Linux

From Personal Wiki
Jump to navigation Jump to search

DNS

cat /etc/resolv.conf
dig nic.cz
dig nic.cz @1.1.1.1
dig @1.1.1.1 nic.cz A
dig @1.1.1.1 nic.cz +trace
dig @1.1.1.1 nic.cz +qr
dig @1.1.1.1 nic +qr +subnet=1.2.3.4/32

resperf-report -s 89.145.160.250 -d /root/benchmark/dataset -C 100 -m 20000 -r 60 -c 10

Routes

Add route

route add -net 198.161.1.0 netmask 255.255.255.0 gw 192.168.206.1 eno1
ip route add 198.161.1.0/24 via 198.168.206.1 dev eno1

IPSec routes

ip xfrm policy
ip xfrm status
ip route list table 220

Interfaces

Interface create

auto br0
iface br0 inet static
  bridge_ports lo0
  address 192.168.100.1
  netmask 255.255.255.0
  broadcast 192.168.100.255
  gateway 192.168.100.1

Interface WOL

iface enp0s31f6
 /sbin/ethtool -s enp0s31f6 wol g

Interfaces UP/DOWN

ifconfig eth0 up

ifdown eth0
ifup eth0

ip link add dev lo1 type dummy
ip address add dev lo1 10.10.20.1/24
ip link set up lo1

systemctl restart network

nmcli con show
nmcli con down 'Wired connection 1'
nmcli dev status

Show all interfaces

ls /sys/class/net
ip a
ifconfig
ip link show

Firewall

https://help.ubuntu.com/community/UFW

https://www.osetc.com/en/linux-iptables-insert-rule-at-a-specific-position-prepend-firewall-rule.html

https://sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/

https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules

iptables -S
iptables -L INPUT -n -v --line-numbers
iptables -I INPUT 1 -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -s 192.168.1.0/24 --dport 443 -j ACCEPT
iptables -I IN_public_allow 25 -p tcp -s 1.1.1.1/24 --dport 53 -j ACCEPT
iptables -D INPUT 1

ufw status numbered
ufw delete 30
ufw allow from 192.168.1.0/24 proto tcp to any port 80
ufw allow from 192.168.1.0/24 proto tcp to any port 443
sudo ufw reload

nft list ruleset
nft list table ip filter -n -a
nft add rule ip filter INPUT position 1 saddr 192.168.1.0/24 tcp dport 80 accept 
nft add rule ip filter INPUT position 1 saddr 192.168.1.0/24 tcp dport 443 accept 

firewall-cmd --list-services
firewall-cmd --list-all
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --state
systemctl status firewalld
firewall-config

Netstat

Netstat to show all local listening ports and IP addresses

numeric ports, only listening, TCP, with PID
netstat -plnta

UDP
netstat -plnua

IPSec (Strongswan)

ipsec statusall
ipsec restart
/etc/init.d/ipsec start

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -p
sysctl -a

Autostart

For autostarting GUI application is better to use desktop file than service (systemd)

mkdir ~/.config/autostart
sudo chmod 777 .config/autostart

place file "chromium.desktop" there
[Desktop Entry]
Name=Zabbix
Type=Application
Comment=Zabbix
Categories=Applications
Exec=/usr/bin/chromium-browser --start-fullscreen --disable-infobars --noerrdialogs myweb.com
Terminal=false
StartupNotify=false
Icon=/home/pi/Documents/zabbix_logo.png

Clonezilla

cat mmcblk0p2.ext4-ptcl-img.gz.a* | gzip -d -c | partclone.restore -W -o /tmp/img2 -L /tmp/log

SSH

ssh-keygen -t rsa -C "backup-ro" -b 8192 -f .ssh/backup-ro

WOL

Enable WoL in TLP. When using TLP for suspend/hibernate, the WOL_DISABLE setting should be set to N in /etc/default/tlp to allow resuming the computer with WoL.

/etc/network/interfaces

iface eth0 inet static
 /sbin/ethtool -s eth0 wol g

DDNS Script

  1. Copy script to /etc/config via WinSCP
    Alternatively in Opengear CLI/SSH issue:
    vi /etc/config/ddns_update_script.sh
    paste with right click, push ESC button, then ":wq" and Enter
  2. Copy aws.crt to /etc/config or paste its content same as described in previous point
  3. Issue commands:
     chmod +x /etc/config/ddns_update_script.sh
    crontab -l | { cat; echo "* * * * * /etc/config/ddns_update_script.sh"; }| crontab -
#!/bin/bash

####VARIABLES####
AUTHORIZATION_CURL='psswd12134' #Autentizacny kod do AWS
DDNS_BASE_URL='https://dgkb3peng0.execute-api.us-east-1.amazonaws.com/v1/nic/update?' #URL do AWS
DDNS_HOSTNAME='bai-2-oob01.ddns.eset.com' #Hostname na prihlasenie
DDNS_STATUS_FILE='/tmp/ddns_script_HTTPstatus' #Subor, ktory uchovava odpoved z AWS, ci bol update uspesny alebo zlyhal
DDNS_LOG_FILE='/tmp/ddns_script_log' #Subor uchovavajuci chybove vystupy
OOB_HOSTNAME="$(hostname)"
SAVED_IP="$(cat /tmp/ddns_saved_ip)" #Subor uchovavajuci predchadzajucu hodnotu IP adresy, podla nej sa rozhoduje, ci sa aktualna adresa zmenila a podla toho sa posiela updatedo AWS alebo sa program len ukonci
INTERFACE="eth0" #Sietove rozhranie, ktoreho IP sa bude updatovat
CURRENT_IP="$(/bin/ip -o -4 addr list $INTERFACE | awk '{print $4}' | cut -d/ -f1)" #Vyextrahovanie IP adresy z /bin/ip
UPDATE_IP_LOCAL_FILE=1 #Bool hodnota, default 1 znamena, ze sa prepise hodnota IP adresy v subore definovanom v premennej SAVED_IP

echo "$(date)" > $DDNS_LOG_FILE #Vypis na konzolu (datum) a vystup do suboru
echo "Previously saved IP: "$SAVED_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
echo "Current IP: "$CURRENT_IP | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
if [[ $CURRENT_IP = "" ]]; then
  echo "Interface does not exist or is not configured with IP!" | tee -a $DDNS_LOG_FILE #Vypis na konzolu a vystup do suboru
  exit 1
fi
if [[ $SAVED_IP != $CURRENT_IP ]]; then #Porovanie, ak sa aktualna IP z /bin/ip nezhoduje s ulozenou v subore, treba urobit update. Znamena to, ze sa IP zmenila, alebo bol reboot systemu, vtedy sa totiz vymaze /tmp/ddns_saved_ip
  echo "Current IP is different than previously saved. UPDATING!"
  DDNS_CONCATENATE_URL="${DDNS_BASE_URL}hostname=${DDNS_HOSTNAME}&myip=${CURRENT_IP}" #Zretazenie URL, ktora sa posiela do AWS
  curl -H "Authorization: Basic $AUTHORIZATION_CURL" $DDNS_CONCATENATE_URL --cacert /etc/config/aws.crt > $DDNS_STATUS_FILE 2>>$DDNS_LOG_FILE #Poslanie HTTP request pomocou utility curl, specifikovanie certu a presmerovanie standard output a standard error
  if [[ $? -ne 0 ]]; then #Ak nie je navratova hodnota curl 0 - bezchybne skoncenie, nastal problem
    echo "Error with CURL. CHECK THE PROBLEM!" | tee -a $DDNS_LOG_FILE  #Vystup na konzolu a do suboru
    UPDATE_IP_LOCAL_FILE=0 #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP
  fi
  cat $DDNS_STATUS_FILE | grep '{"status": 200,' > /dev/null #Zistenie ci HTTP odpoved je 200, teda prebehol update DDNS
  if [[ $? -eq 1 ]] && [[ -e $DDNS_STATUS_FILE ]]; then #Ak predchadzajuci cmd  vrati 1 (nebola odpoved 200 OK neprebehol update) a zaroven existuje subor s odpovedou zo servera (v pripade restartu-neexistuje)
    echo "DDNS HTTP update status was not '200 OK'. CHECK THE PROBLEM! HTTP status message in "$DDNS_STATUS_FILE"" | tee -a $DDNS_LOG_FILE #Vystup na konzolu a do suboru
    UPDATE_IP_LOCAL_FILE=0
  fi
  if [[ $UPDATE_IP_LOCAL_FILE -eq 1 ]]; then #Test ci je bool hodnota 1, teda ma prepisovat subor uchovavajuci IP adresu
    echo $CURRENT_IP>/tmp/ddns_saved_ip #Zmena bool hodnoty, nebude sa prepisovat subor /tmp/ddns_saved_ip uchovavajuci zmenu IP. Nemenit poziciu vpisovania IP adresy do filu v ramci kodu. Vsetko je zalozene prave na tom, ze sa hodnota prepise az po uspesnom update DDNS, ak by sa prepisala este pred nim a update nezbehne, tak aktualna IP == ulozenj vo file a prva podmienka, kde sa provnavaju tieto hodnoty vyhodnoti, ze sa IP nezmenila, co bude mat za nasledok neupdatovanie DDNS. 
    echo "Successfully updated" | tee -a $DDNS_LOG_FILE
  #else
  #  TOADDR=DL-ConsoleServerNotifications@eset.com BODY='FAILED TO UPDATE DDNS RECORD, URL WITH FQDN MAY NOT WORK!!'$'\n'"Check logs in /var/tmp and see documentation on WIKI."$'\n\n'"Current settings: $OOB_HOSTNAME $CURRENT_IP" bash /etc/scripts/alert-email
  fi
else # IP adresa sa nezmenila, netreba posielat update
  echo "Current IP is the same as previously saved. NOT UPDATING!" | tee -a $DDNS_LOG_FILE
fi

PCAPs

https://danielmiessler.com/study/tcpdump/
tcpdump -i any -s 65535 -w /tmp/output.pcap host 1.1.1.1
tcpdump -i any -s 65535 -w /tmp/output.pcap dst port 80
tcpdump -i any -s 65535 -w /tmp/output.pcap -tttt src 8.8.8.8 
/usr/sbin/tcpdump port 1813 or port 1812 -s 0 -w /tmp/name.pcap -i ens3

editcap name.pcap radius_no_header.pcap -L -C 4 -T rawip -F pcap
tcprewrite --enet-dmac=00:12:13:14:15:16 --enet-smac=00:22:33:44:55:66 --infile=name.pcap --outfile=name.pcap --dlt=enet
tcprewrite --dlt=enet -v --infile=/tmp/name.pcap --outfile=/tmp/name.pcap --enet-dmac=96:00:00:ba:ba:09 --enet-smac=d2:74:7f:6e:37:e3 --srcipmap=0.0.0.0/0:172.31.1.1 --dstipmap=0.0.0.0/0:95.217.7.156 --fixcsum
tcpreplay  -i ens3 -K --mbps 100 /tmp/name.pcap

QR codes

qrencode -o wifi.png 'WIFI:S:MySSID;T:WPA;P:MyPSSWD;;' -s 11 --foreground=25bebe

Other

cat /proc/sys/net/ipv4/icmp_echo_ignore_all