This is an old revision of the document!
Table of Contents
Lehky kolovy tucnak
Ani balik neodstranis, protoze je to v zavislostech…!
Vira duveru prenasi
# rm -rfv /etc/ssl/certs $ echo "check-certificate = off" > $HOME/.wgetrc
Fixovani hipstrovin v kernelu
Edit “/etc/default/grub”
GRUB_CMDLINE_LINUX_DEFAULT="quiet nouveau.modeset=0 net.ifnames=0 biosdevname=0"
clubmate
$ gsettings set org.mate.Marco.window-keybindings minimize Super_L $ gsettings set org.mate.Marco.general button-layout 'close,maximize,minimize:' $ gsettings set org.mate.caja.desktop computer-icon-visible false $ gsettings set org.mate.caja.desktop home-icon-visible false $ gsettings set org.mate.caja.desktop network-icon-visible false $ gsettings set org.mate.caja.desktop trash-icon-visible false $ gsettings set org.mate.caja.desktop volumes-icon-visible true
Nebezpecny SW pod jinym uzivatelem
Odriznuti prohlizece nebo jineho nebezpecneho SW od dat bezneho uzivatele (sachy) tim, ze se bude spoustet pod vlastnim neprivilegovanym uzivatelem (ffuser). Obdobne pro jiny crapware…
# echo "sachy ALL=(ffuser) NOPASSWD: /home/ffuser/firefox/firefox" >> /etc/sudoers $ xhost +si:localuser:ffuser # povolit ffuserovi pouzit $DISPLAY ... $ sudo -u ffuser /home/ffuser/firefox/firefox
Finch a jeho zavislosti
Finch je TUI irc/jabber/… komunikator nad libpurple0 (oboji soucast pidginu, ale pouzitelne samostatne). V debian-like distrech terminalovy klient zavisi na fontech a dalsich GUI nesmyslech.
Stazeni .deb a rozbaleni:
$ apt-get download finch libpurple0 $ dpkg-deb -R ./finch<verze>.deb ./fmin $ dpkg-deb -R ./libpurple0<verze>.deb ./lp0min
Nahrazeni zavislosti finche (./fmin/DEBIAN/control) Pozor na nazev “finch” → “finch-minimal” a zavislost “libpurple0” → “libpurple0-minimal”!
Package: finch-minimal Source: finch-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 744 Depends: libc6 (>= 2.14), libglib2.0-0 (>= 2.35.9), libncursesw5 (>= 5.6+20070908), libpurple0-minimal (>= 2.8.0), libtinfo5, libxml2 (>= 2.7.4)
Podobne pro libpurple0 (./lp0min/DEBIAN/control)
Package: libpurple0-minimal Source: libpurple0-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 4861 Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libglib2.0-0 (>= 2.37.3), libidn11 (>= 1.13), libnspr4 (>= 2:4.9-2~) | libnspr4-0d (>= 1.8.0.10), libnss3 (>= 2:3.14), libperl5.20 (>= 5.20.2), libsasl2-2, libxml2 (>= 2.7.4), perl-base (>= 5.20.2-3+deb8u5), perlapi-5.20.2, libsasl2-modules Suggests: libtcl8.6 (>= 8.6.0)
Instalace upravenych baliku:
$ dpkg-deb --build ./fmin ./ $ dpkg-deb --build ./lp0min ./ # dpkg -i ./finch-minimal<verze>.deb ./libpurple0-minimal<verze>.deb # apt-get install -f # dotazeni zavislosti
Pripadne, pokud nekdo chce kompilovat, tak: (pozor na –with-static-prpls=“<protokoly>”)
$ ./configure --disable-gtkui --disable-screensaver --disable-sm --disable-startup-notification --disable-gtkspell --disable-gevolution --disable-cap --disable-gestures --disable-schemas-install --disable-gstreamer --disable-gstreamer-video --disable-gstreamer-interfaces --disable-farstream --disable-vv --disable-meanwhile --disable-avahi --disable-nm --disable-plugins --disable-perl --enable-gnutls=yes --enable-nss=yes --disable-tcl --disable-tk --disable-pixmaps-install --disable-doxygen --disable-dot --with-static-prpls="irc jabber" --disable-idn --disable-dbus --with-x=no --enable-consoleui --disable-nls $ make -j 1 # make install # make checkinstall
Profit!
mutt.nanorc
Zvyraznovac dulezitych headeru v muttu:
/usr/share/nano/mutt.nanorc
## Here is an example for quoted emails (under e.g. mutt). ## syntax "mutt" color yellow "^>.*" color green "^> >.*" color yellow "^Subject: .*" color yellow "^From: .*" color yellow "^Date: .*"
# echo 'include "/usr/share/nano/mutt.nanorc"' >> /etc/nanorc $ echo 'set editor="nano --syntax=mutt "' >> $HOME/.mutt/muttrc
URL MitM
Nektera dialogova okna maji klikaci odkaz u ktereho nejde zjistit cilova adresa, nebo se crapware snazi otevrit nejaky web sam od sebe. Resenim je nahradit vychozi browser dialogovym oknem, ktery onen odkaz zobrazi.
Fake browser: /opt/displaylink.sh
#!/bin/bash zenity --info --text="$1" exit
Nastaveni MitM jako defaultniho browseru (system-wide):
# update-alternatives --install /opt/x-www-browser x-www-browser /opt/displaylink.sh 666
user-wide /usr/share/applications/displaylink.desktop
[Desktop Entry] Version=1.0 Name=Displaylink Exec=/opt/displaylink.sh %U Terminal=false Type=Application
a pak pro http, https, ftp, …:
$ sed -i 's/x-scheme-handler\/http=.*/x-scheme-handler\/http=displaylink.desktop/g' $HOME/.config/mimeapps.list
Zniceni .xsession-errors
V HOME se tvori zbytecny, obrovsky log .xsession-errors a .xsession-errors.old. Presmerovani do /dev/null nepomaha, Xka si ho zase nahradi za bezny soubor.
Takhle se ho da zbavit:
# echo "exec >> /dev/null 2>&1" > /etc/X11/Xsession.d/05-noerr # chmod +x /etc/X11/Xsession.d/05-noerr
Snizovani zbytecneho IO
v /etc/fstab se da pripojovat filesystem s volbami “noatime,nodiratime”, coz zakaze aktualizace acsu pristupu k souboru/adresari (IMHO uplne zbytecny timestamp).
Zruseni x-session-errors (viz vyse)
/var/log se da mountit jako tmpfs.
none /var/log tmpfs size=100M,mode=777,noatime,nodiratime 0 0
~.cache je trikove - ukladaji se tam napriklad nahledy medialnich souboru (kdo pracuje s mc, tak nahledy nepotrebuje), dconf “dvoubajtovy binarni blob”… Takze muze byt uzitecne si .cache presunout do tmpfs/nullfs:
$ rm -rfv $HOME/.cache $ ln -s /dev/shm $HOME/.cache $ rm -rfv $HOME/.mozilla/firefox/<profil>/cache $ ln -s /dev/shm $HOME/.mozilla/firefox/<profil>/cache
TODO
Zjistit jak se zbavit /dev/shm/pulse-shm-*