Заметки
Страница заметок [temp]
<h4 id="bkmrk--1"></h4>
<h4 id="bkmrk-%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-secretnet">07. Установка SecretNet</h4>
<p id="bkmrk-%D0%A1%D0%BE%D1%85%D1%80%D0%B0%D0%BD%D1%8F%D0%B5%D0%BC-%D0%BF%D0%B0%D0%BF%D0%BA%D1%83-lic.">Папка <strong>lic.keys</strong> была предварительно скопирована в <strong>/home/master/lic.keys</strong></p>
<p id="bkmrk-%D0%9F%D1%80%D0%BE%D0%B2%D0%BE%D0%B4%D0%B8%D0%BC-%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D1%83-s"><strong>Проводим установку SecretNet </strong></p>
<p id="bkmrk-%D0%9A%D0%BE%D0%BF%D0%B8%D1%80%D1%83%D0%B5%D0%BC-%D0%BF%D0%B0%D0%BF%D0%BA%D1%83-secre">Копируем папку SecretNet в домашнюю папку <strong>/home/master</strong><br></p>
<p id="bkmrk-smb%3A%2F%2Fdp%255cseleznevd"><a href="smb://dp%5CSeleznevDaV@10.12.120.10/minsoc/Temp/_distrib/SecretNet/">smb://dp%5CSeleznevDaV@10.12.120.10/minsoc/Temp/_distrib/SecretNet/</a></p>
<pre id="bkmrk-sudo-dnf-install--y-"><code class="language-ruby">cd $HOME/SecretNet/
sudo dnf install -y secretnet snlsp-firewall
sleep 5</code></pre>
<p id="bkmrk-%D0%9F%D0%B5%D1%80%D0%B5%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%BA%D0%B0-%D0%90%D0%A0%D0%9C-1" class="callout warning">Перезагрузка АРМ</p>
<pre id="bkmrk-sudo-%2Fopt%2Fsecretnet%2F"><code class="language-ruby">sudo /opt/secretnet/bin/snlicensectl -c $HOME/lic.keys/lsp_nsd.lic
sudo /opt/secretnet/bin/snlicensectl -c $HOME/lic.keys/lsp_fw.lic</code></pre>https://www.kaspersky.ru/small-to-medium-business-security/downloads/endpoint
sudo vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.12.126.102 xwiki.prod.cc.msr.mosreg.ru
10.12.126.102 jenkins-ci-cd.prod.cc.msr.mosreg.ru
10.12.126.97 stat-ift-psi.test.cc.msr.mosreg.rupassbolt
https://www.passbolt.com/docs/hosting/install/ce/docker/
docker compose -f docker-compose.yaml \
exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u xeonmp22@gmail.com \
-f xeon \
-l mp \
-r admin" -s /bin/sh www-datahttps://www.passbolt.com/docs/api/
https://www.passbolt.com/docs/development/getting-started/
https://www.youtube.com/watch?v=XD3lZFyniCE
PXE
https://wiki.stechmo.ru/bin/view/Red%20OS/Установка%20по%20сети%20(настройка%20PXE)/?srid=tMVIRpt1
Backups
pdc-minsoc-1c-db01
10.12.126.66
Логин ssh: astra_subd
Пароль ssh: Zx123456!
Логин СУБД: postgres
Пароль СУБД: 5qjDzifR
Ресурс для резервных копий 1С
10.50.100.62:/opt/nfs/zkgu.msr.mosreg.ru
Mount
sudo mkdir /mnt/rootfs
sudo mount -o ro /dev/nvme0n1p4 /mnt/rootfssudo ls -lh /mnt/rootfs/root
Eltex
https://docs.eltex-co.ru/pages/viewpage.action?pageId=499679774
#!/usr/bin/clish
#345
#1.34.6
#2025-09-18
#10:24:33
object-group service dhcp_client
port-range 68
exit
object-group service dhcp_server
port-range 67
exit
object-group service dns
port-range 53
exit
object-group service ntp
port-range 123
exit
object-group service ssh
port-range 22
exit
object-group network trusted
ip prefix 10.12.19.0/24
exit
syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
severity info
exit
username admin
password encrypted $6$t/ucQIE0uLzBIiUB$k6VyaeZjrhJzrTB4MgasrspRiJJB8FiEgpI9UdRvq.q8yRu4ycrc0IPE..tifWJai0a17Zqzvndy/bDGQs89n0
exit
vlan 2
name "WAN"
exit
vlan 10
name "lan-podved-10"
exit
vlan 11
name "lan-podved-11"
exit
no spanning-tree
domain lookup enable
domain nameserver 10.10.51.1
domain nameserver 10.10.52.1
domain nameserver 10.12.19.1
security zone trusted
exit
security zone untrusted
exit
bridge 1
description "lan-factory"
vlan 1
security-zone trusted
ip address 192.168.1.1/24
no spanning-tree
enable
exit
bridge 2
description "WAN"
vlan 2
security-zone untrusted
ip address 10.12.19.5/24
no spanning-tree
enable
exit
bridge 10
description "lan-podved-10"
vlan 10
security-zone trusted
ip address 10.112.22.1/24
no spanning-tree
enable
exit
bridge 11
description "lan-podved-11"
vlan 11
security-zone trusted
ip address 172.28.22.1/24
no spanning-tree
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport mode trunk
switchport trunk native-vlan 2
switchport trunk allowed vlan add 10-11
exit
interface gigabitethernet 1/0/2
mode switchport
switchport mode trunk
switchport trunk native-vlan 2
switchport trunk allowed vlan add 10-11
exit
interface gigabitethernet 1/0/3
mode switchport
exit
interface gigabitethernet 1/0/4
mode switchport
exit
interface gigabitethernet 1/0/5
mode switchport
exit
interface gigabitethernet 1/0/6
mode switchport
switchport access vlan 2
exit
snmp-server
snmp-server community public 10.12.19.25 rw
snmp-server community public rw
security zone-pair trusted self
rule 10
action permit
match protocol tcp
match destination-port object-group ssh
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group ntp
enable
exit
rule 50
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 60
action permit
match protocol udp
match destination-port object-group dns
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port object-group dhcp_server
match destination-port object-group dhcp_client
enable
exit
rule 10
action permit
match source-address object-group network trusted
enable
exit
exit
security passwords default-expired
nat source
ruleset factory
to zone untrusted
rule 11
description "vlan11"
match source-address prefix 172.28.22.0/24
action source-nat netmap 10.112.22.251/32
enable
exit
exit
exit
ip dhcp-server
ip dhcp-server pool lan-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
dns-server 192.168.1.1
exit
ip dhcp-server pool lan-pool-11
network 172.28.22.0/24
address-range 172.28.22.10-172.28.22.50
default-router 172.28.22.1
dns-server 172.28.22.1
exit
ip dhcp-server pool lan-pool-10
network 10.112.22.0/24
address-range 10.112.22.10-10.112.22.50
default-router 10.112.22.1
dns-server 10.112.22.1
exit
ip route 0.0.0.0/0 10.12.19.1
ip ssh server
ip ssh dscp 32
ntp enable
ntp broadcast-client enable
ntp server 10.10.51.1
exit