diff --git a/content/docs/client/ide.md b/content/docs/client/ide.md index 1977cb0..1770862 100644 --- a/content/docs/client/ide.md +++ b/content/docs/client/ide.md @@ -16,20 +16,20 @@ I really like Visual Studio code (VSCode) because of its versatile plugins for n ## Installation - Add GPG key of @paulcarotty -```shell -wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg \ +```shell-session +# wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg \ | gpg --dearmor \ | sudo dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg ``` - Add the repository -```shell -echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' \ +```shell-session +# echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' \ | sudo tee /etc/apt/sources.list.d/vscodium.list ``` - Install vscodium -```shell -sudo apt update -sudo apt install codium +```shell-session +# sudo apt update +# sudo apt install codium ``` Now, you can start vscodium by executing ``codium``. diff --git a/content/docs/client/shell-configuration.md b/content/docs/client/shell-configuration.md index feddd6f..b55e950 100644 --- a/content/docs/client/shell-configuration.md +++ b/content/docs/client/shell-configuration.md @@ -16,9 +16,9 @@ tags: # ZSH I prefer to use ZSH because of its advanced features mainly the easy file name globbing. With [oh my zsh](https://ohmyz.sh/) a good framework for extensions to ZSH exist. The documentation can be found at [GitHub](https://github.com/ohmyzsh/ohmyzsh/wiki). However, the installation practice with directly executing a shell script from GitHub is quite dangerous, as you do not have a trustworthy anchor like signed Linux distribution packages. Hence, I suggest to **review** the [installation script](https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh) at least prior to installing. At the very end, the install script asks for changing your users default shell to zsh. -```shell -apt-get install zsh -sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +```shell-session +# apt-get install zsh +# sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" ``` ## Configuring oh my zsh @@ -26,8 +26,8 @@ Oh my zsh, is mainly configured through your ``.zshrc`` file. ### Theme and Fonts I like the [powerlevel9k](https://github.com/Powerlevel9k/powerlevel9k/wiki) theme. It is installed by cloning its GitHub repository into the theme directory -```zsh -$ git clone https://github.com/bhilburn/powerlevel9k.git ~/.oh-my-zsh/custom/themes/powerlevel9k +```shell-session +# git clone https://github.com/bhilburn/powerlevel9k.git ~/.oh-my-zsh/custom/themes/powerlevel9k ``` and selecting it as the theme in your ``.zshrc``: ```zsh @@ -44,8 +44,8 @@ To use these fonts, copy the ``*.ttf`` files into ``~/.fonts``. Alternatively, y ### Keychain As I often use SSH or GPG from shell and want to have some comfort too, I use [``keychain``](https://github.com/funtoo/keychain). It ensures that your SSH keys are available through ``ssh-agent``. Hence, you must install it before configuring through -```zsh -$ apt install keychain +```shell-session +# apt install keychain ``` Afterwards, adapt your ``.zshrc`` to include the usage of the keychain plugin and load your SSH private key stored in the file ``id_rsa`` in your main SSH directory, i.e. usually ``~/.ssh/``. diff --git a/content/docs/services/hardening-nginx.md b/content/docs/services/hardening-nginx.md index 0590c53..e044edd 100644 --- a/content/docs/services/hardening-nginx.md +++ b/content/docs/services/hardening-nginx.md @@ -14,8 +14,8 @@ tags: # General information - After you change the nginx configuration always test its validity by executing -```shell -nginx -t +```shell-session +$ nginx -t ``` - Limit everything to what is needed for proper function. Do not use nice-to-have modules/configs that do not bear any usage for the user. @@ -45,7 +45,7 @@ http { ``` - Verify that nginx config is still valid (see sec. [General information]({{< relref "hardening-nginx.md#general-information" >}})) - Reload configuration -```shell +```shell-session $ systemctl reload nginx ``` @@ -80,7 +80,7 @@ server { Create your own set of Diffie-Hellman (DH) parameters for the key exchange and don't use the parameters commonly distributed with your Linux distribution. Weak DH parameters were a reason for past issues, cf. [Logjam Attack](https://weakdh.org/). You can create your own 4096 bit DH parameter set like this -```shell +```shell-session $ openssl dhparam -out /etc/nginx/dhparam.pem 4096 ``` @@ -96,7 +96,7 @@ ssl_prefer_server_ciphers on; ### Verification You can use ``nmap`` with the ``ssl-enum-ciphers`` script. At least for Ubuntu it is already itegrated into the main packages: -```shell +```shell-session $ nmap -6 --script ssl-enum-ciphers -p 443 blog.straubs.eu Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-16 21:42 CET Nmap scan report for blog.straubs.eu (2a01:4f8:c2c:b754::1) @@ -131,12 +131,12 @@ OSCP stapling is well explained in [this Mozilla tech-blog article](https://blog ### Verification You can verify the proper functioning of your setup with openssl: -```shell +```shell-session $ openssl s_client -connect blog.straubs.eu:443 -servername blog.straubs.eu -status 2>&1 | grep -i ocsp ``` Mind that you need to specify the servername option as well as the connection option if you use server name indication (SNI), e.g. if you host multiple domains on your server. In case of success the output should look like this -```shell +```shell-session OCSP response: OCSP Response Data: OCSP Response Status: successful (0x0) diff --git a/themes/hugo-book b/themes/hugo-book index 3a65df3..3a937f6 160000 --- a/themes/hugo-book +++ b/themes/hugo-book @@ -1 +1 @@ -Subproject commit 3a65df3a76e20ae3f9926aaa69ffc14a86fff055 +Subproject commit 3a937f6d57eaaab8a1407630b0da2c07f75543c9