Linux
Jump to navigation
Jump to search
Contents
DNS
cat /etc/resolv.conf dig nic.cz dig nic.cz @1.1.1.1 dig @1.1.1.1 nic.cz A dig @1.1.1.1 nic.cz +trace dig @1.1.1.1 nic.cz +qr dig @1.1.1.1 nic +qr +subnet=1.2.3.4/32 resperf-report -s 89.145.160.250 -d /root/benchmark/dataset -C 100 -m 20000 -r 60 -c 10
Routes
Add route
route add -net 198.161.1.0 netmask 255.255.255.0 gw 192.168.206.1 eno1 ip route add 198.161.1.0/24 via 198.168.206.1 dev eno1
IPSec routes
ip xfrm policy ip xfrm status ip route list table 220
Interfaces
Interface create
auto br0 iface br0 inet static bridge_ports lo0 address 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 gateway 192.168.100.1
Interface WOL
iface enp0s31f6 /sbin/ethtool -s enp0s31f6 wol g
Interfaces UP/DOWN
ifconfig eth0 up ifdown eth0 ifup eth0 ip link add dev lo1 type dummy ip address add dev lo1 10.10.20.1/24 ip link set up lo1 systemctl restart network nmcli con show nmcli con down 'Wired connection 1' nmcli dev status
Show all interfaces
ls /sys/class/net ip a ifconfig ip link show
Firewall
https://help.ubuntu.com/community/UFW
https://sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
iptables -S iptables -L INPUT -n -v --line-numbers iptables -I INPUT 1 -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT iptables -I INPUT 1 -p tcp -s 192.168.1.0/24 --dport 443 -j ACCEPT iptables -I IN_public_allow 25 -p tcp -s 1.1.1.1/24 --dport 53 -j ACCEPT iptables -D INPUT 1 ufw status numbered ufw delete 30 ufw allow from 192.168.1.0/24 proto tcp to any port 80 ufw allow from 192.168.1.0/24 proto tcp to any port 443 sudo ufw reload nft list ruleset nft list table ip filter -n -a nft add rule ip filter INPUT position 1 saddr 192.168.1.0/24 tcp dport 80 accept nft add rule ip filter INPUT position 1 saddr 192.168.1.0/24 tcp dport 443 accept firewall-cmd --list-services firewall-cmd --list-all firewall-cmd --get-active-zones firewall-cmd --get-default-zone firewall-cmd --state systemctl status firewalld firewall-config
Netstat
Netstat to show all local listening ports and IP addresses
numeric ports, only listening, TCP, with PID netstat -plnta UDP netstat -plnua
IPSec (Strongswan)
ipsec statusall ipsec restart /etc/init.d/ipsec start sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv6.conf.all.forwarding=1 sysctl -p sysctl -a
Autostart
For autostarting GUI application is better to use desktop file than service (systemd)
mkdir ~/.config/autostart sudo chmod 777 .config/autostart place file "chromium.desktop" there [Desktop Entry] Name=Zabbix Type=Application Comment=Zabbix Categories=Applications Exec=/usr/bin/chromium-browser --start-fullscreen --disable-infobars --noerrdialogs myweb.com Terminal=false StartupNotify=false Icon=/home/pi/Documents/zabbix_logo.png
Clonezilla
cat mmcblk0p2.ext4-ptcl-img.gz.a* | gzip -d -c | partclone.restore -W -o /tmp/img2 -L /tmp/log
SSH
ssh-keygen -t rsa -C "backup-ro" -b 8192 -f .ssh/backup-ro
WOL
Enable WoL in TLP. When using TLP for suspend/hibernate, the WOL_DISABLE setting should be set to N in /etc/default/tlp to allow resuming the computer with WoL.
/etc/network/interfaces
iface eth0 inet static /sbin/ethtool -s eth0 wol g
DDNS Script
- Copy script to /etc/config via WinSCP
- Alternatively in Opengear CLI/SSH issue:
vi /etc/config/ddns_update_script.sh
- paste with right click, push ESC button, then ":wq" and Enter
- Copy aws.crt to /etc/config or paste its content same as described in previous point
- Issue commands:
chmod +x /etc/config/ddns_update_script.sh
crontab -l | { cat; echo "* * * * * /etc/config/ddns_update_script.sh"; }| crontab -
#!/bin/bash ####VARIABLES#### AUTHORIZATION_CURL='psswd12134' #Autentizacny kod do AWS DDNS_BASE_URL='https://dgkb3peng0.execute-api.us-east-1.amazonaws.com/v1/nic/update?' #URL do AWS DDNS_HOSTNAME='bai-2-oob01.ddns.eset.com' #Hostname na prihlasenie DDNS_STATUS_FILE='/tmp/ddns_script_HTTPstatus' #Subor, ktory uchovava odpoved z AWS, ci bol update uspesny alebo zlyhal DDNS_LOG_FILE='/tmp/ddns_script_log' #Subor uchovavajuci chybove vystupy OOB_HOSTNAME="$(hostname)" SAVED_IP="$(cat /tmp/ddns_saved_ip)" #Subor uchovavajuci predchadzajucu hodnotu IP adresy, podla nej sa rozhoduje, ci sa aktualna adresa zmenila a podla toho sa posiela updatedo AWS alebo sa program len ukonci INTERFACE="eth0" #Sietove rozhranie, ktoreho IP sa bude updatovat CURRENT_IP="$(/bin/ip -o -4 addr list $INTERFACE | awk '{print $4}' | cut -d/ -f1)" #Vyextrahovanie IP adresy z /bin/ip UPDATE_IP_LOCAL_FILE=1 #Bool hodnota, default 1 znamena, ze sa prepise hodnota IP adresy v subore definovanom v premennej SAVED_IP echo "$(date)" > $DDNS_LOG_FILE #Vypis na konzolu (datum) a vystup do suboru echo "Previously saved IP: "$SAVED_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru echo "Current IP: "$CURRENT_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru if [[ $CURRENT_IP = "" ]]; then echo "Interface does not exist or is not configured with IP!" | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru exit 1 fi if [[ $SAVED_IP != $CURRENT_IP ]]; then #Porovanie, ak sa aktualna IP z /bin/ip nezhoduje s ulozenou v subore, treba urobit update. Znamena to, ze sa IP zmenila, alebo bol reboot systemu, vtedy sa totiz vymaze /tmp/ddns_saved_ip echo "Current IP is different than previously saved. UPDATING!" DDNS_CONCATENATE_URL="${DDNS_BASE_URL}hostname=${DDNS_HOSTNAME}&myip=${CURRENT_IP}" #Zretazenie URL, ktora sa posiela do AWS curl -H "Authorization: Basic $AUTHORIZATION_CURL" $DDNS_CONCATENATE_URL --cacert /etc/config/aws.crt > $DDNS_STATUS_FILE 2>>$DDNS_LOG_FILE #Poslanie HTTP request pomocou utility curl, specifikovanie certu a presmerovanie standard output a standard error if [[ $? -ne 0 ]]; then #Ak nie je navratova hodnota curl 0 - bezchybne skoncenie, nastal problem echo "Error with CURL. CHECK THE PROBLEM!" | tee -a $DDNS_LOG_FILE #Vystup na konzolu a do suboru UPDATE_IP_LOCAL_FILE=0 #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP fi cat $DDNS_STATUS_FILE | grep '{"status": 200,' > /dev/null #Zistenie ci HTTP odpoved je 200, teda prebehol update DDNS if [[ $? -eq 1 ]] && [[ -e $DDNS_STATUS_FILE ]]; then #Ak predchadzajuci cmd vrati 1 (nebola odpoved 200 OK neprebehol update) a zaroven existuje subor s odpovedou zo servera (v pripade restartu-neexistuje) echo "DDNS HTTP update status was not '200 OK'. CHECK THE PROBLEM! HTTP status message in "$DDNS_STATUS_FILE"" | tee -a $DDNS_LOG_FILE #Vystup na konzolu a do suboru UPDATE_IP_LOCAL_FILE=0 fi if [[ $UPDATE_IP_LOCAL_FILE -eq 1 ]]; then #Test ci je bool hodnota 1, teda ma prepisovat subor uchovavajuci IP adresu echo $CURRENT_IP>/tmp/ddns_saved_ip #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP. Nemenit poziciu vpisovania IP adresy do filu v ramci kodu. Vsetko je zalozene prave na tom, ze sa hodnota prepise az po uspesnom update DDNS, ak by sa prepisala este pred nim a update nezbehne, tak aktualna IP == ulozenj vo file a prva podmienka, kde sa provnavaju tieto hodnoty vyhodnoti, ze sa IP nezmenila, co bude mat za nasledok neupdatovanie DDNS. echo "Successfully updated" | tee -a $DDNS_LOG_FILE #else # TOADDR=DL-ConsoleServerNotifications@eset.com BODY='FAILED TO UPDATE DDNS RECORD, URL WITH FQDN MAY NOT WORK!!'$'\n'"Check logs in /var/tmp and see documentation on WIKI."$'\n\n'"Current settings: $OOB_HOSTNAME $CURRENT_IP" bash /etc/scripts/alert-email fi else # IP adresa sa nezmenila, netreba posielat update echo "Current IP is the same as previously saved. NOT UPDATING!" | tee -a $DDNS_LOG_FILE fi
PCAPs
https://danielmiessler.com/study/tcpdump/ tcpdump -i any -s 65535 -w /tmp/output.pcap host 1.1.1.1 tcpdump -i any -s 65535 -w /tmp/output.pcap dst port 80 tcpdump -i any -s 65535 -w /tmp/output.pcap -tttt src 8.8.8.8 /usr/sbin/tcpdump port 1813 or port 1812 -s 0 -w /tmp/name.pcap -i ens3 editcap name.pcap radius_no_header.pcap -L -C 4 -T rawip -F pcap tcprewrite --enet-dmac=00:12:13:14:15:16 --enet-smac=00:22:33:44:55:66 --infile=name.pcap --outfile=name.pcap --dlt=enet tcprewrite --dlt=enet -v --infile=/tmp/name.pcap --outfile=/tmp/name.pcap --enet-dmac=96:00:00:ba:ba:09 --enet-smac=d2:74:7f:6e:37:e3 --srcipmap=0.0.0.0/0:172.31.1.1 --dstipmap=0.0.0.0/0:95.217.7.156 --fixcsum tcpreplay -i ens3 -K --mbps 100 /tmp/name.pcap
QR codes
qrencode -o wifi.png 'WIFI:S:MySSID;T:WPA;P:MyPSSWD;;' -s 11 --foreground=25bebe
Other
cat /proc/sys/net/ipv4/icmp_echo_ignore_all