Pannonia IT Knowledgebase

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
know-how:usefull_commands

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
know-how:usefull_commands [2024/03/07 14:28] – [IP Assignment] ccknow-how:usefull_commands [2024/03/28 13:56] (aktuell) – [List wireless hardware capabilities hostapd/wpad] cc
Zeile 1543: Zeile 1543:
 <code> <code>
 iw dev wlan0 station dump iw dev wlan0 station dump
 +</code>
 +
 +====== List wireless hardware capabilities hostapd/wpad ======
 +
 +<code>
 +-> iw list
 +
 +root@foo:~# iw list
 +Wiphy phy1
 + wiphy index: 1
 + max # scan SSIDs: 4
 + max scan IEs length: 2257 bytes
 + max # sched scan SSIDs: 0
 + max # match sets: 0
 + Retry short limit: 7
 + Retry long limit: 4
 + ....
 +Wiphy phy0
 + wiphy index: 0
 + max # scan SSIDs: 16
 + max scan IEs length: 199 bytes
 + max # sched scan SSIDs: 0
 +...
 +
 +
 +</code>
 +====== List/scan wireless access points hostapd/wpad ======
 +  * WLANs anzeigen cli
 +
 +<code>
 +ggf. ip li set dev wlanxx up
 +iw dev wlanxx scan
 </code> </code>
  
Zeile 2470: Zeile 2502:
  
 the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc). the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc).
 +</code>
 +====== cryptsetup ======
 +  * Interesting read **argon2id**: https://mjg59.dreamwidth.org/66429.html?thread=2120573 , https://dys2p.com/en/2023-05-luks-security.html  , https://neilzone.co.uk/2023/04/updating-the-luks-key-derivation-function-on-debian/  , https://www.linkedin.com/pulse/how-utilize-argon2-kdf-configuration-secure-things-know-chung-mba#:~:text=%23Argon2id%20is%20much%20more%20modern,for%20CPU%20and%20RAM%20usage 
 +
 +  * Getestet auf Debian Bookworm / ursprünglich **argon2i** / Stand der Technik (2024-03-11): **argon2id** / erfolgreicher **reboot** :)
 +<code>
 +root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksHeaderBackup /dev/crypted_partition_info  --header-backup-file /tmp/header_backup_crypted_partition_info.img
 +
 +root@mrWhiteGhost:/home/urnilxfgbez# file /tmp/header_backup_crypted_partition_info.img
 +/tmp/header_backup_crypted_partition_info.img: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x9838482c38d968d1..., UUID: 123-123-123, crc 0xff.....
 +
 +root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3
 +LUKS header information
 +Version:        2
 +Epoch:          3
 +Metadata area: 16384 [bytes]
 +Keyslots area: 16744448 [bytes]
 +UUID:          123-123-123
 +Label:          (no label)
 +Subsystem:      (no subsystem)
 +Flags:        (no flags)
 +
 +Data segments:
 +  0: crypt
 + offset: 16777216 [bytes]
 + length: (whole device)
 + cipher: aes-xts-plain64
 + sector: 512 [bytes]
 +
 +Keyslots:
 +  0: luks2
 + Key:        512 bits
 + Priority:   normal
 + Cipher:     aes-xts-plain64
 + Cipher key: 512 bits
 + PBKDF:      argon2i
 + Time cost:  4
 + Memory:     966868
 + Threads:    4
 + AF stripes: 4000
 + AF hash:    sha256
 + Area offset:32768 [bytes]
 + Area length:258048 [bytes]
 + Digest ID:  0
 +Tokens:
 +Digests:
 +  0: pbkdf2
 + Hash:       sha256
 + Iterations: 85780
 +
 +root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksConvertKey /dev/nvme0n1p3 --pbkdf argon2id
 +Enter passphrase for keyslot to be converted: 
 +root@mrWhiteGhost:/home/urnilxfgbez# echo $?
 +0
 +root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3
 +LUKS header information
 +Version:        2
 +Epoch:          5
 +Metadata area: 16384 [bytes]
 +Keyslots area: 16744448 [bytes]
 +UUID:          123-123-123
 +Label:          (no label)
 +Subsystem:      (no subsystem)
 +Flags:        (no flags)
 +
 +Data segments:
 +  0: crypt
 + offset: 16777216 [bytes]
 + length: (whole device)
 + cipher: aes-xts-plain64
 + sector: 512 [bytes]
 +
 +Keyslots:
 +  0: luks2
 + Key:        512 bits
 + Priority:   normal
 + Cipher:     aes-xts-plain64
 + Cipher key: 512 bits
 + PBKDF:      argon2id
 + Time cost:  5
 + Memory:     1048576
 + Threads:    4
 + AF stripes: 4000
 + AF hash:    sha256
 + Area offset:290816 [bytes]
 + Area length:258048 [bytes]
 + Digest ID:  0
 +Tokens:
 +Digests:
 +  0: pbkdf2
 + Hash:       sha256
 + Iterations: 85780
 +
 </code> </code>
 ====== encrypted zip ====== ====== encrypted zip ======
Zeile 2742: Zeile 2867:
 </code> </code>
   * Routing: ** ip route ** {{ :know-how:ip_route_commands.pdf |}} (https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/ip_route_commands.pdf)   * Routing: ** ip route ** {{ :know-how:ip_route_commands.pdf |}} (https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/ip_route_commands.pdf)
 +  * IPV6 enable: ipv6 unicast-routing
 <code> <code>
 ip route ip route
Zeile 2776: Zeile 2902:
 R1(config)# R1(config)#
 </code> </code>
 +
 +===== netstat / Dienste deaktivieren =====
 +  * **Achtung** Quote von Cisco
 +<code>
 +Router# show ip ports all
 +Proto Local Address               Foreign Address             State       PID/Program Name
 +TCB       Local Address               Foreign Address             (state)
 +tcp   :::443                     :::                       LISTEN      309/[IOS]HTTP CORE
 +tcp   *:443                      *:*                         LISTEN      309/[IOS]HTTP CORE
 +udp   *:67                        0.0.0.0:                              387/[IOS]DHCPD Receive
 +Router#
 +
 +IOS versions prior to IOS-XE use the show control-plane host open-ports command. We mention this command because you may see it on older devices. The output is similar. However, notice that this older router has an insecure HTTP server and Telnet running. Both of these services should be disabled. As shown in the example, disable HTTP with the no ip http server global configuration command. Disable Telnet by specifying only SSH in the line configuration command, transport input ssh.
 +
 +Router# show control-plane host open-ports 
 +Active internet connections (servers and established)
 +Prot        Local Address      Foreign Address                  Service    State
 + tcp                 *:23                  *:0                   Telnet   LISTEN
 + tcp                 *:80                  *:0                HTTP CORE   LISTEN
 + udp                 *:67                  *:0            DHCPD Receive   LISTEN
 +Router# configure terminal
 +Router(config)# no ip http server
 +Router(config)# line vty 0 15
 +Router(config-line)# transport input ssh
 +</code>
 +
 +===== show / infos anzeigen =====
 +
 +<code>
 +show running-config
 +To verify the current configuration and settings
 +
 +
 +show interfaces
 +To verify the interface status and see if there are any error messages
 +
 +show ip interface
 +To verify the Layer 3 information of an interface
 +
 +show arp
 +To verify the list of known hosts on the local Ethernet LANs
 +
 +show ip route
 +To verify the Layer 3 routing information
 +
 +show protocols
 +To verify which protocols are operational
 +
 +show version
 +To verify the memory, interfaces, and licences of the device
 +</code>
 +
 ====== sed ====== ====== sed ======
   * Regex Search and Replace alle matches e.g.   * Regex Search and Replace alle matches e.g.
know-how/usefull_commands.1709818113.txt.gz · Zuletzt geändert: 2024/03/07 14:28 von cc