0xab EXTRACT TAR.GZ TO REMOTE SERVER WITH SSH
cat today.tar.gz | ssh IP_OR_HOST "tar xzf - -C /home/backup/pg"
0xa9 SCREEN - COMMON OPERATIONS
Start new:
screen
Run some long-time operation:
cd /usr/lib/postgresql/9.3/bin
sudo su -c "./reindexdb -d Local_portal" postgres
Logout from screen (detach):
Ctrl+A+d
List active screens:
$ screen -ls
There is a screen on:
23815.pts-1.DelmarERPTestInt2 (07/24/2018 07:35:34 AM) (Detached)
1 Socket in /var/run/screen/S-delmar.
Go back to your opened screen:
screen -r 23815
0xa2 RSA
CA генерируется одной командой:
openssl req -outform pem -newkey rsa:8192 -sha512 -days 3700 -x509 -nodes -subj
"/C=UA/L=Kyiv/O=Horns&Hoofs/OU=CA/CN=cert.example.net" -keyout ca.key -out
ca.crt
Примерно так же генерируются ключи и CSR для сервера и клиентов:
openssl req -outform pem -new -newkey rsa:8192 -sha512 -days 370 -nodes -subj
"/CN=vpn.example.net" -keyout vpn.example.net.key -out vpn.example.net.csr
Что там еще нужно, параметры DH? Вообще элементарщина, хотя и очень долго - может занять несколько часов... благо, оно нужно только на сервере:
openssl dhparam -5 -out dhparam.pem 4096
А про подписывание подробно написано в man ca.
0x8a IPTABLES - DROP PING
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
0x76 LINUX - EMERGENCY REBOOT
If you find yourself in this situation (and I hope you won’t!), you have some options to get your way with a misbehaving server remotely. You can force an immediate reboot with the following:
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
WHOA THERE! This is pretty much the same as pressing the reset button on the server (if equipped). No daemons will be shut down gracefully, no filesystem sync will occur, and you may get the wrath of a fsck (or worse, a non-booting server) upon reboot.
linux admin
0x75 TCPDUMP - GREP 80 REQ
sudo tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g'
0x6c GIT - ADD REMOTE
So, firstly setup the remote repository:
ssh git@example.com
mkdir my_project.git
cd my_project.git
git init --bare
git update-server-info # If planning to serve via HTTP
On local machine:
cd my_project
git init
git add *
git commit -m "My initial commit message"
git remote add origin git@example.com:my_project.git
git push -u origin master
0x6b XEN - BRIDGE SETUP
So, for the VM we set a bridge. To do that we need to have bridge-utils package installed (yum install bridge-utils) and set-up the br0 bridge. There’s no need to set an IP address on the bridge as we only need to set a static route on it.
/etc/sysconfig/network-scripts/ifcfg-br0 would look like this: