Some of the most noticeable changes-improvements are:
- no more Java in the anonymity checker !!!1
- 2013-2014 Generic TLD awareness e.g. wtf and diet
- an updated tor-exit checker
- and a "better" IP address checker.
ipduh v3
# apt-get install dovecot-imapd
listen = 192.0.2.1 syslog_facility = mail mail_location = maildir:~/Maildir ssl = yes ssl_cert = </etc/ssl/certs/imap.signed.crt ssl_key = </etc/ssl/private/imap.private.pem ssl_verify_client_cert = no protocol imap { imap_client_workarounds = tb-extra-mailbox-sep } auth_mechanisms = plain login
# cd /etc/dovecot # stor dovecot.conf # doveconf -n > dovecot.conf
# /etc/init.d/dovecot restart
# wget https://raw.githubusercontent.com/ipduh/ipduhca/master/ipduhca.crt -O /usr/local/share/ca-certificates/ipduhca.crt # update-ca-certificates
# virt-clone -o democritos -n thales -f /home/vm/thales.qcow2 -d ... Clone 'thales' created successfully. ...The clone disk is at /home/vm/thales.qcow2
# cd /etc # grep -ril `hostname -f` |tee hostname.file.list apache2/sites-available/000.dup.ipduh.awmn.conf postfix/main.cf hostname hosts mailname ssh/ssh_host_ecdsa_key.pub ssh/ssh_host_rsa_key.pub ssh/ssh_host_dsa_key.pub aliases.db # perl -i.0 -p -e 's/demokritos/thales/g;' `cat hostname.file.list`
# grep -ril '192.0.2.61' /etc |tee ip.file.list /etc/network/interfaces /etc/hosts # perl -i.old_ip -p -e 's/192.0.2.61/192.0.2.62/g;' `cat ip.file.list`
# shutdown -r now
# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa Generating public/private rsa key pair. /etc/ssh/ssh_host_rsa_key already exists. Overwrite (y/n)? y Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: a6:fc:76:OF:F1:33:7C:04:77:07:ce:5a:cf:23:48:3a root@thales The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | . . | | S . ----| | . o .= o.| | + o..o..=| | ..E....o++| | .... o=++| +-----------------+
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
# ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521
# dpkg-reconfigure openssh-server
b# scp /vm/vm2.qcow2 root@c:/vm
b# virsh dumpxml vm2 > vm2.xml b# scp vm2.xml root@c:/etc/libvirt/qemu
c# virsh define /etc/libvirt/qemu/vm2.xml Domain vm2 defined from /etc/libvirt/qemu/vm2.xml
c# virsh start vm2 Domain vm2 started
b# virsh autostart vm2 --disable Domain vm2 unmarked as autostarted
c# virsh autostart vm2 Domain vm2 marked as autostarted
# apt-get install awstats
# wget https://raw.githubusercontent.com/ipduh/apache2_awstats_conf/master/awstats.conf -O /etc/apache2/conf.d/awstats.conf
# /etc/init.d/apache2 restart
# wget https://raw.githubusercontent.com/ipduh/apache2_awstats_conf/master/awstats.conf.local -O /etc/awstats/awstats.conf.localIP numbers relay much more information than PTR names and PTR names can be (and commonly are) abused-manipulated.
# wget https://raw.githubusercontent.com/ipduh/awstats_plugins/master/ipduh_intel.pm -O /usr/share/awstats/plugins/ipduh_intel.pm
# htpasswd -cb /etc/awstats/A2Passwords user userpassAdd the user 'user2' with password 'user2pass' to the apache passwords file
# htpasswd -b /etc/awstats/A2Passwords user2 user2pass
Include "/etc/awstats/awstats.conf" SiteDomain="example.com" HostAliases="www.example.com" DirData="/logs/sites/example.com/awstats" LogFile="/logs/sites/example.com/access_all"
# cat /logs/sites/example.com/access/* >> /logs/sites/example.com/access_all # /usr/lib/cgi-bin/awstats.pl --configdir=/etc/awstats/ -config=example.com
# rm /etc/cron.d/awstats
# apt-get update # apt-get install libpcap-dev # apt-get install libnl-dev # apt-get install pkg-config
# wget http://www.kismetwireless.net/code/kismet-2013-03-R1b.tar.xz
# mkdir /var/log/kismet # adduser kismet --home /var/log/kismet
# tar xf kismet-2013-03-R1b.tar.xz # cd kismet-2013-03-R1b/ # ./configure --disable-client # make dep # make
# make suidinstall # usermod -a -G kismet kismet
# grep \#g0 kismet_drone.conf |sed -e s/\#g0// servername=drone4 dronelisten=tcp://0.0.0.0:2502 allowedhosts=127.0.0.1,10.0.0.0/255.255.255.0 gps=false ncsource=wlan0This is what I changed in the default kismet_drone.conf file.
# su - kismet -c "/root/kismet-2013-03-R1b/kismet_drone -f /root/kismet-2013-03-R1b/conf/kismet_drone.conf"or
# /root/kismet-2013-03-R1b/kismet_drone --daemonize -f /root/kismet-2013-03-R1b/conf/kismet_drone.conf
# apt-get install kismet
ncsource=drone:host=10.0.0.3,port=2502,name=dr0ne3 ncsource=drone:host=10.0.0.4,port=2502,name=dr0ne4
# kismet
$ wget https://raw.githubusercontent.com/ipduh/fmvsrr/master/fmvsrr.pl && chmod 755 fmvsrr.pl
$ ./fmvsrr.pl 27 N = Number of routers Πfm = Maintenance Cost in a Fully Connected Mesh Πrr = Maintenance Cost in a Two Route Reflectors Setup Kfm = Total Configuration Cost in a Fully Connected Mesh Krr = Total Configuration Cost in a Two Route Reflectors Setup Nfm = Cost of adding one router in a Fully Connected Mesh Nrr = Cost of adding one router in a Two Route Reflectors Setup N=2 Πfm=2 Πrr=2+ Kfm=2 Krr=2+ Nfm=2 Nrr=2+ N=3 Πfm=3 Πrr=3+ Kfm=6 Krr=3+ Nfm=6 Nrr=3 Ν=4 Πfm=6 Πrr=6 Kfm=12 Krr=9 Nfm=6 Nrr=3 Ν=5 Πfm=10 Πrr=7 Kfm=20 Krr=11 Nfm=8 Nrr=3 Ν=6 Πfm=15 Πrr=8 Kfm=30 Krr=13 Nfm=10 Nrr=3 Ν=7 Πfm=21 Πrr=9 Kfm=42 Krr=15 Nfm=12 Nrr=3 Ν=8 Πfm=28 Πrr=10 Kfm=56 Krr=17 Nfm=14 Nrr=3 Ν=9 Πfm=36 Πrr=11 Kfm=72 Krr=19 Nfm=16 Nrr=3 Ν=10 Πfm=45 Πrr=12 Kfm=90 Krr=21 Nfm=18 Nrr=3 Ν=11 Πfm=55 Πrr=13 Kfm=110 Krr=23 Nfm=20 Nrr=3 Ν=12 Πfm=66 Πrr=14 Kfm=132 Krr=25 Nfm=22 Nrr=3 Ν=13 Πfm=78 Πrr=15 Kfm=156 Krr=27 Nfm=24 Nrr=3 Ν=14 Πfm=91 Πrr=16 Kfm=182 Krr=29 Nfm=26 Nrr=3 Ν=15 Πfm=105 Πrr=17 Kfm=210 Krr=31 Nfm=28 Nrr=3 Ν=16 Πfm=120 Πrr=18 Kfm=240 Krr=33 Nfm=30 Nrr=3 Ν=17 Πfm=136 Πrr=19 Kfm=272 Krr=35 Nfm=32 Nrr=3 Ν=18 Πfm=153 Πrr=20 Kfm=306 Krr=37 Nfm=34 Nrr=3 Ν=19 Πfm=171 Πrr=21 Kfm=342 Krr=39 Nfm=36 Nrr=3 Ν=20 Πfm=190 Πrr=22 Kfm=380 Krr=41 Nfm=38 Nrr=3 Ν=21 Πfm=210 Πrr=23 Kfm=420 Krr=43 Nfm=40 Nrr=3 Ν=22 Πfm=231 Πrr=24 Kfm=462 Krr=45 Nfm=42 Nrr=3 Ν=23 Πfm=253 Πrr=25 Kfm=506 Krr=47 Nfm=44 Nrr=3 Ν=24 Πfm=276 Πrr=26 Kfm=552 Krr=49 Nfm=46 Nrr=3 Ν=25 Πfm=300 Πrr=27 Kfm=600 Krr=51 Nfm=48 Nrr=3 Ν=26 Πfm=325 Πrr=28 Kfm=650 Krr=53 Nfm=50 Nrr=3 Ν=27 Πfm=351 Πrr=29 Kfm=702 Krr=55 Nfm=52 Nrr=3
# dnssec-keygen -a hmac-sha256 -b 128 -n HOST gemlocgem Kgemlocgem.+163+12752
# ls Kgemlo* Kgemlocgem.+163+12752.key Kgemlocgem.+163+12752.private
# cat Kgemlocgem.+163+12752.key gemlocgem. IN KEY 512 3 163 Wh47ever64iPdUhb9nd8hg==
# cat named.conf.keys key gemlocgem. { algorithm hmac-sha256; secret "Wh47ever64iPdUhb9nd8hg=="; };
# chmod 640 Kgemlocgem.+163+12752.* # chmod 640 named.conf.keys
# toprod named.conf.keys
# cat named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.external"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.keys"; server 192.0.2.222 { transfer-format many-answers; keys { gemlocgem.; }; };
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.external"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.keys"; server 192.0.2.111 { transfer-format many-answers; keys { gemlocgem.; }; };
allow-transfer { key gemlocgem. ; }; allow-update { key gemlocgem. ; };You may use and other allow-transfer directives that specify IP addresses.
# named -v BIND 9.8.4-rpz2+rl005.12-P1 # cat /etc/issue /etc/debian_version Debian GNU/Linux 7 \n \l 7.7
# hostname -f geminus
# cd /etc # grep -ril `hostname -f` /etc |tee hostname.files.list /etc/mailname /etc/hostname /etc/exim4/update-exim4.conf.conf /etc/hosts /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pubThe above list seems fine but imagine what it would happen if the hostname was eth or work.
# perl -i.0 -p -e 's/geminus/gem/g;' `cat ./hostname.files.list`
# reboot
# lxc-list RUNNING FROZEN STOPPED squeezie
# ln -s /var/lib/lxc/squeezie/config /etc/lxc/auto/squeeziesqueezie is the name of the container.
# reboot
# lxc-list RUNNING squeezie (auto) FROZEN STOPPED
# chroot /var/lib/lxc/squeezie/rootfs/ passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
$ dconf list /org/gnome/desktop/lockdown
$ dconf-editorand check /org/gnome/desktop/lockdown/disable-lock-screen and /org/gnome/desktop/lockdown/disable-log-out
# apt-get install virtualbox-ose-dkms # reboot
# apt-get install id3v2
$ id3v2 -l Thievery\ Corporation\ 2hr\ mix.mp3 id3v2 tag info for Thievery Corporation 2hr mix.mp3: COMM (Comments): (simpleyoutubeconverter.com)[eng]: Downloaded from simpleyoutubeconverter.comn TIT2 (Title/songname/content description): Thievery Corporation 2hr mix Thievery Corporation 2hr mix.mp3: No ID3v1 tag
$ id3v2 -d Thievery\ Corporation\ 2hr\ mix.mp3 Stripping id3 tag in "Thievery Corporation 2hr mix.mp3"...id3v2 stripped.
$ id3v2 -s Thievery\ Corporation\ 2hr\ mix.mp3 Stripping id3 tag in "Thievery Corporation 2hr mix.mp3"...id3v1 stripped.
$ id3v2 -l Thievery\ Corporation\ 2hr\ mix.mp3 Thievery Corporation 2hr mix.mp3: No ID3 tag
$ id3v2 -a "Thievery Corporation" Thievery\ Corporation\ 2hr\ mix.mp3 $ id3v2 -c "two hour mix" Thievery\ Corporation\ 2hr\ mix.mp3 $ id3v2 -g "(27)" Thievery\ Corporation\ 2hr\ mix.mp3 $ id3v2 -l Thievery\ Corporation\ 2hr\ mix.mp3 id3v1 tag info for Thievery Corporation 2hr mix.mp3: Title : Artist: Thievery Corporation Album : Year: , Genre: Trip-Hop (27) Comment: two hour mix Track: 0 id3v2 tag info for Thievery Corporation 2hr mix.mp3: TPE1 (Lead performer(s)/Soloist(s)): Thievery Corporation COMM (Comments): ()[]: two hour mix COMM (Comments): (ID3v1 Comment)[XXX]: two hour mix TCON (Content type): Trip-Hop (27)
0. Blues 1. Classic Rock 2. Country 3. Dance 4. Disco 5. Funk 6. Grunge 7. Hip-Hop 8. Jazz 9. Metal 10. New Age 11. Oldies 12. Other 13. Pop 14. R&B 15. Rap 16. Reggae 17. Rock 18. Techno 19. Industrial 20. Alternative 21. Ska 22. Death Metal 23. Pranks 24. Soundtrack 25. Euro-Techno 26. Ambient 27. Trip-Hop 28. Vocal 29. Jazz+Funk 30. Fusion 31. Trance 32. Classical 33. Instrumental 34. Acid 35. House 36. Game 37. Sound Clip 38. Gospel 39. Noise 40. AlternRock 41. Bass 42. Soul 43. Punk 44. Space 45. Meditative 46. Instrumental Pop 47. Instrumental Rock 48. Ethnic 49. Gothic 50. Darkwave 51. Techno-Industrial 52. Electronic 53. Pop-Folk 54. Eurodance 55. Dream 56. Southern Rock 57. Comedy 58. Cult 59. Gangsta 60. Top 40 61. Christian Rap 62. Pop/Funk 63. Jungle 64. Native American 65. Cabaret 66. New Wave 67. Psychadelic 68. Rave 69. Showtunes 70. Trailer 71. Lo-Fi 72. Tribal 73. Acid Punk 74. Acid Jazz 75. Polka 76. Retro 77. Musical 78. Rock & Roll 79. Hard Rock
$ lsusb |grep 23 Bus 003 Device 007: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port $ dmesg |grep tty |grep pl [ 3881.178720] usb 3-1: pl2303 converter now attached to ttyUSB0
$ su # apt-get install minicom # minicom -sa) to set Serial Device and so forth
# echo dummy >> /etc/modules
# apt-get install bridge-utils
auto dummy0 iface dummy0 inet static auto etherisland iface etherisland inet static address 172.16.17.18 netmask 255.255.255.128 bridge_ports dummy0 bridge_stp off bridge_waitport 0 bridge_fd 0
# modprobe dummy # /etc/init.d/networking restart
# apt-get install lxcwhich also installs debootstrap libcap2-bin and libpam-cap.
# mount /sys/fs/cgroup/ # echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab
# lxc-checkconfig
# wget https://raw.githubusercontent.com/ipduh/lxc-squeeze/master/lxc-squeeze -O /usr/share/lxc/templates/lxc-squeeze
# chmod 755 /usr/share/lxc/templates/lxc-squeeze
# lxc-create -n squeezie -t squeeze
# lxc-start -n squeezie -d
# lxc-console -n squeezie Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself Debian GNU/Linux 6.0 squeezie tty1 squeezie login: root Password: Linux squeezie 3.2.0-4-amd64 #1 SMP Debian 3.2.63-2 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@squeezie:~#The password set by the template is squeezie.
root@squeezie:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
root@squeezie:~# route add default gw 172.16.17.18and in the host
# echo 1 > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 172.16.17.0/25To disable the Internet Connectivity reset your Firewall e.g.
# /etc/bif
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.17.16:80 # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 172.16.17.16:443
# modprobe dummy
# rmmod dummy # modprobe dummy numdummies=3to Create 3 pseudo interfaces.
# ifconfig dummy0 hw ether fc:de:ad:be:ef:10 # ifconfig dummy1 hw ether fc:de:ad:be:ef:11 # ifconfig dummy2 hw ether 00:00:0c:f0:00:0d(: 00:00:0c:f0:00:0d :)
# ifconfig dummy0 172.16.17.18/25 # ifconfig dummy1 172.16.17.19/25 # ifconfig dummy2 192.0.2.8/26
# ifconfig dummy0 dummy0 Link encap:Ethernet HWaddr fc:de:ad:be:ef:10 inet addr:172.16.17.18 Bcast:172.16.17.127 Mask:255.255.255.128 inet6 addr: fe80::fede:adff:febe:ef10/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:210 (210.0 B)
# brctl addbr etherisland
# brctl setfd etherisland 0
# brctl addif etherisland dummy0 dummy1
# brctl show bridge name bridge id STP enabled interfaces etherisland 8000.fcdeadbeef10 no dummy0 dummy1
# echo dummy >> /etc/modules
auto dummy0 iface dummy0 inet static auto etherisland iface etherisland inet static address 172.16.17.18 netmask 255.255.255.128 bridge_ports dummy0 bridge_stp off bridge_waitport 0 bridge_fd 0 bridge_hello 1
# apt-get install postgresqlNow, the debian package postgresql installs all dependencies and the client.
libpq5 postgresql-9.1 postgresql-client-9.1 postgresql-client-common postgresql-commonAlternatively, you may install PostgreSQL from apt repositories maintained by the PostgreSQL Global Development Group.
# su - postgres -c psql psql (9.1.14) Type "help" for help. postgres=#
/etc/postgresql/*/main/pg_hba.conf
# "local" is for Unix domain socket connections only #local all all peer local all all trustBut not settle for 'trust' i.e. allow local connections unconditionally.
/etc/postgresql/*/main/postgresql.conf'listen_addresses' if you need to enable remote access.
postgres=# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres (3 rows)Most new databases are created by copying tempate1 of the templates.
postgres=# \du List of roles Role name | Attributes | Member of -----------+------------------------------------------------+----------- postgres | Superuser, Create role, Create DB, Replication | {}
postgres=# \password postgres Enter new password: Enter it again:
postgres-# \q #
# su - postgres -c "createuser -P puser" Enter password for new role: Enter it again: Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) n Shall the new role be allowed to create more new roles? (y/n) n
# su - postgres -c "createdb -O puser puser"
# su - postgres -c psql psql (9.1.14) Type "help" for help. postgres=# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | puser | puser | UTF8 | en_US.UTF-8 | en_US.UTF-8 | template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres (4 rows) postgres=# \du List of roles Role name | Attributes | Member of -----------+------------------------------------------------+----------- postgres | Superuser, Create role, Create DB, Replication | {} puser | | {} postgres=# \q #
# su - postgres -c "dropdb puser"
# su - postgres -c "vacuumdb -a -f -z"Vacuumdb is a VACUUM wrapper (pg_wrapper) written in Perl.
a# pg_dump -o -U puser -h localhost puser |gzip > puser.dump.gz Password:
b# gunzip puser.dump.gz b# su - postgres -c "createuser -P puser" Enter password for new role: Enter it again: Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) y Shall the new role be allowed to create more new roles? (y/n) n b# su - postgres -c "createdb -O puer puser" b# psql -U puser -h localhost < puser.dump Password for user puser:
node9:~# cat /etc/hostapd/hostapd.wlan0.conf |grep -v "#" interface=wlan0 driver=nl80211 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=4 ctrl_interface=/var/run/hostapd.wlan0 ctrl_interface_group=0 channel=6 hw_mode=g macaddr_acl=0 auth_algs=3 eapol_key_index_workaround=0 eap_server=0 wpa=3 ssid=node9 wpa_passphrase=incellll wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
ieee80211n=1 wmm_enabled=1and do not change
hw_mode=g
node9:~# hostapd /etc/hostapd/hostapd.wlan0.confor run the hostapd deamon in the background
node9# hostapd -B /etc/hostapd/hostapd.wlan0.conf
node7:~# wpa_supplicant -i wlan1 -c <(wpa_passphrase node9 incellll)or put wpa_supplicant in the background
node7:~# wpa_supplicant -B -i wlan1 -c <(wpa_passphrase node9 incellll)
node7:~# iwconfig wlan1 wlan1 IEEE 802.11abgn ESSID:"node9" Mode:Managed Frequency:2.437 GHz Access Point: 30:14:4A:15:B7:94 Bit Rate=54 Mb/s Tx-Power=27 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=64/70 Signal level=-46 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:20 Missed beacon:0
node9:~# iw dev wlan0 station dump Station 30:14:4a:15:bb:72 (on wlan0) inactive time: 2893 ms rx bytes: 871 rx packets: 22 tx bytes: 537 tx packets: 3 tx retries: 0 tx failed: 0 signal: -42 dBm signal avg: -46 dBm tx bitrate: 1.0 MBit/s authorized: yes authenticated: yes preamble: short WMM/WME: no MFP: no TDLS peer: no
node9:~# ifconfig wlan0 192.168.10.9/24 node7:~# ifconfig wlan1 192.168.10.7/24 node7:~# ping -c 1 192.168.10.9 PING 192.168.10.9 (192.168.10.9) 56(84) bytes of data. 64 bytes from 192.168.10.9: icmp_req=1 ttl=64 time=1.66 ms --- 192.168.10.9 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.668/1.668/1.668/0.000 ms
# cat /etc/logrotate.d/app /logs/app/gen.log { daily missingok rotate 7 compress copytruncate notifempty } /logs/app/sec.log { weekly mail administratotator@sys.ipduh.com missingok rotate 4 shred create 640 app app }
daily, weekly , monthly Handle time period (The handling trigger may be the file size) missingok If the log file is missing, go on to the next one without issuing an error message. rotate count Log files are rotated count times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather than rotated. compress Old versions of log files are compressed with gzip(1) by default. copytruncate Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place. notifempty Do not rotate the log if it is empty (this overrides the ifempty option). create mode owner group Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. shred Delete log files using shred -u instead of unlink(). This should ensure that logs are not readable after their scheduled deletion; this is off by default. See also noshred.
# logrotate --force app
# logrotate --force --debug app
$ git clone https://github.com/ipduh/devz.git $ cd devz
$ su # ./install_devz_as_root.sh # source ~/.bashrc
# exit $ ./install_devz_as_user.sh $ source ~/.bashrc
$ ssh-keygen -t dsa $ scp ~/.ssh/id_dsa.pub production_server:~/.ssh/authorized_keys22) An example ~/.devzconfig/production-servers
# production servers # IP address , SSH TCP port, user 192.0.2.22,44,usar 192.0.2.23,22,usar
$ devz-setagent
$ stor blah devz:The directory ./stor does not exist! I will create it. devz:blah is at ./stor/blah.0
$ toprod blah devz:/home/usar/blah to usar@192.0.2.22:44:/home/usar/blah blah 100% 6 0.0KB/s 00:00 devz:/home/usar/blah to usar@192.0.2.23:22:/home/usar/blah blah 100% 6 0.0KB/s 00:00
$ ctoprod "cat blah" devz: usar@192.0.2.22:44 "cat blah" ***Start 192.0.2.22*** blah ***End 192.0.2.22*** devz: usar@192.0.2.23:22 ***Start 192.0.2.23*** blah ***End 192.0.2.23***
$ fromprod blah devz:blah exists! Please stor it and delete it or rename it. $ rm blah $ fromprod blah devz:ipduh@192.0.2.22:44:/home/usar/blah to /hom/usar/blah blah 100% 6 0.0KB/s 00:00
$ devz ****** devz DEVeloper'S Stupid Servant. A bash extention that helps the administrator of similar dev and production systems. g0 2010 - http://ipduh.com/contact http://sl.ipduh.com/devz-howto ****** devz verbs: * 'toprod' or 'devz toprod' toprod file scp a file to the production server(s) * 'ctoprod' or 'devz ctoprod' ctoprod 'command;command;' send command(s) to poduction server(s) * 'fromprod' or 'devz fromprod' fromprod file scp a file from the first production server here. * 'stor' or 'devz stor' stor file creates the directory stor in the current directory if it does not exist. makes a copy of the file in stor the file gets a version number like file.n where n [0,n] * 'devz-setagent' or 'devz setagent' setagent start an ssh-agent login session * 'devz-showconfig' or 'devz showconfig' showconfig See the Current devz configuration * 'devz-setconfig' or 'devz setconfig' setconfig add server to the production-servers list file setconfig cannot configure much, check the devz-howto for your first setup * 'devz-prodsrvexists' or 'devz prodsrvexists' prodsrvexists check if ${DEVZ_PRO_SRV} exists and print an example ${DEVZ_PRO_SRV} file * ******
# uname -a Linux red 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux
# cat /etc/issue /etc/debian_version Debian GNU/Linux 8 \n \l 8.1
# lspci | egrep "3D|VGA" 00:02.0 VGA compatible controller: Intel Corporation 4th Gen Core Processor Integrated Graphics Controller (rev 06) 01:00.0 3D controller: NVIDIA Corporation Device 139b (rev a2)
# apt-get install nvidia-driver # apt-get install nvidia-xconfig # nvidia-xconfig # reboot
# apt-get install mysql-serveryou get the MySQL server version 5.5 along with its prerequisites, basic MySQL tools like the standard MySQL client and the Perl DBI, and some other stuff like mailx.
heirloom-mailx libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18 mysql-client-5.5 mysql-common mysql-server-5.5 mysql-server-core-5.5
mysql> show grants for 'debian-sys-maint'@'localhost'; +----------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for debian-sys-maint@localhost | +----------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY PASSWORD '*0123456789ABCDEF12346789082F1970A47EDCBA' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)
mysql> select Host,Super_priv,Create_priv,Grant_priv,Drop_priv from mysql.user where user='debian-sys-maint'; +-----------+------------+-------------+------------+-----------+ | Host | Super_priv | Create_priv | Grant_priv | Drop_priv | +-----------+------------+-------------+------------+-----------+ | localhost | Y | Y | Y | Y | +-----------+------------+-------------+------------+-----------+ 1 row in set (0.01 sec)
# ls -l /etc/mysql/debian.cnf -rw------- 1 root root 333 Oct 23 16:04 /etc/mysql/debian.cnf
# mysqladmin --defaults-file=/etc/mysql/debian.cnf create yo # mysqladmin --defaults-file=/etc/mysql/debian.cnf drop yo Dropping the database is potentially a very bad thing to do. Any data stored in the database will be destroyed. Do you really want to drop the 'yo' database [y/N] y Database "yo" dropped
# mysql -u root -p"password" -e "command;"As far as I know since at least version 5.1.41-3 and upwards commands like the above, do not reveal your password in the current processes snapshot (ps)
root 30510 0.0 0.1 40280 2696 pts/0 S+ 07:41 0:00 \_ mysql -u root -px xxxxxx
# mysqladmin --defaults-file=/etc/mysql/debian.cnf variables
# mysqld --h -v
#general_log_file = /var/log/mysql/mysql.log #general_log = 1
# mysql -u root -p"root_paswd" mysql> show variables like 'general%'; +------------------+-------------------------------+ | Variable_name | Value | +------------------+-------------------------------+ | general_log | OFF | | general_log_file | /var/lib/mysql/anaxagoras.log | +------------------+-------------------------------+ 2 rows in set (0.00 sec) mysql> SET GLOBAL general_log=1; Query OK, 0 rows affected (0.00 sec) mysql> show variables like 'general%'; +------------------+-------------------------------+ | Variable_name | Value | +------------------+-------------------------------+ | general_log | ON | | general_log_file | /var/lib/mysql/anaxagoras.log | +------------------+-------------------------------+ 2 rows in set (0.00 sec) mysql> SET GLOBAL general_log=0; Query OK, 0 rows affected (0.08 sec) mysql> quit Bye # cat /var/lib/mysql/anaxagoras.log /usr/sbin/mysqld, Version: 5.5.40-0+wheezy1 ((Debian)). started with: Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock Time Id Command Argument 141026 13:21:22 37 Query show variables like 'general%' 141026 13:24:35 37 Query SET GLOBAL general_log=0
# mysqladmin --defaults-file=/etc/mysql/debian.cnf ping mysqld is alive
# mysqladmin --defaults-file=/etc/mysql/debian.cnf status Uptime: 10189 Threads: 2 Questions: 172 Slow queries: 0 Opens: 171 Flush tables: 1 Open tables: 41 Queries per second avg: 0.016
# mysqladmin --defaults-file=/etc/mysql/debian.cnf extended-status |less
# mysqladmin --defaults-file=/etc/mysql/debian.cnf processlist +----+------------------+-----------+----+---------+------+-------+------------------+ | Id | User | Host | db | Command | Time | State | Info | +----+------------------+-----------+----+---------+------+-------+------------------+ | 40 | root | localhost | | Sleep | 1940 | | | | 47 | debian-sys-maint | localhost | | Query | 0 | | show processlist | +----+------------------+-----------+----+---------+------+-------+------------------+
# mysqladmin --defaults-file=/etc/mysql/debian.cnf kill 40 proc +----+------------------+-----------+----+---------+------+-------+------------------+ | Id | User | Host | db | Command | Time | State | Info | +----+------------------+-----------+----+---------+------+-------+------------------+ | 46 | debian-sys-maint | localhost | | Query | 0 | | show processlist | +----+------------------+-----------+----+---------+------+-------+------------------+
# mysqladmin --defaults-file=/etc/mysql/debian.cnf reloador
# mysqladmin -u root -p"root_passwd" flush-privileges
# mysqladmin -h 192.0.2.10 -u root -p"0210_root_passwsd" flush-status
# mysqladmin --defaults-file=/etc/mysql/debian.cnf ping mysqld is alive # mysqladmin --defaults-file=/etc/mysql/debian.cnf shutdown # mysqladmin --defaults-file=/etc/mysql/debian.cnf ping 2>/dev/null # echo $? 1
# /etc/init.d/mysql start [ ok ] Starting MySQL database server: mysqld .. [info] Checking for tables which need an upgrade, are corrupt or were not closed cleanly..
# mysql -u root -p"root_passwd"
mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | foodb | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec)The mysql , information_schema and performance_schema databases come with the MySQL server and they are used by the MySQL server in its operation. The mysql database holds information about users,servers,plugins,timezone,etc and the users may write to it (eg: this is how you add a MySQL user ). The information_schema (read-only to the users) stores information about all the other databases that MySQL maintains. The performance_schema database is used by the MySQL system to provide low level execution monitoring.
mysql> use foodb;
mysql> show tables; +------------------+ | Tables_in_foodb | +------------------+ | exits | +------------------+ 1 row in set (0.00 sec)
mysql> describe exits; +------------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +------------+------------------+------+-----+---------+-------+ | su | int(10) unsigned | NO | PRI | NULL | | | first_test | datetime | YES | | NULL | | | last_test | datetime | YES | | NULL | | +------------+------------------+------+-----+---------+-------+ 3 rows in set (0.00 sec)
mysql> SELECT COUNT(*) FROM exits; +----------+ | COUNT(*) | +----------+ | 260472 | +----------+ 1 row in set (0.00 sec)
mysql> quit Bye #
# mysql --defaults-file=/etc/mysql/debian.cnf -e "LOCK TABLES foodb.exits READ;"
# cp -rp /var/lib/mysql/foodb /bak/mysql/foodb
# mysql --defaults-file=/etc/mysql/debian.cnf -e "UNLOCK TABLES;"
# cp -rp /bak/mysql/foodb /var/lib/mysql/foodbIf you are copying to another MySQL server and you are missing or you do not want to mess with the old /var/lib/mysql/mysql you may want to create a user for the foodb.
mysql> grant all on foodb.* to foodbuser; mysql> set password for foodbuser = password('foodbuser_passwd');
dest# mkdir /var/lib/mysql/foodb orig#mysqlhotcopy --method='scp' --user=root --password=mysqlrootpasswd foodb root@192.0.2.26:/var/lib/mysql
orig# mysqldump -u root -p"root_passwd" foodb > foodb.sql
dest# mysqladmin --defaults-file=/etc/mysql/debian.cnf create foodb dest# mysql --defaults-file=/etc/mysql/debian.cnf foodb < foodb.sql
[mysqld] server-id = 11 log_bin = /var/log/mysql/mysql-bin.log bind-address = 0.0.0.0 innodb_flush_log_at_trx_commit=1 sync_binlog = 1 binlog_do_db = foodb
anaxagoras# service mysql restart
[mysqld] server-id = 12 log_bin = /var/log/mysql/mysql-bin.log binlog_do_db = foodbRestart MySQL
democritus# service mysql restart
anaxagoras# mysql -u root -p"root_passwd" mysql> CREATE USER 'repuser'@'192.0.2.0/255.255.255.128'; mysql> SET PASSWORD FOR 'repuser'@'192.0.2.0/255.255.255.128' = password('repuser_password'); mysql> GRANT REPLICATION SLAVE ON *.* TO 'repuser'@'192.0.2.0/255.255.255.128'; mysql> FLUSH PRIVILEGES;
mysql> USE foodb mysql> FLUSH TABLES WITH READ LOCK; Query OK, 0 rows affected (0.17 sec) mysql> SHOW MASTER STATUS; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000003 | 107 | foodb | | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)
anaxagoras# mysqladmin --defaults-file=/etc/mysql/debian.cnf shutdown anaxagoras# rsync -avz -e ssh /var/lib/mysql/ root@democritus:/var/lib/mysql anaxagoras# scp /etc/mysql/debian.cnf root@democritus:/etc/mysql/
mysql> UNLOCK TABLES;
democritus# mysql -u root -p"root_passwd" mysql> CHANGE MASTER TO MASTER_HOST='anaxagoras', MASTER_USER='repuser', MASTER_PASSWORD='repuser_password', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=107; mysql> START SLAVE;
mysql> SHOW SLAVE STATUS\G
# mysqlcheck --defaults-file=/etc/mysql/debian.cnf -A
# mysqlcheck --defaults-file=/etc/mysql/debian.cnf --analyze foodb
# mysqlcheck --defaults-file=/etc/mysql/debian.cnf -0 foodb
# mysqlcheck --defaults-file=/etc/mysql/debian.cnf --debug-info --auto-repair foodb
ip tunnel add datun mode sit remote 192.0.2.49 local 198.51.100.50 ttl 64 ip link set datun up
# ifconfig datun datun Link encap:IPv6-in-IPv4
# ip link set datun downat the 6in4 tunnels to the IPv6 Internet how-to, even in places we needed to delete the tunnel instead of putting it down, causing all kinds of errors and confusion.
ip tunnel del datun
# ip tunnel del datun # /etc/network/if-up.d/ipv6-tunnel.sh
# apt-get install tripwireand then click the no, no, and OK buttons.
# sha256sum /usr/sbin/tripwire |tee ~/twsums 0e4791bb58dfc4095dba902621b72111d61bf1838d77aff4ae00d3c7432d5739 /usr/sbin/tripwire # sha256sum /usr/sbin/tw* |tee -a ~/twsums bc01ac66aa421d2e5324983150bea573b2e2d3ee004293501b0dcc4ce1560898 /usr/sbin/twadmin e1b097eaf28f3ec54114cba7cc82a1ab4122a9fb82590422d9820711c884e5e9 /usr/sbin/twprint # sha256sum /usr/sbin/siggen |tee -a ~/twsums e5e72b264f9b4fa86aa88e0f893b6031457e30b510f28bcb31ea1296b38566bd /usr/sbin/siggen
# cd /etc/tripwire/ # twadmin --generate-keys --site-keyfile site.key # chmod 400 site.keyThe site key is used to secure the integrity of the tripwire configuration files.
# twadmin --generate-keys --local-keyfile `hostname`-local.key # chmod 400 *cal.keyThe local key is used to protect the integrity of the local tripwire database.
# stor twcfg.txt # vi twcfg.txt # twadmin --create-cfgfile --cfgfile tw.cfg --site-keyfile site.key twcfg.txt Please enter your site passphrase: Wrote configuration file: /etc/tripwire/tw.cfg
# stor twpol.txt # vi twpol.txt # twadmin --create-polfile --cfgfile tw.cfg --site-keyfile site.key twpol.txt Please enter your site passphrase: Wrote policy file: /etc/tripwire/tw.pol
# chmod 600 *txt # chmod 600 *cfg # chmod 600 *pol
# tripwire --init Please enter your local passphrase: Parsing policy file: /etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** # ... Wrote database file: /var/lib/tripwire/anaxagoras.twd The database was successfully generated.
# tripwire --test --email example@example.net
# tripwire --check
# twprint -m r --twrfile /var/lib/tripwire/report/hostname-latest.twr |less
# stor twpol.txt # vi twpol.txt # twadmin -m P -S site.key twpol.txt # tripwire --init
# tripwire --check --interactive Integrity check complete. Please enter your local passphrase: Wrote database file: /var/lib/tripwire/anaxagoras.twd
# tripwire --update --twrfile /var/lib/tripwire/report/hostname-date-time.twrand again look for [x] and delete the x if you are not OK with that change.
# # Critical Libraries # ( rulename = "Root file-system libraries", severity = $(SIG_HI), emailto = root, emailto = systembot@ares.ipduh.rox ) { /lib -> $(SEC_BIN) ; }If /lib is changed an alert will be sent to root and systembot@ares.ipduh.rox.
# tripwire --check --email-report
#!/bin/sh -e tripwire=/usr/sbin/tripwire [ -x $tripwire ] || exit 0 umask 027 $tripwire --check --quiet --email-report
# twprint -m d --print-dbfile |less
# twprint -m d --print-dbfile /lib/test
ii tripwire 2.4.2.2-2 amd64 file and directory integrity checker # cat /etc/issue /etc/debian_version Debian GNU/Linux 7 \n \l 7.6
$ openssl s_client -connect ipduh.com:443 -ssl3
# grep SSLProtocol /etc/apache2/mods-available/ssl.conf SSLProtocol all -SSLv2
# vi /etc/apache2/mods-available/ssl.conf
SSLProtocol All -SSLv2 -SSLv3in each VirtualHost definition.
# /etc/init.d/apache2 restart
$ openssl s_client -connect ipduh.com:443 -ssl3 CONNECTED(00000003) 140330958718632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 140330958718632:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
# apt-get install libguestfs-tools # apt-get install guestfish
# guestfish --rw -a /home/vm/anaxagoras.qcow2 >run 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00 > list-filesystems /dev/vda1: ext4 /dev/vda2: unknown /dev/vda5: swap > mount /dev/vda1 /
>touch /etc/guestfish_play > edit /etc/guestfish_play > quit #
# virsh list Id Name State ---------------------------------------------------- 9 anaxagoras running # virt-cat anaxagoras /etc/issue Debian GNU/Linux 7 \n \l # virt-cat anaxagoras /etc/hostname anaxagoras
# apt-get install guestmount
# mkdir /mnt/anax # guestmount -a /home/vm/anaxagoras.qcow2 -m /dev/vda1 --rw /mnt/anax/
# cat /mnt/anax/etc/guestfish_play hi # echo "hi kosme" > /mnt/anax/etc/guestfish_play # mv /mnt/anax/etc/guestfish_play /mnt/anax/etc/guestmount_play # umount /mnt/anax
# virt-df anaxagoras Filesystem 1K-blocks Used Available Use% anaxagoras:/dev/sda1 19751804 840608 17907832 5%
# virt-filesystems --long --parts --blkdevs -a /home/vm/anaxagoras.qcow2 -h Name Type MBR Size Parent /dev/sda1 partition 83 19G /dev/sda /dev/sda2 partition 05 1.0K /dev/sda /dev/sda5 partition 82 880M /dev/sda /dev/sda device - 20G -
# virt-filesystems --long -h --all -a anaxagoras.qcow2 Name Type VFS Label MBR Size Parent /dev/sda1 filesystem ext4 - - 19G - /dev/sda2 filesystem unknown - - 1.0K - /dev/sda5 filesystem swap - - 880M - /dev/sda1 partition - - 83 19G /dev/sda /dev/sda2 partition - - 05 1.0K /dev/sda /dev/sda5 partition - - 82 880M /dev/sda /dev/sda device - - - 20G -
# virt-list-filesystems anaxagoras.qcow2 /dev/sda1 # virt-list-filesystems anaxagoras /dev/sda1
# truncate -r anaxagoras.qcow2 anaxagoras30G.qcow2 # truncate -s +10G anaxagoras30G.qcow2 # virt-resize --expand /dev/sda1 anaxagoras.qcow2 anaxagoras30G.qcow2 Examining anaxagoras.qcow2 ... ********** Summary of changes: /dev/sda1: This partition will be resized from 19.1G to 29.1G. The filesystem ext4 on /dev/sda1 will be expanded using the 'resize2fs' method. /dev/sda2: This partition will be left alone. ********** Setting up initial partition table on anaxagoras30G.qcow2 ... Copying /dev/sda1 ... 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00 Copying /dev/sda2 ... 100% ⟦▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓⟧ 00:00 Expanding /dev/sda1 using the 'resize2fs' method ... Resize operation completed with no errors. Before deleting the old disk, carefully check that the resized disk boots and works correctly.Test resized image.
# cd /etc/libvirt/qemu/ # stor anaxagoras.xml # virsh virsh # edit anaxagoras virsh # define anaxagoras.xml virsh # start anaxagoras virsh # quit # ssh anaxagoras root@anaxagoras:~# df -h Filesystem Size Used Avail Use% Mounted on rootfs 29G 822M 27G 3% / udev 10M 0 10M 0% /dev tmpfs 202M 172K 202M 1% /run /dev/disk/by-uuid/8ca4bd34-120c-45ff-bd0b-86d8de552d10 29G 822M 27G 3% / tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 579M 0 579M 0% /run/shm
virt-alignment-scan virt-filesystems virt-ls virt-tar-in virt-cat virt-format virt-make-fs virt-tar-out virt-clone virt-host-validate virt-pki-validate virt-viewer virt-convert virt-image virt-rescue virt-win-reg virt-copy-in virt-inspector virt-resize virt-xml-validate virt-copy-out virt-install virt-sparsify virt-df virt-list-filesystems virt-sysprep virt-edit virt-list-partitions virt-tar
# cat /etc/debian_version /etc/issue 7.6 Debian GNU/Linux 7 \n \l
# modprobe nbd max_part=8
# ls /dev/nbd* /dev/nbd0 /dev/nbd10 /dev/nbd12 /dev/nbd14 /dev/nbd2 /dev/nbd4 /dev/nbd6 /dev/nbd8 /dev/nbd1 /dev/nbd11 /dev/nbd13 /dev/nbd15 /dev/nbd3 /dev/nbd5 /dev/nbd7 /dev/nbd9
# qemu-nbd -c /dev/nbd0 /home/vm/anaxagoras.qcow2
# ls /dev/nbd0* /dev/nbd0 /dev/nbd0p1 /dev/nbd0p2 /dev/nbd0p5
# mkdir /mnt/imgs # mount /dev/nbd0p1 /mnt/imgs/
# ls /mnt/imgs/ bin dev home lib lost+found mnt proc run selinux sys usr vmlinuz boot etc initrd.img lib64 media opt root sbin srv tmp var
# umount /dev/nbd0p1 # mount |grep nbd #
# qemu-nbd -d /dev/nbd0 # ls /dev/nbd0* /dev/nbd0
# modprobe -r nbd
# cat /etc/debian_version /etc/issue 7.6 Debian GNU/Linux 7 \n \l # uname -r 3.2.0-4-amd64
# cat /etc/debian_version /etc/issue 7.6 Debian GNU/Linux 7 \n \l # uname -r 3.2.0-4-amd64 # grep "model\ name" /proc/cpuinfo -m1 model name : Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz # egrep "vmx|svm" /proc/cpuinfo -c 4
# apt-get update # apt-get install qemu-kvm libvirt-bin virtinst
# mkdir /home/vm # virt-install --connect qemu:///system -n anaxagoras -r 2048 -vcpus=1 --disk path=/home/vm/anaxagoras.qcow2,size=20 -c /insigdato/OS.iso/debian-7.6.0-amd64-netinst.iso --vnc --noautoconsole --os-type linux --description anaxagoras --network=bridge:b0 --hvm
# netstat -putan|grep kvm tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 7499/kvm
$ ssh -lroot -L 5900:localhost:5900 192.0.2.29where 192.0.2.29 is the KVM_host IP address.
$ vncviewer localhost5900 is the default port. For ports above 5900 use port_number-5900 to find out the vncviewer `port`.
# virsh virsh # edit anaxagorasadd
<target dev='anaxagoras'/>in <interface ... --Naming, the second toughest problem in CS :)
virsh # autostart anaxagoras Domain anaxagoras marked as autostarted
virsh # start anaxagoras Domain anaxagoras started
virsh # list Id Name State ---------------------------------------------------- 2 anaxagoras running virsh # exit
# brctl show bridge name bridge id STP enabled interfaces b0 8000.40167e6d6745 yes anaxagoras eth0
# apt-get install bridge-utils
# ip a|grep ":\ " 1: lo:mtu 16436 qdisc noqueue state UNKNOWN 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
# brctl show bridge name bridge id STP enabled interfaces #None yet.
# brctl addbr b0
# brctl show bridge name bridge id STP enabled interfaces b0 8000.000000000000 no
# brctl addif b0 eth0However, do not try it if you are working on a remote host.
# brctl delbr b0
# vi /etc/network/interfaces # /etc/init.d/networking restart
auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto b0 iface b0 inet static address 192.0.2.29 netmask 255.255.255.128 network 192.0.2.0 broadcast 192.0.2.127 gateway 192.0.2.10 dns-nameservers 192.0.2.4 dns-search ipduh.rocks bridge_ports eth0 bridge_stp on #spanning tree bridge_waitport 0 #no delay before a port becomes available bridge_fd 0 #no forwarding delay bridge_maxwait 0
# brctl show bridge name bridge id STP enabled interfaces b0 8000.40167e6d6745 yes eth0
# ip a|grep ":\ " 1: lo:mtu 16436 qdisc noqueue state UNKNOWN 2: eth0: mtu 1500 qdisc pfifo_fast master b0 state UP qlen 1000 4: b0: mtu 1500 qdisc noqueue state UP
# brctl show bridge name bridge id STP enabled interfaces b0 8000.40167e6d6745 yes anaxagoras eth0
# cat /etc/issue /etc/debian_version Debian GNU/Linux 7 \n \l 7.6 # uname -r 3.2.0-4-amd64
# ls -l /usr/local/directadmin/conf/mysql.conf -r-------- 1 diradmin diradmin 30 Nov 5 2013 /usr/local/directadmin/conf/mysql.conf # cat /usr/local/directadmin/conf/mysql.conf
# mysql -u da_admin -p Enter password:
mysql> show variables like 'open%'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | open_files_limit | 1024 | +------------------+-------+ 1 row in set (0.00 sec) mysql> exit; Bye
# echo "open_files_limit = 10240" >> /etc/my.cnf
# /etc/init.d/mysqld restart
# mysql -u da_admin -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.5.9 MySQL Community Server (GPL) Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show variables like 'open%'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | open_files_limit | 10240 | +------------------+-------+ 1 row in set (0.00 sec) mysql> exit Bye #
# dd if=/dev/zero of=/home/vm/vm4_xtra.img bs=1M count=1024
# fallocate -l 50G vm4_xtra.img
# cd /etc/libvirt/qemu/ # stor vm4.xml devz:vm4.xml is at ./stor/vm4.xml.0
<disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/home/vm/vm4_xtra.img'/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='1' unit='0'/> </disk>
# virsh virsh # define /etc/libvirt/qemu/vm4.xml Domain vm4 defined from /etc/libvirt/qemu/vm4.xml
virsh # start vm4 Domain vm4 started virsh # quit
# fdisk -lThe new virtual HD should be /dev/sdb
# fdisk /dev/sdb Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0x54ac0969. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): p Partition number (1-4, default 1): 1 First sector (2048-2097151, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151): Using default value 2097151 Command (m for help): t Selected partition 1 Hex code (type L to list codes): 83 Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.
# mkfs.ext4 /dev/sdb1
# tune2fs -m 0 /dev/sdb1 tune2fs 1.42.5 (29-Jul-2012) Setting reserved blocks percentage to 0% (0 blocks)
# mkdir /vm4_xtra # mount /dev/sdb1 /vm4_xtra/
# echo "/dev/sdb1 /vm4_xtra ext4 defaults 0 2" >> /etc/fstab
# cat /etc/issue /etc/debian_version Debian GNU/Linux 6.0 \n \l 6.0.7 # uname -r 2.6.32-5-amd64
# cat /etc/issue /etc/debian_version Debian GNU/Linux 7 \n \l 7.9
# apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
# echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
# apt-get update
# apt-get install mongodb-org
# echo "mongodb-org hold" | dpkg --set-selections # echo "mongodb-org-server hold" | dpkg --set-selections # echo "mongodb-org-shell hold" | dpkg --set-selections # echo "mongodb-org-mongos hold" | dpkg --set-selections # echo "mongodb-org-tools hold" | dpkg --set-selections # grep -A 1 "Package: mongodb-org" /var/lib/dpkg/status Package: mongodb-org-mongos Status: hold ok installed -- Package: mongodb-org-tools Status: hold ok installed -- Package: mongodb-org-server Status: hold ok installed -- Package: mongodb-org-shell Status: hold ok installed -- Package: mongodb-org Status: hold ok installed
# mongo > use admin > db.createUser( ... { ... user: "admin" , ... pwd: "passwd" , ... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] ... } ... )
# egrep -A 1 "bind|security" /etc/mongod.conf #bindIp: 127.0.0.1 bindIp: 192.168.101.86 -- security: authorization: enabledyou may use bindIp: 0.0.0.0 to to bind the MongoDB daemon to all the system IP addresses
# service mongod stop # service mongod start
# mongo --host 192.168.101.86 --port 27017 -u "admin" -p "passwd" --authenticationDatabase "admin"
# apt-get remove mongodb mongodb-clients mongodb-dev mongodb-server # echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list # apt-get update # apt-get install mongodb-org-shell # echo "mongodb-org-shell hold" | dpkg --set-selectionsand finally login from a remote host
$ mongo 192.168.101.86/admin -u admin -p passwd MongoDB shell version: 3.0.7 connecting to: 192.168.101.86/admin >
use amongodb
> db.createUser( ... { user: "amongouser" , ... pwd: "somepasswd" , ... roles: [ { role: "readWrite", db: "amongodb" } ] ... } ... )
$ mongo 192.168.101.86/amongodb -u amongouser -p somepasswd
$ icedove --addressbookyou may export it to an *.ldif which can be imported to thunderbird or icedove