blog
Table des matières
- 2026:
- 2025:
8 billet(s) pour mars 2026
| Notes conteneurs oras artifact OCI | 2026/03/23 21:13 | Jean-Baptiste |
| Notes podman secret | 2026/03/23 15:10 | Jean-Baptiste |
| Notes ansible podman | 2026/03/23 14:08 | Jean-Baptiste |
| Notes podman volume | 2026/03/23 14:00 | Jean-Baptiste |
| Find list - Trouver des fichiers à partir d'une liste | 2026/03/18 14:32 | Jean-Baptiste |
| AWX inventaire vault | 2026/03/17 18:04 | Jean-Baptiste |
| AWX - Configuration git en local (sans serveur web) | 2026/03/05 16:24 | Jean-Baptiste |
| OpenSMTP | 2026/03/03 16:58 | Jean-Baptiste |
Notes diff
Voir :
- tardiff / pkgdiff
- patch
- kdiff3 / kdiff3-qt
- git diff / git difftool
Liste outils de diffing :
- opendiff
- kdiff3
- tkdiff
- xxdiff
- meld
- kompare
- gvimdiff
- diffuse
- diffmerge
- ecmerge
- p4merge
- araxis
- bc3
- codecompare
- emerge
- vimdiff
- imediff
Et aussi
- diff
- sdiff
- jsondiff
git difftool --tool-help
diff
-w, --ignore-all-space
Ne tenir compte d'aucun espace.
-B, --ignore-blank-lines
Ne pas tenir compte des lignes vides.
diff -w -B /etc/hosts.bak /etc/hosts diff -y --width=160 fic1 fic2
Notes vimdiff
Installation
apt-get update && apt-get install vim
Syntaxe
vimdiff fichier1.txt fichier2.txt
: Exemple avec Git, liens kdiff3
do - Get changes from other window into the current window.
dp - Put the changes from current window into the other window.
]c - Jump to the next change.
[c - Jump to the previous change.
Ctrl W + Ctrl W - Changer de fenêtre
Ctrl w + [Flèche droite] Aller dans la fenêtre de droite
Ctrl w + [Flèche gauche] Aller dans la fenêtre de gauche
Hexa
Voir aussi :
- hexadiff
colordiff -y <(xxd debian-10.3.0-amd64-netinst.iso |head -10000) <(xxd debian-10.3.0-amd64-netinst-uefi.iso |head -10000) |more
Notes vim
Voir
- vim-addon-manager
Modeline magic
# vim: ai:ts=4:sw=4 # vim: enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=xdefaults: # vim: set ai et sts=2 sw=2 tw=80: # vim: syntax=apache ts=4 sw=4 sts=4 sr noet # YAML # .. vim: foldmarker=[[[,]]]:foldmethod=marker
vimrc
set modeline set modelines=5
vimrc
vimrc
filetype plugin indent on " show existing tab with 4 spaces width set tabstop=4 " when indenting with '>', use 4 spaces width set shiftwidth=4 " On pressing tab, insert 4 spaces set expandtab
Autres
Debian est installé par défaut avec un vim allégé, le apt:vim-tiny
Pour install le vrai apt:vim
apt-get update && apt-get install vim
Lancer le tutorat VIM
vimtutor
Ouvrir plusieurs fichiers simultanément - cote à cote comme avec vimdiff
vim -O fic1.md fic2.md
Ouvrir plusieurs fichiers simultanément - l'une au-dessus des autre
vim -o fic1.md fic2.md
Vim suppression de lignes avec motif
:g/toto/d
u : Undo (Annulez une modif, "édition-précédent") Ctrl-R: Redo changes (Annulez le annuler précédent)
Display non-printable character
:set list :set display+=uhex
Commande, trie
:%ls :%!sort -r
Voir également
$ cat hidden.txt ab $ wc --char hidden.txt 5 $ sed 's/\o302\xAD//' hidden.txt > fixed.txt wc --char fixed.txt 3
File browser
:Ex
for ex(ploring) the file directory.
Alternative
sudo update-alternatives --config editor
Insérer un caractère spécial comme un espace insécable
Use CTRL + K Ex with non-breakable space CTRL + K, <SPACE>, <SPACE>
Pb
Pb Debian Stretch (Debian 9) Copier-coller ne fonctionne pas avec la souris
Source :
Solution : Il suffit de maintenir la touche Shift enfoncée lors de la sélection du texte
Ou alors pour avoir le même comportement que Debian Jessie :
- /usr/share/vim/vim80/defaults.vim
" In many terminal emulators the mouse works just fine. By enabling it you " can position the cursor, Visually select and scroll with the mouse. "if has('mouse') " set mouse=a "endif
Correction avec Ansible
- name: bugfix vim replace: dest: /usr/share/vim/vim80/defaults.vim regexp: '^\s+set mouse=a' replace: '" set mouse=a' when: - ansible_os_family == 'Debian' - ansible_distribution_major_version == '9'
Ou
echo "set mouse-=a" >> ~/.vimrc
Chroot Linux
Voir :
Chroot Infinite BusyBox with systemd
- switch_root
libpam-chroot: /lib/security/pam_chroot.so
Voir fakeroot et consorts
- fakeroot
- fakeroot-ng
- proot
- become-root
- rootlesskit (Linux-native “fake root” for rootless containers) and yet slow):
Voir aussi :
- pivot_root & switch_root
- Docker
- bwrap
-
- ex :
firejail --dns=8.8.8.8 firefox
- Procenv
chrootont.sh
CHROOTDIR=/home/chroot mkdir ${CHROOTDIR} mkdir ${CHROOTDIR}/{dev,dev/pts,sys,proc,run,etc,bin,lib,lib64,usr,var,var/run,/var/log,var/lib,/etc/init.d,home,tmp,root} mount -t sysfs /sys ${CHROOTDIR}/sys mount -t proc proc ${CHROOTDIR}/proc mount -n -t tmpfs none ${CHROOTDIR}/dev mkdir ${CHROOTDIR}/dev/pts mkdir ${CHROOTDIR}/dev/shm mount -vt devpts -o gid=4,mode=620 none ${CHROOTDIR}/dev/pts mount -vt tmpfs none ${CHROOTDIR}/dev/shm mknod -m 622 ${CHROOTDIR}/dev/console c 5 1 mknod -m 666 ${CHROOTDIR}/dev/null c 1 3 mknod -m 666 ${CHROOTDIR}/dev/zero c 1 5 mknod -m 666 ${CHROOTDIR}/dev/ptmx c 5 2 mknod -m 666 ${CHROOTDIR}/dev/tty c 5 0 mknod -m 444 ${CHROOTDIR}/dev/random c 1 8 mknod -m 444 ${CHROOTDIR}/dev/urandom c 1 9 chown root:tty ${CHROOTDIR}/dev/{console,ptmx,tty} #mknod -m 600 ${CHROOTDIR}/dev/rtc c 254 0 cp -p /etc/hosts /etc/hostname /etc/resolv.conf /etc/nsswitch.conf /etc/host.conf /etc/gai.conf /etc/profile /etc/environment ${CHROOTDIR}/etc/ touch ${CHROOTDIR}/etc/fstab mkdir ${CHROOTDIR}/etc/network cp -p /etc/network/interfaces ${CHROOTDIR}/etc/network mkdir ${CHROOTDIR}/etc/default/ cp -p /etc/default/rsyslog ${CHROOTDIR}/etc/default/ cp -p /etc/default/ssh ${CHROOTDIR}/etc/default/ egrep "^root:|^jibe:^sshd:" /etc/passwd > ${CHROOTDIR}/etc/passwd chroot ${CHROOTDIR} /bin/bash #mount -vt devpts -o gid=4,mode=620 none /dev/pts #mount -vt tmpfs none /dev/shm chroot ${CHROOTDIR} /bin/bash exelist='ls mount ps bash dmesg vim tail'
Exemple avec bash
ldd /bin/bash mkdir ${CHROOTDIR}/lib/x86_64-linux-gnu/ -p cp -p /lib/x86_64-linux-gnu/libncurses.so.5 ${CHROOTDIR}/lib/x86_64-linux-gnu/ cp -p /lib/x86_64-linux-gnu/libtinfo.so.5 ${CHROOTDIR}/lib/x86_64-linux-gnu/ cp -p /lib/x86_64-linux-gnu/libdl.so.2 ${CHROOTDIR}/lib/x86_64-linux-gnu/ cp -p /lib/x86_64-linux-gnu/libc.so.6 ${CHROOTDIR}/lib/x86_64-linux-gnu/ cp -p /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/ cp -p /bin/bash ${CHROOTDIR}/bin/ # Authentification cp -a /etc/pam.* /home/chroot/etc/ cp -a /etc/security /home/chroot/etc/ cp -p /etc/login.defs /home/chroot/etc/ cp -p /etc/securetty /home/chroot/etc/ cp -p /lib/x86_64-linux-gnu/libnss_files.so.2 /home/chroot/lib/x86_64-linux-gnu/libnss_files.so.2 cp -a /etc/rsyslog.* /home/chroot/etc/ cp -p /etc/init.d/rsyslog /home/chroot/etc/init.d/ mkdir /home/chroot/usr/lib cp -a /usr/lib/rsyslog /home/chroot/usr/lib/ mkdir -p /var/spool/rsyslog cp -p /usr/sbin/sshd /home/chroot/usr/sbin/ cp -a /etc/ssh/ /home/chroot/etc/ # Locale cp -a /usr/lib/locale /home/chroot/usr/lib/ #cp -a /usr/share/zoneinfo /home/chroot/usr/share/
Pour top, atop
'xterm': unknown terminal type
cp -a /lib/terminfo /home/chroot/lib/ touch ${CHROOTDIR}/var/log/wtmp touch ${CHROOTDIR}/var/log/auth.log touch ${CHROOTDIR}/var/log/messages ${CHROOTDIR}/var/log/syslog ${CHROOTDIR}/var/log/kern.log ${CHROOTDIR}/var/log/daemon.log ${CHROOTDIR}/var/log/lastlog cp -r /etc/skel /home/chroot/home/jibe touch /home/chroot/home/jibe/.Xauthority chown jibe: -R /home/chroot/home/jibe chroot ${CHROOTDIR} chmod 1777 /home/chroot/tmp #mkdir -p /var/cache/apt/archives/ cp -p /etc/init.d/ssh /home/chroot/etc/init.d/ #Pour les script init (services) cp -a /lib/lsb /home/chroot/lib/
Truc ?
/etc/passwd
chroot:x:1010:1015:,,,:/home/chroot:/usr/local/bin/chrootshell
/usr/local/bin/chrootshell
#! /bin/bash #exec -c /usr/sbin/chroot /home/$USER /bin/bash #sudo /usr/sbin/chroot /home/$USER /bin/bash sudo /usr/sbin/chroot /home/$USER /bin/bash -c "su - jibe"
http://smhteam.info/wiki/index.linux.php5?wiki=ChrooterUnUtilisateur
chroot ALL=(root) NOPASSWD: /usr/sbin/chroot
ATTENTION Grosse faille de sécurité que je n'explique pas (peut-être lié à PAM ou systemd) : Si l'utilisateur ouvre une session graphique avec le compte chrooté, chaque appli graphique sort du chroot. Malgrès mon noyau patché avec Grsecurity
mknod -m 666 /home/chroot/dev/tty8 c 4 8
Dans le chroot
/sbin/getty 38400 tty8
umount ${CHROOTDIR}/{dev/pts,dev,sys,proc,run} umount ${CHROOTDIR} rmdir ${CHROOTDIR}/{dev/pts,dev,sys,proc,run} rmdir ${CHROOTDIR} umount /chroot/* umount /chroot/*
Comment savoir si je suis dans un chroot ?
Les numeros d'inodes peuvent être un indice
ls -id /
Voir http://stackoverflow.com/questions/75182/detecting-a-chroot-jail-from-within
Firejail
Voir : https://firejail.wordpress.com/documentation-2/firefox-guide/
firefail --seccomp --debug firefox
Mount kernel virtual file systems
Source : https://git.yoctoproject.org/poky/plain/meta/recipes-core/initscripts/initscripts-1.0/sysfs.sh
sysfs.sh
#!/bin/sh # # SPDX-License-Identifier: GPL-2.0-only # ### BEGIN INIT INFO # Provides: mountvirtfs # Required-Start: # Required-Stop: # Default-Start: S # Default-Stop: # Short-Description: Mount kernel virtual file systems. # Description: Mount initial set of virtual filesystems the kernel # provides and that are required by everything. ### END INIT INFO if [ -e /proc ] && ! [ -e /proc/mounts ]; then mount -t proc proc /proc fi if [ -e /sys ] && grep -q sysfs /proc/filesystems && ! [ -e /sys/class ]; then mount -t sysfs sysfs /sys fi if [ -e /sys/kernel/debug ] && grep -q debugfs /proc/filesystems; then mount -t debugfs debugfs /sys/kernel/debug fi if [ -e /sys/kernel/config ] && grep -q configfs /proc/filesystems; then mount -t configfs configfs /sys/kernel/config fi if [ -e /sys/firmware/efi/efivars ] && grep -q efivarfs /proc/filesystems; then mount -t efivarfs efivarfs /sys/firmware/efi/efivars fi if ! [ -e /dev/zero ] && [ -e /dev ] && grep -q devtmpfs /proc/filesystems; then mount -n -t devtmpfs devtmpfs /dev fi
Pb /etc/machine-id: No such file or directory
-bash: /etc/machine-id: No such file or directory -bash: /proc/sys/kernel/random/boot_id: No such file or directory -bash: /proc/sys/kernel/random/uuid: No such file or directory
Autres
chroot --userspec=nobody
Notes vie privée
https://ssd.eff.org/en/module/attending-protest https://github.com/frombeirutwithlove/ProtestTips/blob/master/organizing.md#law-enforcement--data-collection
Anonymiser
Voir mat
Surveillance Ville
Guide
Fichage / GAFA / Bigdata
- https://fr.wikipedia.org/wiki/Exploitation_documentaire_et_valorisation_de_l'information_g%C3%A9n%C3%A9rale
Logiciel anonymat
Tuto EFF
Recommendations:
- Use different browsers for different use cases. More private browsers like DuckDuckGo, Brave, and Firefox are better for more sensitive activities. Keeping separate browsers can protect against accidental data spillover from one aspect of your life into another.
- Use a secondary email address and/or phone number to register sensitive accounts or give to contacts with whom you don’t want to associate too closely. Google Voice is a free secondary phone number. Protonmail and Tutanota are free email services that offer many privacy protections that more common providers like Gmail do not, such as end-to-end encryption when emailing others also on Protonmail and Tutanota, and fewer embedded tracking mechanisms on the service itself.
- Use a VPN when you need to dissociate your internet connection from what you’re doing online. Be wary of VPN products that sell themselves as cure-all solutions.
- If you're going to/from a location that's more likely to have increased surveillance, or if you're particularly worried about who might know you're there, turning off your devices or their location services can help keep your location private.
Safe Browsing
- Install privacy-preserving browser extensions on any browsers you use. Privacy Badger, uBlock Origin, and DuckDuckGo are great options.
- Use a privacy-focused search engine, like DuckDuckGo.
- Carefully look at the privacy settings on each app and account you use. Turn off location services on phone apps that don’t need them. Raise the bar on privacy settings for most, if not all, your online accounts.
- Disable the ad identifier on mobile devices. Ad IDs are specifically designed to facilitate third-party tracking, and disabling them makes it harder to profile you. Instructions for Android devices and iOS devices are here.
- Choose a browser that’s more private by design. DuckDuckGo on mobile and Firefox (with privacy settings turned up) on the desktop are both good options.
Numéro portable / SIM
Louer des numéros temporaires anonymement.
- OnOff (pas libre et contient des trackers)
Fuites / leaks
blog.txt · Dernière modification : de 127.0.0.1