------------------------------------------- * **miscadmin** * **Jonathan Haack** * **Haack's Networking** * **netcmnd@jonathanhaack.com** ------------------------------------------- A dumping ground for basic gnulinux sysadmin and other miscellaneous notes, or //miscadmin// for short. ------------------------------------------- -Text Editors- Change the default text editor, terminal, web browser, in Debian exo-preferred-applications Some systems are not kind with exo, so ... xdg-mime default caja.desktop inode/directory application/x-gnome-saved-search Set caja or other file managers to manage desktop gsettings set org.gnome.desktop.background show-desktop-icons false gsettings set org.nemo.desktop show-desktop-icons true -motd- Create the following to make a message of the day that will be appended to the dynamic message of the day. sudo nano /etc/motd Is motd printing twice, comment out motd statis in pam setting /etc/pam.d/sshd #session optional pam_motd.so noupdate (actually it is the line above this, leave this active) Print motd with every shell log in ... nano ~/.bashrc Navigate to the end of the file, and add cat /etc/motd -Firefox- To install the latest firefox on Debian and make it default, do the following. The link below may not always work, so replace when updated. sudo mkdir -p /opt/firefox sudo chown -R $USER:$USER /opt/firefox cd ~/Downloads && wget -O FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" tar xjf FirefoxSetup.tar.bz2 -C /opt/firefox/ sudo mv /usr/lib/firefox-esr/firefox-esr /usr/lib/firefox-esr/firefox-esr_orig sudo ln -s /opt/firefox/firefox/firefox /usr/lib/firefox-esr/firefox-esr To restore firefox-esr that comes with Debian. unlink /usr/lib/firefox-esr/firefox-esr mv /usr/lib/firefox-esr/firefox-esr_orig /usr/lib/firefox-esr/firefox-esr -youtube-dl- sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl sudo chmod 750 /usr/local/bin/youtube-dl -optical ripping example- cdrecord -pad -dao -data blag-140k-i686.iso -pam hardening location- sudo nano /etc/pam.d/common-password Prevent Log in - create file /etc/nologin -old reminders- remove old and offending keyring from gnome, make new directory for new one sudo rm -rf ~/.local/share/keyrings mkdir ~/.local/share/keyrings start or stop network manager (or other services) systemctl networkmanager.service /etc/init.d/network-manager verify dhcp client working for interface eno1 dhclient -v eno1 add subnet to interface eno1 ip address add 192.1##.1##.2/24 dev eno1 interface tool w/ eno1 example ethtool eno1 interface with switch using screen screen /dev/ttyUSB0/ 19200 calculate subnet automatically subnetcalc proxying web traffic through remote server ssh -D @ get block ID of drives blkid nmap to scan devices on lan nmap -sP 10.##.##.0/24 find utils example find . -iname "name" -ngrok- ngrok notes; private http(s) tunnels ./ngrok http 80 wget https://[ngrok tunnel]/id_rsa.pub cat ~/id_rsa.pub >> ~/.ssh/authorized_keys query hosts on the lan avahi-browse -tl _workstation._tcp Debian print system configuration to stdout; use root cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a lsb_release -a lspci Debian repo management cd /etc/apt nano sources.lsit [main contrib non-free] -sftp basics- cd ~/Downloads sftp user@host.com:/path/to/sftp/directory/of/choice/ > put /path/to/file.txt -build app from source- tar -xf Navigate to the directory that tar unarchived the files to. Then, within that directory, execute: ./configure --prefix=/usr/local make sudo make install clean -using vi to scrape unnecessary text strings away from openwrt packages that need updating :1,$s/ .*// -passing traffic through wifi radio to another interface on host- sudo su -c "iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE" sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward" set a static ip using ip a a x.x.x.x. dev blah set static on wndr wan -exim delete all messages and other- exim -bp exim -Mrm exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash use this for local interfaces for ipv6 ::::0:0.0.0.0 view exim -Mvh -verifying TLS with swaks on exim4 relay setup swaks -a -tls -q HELO -s smtp.haacksnetworking.com:587 -au test -ap '<>' -mysql password- nano /etc/mysql/debian.cnf sudo mysql -u debian-sys-maint -temporary name servers - how to add some - temporary/permanent syntax below: echo "nameserver 4.2.2.1" | sudo tee /etc/resolv.conf > /dev/null echo "nameserver 4.2.2.1" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null -strip desktop environments from GUI system tasksel --list-tasks tasksel --task-packages desktop sudo apt-get purge $(tasksel --task-packages desktop) -deborphan sudo apt install deborphan sudo apt-get remove `deborphan` for i in `deborphan`; do apt-get --purge remove -y $i; done -checking ssh logs cat /var/log/auth.log | grep 'sshd.*Invalid' cat /var/log/auth.log | grep 'sshd.*opened' -checking disk space- du -ch -d 1 | sort -hr -check disk space with ncurses tool- sudo apt install ncdu ncdu -stop/start sleep of any form on servers- sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target -xorg with ssh touch /root/.Xauthority touch /home/user/.Xauthority -batch convert with ffmpeg to mp4 from mkv for i in *.mkv; do ffmpeg -i "$i" -codec copy "${i%.*}.mp4" done -fix badly configured zpool that used short names to by-id names. This command can be entered as-is, and does not need to be adjusted at all for what your specific ids are or for multiple drives. It literally exports the short names and by-ids, unmounts the volumes/pool, then remakes it using the blkid. zpool export tank zpool import -d /dev/disk/by-id tank monitor ram usage every 3 seconds in human readable way free -h -w -s 3 postfix to relay, satellite option, enter the relay like this: to prevent lookups [smtp.smtpserver.com]:587 Re-attach to screen session that's attached. screen -d -r mysqldump to local from remote ssh root@hub.haacksnetworking.org /usr/bin/mysqldump --all-databases --single-transaction --skip-comments --skip-dump-date > hknet.sqldump Turn off sleep. sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target Amd gPU errors fix mkdir ~/Repositories cd /home/user/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v Unattended Upgrades sudo apt install unattended-upgrades sudo apt install apt-config-auto-update sudo unattended-upgrades --dry-run --debug sudo systemctl status unattended-upgrades Next ... ssh failed attempts grep "Failed password" /var/log/auth.log journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure" faillock --user grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7- | sort | uniq -c Display Managers (Lightdm, etc.) sudo nano /etc/lightdm/lightdm-gtk-greeter.conf [SeatDefaults] allow-guest=false greeter-hide-users=true nano ~/.config/gtk-3.0/settings.ini [Settings] gtk-application-prefer-dark-theme=1 sudo nano /etc/lightdm/lightdm.conf cd /usr/share/lightdm/light.conf.d/ Setting ufw to allow connections to only certain subnets. ufw allow from 192.168.1.0/24 to any proto tcp port 8006 Establish NIC name using mac:ID nano /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100" --- //[[jonathan@haacksnetworking.org|oemb1905]] 2024/01/28 20:31//