Differences

This shows you the differences between two versions of the page.

--- computing:gnulinux [2018/05/17 05:24] – oemb1905
+++ computing:gnulinux [2018/05/18 08:05] (current) – removed oemb1905
@@ Line 1: / Line 1: @@
--------------------------------------------
-  * **gnulinux**
-  * **Jonathan Haack**
-  * **Haack's Networking**
-  * **netcmnd@jonathanhaack.com**
--------------------------------------------
-//Welcome to my gnulinux wiki page.  Tis page has simple and complex system administrationnotes to remind me when I forget something that I already learned!  If you are visiting, I hope you find the page useful.//
--------------------------------------------
-#**powerpc gnulinux notes; issues, installs +**
--------------------------------------------
-Making a bootable usb stick ...
-  diskutil list
-  diskutil eraseDisk <filesystemtype> <partitionname> <diskidentifier>
-  diskutil unmountDisk <diskidentifier>
-Examples
-  sudo dd if=/Volumes/Cave/Users/axes/Desktop/lubuntu.iso of=/dev/disk4 bs=1m
-  sudo dd if=/Users/me/tails-i386-1.3.iso of=/dev/rdisk9 bs=16m && sync
-Insert USB drive into PPC Mac of choice, depress command-option-o-f (open firmware)
-try usb0, usb1, usb2, etc. until it works and finds the port you used for the img
-  probe-usb
-  boot usb0/disk@1:2,\\yaboot
-  boot usb1/disk@1:2,\\yaboot
-once inside the yaboot shell, some common examples are:
-  install url=mintppc.org
-  install
-  cli
-  cli-expert
-  cli64
-  cli64-expert
--------------------------------------------
-#**wireless hardware drivers, b43 cutter +**
--------------------------------------------
-  deb http://httpredir.debian.org/debian/ wheezy main contrib non-free
-  deb http://http.debian.net/debian/ jessie main contrib non-free
-  apt-get update
-  sudo lspci
-  apt-get install firmware-b43-installer
-  apt-get install firmware-b43-lpphy-installer
-  apt-get install firmware-b43legacy-installer
-use lspci above and then visit https://wiki.debian.org/bcm43xx#supported-b43
--------------------------------------------
-#**some imaging notes**
--------------------------------------------
-convert .iso to .img syntax example
-  hdiutil convert -format UDRW -o destination_file.img source_file.iso
-  diskutil list
-  diskutil partitionDisk /dev/disk1 1 "Free Space" "unused" "100%"
-  diskutil partitionDisk /dev/disk2 GPT JHFS+ New 0b
-  dd if=[Directory/to/udrw/img] of=/dev/disk1 bs=1m
-  diskutil eject /dev/disk2
-Plug into the Intel Mac, hold option while booting, proceed w/ install
--------------------------------------------
-#**optical media ripping from command line**
--------------------------------------------
-  cdrecord -pad -dao -data blag-140k-i686.iso
--------------------------------------------
-#**security & policy information**
--------------------------------------------
-  sudo nano /etc/pam.d/common-password
-Prevent Log in - create file
-  /etc/nologin
-tcpdump common uses; monitoring traffic on network
-  tcpdump -n -i <eth0> <host> <x.x.x.x>
-  tcpdump -n -i <eth0> <port> <#>
-  tcpdump -i eth0 -nn -c 10 tcp and host <x.x.x.x>
-  tcpdump -i wlan0 port http or port smtp or port imap or port pop3 -l -A | egrep -e 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:pass |user |Referer:'
-Generate
-  sudo htpasswd -c .htpasswd username
-Syntax for .htaccess
-  AuthUserFile /private/etc/httpd/.htpasswd
-  AuthGroupFile /dev/null
-  AuthName "Members Only"
-  AuthType Basic
-  <Limit GET POST>
-  require valid-user
-  </Limit>
--------------------------------------------
-#**display managers; lightdm & gdm3**
--------------------------------------------
-  cd /usr/share/lightdm/light.conf.d/
-Global lightdm settings here
-  cd /etc/lightdm/
-  sudo nano lightdm.conf
-Lightdm ubuntu-MATE greeter and lock screen issues
-  /usr/share/common/backgrounds/ubuntu-mate-common/Ubuntu-Mate-Cold.jpg
-  /etc/lightdm/lightdm-gtk-greeter.conf
-The .conf file w/ some common sense parameters
-  [SeatDefaults]
-  allow-guest=false
-  greeter-hide-users=true
--------------------------------------------
-#**ubuntu-MATE; DE 'porting' and tweaks 2 OS**
--------------------------------------------
-  sudo apt install mate-tweak
-  cd /etc/apt/sources.list
-  sudo nano sources.list
-  <add contrib non-free to default debian repositories>
-  sudo apt update
-  sudo apt upgrade
-  sudo reboot
-  <upon reboot, begin the harvesting of ubuntu-MATE themes>
-  cd /etc/apt/sources.list
-  sudo nano sources.list
-    <in the config file you just opened add the two repos below - no braces!>
-    <deb http://us.archive.ubuntu.com/ubuntu yakkety main restricted non-free>
-    <deb http://us.archive.ubuntu.com/ubuntu yakkety universe main restricted non-free>
-  sudo apt update
-  sudo apt install ubuntu-keyring-archive
-  sudo apt update
-  sudo apt install ubuntu-mate*
-    <computer might crash during install, reboot, repeat or remove wildcard and install piecemeal>
-  sudo apt autoremove
-  cd /etc/apt/sources.list
-  sudo nano sources.list
-    <change the config file and comment out ubuntu repositories>
-    <#deb http://us.archive.ubuntu.com/ubuntu yakkety main restricted non-free>
-    <#deb http://us.archive.ubuntu.com/ubuntu yakkety universe main restricted non-free>
-  sudo apt update
-  sudo apt autoremove
-  sudo apt update
-  sudo apt upgrade
-  sudo reboot
-    <there could / will be problems when you attempt to sudo apt update - if so>
-  sudo apt update --fix-missing <may need to run with and without ubuntu repos>
-  sudo dpkg --reconfigure -a
-    <there may also be a file in var that needs removed - be careful>
-  rm -rf /var/<path/to/locked/file/from/apt/update/on/ubuntu>
--------------------------------------------
-#**mac - hardware - gnulinux requirements**
--------------------------------------------
-mac fan control; needed to ensure computer does not fry ...
-  apt-get update
-  apt-get install macfanctld
-  /etc/macfanctl.conf
-  <set desired values>
-  service macfanctld restart
--------------------------------------------
-#**openWRT Notes**
--------------------------------------------
-First, we need a router to set up openWRT on.  This tutorial uses the WNDR3800.  I set it up with openWRT as follows:
-Download the image for openWRT.  I used the following site:
-  https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/openwrt-15.05.1-ar71xx-generic-wndr3800-squashfs-factory.img
-Get on the proper subnet, and stop the network-manager from hijacking connection.  Run `ip a` to obtain your interface name, as it may not be eth0.
-  sudo systemctl stop network-manager
-  ip a a 192.168.1.105/24 dev eth0
-Put a paperclip in the reset button while device is off.  Keeping it in, turn the device on, wait for flashing green.  First, ping the router.
-  ping 192.168.1.1
-If you cannot successfully ping the router, then re-add your interface to the proper sub net and try again.  If you can, then the curl command below should work.  Wait for the router to reboot after running the curl command.
-  curl -T ~/Downloads/openwrt-15.05.1-ar71xx-generic-wndr3800-squashfs-factory.img tftp://192.168.1.1
-Now that we have openWRT on the router, we should enable https for the web admin panel.  First, verify that you completed the above steps correctly by visiting `192.168.1.1` in your web browser of choice.
-  opkg update
-  opkg install luci-ssl
-  nano /etc/config/uhttpd
-In the config file, comment out the port 80 lines to prohibit using the router with https.  Additionally, enter the parameters for the self-signed cert using the options at the bottom of the configuration file.  Once you are done, restart the service and build the cert.
-  /etc/init.d/uhttpd restart
-Now that we have https, we can begin to set up the vpn server on the WNDR.  Using the template files in the directory openvpnconfig, migrating them over to the router for ease.  If you would like this template, email me at netcmnd@jonathanhaack.com.  This is, of course, optional.  If you would like to view the default templates, rename the original files with `mv` before executing the commands below.
-  scp -r openvpnconfig root@[openwrt]:/etc/config/
-  ssh root@[openwrt]
-Simplified instructions, using the template files in the directory openvpnconfig.
-  opkg update
-  opkg install zip openvpn-easy-rsa openvpn-openssl
-  mv /etc/config/openvpnconfig/openvpn /etc/config/
-  mv /etc/easy-rsa /etc/config/openvpnconfig/
-  cd /etc/
-  ln -s config/openvpnconfig/easy-rsa ./
-  nano /etc/config/openvpnconfig/easy-rsa/vars
-  nano /etc/config/openvpnconfig/openvpnWRT.conf
-  nano /etc/config/openvpn
-  build-ca
-  build-dh <OR> sudo openssl dhparam -out /tmp/dh2048.pem 2048
-  build-key-server server
-Build your keys for testing - the template also includes a script which builds all the necessary client keys for you, and then places them in `/etc/easy-rsa/keys/` in a .zip file for easy migrating and downloading.  You can enter the command without parameters to see its syntax.
-  /etc/config/openvpnconfig/easyrsa-user-setup-openwrt.sh [username] [server.com]
-<OR> ... change the "vars" each time you need a key, and then build them manually using ...
-  nano /etc/config/openvpnconfig/easy-rsa/vars
-  pkitool [username]
-Afterwards, on each client, make sure to create a client config such as by creating a file with the following parameters:
-  nano /directory/to/keep/openvpn/keys/servername.ovpn
-  nobind
-  float
-  comp-lzo
-  dev tun
-  remote dns.com 1194 udp
-  client
-  tls-exit
-  ca ca.crt
-  cert <client>.crt
-  key <client>.key
-  remote-cert-tls server
-  mute 5
-  resolv-retry infinite
-  #explicit-exit-notify
-  keepalive 10 60
-  ping-timer-rem
-  persist-tun
-  persist-key
-  #redirect-gateway def1
-Using the luci web admin page, go to interfaces, add interface, select tun0, and set up fw zone.  Using the luci web admin page, go to firewall, traffic rules, and then specify a rule that allows incoming vpn connections on udp 1194 to device.
-Test away using the key you made two steps ago!
-  sudo openvpn location.com.ovpn
-Tweak various client config settings and match on server ... specify cipher levels and versions as such:
-  </etc/config/openvpnconfig/nameofvpnserver.conf>
-  tls-version-min 1.2
-  tls-cipher      TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-  128-GCM-SHA256
-  cipher AES-256-CBC
-Key permissions
-for everything except the private key and 600 for that ...
--------------------------------------------
-#**samba share basics**
--------------------------------------------
-  sudo apt update
-  sudo apt install samba
-  sudo adduser username
-  sudo smbpasswd -a username
-  mkdir /home/username/sharename
-  nano /etc/samba/smb.conf
-  [sharename]
-  path = /home/username/sharename
-  available = yes
-  valid users = camalas
-  read only = no
-  browseable = yes
-  public = yes
-  writable = yes
--------------------------------------------
-#**sitc**
--------------------------------------------
-start or stop network manager (or other services)
-  systemctl <start/stop/restart> networkmanager.service
-  /etc/init.d/network-manager <start/stop/restart>
-verify dhcp client working for interface eno1
-  dhclient -v eno1
-add subnet to interface eno1
-  ip address add 192.1##.1##.2/24 dev eno1
-interface tool w/ eno1 example
-  ethtool eno1
-interface with switch using screen
-  screen /dev/ttyUSB0/ 19200
-calculate subnet automatically
-  subnetcalc
-proxying web traffic through remote server
-  ssh -D <port#> <user>@<domain.com>
-get block ID of drives
-  blkid
-nmap example to get addresses of hosts / devices on lan
-  nmap -sP 10.##.##.0/24
-find utils example
-  find . -iname "<name>"
--------------------------------------------
-#**git basics**
--------------------------------------------
-git - force git to use ssh & pull / push to verify
-  git remote set-url origin git@github.com:oemb1905/haackyard-gh.git
-  git clone ssh://<user>@<##.##.##.##>/home/git .
-  git commit -am"notes inside here"
-  git pull
-  git push
--------------------------------------------
-#**nano / text editor basics**
--------------------------------------------
-  ctl-r         read -open file curr. buffer, or new in multibuffer mode, enter4new empty buffer
-  ctl-o         writeout i.e. save file
-  cctl-x         exit i.e. quit; also exits from buffer in multibuffer mode; asks writeout/save
-  ctl-g         get help/aid/assistance
-  enter, ctl-m  newline
-  bksp, ctl-h   delete previous character
-  del, ctl-d    delete current character
-  left, ctl-b   backward character
-  right, ctl-f  forward character
-  home, ctl-a   beginning of line
-  end, ctl-e    end of line
-  up, ctl-p     previous line
-  down, ctl-n   next line
-  pgup, ctl-y   previous page
-  pgdn, ctl-v   next page
-  m-space       previous word
-  ctl-space     next word
-  alt-\         beginning of file
-  alt-/         end of file
-  ctl-c         display cursor position
-  ctl-/         go i.e. jump to line and column
-  ctl-^         set/unset mark; or alt-a
-  alt-^         copy marked, or copy line if nomark; actually alt-6 i.e. do not need shift key
-  ctl-k         cut marked or cut lineifnomark or cut2end line if cut2end is enabled using
-  alt-k
-  ctl-u         paste cut or copied
-  alt-t         cut to end of file
-  ctl-w         search
-  alt-w         search again
-  alt-r         search and replace
-  alt-<         previous file buffer; actually alt-, i.e. do not need shift key
-  alt->         next file buffer; actually alt-. i.e. do not need shift key
-  alt-x         toggle bottom help display
-  alt-y         toggle color syntax hiliting;colors config via /usr/share/nano/*.nanorc files
-  alt-c         toggle cursor position display
-  alt-d         toggle dos/unix format option at writeout/save prompt
-  alt-k         toggle cut to end of line
-  ctl-t         show file list at read/open prompt
-  ctl-x         prompt for external command to execute at read/open prompt and insert output
-  ctl-z         suspend to shell; use fg to return
--------------------------------------------
-#**scripts and miscellaneous**
--------------------------------------------
-downloading scripts and executing them; example from DO
-  curl -sSL https://agent.digitalocean.com/install.sh | sh
-ngrok notes; private http(s) tunnels
-  ./ngrok http 80
-  wget https://[ngrok tunnel]/id_rsa.pub
-  cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
-query hosts on the lan
-  avahi-browse -tl _workstation._tcp
-Debian print system configuration to stdout; use root
-  cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a
-  lsb_release -a
-  lspci
-Debian repo management
-  cd /etc/apt
-  nano sources.lsit
-  [main contrib non-free]
-Uploading files to remote webservers with sftp
-  cd ~/Downloads
-  sftp user@host.com:/path/to/sftp/directory/of/choice/
-  > put /path/to/file.txt
--------------------------------------------
-#**Building From Source to Custom library Location**
--------------------------------------------
-tar -xf <source_filename>
-Navigate to the directory that tar unarchived the files to.  Then, within that directory, execute:
-  ./configure --prefix=/usr/local
-  make
-  sudo make install clean
--------------------------------------------
-#**Cacti Server Notes**
--------------------------------------------
-Installing snmpd to an embedded system and then installing cacti to a client to monitor the
-device. Additionally, this tutorial covers one way to monitor a client without an snmpd server
-running on the client machine (ping only).  The embedded OS is openWRT on a Netgear WNDR.
-  ssh -p ###### root@nameofembeddedhost
-  opkg update
-  opkg install snmpd
-  cd /etc/config
-  nano snmpd
-  /etc/init.d/snmpd enable
-  /etc/init.d/snmpd restart
-There are many customizations possible, but my colleagues recommend the minimum of changing the
-name of the public community to something indicative of the network purpose.  Additionally, it
-is also adviseable to change three fields below that refer to the physical location, ip address, and the contact email for the system administrator in charge of managing the snmp server.  Once you are done, continue to installing cacti on a network machine that will field the incoming snmp request
-  sudo apt install cacti
-I used the default recommendations, however, when cacti failed repeatedly I was forced to use the
-reconfiguration command below.  The OS I used in this case was Debian 9.2.1 Stretch.
-  sudo dpkg-reconfigure cacti
-  <Yes, rebuild database, default to other options>
-  <I chose matching MySQL pass because it failed with blank>
-At this point, cacti should work so to speak, but it will need to be configured and have its license terms accepted.  Since cacti utilizes a web server with which users may access its data, users must configure cacti within that interface.  FYI - I chose defaults, and used apache2, as follows  from within the Firefox web-browser:
-  localhost/cacti
-  <say yes to EULA, etc.>
-  <user: admin>
-  <pass: admin>
-Since cacti's web server is running, its web server page can highlight information from the snmp server that it queries information from as a client (& many other queries too!).  I would error on the side of portraying more information, not less, so consider the following configurations from within the web interface.
-  Create Devices
-  Add (upper right corner)
-  Host Template - ucd/net SNMP Host
-  Ping or SNMP
-  ICMP Ping
-  Version 2
-  <name of public community chosen must match /etc/config/snmpd>
-  <fully qualified hostname must be the external domain name or local ip>
-  <for linux devices or the cacti server itself, use local ip or 127.0.0.1, snmpd version 1>
-After it successfully creates the device, then scroll down to graphs and add them all unless you have a reason not to.  Once you do that, click return, and then select to "Place Device on a Tree" using the defaults provided.  Once that is done, go to Console, Create Graphs, select the router or host you just configured this for, and then select the box for all graphs, scroll down, select create.  Once they are created, click Console, view graphs, hit the arrow on the Tree, and select the router or host you just created these graphs for.
-During this install I had a conflict with a previously installed web server nginx, so I had to find its process and then kill it:
-  netstat -enpl
-  sudo kill -XXX PID
-After that, I restarted the web-server apache2 as follows:
-  sudo /etc/init.d/apache2 restart
--------------------------------------------
-#**Private Git Server**
--------------------------------------------
-Configure the machine that will be running the git server first.  In order, this requires creating the git user, and then creating the .ssh directory and authorized keys files, and then establishing appropriate permissions.
-  sudo adduser git
-  su - git
-  cd ~
-  mkdir .ssh && chmod 700 .ssh
-  touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
-You can add keys to authorized keys file using copy and paste, or using some bash syntax (from within the git user's shell) as follows:
-  cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
-Now, let's finish configuring the server.
-  cd /srv
-  mkdir git
-  cd git/
-  mkdir repositoryname.git
-  cd repositoryname.git/
-  git init --bare --shared
-The shared option above allows more than just the git user to write to the repository.  The users must have permissions to do so, however, so since the directories were created by the git user, one can add the user to the git group.  If you need this functionality, then on the server, make sure to execute the following command for each user:
-  sudo adduser <username> git
-The instructions below assume the clients are on the same LAN and using a directory in their home directory dedicated to git repos.  If the clients are not on the same LAN, then use openvpn to tunnel into the LAN.
-  cd ~
-  mkdir git
-  cd git/
-  git clone git@gitserver:/srv/git/repositoryname.git
-  cd repositoryname/
-  nano README
-  git commit -am"added a line to README for repository participants"
-  git push origin master
-This method has everyone using the user git in order to clone the repository, and unless tweaked will allow users shell access to the server.  To stop shell access, simply add :/bin/false to the end of the git user's entry in /etc/passwd.
-Using other user names for access / cloning will be covered in a later tutorial.
--------------------------------------------
-#**Beagle Bone Black w/ Debian**
--------------------------------------------
-To locate device if auto-mounted
-  sudo dmesg
-  umount /dev/mmcblk0p1
-Optional: use fdisk to remove the partition first before dding ...
-  sudo dd of=/dev/mmcblk0 if=/home/sexa/Downloads/bone-debian-9.2-iot-armhf-2017-10-10-4gb.img bs=1M conv=fdatasync [or && sync]
-After this, pull out SD card.  Plug back in.  Locate where it mounted, prepare to edit file to allow it to run the installer upon boot.  This is located in boot/enV.txt relative to wherever the media mounted.  Eg., cd /media/sexa/rootfs/boot/
-  cmdline=init=/opt/scripts/tools/eMMC/init-eMMC-flasher-v3.sh
-Get out of the directory asap.  then:
-  umount /dev/mmcblk0p1
-Now that the image has been turned into an installer, you may put the microSD card into the Beagle Bone (without power).
-If there is a fourth pin, usually red, do not use.  We only need input, output, and ground.
-  sudo screen <devicename> 115200
-  sudo screen /dev/ttyUSB0 115200 [Example]
-{{:computing:b1.jpg?400|}}
--------------------------------------------
-#**Screen**
--------------------------------------------
-Using ssh to tunnel to another host, and then executing screen to keep the session persistent.
-  ssh -p ### -t user@host.com screen -DRO
-Using screen with usb to serial adapter
-  sudo screen /dev/ttyUSB0 115200
-Some other common speeds are 9600, 57600, 38400, 19200
--------------------------------------------
-#**next topic**
--------------------------------------------
-git clone git@gitserver:/srv/git/project.git
--------------------------------------------
-#**virt-manager stuff**
--------------------------------------------
-Start defualt
-  sudo virsh net-start default
-Remove bridge
-  sudo ifconfig virbr0 dow
-  sudo brctl delbr virbr0
-List all
-  sudo virsh net-list --all
--------------------------------------------
-#**rsync**
--------------------------------------------
-  sudo rsync -avxHAX --progress /sourcefiles/path /backup/path
--------------------------------------------
-#**next topic**
--------------------------------------------
-  chmod 700 ~/.ssh
-  chmod 644 ~/.ssh/id_rsa.pub
-  chmod 600 ~/.ssh/id_rsa
-  chmod 755 ~/
--------------------------------------------
-#**Simple Bridge Mode Virt-Manager**
--------------------------------------------
-create it - use gui, or brctl
-sudo nano /etc/network/interfaces
-  auto br1
-  iface br1 inet dhcp
-     bridge_ports enp3s0
-     bridge_stp on
-     bridge_fd 0.0
--------------------------------------------
-#**smart tests**
--------------------------------------------
-  smartctl -t short
-  smartctl -t long
--------------------------------------------
-#**ssh with screen**
--------------------------------------------
-  ssh -t xx.xx.xx.xx screen -DRO
--------------------------------------------
-#**RAID 1 Notes**
--------------------------------------------
-The sfdisk command is not complete ... the proc shows kernel report on mirroring / syncing status ...
-  sfdisk -d | sfdisk
-  cat /proc/mdstat
-Temperamental Swap mirroring ...
-  mdadm --readwrite /dev/md1
--------------------------------------------
-#**Purism Keyboard Issue**
--------------------------------------------
-  sudo nano /etc/rc.local
-Put this in the file.
-  #!/bin/sh
-  setkeycodes 56 43
-  exit 0
-Ctrl-X, Y, Enter.
-  sudo chmod 750 /etc/rc.local
-  sudo chown root:root /etc/rc.local
-  sudo reboot
-Done - problem fixed.
--------------------------------------------
-#**Level 3 DNS & resolv.conf**
--------------------------------------------
-  sudo nano /etc/resolv.conf
-  search domain.com [local domain]
-  nameserver xx.xx.xx.xx [router]
-  nameserver 4.2.2.1
-  nameserver 4.2.2.2
-  nameserver 4.2.2.3
-  nameserver 4.2.2.4
--------------------------------------------
-#**set new origin**
--------------------------------------------
-  git remote set-url origin ssh://sexa@10.18.18.2:/srv/zion.git
--------------------------------------------
-#**next topic**
--------------------------------------------
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2018/03/15 00:23//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools