visit ilovetux.com
1. How to create a return email address when using mutt ?
# export REPLYTO=youremail@yourdomain.com
2. How to dump a website into your terminal screen ?
# elinks -dump “http://www.gmanews.tv/forex.php”
# lynx -dump “http://www.gmanews.tv/forex.php”
# links -dump “http://www.gmanews.tv/forex.php”
3. How to dump a website into a file ?
# elinks -dump “http://www.gmanews.tv/forex.php” > file1
# lynx -dump “http://www.gmanews.tv/forex.php” > file2
# links -dump “http://www.gmanews.tv/forex.php” > file3
3. How to sort batch of files containing alpha numeric characters in a file with one command ?
# cat filename101*.txt sort -n
4. How to remove duplicate lines from a file ?
# uniq < filename01.txt
5. How to force rotate of all your defined log files located in /var/log/ ?
# logrotate -f /etc/logrotate.conf
6. How to change the interval time of your daily and weekly system cron jobs ?
# vi /etc/anacrontab
7. How to start X / Gnome from terminal ?
# startx
8. How to do a whole new xorg.conf setup for your nonworking/epileptic X which was caused recent xorg.conf misconfiguration ?
# mv /etc/X11/xorg.conf /etc/X11/xorg.conf.old# gdmsetup
9. Do you have a very old and nice webtool for newbies or junior system admins?
Click here
10. How to launch and run a program into background ?
# program-name &
10. How to locate and find file(s) in CLI ?
# find /foldername -name name-of-file
Ex.# find /home -name *vertito*# locate *vertito*
11. For script kiddies who successfully hacked a box, LOL. How to know your current dropped user, shell id, group id, groups your shell belongs to after successfully hacking into a linux box?
# id
12. How to know who is currently active from ssh connection from your server ?
# w
13. How to know all your opened UDP ports and connections ?
# ss -u -a
14. What are the most commonly known world writeable and readable folders?
# cd /tmp# cd /dev/shm
So watch out for any scripts or file changes there!
15. How to build rpm package from source file (*.src.rpm) ?
# rpmbuild –rebuild *.src.rpm
Most probably, you’ll find the sources in /root/rpmbuild/SOURCES and the RPM file in /root/rpmbuild/RPMS . If not, try /usr/src/redhat/SOURCES and /usr/src/redhat/RPMS
16. How to find all files from a particular folder that contains this string and do it recursively ?
# find /home/vertito -exec grep -li myownstring {} \;
17. How to find a specific filename and delete it ?
# find / -name specific-filename.txt -exec rm -rf {} \;
18. How to trim my temporary files and delete the ones that are more than 1 month old?
# find /tmp -mtime +31 -exec rm -rf {} \;
19. How to know the descriptions, functions, and more info a a linux command ?Ex.
# man elinks# apropos elinks# whatis elinks# info elinks
20. How to know from which rpm package does a particular library belongs to ?
Ex. /lib/libcap.so
# rpm -qf /lib/libcap.so
21. How to find out interesting port of a particular host ?
# nmap host-IP-Address-here
22. How to ping one subnet class of IP address or group of IP address ?
# fping -g 192.168.100.0/27$ fping -g 192.168.1.1 192.168.1.254
23. How to know if a port is open ?
Example: port 25
# telnet IP-address 25# nc -dz IP-address 25
24. How to watch for file and file size changes of one folder live and not by email ?
# cd your-folder# watch ls -la
26. How to print line numbers of each output line of a text file ?
# cat -n yourfile.txt
27. How to negate a grep result?
# grep -v “null” yourfilename
28. How to list statistics from your network ?
# netstat -s
29. What is the country code for a particular country ?
# grep -i philippines /usr/share/zoneinfo/iso3166.tab
30. How to find out who owns and manages a particular domain ?
# whois google.com
31. How to get the resolved IP of a domain ?
# nslookup google.com# host google.com# dig google.com
32. How to say hello and goodbye to your system log file ?
# logger ‘Hello and Goodbye’
33. How to list out all your USB current connections ?
# lsusbverbose# lsusb -v
34. How to list out all your PCI card connections ?
# lspciverbose# lspci -v
35. How to lock/unlock a bash enabled user shell account ?
# passwd -l useraccount# passwd -u useraccount# passwd -S useraccount
36. How to limit and change available shell accounts for user’s shell assignment ?
# vi /etc/shells
37. How to change the default values when adding new user accounts ?
# vi /etc/default/useradd
38. How to create default files automatically every time a new user accounts is created ?
# cp /home/vertito/whateverfile.txt /etc/skel# useradd -d /home/newuser newuser
39. How to go the easy way to home folder of a particular user if you have multinested virtual home folders?
# cd ~hisusername
40. How to browse and download the whole pages of a particular WWW site in one shot ?
# wget -p –progress=dot http://www.google.com
41. How to safely mark badblocks from another ext2/ext3 linux harddisk ?
# umount /dev/other-harddisk2# e2fsck -c /dev/other-harddisk2
42. How to create a new ext3 filesytem with bad-block checking from your secondary harddisk?
# mkfs.ext3 -c /dev/other-harddisk2
43. How to compare bzip2 compressed files ?
# bzdiff file1 file2
44. How to detect hardware monitoring chips and load modules related to newly detected chips?
# sensors-detect>45. How to know if your postfix or sendmail is running ?
# ps axuw grep sendmail# ps axuw grep postfix
46. How to change the default port when spamassassin is launched?
# vi /etc/sysconfig/spamassassin
47. How to disable postfix permanently after reboot ?
# chkconfig –levels 345 postfix off
48. How to know the number of children spawned by apache ?
# ps axuw grep http wc -l
49. How to avoid a module from being loaded by kernel during startup and blacklist it permanently?
# vi /etc/modprobe.d/blacklist
50. How to quickly count all your queued mail when you box is really hogging due to spam bruteforce attacks and spam mailer?
# mailq wc -l
Monday, August 18, 2008
Securing SSH server
Disable root ssh login :
edit /etc/ssh/sshd-config
locate #PermitRootLogin yes to PermitRootLogin no
save file and restart the ssh : service sshd restart
just use sudo
Trace ssh users with most Failed Login Attempts :
#cat secure* grep 'Failed password' awk '{print $9}' sort -rn uniq -c
insert this head -10 - to list top 10 failed ssh
edit /etc/ssh/sshd-config
locate #PermitRootLogin yes to PermitRootLogin no
save file and restart the ssh : service sshd restart
just use sudo
Trace ssh users with most Failed Login Attempts :
#cat secure* grep 'Failed password' awk '{print $9}' sort -rn uniq -c
insert this head -10 - to list top 10 failed ssh
Saturday, July 26, 2008
Configuration of bind, named, dns server
This is simple guide for configuration of bind, named, dns server and so...
Let's go to install named(bind) from your linux distribution...
There is one general configuration file:
---------------------------------
/etc/named.conf
options {
directory "/var/named";
};
# named.root is available at ftp://ftp.internic.net/domain/named.root
zone "." IN {
type hint;
file "named.root";
};
# Here is zone for domain ustrem.org
zone "ustrem.org" IN {
type master;
file "ustrem.org";
allow-transfer { none; };
allow-update { none; };
};
# Here is reverse zone zone for net 192.168.2.0/255.255.255.0
zone "2.168.192.in-addr.arpa" {
type master;
file "loc";
allow-update { none; };
};
----------------------------------------------------
Here is ustrem.org's zone file
-----------------------------
/var/named/ustrem.org
$ORIGIN .
$TTL 86400 ; 1 day
ustrem.org IN SOA pns.ustrem.org. onzi.ustrem.org. (
# onzi.ustrem.org is email for contacts (onzi_at_ustrem_dot_org)
2006083102 ; serial
# This is stamp for date and time and number of day change
3600 ; refresh (8 hours)
1800 ; retry (4 hours)
86400 ; expire (5 weeks 6 days 16 hours)
3600 ; minimum (1 day)
)
NS pns.ustrem.org.
NS ns1.xname.org.
# NS records for domain
A 213.240.243.12
# This line shows "ustrem.org" is with IP 213.240.243.12
MX 10 mail.ustrem.org.
# Here is SMTP server which received mails for ustrem.org
TXT "v=spf1 mx a:mail.b-trust.org a:mailrelay.bsbg.net -all"
# This is text record for prevent from spammers and spoofers. Here is SMTP-s which sends emails from ustrem.org
$ORIGIN ustrem.org.
* A 213.240.243.12
# some-does-not-described.ustrem.org is with IP 213.240.243.12
bobi A 213.240.227.125
pns A 213.240.243.12
*.bobi CNAME bobi.ustrem.org.
boiko A 84.238.128.65
george A 213.240.242.107
laptoper4e A 192.168.2.18
mitkosipc A 192.168.2.4
pi-server A 192.168.2.15
pz A 217.10.245.249
router A 192.168.2.24
----------------------------------------------------------------------------------
Here is reverse resolv
---------------------------------------------
/var/named/loc
$ORIGIN .
$TTL 86400 ; 1 day
2.168.192.in-addr.arpa IN SOA pns.ustrem.org. onzi.ustrem.org. (
2006080302 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS pns.ustrem.org.
NS sns.ustrem.org.
$ORIGIN 2.168.192.in-addr.arpa.
4 PTR mitkosipc.ustrem.org.
18 PTR laptoper4e.ustrem.org.
15 PTR pi-server.ustrem.org.
24 PTR router.ustrem.org.
---------------------------------------------
This is enougt for BIND9 to work.
Now you can start and test it....
# dig ustrem.org @127.0.0.1
;; QUESTION SECTION:
;ustrem.org. IN A
;; ANSWER SECTION:
ustrem.org. 86400 IN A 213.240.243.12
# dig ustrem.org @127.0.0.1 MX
;; QUESTION SECTION:
;ustrem.org. IN MX
;; ANSWER SECTION:
ustrem.org. 86400 IN MX 10 mail.ustrem.org.
# dig -x 192.168.2.4 @127.0.0.1
;; QUESTION SECTION:
;4.2.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
4.2.168.192.in-addr.arpa. 86400 IN PTR mitkosipc.ustrem.org.
That is all ;)
Tuesday, July 22, 2008
Control Samba access via group rights
1. Adding and Managing user
groupadd acctg
useradd acct_user1 -m -s /bin/bash -G acctg
passwd acct_user1
smbpasswd -a acct_user1
existing user change
usermod -s /bin/bash
change .bashrc
smbpasswd
2. Adding Samba share - grouping
sudo mkdir -p /home/shares/acctg
sudo chown -R root:acctg /home/shares/acctg
#to share all user to access certain directory
sudo chmod -R ug+rw,o+rx-w /home/shares/allusers
3. Edit smb.conf - to add share
[acctg]
comment = Accounting Foldoers
path = /home/shares/acctg
valid users = @acctg
force group = acctg
create mask = 0660
directory mask = 0771
writable = yes
5. Sometimes vista OS have problem accessing Samba share edit registry
HKLM->System/CurrentControlset/control/LSA -> LMCombatibilitylevel = 3 to 1
groupadd acctg
useradd acct_user1 -m -s /bin/bash -G acctg
passwd acct_user1
smbpasswd -a acct_user1
existing user change
usermod -s /bin/bash
change .bashrc
smbpasswd
2. Adding Samba share - grouping
sudo mkdir -p /home/shares/acctg
sudo chown -R root:acctg /home/shares/acctg
#to share all user to access certain directory
sudo chmod -R ug+rw,o+rx-w /home/shares/allusers
3. Edit smb.conf - to add share
[acctg]
comment = Accounting Foldoers
path = /home/shares/acctg
valid users = @acctg
force group = acctg
create mask = 0660
directory mask = 0771
writable = yes
5. Sometimes vista OS have problem accessing Samba share edit registry
HKLM->System/CurrentControlset/control/LSA -> LMCombatibilitylevel = 3 to 1
Share Ubuntu Home Directories
1) create unix user (e.g. wsuser)
2) sudo apt-get install samba smbfs
3) sudo smbpasswd -a wsuser
4) sudo gedit /etc/samba/smbusers
#add this line
wsuser = "wsuser"
5) sudo gedit /etc/samba/smb.conf
# add two lines after "####### Authentication #######"
security = user
username map = /etc/samba/smbusers
# Uncomment below three lines
[homes]
comment = Home Directories
browseable = yes
# add line
writable = yes
Thats it you can access this maching from windows using
//linuxserver-IP/wsuser
source:
http://www.howtogeek.com/howto/ubuntu/share-ubuntu-home-directories-using-samba/
Install OpenSSH server
#sometimes installation of new services on ubuntu is block
/etc/init.d/apparmor stop
update -rc.d -f apparmor remove
#install SSHD services
sudo apt-get install openssh-server
#start services
sudo /etc/init.d/ssh restart
/etc/init.d/apparmor stop
update -rc.d -f apparmor remove
#install SSHD services
sudo apt-get install openssh-server
#start services
sudo /etc/init.d/ssh restart
Sunday, July 20, 2008
VirtualBox NAT Configuration
Sometimes it might be useful to be able to open network connections from the host machine to the guest machine. For instance the guest machine may be running a web server and it could be needed to connect to it from the host computer.
In Virtualbox, network connectivity to the guest system is usually provided by NAT. However Virtualbox NAT connectivity provides a way for the guest system to access outside network, but not a way the outside network, or even the host machine to connect to the guest.
The solution here is to use “Host Interface”. Virtualbox Host Interface is something like a “fake” network interface connecting host system and guest system. Both the operating systems see the interface as a real network interface they can use to communicate.
The setup I am describing here consists of Windows XP as Host and Gentoo Linux as Guest systems
Configure virtual machine networking
- Go to the network setup panel in the virtual machine configuration tool
- Add a new Host Interface. Just click the small icon with a “plus” near the host interfaces list. Just give a name to the interface (in the example: VirtualBoxHost 1). While the operation of adding the new interface is in progress, the actual driver of the interface will be installed, and windows will warn you about the fact that the driver itself is not certified bi Microsoft: continue anyway.
- Then select “Host Interface” in the “Attached To” combo box
- Finally select the newly created interface in the “Interface Name” combo box
Configure TCP/IP for the Virtualbox Host Interface
Before starting the virtual machine, the new interface should be configured in the Host system, just as any other network interface, assigning at least an IP address, a network mask and a default gateway. For instance: IP=10.0.0.1; Mask: 255.255.255.0; Gateway:10.0.0.1.
Configure TCP/IP for the Virtualbox Guest Interface
Now the guest system could be started. Once it is started, its network interface should be configured. In this case just disable DHCP and manually enter network configuration. For instance: IP: 10.0.0.2; Mask 255.255.255.0; Gateway: 10.0.0.1
Now the configuration is complete and you are able to open network connections freelyy between the two systems.
Virtualbox Bridging
The installation of VBox, creation of the guest and installation of Debian Etch was done in the normal fashion. Once that was completed I followed the following steps to setup networking.
I. Create Network Connection in VBox
1. Open VBox¬¬ Settings Network;
2. Click on “Attached to” and then select “Host Interfaces”;
3. In Host Interfaces click Add;
4. Type "VirtualBox Host Interface #" without the quotation marks where the # represents a number for the interface, usually 1 (on one computer the name of the virtual box host interface appeared automatically, on the other computer I had to type the information);
5. Click OK, and
6. Close VBox
II. Create a Network Bridge
1. Open Control PanelNetwork Connections;
2. While holding down Ctrl select the Local Area connection and click on the VirtualBox Host Interface;
3. Right click on one of the selected connections; and
4. From the drop-down menu select Create Network Bridge
Since I am using static IP’s on my network set up I had to configure the TCP/IP properties for the Network Bridge.
5. Right click on the Network Bridge that was just created;
6. Select TCP/IP;
7. Click on Properties;
8. Set the Static Connection Values; and
9. Close Network Connection.
III. Set Network Adapters to promiscuous mode
When VBox and the guest VM load Windows XP should put the network adapters into promiscuous mode, but sometimes this does not happen. Therefore, I think it is best to force the adapters into promiscuous mode. It is only necessary to do this once.
1. Open a Windows command prompt (StartRun and type "CMD" without the quotes and press ENTER;
2. Type "netsh bridge show adapter";
3. There will be a line of information displayed for each network adapter in the Bridge. Look for any adapter that is listed as disabled, note the number of the adapter and go to step four.
4. Type "netsh bridge set adapter # forcecompatmode=enable" for each adapter that was listed as disabled, inserting the number of the adapter for the #;
5. Type "netsh bridge show adapter" once again to check to see if your adapters have been enabled;
6. Exit the command prompt; and
7. Reboot the computer.
III. Configure the TCP/IP Properties for the Debian guest
Again, this is necessary because I am using static IP's in my LAN.
1. Open VBox;
2. Start Debian;
3. Since I have installed GNOME desktop I will open Networking by clicking DesktopAdministrationNetworking;
4. Select Ethernet Connection eth0;
5. Click on Properties;
6. Set the static configuration for the Debian VM;
7. Close Networking; and
8. Reboot Debian.
After Debian has rebooted LAN connections with the host and any other computers on the network should have been established.
That is it. It worked for me. Please let me know if you have any questions concerning this set up. I have typed these instructions from notes I made while I was setting up my computers. There may be a better way or a faster way to set this all up, but I could not find it. This is what works for me.
I. Create Network Connection in VBox
1. Open VBox¬¬ Settings Network;
2. Click on “Attached to” and then select “Host Interfaces”;
3. In Host Interfaces click Add;
4. Type "VirtualBox Host Interface #" without the quotation marks where the # represents a number for the interface, usually 1 (on one computer the name of the virtual box host interface appeared automatically, on the other computer I had to type the information);
5. Click OK, and
6. Close VBox
II. Create a Network Bridge
1. Open Control PanelNetwork Connections;
2. While holding down Ctrl select the Local Area connection and click on the VirtualBox Host Interface;
3. Right click on one of the selected connections; and
4. From the drop-down menu select Create Network Bridge
Since I am using static IP’s on my network set up I had to configure the TCP/IP properties for the Network Bridge.
5. Right click on the Network Bridge that was just created;
6. Select TCP/IP;
7. Click on Properties;
8. Set the Static Connection Values; and
9. Close Network Connection.
III. Set Network Adapters to promiscuous mode
When VBox and the guest VM load Windows XP should put the network adapters into promiscuous mode, but sometimes this does not happen. Therefore, I think it is best to force the adapters into promiscuous mode. It is only necessary to do this once.
1. Open a Windows command prompt (StartRun and type "CMD" without the quotes and press ENTER;
2. Type "netsh bridge show adapter";
3. There will be a line of information displayed for each network adapter in the Bridge. Look for any adapter that is listed as disabled, note the number of the adapter and go to step four.
4. Type "netsh bridge set adapter # forcecompatmode=enable" for each adapter that was listed as disabled, inserting the number of the adapter for the #;
5. Type "netsh bridge show adapter" once again to check to see if your adapters have been enabled;
6. Exit the command prompt; and
7. Reboot the computer.
III. Configure the TCP/IP Properties for the Debian guest
Again, this is necessary because I am using static IP's in my LAN.
1. Open VBox;
2. Start Debian;
3. Since I have installed GNOME desktop I will open Networking by clicking DesktopAdministrationNetworking;
4. Select Ethernet Connection eth0;
5. Click on Properties;
6. Set the static configuration for the Debian VM;
7. Close Networking; and
8. Reboot Debian.
After Debian has rebooted LAN connections with the host and any other computers on the network should have been established.
That is it. It worked for me. Please let me know if you have any questions concerning this set up. I have typed these instructions from notes I made while I was setting up my computers. There may be a better way or a faster way to set this all up, but I could not find it. This is what works for me.
Subscribe to:
Posts (Atom)
