Posts from 2015-12

linux: show all cronjob files' contents

posted on 2015-12-31 11:50:22

Why didn't I think of that earlier???

for i in $(find /etc/cron*); do echo $'\e[33;1m'$i$'\e[0m'; cat $i; done | less -R

Or, if in doubt and you suspect evil doings happening:

for i in /var/spool/cron/* $(find /etc/cron*/); do echo $'\e[33;1m'$i$'\e[0m'; cat $i; done | less -R

freebsd: static bash

posted on 2015-12-29 07:43:55

To get a static bash executable which is always available, try this:

make -C /usr/ports/shells/bash -D WITH_STATIC_BASH -DWITHOUT_NLS PREFIX=/ install

openwrt snippets

posted on 2015-12-29 06:24:03

From here I just stole all these for further reference:

# generate 100% load
cat /dev/urandom | gzip > /dev/null

# cmdline arguments
cat /proc/<PID>/cmdline

# show available entrophy
echo " Entropy:" $(cat /proc/sys/kernel/random/entropy_avail)/$(cat /proc/sys/kernel/random/poolsize)

rs232: vim not working over serial connection

posted on 2015-12-27 19:08:50

After having dd'd a fbsd image onto a micro sd card, attaching a monitor to the pi's hdmi port I could see... nothing. (On a sidenote: Go to the raspbsd site [here])http://raspbsd.org/) for a proper bsd image that works in a rbpi 2 B, none of the official images work. These are done by fbsd committer brd@)

Then some googling followed, discerning wether the hdmi-dvi adapter, the dvi-vga adapter or the kvm switch were responsible for that.

Result was, the HDMI port needs to be enabled. But by compiling the option into your OS image. (Ok, lets just skip that then...)

Since accessing the freebsd installation directly from the sd card was not a feasible solution, I hooked a UART / RS232 to USB adapter onto the rbpi pins. When wanting to edit the needed config files via vi, I could not see anything from the editor window.

Problem was, the TERM environment variable needs to be set properly.

Instead of TERM=dialup or something, set it to vt100.

In bash:

export TERM=vt100

In csh:

setenv TERM vt100

Mailing lists do help, but you need to read properly... found this answer here.

LXDE: shortcuts

posted on 2015-12-15 15:32

To set shortcuts for a user in your LXDE environment:

Edit /home/<user>/.config/openbox/lxde-rc.xml:

<keyboard>

...

  <keybind key="W-r">
      <action name="Execute">
    <command>lxterminal</command>
      </action>
  </keybind>

...

<keyboard>

You simply need a keybind section within the keyboard section like the one above. The example above will open an lxterminal upon pressing win-r.

pfsense: iphone ipsec roadwarrior configuration

posted on 2015-12-13 16:47:01

Since this took me a while, but this took me a while, here is an incomplete write-up. (...) If the stars are lucky I will eventually get around to finish this properly.

software versions

  • PFSense 2.2.5
  • IOS 9.2

ios settings for phase 1 + 2

This is straight from the pfsense logs:

# phase 1
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

# phase 2
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, 
ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ, 
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, 
ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, 
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ

which translates to these alternatives for each phase:

# phase 1 (you should choose the second one :))
enc: aes cbc 128bit
hash: sha1
dh: 1024bit / group 2

enc: aes cbc 256bit
hash sha256
dh: 1536bit / group 3

enc: 3des cbc
hash: sha1
dh: 1024bit / group 2


# phase 2 (basically aes 256/128 / aes 128 / 3des with sha1 / md5, no PFS)
enc: aes cbc 256
hash: sha1

enc: aes cbc 256
hash: md5

enc: aes cbc 128
hash: sha1

enc: aes cbc 128
hash: md5

enc: 3des cbc
hash: sha1

enc: 3des cbc
hash: md5

According to apple documentation here PFS is possible, too.

networking: cut through vs. store and forward

posted on 2015-12-12 15:11:35

There are mainly two methods in how switches operate.

Either wait for a full ethernet frame to arrive, do checksumming (and dismiss the frame if it is borked) and then do the forwarding (or other decisions, depending on the switch's functions and configuration), which is called store & forward (duh).

Or just wait for like the first six bytes (in the past, at least) to arrive, to know where to pass the frame on to, without bothering to check the rest. Which is called cut through.

A lot of the functionalities of managed switches (ACL's, dynamic routes, policy-based routing, QoS) are not possible with that technique. Of course, broken frames could be sent on their way, too, when that is the switching method is the used one in your switch, but it is sure faster and provides higher throughput.

Lately i.e. Cisco use an evolved version of cut through, which waits for enough bytes (14 bytes without a 802.1Q / VLAN tag, 18 with one VLAN tag, 22 with double VLAN tagging, ...) so the EtherType of the frame can be discerned without doubt. So if a switch comes with specialized IP functions, and the EtherType identicates an encapsulated IP packet, the switch can keep on reading the frame's IP information and apply its logic and configuration. Whereas if the frame did not encapsulate IP traffic, the packet would then just be forwarded.

Some info on this stuff can be found here.

sudo: Restart tomcat with tomcat user

posted on 2015-12-11 08:14:40

Just put this into /etc/sudoers: (Thou shalt use visudo command!)

tomcat7 ALL=(ALL) NOPASSWD: /usr/bin/service tomcat7 restart

This of course assumes you have a user called tomcat7 which is responsible for running your tomcat installation. :)

How to compile OpenLieroX on Linux on Centos 7

posted on 2015-12-08 06:07:52

If you like worms but want real retro stuff, try 'liero'. A clone called 'openlieroX' even comes with network support.

Sadly its a bit unnerving to get it to run, so here are some guidelines:

  • download and from project page
  • extract
  • cd in root of extracted folder
  • comment out (just edit files) #include <curl/types.h> in ./src/common/HTTP.cpp and ./include/HTTP.h
  • cmake -D HAWKNL_BUILTIN=1 -D DEBUG=0 -D X11=1 -DBREAKPAD=Off ./
  • make -j4

That should be it, maybe you are missing some libraries, I don't know if I did. Maybe some -devel ones. if at all.

Here is the official documentation.

fritzbox: factory reset

posted on 2015-12-07 06:01:23

Factory resetting a fritzbox can either be done via the menu, if you can still log in. But in case you forgot your password and have to reset it, you have to use your phone:

#991*15901590*

If they had built a proper reset button into the box, it'd been way better. If I do not err somehow, theoretically you can practically brick your device with no chance of resetting it when you do not have phone configured.

In case you have a phone and it still does not work, consult the official documentation on potential corner cases.

linux: ipmitool

posted on 2015-12-04 20:17:00

This was tested on Debian 7.

install

apt install ipmitool -y
modprobe ipmi_si
modprobe ipmi_devintf

usage

For testing:

# locally
ipmitool -I open sdr elist all

# remote
#http
ipmitool -I lan -H <ip> -U <user> -P <PASSWORT> sdr elist all

#https
ipmitool -I lanplus -H <ip> -U <user> -P <PASSWORT> sdr elist all

troubleshooting

  • check ipmi ip
  • check netmask for your ipmi network
  • check gateway
  • ping should work, too, instead of using ipmitool for a reachability check

Debian: NIC bonding config

posted on 2015-12-02 22:14:55

Additionally to the bonding config, there is also a bridge setup, as this was for a proxmox setup.o

The needed packages:

apt-get install ifenslave bridge-utils

ifenslave is for bonding, bridge-utils for bridging.

The actual config: (replace the 10.0.0.x IP Stuff)

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# external bond
auto bond0
iface bond0 inet manual
    bond_mode 802.3ad
    bond_xmit_hash_policy layer2+3
        bond_lacp_rate fast

    slaves eth0 eth2
    bond_miimon 100
    bond_downdelay 200
    bond_updelay 200


# crosslink / internal bond
auto bond1
iface bond1 inet static
    address 192.168.100.2/24
    network 192.168.100.0
    broadcast 192.68.100.255

    slaves eth1 eth3
    bond_mode balance-rr
    bond_miimon 100
    bond_downdelay 200
    bond_updelay 200


# bridge extern
auto vmbr0
iface vmbr0 inet static
    address 10.0.0.2/24
    network 10.0.0.0
    broadcast 10.0.0.255
    gateway 10.0.0.1
    dns-nameservers 8.8.8.8

    bridge_ports bond0
    bridge_stp off
    bridge_fd 0

Juniper: bonding / LACP switchconfig

posted on 2015-12-01 08:28:56

This is a rough copy-paste howto, after having accessed the switch and having changed into configure mode via edit:

activate LACP

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast

create the virtual bonding interface aeX

set interfaces ae1 unit 0 description <SERVER-NAME>
set interfaces ae1 unit 0 family ethernet-switching vlan members <VLAN-NAME>

unset via delete first, else just map physical nic to virtual interface

# for port 14 / 15
set interfaces ge-0/0/14 ether-options 802.3ad ae1
set interfaces ge-0/0/15 ether-options 802.3ad ae1

This assumes that the only existing ae / "aggregated ethernet" interface was ae0 prior. Thus ae1 was chosen.

amount of aggregated devices

Check how many are already configured:

admin@switch-01# show chassis 
aggregated-devices {
    ethernet {
        device-count 1;
    }
}
alarm {
    management-ethernet {
        link-down ignore;
    }
}
auto-image-upgrade;

{master:0}[edit]
admin@switch-01#

There you can see that only one ae interface existed prior.

Increase this counter:

set chassis aggregated-devices ethernet device-count 2

This should be everything, commit and-quit and your config is live.

Don't forget to put the VLAN onto your uplink (ae0?) interface, too, so it can get handed to your core.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh


Unless otherwise credited all material Creative Commons License by sjas