Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- know-how:usefull_commands [2024/02/19 16:01] – [parted] cc
+++ know-how:usefull_commands [2024/03/28 13:56] (aktuell) – [List wireless hardware capabilities hostapd/wpad] cc
@@ Zeile 1: / Zeile 1: @@
+~~ODT~~
 ====== linux swapfile ======
   * Swapfile vergrößern
@@ Zeile 93: / Zeile 94: @@
 </code>
+  * Bridges ausschließlich mit iproute2 (thanks https://unix.stackexchange.com/a/255489)
+<code>
+ip link add name br0 type bridge
+ip link set dev br0 up
+ip link set dev lan0 master br0
+ip link set dev lan1 master br0
+#remove interface from bridge
+ip link set dev lan0 nomaster
+#remove bridge
+ip link del br0
+</code>
 ====== bonding ======
   * Debian Buster working **LACP**
@@ Zeile 1526: / Zeile 1543: @@
 <code>
 iw dev wlan0 station dump
+</code>
+====== List wireless hardware capabilities hostapd/wpad ======
+<code>
+-> iw list
+root@foo:~# iw list
+Wiphy phy1
+	wiphy index: 1
+	max # scan SSIDs: 4
+	max scan IEs length: 2257 bytes
+	max # sched scan SSIDs: 0
+	max # match sets: 0
+	Retry short limit: 7
+	Retry long limit: 4
+	....
+Wiphy phy0
+	wiphy index: 0
+	max # scan SSIDs: 16
+	max scan IEs length: 199 bytes
+	max # sched scan SSIDs: 0
+...
+</code>
+====== List/scan wireless access points hostapd/wpad ======
+  * WLANs anzeigen cli
+<code>
+ggf. ip li set dev wlanxx up
+iw dev wlanxx scan
 </code>
@@ Zeile 2453: / Zeile 2502: @@
 the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc).
+</code>
+====== cryptsetup ======
+  * Interesting read **argon2id**: https://mjg59.dreamwidth.org/66429.html?thread=2120573 , https://dys2p.com/en/2023-05-luks-security.html  , https://neilzone.co.uk/2023/04/updating-the-luks-key-derivation-function-on-debian/  , https://www.linkedin.com/pulse/how-utilize-argon2-kdf-configuration-secure-things-know-chung-mba#:~:text=%23Argon2id%20is%20much%20more%20modern,for%20CPU%20and%20RAM%20usage
+  * Getestet auf Debian Bookworm / ursprünglich **argon2i** / Stand der Technik (2024-03-11): **argon2id** / erfolgreicher **reboot** :)
+<code>
+root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksHeaderBackup /dev/crypted_partition_info  --header-backup-file /tmp/header_backup_crypted_partition_info.img
+root@mrWhiteGhost:/home/urnilxfgbez# file /tmp/header_backup_crypted_partition_info.img
+/tmp/header_backup_crypted_partition_info.img: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x9838482c38d968d1..., UUID: 123-123-123, crc 0xff.....
+root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3
+LUKS header information
+Version:       	2
+Epoch:         	3
+Metadata area: 	16384 [bytes]
+Keyslots area: 	16744448 [bytes]
+UUID:          	123-123-123
+Label:         	(no label)
+Subsystem:     	(no subsystem)
+Flags:       	(no flags)
+Data segments:
+: crypt
+	offset: 16777216 [bytes]
+	length: (whole device)
+	cipher: aes-xts-plain64
+	sector: 512 [bytes]
+Keyslots:
+: luks2
+	Key:        512 bits
+	Priority:   normal
+	Cipher:     aes-xts-plain64
+	Cipher key: 512 bits
+	PBKDF:      argon2i
+	Time cost:  4
+	Memory:     966868
+	Threads:    4
+	AF stripes: 4000
+	AF hash:    sha256
+	Area offset:32768 [bytes]
+	Area length:258048 [bytes]
+	Digest ID:  0
+Tokens:
+Digests:
+: pbkdf2
+	Hash:       sha256
+	Iterations: 85780
+root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksConvertKey /dev/nvme0n1p3 --pbkdf argon2id
+Enter passphrase for keyslot to be converted:
+root@mrWhiteGhost:/home/urnilxfgbez# echo $?
+root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3
+LUKS header information
+Version:       	2
+Epoch:         	5
+Metadata area: 	16384 [bytes]
+Keyslots area: 	16744448 [bytes]
+UUID:          	123-123-123
+Label:         	(no label)
+Subsystem:     	(no subsystem)
+Flags:       	(no flags)
+Data segments:
+: crypt
+	offset: 16777216 [bytes]
+	length: (whole device)
+	cipher: aes-xts-plain64
+	sector: 512 [bytes]
+Keyslots:
+: luks2
+	Key:        512 bits
+	Priority:   normal
+	Cipher:     aes-xts-plain64
+	Cipher key: 512 bits
+	PBKDF:      argon2id
+	Time cost:  5
+	Memory:     1048576
+	Threads:    4
+	AF stripes: 4000
+	AF hash:    sha256
+	Area offset:290816 [bytes]
+	Area length:258048 [bytes]
+	Digest ID:  0
+Tokens:
+Digests:
+: pbkdf2
+	Hash:       sha256
+	Iterations: 85780
 </code>
 ====== encrypted zip ======
@@ Zeile 2631: / Zeile 2773: @@
 </code>
+  * Update Keysize bei rsa spezifizieren zB: **4096 bit Key** : certbot renew --quiet **--rsa-key-size 4096** --post-hook "service apache2 restart"
 ====== cisco land ======
+===== Basics =====
 <code>
 -User-Exec-Modus (>)-> Privileged Exec Modus (#) mit enable
@@ Zeile 2684: / Zeile 2830: @@
 foo#
 </code>
+===== IP Assignment =====
   * Basic IP Assignment Interfaces:
@@ Zeile 2719: / Zeile 2866: @@
  ip default-gateway ip-address in global configuration
 </code>
+  * Routing: ** ip route ** {{ :know-how:ip_route_commands.pdf |}} (https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/ip_route_commands.pdf)
+  * IPV6 enable: ipv6 unicast-routing
+<code>
+ip route
+To establish static routes, use the ip route command in switch configuration mode. To remove static routes,
+use the no form of this command.
+ip route prefix mask ip-address [metric-value]
+no ip route prefix mask ip-address
+Syntax Description Specifies the IP route prefix for the destination.prefix
+Specifies the prefix mask for the destination.mask
+Specifies the IP address of the next hop that can be used to reach that network.ip-address
+Specifies the metric of the route. The default metric is 6. Valid range is from 1–255
+</code>
+  * Differences between svi and routed port (https://learningnetwork.cisco.com/s/question/0D53i00000KsoxbCAB/switching-routed-ports-and-switched-virtual-interfaces-svis)
+<code>
+SVI's support both routing and switching protocols, while routed ports do not support any layer 2 protocols (STP). An SVI is created by the interface VLAN command while a routed port by using the no switchport command in interface configuration mode.
+</code>
+===== SSH Server aktivieren =====
+  * 1024 bit Key / Username **Bob** mit passwort **cisco** / FIXME Public Keys akzeptieren , Passwort Login deaktivieren
+<code>
+Router# configure terminal
+Router(config)# hostname R1
+R1(config)# ip domain name span.com
+R1(config)# crypto key generate rsa general-keys modulus 1024
+The name for the keys will be: Rl.span.com % The key modulus size is 1024 bits
+% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
+Dec 13 16:19:12.079: %SSH-5-ENABLED: SSH 1.99 has been enabled
+R1(config)#
+R1(config)# username Bob secret cisco
+R1(config)# line vty 0 4
+R1(config-line)# login local
+R1(config-line)# transport input ssh
+R1(config-line)# exit
+R1(config)#
+</code>
+===== netstat / Dienste deaktivieren =====
+  * **Achtung** Quote von Cisco
+<code>
+Router# show ip ports all
+Proto Local Address               Foreign Address             State       PID/Program Name
+TCB       Local Address               Foreign Address             (state)
+tcp   :::443                     :::*                        LISTEN      309/[IOS]HTTP CORE
+tcp   *:443                      *:*                         LISTEN      309/[IOS]HTTP CORE
+udp   *:67                        0.0.0.0:0                               387/[IOS]DHCPD Receive
+Router#
+IOS versions prior to IOS-XE use the show control-plane host open-ports command. We mention this command because you may see it on older devices. The output is similar. However, notice that this older router has an insecure HTTP server and Telnet running. Both of these services should be disabled. As shown in the example, disable HTTP with the no ip http server global configuration command. Disable Telnet by specifying only SSH in the line configuration command, transport input ssh.
+Router# show control-plane host open-ports
+Active internet connections (servers and established)
+Prot        Local Address      Foreign Address                  Service    State
+ tcp                 *:23                  *:0                   Telnet   LISTEN
+ tcp                 *:80                  *:0                HTTP CORE   LISTEN
+ udp                 *:67                  *:0            DHCPD Receive   LISTEN
+Router# configure terminal
+Router(config)# no ip http server
+Router(config)# line vty 0 15
+Router(config-line)# transport input ssh
+</code>
+===== show / infos anzeigen =====
+<code>
+show running-config
+To verify the current configuration and settings
+show interfaces
+To verify the interface status and see if there are any error messages
+show ip interface
+To verify the Layer 3 information of an interface
+show arp
+To verify the list of known hosts on the local Ethernet LANs
+show ip route
+To verify the Layer 3 routing information
+show protocols
+To verify which protocols are operational
+show version
+To verify the memory, interfaces, and licences of the device
+</code>
 ====== sed ======
   * Regex Search and Replace alle matches e.g.