Difference between pages "Talk:Hardening Concepts" and "System Administration Practice"

(Difference between pages)
(I wrote my CAPS feedback.)
 
m
 
Line 1: Line 1:
== Caps ==
+
== Keep Portage Tree Up-To-Date ==
 +
Even if you're not doing a full update every day, you should sync the portage tree and overlays regularly. It will reduce the time that you need to sync tree before a system upgrade. Also, if you just want to install something, it will be installed with latest deps so you will not waste time on upgrading it later. Here is an example script to upgrade portage and overlay every day:
 +
<console>
 +
###i## nano /etc/cron.daily/autosync.sh
 +
#!/bin/bash
 +
log="/var/log/autosync.log"
 +
if [ ! -f $log ]; then
 +
touch $log
 +
chmod 600 $log
 +
chown root:root $log
 +
fi
  
It's not often talked about when hardening, but capabilities are an up-and-coming, arguably better, way of handling Privilege Escalation/Reduced Privileges.
+
echo >> $log
 +
echo "*** autosync started! ($(date +'%d-%m-%Y %H:%M:%S'))" >> $log
 +
echo "*** running emerge --sync" >> $log
 +
emerge -q --sync >> $log 2>&1
 +
if [ -f /usr/bin/layman ]; then
 +
echo >> $log
 +
echo "*** running layman -S" >> $log
 +
/usr/bin/layman -S --nocolor >> $log 2>&1
 +
fi
 +
</console>
  
Although Linux support is pretty low (AFAIK), I think it is something we (read: I) should look at.
+
== Purge unused distfiles ==
 +
Distfiles may take up a lot of space on disk, and if you do not clean them from time to time it may become an issue. There are many ways to clean them.  
  
-[[User:Apple|Apple]] 18:33, 27 November 2010 (CET)
+
* Remove distfiles which wasn't accessed in last 90 days. ('''WARNING''': It will not work if distfiles are on filesystem with '''noatime''' option. You may want think about '''relatime''').
  
I started looking into caps more myself. Windows has a capabilities-like mechanisms. Capabilities, though, at least the Linux implementation are based on a obsoleted POSIX specification draft or something like that. So in the greater ecosystem, I'm not sure how well supported they are. I'd encourage looking into them though and writing about them. Several packages have the <code>caps</code> USE flag.
+
{{Code|/etc/cron.daily/distfiles-auto-purge.sh|<source lang="bash">#!/bin/bash
 +
find /usr/portage/distfiles -maxdepth 1 -type f -atime +90 -exec rm {} \;</source>}}
  
[[User:Brantgurga|Brantgurga]] 06:49, 28 November 2010 (CET)
+
[[Category:HOWTO]]

Revision as of 16:55, 13 January 2014

Keep Portage Tree Up-To-Date

Even if you're not doing a full update every day, you should sync the portage tree and overlays regularly. It will reduce the time that you need to sync tree before a system upgrade. Also, if you just want to install something, it will be installed with latest deps so you will not waste time on upgrading it later. Here is an example script to upgrade portage and overlay every day:

# nano /etc/cron.daily/autosync.sh
#!/bin/bash
log="/var/log/autosync.log"
if [ ! -f $log ]; then
	touch $log
	chmod 600 $log
	chown root:root $log
fi

echo >> $log
echo "*** autosync started! ($(date +'%d-%m-%Y %H:%M:%S'))" >> $log
echo "*** running emerge --sync" >> $log
emerge -q --sync >> $log 2>&1
if [ -f /usr/bin/layman ]; then
	echo >> $log
	echo "*** running layman -S" >> $log
	/usr/bin/layman -S --nocolor >> $log 2>&1
fi

Purge unused distfiles

Distfiles may take up a lot of space on disk, and if you do not clean them from time to time it may become an issue. There are many ways to clean them.

  • Remove distfiles which wasn't accessed in last 90 days. (WARNING: It will not work if distfiles are on filesystem with noatime option. You may want think about relatime).

Template:Code