2 mēneši atpakaļ · d2afebc06e
--- a/gnu-linux/partitionnement/mdadm-raid.md
+++ b/gnu-linux/partitionnement/mdadm-raid.md
@@ -0,0 +1,15 @@
 
				+% mdadm et RAID
			
 
				+
			
 
				+# Suppression
			
 
				+
			
 
				+```bash
			
 
				+mdadm --detail /dev/md0
			
 
				+mdadm --stop /dev/md0
			
 
				+```
			
 
				+
			
 
				+Sur chaque disque correspondant:
			
 
				+
			
 
				+```
			
 
				+mdadm --zero-superblock /dev/sdAX
			
 
				+```
			
 
				+
			
--- a/gnu-linux/serveurs/proxmox/infrastructure-ovh.md
+++ b/gnu-linux/serveurs/proxmox/infrastructure-ovh.md
@@ -18,6 +18,7 @@ Aide: [Architecture de services avec Proxmox sur un serveur kimsufi - Vincent Di
 
				 |                  |       | 10.1.0.        |
			
 
				 | web-gestion      | 104   | 10.1.0.22      |
			
 
				 | bastion          | 105   | 10.1.0.11      |
			
 
				+| tranmissionmat   | 110   | 10.1.0.110     |
			
 
				 | development-vm   | 801   | 10.1.0.81      |
			
 
				 
			
 
				 
			
@@ -87,3 +88,20 @@ sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.1
 
				 | above )             |    |                     |    | repos               |
			
 
				 +---------------------+    +---------------------+    +---------------------+
			
 
				 ```
			
 
				+
			
 
				+
			
 
				+# Ports (NAT)
			
 
				+
			
 
				+
			
 
				+## Transmission MAT
			
 
				+
			
 
				+Port 52222
			
 
				+
			
 
				+Redirigé dans ecaz vers son adresse IP
			
 
				+
			
 
				+Contenu de  `/etc/lfirewall/post-up-down.d/300-port-nat-to-transmissionmat` :
			
 
				+
			
 
				+```
			
 
				+$do_action -t nat $IPTABLES_ADD $IT_PREROUTING -i eth0 -p tcp -m tcp --dport 52222 -j DNAT --to-destination 10.1.0.110:52222
			
 
				+$do_action -t nat $IPTABLES_ADD $IT_PREROUTING -i eth0 -p udp -m udp --dport 52222 -j DNAT --to-destination 10.1.0.110:52222
			
 
				+```
			
--- a/gnu-linux/serveurs/securisation/bastion.md
+++ b/gnu-linux/serveurs/securisation/bastion.md
@@ -8,6 +8,44 @@ Installation en cours: Devuan
 
				 ssh bastion
			
 
				 ```
			
 
				 
			
 
				+## Provisoire
			
 
				+
			
 
				+- [set up a ssh tunnel only user for ssh proxy jump · GitHub](https://gist.github.com/smoser/3e9430c51e23e0c0d16c359a2ca668ae)
			
 
				+- [How to restrict a jump user (into openSSH jumpbox) to only SSH to another server? - Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/691514/how-to-restrict-a-jump-user-into-openssh-jumpbox-to-only-ssh-to-another-server)
			
 
				+
			
 
				+```bash
			
 
				+lauhub@ecaz:~$ sudo -u mat nano /home/mat/.bashrc
			
 
				+lauhub@ecaz:~$ sudo -u mat tail -1 /home/mat/.bashrc
			
 
				+PATH=/opt/restricted/bin
			
 
				+
			
 
				+lauhub@ecaz:~$ sudo mkdir /opt/restricted/bin
			
 
				+mkdir: cannot create directory ‘/opt/restricted/bin’: No such file or directory
			
 
				+lauhub@ecaz:~$ sudo mkdir -p /opt/restricted/bin
			
 
				+lauhub@ecaz:~$ cd /opt/restricted/bin
			
 
				+lauhub@ecaz:/opt/restricted/bin$ ln -s $(which ssh)
			
 
				+ln: failed to create symbolic link './ssh': Permission denied
			
 
				+lauhub@ecaz:/opt/restricted/bin$ sudo ln -s $(which ssh)
			
 
				+lauhub@ecaz:/opt/restricted/bin$ ll
			
 
				+total 0
			
 
				+lrwxrwxrwx 1 root root 12 Sep 21 02:23 ssh -> /usr/bin/ssh
			
 
				+lauhub@ecaz:/opt/restricted/bin$ cd -
			
 
				+/home/lauhub
			
 
				+
			
 
				+```
			
 
				+
			
 
				+
			
 
				+### sshd_config
			
 
				+
			
 
				+```
			
 
				+Match User mat
			
 
				+   AllowAgentForwarding no
			
 
				+   AllowTcpForwarding yes
			
 
				+   X11Forwarding no
			
 
				+   PermitTunnel no
			
 
				+   GatewayPorts no
			
 
				+   ForceCommand echo 'This account can only be used for ProxyJump (ssh -J)'
			
 
				+```
			
 
				+
			
 
				 ## TODO
			
 
				 
			
 
				 - [ ] [linux - Limit SSH access to specific clients by IP address - Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/406245/limit-ssh-access-to-specific-clients-by-ip-address)