From Personal Wiki
Jump to navigation Jump to search


cat /etc/resolv.conf
dig @
dig @ A
dig @ +trace
dig @ +qr
dig @ nic +qr +subnet=

resperf-report -s -d /root/benchmark/dataset -C 100 -m 20000 -r 60 -c 10


Add route

route add -net netmask gw eno1
ip route add via dev eno1

IPSec routes

ip xfrm policy
ip xfrm status
ip route list table 220


Interface create

auto br0
iface br0 inet static
  bridge_ports lo0

Interface WOL

iface enp0s31f6
 /sbin/ethtool -s enp0s31f6 wol g

Interfaces UP/DOWN

ifconfig eth0 up

ifdown eth0
ifup eth0

ip link add dev lo1 type dummy
ip address add dev lo1
ip link set up lo1

systemctl restart network

nmcli con show
nmcli con down 'Wired connection 1'
nmcli dev status

Show all interfaces

ls /sys/class/net
ip a
ip link show


iptables -S
iptables -L INPUT -n -v --line-numbers
iptables -I INPUT 1 -p tcp -s --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -s --dport 443 -j ACCEPT
iptables -I IN_public_allow 25 -p tcp -s --dport 53 -j ACCEPT
iptables -D INPUT 1

ufw status numbered
ufw delete 30
ufw allow from proto tcp to any port 80
ufw allow from proto tcp to any port 443
sudo ufw reload

nft list ruleset
nft list table ip filter -n -a
nft add rule ip filter INPUT position 1 saddr tcp dport 80 accept 
nft add rule ip filter INPUT position 1 saddr tcp dport 443 accept 

firewall-cmd --list-services
firewall-cmd --list-all
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --state
systemctl status firewalld


Netstat to show all local listening ports and IP addresses

numeric ports, only listening, TCP, with PID
netstat -plnta

netstat -plnua

IPSec (Strongswan)

ipsec statusall
ipsec restart
/etc/init.d/ipsec start

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -p
sysctl -a


For autostarting GUI application is better to use desktop file than service (systemd)

mkdir ~/.config/autostart
sudo chmod 777 .config/autostart

place file "chromium.desktop" there
[Desktop Entry]
Exec=/usr/bin/chromium-browser --start-fullscreen --disable-infobars --noerrdialogs


cat mmcblk0p2.ext4-ptcl-img.gz.a* | gzip -d -c | partclone.restore -W -o /tmp/img2 -L /tmp/log


ssh-keygen -t rsa -C "backup-ro" -b 8192 -f .ssh/backup-ro


Enable WoL in TLP. When using TLP for suspend/hibernate, the WOL_DISABLE setting should be set to N in /etc/default/tlp to allow resuming the computer with WoL.


iface eth0 inet static
 /sbin/ethtool -s eth0 wol g

DDNS Script

  1. Copy script to /etc/config via WinSCP
    Alternatively in Opengear CLI/SSH issue:
    vi /etc/config/
    paste with right click, push ESC button, then ":wq" and Enter
  2. Copy aws.crt to /etc/config or paste its content same as described in previous point
  3. Issue commands:
     chmod +x /etc/config/
    crontab -l | { cat; echo "* * * * * /etc/config/"; }| crontab -

AUTHORIZATION_CURL='psswd12134' #Autentizacny kod do AWS
DDNS_HOSTNAME='' #Hostname na prihlasenie
DDNS_STATUS_FILE='/tmp/ddns_script_HTTPstatus' #Subor, ktory uchovava odpoved z AWS, ci bol update uspesny alebo zlyhal
DDNS_LOG_FILE='/tmp/ddns_script_log' #Subor uchovavajuci chybove vystupy
SAVED_IP="$(cat /tmp/ddns_saved_ip)" #Subor uchovavajuci predchadzajucu hodnotu IP adresy, podla nej sa rozhoduje, ci sa aktualna adresa zmenila a podla toho sa posiela updatedo AWS alebo sa program len ukonci
INTERFACE="eth0" #Sietove rozhranie, ktoreho IP sa bude updatovat
CURRENT_IP="$(/bin/ip -o -4 addr list $INTERFACE | awk '{print $4}' | cut -d/ -f1)" #Vyextrahovanie IP adresy z /bin/ip
UPDATE_IP_LOCAL_FILE=1 #Bool hodnota, default 1 znamena, ze sa prepise hodnota IP adresy v subore definovanom v premennej SAVED_IP

echo "$(date)" > $DDNS_LOG_FILE #Vypis na konzolu (datum) a vystup do suboru
echo "Previously saved IP: "$SAVED_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
echo "Current IP: "$CURRENT_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
if [[ $CURRENT_IP = "" ]]; then
  echo "Interface does not exist or is not configured with IP!" | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
  exit 1
if [[ $SAVED_IP != $CURRENT_IP ]]; then #Porovanie, ak sa aktualna IP z /bin/ip nezhoduje s ulozenou v subore, treba urobit update. Znamena to, ze sa IP zmenila, alebo bol reboot systemu, vtedy sa totiz vymaze /tmp/ddns_saved_ip
  echo "Current IP is different than previously saved. UPDATING!"
  DDNS_CONCATENATE_URL="${DDNS_BASE_URL}hostname=${DDNS_HOSTNAME}&myip=${CURRENT_IP}" #Zretazenie URL, ktora sa posiela do AWS
  curl -H "Authorization: Basic $AUTHORIZATION_CURL" $DDNS_CONCATENATE_URL --cacert /etc/config/aws.crt > $DDNS_STATUS_FILE 2>>$DDNS_LOG_FILE #Poslanie HTTP request pomocou utility curl, specifikovanie certu a presmerovanie standard output a standard error
  if [[ $? -ne 0 ]]; then #Ak nie je navratova hodnota curl 0 - bezchybne skoncenie, nastal problem
    echo "Error with CURL. CHECK THE PROBLEM!" | tee -a $DDNS_LOG_FILE  #Vystup na konzolu a do suboru
    UPDATE_IP_LOCAL_FILE=0 #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP
  cat $DDNS_STATUS_FILE | grep '{"status": 200,' > /dev/null #Zistenie ci HTTP odpoved je 200, teda prebehol update DDNS
  if [[ $? -eq 1 ]] && [[ -e $DDNS_STATUS_FILE ]]; then #Ak predchadzajuci cmd  vrati 1 (nebola odpoved 200 OK neprebehol update) a zaroven existuje subor s odpovedou zo servera (v pripade restartu-neexistuje)
    echo "DDNS HTTP update status was not '200 OK'. CHECK THE PROBLEM! HTTP status message in "$DDNS_STATUS_FILE"" | tee -a $DDNS_LOG_FILE #Vystup na konzolu a do suboru
  if [[ $UPDATE_IP_LOCAL_FILE -eq 1 ]]; then #Test ci je bool hodnota 1, teda ma prepisovat subor uchovavajuci IP adresu
    echo $CURRENT_IP>/tmp/ddns_saved_ip #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP. Nemenit poziciu vpisovania IP adresy do filu v ramci kodu. Vsetko je zalozene prave na tom, ze sa hodnota prepise az po uspesnom update DDNS, ak by sa prepisala este pred nim a update nezbehne, tak aktualna IP == ulozenj vo file a prva podmienka, kde sa provnavaju tieto hodnoty vyhodnoti, ze sa IP nezmenila, co bude mat za nasledok neupdatovanie DDNS. 
    echo "Successfully updated" | tee -a $DDNS_LOG_FILE
  # BODY='FAILED TO UPDATE DDNS RECORD, URL WITH FQDN MAY NOT WORK!!'$'\n'"Check logs in /var/tmp and see documentation on WIKI."$'\n\n'"Current settings: $OOB_HOSTNAME $CURRENT_IP" bash /etc/scripts/alert-email
else # IP adresa sa nezmenila, netreba posielat update
  echo "Current IP is the same as previously saved. NOT UPDATING!" | tee -a $DDNS_LOG_FILE

tcpdump -i any -s 65535 -w /tmp/output.pcap host
tcpdump -i any -s 65535 -w /tmp/output.pcap dst port 80
tcpdump -i any -s 65535 -w /tmp/output.pcap -tttt src 
/usr/sbin/tcpdump port 1813 or port 1812 -s 0 -w /tmp/name.pcap -i ens3

editcap name.pcap radius_no_header.pcap -L -C 4 -T rawip -F pcap
tcprewrite --enet-dmac=00:12:13:14:15:16 --enet-smac=00:22:33:44:55:66 --infile=name.pcap --outfile=name.pcap --dlt=enet
tcprewrite --dlt=enet -v --infile=/tmp/name.pcap --outfile=/tmp/name.pcap --enet-dmac=96:00:00:ba:ba:09 --enet-smac=d2:74:7f:6e:37:e3 --srcipmap= --dstipmap= --fixcsum
tcpreplay  -i ens3 -K --mbps 100 /tmp/name.pcap

QR codes

qrencode -o wifi.png 'WIFI:S:MySSID;T:WPA;P:MyPSSWD;;' -s 11 --foreground=25bebe


cat /proc/sys/net/ipv4/icmp_echo_ignore_all