User Tools

Site Tools


computing:miscadmin

  • miscadmin
  • Jonathan Haack
  • Haack's Networking
  • netcmnd@jonathanhaack.com

A dumping ground for basic gnulinux sysadmin and other miscellaneous notes, or miscadmin for short.


-Text Editors-

Change the default text editor, terminal, web browser, in Debian

exo-preferred-applications

Some systems are not kind with exo, so …

xdg-mime default caja.desktop inode/directory application/x-gnome-saved-search

Set caja or other file managers to manage desktop

gsettings set org.gnome.desktop.background show-desktop-icons false
gsettings set org.nemo.desktop show-desktop-icons true

-motd-

Create the following to make a message of the day that will be appended to the dynamic message of the day.

sudo nano /etc/motd

Is motd printing twice, comment out motd statis in pam setting

/etc/pam.d/sshd
#session    optional     pam_motd.so noupdate
(actually it is the line above this, leave this active)

Print motd with every shell log in …

nano ~/.bashrc

Navigate to the end of the file, and add

cat /etc/motd

-Firefox-

To install the latest firefox on Debian and make it default, do the following. The link below may not always work, so replace when updated.

sudo mkdir -p /opt/firefox
sudo chown -R $USER:$USER /opt/firefox
cd ~/Downloads && wget -O FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"
tar xjf FirefoxSetup.tar.bz2 -C /opt/firefox/
sudo mv /usr/lib/firefox-esr/firefox-esr /usr/lib/firefox-esr/firefox-esr_orig
sudo ln -s /opt/firefox/firefox/firefox /usr/lib/firefox-esr/firefox-esr

To restore firefox-esr that comes with Debian.

unlink /usr/lib/firefox-esr/firefox-esr
mv /usr/lib/firefox-esr/firefox-esr_orig /usr/lib/firefox-esr/firefox-esr

-youtube-dl-

sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
sudo chmod 750 /usr/local/bin/youtube-dl

-optical ripping example-

cdrecord -pad -dao -data blag-140k-i686.iso

-pam hardening location-

sudo nano /etc/pam.d/common-password

Prevent Log in - create file

/etc/nologin

-old reminders-

remove old and offending keyring from gnome, make new directory for new one

sudo rm -rf ~/.local/share/keyrings
mkdir ~/.local/share/keyrings

start or stop network manager (or other services)

systemctl <start/stop/restart> networkmanager.service
/etc/init.d/network-manager <start/stop/restart>

verify dhcp client working for interface eno1

dhclient -v eno1

add subnet to interface eno1

ip address add 192.1##.1##.2/24 dev eno1

interface tool w/ eno1 example

ethtool eno1  

interface with switch using screen

screen /dev/ttyUSB0/ 19200

calculate subnet automatically

subnetcalc

proxying web traffic through remote server

ssh -D <port#> <user>@<domain.com>

get block ID of drives

blkid

nmap to scan devices on lan

nmap -sP 10.##.##.0/24

find utils example

find . -iname "name" 

-ngrok-

ngrok notes; private http(s) tunnels

./ngrok http 80
wget https://[ngrok tunnel]/id_rsa.pub
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

query hosts on the lan

avahi-browse -tl _workstation._tcp

Debian print system configuration to stdout; use root

cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a
lsb_release -a
lspci

Debian repo management

cd /etc/apt
nano sources.lsit
[main contrib non-free]

-sftp basics-

cd ~/Downloads
sftp user@host.com:/path/to/sftp/directory/of/choice/
> put /path/to/file.txt 

-build app from source-

tar -xf <source_filename>

Navigate to the directory that tar unarchived the files to. Then, within that directory, execute:

./configure --prefix=/usr/local

make
sudo make install clean

-using vi to scrape unnecessary text strings away from openwrt packages that need updating

:1,$s/ .*//

-passing traffic through wifi radio to another interface on host-

sudo su -c "iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE"
sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
set a static ip using ip a a x.x.x.x. dev blah
set static on wndr wan

-exim delete all messages and other-

exim -bp <print message ids>
exim -Mrm <message id>
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

use this for local interfaces for ipv6
::::0:0.0.0.0

view
exim -Mvh

-verifying TLS with swaks on exim4 relay setup

swaks -a -tls -q HELO -s smtp.haacksnetworking.com:587 -au test -ap '<>'

-mysql password-

nano /etc/mysql/debian.cnf 
sudo mysql -u debian-sys-maint  

-temporary name servers - how to add some - temporary/permanent syntax below:

echo "nameserver 4.2.2.1" | sudo tee /etc/resolv.conf > /dev/null
echo "nameserver 4.2.2.1" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null

-strip desktop environments from GUI system

tasksel --list-tasks
tasksel --task-packages desktop
sudo apt-get purge $(tasksel --task-packages desktop)

-deborphan

sudo apt install deborphan
sudo apt-get remove `deborphan`
for i in `deborphan`; do apt-get --purge remove -y $i; done

-checking ssh logs

cat /var/log/auth.log | grep 'sshd.*Invalid'
cat /var/log/auth.log | grep 'sshd.*opened'

-checking disk space-

du -ch -d 1 | sort -hr

-check disk space with ncurses tool-

sudo apt install ncdu
ncdu

-stop/start sleep of any form on servers-

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target

-xorg with ssh

touch /root/.Xauthority 
touch /home/user/.Xauthority

-batch convert with ffmpeg to mp4 from mkv

for i in *.mkv; do
ffmpeg -i "$i" -codec copy "${i%.*}.mp4"
done

-fix badly configured zpool that used short names to by-id names. This command can be entered as-is, and does not need to be adjusted at all for what your specific ids are or for multiple drives. It literally exports the short names and by-ids, unmounts the volumes/pool, then remakes it using the blkid.

zpool export tank 
zpool import -d /dev/disk/by-id tank

monitor ram usage every 3 seconds in human readable way

free -h -w -s 3

postfix to relay, satellite option, enter the relay like this: to prevent lookups

[smtp.smtpserver.com]:587

Re-attach to screen session that's attached.

screen -d -r <session#.user>

mysqldump to local from remote

ssh root@hub.haacksnetworking.org /usr/bin/mysqldump --all-databases --single-transaction --skip-comments --skip-dump-date > hknet.sqldump

Turn off sleep.

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

Amd gPU errors fix

mkdir ~/Repositories
cd /home/user/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git
sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v

Unattended Upgrades

sudo apt install unattended-upgrades
sudo apt install apt-config-auto-update
sudo unattended-upgrades --dry-run --debug
sudo systemctl status unattended-upgrades

Next … ssh failed attempts

grep "Failed password" /var/log/auth.log
journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure"
faillock --user <user>
grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7-  | sort | uniq -c

Display Managers (Lightdm, etc.)

sudo nano /etc/lightdm/lightdm-gtk-greeter.conf
[SeatDefaults]
allow-guest=false
greeter-hide-users=true
nano ~/.config/gtk-3.0/settings.ini
[Settings]
gtk-application-prefer-dark-theme=1
sudo nano /etc/lightdm/lightdm.conf
cd /usr/share/lightdm/light.conf.d/

Setting ufw to allow connections to only certain subnets.

ufw allow from 10.16.16.0/24 to any proto tcp port 8006
ufw allow from 10.36.36.0/24 to any proto tcp port 8006
ufw allow from 10.16.16.0/24 to any proto tcp port 22
ufw allow from 10.36.36.0/24 to any proto tcp port 22
ufw allow from 10.16.16.0/24 to any proto tcp port 80
ufw allow from 10.36.36.0/24 to any proto tcp port 80
ufw allow from 10.16.16.0/24 to any proto tcp port 443
ufw allow from 10.36.36.0/24 to any proto tcp port 443

Establish NIC name using mac:ID

nano /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100"

Establish Nemo as default, remove desktop icons, verify nemo default

xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search
gsettings set org.gnome.desktop.background show-desktop-icons false
xdg-mime query default inode/directory

Sury php

sudo apt install -y apt-transport-https lsb-release ca-certificates wget
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list 

Static ipv6 in ifupdown

iface enp0s3 inet6 static
  address 2001:db8:1000::1
  netmask 64
  gateway 2001:db8:1000::1
  autoconf 0
  dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844
  

Assigning an interface a persistent name so that bridging and static ifupdown assignments don't fail on reboot.

sudo nano /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="29:af:2c:34:g7:11",ATTR{type}=="1",NAME="eth100"

Convert pdf to Word

libreoffice --infilter="writer_pdf_import" --convert-to docx Terms-Of-Service.pdf

Instruct a client to ignore the DNS server offers made by the router on Debian.

sudo nano /etc/dhcp/dhclient.conf

In that file, find the section that begins with request subnet-mask and remove domain-name-servers from it.

request subnet-mask, broadcast-address, time-offset, routers,
  domain-name, __domain-name-servers__, domain-search, host-name,
  dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
  netbios-name-servers, netbios-scope, interface-mtu,
  rfc3442-classless-static-routes, ntp-servers;

After that's removed, find the section that begins with prepend domain-name-servers 127.0.0.1; and change it as you see fit:

prepend domain-name-servers 192.168.1.20;
prepend domain-name-servers 192.168.1.21;
sudo systemctl restart networking

After you restart networking, run cat /etc/resolv.conf and make sure the DNS is what you desired. In order to test whether there are DNS leaks, use tcpdump and adjust port to 53, 5335, 853, etc.

tcpdump -vv -x -X -s 1500 -i eth0 'port 853'

In order to set a policy on Chrome to stop DOT, or DNS over TLS/https, do the following:

sudo nano /etc/opt/chrome/policies/managed/policies.json
{
"BrowserGuestModeEnabled": false,
"BrowserAddPersonEnabled": false,
"IncognitoModeAvailability": 1,
"DnsOverHttpsMode": false,
"ExtensionSettings": {"*": {"installation_mode": "blocked"}}
}

Running Debian testing/unstable and your zfs modules suddenly won't load after a reboot and upgrade, well do the following:

sudo apt-get install linux-headers-$(uname -r)

Alright ….

oemb1905 2024/12/07 19:48

computing/miscadmin.txt · Last modified: 2024/12/07 19:48 by oemb1905