This is an old revision of the document!
A dumping ground for basic gnulinux sysadmin and other miscellaneous notes, or miscadmin for short.
-Text Editors-
Change the default text editor, terminal, web browser, in Debian
Some systems are not kind with exo, so …
xdg-mime default caja.desktop inode/directory application/x-gnome-saved-search
Set caja or other file managers to manage desktop
gsettings set org.gnome.desktop.background show-desktop-icons false gsettings set org.nemo.desktop show-desktop-icons true
Create the following to make a message of the day that will be appended to the dynamic message of the day.
sudo nano /etc/motd
Is motd printing twice, comment out motd statis in pam setting
/etc/pam.d/sshd #session optional noupdate (actually it is the line above this, leave this active)
Print motd with every shell log in …
nano ~/.bashrc
Navigate to the end of the file, and add
cat /etc/motd
To install the latest firefox on Debian and make it default, do the following. The link below may not always work, so replace when updated.
sudo mkdir -p /opt/firefox sudo chown -R $USER:$USER /opt/firefox cd ~/Downloads && wget -O FirefoxSetup.tar.bz2 "" tar xjf FirefoxSetup.tar.bz2 -C /opt/firefox/ sudo mv /usr/lib/firefox-esr/firefox-esr /usr/lib/firefox-esr/firefox-esr_orig sudo ln -s /opt/firefox/firefox/firefox /usr/lib/firefox-esr/firefox-esr
To restore firefox-esr that comes with Debian.
unlink /usr/lib/firefox-esr/firefox-esr mv /usr/lib/firefox-esr/firefox-esr_orig /usr/lib/firefox-esr/firefox-esr
sudo curl -L -o /usr/local/bin/youtube-dl sudo chmod 750 /usr/local/bin/youtube-dl
-optical ripping example-
cdrecord -pad -dao -data blag-140k-i686.iso
-pam hardening location-
sudo nano /etc/pam.d/common-password
Prevent Log in - create file
-old reminders-
remove old and offending keyring from gnome, make new directory for new one
sudo rm -rf ~/.local/share/keyrings mkdir ~/.local/share/keyrings
start or stop network manager (or other services)
systemctl <start/stop/restart> networkmanager.service /etc/init.d/network-manager <start/stop/restart>
verify dhcp client working for interface eno1
dhclient -v eno1
add subnet to interface eno1
ip address add 192.1##.1##.2/24 dev eno1
interface tool w/ eno1 example
ethtool eno1
interface with switch using screen
screen /dev/ttyUSB0/ 19200
calculate subnet automatically
proxying web traffic through remote server
ssh -D <port#> <user>@<>
get block ID of drives
nmap to scan devices on lan
nmap -sP 10.##.##.0/24
find utils example
find . -iname "name"
ngrok notes; private http(s) tunnels
./ngrok http 80 wget https://[ngrok tunnel]/ cat ~/ >> ~/.ssh/authorized_keys
query hosts on the lan
avahi-browse -tl _workstation._tcp
Debian print system configuration to stdout; use root
cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a lsb_release -a lspci
Debian repo management
cd /etc/apt nano sources.lsit [main contrib non-free]
-sftp basics-
cd ~/Downloads sftp > put /path/to/file.txt
-build app from source-
tar -xf <source_filename>
Navigate to the directory that tar unarchived the files to. Then, within that directory, execute:
./configure --prefix=/usr/local make sudo make install clean
-using vi to scrape unnecessary text strings away from openwrt packages that need updating
:1,$s/ .*//
-passing traffic through wifi radio to another interface on host-
sudo su -c "iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE" sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
set a static ip using ip a a x.x.x.x. dev blah
set static on wndr wan
-exim delete all messages and other-
exim -bp <print message ids> exim -Mrm <message id> exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash use this for local interfaces for ipv6 ::::0: view exim -Mvh
-verifying TLS with swaks on exim4 relay setup
swaks -a -tls -q HELO -s -au test -ap '<>'
-mysql password-
nano /etc/mysql/debian.cnf sudo mysql -u debian-sys-maint
-temporary name servers - how to add some - temporary/permanent syntax below:
echo "nameserver" | sudo tee /etc/resolv.conf > /dev/null echo "nameserver" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
-strip desktop environments from GUI system
tasksel --list-tasks tasksel --task-packages desktop sudo apt-get purge $(tasksel --task-packages desktop)
sudo apt install deborphan sudo apt-get remove `deborphan` for i in `deborphan`; do apt-get --purge remove -y $i; done
-checking ssh logs
cat /var/log/auth.log | grep 'sshd.*Invalid' cat /var/log/auth.log | grep 'sshd.*opened'
-checking disk space-
du -ch -d 1 | sort -hr
-check disk space with ncurses tool-
sudo apt install ncdu ncdu
-stop/start sleep of any form on servers-
sudo systemctl mask sudo systemctl unmask
-xorg with ssh
touch /root/.Xauthority touch /home/user/.Xauthority
-batch convert with ffmpeg to mp4 from mkv
for i in *.mkv; do ffmpeg -i "$i" -codec copy "${i%.*}.mp4" done
-fix badly configured zpool that used short names to by-id names. This command can be entered as-is, and does not need to be adjusted at all for what your specific ids are or for multiple drives. It literally exports the short names and by-ids, unmounts the volumes/pool, then remakes it using the blkid.
zpool export tank zpool import -d /dev/disk/by-id tank
monitor ram usage every 3 seconds in human readable way
free -h -w -s 3
postfix to relay, satellite option, enter the relay like this: to prevent lookups
Re-attach to screen session that's attached.
screen -d -r <session#.user>
mysqldump to local from remote
ssh /usr/bin/mysqldump --all-databases --single-transaction --skip-comments --skip-dump-date > hknet.sqldump
Turn off sleep.
sudo systemctl mask
Amd gPU errors fix
mkdir ~/Repositories cd /home/user/Repositories && git clone sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v
Unattended Upgrades
sudo apt install unattended-upgrades sudo apt install apt-config-auto-update sudo unattended-upgrades --dry-run --debug sudo systemctl status unattended-upgrades
Next … ssh failed attempts
grep "Failed password" /var/log/auth.log journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure" faillock --user <user> grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7- | sort | uniq -c
Display Managers (Lightdm, etc.)
sudo nano /etc/lightdm/lightdm-gtk-greeter.conf [SeatDefaults] allow-guest=false greeter-hide-users=true nano ~/.config/gtk-3.0/settings.ini [Settings] gtk-application-prefer-dark-theme=1 sudo nano /etc/lightdm/lightdm.conf cd /usr/share/lightdm/light.conf.d/
Setting ufw to allow connections to only certain subnets.
ufw allow from to any proto tcp port 8006 ufw allow from to any proto tcp port 8006 ufw allow from to any proto tcp port 22 ufw allow from to any proto tcp port 22 ufw allow from to any proto tcp port 80 ufw allow from to any proto tcp port 80 ufw allow from to any proto tcp port 443 ufw allow from to any proto tcp port 443
Establish NIC name using mac:ID
nano /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100"
Establish Nemo as default, remove desktop icons, verify nemo default
xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search gsettings set org.gnome.desktop.background show-desktop-icons false xdg-mime query default inode/directory
Sury php
sudo apt install -y apt-transport-https lsb-release ca-certificates wget wget -O /etc/apt/trusted.gpg.d/php.gpg echo "deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
Static ipv6 in ifupdown
iface enp0s3 inet6 static address 2001:db8:1000::1 netmask 64 gateway 2001:db8:1000::1 autoconf 0 dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844
Assigning an interface a persistent name so that bridging and static ifupdown assignments don't fail on reboot.
sudo nano /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="29:af:2c:34:g7:11",ATTR{type}=="1",NAME="eth100"
Convert pdf to Word
libreoffice --infilter="writer_pdf_import" --convert-to docx Terms-Of-Service.pdf
Instruct a client to ignore the DNS server offers made by the router on Debian.
sudo nano /etc/dhcp/dhclient.conf
In that file, find the section that begins with request subnet-mask
and remove domain-name-servers from it.
request subnet-mask, broadcast-address, time-offset, routers, domain-name, __domain-name-servers__, domain-search, host-name,, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers;
After that's removed, find the section that begins with prepend domain-name-servers;
and change it as you see fit:
prepend domain-name-servers; prepend domain-name-servers; sudo systemctl restart networking
After you restart networking, run cat /etc/resolv.conf
and make sure the DNS is what you desired. In order to test whether there are DNS leaks, use tcpdump and adjust port to 53, 5335, 853, etc.
tcpdump -vv -x -X -s 1500 -i eth0 'port 853'
In order to set a policy on Chrome to stop DOT, or DNS over TLS/https, do the following:
sudo nano /etc/opt/chrome/policies/managed/policies.json { "BrowserGuestModeEnabled": false, "BrowserAddPersonEnabled": false, "IncognitoModeAvailability": 1, "DnsOverHttpsMode": false }
Running Debian testing/unstable and your zfs modules suddenly won't load after a reboot and upgrade, well do the following:
sudo apt-get install linux-headers-$(uname -r)
Alright ….
— oemb1905 2024/11/29 15:44