs ‘ en@quot ’ and ‘ en@boldquot ’ are constructed automatically, not by translators;   ls /usr/share/locale/ path-include=/usr/share/locale/en@quot/* path-include=/usr/share/locale/e

ubuntu ignore package

 This prevents from installing from apt, package not fount will be shown can't install  metapackage  like ubuntu-minimal  ubuntu-minimal : Depends: ubuntu-advantage-tools but it is not installable     cat /etc/apt/preferences.d/ignored-packages Package: grub-common grub2-common grub-pc grub-pc-bin grub-gfxpayload-lists Pin: release * Pin-Priority: -1 Package: snapd cloud-init landscape-common popularity-contest ubuntu-advantage-tools Pin: release * Pin-Priority: -1       

ubuntu drivers install

if you know vendir you can directly install  sudo apt install oem-somerville-beric-icl-meta http://dell.archive.canonical.com/dists/focal-somerville-beric-icl/public/binary-i386/Packages   sudo apt install ubuntu-drivers-common sudo ubuntu-drivers list oem-somerville-beric-icl-meta oem-release oem-somerville-meta sudo ubuntu-drivers  list-oem sudo ubuntu-drivers devices == /sys/devices/pci0000:00/0000:00:1f.4 == modalias : pci:v00008086d000034A3sv00001028sd00000A2Bbc0Csc05i00 vendor   : Intel Corporation model    : Ice Lake-LP SMBus Controller driver   : oem-somerville-beric-icl-meta - third-party free == /sys/devices/virtual/dmi/id == modalias : dmi:bvnDellInc.:bvr1.19.0:bd09/06/2022:br1.19:svnDellInc.:pnInspiron3501:pvr:rvnDellInc.:rn0TW31C:rvrA00:cvnDellInc.:ct10:cvr:sku0A2B: driver   : oem-release - third-party free driver   : oem-somerville-meta - third-party free sudo ubuntu-drivers install sudo apt update 

tlp fix ubuntu 20.04 lts

 sudo apt-get install libtie-dxhash-perl sudo systemctl enable tlp  sudo systemctl start  tlp    start tlp directly   sudo tlp start  Manual mode  sudo tlp bat sudo tlp ac   Hint: manual mode means that changes to the power source will be ignored until the next reboot or tlp start is issued to resume automatic mode.       USB Autosuspend Apply autosuspend mode for all attached USB devices except those excluded by default or via configuration:   sudo tlp usb   view all tlp statustucs sudo tlp - stat      View battery data sudo tlp - stat - b   sudo tlp - stat - b -v sudo tlp - stat -- battery     View active configuration tlp - stat - c tlp - stat -- config   tlp - stat -- cdiff   View disk device information sudo tlp - stat - d sudo tlp - stat -- disk     View PCIe device information sudo tlp - stat - e sudo tlp - stat -- pcie       View graphics card information sudo tlp - stat - g sudo tlp - stat -- graphics     View processor information s

gio get mimetype

 doas apk add glig2 dependency of sway,wofi,firefox,zathura-pdf-mupdf,foot ,mpv and ffmpeg  ~ $ gio info chroo.sh display name: chroo.sh display name: chroo.sh name: chroo.sh type: regular size:  206 uri: file:///home/kai/chroo.sh local path: /home/kai/chroo.sh unix mount: /dev/nvme0n1p2 / ext4 rw,noatime attributes:   standard::type: 1   standard::name: chroo.sh   standard::display-name: chroo.sh   standard::edit-name: chroo.sh   standard::copy-name: chroo.sh   standard::icon: application-x-shellscript, text-x-script, application-x-shellscript-symbolic, text-x-script-symbolic   standard::content-type: application/x-shellscript   standard::fast-content-type: application/x-shellscript   standard::size: 206   standard::allocated-size: 4096   standard::symbolic-icon: application-x-shellscript-symbolic, text-x-script-symbolic, application-x-shellscript, text-x-script   etag::value: 1675672588:52203:52203343   id::file: l66306:914920   id::filesystem: l66306   access::can-read: TRUE   acces

mi/poco google frp reset

 on wifi selection  choose  option manually input  ssid and input www.youtube.com select it and click on app link icon it opens youtube  goto about> terms of service/privacy pol > it opens chrome browser    input url  https://vnrom.net/bypass/ intent://com.android.settings/#Intent;scheme=android-app;end  click on settings icon  got ot apps > and stop setup wizard> disable google play service > enable accesibility and accesibility menu >  continue setup from beginging  open google assistant form accesibiility when it get stuck repeatively  after clicking it many times it gives option to enable google play service  enable it and you can login sucessfully   

musl gentoo (experimental)

get stage 3  browse and find latest  https://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64-musl/ mkfs.ext4 /dev/nvme0n1p2 mount  /dev/nvme0n1p2 /mnt cd /mnt  https://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64-musl/stage3-amd64-musl-hardened-20230205T170201Z.tar.xz tar xpvf current-*.tar.xz --xattrs-include='*.*' --numeric-owner     ls  doas rm stage3-amd64-musl-hardened-20230205T170201Z.* 1 cp --dereference /etc/resolv.conf /mnt/etc/ mkdir --parents /mnt/etc/portage/repos.conf cp /mnt/usr/share/portage/config/repos.conf /mnt/etc/portage/repos.conf/gentoo.conf cat /mnt/etc/portage/repos.conf/gentoo.conf nano -w /etc/portage/make.conf MAKEOPTS="-j4"   USE="wayland -dbus -elogind   -gnome  -kde -X  -consolekit -polkit -introspection -pulseaudio -llvm" ACCEPT_LICENSE="-* @FREE @BINARY-REDISTRIBUTABLE" VIDEO_CARDS="intel " LINGUAS="en" L10N="en-US" INPUT_DEVICES="libinp