Paweł Krawczyk kravietz

## luks-upgrade.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              2 stars
            
          
                kravietz
                / luks-upgrade.md
            
            
              Created Jul 9, 2019
            
              
                Ubuntu LUKS cryptsetup upgrade
              
          
      View luks-upgrade.md
  
    
    If you installed your #ubuntu with full-disk #encryption a while, you may want to upgrade your #luks header version to enjoy improved #security and stronger password hashing algorithms.
Boot from USB
You can't change LUKS header from a live system - you need to boot a live Ubuntu USB to be able to access the encrypted partition. First, create a bootable USB stick using a regular Ubuntu installer image.

Just get the latest installer ISO available
You need the full installer, the mini network installer won't work
You may need to disable Secure Boot in BIOS temporarily to boot from USB


## nftables-docker.conf
# Docker networking is messy and undocumented. Docker will create IP addresses and iptables at random times.
# This can be limited by using totally static IP addresses for network interfaces and avoiding the default network bridge.

# /etc/default/docker
# DOCKER_OPTS="--iptables=false --ipv6 --bip 172.16.0.1/16 --fixed-cidr 172.16.0.0/16 --fixed-cidr-v6 2a01:9000::/68"
# --bip is the host IP address of the docker0 interface
# --fixed-cidr is the CIDR subnet allocated to the docker0 interface (default network bridge)
# --fixed-cidr-v6 is the IPv6 CIDR allocated to docker0

# for IPv6 split your /64 delegated subnet into /68 subnets and allocate them to each docker-compose.yml subnet:

## scram-sha-256.txt
postgres@tyler:~$ psql
psql (10.5 (Ubuntu 10.5-1.pgdg16.04+1))
Type "help" for help.

postgres=# show password_encryption;
 password_encryption
---------------------
 md5
(1 row)

## docker-ce.yml
# taken from https://get.docker.com/
---
- apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg

- apt_repository:
    repo: 'deb https://apt.dockerproject.org/repo ubuntu-{{ansible_distribution_release}} main'
    state: absent

- apt_repository:

## nftables-host.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority 0; policy drop
                iifname lo accept
                ct state established,related accept
                # allow any incoming ICMP and ICMPv6

## break.py
#!/usr/bin/env python3

import collections
import statistics

line = 'F96DE8C227A259C87EE1DA2AED57C93FE5DA36ED4EC87EF2C63AAE5B9A7EFFD673BE4ACF7BE8923CAB1ECE7AF2DA3DA44FCF7AE29235A24C963FF0DF3CA3599A70E5DA36BF1ECE77F8DC34BE129A6CF4D126BF5B9A7CFEDF3EB850D37CF0C63AA2509A76FF9227A55B9A6FE3D720A850D97AB1DD35ED5FCE6BF0D138A84CC931B1F121B44ECE70F6C032BD56C33FF9D320ED5CDF7AFF9226BE5BDE3FF7DD21ED56CF71F5C036A94D963FF8D473A351CE3FE5DA3CB84DDB71F5C17FED51DC3FE8D732BF4D963FF3C727ED4AC87EF5DB27A451D47EFD9230BF47CA6BFEC12ABE4ADF72E29224A84CDF3FF5D720A459D47AF59232A35A9A7AE7D33FB85FCE7AF5923AA31EDB3FF7D33ABF52C33FF0D673A551D93FFCD33DA35BC831B1F43CBF1EDF67F0DF23A15B963FE5DA36ED68D378F4DC36BF5B9A7AFFD121B44ECE76FEDC73BE5DD27AFCD773BA5FC93FE5DA3CB859D26BB1C63CED5CDF3FE2D730B84CDF3FF7DD21ED5ADF7CF0D636BE1EDB79E5D721ED57CE3FE6D320ED57D469F4DC27A85A963FF3C727ED49DF3FFFDD24ED55D470E69E73AC50DE3FE5DA3ABE1EDF67F4C030A44DDF3FF5D73EA250C96BE3D327A84D963FE5DA32B91ED36BB1D132A31ED87AB1D021A255DF71B1C436BF479A7AF0C13AA14794'

ciphertext

## vigenere.py
#!/usr/bin/env python3

from itertools import cycle

A = [chr(x) for x in range(ord('a'), ord('z')+1)]

def encrypt(a,b):
    return A[(A.index(a) + A.index(b)) % len(A)]

def decrypt(a,b):

## server-checks.py
#!/usr/bin/python3

# monitor a group of websites and email alerts

# cron task:
#
# */5 * * * * t=$(mktemp); if ! python3 /home/user/server-checks.py >$t; then mail email@example.com -s "Web check $(date)" <$t; fi; rm $t
# https://ipsec.pl/ True 0.7856874465942383

# sample output (only if errors detected, otherwise stays silent)

## django-dnt.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
from django.views.generic import TemplateView

__author__ = 'Paweł Krawczyk'

DNT_HEADER = 'HTTP_DNT'


class DoNotTrackMiddleware(object):

## preload.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
from urllib.parse import urlparse

import codecs
from django.conf import settings
from django.utils.html_parser import HTMLParser

__author__ = 'Paweł Krawczyk'
	# Docker networking is messy and undocumented. Docker will create IP addresses and iptables at random times.
	# This can be limited by using totally static IP addresses for network interfaces and avoiding the default network bridge.

	# /etc/default/docker
	# DOCKER_OPTS="--iptables=false --ipv6 --bip 172.16.0.1/16 --fixed-cidr 172.16.0.0/16 --fixed-cidr-v6 2a01:9000::/68"
	# --bip is the host IP address of the docker0 interface
	# --fixed-cidr is the CIDR subnet allocated to the docker0 interface (default network bridge)
	# --fixed-cidr-v6 is the IPv6 CIDR allocated to docker0

	# for IPv6 split your /64 delegated subnet into /68 subnets and allocate them to each docker-compose.yml subnet:
	postgres@tyler:~$ psql
	psql (10.5 (Ubuntu 10.5-1.pgdg16.04+1))
	Type "help" for help.

	postgres=# show password_encryption;
	password_encryption
	---------------------
	md5
	(1 row)
	# taken from https://get.docker.com/
	---
	- apt_key:
	url: https://download.docker.com/linux/ubuntu/gpg

	- apt_repository:
	repo: 'deb https://apt.dockerproject.org/repo ubuntu-{{ansible_distribution_release}} main'
	state: absent

	- apt_repository:
	#!/usr/sbin/nft -f

	flush ruleset

	table inet filter {
	chain input {
	type filter hook input priority 0; policy drop
	iifname lo accept
	ct state established,related accept
	# allow any incoming ICMP and ICMPv6
	#!/usr/bin/env python3

	import collections
	import statistics

	line = 'F96DE8C227A259C87EE1DA2AED57C93FE5DA36ED4EC87EF2C63AAE5B9A7EFFD673BE4ACF7BE8923CAB1ECE7AF2DA3DA44FCF7AE29235A24C963FF0DF3CA3599A70E5DA36BF1ECE77F8DC34BE129A6CF4D126BF5B9A7CFEDF3EB850D37CF0C63AA2509A76FF9227A55B9A6FE3D720A850D97AB1DD35ED5FCE6BF0D138A84CC931B1F121B44ECE70F6C032BD56C33FF9D320ED5CDF7AFF9226BE5BDE3FF7DD21ED56CF71F5C036A94D963FF8D473A351CE3FE5DA3CB84DDB71F5C17FED51DC3FE8D732BF4D963FF3C727ED4AC87EF5DB27A451D47EFD9230BF47CA6BFEC12ABE4ADF72E29224A84CDF3FF5D720A459D47AF59232A35A9A7AE7D33FB85FCE7AF5923AA31EDB3FF7D33ABF52C33FF0D673A551D93FFCD33DA35BC831B1F43CBF1EDF67F0DF23A15B963FE5DA36ED68D378F4DC36BF5B9A7AFFD121B44ECE76FEDC73BE5DD27AFCD773BA5FC93FE5DA3CB859D26BB1C63CED5CDF3FE2D730B84CDF3FF7DD21ED5ADF7CF0D636BE1EDB79E5D721ED57CE3FE6D320ED57D469F4DC27A85A963FF3C727ED49DF3FFFDD24ED55D470E69E73AC50DE3FE5DA3ABE1EDF67F4C030A44DDF3FF5D73EA250C96BE3D327A84D963FE5DA32B91ED36BB1D132A31ED87AB1D021A255DF71B1C436BF479A7AF0C13AA14794'

	ciphertext
	#!/usr/bin/env python3

	from itertools import cycle

	A = [chr(x) for x in range(ord('a'), ord('z')+1)]

	def encrypt(a,b):
	return A[(A.index(a) + A.index(b)) % len(A)]

	def decrypt(a,b):
	#!/usr/bin/python3

	# monitor a group of websites and email alerts

	# cron task:
	#
	# /5 * * * t=$(mktemp); if ! python3 /home/user/server-checks.py >$t; then mail email@example.com -s "Web check $(date)" <$t; fi; rm $t
	# https://ipsec.pl/ True 0.7856874465942383

	# sample output (only if errors detected, otherwise stays silent)
	#!/usr/bin/python
	# -- coding: utf-8 --
	from django.views.generic import TemplateView

	__author__ = 'Paweł Krawczyk'

	DNT_HEADER = 'HTTP_DNT'


	class DoNotTrackMiddleware(object):
	#!/usr/bin/python
	# -- coding: utf-8 --
	from urllib.parse import urlparse

	import codecs
	from django.conf import settings
	from django.utils.html_parser import HTMLParser

	__author__ = 'Paweł Krawczyk'