85 lines
3.3 KiB
JSON
Executable File
85 lines
3.3 KiB
JSON
Executable File
{
|
|
"linux_administration": {
|
|
"critical_commands": {
|
|
"diagnostics": ["htop", "iotop", "nethogs", "ss -tlnp", "journalctl -f", "dmesg -T", "strace"],
|
|
"disk": ["ncdu", "du -sh", "df -h", "lsblk", "fstrim", "smartctl"],
|
|
"network": ["curl -v", "dig", "mtr", "tcpdump", "iperf3", "nmap"],
|
|
"process": ["systemctl", "ps auxf", "pgrep", "lsof -i", "fuser"]
|
|
},
|
|
"hardening": [
|
|
"SSH key-only auth (PasswordAuthentication no)",
|
|
"Fail2ban on SSH/HTTP",
|
|
"UFW with default deny incoming",
|
|
"Automatic security updates (unattended-upgrades)",
|
|
"Disable root SSH login",
|
|
"Use non-standard SSH port"
|
|
]
|
|
},
|
|
"docker": {
|
|
"best_practices": [
|
|
"Multi-stage builds for smaller images",
|
|
"Non-root user in container",
|
|
"Health checks in Dockerfile",
|
|
".dockerignore to reduce context",
|
|
"Pin exact versions in FROM"
|
|
],
|
|
"compose_patterns": {
|
|
"web_app": "nginx + php-fpm + postgres + redis",
|
|
"monitoring": "prometheus + grafana + alertmanager + node_exporter",
|
|
"ai_stack": "ollama + pgvector + searxng + python-api"
|
|
}
|
|
},
|
|
"nginx": {
|
|
"optimization": {
|
|
"worker_processes": "auto (= number of CPU cores)",
|
|
"worker_connections": "4096-8192",
|
|
"keepalive_timeout": "65",
|
|
"gzip": "on for text/* application/json application/javascript"
|
|
},
|
|
"security_headers": {
|
|
"X-Frame-Options": "DENY or SAMEORIGIN",
|
|
"X-Content-Type-Options": "nosniff",
|
|
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
|
|
"Content-Security-Policy": "Restrictive policy per app needs",
|
|
"X-XSS-Protection": "0 (deprecated, use CSP instead)"
|
|
},
|
|
"ssl_config": {
|
|
"protocols": "TLSv1.2 TLSv1.3 only",
|
|
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256",
|
|
"ssl_session_cache": "shared:SSL:10m",
|
|
"ssl_stapling": "on"
|
|
}
|
|
},
|
|
"postgresql_ops": {
|
|
"backup": {
|
|
"pg_dump": "Logical backup, per-database",
|
|
"pg_basebackup": "Physical backup, full cluster",
|
|
"wal_archiving": "Point-in-time recovery (PITR)",
|
|
"pgBackRest": "Enterprise backup solution with incremental"
|
|
},
|
|
"monitoring": {
|
|
"key_metrics": ["active connections", "cache hit ratio (>99%)", "transaction rate", "replication lag", "dead tuples"],
|
|
"autovacuum": "Critical for preventing bloat — monitor pg_stat_user_tables"
|
|
},
|
|
"performance": {
|
|
"shared_buffers": "25% of RAM",
|
|
"effective_cache_size": "75% of RAM",
|
|
"work_mem": "RAM / max_connections / 4",
|
|
"maintenance_work_mem": "512MB-1GB for large DBs"
|
|
}
|
|
},
|
|
"git_workflow": {
|
|
"wevads_repos": {
|
|
"wevads-platform": {"branch": "main", "desc": "Core WEVADS application"},
|
|
"wevads-arsenal": {"branch": "master", "desc": "Arsenal dashboard"},
|
|
"wevads-tracking": {"branch": "main", "desc": "Tracking server"},
|
|
"wevads-gpu": {"branch": "main", "desc": "GPU server code"},
|
|
"weval-consulting": {"branch": "main", "desc": "Company website"},
|
|
"weval-site": {"branch": "main", "desc": "Site assets"},
|
|
"weval-frontend": {"branch": "main", "desc": "Frontend React"},
|
|
"weval-inject-scripts": {"branch": "main", "desc": "Injection scripts"}
|
|
},
|
|
"mandatory_workflow": "GOLD backup → git add -A → git commit → git push → validate → modify"
|
|
}
|
|
}
|