feat: initial commit

2026-05-19 14:53:39 +02:00
commit 630a3a0985
5 changed files with 171 additions and 0 deletions
@@ -0,0 +1,43 @@
+# Linux/Network Incident Runbook
+
+## 1) SSH nedostupan
+
+- Provera puta: `ping <host>` i `traceroute <host>` (ako postoji)
+- Provera porta: `nc -vz <host> 22` ili `telnet <host> 22`
+- Na hostu: `ss -tulpn | rg ':22'`
+- Servis: `systemctl status sshd` ili `systemctl status ssh`
+- Firewall: `nft list ruleset | rg '22|ssh'`
+
+## 2) DNS problemi
+
+- Rezolucija: `dig +short <fqdn>`
+- Autoritativna provera: `dig <fqdn> @<dns-server>`
+- Lokalni resolver: `resolvectl status`
+- Konfiguracija: `cat /etc/resolv.conf`
+
+## 3) Aplikacija ne odgovara
+
+- Proces i socket: `ss -tulpn | rg '<port>|<proc>'`
+- Unit health: `systemctl status <service>`
+- Logovi: `journalctl -u <service> --since '-30m' --no-pager`
+- Resursi: `free -h`, `df -hT`, `top`
+
+## 4) Latencija/packet loss
+
+- RTT i gubitak: `ping -c 20 <target>`
+- Hop analiza: `mtr -rwzbc 100 <target>` (ako postoji)
+- NIC greške: `ip -s link`
+- TCP state: `ss -s`
+
+## 5) Hardening minimum
+
+- Otvoreni portovi: `ss -tulpn`
+- Neuspešni servisi: `systemctl --failed`
+- Kritični CVE pipeline: proveri SBOM/dependency skener u CI
+- Audit konfiguracije: baseline CIS/OS hardening check-list
+
+## Promene bezbedno
+
+- Uvek snimi stanje pre izmene (`scripts/sysdiag.sh`).
+- Menjaj jednu stvar po iteraciji.
+- Posle izmene uradi health-check i rollback plan.