• Swapfile vergrößern

SWAP Speicher Größe um ~8GB erhöhen / falls SWAP aktuell nicht verwendet wird:

root@cacheserver:~# grep swap /etc/fstab 
/swap.img none swap sw 0 0

root@cacheserver:~# swapoff /swap.img
root@cacheserver:~# dd if=/dev/zero of=/swap.img bs=1M count=8072 oflag=append conv=notrunc
8072+0 records in
8072+0 records out
8464105472 bytes (8.5 GB, 7.9 GiB) copied, 31.7752 s, 266 MB/s
root@cacheserver:~# mkswap /swap.img 
mkswap: /swap.img: warning: wiping old swap signature.
Setting up swapspace version 1, size = 11.9 GiB (12759068672 bytes)
no label, UUID=a9a362e1-347d-4695-9f02-f18911a61da2
root@cacheserver:~# swapon /swap.img


root@cacheserver:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7834         733         159           8        6941        6725
Swap:         12167           0       12167

• Windows dynamische Datenträger zB: Software RAID lesen
• zB: Debian Buster

apt-get install ldmtool

• Getestet auf Debian Buster - in Kombination mit qemu/kvm Virtualisierung
• Ich hab einen virtuellen Gast der diverse VLANs tagged weiter geben soll an die physikalische Netzwerkkarte / In diesem Beispiel setze ich mich ins VLAN 29 mit der bridge selbst damit ich debuggen kann ob die Pakete reinkommen

Debugging Einstellungen für die VLANs:

root@mrGodfather:~# bridge vlan show dev tap144
port	vlan ids
tap144	 1 PVID Egress Untagged
	 23

VLAN Funktionalität auf der Bridge aktivieren:

ip link set dev "br-uplink" type bridge vlan_filtering 1


Der Guest selbst auf tap144 befindet sich tagged in vlan 23 - vlan 29 / aus default untagged VLAN 1 rausnehmen

root@mrGodfather:~# bridge vlan del vid 1  pvid 1 dev tap144
root@mrGodfather:~# bridge vlan add vid 23 dev tap144
root@mrGodfather:~# bridge vlan add vid 24 dev tap144
root@mrGodfather:~# bridge vlan add vid 25 dev tap144
root@mrGodfather:~# bridge vlan add vid 26 dev tap144
root@mrGodfather:~# bridge vlan add vid 27 dev tap144
root@mrGodfather:~# bridge vlan add vid 28 dev tap144
root@mrGodfather:~# bridge vlan add vid 29 dev tap144


Die Bridge selbst untagged ins VLAN 29 einbinden und aus Default VLAN 1 rausnehmen:

root@mrGodfather:~# bridge vlan del dev br-uplink vid 1 self
root@mrGodfather:~# bridge vlan add dev br-uplink vid 29 pvid untagged  self
root@mrGodfather:~# ip addr add 192.168.29.10/24 brd + dev br-uplink


Physische Bridge Config interface enp1s0f4u4 :

auto br-uplink
iface br-uplink inet manual
          bridge_ports enp1s0f4u4
          bridge_fs 0
          bridge_stp off
          bridge_maxwait 0
          up bridge vlan del vid 1  pvid 1 dev enp1s0f4u4
          up bridge vlan add vid 23 dev enp1s0f4u4
          up bridge vlan add vid 24 dev enp1s0f4u4
          up bridge vlan add vid 25 dev enp1s0f4u4
          up bridge vlan add vid 26 dev enp1s0f4u4
          up bridge vlan add vid 27 dev enp1s0f4u4
          up bridge vlan add vid 28 dev enp1s0f4u4
          up bridge vlan add vid 29 dev enp1s0f4u4

• Debian Buster working LACP

..
auto bond0
#prepare bond interfaces
iface eth0 inet manual
iface eth1 inet manual

iface bond0 inet manual
      slaves eth0 eth1
      bond_mode 802.3ad
...

• Debug: /proc/net/bonding/bond0 / mit Zyxel GS-1900 - 24 Port Desktop LACP

Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: mac
Active Aggregator Info:
	Aggregator ID: 1
	Number of ports: 2
	Actor Key: 9
	Partner Key: 1000
	Partner Mac Address: mac

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: mac
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
    system priority: 65535
    system mac address: mac
    port key: 9
    port priority: 255
    port number: 1
    port state: 61
details partner lacp pdu:
    system priority: 65535
    system mac address: mac
    oper key: 1000
    port priority: 1
    port number: 23
    port state: 61

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: mac
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
    system priority: 65535
    system mac address: mac
    port key: 9
    port priority: 255
    port number: 2
    port state: 61
details partner lacp pdu:
    system priority: 65535
    system mac address: mac
    oper key: 1000
    port priority: 1
    port number: 24
    port state: 61

• vconfig ist obsolete
• BSP: Tagged VLAN40 interface hinzufügen (Schöne neue NIC Namen , leicht zu merken in Gegensatz zu eth0,eth1,eth2 usw.. - in diesem Fall - enx00e04c365a05 :)

 ip link add link enx00e04c365a05 name vlan40 type vlan id 40

• /etc/network/interfaces zB: VLAN 10 / tagged / auf NIC eth1
• vlan-raw-device obsolete
• Getestet auf Ubuntu 18.04

...
#MANAGEMENT
auto eth1.10
iface eth1.10 inet static
      address 172.23.10.1
      netmask 255.255.255.0
..

• VLAN 10 in Action:

root@firewall:~# ifup eth1.10
root@firewall:~# ip addr ls eth1.10
10: eth1.10@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:15:5d:3e:7e:10 brd ff:ff:ff:ff:ff:ff
    inet 172.23.10.1/24 brd 172.23.10.255 scope global eth1.10
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe3e:7e10/64 scope link 
       valid_lft forever preferred_lft forever
root@firewall:~# cat /proc/net/vlan/eth1.10
eth1.10  VID: 10	 REORDER_HDR: 1  dev->priv_flags: 1021
         total frames received            0
          total bytes received            0
      Broadcast/Multicast Rcvd            0

      total frames transmitted            7
       total bytes transmitted          586
Device: eth1
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings: 

• Auf KVM Hostmaschine Partition Table erneut einlesen: partprobe

root@mrGodfather:/etc/kvm# fdisk /dev/mapper/storage-guest--mrgatekeeper--root

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xee6b3e38.

Command (m for help): p
Disk /dev/mapper/storage-guest--mrgatekeeper--root: 128 GiB, 137438953472 bytes, 268435456 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xee6b3e38

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): 

Using default response p.
Partition number (1-4, default 1): 
First sector (2048-268435455, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-268435455, default 268435455): 

Created a new partition 1 of type 'Linux' and of size 128 GiB.

Command (m for help): w
The partition table has been altered.
Failed to add partition 1 to system: Invalid argument

The kernel still uses the old partitions. The new table will be used at the next reboot. 
Syncing disks.

root@mrGodfather:/etc/kvm# apt-get install parted
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libparted2
Suggested packages:
  libparted-dev libparted-i18n parted-doc
The following NEW packages will be installed:
  libparted2 parted
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 473 kB of archives.
After this operation, 809 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.at.debian.org/debian buster/main amd64 libparted2 amd64 3.2-25 [277 kB]
Get:2 http://ftp.at.debian.org/debian buster/main amd64 parted amd64 3.2-25 [196 kB]
Fetched 473 kB in 1s (655 kB/s)
Selecting previously unselected package libparted2:amd64.
(Reading database ... 33934 files and directories currently installed.)
Preparing to unpack .../libparted2_3.2-25_amd64.deb ...
Unpacking libparted2:amd64 (3.2-25) ...
Selecting previously unselected package parted.
Preparing to unpack .../parted_3.2-25_amd64.deb ...
Unpacking parted (3.2-25) ...
Setting up libparted2:amd64 (3.2-25) ...
Setting up parted (3.2-25) ...
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for man-db (2.8.5-2) ...
root@mrGodfather:/etc/kvm# partprobe /dev/mapper/storage-guest--mrgatekeeper--root
root@mrGodfather:/etc/kvm# lsblk | grep -i mrgatekeeper
      └─storage-guest--mrgatekeeper--root              253:20   0  128G  0 lvm   
        └─storage-guest--mrgatekeeper--root1           253:21   0  128G  0 part

• CIDR IP Notationen expandieren

urnilxfgbez@mrChief:~$ prips 192.168.0.0/30
192.168.0.0
192.168.0.1
192.168.0.2
192.168.0.3

• Alternative zum Expandieren von IP Ranges:
• https://unix.stackexchange.com/questions/169098/how-to-print-a-range-of-ip-addresses-with-linux-seq-command/169100

22

Use a format:

$ seq -f "10.20.30.%g" 40 50
10.20.30.40
10.20.30.41
10.20.30.42
10.20.30.43
10.20.30.44
10.20.30.45
10.20.30.46
10.20.30.47
10.20.30.48
10.20.30.49
10.20.30.50

Unfortunately this is non-obvious as GNU doesn't like to write man pages.

• Infos über properties und Funktionen eines Objekts (https://www.codykonior.com/2013/03/26/powershell-how-to-show-all-of-an-objects-properties-and-values/)

$currentObject | Get-Member

• Hilfe für Funktion

help Funktionsname

Help Funktionsname -example

• foreach Schleife - Durchiterieren von Ergebnissen (https://www.powershelladmin.com/wiki/PowerShell_foreach_loops_and_ForEach-Object#The_foreach_Keyword)

foreach ( $currentObject in   Function_that_returns_multiple_results )
{
  $currentObject.Property 
}

• String Funktionen (https://blog.stefanrehwald.de/2013/02/19/powershell-03-strings-zerlegen-zuschneiden-teile-ausschneiden-verbinden/)

String="vorname.nachname@domain"

String.split("@")[0] -> vorname.nachname

• Datei nicht vorhanden & Datei vorhanden (ohne -Not ())

$checkFile="C:\foo.txt"

if (-NOT (Test-Path $checkFile)) 
{

}

• Modul nicht gefunden zB: ExchangeOnlineManagement
• Info: https://www.powershellgallery.com/packages/ExchangeOnlineManagement/1.0.1
• Install-Module -Name ExchangeOnlineManagement -RequiredVersion 1.0.1

PS C:\WINDOWS\system32> Install-Module -Name ExchangeOnlineManagement -RequiredVersion 1.0.1

Der NuGet-Anbieter ist erforderlich, um den Vorgang fortzusetzen.
PowerShellGet erfordert die NuGet-Anbieterversion 2.8.5.201 oder höher für die Interaktion mit NuGet-basierten
Repositorys. Der NuGet-Anbieter muss in "C:\Program Files\PackageManagement\ProviderAssemblies" oder
"C:\Users\christian.czeczil\AppData\Local\PackageManagement\ProviderAssemblies" verfügbar sein. Sie können den
NuGet-Anbieter auch durch Ausführen von 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'
installieren. Möchten Sie den NuGet-Anbieter jetzt durch PowerShellGet installieren und importieren lassen?
[J] Ja  [N] Nein  [H] Anhalten  [?] Hilfe (Standard ist "J"): j

Nicht vertrauenswürdiges Repository
Sie installieren die Module aus einem nicht vertrauenswürdigen Repository. Wenn Sie diesem Repository vertrauen, ändern
 Sie dessen InstallationPolicy-Wert, indem Sie das Set-PSRepository-Cmdlet ausführen. Möchten Sie die Module von
'PSGallery' wirklich installieren?
[J] Ja  [A] Ja, alle  [N] Nein  [K] Nein, keine  [H] Anhalten  [?] Hilfe (Standard ist "N"): J

• Achtung Powershell benutzt offenbar standardmäßig TLS1.0 - wird als obsolete betrachtet, undefinierbare Fehlermeldungen sind die Folge beim Versuch ein Modul zu installieren - kann Ziel nicht erreichen …

PS C:\Windows\system32> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
PS C:\Windows\system32> Install-Module -Name ExchangeOnlineManagement

Der NuGet-Anbieter ist erforderlich, um den Vorgang fortzusetzen.
PowerShellGet erfordert die NuGet-Anbieterversion 2.8.5.201 oder höher für die Interaktion mit NuGet-basierten
Repositorys. Der NuGet-Anbieter muss in "C:\Program Files\PackageManagement\ProviderAssemblies" oder
"C:\Users\christian.czeczil\AppData\Local\PackageManagement\ProviderAssemblies" verfügbar sein. Sie können den
NuGet-Anbieter auch durch Ausführen von 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'
installieren. Möchten Sie den NuGet-Anbieter jetzt durch PowerShellGet installieren und importieren lassen?
[J] Ja  [N] Nein  [H] Anhalten  [?] Hilfe (Standard ist "J"): j

Nicht vertrauenswürdiges Repository
Sie installieren die Module aus einem nicht vertrauenswürdigen Repository. Wenn Sie diesem Repository vertrauen, ändern
 Sie dessen InstallationPolicy-Wert, indem Sie das Set-PSRepository-Cmdlet ausführen. Möchten Sie die Module von
'PSGallery' wirklich installieren?
[J] Ja  [A] Ja, alle  [N] Nein  [K] Nein, keine  [H] Anhalten  [?] Hilfe (Standard ist "N"): j

• Ausführungsverzeichnis bei powershell Start zB: Laufwerk Z:

powershell.exe -NoExit -command "& {Set-Location Z:\}"

• Netzwerk Interface „Trust“ Level ändern / wenn zB: MAC des Gateways sich ändert

Get-NetConnectionProfile -> IndexNr des NW Interfaces

Set-NetConnectionProfile -InterfaceIndex IndexNr -NetworkCategory [Private|Public]

• https://cobbler.github.io/manuals/2.6.0/4/11_-_PXE-boot_Menu_Passwords.html
• sha512 -6 Hash inklusive SALT

openssl passwd -6 -salt 389asdkfj349 mypassword

grep and cut play  | awk '{sum += $1} END {print sum}' 

#!/bin/bash


echo -e "IP1\nIP2\nIP3" | while read line ; do  ( echo "pid_telnet=\$(ps | grep -i telnetd | head -n 1 | awk '{ print \$1 }') ; kill -9 \$pid_telnet" ; sleep 1; ) | telnet  $line ; done

• 4th line from file

sed :
$>sed -n 4p file.txt

head :
head -n 4 foo | tail -n 1

• single random entry from file

shuf -n 1 filename

• Journal Log in die Schranken weisen
• https://linuxhandbook.com/clear-systemd-journal-logs/

journalctl --vacuum-size=100M

• „Targets“ keine „runlevel“ mehr

# systemctl get-default 
multi-user.target
# systemctl set-default  graphical.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /lib/systemd/system/graphical.target.

• https://wiki.archlinux.org/title/Systemd#Targets

Get current targets

The following should be used under systemd instead of running runlevel:

$ systemctl list-units --type=target

Create custom target

The runlevels that held a defined meaning under sysvinit (i.e., 0, 1, 3, 5, and 6); have a 1:1 mapping with a specific systemd target. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd target as /etc/systemd/system/your target that takes one of the existing runlevels as a base (you can look at /usr/lib/systemd/system/graphical.target as an example), make a directory /etc/systemd/system/your target.wants, and then symlink the additional services from /usr/lib/systemd/system/ that you wish to enable.
Mapping between SysV runlevels and systemd targets
SysV Runlevel 	systemd Target 	Notes
0 	runlevel0.target, poweroff.target 	Halt the system.
1, s, single 	runlevel1.target, rescue.target 	Single user mode.
2, 4 	runlevel2.target, runlevel4.target, multi-user.target 	User-defined/Site-specific runlevels. By default, identical to 3.
3 	runlevel3.target, multi-user.target 	Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
5 	runlevel5.target, graphical.target 	Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
6 	runlevel6.target, reboot.target 	Reboot
emergency 	emergency.target 	Emergency shell
Change current target

In systemd targets are exposed via target units. You can change them like this:

# systemctl isolate graphical.target

This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as telinit 3 or telinit 5 in Sysvinit.
Change default target to boot into

The standard target is default.target, which is a symlink to graphical.target. This roughly corresponds to the old runlevel 5.

To verify the current target with systemctl:

$ systemctl get-default

To change the default target to boot into, change the default.target symlink. With systemctl:

# systemctl set-default multi-user.target

Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target -> /usr/lib/systemd/system/multi-user.target.

Alternatively, append one of the following kernel parameters to your bootloader:

    systemd.unit=multi-user.target (which roughly corresponds to the old runlevel 3),
    systemd.unit=rescue.target (which roughly corresponds to the old runlevel 1).

Default target order

Systemd chooses the default.target according to the following order:

    Kernel parameter shown above
    Symlink of /etc/systemd/system/default.target
    Symlink of /usr/lib/systemd/system/default.target

systemd components

• https://www.techwalla.com/articles/how-to-test-the-ram-on-linux

Type the command "memtester 100 5" to test the memory. Replace "100" with the size, in megabytes, of the RAM installed on the computer. Replace "5" with the number of times you want to run the test.

Type the command "echo $?" to show the exit code when you see a command prompt again. If the output is "0" the memory is working properly. The other possible outcomes are:

• proxy spezifizieren zB: chromium –proxy-server=localhost:3000

• Es konnte keine gemeinsame Krypto gefunden werden / Krypto manuell angeben:

zB:
ssh -oHostKeyAlgorithms=+diffie-hellman-group1-sha1 user@target

Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-dss

ssh -oHostKeyAlgorithms=+ssh-dss user@target

• Aus RSA Private PEM Key Public Key exportieren - im OpenSSH kompatiblen Format

ssh-keygen -f private_key -y > /tmp/pub

• SSH Port Forwarding in den Hintergrund legen und über Socket kontrollieren

Socket erstellen / Verbindung erstellen :
ssh -M -S /tmp/connection-backup-database.sock -fNT -LLOCAL_FORWARDING_PORT:HOSTNAME:REMOTE_PORT  USERNAME@SERVER 

Verbindung überprüfen:
ssh -S /tmp/connection-backup-database.sock -O check USERNAME@SERVER

Socket schließen / Verbindung beenden:
ssh -S /tmp/connection-backup-database.sock -O exit USERNAME@SERVER

• dpkg-deb -xv xtables-addons-common_3.8-2_amd64.deb /tmp/
• Achtung auf aktuellen User achten und auf das Verzeichnis zum Auspacken

• wget quiet output to stdout | apt-key add gpg key from stdin
• e.g. kali Repository (rolling release)

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add -

• check for apt-get install debian-goodies (contains checkrestart)

checkrestart | grep -i service | while read foo ; do  $foo && echo "$foo successfully restarted" ; done

• Depends on the names of the repositories should work under debian and ubuntu / security upgrades check

apt-get --dry-run dist-upgrade | grep -i security

• Install only security Updates limit Repositories to „security“

https://www.eidenschink.eu/2014/04/install-security-patches-command-line-debian-ubuntu.html

The trick is then to pass apt-get an option to read the sources from the created file like this:

apt-get upgrade -oDir::Etc::SourceList=/etc/apt/security.sources.list

• Download ONLY not actual installing

apt-get --download-only dist-upgrade

• Do not install recommended packages permanently
  • /etc/apt/apt.conf.d/30NoRecommends

APT::Install-Recommends "0";
APT::Install-Suggests "0";

• Priorities and Policies

Ok 2 Versionen verfügbar "78.15.0esr-1~deb11u1"  "91.9.0esr-1~deb11u1" 


root@mrWhiteGhost:/home/urnilxfgbez# apt-cache show firefox-esr
Package: firefox-esr
Version: 91.9.0esr-1~deb11u1
Installed-Size: 213011
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Architecture: amd64
Provides: gnome-www-browser, www-browser
Depends: libatk1.0-0 (>= 1.12.4), libc6 (>= 2.30), libcairo-gobject2 (>= 1.10.0), libcairo2 (>= 1.10.0), libdbus-1-3 (>= 1.9.14), libdbus-glib-1-2 (>= 0.78), libevent-2.1-7 (>= 2.1.8-stable), libffi7 (>= 3.3~20180313), libfontconfig1 (>= 2.12.6), libfreetype6 (>= 2.10.1), libgcc-s1 (>= 4.0), libgdk-pixbuf-2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.37.3), libgtk-3-0 (>= 3.9.14), libpango-1.0-0 (>= 1.14.0), libstdc++6 (>= 9), libvpx6 (>= 1.8.0), libx11-6, libx11-xcb1 (>= 2:1.7.2), libxcb-shm0, libxcb1, libxcomposite1 (>= 1:0.4.5), libxdamage1 (>= 1:1.1), libxext6, libxfixes3, libxrender1, zlib1g (>= 1:1.2.11.dfsg), fontconfig, procps, debianutils (>= 1.16)
Suggests: fonts-stix | otf-stix, fonts-lmodern, libgssapi-krb5-2 | libkrb53, libcanberra0, pulseaudio
Breaks: xul-ext-torbutton
Description-en: Mozilla Firefox web browser - Extended Support Release (ESR)
 Firefox ESR is a powerful, extensible web browser with support for modern
 web application technologies.
Description-md5: 88ee196fd829d9218a763b4d498a6f6a
Recommends: libavcodec58 | libavcodec-extra58 | libavcodec57 | libavcodec-extra57 | libavcodec56 | libavcodec-extra56 | libavcodec55 | libavcodec-extra55 | libavcodec54 | libavcodec-extra54 | libavcodec53 | libavcodec-extra53
Section: web
Priority: optional
Filename: pool/updates/main/f/firefox-esr/firefox-esr_91.9.0esr-1~deb11u1_amd64.deb
Size: 58682224
SHA256: dd75e58b28372989464d88de2f924a83038c89d6db6a67deddc038ce1ffd8c67

Package: firefox-esr
Version: 78.15.0esr-1~deb11u1
Installed-Size: 200097
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Architecture: amd64
Provides: gnome-www-browser, www-browser
Depends: libatk1.0-0 (>= 1.12.4), libc6 (>= 2.29), libcairo-gobject2 (>= 1.10.0), libcairo2 (>= 1.10.0), libdbus-1-3 (>= 1.9.14), libdbus-glib-1-2 (>= 0.78), libevent-2.1-7 (>= 2.1.8-stable), libffi7 (>= 3.3~20180313), libfontconfig1 (>= 2.12.6), libfreetype6 (>= 2.10.1), libgcc-s1 (>= 4.0), libgdk-pixbuf-2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.31.8), libgtk-3-0 (>= 3.0.0), libnspr4 (>= 2:4.25~), libnss3 (>= 2:3.53.1~), libpango-1.0-0 (>= 1.14.0), libstdc++6 (>= 9), libvpx6 (>= 1.8.0), libx11-6, libx11-xcb1 (>= 2:1.7.2), libxcb-shm0, libxcb1, libxcomposite1 (>= 1:0.4.5), libxdamage1 (>= 1:1.1), libxext6, libxfixes3, libxrender1, zlib1g (>= 1:1.2.11.dfsg), fontconfig, procps, debianutils (>= 1.16)
Recommends: libavcodec58 | libavcodec-extra58 | libavcodec57 | libavcodec-extra57 | libavcodec56 | libavcodec-extra56 | libavcodec55 | libavcodec-extra55 | libavcodec54 | libavcodec-extra54 | libavcodec53 | libavcodec-extra53
Suggests: fonts-stix | otf-stix, fonts-lmodern, libgssapi-krb5-2 | libkrb53, libcanberra0, libgtk2.0-0, pulseaudio
Breaks: xul-ext-torbutton
Description-en: Mozilla Firefox web browser - Extended Support Release (ESR)
 Firefox ESR is a powerful, extensible web browser with support for modern
 web application technologies.
Description-md5: 88ee196fd829d9218a763b4d498a6f6a
Tag: implemented-in::c++, interface::graphical, interface::x11,
 network::client, privacy::non-free-addons, privacy::non-free-service,
 protocol::ftp, protocol::http, role::program, scope::application,
 suite::mozilla, uitoolkit::gtk, use::browsing, web::browser,
 works-with-format::html, x11::application
Section: web
Priority: optional
Filename: pool/main/f/firefox-esr/firefox-esr_78.15.0esr-1~deb11u1_amd64.deb
Size: 55451188
MD5sum: bf0c8f1cdccb3c5fa3fb2e35e420c3b3
SHA256: d4e25277f10a22dd118f86994b2b787d232b1e1eb60416b2a1bc3e5cfac235cc


OK offenbar installiert er nicht die "91.9.0esr-1~deb11u1" sondern bleibt bei "78.15.0esr-1~deb11u1"

root@mrWhiteGhost:/home/urnilxfgbez#  apt-get install firefox-esr=91.9.0esr-1~deb11u1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  fonts-stix | otf-stix fonts-lmodern
The following packages will be upgraded:
  firefox-esr
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 58.7 MB of archives.
After this operation, 13.2 MB of additional disk space will be used.
Get:1 http://security.debian.org/debian-security bullseye-security/main amd64 firefox-esr amd64 91.9.0esr-1~deb11u1 [58.7 MB]
16% [1 firefox-esr 11.7 MB/58.7 MB 20%]^C
root@mrWhiteGhost:/home/urnilxfgbez# less /etc/apt/preferences.d/priorities 
root@mrWhiteGhost:/home/urnilxfgbez# less /etc/apt/preferences.d/priorities 
root@mrWhiteGhost:/home/urnilxfgbez# cat /etc/apt/apt.conf.d/
cat: /etc/apt/apt.conf.d/: Is a directory


OK schauen wir mal die die Priorities der Repositories gewichtet sind bzw. welche Policy ist aktiv - Version "78.15.0esr-1~deb11u1" mit Priorität "750" gewichtiger als "500"  - FAIL 

root@mrWhiteGhost:/home/urnilxfgbez# apt-cache policy firefox-esr
firefox-esr:
  Installed: 78.15.0esr-1~deb11u1
  Candidate: 78.15.0esr-1~deb11u1
  Version table:
     91.9.0esr-1~deb11u1 500
        500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages
 *** 78.15.0esr-1~deb11u1 750
        750 http://ftp.de.debian.org/debian bullseye/main amd64 Packages
        100 /var/lib/dpkg/status
root@mrWhiteGhost:/home/urnilxfgbez# vim /etc/apt/preferences.d/priorities 
root@mrWhiteGhost:/home/urnilxfgbez# apt-get update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://deb.debian.org/debian bullseye-backports InRelease                
Hit:3 http://ftp.de.debian.org/debian bullseye InRelease                       
Hit:4 http://download.virtualbox.org/virtualbox/debian bullseye InRelease      
Hit:5 http://ftp.de.debian.org/debian bullseye-updates InRelease               
Hit:6 https://updates.signal.org/desktop/apt xenial InRelease                  
Hit:7 http://dl.google.com/linux/chrome/deb stable InRelease                   
Ign:8 http://repo.vivaldi.com/stable/deb stable InRelease                      
Hit:9 http://repo.vivaldi.com/stable/deb stable Release                       
Hit:10 https://packages.microsoft.com/repos/ms-teams stable InRelease
Reading package lists... Done
root@mrWhiteGhost:/home/urnilxfgbez# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  chromium chromium-common chromium-sandbox linux-headers-amd64
  linux-image-amd64
The following packages will be upgraded:
  ffmpeg firefox-esr gzip libavcodec58 libavcodec58:i386 libavdevice58
  libavfilter7 libavformat58 libavresample4 libavresample4:i386 libavutil56
  libavutil56:i386 libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386
  libpostproc55 libpq5 libssl1.1 libssl1.1:i386 libsvn1 libswresample3
  libswresample3:i386 libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37
  libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1
  libxengnttab1 libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1
  libxentoollog1 linux-compiler-gcc-10-x86 linux-kbuild-5.10 openjdk-11-jre
  openjdk-11-jre-headless openssl qemu qemu-system-common qemu-system-data
  qemu-system-gui qemu-system-x86 qemu-utils thunderbird tzdata xz-utils
  zlib1g zlib1g:i386
52 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 203 MB of archives.
After this operation, 47.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.

OK Anpassen der Priorities / Security Repo hat Default 500 / Offenbar wurden aus historischen Gründen Anpassungen der Priorities durchgeführt - da auch testing und unstable installiert wurde

root@mrWhiteGhost:/home/urnilxfgbez# vim /etc/apt/preferences.d/priorities 

Package: *
Pin: release a=stable
Pin-Priority: 450

Package: *
Pin: release a=testing
Pin-Priority: 50

Package: *
Pin: release a=unstable
Pin-Priority: 50



root@mrWhiteGhost:/home/urnilxfgbez# apt-get update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://deb.debian.org/debian bullseye-backports InRelease                
Hit:3 http://download.virtualbox.org/virtualbox/debian bullseye InRelease      
Hit:4 http://dl.google.com/linux/chrome/deb stable InRelease                   
Hit:5 https://updates.signal.org/desktop/apt xenial InRelease                  
Hit:6 http://ftp.de.debian.org/debian bullseye InRelease                       
Hit:7 http://ftp.de.debian.org/debian bullseye-updates InRelease               
Ign:8 http://repo.vivaldi.com/stable/deb stable InRelease                      
Hit:9 http://repo.vivaldi.com/stable/deb stable Release                       
Hit:10 https://packages.microsoft.com/repos/ms-teams stable InRelease
Reading package lists... Done
root@mrWhiteGhost:/home/urnilxfgbez# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  chromium chromium-common chromium-sandbox linux-headers-amd64
  linux-image-amd64
The following packages will be upgraded:
  ffmpeg firefox-esr gzip libavcodec58 libavcodec58:i386 libavdevice58
  libavfilter7 libavformat58 libavresample4 libavresample4:i386 libavutil56
  libavutil56:i386 libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386
  libpostproc55 libpq5 libssl1.1 libssl1.1:i386 libsvn1 libswresample3
  libswresample3:i386 libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37
  libxencall1 libxendevicemodel1 libxenevtchn1 libxenforeignmemory1
  libxengnttab1 libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1
  libxentoollog1 linux-compiler-gcc-10-x86 linux-kbuild-5.10 openjdk-11-jre
  openjdk-11-jre-headless openssl qemu qemu-system-common qemu-system-data
  qemu-system-gui qemu-system-x86 qemu-utils thunderbird tzdata xz-utils
  zlib1g zlib1g:i386
52 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 203 MB of archives.
After this operation, 47.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
root@mrWhiteGhost:/home/urnilxfgbez# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  linux-headers-5.10.0-14-amd64 linux-headers-5.10.0-14-common
  linux-image-5.10.0-14-amd64 sse3-support
The following packages will be upgraded:
  chromium chromium-common chromium-sandbox ffmpeg firefox-esr gzip
  libavcodec58 libavcodec58:i386 libavdevice58 libavfilter7 libavformat58
  libavresample4 libavresample4:i386 libavutil56 libavutil56:i386
  libjavascriptcoregtk-4.0-18 liblzma5 liblzma5:i386 libpostproc55 libpq5
  libssl1.1 libssl1.1:i386 libsvn1 libswresample3 libswresample3:i386
  libswscale5 libtiff5 libtiff5:i386 libwebkit2gtk-4.0-37 libxencall1
  libxendevicemodel1 libxenevtchn1 libxenforeignmemory1 libxengnttab1
  libxenhypfs1 libxenmisc4.14 libxenstore3.0 libxentoolcore1 libxentoollog1
  linux-compiler-gcc-10-x86 linux-headers-amd64 linux-image-amd64
  linux-kbuild-5.10 openjdk-11-jre openjdk-11-jre-headless openssl qemu
  qemu-system-common qemu-system-data qemu-system-gui qemu-system-x86
  qemu-utils thunderbird tzdata xz-utils zlib1g zlib1g:i386
57 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 335 MB of archives.
After this operation, 426 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.

# cat /dev/zero | pv > /dev/sdb 
4.83GiB 0:00:18 [ 156MiB/s] [>                                 ]  0% ETA 1:55:23>

tshark -f "udp port 53" -Y "(dns.qry.type == 1 or dns.qry.type==28) and dns.flags.response == 0"

# If you want to edit the file in-place
sed -i -e 's/^/prefix/' file

perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e' < squid.log >squid.log.time

find PATH -type f -ctime -7 

• Alternative wenn inotify nicht angwandt werden kann oder watchmen / systemd changed Files logik
• e.g. alle geänderten files unter /mnt/storage/external

find /mnt/storage/external/ -type f -mmin -1

mail -a "From: <tester@test.com>" RECIPIENT_MAIL

read Mailbox:
mutt -R -f /var/spool/mail/mailbackup/

send Mails:
echo "This is the message body" | mutt -a "/path/to/file.to.attach" -s "subject of message" -- recipient@domain.com

Mutt Bounce mails to:
l limit  messages to ~f (from) regex
http://perlcode.org/tutorials/mail/mutt-bounce.txt
Mutt Search : /

b - bounce message under cursor
t - tag message under cursor

;b - bounce tagged messages
;d - delete tagged messages

http_proxy="http://IP:PORT" w3m http://URL

• show non visible characters

:set list 

• Disable auto mouse detection „i want to copy & paste like i used to“ (Debian 9)

vim /usr/share/vim/vim80/defaults.vim +69

" In many terminal emulators the mouse works just fine.  By enabling it you
" can position the cursor, Visually select and scroll with the mouse.
" if has('mouse')
"  set mouse=a
" endif

• Delete everything below line:
• https://stackoverflow.com/questions/3624345/how-to-delete-lines-below-current-line-in-vim

The delete ex command will work nicely.

:+,$d

Example:
192.168.24.0/24
ip route add 192.168.24.0/24 dev eth1 via 192.168.23.13 

IP-add/remove:
/sbin/ip addr add 10.1.1.1/24 brd + dev bond0
/sbin/ip addr del 10.1.1.1/24 dev bond0

-git status
-git diff 

Commit all changes
GIT_AUTHOR_NAME=cc GIT_AUTHOR_EMAIL=MAIL git commit -a 

Single File: 
GIT_AUTHOR_NAME=cc GIT_AUTHOR_EMAIL=MAIL git commit PATH_TO_FILE 

timeout 20s 

hping3 -p 80 -c 2 -S www.google.ca 

server:/etc/bind/zones# rndc freeze zone 
server:/etc/bind/zones# vim zone
server:/etc/bind/zones# rndc thaw zone

• Datenbank anlegen und bestimmten User für die Datenbank:

MariaDB [(none)]> create database db_name;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> CREATE USER 'userdb'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON `db_name`.* TO 'userdb'@'localhost';
Query OK, 0 rows affected (0.001 sec)

• Diverses:

Repair MYISAM database:

 myisamchk --silent --force --fast --update-state --key_buffer_size=64M --sort_buffer_size=64M --read_buffer_size=1M --write_buffer_size=1M /path/to/datadir/*/*.MYI
 
Easy safe repair:
 myisamchk -r -q tbl_name 

Change database password for  User:
mysql> update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='USER';

Solve umlaut troubles mysql:
http://blog.koehntopp.de/archives/3189-FAQ-Mein-mysqldump-zerstoert-meine-Umlaute.html
 
 Grant ACCESS:         
 GRANT ALL PRIVILEGES ON `testuser\_%` . * TO 'testuser'@'localhost';  

 MySQL Revoke u. Grant:
mysql> revoke  Trigger ON *.* from 'testdb'@'%';
Query OK, 0 rows affected (0.43 sec)

mysql> GRANT Trigger ON testdb.* to 'project'@'%';
Query OK, 0 rows affected (0.16 sec)

Tablenames case insensitive:
This depends on lower_case_table_names system variable in mysql.

Code:

mysql> SHOW GLOBAL VARIABLES LIKE 'lower_case_table_names';

If set to 0, table names are stored as specified and comparisons are case sensitive. If set to 1, table names are stored in lowercase on disk and comparisons are not case sensitive. If set to 2, table names are stored as given but compared in lowercase.

The default value is 0 on unix, 1 on windows and 2 on mac.

You can change this by specifying the option while starting mysqld (--lower-case-table-names=2 )

Change data type from column:
ALTER TABLE <table_name> MODIFY <col_name> VARCHAR(65536)

Get processlist:
database information_schema -> table processlist

If you use MySQL 5.1.7 or newer, you can use the PROCESSLIST table in the INFORMATION_SCHEMA. So you can query it with ordinary SELECT queries and apply filtering conditions in a WHERE clause.

This feature is not implemented in MySQL 5.0 and prior.


MySQL one line kill if TIME > xx
for count in $(echo "use information_schema; select ID from processlist where TIME>0" | mysql  --skip-column-names );  do echo "kill $count" | mysql; done

MySQL one line kill old:
for count in $(echo "show processlist" | mysql | awk '{ print $1 }'); do echo "kill $count" | mysql; done

MySQL determine database type:
http://stackoverflow.com/questions/1638070/how-can-i-determine-type-of-mysql-database-whether-it-is-innodb-or-myisam
show table status

find . -name '*.???.gz' -print0 | xargs -0 rm -f

Create rsa key:
openssl genrsa -out privkey.pem 2048 

Create CSR:
openssl req -new -key privkey.pem -out cert.csr

Read CSR:
openssl req -in FILE.csr -text -noout 

Create Key and CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout FILENAME.key -out FILENAME.csr

Public Key encryption
openssl rsautl -certin -encrypt -inkey publickey.pem -in foho -out encrypted.txt

SELF signed all in one:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -sha512


pkcs12 create:
openssl pkcs12 -export -in name-cert.pem -inkey private/name-key.pem -certfile cacert.pem -name "[friendly name]" -out name-cert.p12


CA Zertfifikat neu auststellen mit sha256 - Achtung Zeit muss auf die Minute genau stimmen/Serial muss auch stimmen :
openssl x509  -in ca.crt -CA ca-kombo.crt -set_serial 0xBB0844165013F013 -CAkey ca.key  -out ca-new -days 7200 -sha256

Überprüfen ob Zertifikat von bestimmter CA ausgestellt wurde:
$ openssl verify -verbose -CAfile cacert.pem  server.crt
server.crt: OK

Überprüfen ob CRL von bestimmter CA unterschrieben wurde und ok ist:
openssl crl -verify -CAfile ca.crt -in crl.pem  -noout
verify OK


Fingerprint anzeigen sha1 oder sha256:
openssl x509 -in cert.crt -noout -sha256 -fingerprint
openssl x509 -in cert.crt -noout -sha1 -fingerprint

Comodo/Sectigo S/MIME Zertifikat beantragen:
---
openssl req -new -newkey rsa:4096 -sha256 -nodes -keyout max.mustermann@pannoniait.at.key -out max.mustermann@pannoniait.at.csr - Common Name E-Mail Adresse

"Your certificate is ready for collection" E-Mail / PKCS12 File erstellen für den Import
openssl pkcs7 -in CollectCCC -inform der -outform pem -print_certs -out sectigo-collection.crt 

openssl pkcs12 -export -inkey max.mustermann@pannoniait.at.key  -in sectigo-collection.crt -name "Sectigo Certificates" -out max.mustermann@pannoniait.at.p12

-> PKCS12 File importieren mit entsprechendem Passwort
---

Aus versendetem E-Mail smime.p7s das Zertifikat exportieren:

vorher base64 -d aus mail Content - MIME Abschnitte beachten
openssl pkcs7 -inform der -outform pem -print_certs -in /tmp/smime.p7s  -out /tmp/certificates.pem

for i in *.ENDING; do command < $i 2>&1 | grep -qi 'uninitial' && echo $i; done

strlen:
echo ${#PATH} 

redirect stderr to stdout:
echo "fooo" 2>&1

As long as return Code of ping command is not 0 (e.g. success) / echo foo
while ! ping -q -W 1 -c 2 IP > /dev/null ; do echo foo ; done


Bash read file per line:
 while read test ; do echo $test ; done < test
Bash c like for loop:
for ((i=0; i<10 ; i++)) ; do echo $i; done

cat file | xargs -I{} echo {}
or:

for line in (< /path/to/file); do
    echo "Line: $line"
done


https://stackoverflow.com/questions/17368067/length-of-string-in-bash

you could even have a look at stored chars:

myvar='Généralités'
chrlen=${#myvar}
oLang=$LANG oLcAll=$LC_ALL
LANG=C LC_ALL=C
bytlen=${#myvar}
printf -v myreal "%q" "$myvar"
LANG=$oLang LC_ALL=$oLcAll
printf "%s has %d chars, %d bytes: (%s).\n" "${myvar}" $chrlen $bytlen "$myreal"

will answer:

Généralités has 11 chars, 14 bytes: ($'G\303\251n\303\251ralit\303\251s').

Nota: According to Isabell Cowan's comment, I've added setting to $LC_ALL along with $LANG.
Length of an argument

Argument work same as regular variables

strLen()


   
   https://www.thegeekstuff.com/2010/07/bash-string-manipulation/

Bash String Manipulation Examples – Length, Substring, Find and Replace
by SASIKALAon JULY 23, 2010

In bash shell, when you use a dollar sign followed by a variable name, shell expands the variable with its value. This feature of shell is called parameter expansion.

But parameter expansion has numerous other forms which allow you to expand a parameter and modify the value or substitute other values in the expansion process. In this article, let us review how to use the parameter expansion concept for string manipulation operations.

This article is part of the on-going bash tutorial series. Refer to our earlier article on bash { } expansion.
1. Identify String Length inside Bash Shell Script

${#string}

The above format is used to get the length of the given bash variable.

$ cat len.sh
#! /bin/bash

var="Welcome to the geekstuff"

echo ${#var}

$ ./len.sh
24

To understand more about bash variables, read 6 Practical Bash Global and Local Variable Examples.
2. Extract a Substring from a Variable inside Bash Shell Script

Bash provides a way to extract a substring from a string. The following example expains how to parse n characters starting from a particular position.

${string:position}

Extract substring from $string at $position

${string:position:length}

Extract $length of characters substring from $string starting from $position. In the below example, first echo statement returns the substring starting from 15th position. Second echo statement returns the 4 characters starting from 15th position. Length must be the number greater than or equal to zero.

$ cat substr.sh
#! /bin/bash

var="Welcome to the geekstuff"

echo ${var:15}
echo ${var:15:4}

$ ./substr.sh
geekstuff
geek

Also, refer to our earlier article to understand more about $*, $@, $#, $$, $!, $?, $-, $_ bash special parameters.
3. Shortest Substring Match

Following syntax deletes the shortest match of $substring from front of $string

${string#substring}

Following syntax deletes the shortest match of $substring from back of $string

${string%substring}

Following sample shell script explains the above two shortest substring match concepts.

$ cat shortest.sh
#! /bin/bash

filename="bash.string.txt"

echo ${filename#*.}
echo ${filename%.*}

$ ./shortest.sh
After deletion of shortest match from front: string.txt
After deletion of shortest match from back: bash.string

In the first echo statement substring ‘*.’ matches the characters and a dot, and # strips from the front of the string, so it strips the substring “bash.” from the variable called filename. In second echo statement substring ‘.*’ matches the substring starts with dot, and % strips from back of the string, so it deletes the substring ‘.txt’
4. Longest Substring Match

Following syntax deletes the longest match of $substring from front of $string

${string##substring}

Following syntax deletes the longest match of $substring from back of $string

${string%%substring}

Following sample shell script explains the above two longest substring match concepts.

$ cat longest.sh
#! /bin/bash

filename="bash.string.txt"

echo "After deletion of longest match from front:" ${filename##*.}
echo "After deletion of longest match from back:" ${filename%%.*}

$ ./longest.sh
After deletion of longest match from front: txt
After deletion of longest match from back: bash

In the above example, ##*. strips longest match for ‘*.’ which matches “bash.string.” so after striping this, it prints the remaining txt. And %%.* strips the longest match for .* from back which matches “.string.txt”, after striping  it returns “bash”.
5. Find and Replace String Values inside Bash Shell Script
Replace only first match

${string/pattern/replacement}

It matches the pattern in the variable $string, and replace only the first match of the pattern with the replacement.

$ cat firstmatch.sh
#! /bin/bash

filename="bash.string.txt"

echo "After Replacement:" ${filename/str*./operations.}

$ ./firstmatch.sh
After Replacement: bash.operations.txt

Replace all the matches

${string//pattern/replacement}

It replaces all the matches of pattern with replacement.

$ cat allmatch.sh
#! /bin/bash

filename="Path of the bash is /bin/bash"

echo "After Replacement:" ${filename//bash/sh}

$ ./allmatch.sh
After Replacement: Path of the sh is /bin/sh

Taking about find and replace, refer to our earlier articles – sed substitute examples and Vim find and replace.
Replace beginning and end

${string/#pattern/replacement}

Following syntax replaces with the replacement string, only when the pattern matches beginning of the $string.

${string/%pattern/replacement}

Following syntax replaces with the replacement string, only when the pattern matches at the end of the given $string.

$ cat posmatch.sh
#! /bin/bash

filename="/root/admin/monitoring/process.sh"

echo "Replaced at the beginning:" ${filename/#\/root/\/tmp}
echo "Replaced at the end": ${filename/%.*/.ksh}

$ ./posmatch.sh
Replaced at the beginning: /tmp/admin/monitoring/process.sh
Replaced at the end: /root/admin/monitoring/process.ksh

Recommended Reading


https://stackoverflow.com/questions/3173131/redirect-copy-of-stdout-to-log-file-from-within-bash-script-itself
redirect output of script itself to file


#!/usr/bin/env bash

# Redirect stdout ( > ) into a named pipe ( >() ) running "tee"
exec > >(tee -i logfile.txt)

# Without this, only stdout would be captured - i.e. your
# log file would not contain any error messages.
# SEE (and upvote) the answer by Adam Spiers, which keeps STDERR
# as a separate stream - I did not want to steal from him by simply
# adding his answer to mine.
exec 2>&1

echo "foo"
echo "bar" >&2


Delimiter String durchiterieren:
https://stackoverflow.com/questions/918886/how-do-i-split-a-string-on-a-delimiter-in-bash09CFIQ4dUDCAU&uact=5

You can set the internal field separator (IFS) variable, and then let it parse into an array. When this happens in a command, then the assignment to IFS only takes place to that single command's environment (to read ). It then parses the input according to the IFS variable value into an array, which we can then iterate over.

IFS=';' read -ra ADDR <<< "$IN"
for i in "${ADDR[@]}"; do
    # process "$i"
done

Variante 2:

urnilxfgbez@mrWhiteGhost:~$ CURRENT_IFS=$IFS
urnilxfgbez@mrWhiteGhost:~$ db="db1,db2,db4"
urnilxfgbez@mrWhiteGhost:~$ IFS=","
urnilxfgbez@mrWhiteGhost:~$ for i in $db ; do echo "Foo: $i" ; done
Foo: db1
Foo: db2
Foo: db4
urnilxfgbez@mrWhiteGhost:~$ IFS=$CURRENT_IFS
urnilxfgbez@mrWhiteGhost:~$ db2=db1,db2,db4
urnilxfgbez@mrWhiteGhost:~$ echo $db2
db1,db2,db4

Numeric Increment +1 :
urnilxfgbez@mrWhiteGhost:~$ i=5
urnilxfgbez@mrWhiteGhost:~$ ((i++))
urnilxfgbez@mrWhiteGhost:~$ echo $i
6

Numeric add +x :
urnilxfgbez@mrWhiteGhost:~$ let "i=i+5"
urnilxfgbez@mrWhiteGhost:~$ echo $i
11

==========================
https://timmurphy.org/2012/03/09/convert-a-delimited-string-into-an-array-in-bash/
String into Array

#!/bin/bash

OIFS=$IFS;
IFS="|";

animals="dog|cat|fish|squirrel|bird|shark";
animalArray=($animals);

for ((i=0; i<${#animalArray[@]}; ++i)); do     echo "animal $i: ${animalArray[$i]}"; done

IFS=$OIFS;


=================================
Parameter in Bash als Variablen übergeben / als Array definieren damit die Quotes korrekt interpretiert werden

https://serverfault.com/questions/936426/call-rsync-with-args-stored-in-a-string/936461#936461

USERNAME_SSH="foo"
SERVER_HOSTNAME="123.server.at"
TARGET_BACKUP_LOCATION_WEBSITE="/srv/backups/website/"

SSH_COMMON_OPTIONS="-o PasswordAuthentication=no -o ServerAliveInterval=120 -o ServerAliveCountMax=5 -o Compression=yes"

RSYNC_COMMON_OPTIONS="-ax --delete --relative --delete-excluded --compress --timeout=3600 --perms --chmod=u+rwX --exclude=dev/ --exclude=var/tmp/ --exclude=usr/ --exclude=sess_* --exclude=logs/*"

RSYNC_COMMON_OPTIONS_ARRAY=($RSYNC_COMMON_OPTIONS)
RSYNC_COMMON_OPTIONS_ARRAY+=(-e "ssh $SSH_COMMON_OPTIONS")

rsync "${RSYNC_COMMON_OPTIONS_ARRAY[@]}" "$USERNAME_SSH@$SERVER_HOSTNAME:/" "$TARGET_BACKUP_LOCATION_WEBSITE"

===========
Zeilenweises einlesen aus Datei liste.txt

bsp while read foo ; do youtube-dl --extract-audio --audio-format mp3  "$foo" ; done < liste.txt 

dmidecode --type 17

lsb_release -a

Show:
tc class ls dev DEVICE

iputils-arping
arping -U -I eth0 IP/Adresse

socat - unix:socketfilename

SHARE teilen/detachen:
strg+A :multiuser on ->"server"
screen -x ->client 
Ctrl+A+D for detaching the screen 

• Screen resume nicht möglich da er es als „attached“ betrachtet

# screen -r 16894
There is a screen on:
	16894.pts-0.backup	(09/01/20 11:17:52)	(Attached)
There is no screen to be resumed matching 16894.
# screen -r -d 16894

iw dev wlan0 station dump

• https://superuser.com/questions/1286244/openwrt-how-can-i-kick-a-wireless-client-from-command-line
• Achtung bei tiny Installation gibts kein hostapd_cli

The default wpad-mini package does provide the disassociate command but not the all_sta. So get the list of associated clients on card wlan1 with iwinfo wlan1 assoclist, select a MAC address and then "kick" it with (for example):

hostapd_cli disassociate -i wlan1 01:23:45:67:89:AB

Considering a client usually tries to reconnect when disconnected, this might just disconnect it for about 10s.

• Mit iw getestet auf lede 17er Edition
• Auf 4.19 Kernel (kali linux) probiert er nach ~20-30 Sekunden wieder einen reconnect

Usage:	iw [options] dev <devname> station del <MAC address> [subtype <subtype>] [reason-code <code>]

Remove the given station entry (use with caution!)
Example subtype values: 0xA (disassociation), 0xC (deauthentication)


-> iw dev wlan0 station del MAC-ADRESSE-HIER subtype 0xA

echo 1 > /sys/block/sdf/device/delete

mt -f /dev/st0 status 
mt -f /dev/st0 rewind
mt -f "$TAPE_DEV" eject

list queue:
postqueue -p

flush queue:
postqueue -f 

"release" all mails from hold queue:
postsuper -H ALL

delete all mails from queue:
postsuper -d ALL


delete all mails from hold queue:
postsuper -d ALL hold

delete all mails from deferred queue:
postsuper -D ALL deferred

mdadm --assemble /dev/md0 --run /dev/sdb1 

Degraded raid1:
$ mdadm --create /dev/md0 -l raid1 -f -n 1 /dev/sda1

(Von Wiki Thomas Krenn: https://www.thomas-krenn.com/de/wiki/RAID_Controller#Software_RAID )
SDX1 hot remove:
root@ubuntumdraidtest:~# mdadm --manage /dev/mdN -r /dev/sdX1
mdadm: hot removed /dev/sdX1 from /dev/mdN

SDX1 add:
root@ubuntumdraidtest:~# mdadm --manage /dev/mdN -a /dev/sdX1
mdadm: added /dev/sdX1

Wenn degraded und status inactive e.g.

root@mrChief:/home/urnilxfgbez# mdadm --run /dev/md127
root@mrChief:/home/urnilxfgbez# cat /proc/mdstat 

Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md127 : active (auto-read-only) raid1 sdb1[0]
      1953511936 blocks [2/1] [U_]
      bitmap: 0/15 pages [0KB], 65536KB chunk

• RAID1 erstellen

root@mrWhiteGhost:/home/urnilxfgbez# fdisk /dev/sda

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-240353279, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-240353279, default 240353279): 

Created a new partition 1 of type 'Linux' and of size 114.6 GiB.

Command (m for help): t
Selected partition 1
          
Hex code (type L to list all codes): fd
Changed type of partition 'Linux' to 'Linux raid autodetect'.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

root@mrWhiteGhost:/home/urnilxfgbez# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-240353279, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-240353279, default 240353279): 

Created a new partition 1 of type 'Linux' and of size 114.6 GiB.

Command (m for help): t 
Selected partition 1
Hex code (type L to list all codes): fd
Changed type of partition 'Linux' to 'Linux raid autodetect'.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

-----

root@mrWhiteGhost:/home/urnilxfgbez# mdadm --create /dev/md0 --level=raid1 --raid-devices=2 /dev/sda1 /dev/sdb1 
mdadm: Note: this array has metadata at the start and
    may not be suitable as a boot device.  If you plan to
    store '/boot' on this device please ensure that
    your boot-loader understands md/v1.x metadata, or use
    --metadata=0.90
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.


--- 
filesystem


root@mrWhiteGhost:/home/urnilxfgbez# mkfs.ext4 -L VAR_FS_RPI /dev/md0 
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 30027264 4k blocks and 7512064 inodes
Filesystem UUID: 1d7fa1a4-f88c-44f7-847b-4340b2f381af
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done

done

done

--

speedup
echo "100000" > /proc/sys/dev/raid/speed_limit_min

stop raid
mdadm --stop /dev/md0

configuration erstellen für startup
/usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf

• Platte austauschen im RAID md0 , Platte sdb zeigt erste Fehler , BIOS System kein UEFI

sfdisk -d /dev/sdb > /root/sfdisk_sdb_dump.txt
 mdadm --manage /dev/md0 --fail /dev/sdb2
 mdadm --manage /dev/md0 --remove /dev/sdb2
 --- Austausch --
cat /root/sfdisk_sdb_dump.txt  | sfdisk /dev/sdb
 mdadm --manage /dev/md0 --add /dev/sdb2 
 mdadm --detail /dev/md0

• PENDING SYNC resumen im RAID md1 , bei read only

root@master:~# cat /proc/mdstat 
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] 
md1 : active (auto-read-only) raid1 sdd2[1] sdc2[0]
      3906881344 blocks super 1.2 [2/2] [UU]
      	resync=PENDING
      bitmap: 30/30 pages [120KB], 65536KB chunk

md0 : active raid1 sdb2[2] sda2[0]
      1953381376 blocks super 1.2 [2/2] [UU]
      bitmap: 2/15 pages [8KB], 65536KB chunk
---

root@master:~# mdadm --readwrite /dev/md1 

---
root@master:~# cat /proc/mdstat 
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 sdd2[1] sdc2[0]
      3906881344 blocks super 1.2 [2/2] [UU]
      [>....................]  resync =  2.3% (91627072/3906881344) finish=289.3min speed=219744K/sec
      bitmap: 30/30 pages [120KB], 65536KB chunk

md0 : active raid1 sdb2[2] sda2[0]
      1953381376 blocks super 1.2 [2/2] [UU]
      bitmap: 2/15 pages [8KB], 65536KB chunk

unused devices: <none>

• In Rescue System grml RAID Volumes „aktivieren“ (/proc/mdstat)

mdadm --assemble --scan

• Bei extrem schlechter Upload Bandbereite / Hohe Kompression und Zlib like Kompression einsetzen

xtightvncviewer -compresslevel 9 -encoding Tight TARGET

• Bei Port Forwarding durch SSH Sitzung - Bandbreite grundsätzlich ok

xvncviewer -encoding Hextile localhost

ethtool -p ethx

prevent arp replies on different NICs
zB: echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter

ldapsearch -h SERVER -D 'CN=Administrator,CN=Users,DC=DOMAIN,DC=local' -x -W -b 'DC=DOMAIN,DC=local' '(&(ATTRIBUTE=1)(objectCategory=Person))' dn ATTRIBUTE

download all files directory listening with ending .exe:
 wget -q -rl 1 -nd "http://PATH" -A*.exe

Change keyboard layout:
sudo dpkg-reconfigure console-setup

wbinfo - Query information from winbind daemon

root# net ads join -UAdministrator%password
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

make kernel module loadable
depmod -a  program to generate modules.dep and map filesi

http://www.thegeekstuff.com/2010/02/unix-less-command-10-tips-for-effective-navigation/

& -> matches only

:n – go to the next file.
:p – go to the previous file.
G – go to the end of file
g – go to the start of file

• https://wiki.gentoo.org/wiki/Ddrescue

Disk to image

In this scenario the disk drive /dev/sdb is about to fail and we want to create an exact copy in the form of an image.

First, copy every block without read error and log the errors to /root/rescue.log.
Note
This requires at least as much disk space as the size of the failing disk drive.
root #ddrescue -f -n /dev/sdb /root/sdb_rescue.img /root/rescue.log

-f 
    Force ddrescue to run even if the destination file already exists.
-n 
    Skip the splitting phase to avoid spending a lot of time trying to rescue the most difficult parts of a file.

Second, copy only the bad blocks and try 3 times to read from the source before giving up:
root #ddrescue -d -f -r3 /dev/sdb /root/sdb_rescue.img /root/rescue.log

-d
    Use direct access to the drive and skip any cache.
-rN
    Try N times to rescue the block.

Now the image can be mounted as loop device and the file system checked for corruption.
Note
It can be helpful to not retry at all in cases where the USB controller disconnects the drive if certain blocks are read. Here you may want to skip any errored block.

• Boot von externem Medium zB: grml (https://grml.org/download/)
• Mount der Dateisystem für chroot / Achtung bind mount auch für /run (!)

mount -t proc none proc
mount -t sysfs none sys
mount -o bind /dev dev/
mount -o bind /dev/pts dev/pts
mount -o bind /run run/
chroot ./  /bin/bash

• Empfehlung falls lvm_volume ROOT von einer virtuellen Maschine über kvm - vorher herunterfahren!
• Verkleinert direkt darunter liegendes Filesystem + LVM - getestet auf Debian stretch

# lvresize --size 150G --resizefs /dev/mapper/lvm_volume

• LVM Resize - erweitern:

lvresize -L+500G /dev/mapper/foo-lvm

• LVM Logical Volume anlegen:

lvcreate -n name-lvm  -L500G volume-group

• LVM Snapshots:

lvcreate -L <LV size> -s -n <snapshot name> /dev/<VG name>/<LV name>
lvremove /dev/<VG name>/<snapshot name>

• LVM Snapshots - Beispiele um an Filesystem zu kommen (offset mount - 2048*512, oder kpartx)

root@mrGodfather:/mnt# lvcreate  -L200M -s -n guest-mrscanner-root-snapshot /dev/mapper/mrGodfather-guest--mrscanner--root 
  Logical volume "guest-mrscanner-root-snapshot" created.
root@mrGodfather:/mnt# kpartx -av /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot
add map mrGodfather-guest--mrscanner--root--snapshot1 (253:22): 0 136312832 linear 253:21 2048
root@mrGodfather:/mnt# mount -o ro /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot1 /mnt/tmp
root@mrGodfather:/mnt# ls -al /mnt/tmp/
total 2097308
drwxr-xr-x  22 root root       4096 Jul 24 06:39 .
drwxr-xr-x   5 root root       4096 Mar 10  2018 ..
drwxr-xr-x   2 root root       4096 Jul  5 06:53 bin
drwxr-xr-x   3 root root       4096 Jul 25 06:47 boot
drwxr-xr-x   2 root root       4096 Mar 23  2016 dev
drwxr-xr-x 111 root root      12288 Aug  1 06:08 etc
drwxr-xr-x   2 root root       4096 Mar 23  2016 home
lrwxrwxrwx   1 root root         33 Jul 24 06:39 initrd.img -> boot/initrd.img-4.15.0-55-generic
lrwxrwxrwx   1 root root         33 Jul 24 06:39 initrd.img.old -> boot/initrd.img-4.15.0-54-generic
drwxr-xr-x  20 root root       4096 May 21 12:18 lib
drwxr-xr-x   2 root root       4096 May 21 11:59 lib64
drwx------   2 root root      16384 Mar  8  2016 lost+found
drwxr-xr-x   3 root root       4096 Mar  8  2016 media
drwxr-xr-x   2 root root       4096 Jun 25  2018 mnt
drwxr-xr-x   2 root root       4096 Feb 18  2016 opt
dr-xr-xr-x   2 root root       4096 Mar 23  2016 proc
drwx------   7 root root       4096 Aug  9 01:12 root
drwxr-xr-x   3 root root       4096 Oct 19  2016 run
drwxr-xr-x   2 root root      12288 May 21 12:21 sbin
drwxr-xr-x   2 root root       4096 Feb 18  2016 srv
-rw-rw----   1 root root 2147483648 Mar 18  2016 swap.img
dr-xr-xr-x   2 root root       4096 Mar 23  2016 sys
drwxrwxrwt  11 root root      40960 Aug 13 09:45 tmp
drwxr-xr-x  10 root root       4096 Mar  8  2016 usr
drwxr-xr-x  13 root root       4096 Oct 19  2016 var
lrwxrwxrwx   1 root root         30 Jul 24 06:39 vmlinuz -> boot/vmlinuz-4.15.0-55-generic
lrwxrwxrwx   1 root root         30 Jul 24 06:39 vmlinuz.old -> boot/vmlinuz-4.15.0-54-generic
root@mrGodfather:/mnt# umount /mnt/tmp/
root@mrGodfather:/mnt# kpartx -dv /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot
del devmap : mrGodfather-guest--mrscanner--root--snapshot1
root@mrGodfather:/mnt# fdisk /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): p
Disk /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot: 70 GiB, 75161927680 bytes, 146800640 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xe7f8c045

Device                                                         Boot Start       End   Sectors Size Id Type
/dev/mapper/mrGodfather-guest--mrscanner--root--snapshot-part1       2048 136314879 136312832  65G 83 Linux

Command (m for help): q

root@mrGodfather:/mnt# mount -o ro,offset=1048576 /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot /mnt/tmp
root@mrGodfather:/mnt# ls -al /mnt/tmp/
total 2097308
drwxr-xr-x  22 root root       4096 Jul 24 06:39 .
drwxr-xr-x   5 root root       4096 Mar 10  2018 ..
drwxr-xr-x   2 root root       4096 Jul  5 06:53 bin
drwxr-xr-x   3 root root       4096 Jul 25 06:47 boot
drwxr-xr-x   2 root root       4096 Mar 23  2016 dev
drwxr-xr-x 111 root root      12288 Aug  1 06:08 etc
drwxr-xr-x   2 root root       4096 Mar 23  2016 home
lrwxrwxrwx   1 root root         33 Jul 24 06:39 initrd.img -> boot/initrd.img-4.15.0-55-generic
lrwxrwxrwx   1 root root         33 Jul 24 06:39 initrd.img.old -> boot/initrd.img-4.15.0-54-generic
drwxr-xr-x  20 root root       4096 May 21 12:18 lib
drwxr-xr-x   2 root root       4096 May 21 11:59 lib64
drwx------   2 root root      16384 Mar  8  2016 lost+found
drwxr-xr-x   3 root root       4096 Mar  8  2016 media
drwxr-xr-x   2 root root       4096 Jun 25  2018 mnt
drwxr-xr-x   2 root root       4096 Feb 18  2016 opt
dr-xr-xr-x   2 root root       4096 Mar 23  2016 proc
drwx------   7 root root       4096 Aug  9 01:12 root
drwxr-xr-x   3 root root       4096 Oct 19  2016 run
drwxr-xr-x   2 root root      12288 May 21 12:21 sbin
drwxr-xr-x   2 root root       4096 Feb 18  2016 srv
-rw-rw----   1 root root 2147483648 Mar 18  2016 swap.img
dr-xr-xr-x   2 root root       4096 Mar 23  2016 sys
drwxrwxrwt  11 root root      40960 Aug 13 09:45 tmp
drwxr-xr-x  10 root root       4096 Mar  8  2016 usr
drwxr-xr-x  13 root root       4096 Oct 19  2016 var
lrwxrwxrwx   1 root root         30 Jul 24 06:39 vmlinuz -> boot/vmlinuz-4.15.0-55-generic
lrwxrwxrwx   1 root root         30 Jul 24 06:39 vmlinuz.old -> boot/vmlinuz-4.15.0-54-generic
root@mrGodfather:/mnt# umount /mnt/tmp/
root@mrGodfather:/mnt# lvremove /dev/mapper/mrGodfather-guest--mrscanner--root--snapshot 
Do you really want to remove active logical volume mrGodfather/guest-mrscanner-root-snapshot? [y/n]: y
  Logical volume "guest-mrscanner-root-snapshot" successfully removed

• LVM anzeigen volume groups / logical volumes:

vgdisplay
vgs
lvs

• Physical Volume in Volume Group durch neues Physical Volume austauschen wenn zB: die Platte größer wird (altes PV /dev/mapper/md126_crypted , neues PV /dev/mapper/md128_crypted , Volume Group storage

Vorher wurde RAID1 md Device erstellt und über cryptsetup formatiert (luksFormat) und geöffnet (luksOpen) , /dev/mapper/md128 repräsentiert das "zugriffsfähige" Blockdevice, das nun als Physical Volume erstellt wird

pvcreate /dev/mapper/md128_crypted



vgextend storage /dev/mapper/md128_crypted


root@mrGodfather:~# pvs
  PV                          VG          Fmt  Attr PSize  PFree
  /dev/mapper/md126_crypted   storage     lvm2 a--  <3.64t <411.89g
  /dev/mapper/md128_crypted   storage     lvm2 a--  <6.99t   <6.99t

root@mrGodfather:~# pvmove -b --atomic /dev/mapper/md126_crypted /dev/mapper/md128_crypted



root@mrGodfather:~# lvs -a -o+devices
  LV                                 VG          Attr       LSize   Pool Origin Data%  Meta%  Move                      ...
   guest-mrstorage-storage            storage     -wI-a-----   3.00t                                                                          pvmove0(0)                             
  guest-mrstorage-storage            storage     -wI-a-----   3.00t                                                                          pvmove0(0)                             
  [pvmove0]                          storage     p-C-aom---  <3.24t                           /dev/mapper/md126_crypted     1.00             pvmove0_mimage_0(0),pvmove0_mimage_1(0)
...


root@mrGodfather:~# pvs
  PV                          VG          Fmt  Attr PSize  PFree 
  /dev/mapper/md126_crypted   storage     lvm2 a--  <3.64t <3.64t
  /dev/mapper/md128_crypted   storage     lvm2 a--  <6.99t <3.75t
root@mrGodfather:~# vgreduce storage /dev/mapper/md126_crypted 
  Removed "/dev/mapper/md126_crypted" from volume group "storage"
root@mrGodfather:~# pvremove /dev/mapper/md126_crypted 
  Labels on physical volume "/dev/mapper/md126_crypted" successfully wiped.


-> check /etc/crypttab !
-> check /etc/mdadm/mdadm.conf

• Physical Disk /dev/md1 zu Volume group „master“ hinzufügen

root@master:~# pvcreate /dev/md1 
  Physical volume "/dev/md1" successfully created.
  --- Volume group ---
  VG Name               master
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  11
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                6
  Open LV               5
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1.82 TiB
  PE Size               4.00 MiB
  Total PE              476899
  Alloc PE / Size       403384 / 1.54 TiB
  Free  PE / Size       73515 / 287.17 GiB
  VG UUID               foo-123
   
root@master:~# vgextend master /dev/md1 
  Volume group "master" successfully extended

root@master:~# vgdisplay 
  --- Volume group ---
  VG Name               master
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  12
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                6
  Open LV               5
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               5.46 TiB
  PE Size               4.00 MiB
  Total PE              1430727
  Alloc PE / Size       403384 / 1.54 TiB
  Free  PE / Size       1027343 / 3.92 TiB
  VG UUID               foo-123
  
  
  root@master:~# vgscan 
  Reading volume groups from cache.
  Found volume group "master" using metadata type lvm2
root@master:~# pvscan 
  PV /dev/md0   VG master          lvm2 [1.82 TiB / 287.17 GiB free]
  PV /dev/md1   VG master          lvm2 [3.64 TiB / 3.64 TiB free]
  Total: 2 [5.46 TiB] / in use: 2 [5.46 TiB] / in no VG: 0 [0   ]
  
  

• Extends von /dev/md0 auf /dev/md1 auf Volume Group „master“ / nur LVM guest-file-storage verschieben / damit Storage ausschließlich durch /dev/md1 gehandeled wird und der Rest auf /dev/md0

root@master:~# pvs
  PV         VG     Fmt  Attr PSize PFree
  /dev/md0   master lvm2 a--  1.82t    0
  /dev/md1   master lvm2 a--  3.64t 2.94t
root@master:~# lvs
  LV                 VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  ....
  guest-file-storage master -wi-ao----   1.95t
  ....
root@master:~# pvmove -n guest-file-storage /dev/md0 /dev/md1
  /dev/md0: Moved: 0.00%

  /dev/md0: Moved: 0.16%
  /dev/md0: Moved: 0.31%
  /dev/md0: Moved: 0.47%
   ....
    /dev/md0: Moved: 99.88%
  /dev/md0: Moved: 100.00%
root@master:~#
root@master:~# lvs
  LV                 VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  guest-file-storage master -wi-ao----   1.95t                                                    
                                             
root@master:~# pvs
  PV         VG     Fmt  Attr PSize PFree
  /dev/md0   master lvm2 a--  1.82t 1.26t
  /dev/md1   master lvm2 a--  3.64t 1.69t

  

• Rescue Boot volume group aktivieren

müssen das Volume grundsätzlich anzeigen:
lvs / lvdisplay 
pvdisplay / pvs
vgs /vgdisplay 

aktivieren aller erkannten volume groups:
vgchange -a y

• Beispiel für eine „pipe“ in PHP bei Skriptaufruf

...
#!/usr/bin/php
<?php

#Pipe Username\n and Password\n to php
$auth_data = file("php://stdin");


if(count($auth_data) != 2)
{
	exit(1);
}



$USERNAME=trim($auth_data[0]);
$PASSWORD=trim($auth_data[1]);

...

• glob mit oder „pattern“
• https://stackoverflow.com/questions/38899453/how-to-define-multiple-patterns-in-php-glob

You can use the GLOB_BRACE constant

    GLOB_BRACE - Expands {a,b,c} to match 'a', 'b', or 'c'

e.g.

$dirname = 'uploads/';
glob("$dirname*.{png,jpeg,jpg,gif}", GLOB_BRACE);

See: http://php.net/manual/en/function.glob.php

• Konvertieren von RAW nach VDI (VirtualBox)

 qemu-img convert -f raw -O vdi develop-firewall-debian.img develop-firewall-debian.vdi  

• Oder von VDI nach RAW (offenbar gibts eine auto detection)

 qemu-img convert openwrt-develop-disk1.vdi -O raw openwrt-develop1.vdi.raw

• Nested virualisierung des is nice - nasty virtualization :)
• Quote von: https://www.kernel.org/doc/html/v5.7/virt/kvm/running-nested-guests.html - Achunt in Debian Buster noch nicht per Default aktiv

..nabling “nested” (x86)

From Linux kernel v4.19 onwards, the nested KVM parameter is enabled by default for Intel and AMD. (Though your Linux distribution might override this default.)

In case you are running a Linux kernel older than v4.19, to enable nesting, set the nested KVM module parameter to Y or 1. To persist this setting across reboots, you can add it in a config file, as shown below:

    On the bare metal host (L0), list the kernel modules and ensure that the KVM modules:

    $ lsmod | grep -i kvm
    kvm_intel             133627  0
    kvm                   435079  1 kvm_intel

    Show information for kvm_intel module:

    $ modinfo kvm_intel | grep -i nested
    parm:           nested:bool

    For the nested KVM configuration to persist across reboots, place the below in /etc/modprobed/kvm_intel.conf (create the file if it doesn’t exist):

    $ cat /etc/modprobe.d/kvm_intel.conf
    options kvm-intel nested=y

    Unload and re-load the KVM Intel module:

    $ sudo rmmod kvm-intel
    $ sudo modprobe kvm-intel

    Verify if the nested parameter for KVM is enabled:

    $ cat /sys/module/kvm_intel/parameters/nested
    Y

For AMD hosts, the process is the same as above, except that the module name is kvm-amd.

• Reset Root Password / Debugging
• Im Grub Menue beim Bootvorgang → e → Kernel Paramter init=/bin/bash (Achtung englische Tastatur ´ ⇒ = )
• Fortsetzen des Bootvorgangs nach erfolgtem Edit → exec /sbin/init
• https://www.linuxquestions.org/questions/linux-general-1/shutting-down-after-init%3D-bin-bash-440509/

Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
	
Quote:
Originally Posted by bts145 View Post
First you must activate the magic SysRq option:

echo 1 > /proc/sys/kernel/sysrq

When you are ready to reboot the machine simply run the following:

echo b > /proc/sysrq-trigger


http://www.linuxjournal.com/content/rebooting-magic-way


oder

the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc).

• Achtung Quote aus den man files:

..
(And where security is truly important, use  strong  en‐
              cryption  such  as Pretty Good Privacy instead of the relatively
              weak standard encryption provided by zipfile utilities.)
..

• zip Encrypt cli:

urnilxfgbez@mrWhiteGhost:/tmp$ zip -e archivename.zip file1.odt file2.odt  
Enter password: 
Verify password: 
  adding: file1.odt (deflated 3%)
  adding: file2.odt (deflated 4%)

• Set Time to Europe/Vienna
• via link manually

ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime

• via timedatectl

root@mrWhiteGhost:/home/urnilxfgbez# timedatectl set-timezone Europe/Vienna
root@mrWhiteGhost:/home/urnilxfgbez# timedatectl 
               Local time: Fri 2020-07-24 10:18:24 CEST
           Universal time: Fri 2020-07-24 08:18:24 UTC
                 RTC time: Fri 2020-07-24 08:18:23
                Time zone: Europe/Vienna (CEST, +0200)
System clock synchronized: no
              NTP service: n/a
          RTC in local TZ: no

• Lookup e.g. echo „b0:5c:da:11:22:33“ | cut -s -d':' -f1,2,3 –output-delimiter='-' | grep -i -f - /var/lib/ieee-data/*.txt | awk '{ $1=$2=„“; print $0 }'
• Achtung Abhängig vom Alter des ieee-data Pakets könnten sich die Links schon geändert haben - aktuell für MAC Vendor : http://standards-oui.ieee.org/oui.txt

Update IEEE data:
 apt-get install ieee-data
 update-ieee-data


WARNING: tempfile is deprecated; consider using mktemp instead.
Updating /var/lib/ieee-data//oui.txt
	Checking permissions on /var/lib/ieee-data//oui.txt
	Downloading https://standards.ieee.org/develop/regauth/oui/oui.txt to /var/lib/ieee-data//oui.txt

	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui.txt
	/var/lib/ieee-data//oui.txt updated.
Updating /var/lib/ieee-data//mam.txt
	Checking permissions on /var/lib/ieee-data//mam.txt
	Downloading https://standards.ieee.org/develop/regauth/oui28/mam.txt to /var/lib/ieee-data//mam.txt
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//mam.txt
	/var/lib/ieee-data//mam.txt updated.
Updating /var/lib/ieee-data//oui36.txt
	Checking permissions on /var/lib/ieee-data//oui36.txt
	Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.txt to /var/lib/ieee-data//oui36.txt
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui36.txt
	/var/lib/ieee-data//oui36.txt updated.
Updating /var/lib/ieee-data//iab.txt
	Checking permissions on /var/lib/ieee-data//iab.txt
	Downloading https://standards.ieee.org/develop/regauth/iab/iab.txt to /var/lib/ieee-data//iab.txt
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//iab.txt
	/var/lib/ieee-data//iab.txt updated.
Updating /var/lib/ieee-data//oui.csv
	Checking permissions on /var/lib/ieee-data//oui.csv
	Downloading https://standards.ieee.org/develop/regauth/oui/oui.csv to /var/lib/ieee-data//oui.csv
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui.csv
	/var/lib/ieee-data//oui.csv updated.
Updating /var/lib/ieee-data//mam.csv
	Checking permissions on /var/lib/ieee-data//mam.csv
	Downloading https://standards.ieee.org/develop/regauth/oui28/mam.csv to /var/lib/ieee-data//mam.csv
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//mam.csv
	/var/lib/ieee-data//mam.csv updated.
Updating /var/lib/ieee-data//oui36.csv
	Checking permissions on /var/lib/ieee-data//oui36.csv
	Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.csv to /var/lib/ieee-data//oui36.csv
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//oui36.csv
	/var/lib/ieee-data//oui36.csv updated.
Updating /var/lib/ieee-data//iab.csv
	Checking permissions on /var/lib/ieee-data//iab.csv
	Downloading https://standards.ieee.org/develop/regauth/iab/iab.csv to /var/lib/ieee-data//iab.csv
	Checking header
	Temporary location /tmp/ieee-data_E4Qc5H to be moved to /var/lib/ieee-data//iab.csv
	/var/lib/ieee-data//iab.csv updated

• apt-get install certbot
• Hostname e.g. hostname.domain.at MUSS von extern über Port 80 für Challenge/Response zur Verfügung stehen
• IP's lassen sich NICHT firewallen von let's encrypt - it's a feature :)

oot@firewall:/tmp# certbot certonly --webroot --webroot-path /var/www/letsencrypt/ -d hostname.domain.at
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): support@domain.at

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hostname.domain.at
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hostname.domain.at/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hostname.domain.at/privkey.pem
   Your cert will expire on 2019-03-19. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@firewall:/tmp# certbot certonly --webroot --webroot-path /var/www/letsencrypt/ -d hostname.domain.at
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/hostname.domain.at.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): c
Operation canceled. You may re-run the client.
root@firewall:/tmp# certbot renew --quiet --post-hook "service apache2 restart"
root@firewall:/tmp# echo $?
0

• Regex Search and Replace alle matches e.g.

sed -E "s/REGEX_SEARCH/REPLACE/g"