Differences

This shows you the differences between two versions of the page.

--- linux:astra [2024/04/23 13:23] – [Astra partition] admin
+++ linux:astra [2025/04/10 13:06] (current) – [Astra boot recovery] admin
@@ Line 1: / Line 1: @@
 ====== Linux.Astra ======
+https://habr.com/ru/companies/jetinfosystems/articles/730106/  - экзамен alcsa 1.7  https://tour.astralinux.ru/
+Информация по astra 1.7 https://wiki.astralinux.ru/pages/viewpage.action?pageId=137563438 \\
+https://wiki.astralinux.ru/fstec/security_measures - реализация мер защиты \\
+astra-safepolicy - [[https://wiki.astralinux.ru/pages/viewpage.action?pageId=109020865#id-%D0%98%D0%BD%D1%81%D1%82%D1%80%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D1%8B%D0%BA%D0%BE%D0%BC%D0%B0%D0%BD%D0%B4%D0%BD%D0%BE%D0%B9%D1%81%D1%82%D1%80%D0%BE%D0%BA%D0%B8astrasafepolicy-astra-modeswitchastra-modeswitch|управление безопасностью]] \\
+<code BASH>
+sudo astra-safepolicy 3 # 0 Базовый / 1 Усиленный/ 2 Максимальный - детали смотри выше
+sudo pdpl-user -i 63 username   #- повышение уровня целостности
+</code>
+https://dl.astralinux.ru/astra/ astra common edition \\
 ===== Astra doc =====
   * Возможности реализации мер защиты - https://wiki.astralinux.ru/pages/viewpage.action?pageId=181666113
@@ Line 6: / Line 19: @@
   * актуальная документация ищем "Astra Linux Special Edition  Эксплуатационная и дополнительная документация"
+===== Astra Images =====
+https://registry.astralinux.ru/latest/download/ \\
+===== Astra boot recovery =====
+  * Astra ++recovery |
+<code BASH>
+ -- Recovery AStra 1.74 from DD
+sudo parted /dev/sda mklabel gpt
+sudo parted /dev/sda mkpart primary 1MiB 513MiB
+sudo parted /dev/sda set 1 boot on
+sudo parted /dev/sda mkpart primary 513MiB 550MiB
+sudo parted /dev/sda mkpart primary 550MiB 55GB
+sudo sgdisk --typecode=1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B /dev/sda
+sudo sgdisk --typecode=2:0657FD6D-A4AB-43C4-84E5-0933C84B4F4F /dev/sda
+sudo sgdisk --typecode=3:A19D880F-05FC-4D3B-A006-743F0F84911E /dev/sda
+sudo sgdisk --partition-guid=1:125CDFD1-11A6-C444-BD0A-A7161E0C6947 /dev/sda
+sudo sgdisk --partition-guid=2:A690A365-B3FB-A24F-9ED1-585BFCC774F8 /dev/sda
+sudo sgdisk --partition-guid=3:251F310F-56EE-694D-941A-44057D9BCFD1 /dev/sda
+sudo mkfs.vfat -F 32 /dev/sda1
+sudo mkswap /dev/sda2
+sudo swapon /dev/sda2
+sudo pvcreate /dev/sda3
+# Create a volume group (VG) named "vg0" using /dev/sda3
+sudo vgcreate vg0 /dev/sda3
+# Create a logical volume (LV) named "root" with a size of 55GB
+sudo lvcreate -L 55G -n root vg0
+# Format the logical volume as ext4 (or any other filesystem)
+sudo mkfs.ext4 /dev/vg0/root
+mount.cifs //10.59.20.200/tmp /mnt/cifs
+sudo pv /mnt/cifs/rvirt04/boot.img | sudo dd of=/dev/sda1 bs=4M status=progress
+fsck /dev/sda1
+sudo pv /mnt/cifs/rvirt04/vg0-root.img | sudo dd of=/dev/mapper/vg0-root bs=4M status=progress
+# Optionally, mount the new logical volume to /mnt for testing
+sudo mkdir -p /mnt/root
+sudo mount /dev/vg0/root /mnt/root
+sudo mount /dev/sda1 /mnt/root/boot/efi
+sudo mount --bind /dev /mnt/root/dev
+sudo mount --bind /proc /mnt/root/proc
+sudo mount --bind /sys /mnt/root/sys
+sudo chroot /mnt/root
+grub-install --target=x86_64-efi
+update-grub
+new pass test rvirt04
+vmadmin
+ctrhtn1!
+deb http://xpen.gorodperm.ru:8080/astra/frozen/1.7_x86-64/1.7.7/repository-main/ 1.7_x86-64 main contrib non-free
+deb http://xpen.gorodperm.ru:8080/astra/frozen/1.7_x86-64/1.7.7/repository-base/ 1.7_x86-64 main contrib non-free
+deb http://xpen.gorodperm.ru:8080/astra/frozen/1.7_x86-64/1.7.7/repository-extended/ 1.7_x86-64 main contrib non-free
+</code>
+++
 ===== Astra hint =====
   * определить сборку и версию ''/etc/astra/build_version''- https://wiki.astralinux.ru/pages/viewpage.action?pageId=137563146
@@ Line 108: / Line 189: @@
 </code>
-**Monitoring RAID**
+==== Monitoring program RAID  ====
 <code BASH>
 # !!!  mismatch_cnt   https://web.archive.org/web/20201214182307/https://www.thomas-krenn.com/en/wiki/Mdadm_checkarray_function
@@ Line 118: / Line 200: @@
 </code>
+++++ check_linux_raid_mismatch.sh|
+<code BASH - check_linux_raid_mismatch.sh>
+#!/bin/bash
+#template from http://www.juliux.de/nagios-plugin-vorlage-bash
+# !!!  mismatch_cnt   https://web.archive.org/web/20201214182307/https://www.thomas-krenn.com/en/wiki/Mdadm_checkarray_function
+# recovery resync  https://web.archive.org/web/20160801015011/https://www.thomas-krenn.com/en/wiki/Mdadm_recovery_and_resync
+# recovery degraded https://web.archive.org/web/20150102095244/http://www.thomas-krenn.com/en/wiki/Mdadm_recover_degraded_Array
+# Mdadm checkarray function
+# https://github.com/glensc/nagios-plugin-check_raid
+WARN_LIMIT=$1
+CRIT_LIMIT=$2
+if [ -z $WARN_LIMIT ] || [ -z $CRIT_LIMIT ];then
+echo "Usage: check_linux_raid_mismatch WARNLIMIT CRITLIMIT"
+exit 3;
+else
+DATA=-1
+for file in /sys/block/md*/md/mismatch_cnt
+do
+  DATA2=`cat $file`
+  DATA=$((DATA + DATA2))
+  MD_NAME=`echo $file | awk 'BEGIN { FS = "/" } ; { print $4 }'`
+  PERF_DATA+="$MD_NAME=`cat $file` "
+done
+if [ $DATA -eq -1 ]; then
+echo "UNKNOWN - software raid mismatch_cnts not found | $PERF_DATA"
+exit 3;
+fi
+if [ $DATA -lt $WARN_LIMIT ]; then
+echo "OK - all software raid mismatch_cnts are smaller than $WARN_LIMIT / upd:'$(date  +%d.%m.%Y\ %H:%M:%S) | $PERF_DATA"
+exit 0;
+fi
+if [ $DATA -ge $WARN_LIMIT ] && [ $DATA -lt $CRIT_LIMIT ]; then
+echo "WARNING - software raid mismatch_cnts are greater or equal than $WARN_LIMIT / upd:'$(date  +%d.%m.%Y\ %H:%M:%S) | $PERF_DATA"
+exit 1;
+fi
+if [ $DATA -ge $CRIT_LIMIT ]; then
+echo "CRITICAL - software raid mismatch_cnts are greater or equal than $CRIT_LIMIT / upd:'$(date  +%d.%m.%Y\ %H:%M:%S) | $PERF_DATA"
+exit 2;
+fi
+if [ $DATA -eq -1 ]; then
+echo "UNKNOWN - software raid mismatch_cnts not found | $PERF_DATA"
+exit 3;
+fi
+fi
+</code>
+++++
 ===== Astra grub boot =====
 <code BASH>