0xa9 SCREEN - COMMON OPERATIONS

Start new:

screen

Run some long-time operation:

cd /usr/lib/postgresql/9.3/bin
sudo su -c "./reindexdb -d Local_portal" postgres

Logout from screen (detach):

Ctrl+A+d

List active screens:

$ screen -ls
There is a screen on:
    23815.pts-1.DelmarERPTestInt2    (07/24/2018 07:35:34 AM)    (Detached)
1 Socket in /var/run/screen/S-delmar.

Go back to your opened screen:

screen -r 23815

linux admin

 

0xa2 RSA

CA генерируется одной командой:

openssl req -outform pem -newkey rsa:8192 -sha512 -days 3700 -x509 -nodes -subj
"/C=UA/L=Kyiv/O=Horns&Hoofs/OU=CA/CN=cert.example.net" -keyout ca.key -out
ca.crt

Примерно так же генерируются ключи и CSR для сервера и клиентов:

openssl req -outform pem -new -newkey rsa:8192 -sha512 -days 370 -nodes -subj
"/CN=vpn.example.net" -keyout vpn.example.net.key -out vpn.example.net.csr

Что там еще нужно, параметры DH? Вообще элементарщина, хотя и очень долго - может занять несколько часов... благо, оно нужно только на сервере:

openssl dhparam -5 -out dhparam.pem 4096

А про подписывание подробно написано в man ca.

linux admin

 

0x8a IPTABLES - DROP PING

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
admin linux

 

0x76 LINUX - EMERGENCY REBOOT

If you find yourself in this situation (and I hope you won’t!), you have some options to get your way with a misbehaving server remotely. You can force an immediate reboot with the following:

echo 1 > /proc/sys/kernel/sysrq 
echo b > /proc/sysrq-trigger

WHOA THERE! This is pretty much the same as pressing the reset button on the server (if equipped). No daemons will be shut down gracefully, no filesystem sync will occur, and you may get the wrath of a fsck (or worse, a non-booting server) upon reboot.

linux admin

 

0x75 TCPDUMP - GREP 80 REQ

sudo tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g' 
admin

 

0x6c GIT - ADD REMOTE

So, firstly setup the remote repository:

ssh git@example.com
mkdir my_project.git
cd my_project.git
git init --bare
git update-server-info # If planning to serve via HTTP

On local machine:

cd my_project
git init
git add *
git commit -m "My initial commit message"
git remote add origin git@example.com:my_project.git
git push -u origin master
admin

 

0x6b XEN - BRIDGE SETUP

So, for the VM we set a bridge. To do that we need to have bridge-utils package installed (yum install bridge-utils) and set-up the br0 bridge. There’s no need to set an IP address on the bridge as we only need to set a static route on it.

/etc/sysconfig/network-scripts/ifcfg-br0 would look like this:

Continue reading →

linux admin