Damme's linux stuff

From World Wide Wiegert Wiki - WWWW
Jump to: navigation, search

Unicode

https://unicode-table.com/en/

  • ✓ Check Mark tick, checkmark U+2713
  • ⏎ Return Symbol U+23CE
  • ⮰ Ribbon Arrow Down Left U+2BB0
  • ␍ Symbol for Carriage Return U+240D
  • ™ Trade Mark Sign Emoji trademark, tm U+2122
  • © Copyright Sign Emoji copy, (c) U+00A9
  • ▀ U+2580 ▁ U+2581 ▂ U+2582 ▃ U+2583 ▄ U+2584 ▅ U+2585 ▆ U+2586 ▇ U+2587 █ U+2588 ▉ U+2589 ▊ U+258A ▋ U+258B ▌ U+258C ▍ U+258D ▎ U+258E ▏ U+258F ▐

Alias and bash-functions

alias ls='ls --group-directories-first -hF --color=auto'
alias more='less'
alias nano='nano -w'
alias du='du -c -h'
alias diff='diff --color=auto'
alias grep='grep --color=auto -ni'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
alias free='free -h'
alias ip='ip -color=auto'
alias ll='ls -l'
alias la='ls -A'
alias l='ls -lrtha'


function cdl(){
  cd "$1"
  ls
}

function cdal(){
  cd "$1"
  ls -al
}

Text manipulation

sed -e # Show result, Will not change anything

sed -i 's/[Search]/[Replace]/g' [File]
sed -i '/[row containing]/ s/$/ [append]/' [File] # append to end of line of search

SSH

SOCKS5 proxy

ssh -C -N -D [local port] [name]@[server]

Generate SSH keys

ssh-keygen -N '' -f ~/.ssh/id_rsa #generate all keys - don't ask for passkey, save in ~/.ssh/id_rsa

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub # if ~/.ssh/id_rsa.pub is missing!

ssh-copy-id user@host # copy local 'id_rsa.pub' to remote host '~/.ssh/authorized_keys'

ssh-keygen -A # for server

sshpiper auth process: 

(client)[id_rsa.pub] -> (sshpiper)[authorized_keys] [id_rsa.pub] -> (target) [authorized_keys]

pacman

pacman -F $filename # Search package including $filename:
pacman -Ss $package # Search $package
pacman -S $package # Install $package
pacman -R $package # Remove $package

Filesystems and LVM

MDADM

Growing -> https://raid.wiki.kernel.org/index.php/Growing

LVM

lvcreate --type cache --cachemode writethrough -L 20G -n dataLV_cachepool dataVG/dataLV /dev/fast
# writethrough ensures that any data written will be stored both in the cache pool LV and on the origin LV. The loss of a device associated with the cache pool LV in this case would not mean the loss of any data;
# writeback ensures better performance, but at the cost of a higher risk of data loss in case the drive used for cache fails.

lvresize --resizefs vg/lv

Docker

docker ps [-a/--all] # print (all) running containers
docker exec -it [container_id] /bin/bash # run shell in container#

Generate rsa keys for encrypted communication between 

export PASS=SuperSecret
export SUBJ='/C=SE/L=Skällinge/O=Unimatrix'
export DAYS=3650

openssl genrsa -aes256 -out ca-key.pem -passout pass:$PASS 4096
openssl req -new -x509 -days $DAYS -key ca-key.pem -sha256 -out ca.pem -passin pass:$PASS -subj $SUBJ

openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOSTNAME" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$HOSTNAME,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out server-cert.pem -extfile extfile.cnf -passin pass:$PASS

#client:
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days $DAYS -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS

netcat

echo "test" | nc wiegert.link 12345 # client
nc -l 12345 -k # listener server, k = continuous

systemd

systemctl edit --full lvm2-lvmetad.service # edit service
systemctl edit lvm2-lvmetad.service # edit service override
systemctl daemon-reload # Reload systemd manager configuration

Other stuff

Fixperm on files (664) and folders (775): 

find . -type d -exec chown root:share {} \; -exec chmod 775 {} \;
find . -type f -exec chown root:share {} \; -exec chmod 664 {} \;

docker + kvm + networking = :( https://serverfault.com/questions/963759/docker-breaks-libvirt-bridge-network

pfsense port forwarding while not being default gw: https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat.html#figure-manual-outbound-nat-local-device

smtprelay via gmail with postfix mailutils, s-nail https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/

Nut sending mails -> https://freekode.org/nut-sending-emails/

stop brute-force attacks -> https://wiki.archlinux.org/index.php/Fail2ban

Server Queen Specific changes

  • Added "TimeoutSec=900" in [Service]-Section /etc/systemd/system/lvm2-lvmetad.service , otherwise shutdown takes too long time and lvmetad gets killed instead of clean shutdown, Results in failed lv which needs lvchange -ay [lvm] or worse - lvconvert --repair.
  • Docker /etc/docker/daemon.json added "iptables": false. Docker kills kvm bridges without it.
  • udev rules:
# /etc/udev/rules.d/89-usb.rules
#ups and TI zigbee module fix:
KERNEL=="ttyACM*", SUBSYSTEM=="tty", ENV{ID_USB_INTERFACE_NUM}=="00", ENV{ID_VENDOR_ID}=="0451", SYMLINK+="TIherdsman"
KERNEL=="ttyACM*", SUBSYSTEM=="tty", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{ID_VENDOR_ID}=="0451", SYMLINK+="TImcu"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="047c", ATTRS{idProduct}=="ffff", SYMLINK+="DellUPS0", MODE="0666"

# /etc/udev/rules.d/99-bridge.rules
# reload sysctl if br_netfilter is loaded, wierd stuff happens otherwise.
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/sbin/sysctl --system"

# /usr/lib/udev/rules.d/11-dm-lvm.rules
# Create symlinks for top-level devices only.
## EDIT BY DAMME 2020-07-22 to populate partitions for libvirt
ENV{DM_VG_NAME}=="?*", ENV{DM_LV_NAME}=="?*", SYMLINK+="$env{DM_VG_NAME}/$env{DM_LV_NAME}"
ENV{DM_VG_NAME}=="?*", ENV{DM_LV_NAME}=="?*", RUN+="/sbin/kpartx -un /dev/%E{DM_VG_NAME}/%E{DM_LV_NAME}", GOTO="lvm_end"
Retrieved from "https://wiki.wiegert.link/index.php?title=Damme%27s_linux_stuff&oldid=118"