know-how:usefull_commands
Inhaltsverzeichnis
linux swapfile
- Swapfile vergrößern
SWAP Speicher Größe um ~8GB erhöhen / falls SWAP aktuell nicht verwendet wird:
root@cacheserver:~# grep swap /etc/fstab
/swap.img none swap sw 0 0
root@cacheserver:~# swapoff /swap.img
root@cacheserver:~# dd if=/dev/zero of=/swap.img bs=1M count=8072 oflag=append conv=notrunc
8072+0 records in
8072+0 records out
8464105472 bytes (8.5 GB, 7.9 GiB) copied, 31.7752 s, 266 MB/s
root@cacheserver:~# mkswap /swap.img
mkswap: /swap.img: warning: wiping old swap signature.
Setting up swapspace version 1, size = 11.9 GiB (12759068672 bytes)
no label, UUID=a9a362e1-347d-4695-9f02-f18911a61da2
root@cacheserver:~# swapon /swap.img
root@cacheserver:~# free -m
total used free shared buff/cache available
Mem: 7834 733 159 8 6941 6725
Swap: 12167 0 12167
ldmtool
- Windows dynamische Datenträger zB: Software RAID lesen
- zB: Debian Buster
apt-get install ldmtool
vlans taps und bridges
- Getestet auf Debian Buster - in Kombination mit qemu/kvm Virtualisierung
- Ich hab einen virtuellen Gast der diverse VLANs tagged weiter geben soll an die physikalische Netzwerkkarte / In diesem Beispiel setze ich mich ins VLAN 29 mit der bridge selbst damit ich debuggen kann ob die Pakete reinkommen
Debugging Einstellungen für die VLANs:
root@mrGodfather:~# bridge vlan show dev tap144
port vlan ids
tap144 1 PVID Egress Untagged
23
VLAN Funktionalität auf der Bridge aktivieren:
ip link set dev "br-uplink" type bridge vlan_filtering 1
Der Guest selbst auf tap144 befindet sich tagged in vlan 23 - vlan 29 / aus default untagged VLAN 1 rausnehmen
root@mrGodfather:~# bridge vlan del vid 1 pvid 1 dev tap144
root@mrGodfather:~# bridge vlan add vid 23 dev tap144
root@mrGodfather:~# bridge vlan add vid 24 dev tap144
root@mrGodfather:~# bridge vlan add vid 25 dev tap144
root@mrGodfather:~# bridge vlan add vid 26 dev tap144
root@mrGodfather:~# bridge vlan add vid 27 dev tap144
root@mrGodfather:~# bridge vlan add vid 28 dev tap144
root@mrGodfather:~# bridge vlan add vid 29 dev tap144
Die Bridge selbst untagged ins VLAN 29 einbinden und aus Default VLAN 1 rausnehmen:
root@mrGodfather:~# bridge vlan del dev br-uplink vid 1 self
root@mrGodfather:~# bridge vlan add dev br-uplink vid 29 pvid untagged self
root@mrGodfather:~# ip addr add 192.168.29.10/24 brd + dev br-uplink
Physische Bridge Config interface enp1s0f4u4 :
auto br-uplink
iface br-uplink inet manual
bridge_ports enp1s0f4u4
bridge_fs 0
bridge_stp off
bridge_maxwait 0
up bridge vlan del vid 1 pvid 1 dev enp1s0f4u4
up bridge vlan add vid 23 dev enp1s0f4u4
up bridge vlan add vid 24 dev enp1s0f4u4
up bridge vlan add vid 25 dev enp1s0f4u4
up bridge vlan add vid 26 dev enp1s0f4u4
up bridge vlan add vid 27 dev enp1s0f4u4
up bridge vlan add vid 28 dev enp1s0f4u4
up bridge vlan add vid 29 dev enp1s0f4u4
- Bridges ausschließlich mit iproute2 (thanks https://unix.stackexchange.com/a/255489)
ip link add name br0 type bridge ip link set dev br0 up ip link set dev lan0 master br0 ip link set dev lan1 master br0 #remove interface from bridge ip link set dev lan0 nomaster #remove bridge ip link del br0
bonding
- Debian Buster working LACP
..
auto bond0
#prepare bond interfaces
iface eth0 inet manual
iface eth1 inet manual
iface bond0 inet manual
slaves eth0 eth1
bond_mode 802.3ad
...
- Debug: /proc/net/bonding/bond0 / mit Zyxel GS-1900 - 24 Port Desktop LACP
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: mac
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 2
Actor Key: 9
Partner Key: 1000
Partner Mac Address: mac
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: mac
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: mac
port key: 9
port priority: 255
port number: 1
port state: 61
details partner lacp pdu:
system priority: 65535
system mac address: mac
oper key: 1000
port priority: 1
port number: 23
port state: 61
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: mac
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: mac
port key: 9
port priority: 255
port number: 2
port state: 61
details partner lacp pdu:
system priority: 65535
system mac address: mac
oper key: 1000
port priority: 1
port number: 24
port state: 61
vlans
- vconfig ist obsolete
- BSP: Tagged VLAN40 interface hinzufügen (Schöne neue NIC Namen , leicht zu merken in Gegensatz zu eth0,eth1,eth2 usw.. - in diesem Fall - enx00e04c365a05 :)
ip link add link enx00e04c365a05 name vlan40 type vlan id 40
- /etc/network/interfaces zB: VLAN 10 / tagged / auf NIC eth1
- vlan-raw-device obsolete
- Getestet auf Ubuntu 18.04
...
#MANAGEMENT
auto eth1.10
iface eth1.10 inet static
address 172.23.10.1
netmask 255.255.255.0
..
- VLAN 10 in Action:
root@firewall:~# ifup eth1.10
root@firewall:~# ip addr ls eth1.10
10: eth1.10@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:15:5d:3e:7e:10 brd ff:ff:ff:ff:ff:ff
inet 172.23.10.1/24 brd 172.23.10.255 scope global eth1.10
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe3e:7e10/64 scope link
valid_lft forever preferred_lft forever
root@firewall:~# cat /proc/net/vlan/eth1.10
eth1.10 VID: 10 REORDER_HDR: 1 dev->priv_flags: 1021
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0
total frames transmitted 7
total bytes transmitted 586
Device: eth1
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
parted
- Partition zur Laufzeit vergrößern und Dateisystem anpassen / zuerst das jeweilige Block Device verändern am Beispiel virtio Festplatte / Partitionsgröße bleibt gleich :(
- getestet mit parted 3.3 und Linux Mint 20
- parted /dev/device → print → resizepart PARTITION_NR → 100%
- Nach diesem Schritt kann zb mit resize2fs die Größe des Dateisystems angepasst werden
partprobe
- Auf KVM Hostmaschine Partition Table erneut einlesen: partprobe
root@mrGodfather:/etc/kvm# fdisk /dev/mapper/storage-guest--mrgatekeeper--root
Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xee6b3e38.
Command (m for help): p
Disk /dev/mapper/storage-guest--mrgatekeeper--root: 128 GiB, 137438953472 bytes, 268435456 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xee6b3e38
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-268435455, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-268435455, default 268435455):
Created a new partition 1 of type 'Linux' and of size 128 GiB.
Command (m for help): w
The partition table has been altered.
Failed to add partition 1 to system: Invalid argument
The kernel still uses the old partitions. The new table will be used at the next reboot.
Syncing disks.
root@mrGodfather:/etc/kvm# apt-get install parted
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libparted2
Suggested packages:
libparted-dev libparted-i18n parted-doc
The following NEW packages will be installed:
libparted2 parted
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 473 kB of archives.
After this operation, 809 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.at.debian.org/debian buster/main amd64 libparted2 amd64 3.2-25 [277 kB]
Get:2 http://ftp.at.debian.org/debian buster/main amd64 parted amd64 3.2-25 [196 kB]
Fetched 473 kB in 1s (655 kB/s)
Selecting previously unselected package libparted2:amd64.
(Reading database ... 33934 files and directories currently installed.)
Preparing to unpack .../libparted2_3.2-25_amd64.deb ...
Unpacking libparted2:amd64 (3.2-25) ...
Selecting previously unselected package parted.
Preparing to unpack .../parted_3.2-25_amd64.deb ...
Unpacking parted (3.2-25) ...
Setting up libparted2:amd64 (3.2-25) ...
Setting up parted (3.2-25) ...
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for man-db (2.8.5-2) ...
root@mrGodfather:/etc/kvm# partprobe /dev/mapper/storage-guest--mrgatekeeper--root
root@mrGodfather:/etc/kvm# lsblk | grep -i mrgatekeeper
└─storage-guest--mrgatekeeper--root 253:20 0 128G 0 lvm
└─storage-guest--mrgatekeeper--root1 253:21 0 128G 0 part
prips - IPs expandieren
- CIDR IP Notationen expandieren
urnilxfgbez@mrChief:~$ prips 192.168.0.0/30 192.168.0.0 192.168.0.1 192.168.0.2 192.168.0.3
- Alternative zum Expandieren von IP Ranges:
22 Use a format: $ seq -f "10.20.30.%g" 40 50 10.20.30.40 10.20.30.41 10.20.30.42 10.20.30.43 10.20.30.44 10.20.30.45 10.20.30.46 10.20.30.47 10.20.30.48 10.20.30.49 10.20.30.50 Unfortunately this is non-obvious as GNU doesn't like to write man pages.
world of powershell
- Infos über properties und Funktionen eines Objekts (https://www.codykonior.com/2013/03/26/powershell-how-to-show-all-of-an-objects-properties-and-values/)
$currentObject | Get-Member
- Hilfe für Funktion
help Funktionsname
Help Funktionsname -example
- foreach Schleife - Durchiterieren von Ergebnissen (https://www.powershelladmin.com/wiki/PowerShell_foreach_loops_and_ForEach-Object#The_foreach_Keyword)
foreach ( $currentObject in Function_that_returns_multiple_results )
{
$currentObject.Property
}
String="vorname.nachname@domain"
String.split("@")[0] -> vorname.nachname
- Datei nicht vorhanden & Datei vorhanden (ohne -Not ())
$checkFile="C:\foo.txt"
if (-NOT (Test-Path $checkFile))
{
}
- Modul nicht gefunden zB: ExchangeOnlineManagement
- Install-Module -Name ExchangeOnlineManagement -RequiredVersion 1.0.1
PS C:\WINDOWS\system32> Install-Module -Name ExchangeOnlineManagement -RequiredVersion 1.0.1 Der NuGet-Anbieter ist erforderlich, um den Vorgang fortzusetzen. PowerShellGet erfordert die NuGet-Anbieterversion 2.8.5.201 oder höher für die Interaktion mit NuGet-basierten Repositorys. Der NuGet-Anbieter muss in "C:\Program Files\PackageManagement\ProviderAssemblies" oder "C:\Users\christian.czeczil\AppData\Local\PackageManagement\ProviderAssemblies" verfügbar sein. Sie können den NuGet-Anbieter auch durch Ausführen von 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force' installieren. Möchten Sie den NuGet-Anbieter jetzt durch PowerShellGet installieren und importieren lassen? [J] Ja [N] Nein [H] Anhalten [?] Hilfe (Standard ist "J"): j Nicht vertrauenswürdiges Repository Sie installieren die Module aus einem nicht vertrauenswürdigen Repository. Wenn Sie diesem Repository vertrauen, ändern Sie dessen InstallationPolicy-Wert, indem Sie das Set-PSRepository-Cmdlet ausführen. Möchten Sie die Module von 'PSGallery' wirklich installieren? [J] Ja [A] Ja, alle [N] Nein [K] Nein, keine [H] Anhalten [?] Hilfe (Standard ist "N"): J
- Achtung Powershell benutzt offenbar standardmäßig TLS1.0 - wird als obsolete betrachtet, undefinierbare Fehlermeldungen sind die Folge beim Versuch ein Modul zu installieren - kann Ziel nicht erreichen …
PS C:\Windows\system32> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 PS C:\Windows\system32> Install-Module -Name ExchangeOnlineManagement Der NuGet-Anbieter ist erforderlich, um den Vorgang fortzusetzen. PowerShellGet erfordert die NuGet-Anbieterversion 2.8.5.201 oder höher für die Interaktion mit NuGet-basierten Repositorys. Der NuGet-Anbieter muss in "C:\Program Files\PackageManagement\ProviderAssemblies" oder "C:\Users\christian.czeczil\AppData\Local\PackageManagement\ProviderAssemblies" verfügbar sein. Sie können den NuGet-Anbieter auch durch Ausführen von 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force' installieren. Möchten Sie den NuGet-Anbieter jetzt durch PowerShellGet installieren und importieren lassen? [J] Ja [N] Nein [H] Anhalten [?] Hilfe (Standard ist "J"): j Nicht vertrauenswürdiges Repository Sie installieren die Module aus einem nicht vertrauenswürdigen Repository. Wenn Sie diesem Repository vertrauen, ändern Sie dessen InstallationPolicy-Wert, indem Sie das Set-PSRepository-Cmdlet ausführen. Möchten Sie die Module von 'PSGallery' wirklich installieren? [J] Ja [A] Ja, alle [N] Nein [K] Nein, keine [H] Anhalten [?] Hilfe (Standard ist "N"): j
- Ausführungsverzeichnis bei powershell Start zB: Laufwerk Z:
powershell.exe -NoExit -command "& {Set-Location Z:\}"
- Netzwerk Interface „Trust“ Level ändern / wenn zB: MAC des Gateways sich ändert
Get-NetConnectionProfile -> IndexNr des NW Interfaces Set-NetConnectionProfile -InterfaceIndex IndexNr -NetworkCategory [Private|Public]
syslinux pxe menu password creation
- sha512 -6 Hash inklusive SALT
openssl passwd -6 -salt 389asdkfj349 mypassword
awk - sum
grep and cut play | awk '{sum += $1} END {print sum}'
busybox - kill telnetd
#!/bin/bash
echo -e "IP1\nIP2\nIP3" | while read line ; do ( echo "pid_telnet=\$(ps | grep -i telnetd | head -n 1 | awk '{ print \$1 }') ; kill -9 \$pid_telnet" ; sleep 1; ) | telnet $line ; done
specific line from file
- 4th line from file
sed : $>sed -n 4p file.txt head : head -n 4 foo | tail -n 1
random line from file
- single random entry from file
shuf -n 1 filename
log journal systemd
- Journal Log in die Schranken weisen
journalctl --vacuum-size=100M
runlevel systemd
- „Targets“ keine „runlevel“ mehr
# systemctl get-default multi-user.target # systemctl set-default graphical.target Removed /etc/systemd/system/default.target. Created symlink /etc/systemd/system/default.target → /lib/systemd/system/graphical.target.
Get current targets
The following should be used under systemd instead of running runlevel:
$ systemctl list-units --type=target
Create custom target
The runlevels that held a defined meaning under sysvinit (i.e., 0, 1, 3, 5, and 6); have a 1:1 mapping with a specific systemd target. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd target as /etc/systemd/system/your target that takes one of the existing runlevels as a base (you can look at /usr/lib/systemd/system/graphical.target as an example), make a directory /etc/systemd/system/your target.wants, and then symlink the additional services from /usr/lib/systemd/system/ that you wish to enable.
Mapping between SysV runlevels and systemd targets
SysV Runlevel systemd Target Notes
0 runlevel0.target, poweroff.target Halt the system.
1, s, single runlevel1.target, rescue.target Single user mode.
2, 4 runlevel2.target, runlevel4.target, multi-user.target User-defined/Site-specific runlevels. By default, identical to 3.
3 runlevel3.target, multi-user.target Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
5 runlevel5.target, graphical.target Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
6 runlevel6.target, reboot.target Reboot
emergency emergency.target Emergency shell
Change current target
In systemd targets are exposed via target units. You can change them like this:
# systemctl isolate graphical.target
This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as telinit 3 or telinit 5 in Sysvinit.
Change default target to boot into
The standard target is default.target, which is a symlink to graphical.target. This roughly corresponds to the old runlevel 5.
To verify the current target with systemctl:
$ systemctl get-default
To change the default target to boot into, change the default.target symlink. With systemctl:
# systemctl set-default multi-user.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target -> /usr/lib/systemd/system/multi-user.target.
Alternatively, append one of the following kernel parameters to your bootloader:
systemd.unit=multi-user.target (which roughly corresponds to the old runlevel 3),
systemd.unit=rescue.target (which roughly corresponds to the old runlevel 1).
Default target order
Systemd chooses the default.target according to the following order:
Kernel parameter shown above
Symlink of /etc/systemd/system/default.target
Symlink of /usr/lib/systemd/system/default.target
systemd components
memtester check ram
Type the command "memtester 100 5" to test the memory. Replace "100" with the size, in megabytes, of the RAM installed on the computer. Replace "5" with the number of times you want to run the test. Type the command "echo $?" to show the exit code when you see a command prompt again. If the output is "0" the memory is working properly. The other possible outcomes are:
chromium
- proxy spezifizieren zB: chromium –proxy-server=localhost:3000
ssh
- Es konnte keine gemeinsame Krypto gefunden werden / Krypto manuell angeben:
zB: ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@target ssh -oHostKeyAlgorithms=+diffie-hellman-group1-sha1 user@target Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-dss ssh -oHostKeyAlgorithms=+ssh-dss user@target legacy key types verwenden urnilxfgbez@mrWhiteGhost:~$ ssh -oHostKeyAlgorithms=+ssh-rsa -o pubKeyAcceptedKeyTypes=+ssh-rsa root@IP -v
- Aus RSA Private PEM Key Public Key exportieren - im OpenSSH kompatiblen Format
ssh-keygen -f private_key -y > /tmp/pub
- SSH Port Forwarding in den Hintergrund legen und über Socket kontrollieren
Socket erstellen / Verbindung erstellen : ssh -M -S /tmp/connection-backup-database.sock -fNT -LLOCAL_FORWARDING_PORT:HOSTNAME:REMOTE_PORT USERNAME@SERVER Verbindung überprüfen: ssh -S /tmp/connection-backup-database.sock -O check USERNAME@SERVER Socket schließen / Verbindung beenden: ssh -S /tmp/connection-backup-database.sock -O exit USERNAME@SERVER
dpkg / extract package files / ubuntu / debian
- dpkg-deb -xv xtables-addons-common_3.8-2_amd64.deb /tmp/
- Achtung auf aktuellen User achten und auf das Verzeichnis zum Auspacken
apt / dpkg / debian / ubuntu based gpg trust add
- wget quiet output to stdout | apt-key add gpg key from stdin
- e.g. kali Repository (rolling release)
wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add -
- apt-key is deprecated - direkter Quota aus den man pages zu apt-key (Debian 12):
If your existing use of apt-key add looks like this:
wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -
Then you can directly replace this with (though note the recommendation
below):
wget -qO- https://myrepo.example/myrepo.asc | sudo tee
/etc/apt/trusted.gpg.d/myrepo.asc
Make sure to use the "asc" extension for ASCII armored keys and the
"gpg" extension for the binary OpenPGP format (also known as "GPG key
public ring"). The binary OpenPGP format works for all apt versions,
while the ASCII armored format works for apt version >= 1.4.
checkrestart for restarting necessary Services after update
- check for apt-get install debian-goodies (contains checkrestart)
checkrestart | grep -i service | while read foo ; do $foo && echo "$foo successfully restarted" ; done
- /etc/apt/apt.conf.d/99check-restart
DPkg::Post-Invoke {"/usr/local/sbin/restartAfterUpgrade.sh";};
- /usr/local/sbin/restartAfterUpgrade.sh
#!/bin/bash
which checkrestart >/dev/null || exit 2
while read line ;
do
echo "Restart: $line"
$line || echo "Cannot restart service: $line" ;
done < <(checkrestart | grep -P "^(service[ ]{1}[a-z,A-Z,\-,0-9,\.]{1,}[ ]{1}restart)|(systemctl[ ]{1}restart[ ]{1}[a-z,A-Z,\-,0-9,@]{1,}\.service)" )
exit 0
APT-GET
- Fehler zB: Kali trying to overwrite '/usr/bin/f2py', which is also in package python-numpy 1:1.16.5-5
dpkg -i --force-overwrite /var/cache/apt/archives/python3-numpy_1%3a1.24.2-1_amd64.deb apt-get --fix-broken install
- Depends on the names of the repositories should work under debian and ubuntu / security upgrades check
apt-get --dry-run dist-upgrade | grep -i security
- Install only security Updates limit Repositories to „security“
https://www.eidenschink.eu/2014/04/install-security-patches-command-line-debian-ubuntu.html The trick is then to pass apt-get an option to read the sources from the created file like this: apt-get upgrade -oDir::Etc::SourceList=/etc/apt/security.sources.list
- Download ONLY not actual installing
apt-get --download-only dist-upgrade
- Do not install recommended packages permanently
- /etc/apt/apt.conf.d/30NoRecommends
APT::Install-Recommends "0"; APT::Install-Suggests "0";
- Priorities and Policies
Ok 2 Versionen verfügbar "78.15.0esr-1~deb11u1" "91.9.0esr-1~deb11u1"
root@mrWhiteGhost:/home/urnilxfgbez# apt-cache show firefox-esr
Package: firefox-esr
Version: 91.9.0esr-1~deb11u1
Installed-Size: 213011
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Architecture: amd64
Provides: gnome-www-browser, www-browser
Depends: libatk1.0-0 (>= 1.12.4), libc6 (>= 2.30), libcairo-gobject2 (>= 1.10.0), libcairo2 (>= 1.10.0), libdbus-1-3 (>= 1.9.14), libdbus-glib-1-2 (>= 0.78), libevent-2.1-7 (>= 2.1.8-stable), libffi7 (>= 3.3~20180313), libfontconfig1 (>= 2.12.6), libfreetype6 (>= 2.10.1), libgcc-s1 (>= 4.0), libgdk-pixbuf-2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.37.3), libgtk-3-0 (>= 3.9.14), libpango-1.0-0 (>= 1.14.0), libstdc++6 (>= 9), libvpx6 (>= 1.8.0), libx11-6, libx11-xcb1 (>= 2:1.7.2), libxcb-shm0, libxcb1, libxcomposite1 (>= 1:0.4.5), libxdamage1 (>= 1:1.1), libxext6, libxfixes3, libxrender1, zlib1g (>= 1:1.2.11.dfsg), fontconfig, procps, debianutils (>= 1.16)
Suggests: fonts-stix | otf-stix, fonts-lmodern, libgssapi-krb5-2 | libkrb53, libcanberra0, pulseaudio
Breaks: xul-ext-torbutton
Description-en: Mozilla Firefox web browser - Extended Support Release (ESR)
Firefox ESR is a powerful, extensible web browser with support for modern
web application technologies.
Description-md5: 88ee196fd829d9218a763b4d498a6f6a
Recommends: libavcodec58 | libavcodec-extra58 | libavcodec57 | libavcodec-extra57 | libavcodec56 | libavcodec-extra56 | libavcodec55 | libavcodec-extra55 | libavcodec54 | libavcodec-extra54 | libavcodec53 | libavcodec-extra53
Section: web
Priority: optional
Filename: pool/updates/main/f/firefox-esr/firefox-esr_91.9.0esr-1~deb11u1_amd64.deb
Size: 58682224
SHA256: dd75e58b28372989464d88de2f924a83038c89d6db6a67deddc038ce1ffd8c67
Package: firefox-esr
Version: 78.15.0esr-1~deb11u1
Installed-Size: 200097
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Architecture: amd64
Provides: gnome-www-browser, www-browser
Depends: libatk1.0-0 (>= 1.12.4), libc6 (>= 2.29), libcairo-gobject2 (>= 1.10.0), libcairo2 (>= 1.10.0), libdbus-1-3 (>= 1.9.14), libdbus-glib-1-2 (>= 0.78), libevent-2.1-7 (>= 2.1.8-stable), libffi7 (>= 3.3~20180313), libfontconfig1 (>= 2.12.6), libfreetype6 (>= 2.10.1), libgcc-s1 (>= 4.0), libgdk-pixbuf-2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.31.8), libgtk-3-0 (>= 3.0.0), libnspr4 (>= 2:4.25~), libnss3 (>= 2:3.53.1~), libpango-1.0-0 (>= 1.14.0), libstdc++6 (>= 9), libvpx6 (>= 1.8.0), libx11-6, libx11-xcb1 (>= 2:1.7.2), libxcb-shm0, libxcb1, libxcomposite1 (>= 1:0.4.5), libxdamage1 (>= 1:1.1), libxext6, libxfixes3, libxrender1, zlib1g (>= 1:1.2.11.dfsg), fontconfig, procps, debianutils (>= 1.16)
Recommends: libavcodec58 | libavcodec-extra58 | libavcodec57 | libavcodec-extra57 | libavcodec56 | libavcodec-extra56 | libavcodec55 | libavcodec-extra55 | libavcodec54 | libavcodec-extra54 | libavcodec53 | libavcodec-extra53
Suggests: fonts-stix | otf-stix, fonts-lmodern, libgssapi-krb5-2 | libkrb53, libcanberra0, libgtk2.0-0, pulseaudio
Breaks: xul-ext-torbutton
Description-en: Mozilla Firefox web browser - Extended Support Release (ESR)
Firefox ESR is a powerful, extensible web browser with support for modern
web application technologies.
Description-md5: 88ee196fd829d9218a763b4d498a6f6a
Tag: implemented-in::c++, interface::graphical, interface::x11,
network::client, privacy::non-free-addons, privacy::non-free-service,
protocol::ftp, protocol::http, role::program, scope::application,
suite::mozilla, uitoolkit::gtk, use::browsing, web::browser,
works-with-format::html, x11::application
Section: web
Priority: optional
Filename: pool/main/f/firefox-esr/firefox-esr_78.15.0esr-1~deb11u1_amd64.deb
Size: 55451188
MD5sum: bf0c8f1cdccb3c5fa3fb2e35e420c3b3
SHA256: d4e25277f10a22dd118f86994b2b787d232b1e1eb60416b2a1bc3e5cfac235cc
OK offenbar installiert er nicht die "91.9.0esr-1~deb11u1" sondern bleibt bei "78.15.0esr-1~deb11u1"
root@mrWhiteGhost:/home/urnilxfgbez# apt-get install firefox-esr=91.9.0esr-1~deb11u1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
fonts-stix | otf-stix fonts-lmodern
The following packages will be upgraded:
firefox-esr
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 58.7 MB of archives.
After this operation, 13.2 MB of additional disk space will be used.
Get:1 http://security.debian.org/debian-security bullseye-security/main amd64 firefox-esr amd64 91.9.0esr-1~deb11u1 [58.7 MB]
16% [1 firefox-esr 11.7 MB/58.7 MB 20%]^C
root@mrWhiteGhost:/home/urnilxfgbez# less /etc/apt/preferences.d/priorities
root@mrWhiteGhost:/home/urnilxfgbez# less /etc/apt/preferences.d/priorities
root@mrWhiteGhost:/home/urnilxfgbez# cat /etc/apt/apt.conf.d/
cat: /etc/apt/apt.conf.d/: Is a directory
OK schauen wir mal die die Priorities der Repositories gewichtet sind bzw. welche Policy ist aktiv - Version "78.15.0esr-1~deb11u1" mit Priorität "750" gewichtiger als "500" - FAIL
root@mrWhiteGhost:/home/urnilxfgbez# apt-cache policy firefox-esr
firefox-esr:
Installed: 78.15.0esr-1~deb11u1
Candidate: 78.15.0esr-1~deb11u1
Version table:
91.9.0esr-1~deb11u1 500
500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages
*** 78.15.0esr-1~deb11u1 750
750 http://ftp.de.debian.org/debian bullseye/main amd64 Packages
100 /var/lib/dpkg/status
root@mrWhiteGhost:/home/urnilxfgbez# vim /etc/apt/preferences.d/priorities
root@mrWhiteGhost:/home/urnilxfgbez# apt-get update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://deb.debian.org/debian bullseye-backports InRelease
Hit:3 http://ftp.de.debian.org/debian bullseye InRelease
Hit:4 http://download.virtualbox.org/virtualbox/debian bullseye InRelease
Hit:5 http://ftp.de.debian.org/debian bullseye-updates InRelease
Hit:6 https://updates.signal.org/desktop/apt xenial InRelease
Hit:7 http://dl.google.com/linux/chrome/deb stable InRelease
Ign:8 http://repo.vivaldi.com/stable/deb stable InRelease
Hit:9 http://repo.vivaldi.com/stable/deb stable Release
Hit:10 https://packages.microsoft.com/repos/ms-teams stable InRelease
Reading package lists... Done
root@mrWhiteGhost:/home/urnilxfgbez# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
chromium chromium-common chromium-sandbox linux-headers-amd64
linux-image-amd64
The following packages will be upgraded:
ffmpeg firefox-esr gzip libavcodec58 libavcodec58:i386 libavdevice58
libavfilter7 libavformat58 libavresample4 libavresample4:i386 libavutil56
libavutil56:i386 libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386
libpostproc55 libpq5 libssl1.1 libssl1.1:i386 libsvn1 libswresample3
libswresample3:i386 libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37
libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1
libxengnttab1 libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1
libxentoollog1 linux-compiler-gcc-10-x86 linux-kbuild-5.10 openjdk-11-jre
openjdk-11-jre-headless openssl qemu qemu-system-common qemu-system-data
qemu-system-gui qemu-system-x86 qemu-utils thunderbird tzdata xz-utils
zlib1g zlib1g:i386
52 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 203 MB of archives.
After this operation, 47.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
OK Anpassen der Priorities / Security Repo hat Default 500 / Offenbar wurden aus historischen Gründen Anpassungen der Priorities durchgeführt - da auch testing und unstable installiert wurde
root@mrWhiteGhost:/home/urnilxfgbez# vim /etc/apt/preferences.d/priorities
Package: *
Pin: release a=stable
Pin-Priority: 450
Package: *
Pin: release a=testing
Pin-Priority: 50
Package: *
Pin: release a=unstable
Pin-Priority: 50
root@mrWhiteGhost:/home/urnilxfgbez# apt-get update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://deb.debian.org/debian bullseye-backports InRelease
Hit:3 http://download.virtualbox.org/virtualbox/debian bullseye InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 https://updates.signal.org/desktop/apt xenial InRelease
Hit:6 http://ftp.de.debian.org/debian bullseye InRelease
Hit:7 http://ftp.de.debian.org/debian bullseye-updates InRelease
Ign:8 http://repo.vivaldi.com/stable/deb stable InRelease
Hit:9 http://repo.vivaldi.com/stable/deb stable Release
Hit:10 https://packages.microsoft.com/repos/ms-teams stable InRelease
Reading package lists... Done
root@mrWhiteGhost:/home/urnilxfgbez# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
chromium chromium-common chromium-sandbox linux-headers-amd64
linux-image-amd64
The following packages will be upgraded:
ffmpeg firefox-esr gzip libavcodec58 libavcodec58:i386 libavdevice58
libavfilter7 libavformat58 libavresample4 libavresample4:i386 libavutil56
libavutil56:i386 libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386
libpostproc55 libpq5 libssl1.1 libssl1.1:i386 libsvn1 libswresample3
libswresample3:i386 libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37
libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1
libxengnttab1 libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1
libxentoollog1 linux-compiler-gcc-10-x86 linux-kbuild-5.10 openjdk-11-jre
openjdk-11-jre-headless openssl qemu qemu-system-common qemu-system-data
qemu-system-gui qemu-system-x86 qemu-utils thunderbird tzdata xz-utils
zlib1g zlib1g:i386
52 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 203 MB of archives.
After this operation, 47.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
root@mrWhiteGhost:/home/urnilxfgbez# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
linux-headers-5.10.0-14-amd64 linux-headers-5.10.0-14-common
linux-image-5.10.0-14-amd64 sse3-support
The following packages will be upgraded:
chromium chromium-common chromium-sandbox ffmpeg firefox-esr gzip
libavcodec58 libavcodec58:i386 libavdevice58 libavfilter7 libavformat58
libavresample4 libavresample4:i386 libavutil56 libavutil56:i386
libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386 libpostproc55 libpq5
libssl1.1 libssl1.1:i386 libsvn1 libswresample3 libswresample3:i386
libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37 libxencall1
libxendevicemodel1 libxenevtchn1 libxenforeignmemory1 libxengnttab1
libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1 libxentoollog1
linux-compiler-gcc-10-x86 linux-headers-amd64 linux-image-amd64
linux-kbuild-5.10 openjdk-11-jre openjdk-11-jre-headless openssl qemu
qemu-system-common qemu-system-data qemu-system-gui qemu-system-x86
qemu-utils thunderbird tzdata xz-utils zlib1g zlib1g:i386
57 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 335 MB of archives.
After this operation, 426 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
Device wipe + ETA
# cat /dev/zero | pv > /dev/sdb 4.83GiB 0:00:18 [ 156MiB/s] [> ] 0% ETA 1:55:23>
DNS capture
tshark -f "udp port 53" -Y "(dns.qry.type == 1 or dns.qry.type==28) and dns.flags.response == 0"
insert line prefix
# If you want to edit the file in-place sed -i -e 's/^/prefix/' file
Parse Squid time Format
perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e' < squid.log >squid.log.time
Files from the last 7 days
find PATH -type f -ctime -7
Modified files from the last minute
- Alternative wenn inotify nicht angwandt werden kann oder watchmen / systemd changed Files logik
- e.g. alle geänderten files unter /mnt/storage/external
find /mnt/storage/external/ -type f -mmin -1
mail testmail
mail -a "From: <tester@test.com>" RECIPIENT_MAIL
Mutt
read Mailbox: mutt -R -f /var/spool/mail/mailbackup/ send Mails: echo "This is the message body" | mutt -a "/path/to/file.to.attach" -s "subject of message" -- recipient@domain.com Mutt Bounce mails to: l limit messages to ~f (from) regex http://perlcode.org/tutorials/mail/mutt-bounce.txt Mutt Search : / b - bounce message under cursor t - tag message under cursor ;b - bounce tagged messages ;d - delete tagged messages
Proxy check URL w3m
http_proxy="http://IP:PORT" w3m http://URL
Vim
- show non visible characters
:set list
- Disable auto mouse detection „i want to copy & paste like i used to“ (Debian 9)
vim /usr/share/vim/vim80/defaults.vim +69
" In many terminal emulators the mouse works just fine. By enabling it you
" can position the cursor, Visually select and scroll with the mouse.
" if has('mouse')
" set mouse=a
" endif
- Delete everything below line:
The delete ex command will work nicely. :+,$d
ip addr flush
root@mrWhiteGhost:/home/urnilxfgbez# ip addr add 192.168.1.1/24 brd - dev enp1s0
root@mrWhiteGhost:/home/urnilxfgbez# ip addr ls enp1s0
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether b0:5c:da:29:85:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.0 scope global enp1s0
valid_lft forever preferred_lft forever
root@mrWhiteGhost:/home/urnilxfgbez# ip addr flush dev enp1s0
root@mrWhiteGhost:/home/urnilxfgbez# ip addr ls enp1s0
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether b0:5c:da:29:85:1e brd ff:ff:ff:ff:ff:ff
ip add route/ip
- IPv4:
Example: 192.168.24.0/24 ip route add 192.168.24.0/24 dev eth1 via 192.168.23.13 IP-add/remove: /sbin/ip addr add 10.1.1.1/24 brd + dev bond0 /sbin/ip addr del 10.1.1.1/24 dev bond0
- IPv6:
ip -6 addr add 2001:db8:acad:2::3/64 dev enp1s0 ip -6 route add default via 2001:db8:acad:2::1
git basics
-git status -git diff Commit all changes GIT_AUTHOR_NAME=cc GIT_AUTHOR_EMAIL=MAIL git commit -a Single File: GIT_AUTHOR_NAME=cc GIT_AUTHOR_EMAIL=MAIL git commit PATH_TO_FILE
Command timeouts
timeout 20s
Check latency with hping3
hping3 -p 80 -c 2 -S www.google.ca
Bind dynmaic zones
server:/etc/bind/zones# rndc freeze zone server:/etc/bind/zones# vim zone server:/etc/bind/zones# rndc thaw zone
MySQL u. mariadb
- Datenbank anlegen und bestimmten User für die Datenbank:
MariaDB [(none)]> create database db_name; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> CREATE USER 'userdb'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON `db_name`.* TO 'userdb'@'localhost'; Query OK, 0 rows affected (0.001 sec)
- Diverses:
Repair MYISAM database:
myisamchk --silent --force --fast --update-state --key_buffer_size=64M --sort_buffer_size=64M --read_buffer_size=1M --write_buffer_size=1M /path/to/datadir/*/*.MYI
Easy safe repair:
myisamchk -r -q tbl_name
Change database password for User:
mysql> update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='USER';
Solve umlaut troubles mysql:
http://blog.koehntopp.de/archives/3189-FAQ-Mein-mysqldump-zerstoert-meine-Umlaute.html
Grant ACCESS:
GRANT ALL PRIVILEGES ON `testuser\_%` . * TO 'testuser'@'localhost';
MySQL Revoke u. Grant:
mysql> revoke Trigger ON *.* from 'testdb'@'%';
Query OK, 0 rows affected (0.43 sec)
mysql> GRANT Trigger ON testdb.* to 'project'@'%';
Query OK, 0 rows affected (0.16 sec)
Tablenames case insensitive:
This depends on lower_case_table_names system variable in mysql.
Code:
mysql> SHOW GLOBAL VARIABLES LIKE 'lower_case_table_names';
If set to 0, table names are stored as specified and comparisons are case sensitive. If set to 1, table names are stored in lowercase on disk and comparisons are not case sensitive. If set to 2, table names are stored as given but compared in lowercase.
The default value is 0 on unix, 1 on windows and 2 on mac.
You can change this by specifying the option while starting mysqld (--lower-case-table-names=2 )
Change data type from column:
ALTER TABLE <table_name> MODIFY <col_name> VARCHAR(65536)
Get processlist:
database information_schema -> table processlist
If you use MySQL 5.1.7 or newer, you can use the PROCESSLIST table in the INFORMATION_SCHEMA. So you can query it with ordinary SELECT queries and apply filtering conditions in a WHERE clause.
This feature is not implemented in MySQL 5.0 and prior.
MySQL one line kill if TIME > xx
for count in $(echo "use information_schema; select ID from processlist where TIME>0" | mysql --skip-column-names ); do echo "kill $count" | mysql; done
MySQL one line kill old:
for count in $(echo "show processlist" | mysql | awk '{ print $1 }'); do echo "kill $count" | mysql; done
MySQL determine database type:
http://stackoverflow.com/questions/1638070/how-can-i-determine-type-of-mysql-database-whether-it-is-innodb-or-myisam
show table status
- mariadb consistent File Backup - damit später zB: über rsnapshot gebackupped werden kann von /var/lib/backup/mysql
apt-get install mariadb-backup # cat backup-database PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin SHELL=/bin/bash 30 1 * * * root ( TMP_DIRECTORY=$(mktemp -d) && chmod 700 $TMP_DIRECTORY && mariabackup --backup --target-dir=$TMP_DIRECTORY --user=root &> $TMP_DIRECTORY/logging.txt && rm -rf /var/lib/backup/mysql/* && mv $TMP_DIRECTORY/* /var/lib/backup/mysql/ && rm -rf $TMP_DIRECTORY ) || echo "FAIL mariadb backup from $TMP_DIRECTORY to /var/lib/backup/mysql"
- Backup und Restore von Databank - ohne Daten
Backup: mysqldump --no-data DATABASE > /tmp/database-structure.sql Restore: MariaDB [(none)]> create database DATABASE; mysql DATABASE < /tmp/database.sql
Overcome ARG_MAX limit
find . -name '*.???.gz' -print0 | xargs -0 rm -f
OpenSSL
Create rsa key: openssl genrsa -out privkey.pem 2048 Create CSR: openssl req -new -key privkey.pem -out cert.csr Read CSR: openssl req -in FILE.csr -text -noout Create Key and CSR: openssl req -new -newkey rsa:2048 -nodes -keyout FILENAME.key -out FILENAME.csr Public Key encryption openssl rsautl -certin -encrypt -inkey publickey.pem -in foho -out encrypted.txt SELF signed all in one: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -sha512 pkcs12 create: openssl pkcs12 -export -in name-cert.pem -inkey private/name-key.pem -certfile cacert.pem -name "[friendly name]" -out name-cert.p12 CA Zertfifikat neu auststellen mit sha256 - Achtung Zeit muss auf die Minute genau stimmen/Serial muss auch stimmen : openssl x509 -in ca.crt -CA ca-kombo.crt -set_serial 0xBB0844165013F013 -CAkey ca.key -out ca-new -days 7200 -sha256 Überprüfen ob Zertifikat von bestimmter CA ausgestellt wurde: $ openssl verify -verbose -CAfile cacert.pem server.crt server.crt: OK Überprüfen ob CRL von bestimmter CA unterschrieben wurde und ok ist: openssl crl -verify -CAfile ca.crt -in crl.pem -noout verify OK Fingerprint anzeigen sha1 oder sha256: openssl x509 -in cert.crt -noout -sha256 -fingerprint openssl x509 -in cert.crt -noout -sha1 -fingerprint Comodo/Sectigo S/MIME Zertifikat beantragen: --- openssl req -new -newkey rsa:4096 -sha256 -nodes -keyout max.mustermann@pannoniait.at.key -out max.mustermann@pannoniait.at.csr - Common Name E-Mail Adresse "Your certificate is ready for collection" E-Mail / PKCS12 File erstellen für den Import openssl pkcs7 -in CollectCCC -inform der -outform pem -print_certs -out sectigo-collection.crt openssl pkcs12 -export -inkey max.mustermann@pannoniait.at.key -in sectigo-collection.crt -name "Sectigo Certificates" -out max.mustermann@pannoniait.at.p12 -> PKCS12 File importieren mit entsprechendem Passwort --- Aus versendetem E-Mail smime.p7s das Zertifikat exportieren: vorher base64 -d aus mail Content - MIME Abschnitte beachten openssl pkcs7 -inform der -outform pem -print_certs -in /tmp/smime.p7s -out /tmp/certificates.pem
Bash
for i in *.ENDING; do command < $i 2>&1 | grep -qi 'uninitial' && echo $i; done
strlen:
echo ${#PATH}
redirect stderr to stdout:
echo "fooo" 2>&1
As long as return Code of ping command is not 0 (e.g. success) / echo foo
while ! ping -q -W 1 -c 2 IP > /dev/null ; do echo foo ; done
Bash read file per line:
while read test ; do echo $test ; done < test
Bash c like for loop:
for ((i=0; i<10 ; i++)) ; do echo $i; done
cat file | xargs -I{} echo {}
or:
for line in (< /path/to/file); do
echo "Line: $line"
done
https://stackoverflow.com/questions/17368067/length-of-string-in-bash
you could even have a look at stored chars:
myvar='Généralités'
chrlen=${#myvar}
oLang=$LANG oLcAll=$LC_ALL
LANG=C LC_ALL=C
bytlen=${#myvar}
printf -v myreal "%q" "$myvar"
LANG=$oLang LC_ALL=$oLcAll
printf "%s has %d chars, %d bytes: (%s).\n" "${myvar}" $chrlen $bytlen "$myreal"
will answer:
Généralités has 11 chars, 14 bytes: ($'G\303\251n\303\251ralit\303\251s').
Nota: According to Isabell Cowan's comment, I've added setting to $LC_ALL along with $LANG.
Length of an argument
Argument work same as regular variables
strLen()
https://www.thegeekstuff.com/2010/07/bash-string-manipulation/
Bash String Manipulation Examples – Length, Substring, Find and Replace
by SASIKALAon JULY 23, 2010
In bash shell, when you use a dollar sign followed by a variable name, shell expands the variable with its value. This feature of shell is called parameter expansion.
But parameter expansion has numerous other forms which allow you to expand a parameter and modify the value or substitute other values in the expansion process. In this article, let us review how to use the parameter expansion concept for string manipulation operations.
This article is part of the on-going bash tutorial series. Refer to our earlier article on bash { } expansion.
1. Identify String Length inside Bash Shell Script
${#string}
The above format is used to get the length of the given bash variable.
$ cat len.sh
#! /bin/bash
var="Welcome to the geekstuff"
echo ${#var}
$ ./len.sh
24
To understand more about bash variables, read 6 Practical Bash Global and Local Variable Examples.
2. Extract a Substring from a Variable inside Bash Shell Script
Bash provides a way to extract a substring from a string. The following example expains how to parse n characters starting from a particular position.
${string:position}
Extract substring from $string at $position
${string:position:length}
Extract $length of characters substring from $string starting from $position. In the below example, first echo statement returns the substring starting from 15th position. Second echo statement returns the 4 characters starting from 15th position. Length must be the number greater than or equal to zero.
$ cat substr.sh
#! /bin/bash
var="Welcome to the geekstuff"
echo ${var:15}
echo ${var:15:4}
$ ./substr.sh
geekstuff
geek
Also, refer to our earlier article to understand more about $*, $@, $#, $$, $!, $?, $-, $_ bash special parameters.
3. Shortest Substring Match
Following syntax deletes the shortest match of $substring from front of $string
${string#substring}
Following syntax deletes the shortest match of $substring from back of $string
${string%substring}
Following sample shell script explains the above two shortest substring match concepts.
$ cat shortest.sh
#! /bin/bash
filename="bash.string.txt"
echo ${filename#*.}
echo ${filename%.*}
$ ./shortest.sh
After deletion of shortest match from front: string.txt
After deletion of shortest match from back: bash.string
In the first echo statement substring ‘*.’ matches the characters and a dot, and # strips from the front of the string, so it strips the substring “bash.” from the variable called filename. In second echo statement substring ‘.*’ matches the substring starts with dot, and % strips from back of the string, so it deletes the substring ‘.txt’
4. Longest Substring Match
Following syntax deletes the longest match of $substring from front of $string
${string##substring}
Following syntax deletes the longest match of $substring from back of $string
${string%%substring}
Following sample shell script explains the above two longest substring match concepts.
$ cat longest.sh
#! /bin/bash
filename="bash.string.txt"
echo "After deletion of longest match from front:" ${filename##*.}
echo "After deletion of longest match from back:" ${filename%%.*}
$ ./longest.sh
After deletion of longest match from front: txt
After deletion of longest match from back: bash
In the above example, ##*. strips longest match for ‘*.’ which matches “bash.string.” so after striping this, it prints the remaining txt. And %%.* strips the longest match for .* from back which matches “.string.txt”, after striping it returns “bash”.
5. Find and Replace String Values inside Bash Shell Script
Replace only first match
${string/pattern/replacement}
It matches the pattern in the variable $string, and replace only the first match of the pattern with the replacement.
$ cat firstmatch.sh
#! /bin/bash
filename="bash.string.txt"
echo "After Replacement:" ${filename/str*./operations.}
$ ./firstmatch.sh
After Replacement: bash.operations.txt
Replace all the matches
${string//pattern/replacement}
It replaces all the matches of pattern with replacement.
$ cat allmatch.sh
#! /bin/bash
filename="Path of the bash is /bin/bash"
echo "After Replacement:" ${filename//bash/sh}
$ ./allmatch.sh
After Replacement: Path of the sh is /bin/sh
Taking about find and replace, refer to our earlier articles – sed substitute examples and Vim find and replace.
Replace beginning and end
${string/#pattern/replacement}
Following syntax replaces with the replacement string, only when the pattern matches beginning of the $string.
${string/%pattern/replacement}
Following syntax replaces with the replacement string, only when the pattern matches at the end of the given $string.
$ cat posmatch.sh
#! /bin/bash
filename="/root/admin/monitoring/process.sh"
echo "Replaced at the beginning:" ${filename/#\/root/\/tmp}
echo "Replaced at the end": ${filename/%.*/.ksh}
$ ./posmatch.sh
Replaced at the beginning: /tmp/admin/monitoring/process.sh
Replaced at the end: /root/admin/monitoring/process.ksh
Recommended Reading
https://stackoverflow.com/questions/3173131/redirect-copy-of-stdout-to-log-file-from-within-bash-script-itself
redirect output of script itself to file
#!/usr/bin/env bash
# Redirect stdout ( > ) into a named pipe ( >() ) running "tee"
exec > >(tee -i logfile.txt)
# Without this, only stdout would be captured - i.e. your
# log file would not contain any error messages.
# SEE (and upvote) the answer by Adam Spiers, which keeps STDERR
# as a separate stream - I did not want to steal from him by simply
# adding his answer to mine.
exec 2>&1
echo "foo"
echo "bar" >&2
Delimiter String durchiterieren:
https://stackoverflow.com/questions/918886/how-do-i-split-a-string-on-a-delimiter-in-bash09CFIQ4dUDCAU&uact=5
You can set the internal field separator (IFS) variable, and then let it parse into an array. When this happens in a command, then the assignment to IFS only takes place to that single command's environment (to read ). It then parses the input according to the IFS variable value into an array, which we can then iterate over.
IFS=';' read -ra ADDR <<< "$IN"
for i in "${ADDR[@]}"; do
# process "$i"
done
Variante 2:
urnilxfgbez@mrWhiteGhost:~$ CURRENT_IFS=$IFS
urnilxfgbez@mrWhiteGhost:~$ db="db1,db2,db4"
urnilxfgbez@mrWhiteGhost:~$ IFS=","
urnilxfgbez@mrWhiteGhost:~$ for i in $db ; do echo "Foo: $i" ; done
Foo: db1
Foo: db2
Foo: db4
urnilxfgbez@mrWhiteGhost:~$ IFS=$CURRENT_IFS
urnilxfgbez@mrWhiteGhost:~$ db2=db1,db2,db4
urnilxfgbez@mrWhiteGhost:~$ echo $db2
db1,db2,db4
Numeric Increment +1 :
urnilxfgbez@mrWhiteGhost:~$ i=5
urnilxfgbez@mrWhiteGhost:~$ ((i++))
urnilxfgbez@mrWhiteGhost:~$ echo $i
6
Numeric add +x :
urnilxfgbez@mrWhiteGhost:~$ let "i=i+5"
urnilxfgbez@mrWhiteGhost:~$ echo $i
11
==========================
https://timmurphy.org/2012/03/09/convert-a-delimited-string-into-an-array-in-bash/
String into Array
#!/bin/bash
OIFS=$IFS;
IFS="|";
animals="dog|cat|fish|squirrel|bird|shark";
animalArray=($animals);
for ((i=0; i<${#animalArray[@]}; ++i)); do echo "animal $i: ${animalArray[$i]}"; done
IFS=$OIFS;
=================================
Parameter in Bash als Variablen übergeben / als Array definieren damit die Quotes korrekt interpretiert werden
https://serverfault.com/questions/936426/call-rsync-with-args-stored-in-a-string/936461#936461
USERNAME_SSH="foo"
SERVER_HOSTNAME="123.server.at"
TARGET_BACKUP_LOCATION_WEBSITE="/srv/backups/website/"
SSH_COMMON_OPTIONS="-o PasswordAuthentication=no -o ServerAliveInterval=120 -o ServerAliveCountMax=5 -o Compression=yes"
RSYNC_COMMON_OPTIONS="-ax --delete --relative --delete-excluded --compress --timeout=3600 --perms --chmod=u+rwX --exclude=dev/ --exclude=var/tmp/ --exclude=usr/ --exclude=sess_* --exclude=logs/*"
RSYNC_COMMON_OPTIONS_ARRAY=($RSYNC_COMMON_OPTIONS)
RSYNC_COMMON_OPTIONS_ARRAY+=(-e "ssh $SSH_COMMON_OPTIONS")
rsync "${RSYNC_COMMON_OPTIONS_ARRAY[@]}" "$USERNAME_SSH@$SERVER_HOSTNAME:/" "$TARGET_BACKUP_LOCATION_WEBSITE"
===========
Zeilenweises einlesen aus Datei liste.txt
bsp while read foo ; do youtube-dl --extract-audio --audio-format mp3 "$foo" ; done < liste.txt
RAM info
dmidecode --type 17
Ubuntu version
lsb_release -a
Traffic shaping
Show: tc class ls dev DEVICE
Gratious ARP
iputils-arping arping -U -I eth0 IP/Adresse
Socat
socat - unix:socketfilename
Screen
SHARE teilen/detachen: strg+A :multiuser on ->"server" screen -x ->client Ctrl+A+D for detaching the screen
- Screen resume nicht möglich da er es als „attached“ betrachtet
# screen -r 16894 There is a screen on: 16894.pts-0.backup (09/01/20 11:17:52) (Attached) There is no screen to be resumed matching 16894. # screen -r -d 16894
Associated Clients hostapd/wpad
iw dev wlan0 station dump
List wireless hardware capabilities hostapd/wpad
-> iw list root@foo:~# iw list Wiphy phy1 wiphy index: 1 max # scan SSIDs: 4 max scan IEs length: 2257 bytes max # sched scan SSIDs: 0 max # match sets: 0 Retry short limit: 7 Retry long limit: 4 .... Wiphy phy0 wiphy index: 0 max # scan SSIDs: 16 max scan IEs length: 199 bytes max # sched scan SSIDs: 0 ...
List/scan wireless access points hostapd/wpad
- WLANs anzeigen cli
ggf. ip li set dev wlanxx up iw dev wlanxx scan
Disassociate Client hostapd/wpad
- Achtung bei tiny Installation gibts kein hostapd_cli
The default wpad-mini package does provide the disassociate command but not the all_sta. So get the list of associated clients on card wlan1 with iwinfo wlan1 assoclist, select a MAC address and then "kick" it with (for example): hostapd_cli disassociate -i wlan1 01:23:45:67:89:AB Considering a client usually tries to reconnect when disconnected, this might just disconnect it for about 10s.
- Mit iw getestet auf lede 17er Edition
- Auf 4.19 Kernel (kali linux) probiert er nach ~20-30 Sekunden wieder einen reconnect
Usage: iw [options] dev <devname> station del <MAC address> [subtype <subtype>] [reason-code <code>] Remove the given station entry (use with caution!) Example subtype values: 0xA (disassociation), 0xC (deauthentication) -> iw dev wlan0 station del MAC-ADRESSE-HIER subtype 0xA
Harddisk shutdown
echo 1 > /sys/block/sdf/device/delete
Check tape
mt -f /dev/st0 status mt -f /dev/st0 rewind mt -f "$TAPE_DEV" eject
postfix
list queue: postqueue -p flush queue: postqueue -f "release" all mails from hold queue: postsuper -H ALL delete all mails from queue: postsuper -d ALL delete all mails from hold queue: postsuper -d ALL hold delete all mails from deferred queue: postsuper -D ALL deferred
Linux software mdadm
mdadm --assemble /dev/md0 --run /dev/sdb1
Degraded raid1:
$ mdadm --create /dev/md0 -l raid1 -f -n 1 /dev/sda1
(Von Wiki Thomas Krenn: https://www.thomas-krenn.com/de/wiki/RAID_Controller#Software_RAID )
SDX1 hot remove:
root@ubuntumdraidtest:~# mdadm --manage /dev/mdN -r /dev/sdX1
mdadm: hot removed /dev/sdX1 from /dev/mdN
SDX1 add:
root@ubuntumdraidtest:~# mdadm --manage /dev/mdN -a /dev/sdX1
mdadm: added /dev/sdX1
Wenn degraded und status inactive e.g.
root@mrChief:/home/urnilxfgbez# mdadm --run /dev/md127
root@mrChief:/home/urnilxfgbez# cat /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md127 : active (auto-read-only) raid1 sdb1[0]
1953511936 blocks [2/1] [U_]
bitmap: 0/15 pages [0KB], 65536KB chunk
- RAID1 erstellen
root@mrWhiteGhost:/home/urnilxfgbez# fdisk /dev/sda
Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-240353279, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-240353279, default 240353279):
Created a new partition 1 of type 'Linux' and of size 114.6 GiB.
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): fd
Changed type of partition 'Linux' to 'Linux raid autodetect'.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
root@mrWhiteGhost:/home/urnilxfgbez# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-240353279, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-240353279, default 240353279):
Created a new partition 1 of type 'Linux' and of size 114.6 GiB.
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): fd
Changed type of partition 'Linux' to 'Linux raid autodetect'.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
-----
root@mrWhiteGhost:/home/urnilxfgbez# mdadm --create /dev/md0 --level=raid1 --raid-devices=2 /dev/sda1 /dev/sdb1
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
---
filesystem
root@mrWhiteGhost:/home/urnilxfgbez# mkfs.ext4 -L VAR_FS_RPI /dev/md0
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 30027264 4k blocks and 7512064 inodes
Filesystem UUID: 1d7fa1a4-f88c-44f7-847b-4340b2f381af
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done
done
done
--
speedup
echo "100000" > /proc/sys/dev/raid/speed_limit_min
stop raid
mdadm --stop /dev/md0
configuration erstellen für startup
/usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
- Platte austauschen im RAID md0 , Platte sdb zeigt erste Fehler , BIOS System kein UEFI
sfdisk -d /dev/sdb > /root/sfdisk_sdb_dump.txt mdadm --manage /dev/md0 --fail /dev/sdb2 mdadm --manage /dev/md0 --remove /dev/sdb2 --- Austausch -- cat /root/sfdisk_sdb_dump.txt | sfdisk /dev/sdb mdadm --manage /dev/md0 --add /dev/sdb2 mdadm --detail /dev/md0
- PENDING SYNC resumen im RAID md1 , bei read only
root@master:~# cat /proc/mdstat
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10]
md1 : active (auto-read-only) raid1 sdd2[1] sdc2[0]
3906881344 blocks super 1.2 [2/2] [UU]
resync=PENDING
bitmap: 30/30 pages [120KB], 65536KB chunk
md0 : active raid1 sdb2[2] sda2[0]
1953381376 blocks super 1.2 [2/2] [UU]
bitmap: 2/15 pages [8KB], 65536KB chunk
---
root@master:~# mdadm --readwrite /dev/md1
---
root@master:~# cat /proc/mdstat
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10]
md1 : active raid1 sdd2[1] sdc2[0]
3906881344 blocks super 1.2 [2/2] [UU]
[>....................] resync = 2.3% (91627072/3906881344) finish=289.3min speed=219744K/sec
bitmap: 30/30 pages [120KB], 65536KB chunk
md0 : active raid1 sdb2[2] sda2[0]
1953381376 blocks super 1.2 [2/2] [UU]
bitmap: 2/15 pages [8KB], 65536KB chunk
unused devices: <none>
- In Rescue System grml RAID Volumes „aktivieren“ (/proc/mdstat)
mdadm --assemble --scan
VNC Viewer Hextile
- Bei extrem schlechter Upload Bandbereite / Hohe Kompression und Zlib like Kompression einsetzen
xtightvncviewer -compresslevel 9 -encoding Tight TARGET
- Bei Port Forwarding durch SSH Sitzung - Bandbreite grundsätzlich ok
xvncviewer -encoding Hextile localhost
NIC blink
ethtool -p ethx
ARP flux
prevent arp replies on different NICs zB: echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
LDAP queries
ldapsearch -h SERVER -D 'CN=Administrator,CN=Users,DC=DOMAIN,DC=local' -x -W -b 'DC=DOMAIN,DC=local' '(&(ATTRIBUTE=1)(objectCategory=Person))' dn ATTRIBUTE
Wget
download all files directory listening with ending .exe: wget -q -rl 1 -nd "http://PATH" -A*.exe
Ubuntu
Change keyboard layout: sudo dpkg-reconfigure console-setup
Winbind
wbinfo - Query information from winbind daemon
Domain join linux server
root# net ads join -UAdministrator%password http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
Load Kernel module
make kernel module loadable depmod -a program to generate modules.dep and map filesi
less
http://www.thegeekstuff.com/2010/02/unix-less-command-10-tips-for-effective-navigation/ & -> matches only :n – go to the next file. :p – go to the previous file. G – go to the end of file g – go to the start of file
ddrescue
Disk to image
In this scenario the disk drive /dev/sdb is about to fail and we want to create an exact copy in the form of an image.
First, copy every block without read error and log the errors to /root/rescue.log.
Note
This requires at least as much disk space as the size of the failing disk drive.
root #ddrescue -f -n /dev/sdb /root/sdb_rescue.img /root/rescue.log
-f
Force ddrescue to run even if the destination file already exists.
-n
Skip the splitting phase to avoid spending a lot of time trying to rescue the most difficult parts of a file.
Second, copy only the bad blocks and try 3 times to read from the source before giving up:
root #ddrescue -d -f -r3 /dev/sdb /root/sdb_rescue.img /root/rescue.log
-d
Use direct access to the drive and skip any cache.
-rN
Try N times to rescue the block.
Now the image can be mounted as loop device and the file system checked for corruption.
Note
It can be helpful to not retry at all in cases where the USB controller disconnects the drive if certain blocks are read. Here you may want to skip any errored block.
boot-rescue
- Boot von externem Medium zB: grml (https://grml.org/download/)
- Mount der Dateisystem für chroot / Achtung bind mount auch für /run (!)
mount -t proc none proc mount -t sysfs none sys mount -o bind /dev dev/ mount -o bind /dev/pts dev/pts mount -o bind /run run/ chroot ./ /bin/bash
lvm
- Empfehlung falls lvm_volume ROOT von einer virtuellen Maschine über kvm - vorher herunterfahren!
- Verkleinert direkt darunter liegendes Filesystem + LVM - getestet auf Debian stretch
# lvresize --size 150G --resizefs /dev/mapper/lvm_volume
- LVM Resize - erweitern:
lvresize -L+500G /dev/mapper/foo-lvm
- LVM Logical Volume anlegen:
lvcreate -n name-lvm -L500G volume-group
- LVM Snapshots:
lvcreate -L <LV size> -s -n <snapshot name> /dev/<VG name>/<LV name> lvremove /dev/<VG name>/<snapshot name>
- LVM Snapshots - Beispiele um an Filesystem zu kommen (offset mount - 2048*512, oder kpartx)
root@mrGodfather:/mnt# lvcreate -L200M -s -n guest-mrscanner-root-snapshot /dev/mapper/mrGodfather-guest--mrscanner--root Logical volume "guest-mrscanner-root-snapshot" created. root@mrGodfather:/mnt# kpartx -av /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot add map mrGodfather-guest--mrscanner--root--snapshot1 (253:22): 0 136312832 linear 253:21 2048 root@mrGodfather:/mnt# mount -o ro /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot1 /mnt/tmp root@mrGodfather:/mnt# ls -al /mnt/tmp/ total 2097308 drwxr-xr-x 22 root root 4096 Jul 24 06:39 . drwxr-xr-x 5 root root 4096 Mar 10 2018 .. drwxr-xr-x 2 root root 4096 Jul 5 06:53 bin drwxr-xr-x 3 root root 4096 Jul 25 06:47 boot drwxr-xr-x 2 root root 4096 Mar 23 2016 dev drwxr-xr-x 111 root root 12288 Aug 1 06:08 etc drwxr-xr-x 2 root root 4096 Mar 23 2016 home lrwxrwxrwx 1 root root 33 Jul 24 06:39 initrd.img -> boot/initrd.img-4.15.0-55-generic lrwxrwxrwx 1 root root 33 Jul 24 06:39 initrd.img.old -> boot/initrd.img-4.15.0-54-generic drwxr-xr-x 20 root root 4096 May 21 12:18 lib drwxr-xr-x 2 root root 4096 May 21 11:59 lib64 drwx------ 2 root root 16384 Mar 8 2016 lost+found drwxr-xr-x 3 root root 4096 Mar 8 2016 media drwxr-xr-x 2 root root 4096 Jun 25 2018 mnt drwxr-xr-x 2 root root 4096 Feb 18 2016 opt dr-xr-xr-x 2 root root 4096 Mar 23 2016 proc drwx------ 7 root root 4096 Aug 9 01:12 root drwxr-xr-x 3 root root 4096 Oct 19 2016 run drwxr-xr-x 2 root root 12288 May 21 12:21 sbin drwxr-xr-x 2 root root 4096 Feb 18 2016 srv -rw-rw---- 1 root root 2147483648 Mar 18 2016 swap.img dr-xr-xr-x 2 root root 4096 Mar 23 2016 sys drwxrwxrwt 11 root root 40960 Aug 13 09:45 tmp drwxr-xr-x 10 root root 4096 Mar 8 2016 usr drwxr-xr-x 13 root root 4096 Oct 19 2016 var lrwxrwxrwx 1 root root 30 Jul 24 06:39 vmlinuz -> boot/vmlinuz-4.15.0-55-generic lrwxrwxrwx 1 root root 30 Jul 24 06:39 vmlinuz.old -> boot/vmlinuz-4.15.0-54-generic root@mrGodfather:/mnt# umount /mnt/tmp/ root@mrGodfather:/mnt# kpartx -dv /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot del devmap : mrGodfather-guest--mrscanner--root--snapshot1 root@mrGodfather:/mnt# fdisk /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot Welcome to fdisk (util-linux 2.33.1). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): p Disk /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot: 70 GiB, 75161927680 bytes, 146800640 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xe7f8c045 Device Boot Start End Sectors Size Id Type /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot-part1 2048 136314879 136312832 65G 83 Linux Command (m for help): q root@mrGodfather:/mnt# mount -o ro,offset=1048576 /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot /mnt/tmp root@mrGodfather:/mnt# ls -al /mnt/tmp/ total 2097308 drwxr-xr-x 22 root root 4096 Jul 24 06:39 . drwxr-xr-x 5 root root 4096 Mar 10 2018 .. drwxr-xr-x 2 root root 4096 Jul 5 06:53 bin drwxr-xr-x 3 root root 4096 Jul 25 06:47 boot drwxr-xr-x 2 root root 4096 Mar 23 2016 dev drwxr-xr-x 111 root root 12288 Aug 1 06:08 etc drwxr-xr-x 2 root root 4096 Mar 23 2016 home lrwxrwxrwx 1 root root 33 Jul 24 06:39 initrd.img -> boot/initrd.img-4.15.0-55-generic lrwxrwxrwx 1 root root 33 Jul 24 06:39 initrd.img.old -> boot/initrd.img-4.15.0-54-generic drwxr-xr-x 20 root root 4096 May 21 12:18 lib drwxr-xr-x 2 root root 4096 May 21 11:59 lib64 drwx------ 2 root root 16384 Mar 8 2016 lost+found drwxr-xr-x 3 root root 4096 Mar 8 2016 media drwxr-xr-x 2 root root 4096 Jun 25 2018 mnt drwxr-xr-x 2 root root 4096 Feb 18 2016 opt dr-xr-xr-x 2 root root 4096 Mar 23 2016 proc drwx------ 7 root root 4096 Aug 9 01:12 root drwxr-xr-x 3 root root 4096 Oct 19 2016 run drwxr-xr-x 2 root root 12288 May 21 12:21 sbin drwxr-xr-x 2 root root 4096 Feb 18 2016 srv -rw-rw---- 1 root root 2147483648 Mar 18 2016 swap.img dr-xr-xr-x 2 root root 4096 Mar 23 2016 sys drwxrwxrwt 11 root root 40960 Aug 13 09:45 tmp drwxr-xr-x 10 root root 4096 Mar 8 2016 usr drwxr-xr-x 13 root root 4096 Oct 19 2016 var lrwxrwxrwx 1 root root 30 Jul 24 06:39 vmlinuz -> boot/vmlinuz-4.15.0-55-generic lrwxrwxrwx 1 root root 30 Jul 24 06:39 vmlinuz.old -> boot/vmlinuz-4.15.0-54-generic root@mrGodfather:/mnt# umount /mnt/tmp/ root@mrGodfather:/mnt# lvremove /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot Do you really want to remove active logical volume mrGodfather/guest-mrscanner-root-snapshot? [y/n]: y Logical volume "guest-mrscanner-root-snapshot" successfully removed
- LVM anzeigen volume groups / logical volumes:
vgdisplay vgs lvs
- Physical Volume in Volume Group durch neues Physical Volume austauschen wenn zB: die Platte größer wird (altes PV /dev/mapper/md126_crypted , neues PV /dev/mapper/md128_crypted , Volume Group storage
Vorher wurde RAID1 md Device erstellt und über cryptsetup formatiert (luksFormat) und geöffnet (luksOpen) , /dev/mapper/md128 repräsentiert das "zugriffsfähige" Blockdevice, das nun als Physical Volume erstellt wird pvcreate /dev/mapper/md128_crypted vgextend storage /dev/mapper/md128_crypted root@mrGodfather:~# pvs PV VG Fmt Attr PSize PFree /dev/mapper/md126_crypted storage lvm2 a-- <3.64t <411.89g /dev/mapper/md128_crypted storage lvm2 a-- <6.99t <6.99t root@mrGodfather:~# pvmove -b --atomic /dev/mapper/md126_crypted /dev/mapper/md128_crypted root@mrGodfather:~# lvs -a -o+devices LV VG Attr LSize Pool Origin Data% Meta% Move ... guest-mrstorage-storage storage -wI-a----- 3.00t pvmove0(0) guest-mrstorage-storage storage -wI-a----- 3.00t pvmove0(0) [pvmove0] storage p-C-aom--- <3.24t /dev/mapper/md126_crypted 1.00 pvmove0_mimage_0(0),pvmove0_mimage_1(0) ... root@mrGodfather:~# pvs PV VG Fmt Attr PSize PFree /dev/mapper/md126_crypted storage lvm2 a-- <3.64t <3.64t /dev/mapper/md128_crypted storage lvm2 a-- <6.99t <3.75t root@mrGodfather:~# vgreduce storage /dev/mapper/md126_crypted Removed "/dev/mapper/md126_crypted" from volume group "storage" root@mrGodfather:~# pvremove /dev/mapper/md126_crypted Labels on physical volume "/dev/mapper/md126_crypted" successfully wiped. -> check /etc/crypttab ! -> check /etc/mdadm/mdadm.conf
- Physical Disk /dev/md1 zu Volume group „master“ hinzufügen
root@master:~# pvcreate /dev/md1 Physical volume "/dev/md1" successfully created. --- Volume group --- VG Name master System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 11 VG Access read/write VG Status resizable MAX LV 0 Cur LV 6 Open LV 5 Max PV 0 Cur PV 1 Act PV 1 VG Size 1.82 TiB PE Size 4.00 MiB Total PE 476899 Alloc PE / Size 403384 / 1.54 TiB Free PE / Size 73515 / 287.17 GiB VG UUID foo-123 root@master:~# vgextend master /dev/md1 Volume group "master" successfully extended root@master:~# vgdisplay --- Volume group --- VG Name master System ID Format lvm2 Metadata Areas 2 Metadata Sequence No 12 VG Access read/write VG Status resizable MAX LV 0 Cur LV 6 Open LV 5 Max PV 0 Cur PV 2 Act PV 2 VG Size 5.46 TiB PE Size 4.00 MiB Total PE 1430727 Alloc PE / Size 403384 / 1.54 TiB Free PE / Size 1027343 / 3.92 TiB VG UUID foo-123 root@master:~# vgscan Reading volume groups from cache. Found volume group "master" using metadata type lvm2 root@master:~# pvscan PV /dev/md0 VG master lvm2 [1.82 TiB / 287.17 GiB free] PV /dev/md1 VG master lvm2 [3.64 TiB / 3.64 TiB free] Total: 2 [5.46 TiB] / in use: 2 [5.46 TiB] / in no VG: 0 [0 ]
- Extends von /dev/md0 auf /dev/md1 auf Volume Group „master“ / nur LVM guest-file-storage verschieben / damit Storage ausschließlich durch /dev/md1 gehandeled wird und der Rest auf /dev/md0
root@master:~# pvs
PV VG Fmt Attr PSize PFree
/dev/md0 master lvm2 a-- 1.82t 0
/dev/md1 master lvm2 a-- 3.64t 2.94t
root@master:~# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
....
guest-file-storage master -wi-ao---- 1.95t
....
root@master:~# pvmove -n guest-file-storage /dev/md0 /dev/md1
/dev/md0: Moved: 0.00%
/dev/md0: Moved: 0.16%
/dev/md0: Moved: 0.31%
/dev/md0: Moved: 0.47%
....
/dev/md0: Moved: 99.88%
/dev/md0: Moved: 100.00%
root@master:~#
root@master:~# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
guest-file-storage master -wi-ao---- 1.95t
root@master:~# pvs
PV VG Fmt Attr PSize PFree
/dev/md0 master lvm2 a-- 1.82t 1.26t
/dev/md1 master lvm2 a-- 3.64t 1.69t
- Rescue Boot volume group aktivieren
müssen das Volume grundsätzlich anzeigen: lvs / lvdisplay pvdisplay / pvs vgs /vgdisplay aktivieren aller erkannten volume groups: vgchange -a y
- Merge durchführen falls Snapshot wieder hergestellt werden soll / zB: testen von dist-upgrade darunter - Getestet unter Debian Buster / Achtung Snapshot Größe beachten sonst wird er automatisch gelöscht
root@mrGodfather:/etc/kvm# lvcreate -L10G -s -n mrsEntenhausen-snapshot /dev/storage/guest-mrsentenhausen-root
Logical volume "mrsEntenhausen-snapshot" created.
root@mrGodfather:/etc/kvm# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
...
...
mrsEntenhausen-snapshot storage swi-a-s--- 10.00g guest-mrsentenhausen-root 0.00
root@mrGodfather:/etc/kvm# kvm status mrsEntenhausen
[....] Status VM: mrsEntenhausen is running
root@mrGodfather:/etc/kvm# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
...
mrsEntenhausen-snapshot storage swi-a-s--- 10.00g guest-mrsentenhausen-root 0.40
root@mrGodfather:/etc/kvm# lvconvert --merge /dev/storage/mrsEntenhausen-snapshot
Delaying merge since origin is open.
Merging of snapshot storage/mrsEntenhausen-snapshot will occur on next activation of storage/guest-mrsentenhausen-root.
root@mrGodfather:/etc/kvm# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
...
...
Snapshot is gone in the list !
root@mrGodfather:/etc/kvm# kvm stop mrsEntenhausen
[ ok ] Stopping VM: mrsEntenhausen .
root@mrGodfather:/etc/kvm# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
guest-mrsentenhausen-root storage Owi-a-s--- 300.00g 5.89
root@mrGodfather:/etc/kvm# lvdisplay /dev/storage/guest-mrsentenhausen-root
--- Logical volume ---
LV Path /dev/storage/guest-mrsentenhausen-root
LV Name guest-mrsentenhausen-root
VG Name storage
LV UUID Gme1Ww-UzAT-D11p-lUSy-Nq72-52mj-TmKqIp
LV Write Access read/write
LV Creation host, time mrGodfather, 2021-09-26 13:32:24 +0200
LV snapshot status source of
mrsEntenhausen-snapshot [active]
LV Status available
# open 0
LV Size 300.00 GiB
Current LE 76800
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:18
Finished:
root@mrGodfather:~# lvdisplay /dev/storage/guest-mrsentenhausen-root
--- Logical volume ---
LV Path /dev/storage/guest-mrsentenhausen-root
LV Name guest-mrsentenhausen-root
VG Name storage
LV UUID Gme1Ww-UzAT-D11p-lUSy-Nq72-52mj-TmKqIp
LV Write Access read/write
LV Creation host, time mrGodfather, 2021-09-26 13:32:24 +0200
LV Status available
# open 0
LV Size 300.00 GiB
Current LE 76800
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:18
root@mrGodfather:~# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
..
guest-mrsentenhausen-root storage -wi-a----- 300.00g
..
root@mrGodfather:~#
- vgmerge eine Volume Group zur anderen „hinzufügen“ / zuerst darauf achten dass volume Group storage keine verwendeten lvs hat - schlussendlich soll mrgodfather verbleiben
root@mrGodfather:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert guest-mradblock-root mrGodfather -wi-a----- 30.00g guest-mrcloud-root mrGodfather -wi-a----- 25.00g guest-mrdoku-root mrGodfather -wi-ao---- 200.00g guest-mrgatekeeper-backup mrGodfather -wi-a----- 250.00g guest-mrmail-root mrGodfather -wi-ao---- 50.00g guest-mrmail-var mrGodfather -wi-ao---- 100.00g guest-mrmonitoring-root mrGodfather -wi-ao---- 360.00g guest-mrscanner-root mrGodfather -wi-ao---- 70.00g guest-mrstorage-root mrGodfather -wi-a----- 50.00g guest-mrwebserver-root mrGodfather -wi-ao---- 150.00g root mrGodfather -wi-ao---- 42.59g var mrGodfather -wi-ao---- 46.56g guest-develop-debian-root storage -wi------- 30.00g guest-develop-firewall-debian-root storage -wi------- 12.00g guest-develop-openwrt-root storage -wi------- 300.00g guest-mrcloud-storage storage -wi------- 300.00g guest-mrgatekeeper-root storage -wi------- 128.00g guest-mrsentenhausen-root storage -wi------- 300.00g guest-mrstorage-storage storage -wi------- 4.17t root@mrGodfather:~# vgmerge -t -v mrGodfather storage root@mrGodfather:~# vgmerge -t -v mrGodfather storage TEST MODE: Metadata will NOT be updated and volumes will not be (de)activated. Checking for volume group "mrGodfather" Checking for volume group "storage" Test mode: Skipping archiving of volume group. Test mode: Skipping archiving of volume group. Writing out updated volume group Test mode: Skipping backup of volume group. Volume group "storage" successfully merged into "mrGodfather" ---- oot@mrGodfather:~# vgmerge -v mrGodfather storage Checking for volume group "mrGodfather" Checking for volume group "storage" Archiving volume group "storage" metadata (seqno 135). Archiving volume group "mrGodfather" metadata (seqno 66). Writing out updated volume group Creating volume group backup "/etc/lvm/backup/mrGodfather" (seqno 67). Volume group "storage" successfully merged into "mrGodfather" --- root@mrGodfather:~# vgdisplay --- Volume group --- VG Name mrGodfather System ID Format lvm2 Metadata Areas 2 Metadata Sequence No 67 VG Access read/write VG Status resizable MAX LV 0 Cur LV 19 Open LV 8 Max PV 0 Cur PV 2 Act PV 2 VG Size 13.97 TiB PE Size 4.00 MiB Total PE 3662497 Alloc PE / Size 1719336 / <6.56 TiB Free PE / Size 1943161 / 7.41 TiB VG UUID keOy1u-fMi3-Wm9a-RVHG-HEfl-YglK-CtCR2K -- root@mrGodfather:~# vgchange -a y mrGodfather 19 logical volume(s) in volume group "mrGodfather" now active
PHP
- Beispiel für eine „pipe“ in PHP bei Skriptaufruf
...
#!/usr/bin/php
<?php
#Pipe Username\n and Password\n to php
$auth_data = file("php://stdin");
if(count($auth_data) != 2)
{
exit(1);
}
$USERNAME=trim($auth_data[0]);
$PASSWORD=trim($auth_data[1]);
...
- glob mit oder „pattern“
You can use the GLOB_BRACE constant
GLOB_BRACE - Expands {a,b,c} to match 'a', 'b', or 'c'
e.g.
$dirname = 'uploads/';
glob("$dirname*.{png,jpeg,jpg,gif}", GLOB_BRACE);
See: http://php.net/manual/en/function.glob.php
qemu
- Konvertieren von RAW nach VDI (VirtualBox)
qemu-img convert -f raw -O vdi develop-firewall-debian.img develop-firewall-debian.vdi
- Oder von VDI nach RAW (offenbar gibts eine auto detection)
qemu-img convert openwrt-develop-disk1.vdi -O raw openwrt-develop1.vdi.raw
- Nested virualisierung des is nice - nasty virtualization :)
- Quote von: https://www.kernel.org/doc/html/v5.7/virt/kvm/running-nested-guests.html - Achunt in Debian Buster noch nicht per Default aktiv
..nabling “nested” (x86)
From Linux kernel v4.19 onwards, the nested KVM parameter is enabled by default for Intel and AMD. (Though your Linux distribution might override this default.)
In case you are running a Linux kernel older than v4.19, to enable nesting, set the nested KVM module parameter to Y or 1. To persist this setting across reboots, you can add it in a config file, as shown below:
On the bare metal host (L0), list the kernel modules and ensure that the KVM modules:
$ lsmod | grep -i kvm
kvm_intel 133627 0
kvm 435079 1 kvm_intel
Show information for kvm_intel module:
$ modinfo kvm_intel | grep -i nested
parm: nested:bool
For the nested KVM configuration to persist across reboots, place the below in /etc/modprobed/kvm_intel.conf (create the file if it doesn’t exist):
$ cat /etc/modprobe.d/kvm_intel.conf
options kvm-intel nested=y
Unload and re-load the KVM Intel module:
$ sudo rmmod kvm-intel
$ sudo modprobe kvm-intel
Verify if the nested parameter for KVM is enabled:
$ cat /sys/module/kvm_intel/parameters/nested
Y
For AMD hosts, the process is the same as above, except that the module name is kvm-amd.
boot
- Reset Root Password / Debugging
- Im Grub Menue beim Bootvorgang → e → Kernel Paramter init=/bin/bash (Achtung englische Tastatur ´ ⇒ = )
- Fortsetzen des Bootvorgangs nach erfolgtem Edit → exec /sbin/init
Registered: Jan 2011 Location: Abingdon, VA Distribution: Catalina Posts: 9,374 Blog Entries: 37 Rep: Reputation: Disabled Quote: Originally Posted by bts145 View Post First you must activate the magic SysRq option: echo 1 > /proc/sys/kernel/sysrq When you are ready to reboot the machine simply run the following: echo b > /proc/sysrq-trigger http://www.linuxjournal.com/content/rebooting-magic-way oder the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc).
cryptsetup
- Interesting read argon2id: https://mjg59.dreamwidth.org/66429.html?thread=2120573 , https://dys2p.com/en/2023-05-luks-security.html , https://neilzone.co.uk/2023/04/updating-the-luks-key-derivation-function-on-debian/ , https://www.linkedin.com/pulse/how-utilize-argon2-kdf-configuration-secure-things-know-chung-mba#:~:text=%23Argon2id%20is%20much%20more%20modern,for%20CPU%20and%20RAM%20usage
- Getestet auf Debian Bookworm / ursprünglich argon2i / Stand der Technik (2024-03-11): argon2id / erfolgreicher reboot :)
root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksHeaderBackup /dev/crypted_partition_info --header-backup-file /tmp/header_backup_crypted_partition_info.img root@mrWhiteGhost:/home/urnilxfgbez# file /tmp/header_backup_crypted_partition_info.img /tmp/header_backup_crypted_partition_info.img: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x9838482c38d968d1..., UUID: 123-123-123, crc 0xff..... root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3 LUKS header information Version: 2 Epoch: 3 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 123-123-123 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 4 Memory: 966868 Threads: 4 AF stripes: 4000 AF hash: sha256 Area offset:32768 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 85780 root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksConvertKey /dev/nvme0n1p3 --pbkdf argon2id Enter passphrase for keyslot to be converted: root@mrWhiteGhost:/home/urnilxfgbez# echo $? 0 root@mrWhiteGhost:/home/urnilxfgbez# cryptsetup luksDump /dev/nvme0n1p3 LUKS header information Version: 2 Epoch: 5 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 123-123-123 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2id Time cost: 5 Memory: 1048576 Threads: 4 AF stripes: 4000 AF hash: sha256 Area offset:290816 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 85780
encrypted zip
- Achtung Quote aus den man files:
..
(And where security is truly important, use strong en‐
cryption such as Pretty Good Privacy instead of the relatively
weak standard encryption provided by zipfile utilities.)
..
- zip Encrypt cli:
urnilxfgbez@mrWhiteGhost:/tmp$ zip -e archivename.zip file1.odt file2.odt Enter password: Verify password: adding: file1.odt (deflated 3%) adding: file2.odt (deflated 4%)
timezone setzen
- Set Time to Europe/Vienna
- via link manually
ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
- via timedatectl
root@mrWhiteGhost:/home/urnilxfgbez# timedatectl set-timezone Europe/Vienna
root@mrWhiteGhost:/home/urnilxfgbez# timedatectl
Local time: Fri 2020-07-24 10:18:24 CEST
Universal time: Fri 2020-07-24 08:18:24 UTC
RTC time: Fri 2020-07-24 08:18:23
Time zone: Europe/Vienna (CEST, +0200)
System clock synchronized: no
NTP service: n/a
RTC in local TZ: no
mac manufacturer
- Lookup e.g. echo „b0:5c:da:11:22:33“ | cut -s -d':' -f1,2,3 –output-delimiter='-' | grep -i -f - /var/lib/ieee-data/*.txt | awk '{ $1=$2=„“; print $0 }'
- Achtung Abhängig vom Alter des ieee-data Pakets könnten sich die Links schon geändert haben - aktuell für MAC Vendor : http://standards-oui.ieee.org/oui.txt
Update IEEE data: apt-get install ieee-data update-ieee-data WARNING: tempfile is deprecated; consider using mktemp instead. Updating /var/lib/ieee-data//oui.txt Checking permissions on /var/lib/ieee-data//oui.txt Downloading https://standards.ieee.org/develop/regauth/oui/oui.txt to /var/lib/ieee-data//oui.txt Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui.txt /var/lib/ieee-data//oui.txt updated. Updating /var/lib/ieee-data//mam.txt Checking permissions on /var/lib/ieee-data//mam.txt Downloading https://standards.ieee.org/develop/regauth/oui28/mam.txt to /var/lib/ieee-data//mam.txt Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//mam.txt /var/lib/ieee-data//mam.txt updated. Updating /var/lib/ieee-data//oui36.txt Checking permissions on /var/lib/ieee-data//oui36.txt Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.txt to /var/lib/ieee-data//oui36.txt Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui36.txt /var/lib/ieee-data//oui36.txt updated. Updating /var/lib/ieee-data//iab.txt Checking permissions on /var/lib/ieee-data//iab.txt Downloading https://standards.ieee.org/develop/regauth/iab/iab.txt to /var/lib/ieee-data//iab.txt Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//iab.txt /var/lib/ieee-data//iab.txt updated. Updating /var/lib/ieee-data//oui.csv Checking permissions on /var/lib/ieee-data//oui.csv Downloading https://standards.ieee.org/develop/regauth/oui/oui.csv to /var/lib/ieee-data//oui.csv Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui.csv /var/lib/ieee-data//oui.csv updated. Updating /var/lib/ieee-data//mam.csv Checking permissions on /var/lib/ieee-data//mam.csv Downloading https://standards.ieee.org/develop/regauth/oui28/mam.csv to /var/lib/ieee-data//mam.csv Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//mam.csv /var/lib/ieee-data//mam.csv updated. Updating /var/lib/ieee-data//oui36.csv Checking permissions on /var/lib/ieee-data//oui36.csv Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.csv to /var/lib/ieee-data//oui36.csv Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui36.csv /var/lib/ieee-data//oui36.csv updated. Updating /var/lib/ieee-data//iab.csv Checking permissions on /var/lib/ieee-data//iab.csv Downloading https://standards.ieee.org/develop/regauth/iab/iab.csv to /var/lib/ieee-data//iab.csv Checking header Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//iab.csv /var/lib/ieee-data//iab.csv updated
letsencrypt magic
- apt-get install certbot
- Hostname e.g. hostname.domain.at MUSS von extern über Port 80 für Challenge/Response zur Verfügung stehen
- IP's lassen sich NICHT firewallen von let's encrypt - it's a feature :)
oot@firewall:/tmp# certbot certonly --webroot --webroot-path /var/www/letsencrypt/ -d hostname.domain.at Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): support@domain.at ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: N Obtaining a new certificate Performing the following challenges: http-01 challenge for hostname.domain.at Using the webroot path /var/www/letsencrypt for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/hostname.domain.at/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/hostname.domain.at/privkey.pem Your cert will expire on 2019-03-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@firewall:/tmp# certbot certonly --webroot --webroot-path /var/www/letsencrypt/ -d hostname.domain.at Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/hostname.domain.at.conf) What would you like to do? ------------------------------------------------------------------------------- 1: Keep the existing certificate for now 2: Renew & replace the cert (limit ~5 per 7 days) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): c Operation canceled. You may re-run the client. root@firewall:/tmp# certbot renew --quiet --post-hook "service apache2 restart" root@firewall:/tmp# echo $? 0
- Update Keysize bei rsa spezifizieren zB: 4096 bit Key : certbot renew –quiet –rsa-key-size 4096 –post-hook „service apache2 restart“
cisco land
Basics
-User-Exec-Modus (>)-> Privileged Exec Modus (#) mit enable -Hostname #-> configure terminal -> hostname foo -Bannernachricht: #->configure terminal-> banner motd #Message of the day# -Console Passwort:#-> configure terminal -> line console 0 -> password foo -> login -> end -Privilegierter Modus:#-> configure terminal -> enable secret foo -> exit -Sicherung des VTY-Leitungszugriff: configure terminal -> line vty 0 15 -> password foo -> login -> end -show startup-config / show running-config -> copy running-config startup-config -reload -erase startup-config -Switch Virtual Interface: configure terminal -> interface vlan 1 -> ip address ip netz -> no shutdown -IP Info lokale Interfaces: # show ip interface brief
- Offizielle Cisco CLI Reference (https://www.cisco.com/c/en/us/td/docs/ios/fundamentals/command/reference/cf_book.pdf) : cisco_cli_reference.pdf
- Basic Switch Configuration - direkter quota aus dem Cisco CCNA:
To configure the device name for R1, use the following commands. Router> enable Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# hostname foo foo(config)# foo(config)# enable secret class foo(config)# foo(config)# line console 0 foo(config-line)# password cisco foo(config-line)# login foo(config-line)# exit foo(config)# foo(config)# line vty 0 4 foo(config-line)# password cisco foo(config-line)# login foo(config-line)# transport input ssh telnet foo(config-line)# exit foo(config)# foo(config)# service password-encryption foo(config)# foo(config)# banner motd # foo Message # foo(config)# foo# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] foo#
- Kein DNS Lookup bei Vertippen
no ip-domain lookup
IP Assignment
- Basic IP Assignment Interfaces:
foo> enable foo# configure terminal Enter configuration commands, one per line. End with CNTL/Z. foo(config)# interface gigabitEthernet 0/0/0 foo(config-if)# description Link to LAN foo(config-if)# ip address 192.168.10.1 255.255.255.0 foo(config-if)# ipv6 address 2001:db8:acad:10::1/64 foo(config-if)# no shutdown foo(config-if)# exit foo(config)# *Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down *Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up *Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up foo(config)# foo(config)# foo(config)# interface gigabitEthernet 0/0/1 foo(config-if)# description Link to R2 foo(config-if)# ip address 209.165.200.225 255.255.255.252 foo(config-if)# ipv6 address 2001:db8:feed:224::1/64 foo(config-if)# no shutdown foo(config-if)# exit foo(config)# *Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down *Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up *Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up foo(config)#
- IPv6 Assignment and Routes:
R1(config)# interface gigabitethernet 0/0 R1(config-if)# ipv6 address 2099:ADAC:CAFE:1::1/64 (in this example Cn=99) R1(config-if)# ipv6 address FE80::1 link-local (only at the LAN-Interface) R1(config-if)# no shutdown %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up Do the same at all other Router-Interfaces (Router1 and Router2) Configure Static Routing on Router1 and Router2 Usage: Router(config)# ipv6 route <destination network> <interface> <next hop> Example: R1(config)# ipv6 route 2099:ADAC:CAFE:2::/64 g0/1 2099:ADAC:CAFE:12::2
- Routing aktivieren
router(config)#ip routing
- Default Gateway:
ip default-gateway ip-address in global configuration
- IPV6 enable: ipv6 unicast-routing
ip route To establish static routes, use the ip route command in switch configuration mode. To remove static routes, use the no form of this command. ip route prefix mask ip-address [metric-value] no ip route prefix mask ip-address Syntax Description Specifies the IP route prefix for the destination.prefix Specifies the prefix mask for the destination.mask Specifies the IP address of the next hop that can be used to reach that network.ip-address Specifies the metric of the route. The default metric is 6. Valid range is from 1–255
- Differences between svi and routed port (https://learningnetwork.cisco.com/s/question/0D53i00000KsoxbCAB/switching-routed-ports-and-switched-virtual-interfaces-svis)
SVI's support both routing and switching protocols, while routed ports do not support any layer 2 protocols (STP). An SVI is created by the interface VLAN command while a routed port by using the no switchport command in interface configuration mode.
- IPv6 Check Support
Note: The default bias template (used by the Switch Database Manager (SDM)) does not provide IPv6 address capabilities. Verify that SDM is using either the dual-ipv4-and-ipv6 template or the lanbase-routing template. The new template will be used after reboot even if the config is not saved. S1# show sdm prefer Follow these steps to assign the dual-ipv4-and-ipv6 template as the default SDM template: S1# config t S1(config)# sdm prefer dual-ipv4-and-ipv6 default S1(config)# end S1# reload
SSH Server aktivieren
- 1024 bit Key / Username Bob mit passwort cisco /
Public Keys akzeptieren , Passwort Login deaktivieren
Router# configure terminal Router(config)# hostname R1 R1(config)# ip domain name span.com R1(config)# crypto key generate rsa general-keys modulus 1024 The name for the keys will be: Rl.span.com % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Dec 13 16:19:12.079: %SSH-5-ENABLED: SSH 1.99 has been enabled R1(config)# R1(config)# username Bob secret cisco R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input ssh R1(config-line)# exit R1(config)#
netstat / Dienste deaktivieren
- Achtung Quote von Cisco
Router# show ip ports all Proto Local Address Foreign Address State PID/Program Name TCB Local Address Foreign Address (state) tcp :::443 :::* LISTEN 309/[IOS]HTTP CORE tcp *:443 *:* LISTEN 309/[IOS]HTTP CORE udp *:67 0.0.0.0:0 387/[IOS]DHCPD Receive Router# IOS versions prior to IOS-XE use the show control-plane host open-ports command. We mention this command because you may see it on older devices. The output is similar. However, notice that this older router has an insecure HTTP server and Telnet running. Both of these services should be disabled. As shown in the example, disable HTTP with the no ip http server global configuration command. Disable Telnet by specifying only SSH in the line configuration command, transport input ssh. Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN udp *:67 *:0 DHCPD Receive LISTEN Router# configure terminal Router(config)# no ip http server Router(config)# line vty 0 15 Router(config-line)# transport input ssh
physical
- Auto-Mdix enable - Cisco Example:
Device# configure terminal Device(config)# interface gigabitethernet1/0/1 Device(config-if)# mdix auto Device(config-if)# end
show / infos anzeigen
show running-config To verify the current configuration and settings show interfaces To verify the interface status and see if there are any error messages show ip interface To verify the Layer 3 information of an interface show arp To verify the list of known hosts on the local Ethernet LANs show ip route To verify the Layer 3 routing information show protocols To verify which protocols are operational show version To verify the memory, interfaces, and licences of the device
stp
- Many thanks to https://techwavehub.net/configure-stp/
- Priorität ändern (je weniger desto höher die Priorität)
Adjust Bridge Priority on Switch-01:
Set the bridge priority to influence the root bridge selection. Bridge Priority must be in increments of 4096. Lowest Priority in the topology will be elected as Root Bridge.
Allowed values for Bridge Priority :
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
Switch(config)# spanning-tree vlan <vlan_id> priority <priority>
SW-01(config)#spanning-tree vlan 1 priority 4096
- Status Spanning-Tree:
SW-01#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.6482.3125
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.BA89.CE16
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Root FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Switches-Resetten
- Passwort wurde vergeben und ist nicht mehr bekannt :(
- Auf Werkseinstellungen falls login noch möglich:
Zurücksetzen der Switch-Konfiguration
Führen Sie den Befehl oder den Befehl aus, um den Switch auf die Werkseinstellungen zurücksetzen.e rase startup-config write erase Diese Befehle löschen keine Boot-Variablen wie "config-register" oder die Boot-Einstellungen des Systems.
Sie können die Boot-Parameter des Systems mit dem Befehl boot ändern. Bei Catalyst-Switches der 4500-/4000-Serie und der 6500-/6000-Serie mit Cisco IOS Software können Sie den Wert für das Konfigurationsregister mit dem Befehl ändern. config-register
In diesem Beispiel wird ein Switch mit Cisco IOS Software über den Befehl "write erase" auf die Werkseinstellungen zurückgesetzt: write erase
Cat2950# write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
Cat2950#
Cat2950# reload
System configuration has been modified. Save? [yes/no]: n
!--- Do not save the configuration at this prompt. Otherwise, the switch !--- reloads with the current running configuration and does not reset to default.
Proceed with reload? [confirm]y
2w0d: %SYS-5-RELOAD: Reload requested
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 18:57 by antonino
WS-C2950G-12-EI starting...
!--- Output suppressed.
-> Switch off -> Switch hold Mode Button ~15 Seconds / power on -> Serial Cable flash_init -> load_helper -> rename:config.text flash:config.old boot Hi there, If you can log into it issue the following commands: wr erase del flash:vlan.dat reload If you can't login, then perform the password recovery. Attach a console lead, and during initial bootup look for the command to enter ROMMON by sending a BREAK signal. Once in ROMMON, use the following commands: flash_init load_helper rename flash:config.text flash:config.old boot cheers,
EtherChannel
- a.k.a Bonding / Trunking - mode active → LACP → IEEE 802.3ad
# interface range FastEthernet 0/1 - 2 channel-group 1 mode active .... Creating a port channel interface Port-Channel 1 exit # interface port-channel 1 # switchport mode trunk # switchport mode trunk allowed vlan 1,2,20
dhcp
- Überprüfung:
show running-config | section dhcp show ip dhcp binding show ip dhcp server statistics
- Beispiel:
(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.9 (config)# ip dhcp excluded-address 192.168.10.254 (config)# ip dhcp pool LAN-POOL-1 (dhcp-config)# network 192.168.10.0 255.255.255.0 (dhcp-config)# default-router 192.168.10.1 (dhcp-config)# dns-server 192.168.10.1 (dhcp-config)# domain-name example.com (dhcp-config)# end
Hot Standby Router Protocol (HSRP)
- standby 1 ip 10.1.10.1 → standby GRUPPE ip Virtual IP /priority höher d.h. 110 (router_01) > 101 wird bevorzugt als active
router_01# interface Ethernet1/0 description LAN ip address 10.1.10.2 255.255.255.0 standby 1 ip 10.1.10.1 standby 1 priority 110 router_02# interface Ethernet1/0 description LAN ip address 10.1.10.3 255.255.255.0 standby 1 ip 10.1.10.1 standby 1 priority 101
vlans
- router: Tagged Uplink Ports u. Layer 3 Adressen / Router am Stick bisschen wie eth0.10 ..
(config)# interface g0/0/1.10 (config-subif)# Description Foo VLAN 10 Tagged (config-subif)# encapsulation dot1Q 10 (config-subif)# ip add 192.168.10.1 255.255.255.0 (config-subif)# exit (config)# interface g0/0/1 (config-if)# Description Trunk Uplink (config-if)# no shutdown
- switch: Tagged/Trunk VLANs on switchports - nonegotiate keine magic / native das „untagged“ VLAN in dem der Uplink drinnen ist
S1(config)# Interface fa0/1 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan 99 S1(config-if)# switchport nonegotiate S1(config-if)# switchport trunk allowed vlan 10,20,30,99 S1(config-if)# end
- switch: Untagged/Access VLANS on switchports
S1# Configure terminal S1(config)# vlan 20 S1(config-vlan)# name student S1(config-vlan)# end --- S1# Configure terminal S1(config)# vlan 20 S1(config-vlan)# name student S1(config-vlan)# end -- S1# Configure terminal S1(config)# Interface fa0/18 S1(config-if)# Switchport mode access S1(config-if)# Switchport access vlan 20 S1(config-if)# end
ospf
- OSPF Basics
- Ich konfiguriere meine bekannten Netze / Router zu Router Kommunikation
R-HQ(config)#router ospf 1 (Process ID 1) R-HQ(config-router)#network 10.10.42.0 0.0.0.255 area 0 (Wildcard Maske / Subtraktion / Area Code 0) R-HQ(config-router)#network 10.200.22.0 0.0.0.255 area 0 (Wildcard Maske / Subtraktion / Area Code 0 ) R-HQ(config-router)#passive-interface g0/1 (auf diesem Interface kein Accouncement )
- Lerne Default Route durch OSPF
R-HQ(config-router)# default-information originate
packet tracer
- Show Physical Interfaces
https://networkengineering.stackexchange.com/questions/54394/how-can-the-cisco-packet-tracer-show-the-ports-name danke 6 You can set the Interface in Cisco Packet Tracer menu Options -> Preferences -> Interface, then check the Always Show Port Labels in Logical Workspace
- Abbruch bei lookup → no domain lookup und shift + F6
- IPV6 bei Switches aktivieren (ipv6 befehl nicht gefunden zB: bei SVI bei Switch) show sdm prefer / Switch(config)#sdm prefer dual-ipv4-and-ipv6 default
Switch(config)#sdm prefer dual-ipv4-and-ipv6 default Changes to the running SDM preferences have been stored, but cannot take effect until the next reload. Use 'show sdm prefer' to see what SDM preference is currently active --- Switch# %SYS-5-CONFIG_I: Configured from console by console show sdm prefer The current template is "default" template. The selected template optimizes the resources in the switch to support this level of features for 0 routed interfaces and 1024 VLANs. number of unicast mac addresses: 8K number of IPv4 IGMP groups + multicast routes: 0.25K number of IPv4 unicast routes: 0 number of IPv6 multicast groups: 0 number of directly-connected IPv6 addresses: 0 number of indirect IPv6 unicast routes: 0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.125k number of IPv4/MAC security aces: 0.375k number of IPv6 policy based routing aces: 0 number of IPv6 qos aces: 20 number of IPv6 security aces: 25 On next reload, template will be "dual-ipv4-and-ipv6 default" template. ---- reload Switch#show sdm prefer The current template is "dual-ipv4-and-ipv6 default" template. The selected template optimizes the resources in the switch to support this level of features for 0 routed interfaces and 1024 VLANs. number of unicast mac addresses: 4K number of IPv4 IGMP groups + multicast routes: 0.25K number of IPv4 unicast routes: 0 number of IPv6 multicast groups: 0.375k number of directly-connected IPv6 addresses: 0 number of indirect IPv6 unicast routes: 0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.125K number of IPv4/MAC security aces: 0.375K number of IPv6 policy based routing aces: 0 number of IPv6 qos aces: 0.625k number of IPv6 security aces: 0.125K
sed
- Regex Search and Replace alle matches e.g.
sed -E "s/REGEX_SEARCH/REPLACE/g"
firewalld
- Seit langer Zeit mal wieder auf einem Linux System mit META Firewall Sprache loving it :)
- Läuft der Firewalld Dienst: systemctl status firewalld
- Was läuft aktuell: firewall-cmd –list-all
- Welche Zones sind aktiv: firewall-cmd –get-active-zones → public
- Welche Allows sind aktiv: firewall-cmd –zone=public –list-ports / firewall-cmd –zone=public –list-services / firewall-cmd –zone=public –list-rich-rules
- Für bestimmte IP Adresse einen spezifischen Dienst erlauben: firewall-cmd –permanent –zone=public –add-rich-rule='rule family=„ipv4“ source address=„IP_SOURCE/32“ port protocol=„tcp“ port=„Number“ accept (er macht nftables rules draus im Hintergrund ..)
- Laufende Rules speichern: firewall-cmd –runtime-to-permanent
know-how/usefull_commands.txt · Zuletzt geändert: 2025/06/18 09:12 von cc