Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- know-how:linux [2024/01/02 09:14] – [Konfiguration] cc
+++ know-how:linux [2024/03/20 12:44] (aktuell) – [gvm - openvas] cc
@@ Zeile 1: / Zeile 1: @@
+~~ODT~~
 ====== Read Only Root ======
   * Getestet mit Debian Buster
@@ Zeile 1056: / Zeile 1057: @@
 md manage:   INFO:2023-08-07 10h40.13 utc:1147: update_scap: Updating data
 ...
+</code>
+  * Upgrade Cluster von 15 auf 16 - ohne Neuinstallation (gvmd kann nicht gestartet werden) / Vorsicht über SSH !
+  * https://bugs.kali.org/view.php?id=8549
+<code>
+root@pentest:~# pg_lsclusters
+Ver Cluster Port Status Owner    Data directory              Log file
+  main    5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log
+  main    5433 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log
+root@pentest:~# pg_dropcluster 16 main --stop
+root@pentest:~# pg_upgradecluster 15 main
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Stopping old cluster...
+Restarting old cluster with restricted connections...
+Notice: extra pg_ctl/postgres options given, bypassing systemctl for start operation
+Creating new PostgreSQL cluster 16/main ...
+/usr/lib/postgresql/16/bin/initdb -D /var/lib/postgresql/16/main --auth-local peer --auth-host scram-sha-256 --no-instructions --encoding UTF8 --lc-collate en_GB.UTF-8 --lc-ctype en_GB.UTF-8 --locale-provider libc
+The files belonging to this database system will be owned by user "postgres".
+This user must also own the server process.
+The database cluster will be initialized with locale "en_GB.UTF-8".
+The default text search configuration will be set to "english".
+Data page checksums are disabled.
+fixing permissions on existing directory /var/lib/postgresql/16/main ... ok
+creating subdirectories ... ok
+selecting dynamic shared memory implementation ... posix
+selecting default max_connections ... 100
+selecting default shared_buffers ... 128MB
+selecting default time zone ... Europe/Vienna
+creating configuration files ... ok
+running bootstrap script ... ok
+performing post-bootstrap initialization ... ok
+syncing data to disk ... ok
+Copying old configuration files...
+Copying old start.conf...
+Copying old pg_ctl.conf...
+Starting new cluster...
+Notice: extra pg_ctl/postgres options given, bypassing systemctl for start operation
+Running init phase upgrade hook scripts ...
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Roles, databases, schemas, ACLs...
+WARNING:  database "postgres" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+WARNING:  database "gvmd" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+WARNING:  database "postgres" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+ set_config
+------------
+(1 row)
+ set_config
+------------
+(1 row)
+ set_config
+------------
+(1 row)
+ set_config
+------------
+(1 row)
+Fixing hardcoded library paths for stored procedures...
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Upgrading database template1...
+WARNING:  database "template1" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Fixing hardcoded library paths for stored procedures...
+WARNING:  database "gvmd" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Upgrading database gvmd...
+WARNING:  database "gvmd" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Fixing hardcoded library paths for stored procedures...
+WARNING:  database "postgres" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Upgrading database postgres...
+WARNING:  database "postgres" has a collation version mismatch
+DETAIL:  The database was created using collation version 2.36, but the operating system provides version 2.37.
+HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
+Stopping target cluster...
+Stopping old cluster...
+Disabling automatic startup of old cluster...
+Starting upgraded cluster on port 5432...
+Running finish phase upgrade hook scripts ...
+vacuumdb: processing database "gvmd": Generating minimal optimizer statistics (1 target)
+vacuumdb: processing database "postgres": Generating minimal optimizer statistics (1 target)
+vacuumdb: processing database "template1": Generating minimal optimizer statistics (1 target)
+vacuumdb: processing database "gvmd": Generating medium optimizer statistics (10 targets)
+vacuumdb: processing database "postgres": Generating medium optimizer statistics (10 targets)
+vacuumdb: processing database "template1": Generating medium optimizer statistics (10 targets)
+vacuumdb: processing database "gvmd": Generating default (full) optimizer statistics
+vacuumdb: processing database "postgres": Generating default (full) optimizer statistics
+vacuumdb: processing database "template1": Generating default (full) optimizer statistics
+Success. Please check that the upgraded cluster works. If it does,
+you can remove the old cluster with
+    pg_dropcluster 15 main
+Ver Cluster Port Status Owner    Data directory              Log file
+  main    5433 down   postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log
+Ver Cluster Port Status Owner    Data directory              Log file
+  main    5432 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log
+root@pentest:~# pg_dropcluster 15 main
+root@pentest:~# pg_lsclusters
+Ver Cluster Port Status Owner    Data directory              Log file
+  main    5432 online postgres /var/lib/postgresql/16/main /var/log/postgresql/postgresql-16-main.log
 </code>
@@ Zeile 1739: / Zeile 1886: @@
 </code>
-  * Anpassen von **/usr/lib/nagios/plugins/check_dht.py** auf python3 u. adafruit_dht / Daten PIN ist GPIO 2 - siehe: https://www.elektronik-kompendium.de/sites/raspberry-pi/2002191.htm **quick and dirty**
+  * Anpassen von **/usr/lib/nagios/plugins/check_dht.py** auf python3 u. adafruit_dht / Daten PIN ist GPIO 2 - siehe: https://www.elektronik-kompendium.de/sites/raspberry-pi/2002191.htm **quick and dirty** / Hin und wieder wirft er eine Exception beim lesen der Sensorwerte deshalb der erneute Aufruf von main mit dem try catch block
 <code>
@@ Zeile 1779: / Zeile 1926: @@
 def main():
-    parser = argparse.ArgumentParser(description='Nagios plugin to check DHT sensors using Adafruit DHT driver')
+    try:
-    parser.add_argument('-s', '--sensor', required=False, help='Sensor to use (supported sensors: 11, 22, 2302)', default='22')
+      parser = argparse.ArgumentParser(description='Nagios plugin to check DHT sensors using Adafruit DHT driver')
-    parser.add_argument('-p', '--pin', required=False, help='GPIO pin number (example: -p 4)', default='4')
+      parser.add_argument('-s', '--sensor', required=False, help='Sensor to use (supported sensors: 11, 22, 2302)', default='22')
-    parser.add_argument('-w', '--warning', required=False, help='warning threshold for temperature and humidity (example: -w 25,80)', default='25,80')
+      parser.add_argument('-p', '--pin', required=False, help='GPIO pin number (example: -p 4)', default='4')
-    parser.add_argument('-c', '--critical', required=False, help='warning threshold for temperature and humidity (example: -c 30,85)', default='30,85')
+      parser.add_argument('-w', '--warning', required=False, help='warning threshold for temperature and humidity (example: -w 25,80)', default='25,80')
-    args = parser.parse_args()
+      parser.add_argument('-c', '--critical', required=False, help='warning threshold for temperature and humidity (example: -c 30,85)', default='30,85')
+      args = parser.parse_args()
-    sensor = args.sensor
-    #Predefined position of PIN
-    pin = 'D2'
-    warningTemp = args.warning.split(',')[0]
-    warningHum = args.warning.split(',')[1]
-    criticalTemp = args.critical.split(',')[0]
-    criticalHum = args.critical.split(',')[1]
-    dhtboard = getattr(board,pin)
+      sensor = args.sensor
-    dhtDevice = adafruit_dht.DHT22(dhtboard,use_pulseio=False)
+      #Predefined position of PIN
+      pin = 'D2'
+      warningTemp = args.warning.split(',')[0]
+      warningHum = args.warning.split(',')[1]
+      criticalTemp = args.critical.split(',')[0]
+      criticalHum = args.critical.split(',')[1]
-    hum, temp = dhtDevice.humidity, dhtDevice.temperature
+      dhtboard = getattr(board,pin)
+      dhtDevice = adafruit_dht.DHT22(dhtboard,use_pulseio=False)
+      hum, temp = dhtDevice.humidity, dhtDevice.temperature
+    except RuntimeError:
+      time.sleep(5)
+      main()
     if not re.match("\d+\.\d+", str(temp)):
         exitCheck(3, 'could not read temperature and humidity values')
@@ Zeile 3434: / Zeile 3585: @@
 ===== Welche Branches gibt es ?  =====
   * https://git.openwrt.org/?p=openwrt/openwrt.git
-  * **openwrt-22.03** currently stable
+  * **openwrt-23.05 ** currently stable
-  * **openwrt-21.02** old stable
+  * **openwrt-22.03** old stable
 <code>
-heads
+hours ago 	main 	shortlog | log | tree
-hours ago 	openwrt-21.02 	shortlog | log | tree
+ hours ago 	master 	shortlog | log | tree
- hours ago 	master 	shortlog | log | tree
+ hours ago 	openwrt-23.05 	shortlog | log | tree
- hours ago 	openwrt-22.03 	shortlog | log | tree
+days ago 	openwrt-22.03 	shortlog | log | tree
- months ago 	openwrt-19.07 	shortlog | log | tree
+months ago 	openwrt-21.02 	shortlog | log | tree
-months ago 	openwrt-18.06 	shortlog | log | tree
+ months ago 	openwrt-19.07 	shortlog | log | tree
- years ago 	lede-17.01 	shortlog | log | tree
+years ago 	openwrt-18.06 	shortlog | log | tree
+ years ago 	lede-17.01 	shortlog | log | tree
 </code>
@@ Zeile 3479: / Zeile 3631: @@
 #make defconfig;make oldconfig
 </code>
+===== VLANs =====
+  * Getestet auf **TP-Link EAP225** (https://www.amazon.de/-/en/gp/product/B01LLAK1UG) und **  OpenWrt 21.02-SNAPSHOT, r16399-c67509efd7 **
+  * Ich möchte quasi ein WLAN am AccessPort untagged und ein WLAN am  virtuellen Port tagged im VLAN 27 / WLAN werden entweder in interface lan oder multi gehängt
+<code>
+..
+config device
+	option name 'br-lan'
+	option type 'bridge'
+	list ports 'eth0'
+config device
+        option name 'br-multi'
+        option type 'bridge'
+        list ports 'eth0.27'
+config interface 'multi'
+        option device 'br-multi'
+        option proto 'none'
+config interface 'lan'
+	option device 'br-lan'
+	option proto 'dhcp'
+..
+</code>
 ===== Bugland =====
@@ Zeile 4206: / Zeile 4385: @@
 Apr 03 09:35:28 firewall clamd[50896]: WARNING: Ignoring deprecated option ScanOnAccess at /etc/clamav/clamd.conf:60
 </code>
-====== Notification mail nach Login via SSH ======
+====== NetworkManager ======
+  * Getestet auf Debian 12 Bookworm
+  * Ich möchte alle dns queries loggen - mit dnsmasq  (man NetworkManager.conf)
+  * /etc/NetworkManager/NetworkManager.conf
+<code>
+[main]
+...
+dns=dnsmasq
+...
+</code>
+  * Nach einem restart vom NetworkManger startet er eine eigene dnsmasq Instanz als **nobody** e.g.
+<code>
+/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
+</code>
+  * Fürs logging erstellen wir ** /etc/NetworkManager/dnsmasq.d/queries.conf **
+<code>
+log-queries=extra
+log-async
+</code>
+  * Auf meiner Maschine erhalte ich nun alle queries unter zB: **tail -f /var/log/syslog | grep dnsmasq**
+<code>
+Feb 26 11:41:43 mrWhiteGhost dnsmasq[7898]: 1788 127.0.0.1/40860 query[A] doku.pannoniait.at from 127.0.0.1
+Feb 26 11:41:43 mrWhiteGhost dnsmasq[7898]: 1788 127.0.0.1/40860 cached doku.pannoniait.at is 188.40.28.234
+Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: 1789 127.0.0.1/53721 query[A] safebrowsing.googleapis.com from 127.0.0.1
+Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: 1789 127.0.0.1/53721 forwarded safebrowsing.googleapis.com to 192.168.179.2
+Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: 1789 127.0.0.1/53721 reply safebrowsing.googleapis.com is 142.250.184.202
+</code>
+====== openssh ======
+  * Notification mail nach Login via SSH
 <code>
 root@firewall:~# cat /etc/ssh/sshrc
@@ Zeile 4214: / Zeile 4430: @@
 </code>
+  * Ausführen von bestimmten Skript nach Login über SSH
+<code>
+...
+Match User username123
+ ForceCommand /usr/local/bin/script.sh
+...
+</code>
 ====== XRDP Remote Desktop Server mit Kerberos im AD - terminalserver ======
       * Wir wollen in einer Active Directory Umgebung einen Open Source Remote Desktop Server bei dem sich alle Mitglieder der Domäne mit ihren gewohnten Zugangsdaten einloggen können
@@ Zeile 5331: / Zeile 5555: @@
 </code>
-  * **Achtung** Traffic Shaping (für CONNECT Zugriffe) funktioniert seit squid4 nicht mehr - https://squid-users.squid-cache.narkive.com/a9Ro3fM3/delay-pools-in-squid4-not-working-with-https **there's a bug for that**
+  * **Achtung** Traffic Shaping (für CONNECT Zugriffe) funktioniert seit squid4 nicht mehr - https://squid-users.squid-cache.narkive.com/a9Ro3fM3/delay-pools-in-squid4-not-working-with-https **there's a bug for that**  *
+  * **Achtung** Traffic Shaping (für CONNECT Zugriffe) scheint seit squid 5.7 wieder zu funktionieren - getestet mit Debian Bookworm
   * **/etc/squid/cache_domains/windowsupdate.acl**
@@ Zeile 7016: / Zeile 7240: @@
 </code>
-===== Konfiguration =====
+===== Agent - Konfiguration =====
   * **ActiveAgent** / Der Agent stellt eine Verbindung zum Monitoring Server her (TCP Port 10051) , per Default **unverschlüsselt**
@@ Zeile 7046: / Zeile 7270: @@
 </code>
   * Random agentd.psk Key: **openssl rand -hex 32**
+===== Custom Item - Konfiguration =====
+  * Am Beispiel der Brennenstuhl IP Leiste für den Verbrauch / Ich möchte den Verbrauch ebenfalls im Zabbix erfassen um entsprechende Grafiken zu gewinnen
+{{:know-how:0-zabbix-custom-item-configuration.png?400|}}
+{{:know-how:1-zabbix-custom-item-host.png?400|}}
+{{:know-how:2-zabbix-custom-item-create-item.png?400|}}
+{{:know-how:3-zabbix-custom-item-create-config-oid-preprocessor.png?400|}}
+{{:know-how:4-zabbix-custom-item-create-config-oid-preprocessor.png?400|}}
+{{:know-how:5-zabbix-custom-item-create-config-oid-test-values.png?400|}}
+===== HPE 1950 OfficeConnect =====
+  * Grundsätzlich ein H3C Switch - Template: **HP Comware HH3C by SNMP**
+  * **Achtung** , Anpassung bei Network Interface Discovery notwendig für Bits sent / Bits received
+  * **snmpwalk** ist dein Freund :)
+{{:know-how:0_zabbix_comware_snmp.png?400|}}
+{{:know-how:1_zabbix_comware_bits_received.png?400|}}
+{{:know-how:2_zabbix_comware_bits_sent.png?400|}}