A dumping ground for basic gnulinux sysadmin and other miscellaneous notes, or miscadmin for short.
-Text Editors-
Change the default text editor, terminal, web browser, in Debian
exo-preferred-applications
Some systems are not kind with exo, so …
xdg-mime default caja.desktop inode/directory application/x-gnome-saved-search
Set caja or other file managers to manage desktop
gsettings set org.gnome.desktop.background show-desktop-icons false gsettings set org.nemo.desktop show-desktop-icons true
-motd-
Create the following to make a message of the day that will be appended to the dynamic message of the day.
sudo nano /etc/motd
Is motd printing twice, comment out motd statis in pam setting
/etc/pam.d/sshd #session optional pam_motd.so noupdate (actually it is the line above this, leave this active)
Print motd with every shell log in …
nano ~/.bashrc
Navigate to the end of the file, and add
cat /etc/motd
-Firefox-
To install the latest firefox on Debian and make it default, do the following. The link below may not always work, so replace when updated.
sudo mkdir -p /opt/firefox sudo chown -R $USER:$USER /opt/firefox cd ~/Downloads && wget -O FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" tar xjf FirefoxSetup.tar.bz2 -C /opt/firefox/ sudo mv /usr/lib/firefox-esr/firefox-esr /usr/lib/firefox-esr/firefox-esr_orig sudo ln -s /opt/firefox/firefox/firefox /usr/lib/firefox-esr/firefox-esr
To restore firefox-esr that comes with Debian.
unlink /usr/lib/firefox-esr/firefox-esr mv /usr/lib/firefox-esr/firefox-esr_orig /usr/lib/firefox-esr/firefox-esr
-youtube-dl-
sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl sudo chmod 750 /usr/local/bin/youtube-dl
-optical ripping example-
cdrecord -pad -dao -data blag-140k-i686.iso
-pam hardening location-
sudo nano /etc/pam.d/common-password
Prevent Log in - create file
/etc/nologin
-old reminders-
remove old and offending keyring from gnome, make new directory for new one
sudo rm -rf ~/.local/share/keyrings mkdir ~/.local/share/keyrings
start or stop network manager (or other services)
systemctl <start/stop/restart> networkmanager.service /etc/init.d/network-manager <start/stop/restart>
verify dhcp client working for interface eno1
dhclient -v eno1
add subnet to interface eno1
ip address add 192.1##.1##.2/24 dev eno1
interface tool w/ eno1 example
ethtool eno1
interface with switch using screen
screen /dev/ttyUSB0/ 19200
calculate subnet automatically
subnetcalc
proxying web traffic through remote server
ssh -D <port#> <user>@<domain.com>
get block ID of drives
blkid
nmap to scan devices on lan
nmap -sP 10.##.##.0/24
find utils example
find . -iname "name"
-ngrok-
ngrok notes; private http(s) tunnels
./ngrok http 80 wget https://[ngrok tunnel]/id_rsa.pub cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
query hosts on the lan
avahi-browse -tl _workstation._tcp
Debian print system configuration to stdout; use root
cat /proc/cpuinfo && lspci | grep -i vga && uname -a && lsb_release -a lsb_release -a lspci
Debian repo management
cd /etc/apt nano sources.lsit [main contrib non-free]
-sftp basics-
cd ~/Downloads sftp user@host.com:/path/to/sftp/directory/of/choice/ > put /path/to/file.txt
-build app from source-
tar -xf <source_filename>
Navigate to the directory that tar unarchived the files to. Then, within that directory, execute:
./configure --prefix=/usr/local make sudo make install clean
-using vi to scrape unnecessary text strings away from openwrt packages that need updating
:1,$s/ .*//
-passing traffic through wifi radio to another interface on host-
sudo su -c "iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE" sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
set a static ip using ip a a x.x.x.x. dev blah
set static on wndr wan
-exim delete all messages and other-
exim -bp <print message ids> exim -Mrm <message id> exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash use this for local interfaces for ipv6 ::::0:0.0.0.0 view exim -Mvh
-verifying TLS with swaks on exim4 relay setup
swaks -a -tls -q HELO -s smtp.haacksnetworking.com:587 -au test -ap '<>'
-mysql password-
nano /etc/mysql/debian.cnf sudo mysql -u debian-sys-maint
-temporary name servers - how to add some - temporary/permanent syntax below:
echo "nameserver 4.2.2.1" | sudo tee /etc/resolv.conf > /dev/null echo "nameserver 4.2.2.1" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
-strip desktop environments from GUI system
tasksel --list-tasks tasksel --task-packages desktop sudo apt-get purge $(tasksel --task-packages desktop)
-deborphan
sudo apt install deborphan sudo apt-get remove `deborphan` for i in `deborphan`; do apt-get --purge remove -y $i; done
-checking ssh logs
cat /var/log/auth.log | grep 'sshd.*Invalid' cat /var/log/auth.log | grep 'sshd.*opened'
-checking disk space-
du -ch -d 1 | sort -hr
-check disk space with ncurses tool-
sudo apt install ncdu ncdu
-stop/start sleep of any form on servers-
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target
-xorg with ssh
touch /root/.Xauthority touch /home/user/.Xauthority
-batch convert with ffmpeg to mp4 from mkv
for i in *.mkv; do ffmpeg -i "$i" -codec copy "${i%.*}.mp4" done
-fix badly configured zpool that used short names to by-id names. This command can be entered as-is, and does not need to be adjusted at all for what your specific ids are or for multiple drives. It literally exports the short names and by-ids, unmounts the volumes/pool, then remakes it using the blkid.
zpool export tank zpool import -d /dev/disk/by-id tank
monitor ram usage every 3 seconds in human readable way
free -h -w -s 3
postfix to relay, satellite option, enter the relay like this: to prevent lookups
[smtp.smtpserver.com]:587
Re-attach to screen session that's attached.
screen -d -r <session#.user>
mysqldump to local from remote
ssh root@hub.haacksnetworking.org /usr/bin/mysqldump --all-databases --single-transaction --skip-comments --skip-dump-date > hknet.sqldump
Turn off sleep.
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Amd gPU errors fix
mkdir ~/Repositories cd /home/user/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v
Unattended Upgrades
sudo apt install unattended-upgrades sudo apt install apt-config-auto-update sudo unattended-upgrades --dry-run --debug sudo systemctl status unattended-upgrades
Next … ssh failed attempts
grep "Failed password" /var/log/auth.log journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure" faillock --user <user> grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7- | sort | uniq -c
Display Managers (Lightdm, etc.)
sudo nano /etc/lightdm/lightdm-gtk-greeter.conf [SeatDefaults] allow-guest=false greeter-hide-users=true nano ~/.config/gtk-3.0/settings.ini [Settings] gtk-application-prefer-dark-theme=1 sudo nano /etc/lightdm/lightdm.conf cd /usr/share/lightdm/light.conf.d/
Setting ufw to allow connections to only certain subnets.
ufw allow from 10.16.16.0/24 to any proto tcp port 8006 ufw allow from 10.36.36.0/24 to any proto tcp port 8006 ufw allow from 10.16.16.0/24 to any proto tcp port 22 ufw allow from 10.36.36.0/24 to any proto tcp port 22 ufw allow from 10.16.16.0/24 to any proto tcp port 80 ufw allow from 10.36.36.0/24 to any proto tcp port 80 ufw allow from 10.16.16.0/24 to any proto tcp port 443 ufw allow from 10.36.36.0/24 to any proto tcp port 443
Establish NIC name using mac:ID
nano /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100"
Establish Nemo as default, remove desktop icons, verify nemo default
xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search gsettings set org.gnome.desktop.background show-desktop-icons false xdg-mime query default inode/directory
Sury php
sudo apt install -y apt-transport-https lsb-release ca-certificates wget wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
Static ipv6 in ifupdown
iface enp0s3 inet6 static address 2001:db8:1000::1 netmask 64 gateway 2001:db8:1000::1 autoconf 0 dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844
Assigning an interface a persistent name so that bridging and static ifupdown assignments don't fail on reboot.
sudo nano /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="29:af:2c:34:g7:11",ATTR{type}=="1",NAME="eth100"
Convert pdf to Word
libreoffice --infilter="writer_pdf_import" --convert-to docx Terms-Of-Service.pdf
Instruct a client to ignore the DNS server offers made by the router on Debian.
sudo nano /etc/dhcp/dhclient.conf
In that file, find the section that begins with request subnet-mask
and remove domain-name-servers from it.
request subnet-mask, broadcast-address, time-offset, routers, domain-name, __domain-name-servers__, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers;
After that's removed, find the section that begins with prepend domain-name-servers 127.0.0.1;
and change it as you see fit:
prepend domain-name-servers 192.168.1.20; prepend domain-name-servers 192.168.1.21; sudo systemctl restart networking
After you restart networking, run cat /etc/resolv.conf
and make sure the DNS is what you desired. In order to test whether there are DNS leaks, use tcpdump and adjust port to 53, 5335, 853, etc.
tcpdump -vv -x -X -s 1500 -i eth0 'port 853'
In order to set a policy on Chrome to stop DOT, or DNS over TLS/https, do the following:
sudo nano /etc/opt/chrome/policies/managed/policies.json { "BrowserGuestModeEnabled": false, "BrowserAddPersonEnabled": false, "IncognitoModeAvailability": 1, "DnsOverHttpsMode": false, "ExtensionSettings": {"*": {"installation_mode": "blocked"}} }
Running Debian testing/unstable and your zfs modules suddenly won't load after a reboot and upgrade, well do the following:
sudo apt-get install linux-headers-$(uname -r)
Alright ….
— oemb1905 2024/12/07 19:48