Posts from 2015-03

linux: strace basics

posted on 2015-03-31 23:16:24

In the following, <function> is the executable / your program you want to have a further look at.

strace 'traces system calls and signals'. ltrace is for getting to know about the libraries being used, but not discussed here.

write output to file

strace -o <filename> <function>


[root@jerrylee /home/jl]# strace -o sout.log echo  

Of course, piping will work, too. But you have to redirect STDERR to the file, too. (&> will do the trick.)

show function counts

strace -c <function>


[root@jerrylee /home/jl]# strace -c echo                                       

% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 24.00    0.000090          30         3           open
 21.87    0.000082           9         9           mmap
 11.47    0.000043          11         4           mprotect
  9.87    0.000037           9         4           brk
  8.80    0.000033           8         4           fstat
  6.13    0.000023           5         5           close
  5.33    0.000020          10         2           munmap
  2.93    0.000011          11         1           write
  2.93    0.000011          11         1         1 access
  2.40    0.000009           9         1           execve
  2.13    0.000008           8         1           read
  2.13    0.000008           8         1           arch_prctl
------ ----------- ----------- --------- --------- ----------------
100.00    0.000375                    36         1 total

show timestamps

strace -t <function>


[root@jerrylee /home/jl]# strace -t echo                                       
23:24:07 execve("/bin/echo", ["echo"], [/* 57 vars */]) = 0
23:24:07 brk(0)                         = 0x2377000
23:24:07 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff7d2efe000
23:24:07 access("/etc/", R_OK) = -1 ENOENT (No such file or directory)
23:24:07 open("/etc/", O_RDONLY|O_CLOEXEC) = 3
23:24:07 fstat(3, {st_mode=S_IFREG|0644, st_size=124895, ...}) = 0
23:24:07 mmap(NULL, 124895, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff7d2edf000
23:24:07 close(3)                       = 0
23:24:07 open("/lib64/", O_RDONLY|O_CLOEXEC) = 3

benchmarking: disc access speeds

posted on 2015-03-29 21:15:08

This here is just for the record:

[root@jerrylee /home/jl]# for i in dd home/dd; do dd if=/dev/zero of=/"$i"/test bs=1M count=1024 oflag=direct; done
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 5.63433 s, 191 MB/s
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 14.0452 s, 76.4 MB/s
[root@jerrylee /home/jl]# for i in dd home/dd; do dd if=/dev/zero of=/"$i"/test bs=1M count=1024 oflag=sync; done  
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 11.7655 s, 91.3 MB/s
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 46.4223 s, 23.1 MB/s
[root@jerrylee /home/jl]# for i in dd home/dd; do dd if=/dev/zero of=/"$i"/test bs=1M count=1024; done
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 1.83701 s, 585 MB/s
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 6.30389 s, 170 MB/s
[root@jerrylee /home/jl]# hdparm -t /dev/sda; hdparm -t /dev/sdb               

 Timing buffered disk reads: 756 MB in  3.00 seconds = 251.76 MB/sec

 Timing buffered disk reads: 236 MB in  3.02 seconds =  78.02 MB/sec

One was an ordinary hdd, the other a ssd. I cannot be bothered to look up the model names currently.

mysql: command history

posted on 2015-03-27 10:25:58

To view the complete mysql command history from the shell prompt:

less ~/.mysql_history

To view the complete mysql commmand history from withing the mysql CLI:

system cat ~/.mysql_history

curl: setting a user agent

posted on 2015-03-26 16:28:17

When trying to curl a https site, and the site is run on an apache with mod_security and the OWASP paket, you may get a HTTP 403 error.

This is due to 'them' blocking every http client, that does not seem to be a brower.


curl -k https://<server> -A 'Mozilla/4.0'

will fix this for testing purposes.

upstart manual

posted on 2015-03-26 10:17:13

Ubuntu, as well as RHEL 6.6 (6.x?) use upstart for system initalization during boot up.

If you need help for creating the init scripts, see the official manual.

ESXi: VMware changes license terms

posted on 2015-03-25 09:36:42

If you use the free version of the current ESXi (5.5), all hosted VM's have to be lower than version 10, if you plan on keeping it free.

See here in the vmware blog:
For troubleshooting purposes we have added read only support to the vSphere C# Client for compatibility levels 5.1, 5.5 and 6 aka virtual hardware 9, 10 and 11 features. This allows you to edit settings available in compatibility level 5 aka vHW8 and have access to view vHW9+ settings. The use case for this would be to connect directly to a host to add CPU or RAM to your powered off vCenter Server.

Up to now there for the free version there was no restriction on the amount of physical cores of the hypervisor, limit was the maximum of 8 cores per VM. The other restriction was, there were no Backups possible, for that you needed minimum the Essentials edition. Also there existed a limit of 1024 connections per hypervisor IIRC, but I have no source to back that up currently.

Now VM's which are of version 10 or higher, cannot be administered with the free vSphere client. Just with the vSphere web client, for which you have to have a vCenter set up and running.

See here for pricing.

ICMP types

posted on 2015-03-25 06:44:31

ICMP cheatsheet

In short, the most-needed stuff:

0 Echo reply
3 Destination unreachable
4 Source quench
5 Redirect (Change a Route)
8 Echo request
11 Time exceeded for a datagram
12 Parameter Problem on a datagram
13 Timestamp request
14 Timestamp reply
15 Information request
16 Information reply
17 Address mask request
18 Address mask reply 

complete overview

This is more or less copy-paste from here.


The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.

Type    Name                    Reference
----    -------------------------       ---------
  0 Echo Reply               [RFC792]
  1 Unassigned                  [JBP]
  2 Unassigned                  [JBP]
  3 Destination Unreachable          [RFC792]
  4 Source Quench                [RFC792]
  5 Redirect                 [RFC792]
  6 Alternate Host Address              [JBP]
  7 Unassigned                  [JBP]
  8 Echo                     [RFC792]
  9 Router Advertisement            [RFC1256]
 10 Router Selection            [RFC1256]
 11 Time Exceeded                [RFC792]
 12 Parameter Problem            [RFC792]
 13 Timestamp                [RFC792]
 14 Timestamp Reply              [RFC792]
 15 Information Request          [RFC792]
 16 Information Reply            [RFC792]
 17 Address Mask Request                     [RFC950]
 18 Address Mask Reply           [RFC950]
 19 Reserved (for Security)            [Solo]
 20-29  Reserved (for Robustness Experiment)        [ZSu]
 30 Traceroute              [RFC1393]
 31 Datagram Conversion Error       [RFC1475]
 32     Mobile Host Redirect              [David Johnson]
 33     IPv6 Where-Are-You                 [Bill Simpson]
 34     IPv6 I-Am-Here                     [Bill Simpson]
 35     Mobile Registration Request        [Bill Simpson]
 36     Mobile Registration Reply          [Bill Simpson]
 37     Domain Name Request                     [Simpson]
 38     Domain Name Reply                       [Simpson]
 39     SKIP                                    [Markson]
 40     Photuris                                [Simpson]
 41-255 Reserved                    [JBP]

Many of these ICMP types have a "code" field.  Here we list the types
again with their assigned code fields.

Type    Name                                    Reference
----    -------------------------               ---------
  0     Echo Reply                               [RFC792]
            0  No Code
  1     Unassigned                                  [JBP]
  2     Unassigned                                  [JBP]
  3     Destination Unreachable                  [RFC792]
        0  Net Unreachable
        1  Host Unreachable
            2  Protocol Unreachable
            3  Port Unreachable
            4  Fragmentation Needed and Don't Fragment was Set
            5  Source Route Failed
            6  Destination Network Unknown
            7  Destination Host Unknown
            8  Source Host Isolated
            9  Communication with Destination Network is
               Administratively Prohibited
           10  Communication with Destination Host is
               Administratively Prohibited
           11  Destination Network Unreachable for Type of Service
           12  Destination Host Unreachable for Type of Service
           13  Communication Administratively Prohibited      [RFC1812]
           14  Host Precedence Violation                      [RFC1812]
           15  Precedence cutoff in effect                    [RFC1812]
  4     Source Quench                            [RFC792]
            0  No Code
  5     Redirect                                 [RFC792]
            0  Redirect Datagram for the Network (or subnet)
            1  Redirect Datagram for the Host
            2  Redirect Datagram for the Type of Service and Network
            3  Redirect Datagram for the Type of Service and Host
  6     Alternate Host Address                      [JBP]
            0  Alternate Address for Host
  7     Unassigned                                  [JBP]
  8     Echo                                     [RFC792]
            0  No Code
  9     Router Advertisement                    [RFC1256]
            0  No Code
 10     Router Selection                        [RFC1256]
            0  No Code
 11     Time Exceeded                            [RFC792]
            0  Time to Live exceeded in Transit
            1  Fragment Reassembly Time Exceeded
 12     Parameter Problem                        [RFC792]
            0  Pointer indicates the error
            1  Missing a Required Option        [RFC1108]
            2  Bad Length
 13     Timestamp                                [RFC792]
            0  No Code
 14     Timestamp Reply                          [RFC792]
            0  No Code
 15     Information Request                      [RFC792]
            0  No Code
 16     Information Reply                        [RFC792]
            0  No Code
 17     Address Mask Request                     [RFC950]
            0  No Code
 18     Address Mask Reply                       [RFC950]
            0  No Code
 19     Reserved (for Security)                    [Solo]
 20-29  Reserved (for Robustness Experiment)        [ZSu]
 30     Traceroute                              [RFC1393]
 31     Datagram Conversion Error               [RFC1475]
 32     Mobile Host Redirect              [David Johnson]
 33     IPv6 Where-Are-You                 [Bill Simpson]
 34     IPv6 I-Am-Here                     [Bill Simpson]
 35     Mobile Registration Request        [Bill Simpson]
 36     Mobile Registration Reply          [Bill Simpson]
 39     SKIP                                    [Markson]
 40     Photuris                                [Simpson]

0   Reserved
1   unknown security parameters index
2   valid security parameters, but authentication failed
3   valid security parameters, but decryption failed


mysql: create admin user

posted on 2015-03-24 21:52:43

Open mysql cli:

create user '<user>'@'localhost' identified by '<pw>';
grant all privileges on *.* to '<user>'@'localhost' with grant option;
create user '<user>'@'%' identified by '<pw>';
grant all privileges on *.* to '<user>'@'%' with grant option;
flush privileges;

This looks strange, but to be able to connect as user from everywhere, you need it. See here and search for 'monty'.

RHEL: configure static ip

posted on 2015-03-24 01:13:02

From somewhere on the internet I found this handy gist, which got some improvements:

## Configure eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0


## Configure Default Gateway
# vi /etc/sysconfig/network


## Restart Network Interface (as root)
### DONT!
/etc/init.d/network restart
### DO!
ifdown eth0; ifup eth0

## Configure DNS Server
# vi /etc/resolv.conf

nameserver # Replace with your nameserver ip
nameserver # Replace with your nameserver ip 

This may be expanded later on, this is just a quick post.

RHEL: debugging locale settings

posted on 2015-03-23 14:07:36

Having had a system landscape with some webservers, basically a apache-apache-tomcat and apache-apache-jboss setup, where the Umlauts were bugged. Or websites did now work at all.

Oh my. That is all what you usually think about such things.

To complicate matters further, there was a CMS deployed, generating the .jsp's that were later to be served through the app servers.

vim /etc/sysconfig/i18n . /etc/sysconfig/i18n # same as: source /etc/sysconfig/i18n

check locale:


POSIX.1-2008 online

posted on 2015-03-19 11:17:53

The current POSIX spec, also called IEEE Std 1003.1, 2013 edition, can be found online here.

For fun, try getting an idea to what degree your OS of choice conforms to the standard. :)

IBM DB/2: Introduction and .csv export

posted on 2015-03-16 11:12:00


IBM DB/2 is a relational database, but sports quite a bit more features than i.e. mysql. But it differs quite a bit from the latter. This here should serve as on overview on how to use it's cli and some basic commands, when you are in dire need. ;)


db2 uses linux system users. This means, to access the database you have to be logged as the right user, which has database access granted.

For finding out which user is the one you need, simply login as each one (su db2username, try looking them up in /etc/passwd/) and issue a db2 at the shell prompt.

If it was the right user, it should look like this:

[user@host root]$ db2
(c) Copyright IBM Corporation 1993,2007
Command Line Processor for DB2 Client 10.5.0

You can issue database manager commands and SQL statements from the command 
prompt. For example:
    db2 => connect to sample
    db2 => bind sample.bnd

For general help, type: ?.
For command help, type: ? command, where command can be
the first few keywords of a database manager command. For example:
 ? CATALOG DATABASE for help on the CATALOG DATABASE command
 ? CATALOG          for help on all of the CATALOG commands.

To exit db2 interactive mode, type QUIT at the command prompt. Outside 
interactive mode, all commands must be prefixed with 'db2'.
To list the current command option settings, type LIST COMMAND OPTIONS.

For more detailed help, refer to the Online Reference Manual.

db2 =>

Trying with the wrong user will simply end in a bash: db2: command not found or the like.

basic commands

These should be the most used db2 sql commands when using the CLI via the db2 frontend.

To start simply write db2 while being logged in as the right user.

using help

# show commands
# show help on command
? <command>

connecting / disconnecting

# open connection so you can use sql statements
connect to <dbname>
# disconnect, but leave db2 cli running
connect reset
# disconnect and exit db2 cli
# exit client

getting information on the database and its structure

# list databases
list database directory

If this is too unwieldy, try this from a shell prompt:

# list database's name from shell prompt
db2 list database directory | grep -i 'database name' | awk '{print $4}'

Now onto the internal structure:

# show all tables from all schemas
list tables for all

# show all tables for a specific schema
list tables for schema <schemaname>

# get table structure
describe tables <tablename>.<schemaname>

# show shemas
select distinct tabschema from syscat.tables
## also, but i prefer the above for it's more terse output
select schemaname from syscat.schemata

# show users
select distinct owner from syscat.tables

In syscat.tables there is also other information you might want to know, it's like the counterpart of the mysql table in a mysql database of a mysqld installation, as far as I can tell. (The mysql table in database mysql in a mysql database management system installation is correct. If you do not get it, read up on your basics, seriously.)

export to .csv

Easiest this is done from a shellscript. Developing it may take some more time, but usually you will need it in the future again, and grepping through the shell's history ain't the way to go.

chmod 755

Open the file and edit it to look like this:

db2 connect to <databasename>
db2 "export to <filename>-$(date +%Y%m%d-%H.%M).csv of del modified by chardel\"\" coldel; decpt. select * from <databaseschemaname>.<tablename>"
db2 terminate

Read the above like export of sql-query, so the 'strange' syntax will make sense. The delimiter stuff is just sort of changing export settings.

I'd indent this like here, no idea if this makes sense to you:

        modified by
            chardelimiter '""'
            columndelimiter ';'
            decimalpoint '.'

I honestly do not know for sure if the terminate at the end is neccessary, but it does not hurt either, I guess. (Always close your resources if you do not need them anymore...) Since this is intended to be used as a cronjob, testing this without the conn reset is not an option since the system I am working on is produktive, and I sure as hell do not want to shoot it down some time in the future due to too many database connections. (When I have forgotten about the cron already, of course, or a colleague of mine will have to hunt it down without knowing anything about the changes.) There are quite a lot connections to the DB already, so troubleshooting this one-connection-at-a-time is also... NOT an option. :)

Redirect the commands output to /dev/null in case you want this as a cron job.

That should be about enough to start working with a db2 install you do not know much about. :)

ESXI: allow IP in firewall via CLI

posted on 2015-03-15 00:55:23

This is some from a while ago, I just found the pen and paper notes. Beware, there may be errors in here. There may be errors in here.

The settings go in here:

vim /etc/vmware/esx.conf

Look for an entry like:

# x here is just a number, increment to the highest one not present yet

Save and exit.

The next part was not neccessarily in this order:

I needed start, to restart all daemons (since I didn't know which one was exactly needed) and restart the firewall:

esxcli network firewall unload
esxcli network firewall load
esxcli network firewall refresh

Have Fun.

S.M.A.R.T.: Monitoring

posted on 2015-03-10 02:44:23

Being able to access the S.M.A.R.T. status, give you a better overview on the health of your hardware.

That way you can change failing hardware before it ultimately fails, and prevents it from causing even more havoc.


# rhel-based
yum install -y smartmontools
# debian-based
aptitude install -y smartmontools


smartctl -a /dev/sda

This gives you all info on the disk. In case you need something more specific, use man smartctl. There is a lot more info than here.

If you have ever had the case of two failing disks on a six-disc raid10 array, you might get the idea why this could help you, and why you should include a check into your nagios / icinga / whatever monitoring. ;)

If your HDD's are of same age, a rebuild of the new disk could due to it's hard work nature (lot of r/w operations) make another disk fail. As Harddisks are usually of the same age when a disk replacement occurs the first time in that system, this case is more likely than you would like.

irssi: with blowfish encryption

posted on 2015-03-10 00:50:46

To get a working irssi install, easiest approach is to build both irssi and the fish from source. (Installing irssi via package manager, and building the fish from this github code with the irssi github code will likely cause a segfault. I know it did for me.)


Remove any prior irssi installs. You can leave your config where it is, though.

Fish needs the openssl-devel package.

get code

mkdir src
cd src  
git clone -v --progress
git clone -v --progress

build and install irssi

/usr was chosen for install for both applications.

cd ~/src/irssi
./ --prefix=/usr
sudo make install

build the fish

cd ~/src/FiSH-irssi
./configure --with-irssi=~/src/irssi --prefix=/usr
sudo make install

Now irssi and the fish module should be installed. Read the info it gives you afterwards, it tells you where the will be installed.

For me it was at /usr/lib/irssi/modules/

make it startup automatically

echo "load /usr/lib/irssi/modules/" >> ~/.irrsi/startup

use it

Once irrsi starts without problems:

/keyx <nick>

<nick> is not your own nick of course, but the person you want to chat with. ;)

ssh for remote backups

posted on 2015-03-09 12:32:56

To backup a system's file, usually you employ scp. This is fine, as long as you want to backup only regular files.

If you want to backup non-regular files, this won't work and you will need ssh.


tar cvJ <folder> | ssh -T -c blowfish -e none <user>@<host> "cat > /backup.tar."

Here are some hacks contained within:

  1. -T to prevent allocation of a pseudo-terminal so redirection works
  2. -cblowfish to not use 3DES encryption, which is faster
  3. -enone so no escape sequence is used. That way the transfer can not kill the connection if <escapesequence>. is found. (Usually it is this one: ~.)

If this stuff is not done, your transfer may or may not work.

Thanks to Jan Engelhardt of for this gem.

linux: force fsck on reboot

posted on 2015-03-09 02:03:13

To force a file system check after rebooting now:

shutdown -rF now

To force a file system check on next reboot:

sudo touch /forcefsck

iptables: definitive basics

posted on 2015-03-07 16:12:02


Most of this is from the manpage anyway (man iptables), this write-up is simply aimed at getting the topic better into my head.

iptables and alternatives

iptables is the basic firewall solution on all linux-systems. (To be exact, it is the frontend for the netfilter part in the kernel, but you do not need to know that.) ipchains does also exist, but you can only choose one of both, so do yourself a favour and use the former. ipchains can also only do stateless firewalling, where each packet is looked at independently. Opposed to this is stateful firewalling which iptables can do. Stateful packet inspection, or dynamic packet inspection can also do work based on connection states, see next part on some more explanations.

Discussing anything besides iptables currently is more or less moot:

  • 2.4.x kernels and above run iptables
  • 2.2.x kernels run ipchains
  • 2.0.x kernels run ipfwadm.

This will change with nftables, which should arrive with kernel 3.13 AFAIK. By then another posting like this one will become necessary, I fear. :)

connection states

iptables can switch packets by ip data, as well as connection (stream) states. 'connection', 'connection stream' and 'stream' are synonyms in the following. Easiest these are explained with parts of TCP's three-way handshake, but keep in mind there is also UDP and ICMP. See here.

    the first packet of a connection stream, i.e. a SYN packet
    stream is classified as NEW
    a connection was initiated through a SYN packet
    SYN/ACK'd through a second packet in reverse
    then all following packets of this stream are of this state
    if an already ESTABLISHED connection stream spawns a new connection
    the new connection will be RELATED
    example is FTP's data channel set up by an ESTABLISHED control channel
    packets having no state and being unidentifiable
    packets marked with the raw's table NOTRACK target show up as UNTRACKED
    i.e. for traffic on port 80 of a highly frequented webserver, to save resources.
    Sidenote: 'related' streams cannot be tracked either!


If you have absolutely no idea on how to build an iptables FW by yourself, try fwbuilder, which is a GUI where you enter your rules. The result can be compiled afterwards into an iptables script. Do not forget to install the fwbuilder-ipt package, too, which you need to compile the iptables rules. There does also a backend exist, to create a pf FW script, along with others.

iptables system structure

There exist three building blocks:

  1. tables
  2. chains
  3. rules

Each table contains a set of chains, where each chain is an assortment of rules. The chains are parsed rule after rule, if no rule matches the default policy will be applied. If all rules are parsed or not, depends on rule design.

The basic tables are filter, nat and mangle. There also exist raw and secure. Usually you can forget everything besides filter (which is the default table, if you choose none it will be used) and maybe nat sometimes.

The mangle tables is interesting for marking packets and rule-based routing, to implement traffic engineering for QoS. If you have no idea what this is about, leave that stuff alone. :)

default tables and chains, ordering

Here's a list of all tables with all default chains along with an explanation which chain will be active on which packets.

filter = default table
    INPUT - packets destined locally
    FORWARD - routed packets
    OUTPUT - packets with external destination

nat = looked up when packets initiate a new connection
    PREROUTING - alters packets ASAP at arrival
    OUTPUT - alter locally generated packets before routing
    POSTROUTING - alter packets just before they go out

mangle = packet alteration 
    INPUT - alter incoming packets
    PREROUTING - alter incoming packets before routing
    OUTPUT- alter locally generated packets before routing
    FORWARD - packets being routed through the box
    POSTROUTING - alter packet after routing applied

raw = add exemptions from connection tracking, table looked up prior to anything else
    PREROUTING - all packets arriving on all interfaces
    OUTPUT - packets generated by local addresses

security = MAC networking rules, selinux stuff, called after filter table
    INPUT - incoming packetsj
    OUTPUT - alter locally generated packets before routing
    FORWARD - alter packets routed through the box

If this is rocket science, you can try the wikipedia graph here.

default commands / flags

These are to be used as presented in order here.

select your table

# omitting means implicit '-t filter'
-t <table>
    specify table

day-to-day commands

-L [<chain>]
    LIST chains + rules for current table

-S [<chain>]
    SHOW rules' code being active for current table

-I <chain> [<rulenumber>] <rule>
    INSERT rule at rulenum, prepend if no rulenum given

-A <chain> <rule>
    APPEND rule to given table
    (most often -I is needed, as append rules often don't even get hit)

-D <chain> <rule>|<rulenumber>
    DELETE rule for current table and given chain
    (--line-numbers for lookup helps a lot here)

-Z [<chain> [<rulenumber>]]
    ZERO packet counts

Lesser used:

-R <chain> <rulenumber> <rule>
    REPLACE command at line <rulenumber> (remember --line-numbers?)

cleanup commands

These are needed, in this order, to create a new, clean layout:

    FLUSH all rules
    delete all chains (flush previously!)
    set default POLICY (DROP? REJECT? ACCEPT?)
    create a NEW user-defined chain

After FLUSHING, deleting and setting INPUT and OUTPUT to default POLICY -j ACCEPT, you have effectively deactivated iptables.

parameters for rule creation

Here a lot could be written, but that is better left for googling. Be it on the -p, -s, -d flags, all you need is the internet.

However there is not a lot to be found on the -m documentation or which modules are present at a system at all.

To get some sort of overview what can be done with the netfilter modules being present on your linux system:

for i in /lib/modules/$(uname -r)/kernel/net/netfilter/*; do echo "\e[33;1m$(basename "$i")\e[0m"; strings "$i" | \grep -e description -e depends| sed -e 's/Xtables: //g' -e 's/=/: /g' -e 's/depends=/depends on: /g'; echo; done

That is ugly, but worth a look.

Further, if you wonder if a specific module / match / -m flag is possible on your system, try this:

iptables -m <modulename> --help

I.e. limit is present, as can be seen at the end of the help output:

[sjas@nb ~]$ iptables -m limit --help
iptables v1.4.21

Usage: iptables -[ACD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)



[!] --version   -V              print package version.

limit match options:
--limit avg                     max average match rate: default 3/hour
                                [Packets per second unless followed by 
                                /sec /minute /hour /day postfixes]
--limit-burst number            number to match in a burst, default 5
[sjas@nb ~]$ 

Whereas iplimit is not:

[sjas@nb ~]$ iptables -m iplimit --help
iptables v1.4.21: Couldn't load match `iplimit':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
[sjas@nb ~]$ 

That way you also get an easy overview on how to use a module in question, since info on the -m flags is basically non-existant on the iptables man page.

actions on packets

What happens to a packet is chosen through these:

-j <target>
    move packet to chain which is specified as JUMP target
    or use ACCEPT, DROP or REJECT targets
    RETURN used in a built-in chain tells that the chain policy decides the packet fate
    RETURN used in a user-defined chain tells to proceed in the superior chain with the next rule
    (after the one which let us jump into this user-defined chain in the first place)

-g <chain>
    if a packet is RETURNed from the GOTO chain accessed via -g, it will jump to the last chain before accessed with -j
    if you end up in a built-in chain, and no rule can be found, the default policy will hit

    if no action is specified, the rule is still nice to have for debugging: (and 'watch'-ing iptables output)
    although nothing happens, the packet counter is active, showing you if it matches or not

additional parameters

    show rulenumbers in first column, helps when using -D
    verbose mode
    numeric mode: ip's/ports are shown without DNS or service resolution
    exact numbers, means no kilo or mega sizes

These can also be specified i.e. -L -vnx.

Or -vnxL.

a working example

A sample configuration with some sane defaults can be found here now. I have also included colored/noncolored output and a watch shortcut for checking chains for activity easily.

Place the following into /etc/init.d/firewall, if you do not use systemd.

## Provides:          firewall
## Required-Start:    mountall
## Required-Stop:
## Default-Start:     2 3 4 5
## Default-Stop:      0 1 6
## Short-Description: start firewall
#### required packages: libnetfilter-conntrack3 libnfnetlink0
## /etc/sysctl.d/iptables.conntrack.accounting.conf
## -> net.netfilter.nf_conntrack_acct=1

# aliasing
IPTABLES=$(which iptables)
# set IF to work on

# load kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

case "$1" in

        echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
        echo 0 > /proc/sys/net/ipv4/tcp_ecn

        echo -n "Starting stateful paket inspection firewall... "

        # delete/flush old/existing chains
        $IPTABLES -F
        # delete undefined chains
        $IPTABLES -X

        # create default chains

        # create log-drop chain

        # set default chain-actions, accept all outgoing traffic per default

        # make NAT Pinning impossible
        $IPTABLES -A INPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p udp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --sport 6667 -j LOGDROP

        # drop invalids
        $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j LOGDROP

        # allow NTP and established connections
        $IPTABLES -A INPUT -p udp --dport 123 -j ACCEPT
        $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A INPUT -i lo -j ACCEPT

        # pings are allowed
        $IPTABLES -A INPUT -p icmp --icmp-type 8 -m conntrack --state NEW -j ACCEPT

        # drop not routable networks
        $IPTABLES -A INPUT -i $I -s -j LOGDROP
        $IPTABLES -A INPUT -i $I -s -j LOGDROP
        $IPTABLES -A INPUT -i $I -s -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s -j LOGDROP
        $IPTABLES -A INPUT -s  ! -i lo -j LOGDROP


        ## SSH
        $IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT

        ## HTTPD
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPT

        ## OVPN
        #$IPTABLES -A INPUT -i $I -p udp -m conntrack --ctstate NEW --dport 1194 -j ACCEPT

        ## MySQL
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 3306 -j ACCEPT

        # Portscanner will be blocked for 15 minutes
        $IPTABLES -A INPUT  -m recent --name psc --update --seconds 900 -j LOGDROP

        # only use when ports not available from the internet
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 1433  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 3306  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 8086  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 10000 -m recent --name psc --set -j LOGDROP

        ### drop ms specific WITHOUT LOGGING - because: else too much logging
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 137:139 -j DROP
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 67:68 -j DROP

        # log packets to be dropped and drop them afterwards
        $IPTABLES -A LOGDROP -j LOG --log-level 4 --log-prefix "dropped:"

        echo "Done."

        echo -n "Stopping stateful paket inspection firewall... "
        /etc/init.d/fail2ban stop
        # flush
        $IPTABLES -F
        # delete
        $IPTABLES -X
        # set default to accept all incoming and outgoing traffic
        echo "Done."

        echo -n "Restarting stateful paket inspection firewall... "
        echo -n
        /etc/init.d/firewall stop
        /etc/init.d/firewall start
        /etc/init.d/fail2ban start

        $IPTABLES -L -vnx --line-numbers | \
        sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | \
        sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | \
        sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | \
        sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| \
        sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[37;1m&\033[0m")/g'' | \
        sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | \
        sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''

        if [ -n "$2" ]
            then $(which watch) -n1 -d $IPTABLES -vnxL "$2" --line-numbers
            else $(which watch) -n1 -d $IPTABLES -vnxL --line-numbers; fi

        echo "Usage: $0 {start|stop|status|monitor [<chain>]|restart}"
        exit 1


exit 0

See the services section on how to enable things like enabling HTTP traffic, just uncomment the lines in question.

The colors only work for IPv4 currently.

irssi: a proper introduction

posted on 2015-03-06 22:45:39


switching windows

c-n     next window
c-p     prev window
m-1..0  first / second / ... window

m- here means 'meta', or simply said, the 'alt' key.



m means meta, which is usually your alt key.

basic commands

    connects to freenode irc network
/j <channel>
    join <channel>
/m <nick> <message>
    privately messaging
    show users in channel
/topic [<newtopic>]
    show topic, or change to a new one
/q <nick>
    opens a query with <nick>
/away <message>
    set your away message
    window closing
/bye /quit
    close irssi

These should be the bare minimum to get by.

If you want to know more on the shortcuts without having to struggle with 'damned good' (i.e. NOT) documentation, just have a quick look at the alias section in ~/.irssi/config. There is no easier way.


There are a lot of tutorials and descriptions on how to do that from with irssi. No comment on that besides that I do not like that approach.

Here's my settings part of ~/.irrsi/config:

settings = {
  core = { real_name = "JL"; user_name = "sjas"; nick = "sjas"; };
  "fe-text" = { actlist_sort = "refnum"; };
  "irc/core" = { alternate_nick = "sjas``"; };
  "fe-common/core" = {
    autoclose_windows = "no";
    print_active_channel = "yes";
    autolog = "yes";
    autolog_level = "ALL";
    autolog_path = "~/.irclogs/%Y/$tag/$0.%m-%d.log";

At the core line above, you could add another option, so IPv6 Servers are preferred: (Don't forget the semicolon, if you add it at the end.)

resolve_prefer_ipv6 = "ON"


Thou shalt encrypt thee communication.

fish install

(The whole process is documented in more depth here.)

Download from github:

git clone -v --progress

Build it. (make might help? Just see install documentation on github.)

Afterwards link your irssi with the freshly compiled lib.

Create ~/.irssi/startup and put this in it:

load /usr/local/lib/irssi/modules/

Try the following, if the path doesn't work: (irssi will tell you in status window on start)


to find the path, otherwise if you cannot be bothered to install locate / mlocate / whatever, use brute force:

find / -iname

Depending on the location of your lib, fix the path above in the startup file.

fish usage

To have encrypted queries:

/keyx <nick-of-partner>

To have channel encryption:

/setkey <channelkey>

<channelkey> is the key all members agreed to use. Don't exchange him in plain sight. Use encrypted queries instead.

sshd: show ssh logins and fails

posted on 2015-03-05 11:13:00


To show all successful login attempts on a debian-based system:

cat /var/log/secure | grep 'sshd.*opened'

Same for RHEL:

cat /var/log/auth.log | grep 'sshd.*opened'



cat /var/log/auth.log | grep 'sshd.*Invalid'


cat /var/log/secure | grep 'sshd.*Invalid'

nmap: examples

posted on 2015-03-05 11:08:48

Here is a list of nmap examples which I intend to have a much closer look at (with the manpage right beside me). It was stolen from here:

# Save output to a text file
nmap > output.txt
nmap -oN output.txt

# Scan a single ip address or hostname
nmap <ip or hostname>

# Scan an IP range and exclude ips
nmap --exclude,

# OS and version detection scanning
nmap -v -A

# Discover if a host/network is protected by a firewall
nmap -sA

# Scan a host when protected by the firewall
nmap -PN

# Scan an IPv6 host/address
nmap -6 <IPv6 address>

# Scan a network and discover which servers and devices are up and running
nmap -sP

# Fast scan
nmap -F

# Display the reason a port is in a particular state
nmap --reason

# Only show open (or possibly open) ports
nmap --open

# Show all packets sent and received
nmap --packet-trace

# Show host interfaces and routes
nmap --iflist

# Scan TCP port 80
nmap -p T:80

# Scan UDP port 53
nmap -p U:53

# Scan top ports i.e. scan <number> of most common ports
nmap --top-ports 5

# Fastest method of scanning all your devices/computers for open ports
nmap -T5

# Identify a remote host apps and OS
nmap -O  --osscan-guess

# Detect remote services (server / daemon) version numbers
nmap -sV

# Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS

# Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PA

# Scan a host using IP protocol ping
nmap -PO

# Scan a host using UDP ping, bypasses firewalls and filters that only screen TCP
nmap -PU

# Stealth scan
nmap -sS

# Discover the most commonly used TCP ports using, TCP connect scan (not stealth scan)
nmap -sT

# Discover the most commonly used TCP ports using TCP ACK scan
nmap -sA

# Discover the most commonly used TCP ports using TCP Window scan
nmap -sW

# Discover the most commonly used TCP ports using TCP Maimon scan
nmap -sM

# Discover UDP services:
nmap -sU

# Scan for IP protocol
nmap -sO

# TCP Null Scan to fool a firewall to generate a response, Does not set any bits (TCP flag header is 0)
nmap -sN

# TCP Fin scan to check firewall, Sets just the TCP FIN bit
nmap -sF

# TCP Xmas scan to check firewall, Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree
nmap -sX

# Scan a firewall with packet fragments to make it harder for packet filters, intrusion detection systems to detect what you are doing
nmap -f
# Set your own offset size
nmap --mtu 32

# Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip

# Spoof your MAC address
nmap --spoof-mac MAC-ADDRESS-HERE
# Add other options
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE

# Use a random MAC address
nmap -v -sT -PN --spoof-mac 0

mysql: output layout

posted on 2015-03-04 17:51:07

For big mysql tables with a lot of columns, the regular screen output is kind of hard to read at times.

Regularily you call queries like this:

select * from <tablename>;

There are several ways to fix this:

Within the client:

select * from <tablename>\G

At client startup:

## always use alternative output
mysql --vertical

## choose output depending on console width
mysql --auto-vertical-output

How does this look?


mysql> show tables;
| Tables_in_mysql           |
| columns_priv              |
| db                        |
| event                     |
| func                      |
| general_log               |
| help_category             |
| help_keyword              |
| help_relation             |
| help_topic                |
| host                      |
| ndb_binlog_index          |
| plugin                    |
| proc                      |
| procs_priv                |
| proxies_priv              |
| servers                   |
| slow_log                  |
| tables_priv               |
| time_zone                 |
| time_zone_leap_second     |
| time_zone_name            |
| time_zone_transition      |
| time_zone_transition_type |
| user                      |
24 rows in set (0.00 sec)


mysql> show tables\G
*************************** 1. row ***************************
Tables_in_mysql: columns_priv
*************************** 2. row ***************************
Tables_in_mysql: db
*************************** 3. row ***************************
Tables_in_mysql: event
*************************** 4. row ***************************
Tables_in_mysql: func
*************************** 5. row ***************************
Tables_in_mysql: general_log
*************************** 6. row ***************************
Tables_in_mysql: help_category
*************************** 7. row ***************************
Tables_in_mysql: help_keyword
*************************** 8. row ***************************
Tables_in_mysql: help_relation
*************************** 9. row ***************************
Tables_in_mysql: help_topic
*************************** 10. row ***************************
Tables_in_mysql: host
*************************** 11. row ***************************
Tables_in_mysql: ndb_binlog_index
*************************** 12. row ***************************
Tables_in_mysql: plugin
*************************** 13. row ***************************
Tables_in_mysql: proc
*************************** 14. row ***************************
Tables_in_mysql: procs_priv
*************************** 15. row ***************************
Tables_in_mysql: proxies_priv
*************************** 16. row ***************************
Tables_in_mysql: servers
*************************** 17. row ***************************
Tables_in_mysql: slow_log
*************************** 18. row ***************************
Tables_in_mysql: tables_priv
*************************** 19. row ***************************
Tables_in_mysql: time_zone
*************************** 20. row ***************************
Tables_in_mysql: time_zone_leap_second
*************************** 21. row ***************************
Tables_in_mysql: time_zone_name
*************************** 22. row ***************************
Tables_in_mysql: time_zone_transition
*************************** 23. row ***************************
Tables_in_mysql: time_zone_transition_type
*************************** 24. row ***************************
Tables_in_mysql: user
24 rows in set (0.00 sec)

Linux: 'top' explained

posted on 2015-03-04 12:54:59

To get a fast overview on what is running on your linux box, use top. (If you want some fancy graphics, try htop, but it has less intuitive shortcuts and is not always installed.)

Sad thing is, at first you don't really know what you are doing. So some guidance:

start and sane defaults

After starting top, press: z, x, c. This will color top (z), show current sort column (x) and the full application path (c).

1 will show stats for all individual cpus.

If you have no idea, use h for getting the help shown.

If you have a newer version of top, V will also work:
This gives you a nice process-tree view.

d changes the update delay, which is at three seconds per default.

cpu stats explained

Straight from the manpage, the CPU statistics show the times spent in:

us = user mode
sy = system mode
ni = low priority user mode (nice)
id = idle task
wa = I/O waiting
hi = servicing IRQs
si = servicing soft IRQs
st = steal (time given to other DomU instances)

If you have low cpu and ram usage but the system is unresponsive, have a look at the wait times.

sorting and searching

Changing the sort column can be done via < and >.

Also available: (not shown in help)

N sort by PID
P sort by CPU usage
M sort by memory usage
T sort by time

R will reverse the output.

u to choose user name, show only this user's processes.

S for cululative time toggling.


f will toggle a window in which you can choose the info fields to be shown. Pressing the character will toggle its state. (Shown or not shown.)

o also opens a window, in there you can reorder the columns. Press the character of the column you want to move, depending on it being upper- or lowercase it gets moved up and down.

manipulate tasks

These should be self-explanatory:

k kill task

r renice task

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas