Skip to content

Administration

Jump to bottom
skyper edited this page Jan 29, 2024 · 30 revisions

Misc information for SSC Administrators.

Load Admin Tools:

source "${SF_BASEDIR:-/sf}/sfbin/funcs_admin.sh"

Reset a messed up docker/overlay2:

systemctl stop docker
docker rm -vf $(docker ps -aq)
docker rmi -f $(docker images -aq)
docker volume prune -f
# docker system prune -a -f  # clears all
systemctl start docker

(to free enough space docker rmi -f sf-guest is normally sufficient)

Enlarge XFS (AWS):

xfs_growfs -d /sf

Quick Traffic Rate check:

iftop -BnN -f "not host ${SSH_CONNECTION%% *}" # then press 's' and 't'
lgiftop
iptstate -ftLR 10

It is possible to enable logging. We must at all cost protect the user's privacy. Logging is forced to memory only and we do not log anything from the user's root server. Logging is disabled by default but can be enabled like so:

cd /dev/shm/sf-u1000/run/
mkdir logs
touch logs/segfault.log ; chown 1000:1000 logs/segfault.log

(the logs are to errors happening inside the sf-host container).

Update & restart just 1 container

SF_REDIS_AUTH=$(echo -n "Redis AUTH ${SF_SEED:?}" | sha512sum | base64 -w0)
SF_REDIS_AUTH="${SF_REDIS_AUTH//[^[:alnum:]]}"
SF_REDIS_AUTH="${SF_REDIS_AUTH:0:32}"
export SF_REDIS_AUTH
### rebuild
SF_SEED=$SF_SEED docker-compose build tor
SF_SEED=$SF_SEED docker-compose up -d --no-deps tor
### restart container
docker stop sf-cryptostorm
SF_SEED=${SF_SEED:?} docker-compose up -d --no-deps cryptostorm

Switch to next VPN provider:

docker exec sf-cryptostorm bash -c '{ ip link del wg0; killall sleep; }'
docker exec sf-cryptostorm dig @1.1.1.1 www.google.com

Check CGROUP stats:

systemd-cgtop

List all guest processes:

systemctl status sf_guest.slice

List processes for $LID

systemctl status docker-"$(docker inspect --format='{{.Id}}' "$LID")".scope

Display cgroup for a pid

cat /proc/PID/cgroup

List all cgroups on the system

ps xawf -eo pid,user,cgroup,args

Firewall an IP

iptables -I FORWARD -p tcp --dport 22 -s 46.106.190.5 -j DROP

Delete all rules

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F 
iptables -X 
iptables -Z 
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X

tcpdump -n -i ens5 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0' and port 22

Free disk space

# Find largest packages
dpkg-query --show --showformat='${Package;-50}\t${Installed-Size}\n' | sort -k 2 -n | grep -v deinstall | awk '{printf "%.3f MB \t %s\n", $2/(1024), $1}'
apt-get purge -y <package>

SFUI startup:

Update: https://github.com/messede-degod/SF-UI/blob/beta/docs/ADMINISTRATION.md

  1. clone : git clone https://github.com/messede-degod/SF-UI

  2. setup config.yaml:

    1. cp config_example.yaml config.yaml
    2. set the following fields:
      • sf_endpoints (array of segfault instances: ex: 8lgm.segfault.net, adm.segfault.net)
      • use_x_forwarded_for_header (set this to true, if sfui is behind a proxy like nginx)
      • segfault_ssh_username, segfault_ssh_password (change if required)
      • segfault_use_ssh_key (set to true if a ssh key is being used to connect to segfault)
      • segfault_ssh_key_path (path to ssh key)

  3. build and deploy:

    1. sudo docker build -t sfui .
    2. sudo docker compose up -d
# 443 -> nginx -> 7171 -> sfui(docker)
docker start sfui
# nginx logs are in /var/log/nginx

Join us on Telegram if you have any questions or comments.

Clone this wiki locally