Tu viens de télécharger Python, Node.js ou Git, et là… surprise : impossible de lancer la commande dans PowerShell. 'python' n'est pas reconnu en tant que commande... Classique.

Le coupable ? Ton PATH Windows qui n’a aucune idée de l’endroit où se planque ton programme fraîchement installé. Pas de panique : ajouter un programme au PATH Windows est plus simple qu’installer YAML sur un serveur Ubuntu (et ça, c’est déjà un exploit).

Dans ce guide, je te montre 3 méthodes pour ajouter un programme au PATH Windows : l’interface graphique (pour les prudents), PowerShell (pour les pros), et CMD (pour les nostalgiques). Avec en bonus : cas d’usage réels, troubleshooting, et tout ce qu’il faut pour ne plus jamais galérer.

Raising Notifications From Terminal

When executing long-running jobs in the terminal, it's useful to get notified when they complete so you can do other things while waiting. Here are a few ways to achieve this.

Using notify-send (Linux)

The simplest approach is to chain your command with notify-send:

slow-job; notify-send "done"

If You Already Started the Job

If you've already started a long-running job and forgot to add a notification, you can still do it:

1. Press Ctrl-Z to suspend the job and put it in the background
2. Run fg; notify-send "done"

The job will resume in the foreground, and you'll get notified when it finishes.

Mastering Secure Communication: A Comprehensive Guide to Generating Self-Signed SSL Certificates with OpenSSL

TL;DR:

openssl genrsa -out private.key 2048
openssl req -new -key private.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey private.key -out server.crt
openssl rsa -aes256 -in private.key -out private_encrypted.key

server {
    listen 443 ssl;
    server_name your_domain.com; # Or localhost for local testing

    ssl_certificate /path/to/your/server.crt;
    ssl_certificate_key /path/to/your/private.key;

    # ... other server configurations
}

Some notes on setting up an apt-cacher-ng based cache server for Debian apt packages in my home operations ("homeops") context, including a section on using SSL/TLS origin servers.

Dans cet article, nous allons apprendre à récupérer et lire le contenu d’un certificat x.509 en utilisant la commande "openssl".

Les certificats x.509 sont très importants pour sécuriser les communications entre clients et serveurs sur Internet. Nous ferons d'abord un bref rappel de ce qu'est un certificat x.509, puis nous détaillerons les méthodes pour obtenir ces certificats via un navigateur ou directement avec "openssl", et enfin, nous verrons comment extraire les informations contenues dans un certificat.

openssl s_client -connect shaarli.mickge.fr.eu.org:443 2>/dev/null </dev/null | openssl x509 -noout -enddate

An archive of useful Linux commands shared in Self-Host Weekly

Watchtower est un outil qui surveille vos conteneurs Docker et les met à jour automatiquement.
Ce script permet de :

• Identifier les LXC en ligne qui contiennent Docker.
• Trouver les fichiers docker-compose.yml de Watchtower.
• Voir et modifier les options essentielles de Watchtower.
• Redémarrer automatiquement les containers après modification.

Le script est adapté pour des LXC dont le répertoire Watchtower se trouve dans /root ou un sous-répertoire de /root.

TL;DR:

#!/bin/bash
# Gestion complète de Watchtower dans LXC

MENU="
===============================================
   Gestion de Watchtower dans les conteneurs LXC
===============================================
 [1] 🔍 Voir l’état actuel de Watchtower
 [2] 🚀 Démarrer Watchtower
 [3] 🛑 Arrêter Watchtower
 [4] 🔁 Redémarrer Watchtower
 [5] 📂 Voir le contenu modifiable du docker-compose.yml de Watchtower
 [6] 🔄 Basculer restart policy (always ↔ none)
 [7] ✏️  Modifier WATCHTOWER_NO_STARTUP_MESSAGE (true/false)
 [8] ✏️  Modifier WATCHTOWER_CLEANUP (true/false)
 [9] 📅 Modifier le schedule aléatoire (14h-20h, min multiples de 5)
 [10] 📅 Fixer le même schedule pour tous (6 champs, Spring Cron)
 [11] ✏️  Modifier WATCHTOWER_TIMEOUT
 [Q] ❌ Quitter
"

# Obtenir les LXC en ligne avec Docker
get_running_docker_lxc() {
    pct list | awk 'NR>1 && $2=="running"{print $1}' | while read lxc; do
        if pct exec "$lxc" -- docker ps >/dev/null 2>&1; then
            echo "$lxc"
        fi
    done
}

# Trouver docker-compose.yml de watchtower avec timeout (5s)
find_watchtower_compose() {
    lxc_id=$1
    timeout 5s pct exec "$lxc_id" -- find /root -type f -path "*/watchtower/docker-compose.yml" 2>/dev/null | head -n1
}

# Afficher état Watchtower
status_watchtower() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        echo "→ LXC $lxc_id"
        if [ -n "$compose_file" ]; then
            pct exec "$lxc_id" -- docker ps --filter name=watchtower
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Démarrer Watchtower
start_watchtower() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            dir=$(dirname "$compose_file")
            pct exec "$lxc_id" -- sh -c "cd $dir && docker compose up -d"
            echo "🚀 Watchtower démarré dans LXC $lxc_id"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Arrêter Watchtower
stop_watchtower() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            pct exec "$lxc_id" -- docker stop watchtower >/dev/null 2>&1
            echo "🛑 Watchtower arrêté dans LXC $lxc_id"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Redémarrer Watchtower
restart_watchtower() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            dir=$(dirname "$compose_file")
            pct exec "$lxc_id" -- sh -c "cd $dir && docker compose down && docker compose up -d"
            echo "🔁 Watchtower redémarré dans LXC $lxc_id"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Voir le contenu modifiable du docker-compose.yml
view_compose() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        echo "→ LXC $lxc_id"
        if [ -n "$compose_file" ]; then
            pct exec "$lxc_id" -- sh -c "grep -E 'restart:|WATCHTOWER_NO_STARTUP_MESSAGE|WATCHTOWER_CLEANUP|WATCHTOWER_SCHEDULE|WATCHTOWER_TIMEOUT' $compose_file"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Modifier une clé dans docker-compose.yml et redémarrer
modify_key_restart() {
    key=$1
    new_value=$2
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            pct exec "$lxc_id" -- sed -i "s|^\s*-\s*$key=.*|      - $key=$new_value|" "$compose_file"
            dir=$(dirname "$compose_file")
            pct exec "$lxc_id" -- sh -c "cd $dir && docker compose down && docker compose up -d"
            echo "✅ $key mis à jour et Watchtower redémarré pour LXC $lxc_id"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Basculer restart policy
toggle_restart() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            current=$(pct exec "$lxc_id" -- grep "restart:" "$compose_file" | awk '{print $2}')
            if [ "$current" = "always" ]; then new="none"; else new="always"; fi
            pct exec "$lxc_id" -- sed -i "s/^restart:.*/restart: $new/" "$compose_file"
            dir=$(dirname "$compose_file")
            pct exec "$lxc_id" -- sh -c "cd $dir && docker compose down && docker compose up -d"
            echo "🔄 Restart policy basculée et Watchtower redémarré dans LXC $lxc_id : $new"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Schedule aléatoire (14h-20h, minutes multiples de 5) pour chaque LXC
random_schedule() {
    for lxc_id in $(get_running_docker_lxc); do
        compose_file=$(find_watchtower_compose "$lxc_id")
        if [ -n "$compose_file" ]; then
            hour=$((RANDOM % 7 + 14))
            minute=$((RANDOM % 12 * 5))
            schedule="0 $minute $hour ? * 5"
            pct exec "$lxc_id" -- sed -i "s|^\s*-\s*WATCHTOWER_SCHEDULE=.*|      - WATCHTOWER_SCHEDULE=$schedule|" "$compose_file"
            dir=$(dirname "$compose_file")
            pct exec "$lxc_id" -- sh -c "cd $dir && docker compose down && docker compose up -d"
            echo "✅ WATCHTOWER_SCHEDULE mis à jour et Watchtower redémarré pour LXC $lxc_id : $schedule"
        else
            echo "Pas de docker-compose.yml trouvé ou recherche expirée pour LXC $lxc_id."
        fi
    done
    read -rp "Appuyez sur [Entrée] pour revenir au menu..."
}

# Schedule fixe pour tous (Spring cron, 6 champs)
fixed_schedule() {
    read -rp "Entrez la valeur du schedule (ex: 0 0 16 ? * 5) : " schedule
    modify_key_restart "WATCHTOWER_SCHEDULE" "$schedule"
}

# Menu principal
while true; do
    clear
    echo "$MENU"
    read -rp "Votre choix : " choice
    case $choice in
        1) status_watchtower ;;
        2) start_watchtower ;;
        3) stop_watchtower ;;
        4) restart_watchtower ;;
        5) view_compose ;;
        6) toggle_restart ;;
        7) read -rp "Entrez true ou false pour WATCHTOWER_NO_STARTUP_MESSAGE : " val; modify_key_restart "WATCHTOWER_NO_STARTUP_MESSAGE" "$val" ;;
        8) read -rp "Entrez true ou false pour WATCHTOWER_CLEANUP : " val; modify_key_restart "WATCHTOWER_CLEANUP" "$val" ;;
        9) random_schedule ;;
        10) fixed_schedule ;;
        11) read -rp "Entrez la valeur pour WATCHTOWER_TIMEOUT (ex: 30s) : " val; modify_key_restart "WATCHTOWER_TIMEOUT" "$val" ;;
        [Qq]) exit ;;
        *) echo "Option invalide." ; read -rp "Appuyez sur [Entrée] pour continuer..." ;;
    esac
done

Fx is a CLI for JSON: it shows JSON interactively in your terminal, and lets you transform JSON with JavaScript. Fx is written in Go and uses goja as its embedded JavaScript engine.

• antonmedv/fx Terminal JSON viewer & processor

Nixite generates a bash script to unattendedly install all your Linux software. Nixite automatically configures your system and installs software using the best method available. Nixite tries to suppress confirmation prompts.

Made with ❤️ by aspizu. Star the project on GitHub. Inspired by Ninite, PackagePicker.co

What is Packer?

Packer is a tool that lets you create identical machine images for multiple platforms from a single source template. Packer can create golden images to use in image pipelines.

Secure Boot is a security feature that ensures your computer only boots with software trusted by the Original Equipment Manufacturer (OEM). It verifies the digital signatures of bootloaders and firmware, preventing unauthorized or malicious software from loading before the operating system. This helps protect against rootkits and other malware that could compromise the system early in the boot sequence.

MOK, or Machine Owner Key, is a security feature in Linux. Basically, it enables users to add their own trusted signing keys to the system’s Secure Boot configuration. Normally, trusted keys are provided by hardware vendors or operating system developers. Thus, MOK ensures that only trusted software and kernel modules run on the system.

However, sometimes it’s necessary to load custom software or third-party drivers that aren’t signed by the default trusted keys. This is where MOK comes to help. It enables users to add their specific keys. In turn, this makes the system trust and run custom-signed software, even with Secure Boot enabled.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to ~get the f**k~ break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available.

GTFOBins is a collaborative project created by Emilio Pinna and Andrea Cardaci where everyone can contribute with additional binaries and techniques.

If you are looking for Windows binaries you should visit LOLBAS.

Jimmy is a tool to convert your notes from different formats to Markdown.

• marph91/jimmy Convert your notes to Markdown

Via kalvn

aria2 is a lightweight multi-protocol & multi-source command-line download utility. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces.

• aria2

While bash is the most widely available and popular shell, Zsh has a strong following among a certain section of developers and sysadmins.

Though it has some awesome features, they would need some customization either manually or through plugins.

This section is a collection of tips and tutorials that will help you learn and use Zsh more effectively.

You'll learn the following:

• Why Zsh is awesome?
• Installing Zsh and making it default shell
• Configuring aliases in Zsh
• Enabling syntax highlighting in Zsh
• Enabling command history in Zsh
• Enabling autosuggestions based on command history
• Customizing Zsh prompt
• Setting environment variable in Zsh
• Using Powerlevel10k to get more out of it
• Using Oh My Zsh
• Best Zsh plugin

cariddi is a CLI tool that scans websites and crawls domain URLs to find hidden endpoints, secrets, API keys, file extensions and tokens.

An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters.

Connect A to B. Send Data.

In 2023 it's hard to connect two devices directly. Dumb pipe punches through NATs, using on-the-fly node identifiers. It even keeps your machines connected as network conditions change.

What you actually do with that connection is up to you.

A unix pipe between computers

$ curl -sL https://www.dumbpipe.dev/install.sh | sh

get dumbpipe with a single command on two computers, connect them & pipe data from one machine to the other. No accounts. No configuration.

Receiver

$ ./dumbpipe listen
using secret key 23ryys7pgvjrr57pcrvyivdrhvqyykg2tv3leou5grm66xfd7zzq
Listening. To connect, use:
./dumbpipe connect nodeecsxraxjtqtneathgplh6d5nb2rsnxpfulmkec2rvhwv3hh6m4rdgaibamaeqwjaegplgayaycueiom6wmbqcjqaibavg5hiaaaaaaaaaaabaau7wmbq   

Sender

echo "hello" | ./dumbpipe connect nodeecsxraxjtqtneathgplh6d5nb2rsnxpfulmkec2rvhwv3hh6m4rdgaibamaeqwjaegplgayaycueiom6wmbqcjqaibavg5hiaaaaaaaaaaabaau7wmbq

This will work, regardless of where the two machines are. Dumb pipe finds a way.

Sshfs est un outil permettant d'utiliser le protocole ssh comme un système de fichiers et ainsi monter un répertoire distant à travers le protocole ssh.
Alors que ssh s'utilise en ligne de commande, sshfs permet d'utiliser n'importe quel gestionnaire de fichiers de manière transparente.
Cet outil permet ainsi d'allier sécurité et facilité d'emploi pour les utilisateurs.