This is an old revision of the document!
- gnulinux
- Jonathan Haack
- Haack's Networking
- netcmnd@jonathanhaack.com
Welcome to my gnulinux wiki page. Tis page has simple and complex system administrationnotes to remind me when I forget something that I already learned! If you are visiting, I hope you find the page useful.
#optical media ripping from command line
cdrecord -pad -dao -data blag-140k-i686.iso
#security & policy information
sudo nano /etc/pam.d/common-password
Prevent Log in - create file
/etc/nologin
tcpdump common uses; monitoring traffic on network
tcpdump -n -i <eth0> <host> <x.x.x.x> tcpdump -n -i <eth0> <port> <#> tcpdump -i eth0 -nn -c 10 tcp and host <x.x.x.x> tcpdump -i wlan0 port http or port smtp or port imap or port pop3 -l -A | egrep -e 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:pass |user |Referer:'
Generate
sudo htpasswd -c .htpasswd username
Syntax for .htaccess
AuthUserFile /private/etc/httpd/.htpasswd AuthGroupFile /dev/null AuthName "Members Only" AuthType Basic
<Limit GET POST> require valid-user </Limit>
#display managers; lightdm & gdm3
cd /usr/share/lightdm/light.conf.d/
Global lightdm settings here
cd /etc/lightdm/ sudo nano lightdm.conf
Lightdm ubuntu-MATE greeter and lock screen issues
/usr/share/common/backgrounds/ubuntu-mate-common/Ubuntu-Mate-Cold.jpg /etc/lightdm/lightdm-gtk-greeter.conf
The .conf file w/ some common sense parameters
[SeatDefaults] allow-guest=false greeter-hide-users=true
#mac - hardware - gnulinux requirements
mac fan control; needed to ensure computer does not fry …
apt-get update apt-get install macfanctld /etc/macfanctl.conf <set desired values> service macfanctld restart
#samba share basics
sudo apt update sudo apt install samba sudo adduser username sudo smbpasswd -a username mkdir /home/username/sharename nano /etc/samba/smb.conf [sharename] path = /home/username/sharename available = yes valid users = camalas read only = no browseable = yes public = yes writable = yes
#miscellaneous sysadmin easy
start or stop network manager (or other services)
systemctl <start/stop/restart> networkmanager.service /etc/init.d/network-manager <start/stop/restart>
verify dhcp client working for interface eno1
dhclient -v eno1
add subnet to interface eno1
ip address add 192.1##.1##.2/24 dev eno1
interface tool w/ eno1 example
ethtool eno1
interface with switch using screen
screen /dev/ttyUSB0/ 19200
calculate subnet automatically
subnetcalc
proxying web traffic through remote server
ssh -D <port#> <user>@<domain.com>
get block ID of drives
blkid
nmap to scan devices on lan
nmap -sP 10.##.##.0/24
find utils example
find . -iname "name"
#scripts and miscellaneous
downloading scripts and executing them; example from DO
curl -sSL https://agent.digitalocean.com/install.sh | sh
ngrok notes; private http(s) tunnels
./ngrok http 80 wget https://[ngrok tunnel]/id_rsa.pub cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
query hosts on the lan
avahi-browse -tl _workstation._tcp
Debian print system configuration to stdout; use root
cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a lsb_release -a lspci
Debian repo management
cd /etc/apt nano sources.lsit [main contrib non-free]
Uploading files to remote webservers with sftp
cd ~/Downloads sftp user@host.com:/path/to/sftp/directory/of/choice/ > put /path/to/file.txt
#Building From Source to Custom library Location
tar -xf <source_filename>
Navigate to the directory that tar unarchived the files to. Then, within that directory, execute:
./configure --prefix=/usr/local make sudo make install clean
#Cacti Server Notes
Installing snmpd to an embedded system and then installing cacti to a client to monitor the device. Additionally, this tutorial covers one way to monitor a client without an snmpd server running on the client machine (ping only). The embedded OS is openWRT on a Netgear WNDR.
ssh -p ###### root@nameofembeddedhost opkg update opkg install snmpd cd /etc/config nano snmpd /etc/init.d/snmpd enable /etc/init.d/snmpd restart
There are many customizations possible, but my colleagues recommend the minimum of changing the name of the public community to something indicative of the network purpose. Additionally, it is also adviseable to change three fields below that refer to the physical location, ip address, and the contact email for the system administrator in charge of managing the snmp server. Once you are done, continue to installing cacti on a network machine that will field the incoming snmp request
sudo apt install cacti
I used the default recommendations, however, when cacti failed repeatedly I was forced to use the reconfiguration command below. The OS I used in this case was Debian 9.2.1 Stretch.
sudo dpkg-reconfigure cacti <Yes, rebuild database, default to other options> <I chose matching MySQL pass because it failed with blank>
At this point, cacti should work so to speak, but it will need to be configured and have its license terms accepted. Since cacti utilizes a web server with which users may access its data, users must configure cacti within that interface. FYI - I chose defaults, and used apache2, as follows from within the Firefox web-browser:
localhost/cacti <say yes to EULA, etc.> <user: admin> <pass: admin>
Since cacti's web server is running, its web server page can highlight information from the snmp server that it queries information from as a client (& many other queries too!). I would error on the side of portraying more information, not less, so consider the following configurations from within the web interface.
Create Devices Add (upper right corner) Host Template - ucd/net SNMP Host Ping or SNMP ICMP Ping Version 2 <name of public community chosen must match /etc/config/snmpd> <fully qualified hostname must be the external domain name or local ip> <for linux devices or the cacti server itself, use local ip or 127.0.0.1, snmpd version 1>
After it successfully creates the device, then scroll down to graphs and add them all unless you have a reason not to. Once you do that, click return, and then select to “Place Device on a Tree” using the defaults provided. Once that is done, go to Console, Create Graphs, select the router or host you just configured this for, and then select the box for all graphs, scroll down, select create. Once they are created, click Console, view graphs, hit the arrow on the Tree, and select the router or host you just created these graphs for.
During this install I had a conflict with a previously installed web server nginx, so I had to find its process and then kill it:
netstat -enpl sudo kill -XXX PID
After that, I restarted the web-server apache2 as follows:
sudo /etc/init.d/apache2 restart
#virt-manager stuff
Start defualt
sudo virsh net-start default
Remove bridge
sudo ifconfig virbr0 dow sudo brctl delbr virbr0
List all
sudo virsh net-list --all
#rsync
sudo rsync -avxHAX --progress /sourcefiles/path /backup/path
#next topic
chmod 700 ~/.ssh chmod 644 ~/.ssh/id_rsa.pub chmod 600 ~/.ssh/id_rsa chmod 755 ~/
#Simple Bridge Mode Virt-Manager
create it - use gui, or brctl
sudo nano /etc/network/interfaces
auto br1 iface br1 inet dhcp bridge_ports enp3s0 bridge_stp on bridge_fd 0.0
#smart tests
smartctl -t short smartctl -t long
#ssh with screen
ssh -t xx.xx.xx.xx screen -DRO
#RAID 1 Notes
The sfdisk command is not complete … the proc shows kernel report on mirroring / syncing status …
sfdisk -d | sfdisk cat /proc/mdstat
Temperamental Swap mirroring …
mdadm –readwrite /dev/md1
#Purism Keyboard Issue
sudo nano /etc/rc.local
Put this in the file.
#!/bin/sh setkeycodes 56 43 exit 0
Ctrl-X, Y, Enter.
sudo chmod 750 /etc/rc.local sudo chown root:root /etc/rc.local sudo reboot
Done - problem fixed.
#Level 3 DNS & resolv.conf
sudo nano /etc/resolv.conf search domain.com [local domain] nameserver xx.xx.xx.xx [router] nameserver 4.2.2.1 nameserver 4.2.2.2 nameserver 4.2.2.3 nameserver 4.2.2.4
#next topic
— oemb1905 2018/03/15 00:23
