1. No category

dok Documentation
Release 1.0
Ignas
January 13, 2015
Contents
1
Android
1.1 cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
Linux
2.1 ansible . . .
2.2 avamar . . .
2.3 awesant . . .
2.4 beaver . . . .
2.5 btrfs . . . . .
2.6 clustering . .
2.7 elasticsearch
2.8 freeipa . . .
2.9 gollum . . .
2.10 ipmitool . . .
2.11 iscsi . . . . .
2.12 kernel panic
2.13 kvm . . . . .
2.14 logstash . . .
2.15 luks . . . . .
2.16 lumberjack .
2.17 metasploit .
2.18 multiboot . .
2.19 multicast . .
2.20 mysql . . . .
2.21 nfs . . . . .
2.22 opennebulla .
2.23 openssl . . .
2.24 pandoc . . .
2.25 partitioning .
2.26 puppet . . .
2.27 rbenv . . . .
2.28 ruby-build .
2.29 rpm . . . . .
2.30 rsyslog . . .
2.31 salt . . . . .
2.32 SELinux . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3
3
3
3
5
5
5
6
6
6
7
8
8
8
9
9
9
11
11
11
12
12
13
15
17
18
19
20
20
20
21
21
22
22
22
22
24
i
2.33
2.34
2.35
2.36
2.37
2.38
.
.
.
.
.
.
28
29
29
29
29
29
3
Networking
3.1 h3c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3 mikrotik . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
31
31
32
32
4
Programming
4.1 bash . . . . .
4.2 bash snippets
4.3 c . . . . . .
4.4 git . . . . . .
4.5 gitlab . . . .
4.6 ruby . . . . .
4.7 symfony . .
4.8 valgrind . . .
.
.
.
.
.
.
.
.
33
33
33
33
33
34
35
35
35
Solaris
5.1 SmartOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 zfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
37
37
5
ii
sssd . . .
sysloggen
tcpdump
ubuntu .
varnish .
vim . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
dok Documentation, Release 1.0
Contents:
Contents
1
dok Documentation, Release 1.0
2
Contents
CHAPTER 1
Android
1.1 cm
Installing video: https://www.youtube.com/watch?v=SpHZ2n9lTcs
1.2 encryption
Change crypt pw: http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html
1.2.1 encrypting
1. unrooted
2. encrypt
3. root
4. vdc cryptfs changepw YOURBOOTPASSWORD (will not be able to unlock! don not use this!)
1.2.2 apps
Chats:
• threema
• myenigma
1.3 root
saferoot: http://forum.xda-developers.com/showthread.php?t=2565758
3
dok Documentation, Release 1.0
4
Chapter 1. Android
CHAPTER 2
Linux
2.1 ansible
2.1.1 Configuring hosts
File /etc/ansible/hosts
ansible vu-prod -m ping ansible “~(host1|host2)” -m ping
2.1.2 ssh-agent
ssh-agent bash ssh-add -t 8h ~/.ssh/id_my
List all current keys:
ssh-add -l
Delete all current keys:
ssh-add -D
2.1.3 Commands
Safe, one cmd, uses command module:
ansible all -a “/bin/echo hello”
Multiple cmds, uses shell module. Attention to quoting:
ansible all -m shell -a ‘/usr/sbin/sestatus | grep status’
Sudo command:
ansible vu -a ‘find /etc/sudoers.d -type f’ –sudo
2.2 avamar
2.2.1 users
root (ava), admin, dpn.
5
dok Documentation, Release 1.0
2.2.2 cli tools
Capacity planning and info:
admin@testgrid01:~/ija/>: ./capacity.sh
2.2.3 mccli
2.2.4 avtar
avtar --backups --noinformationals --id=${AVUSER}@/${AVDOMAIN} --password=${AVPASS} --path=/${AVDOMAI
2.3 awesant
git: https://github.com/bloonix/awesant
2.4 beaver
Log shipper.
git: https://github.com/josegonzalez/beaver
Docs: http://beaver.readthedocs.org/en/latest/user/usage.html
Latest v docs: http://beaver.readthedocs.org/en/latest/
2.5 btrfs
Use ZFS on Linux instead!
http://www.funtoo.org/BTRFS_Fun
2.5.1 Install
# yum install btrfs-progs
Jeigu kuriam is vieno disko:
# mkfs.btrfs -m single /dev/sdb
# mount -o compress=zlib
compress=zlib - Better compression ratio. It is the default and safe for olders kernels. compress=lzo - Faster compressions, newer kernels.
2.5.2 Info
# btrfs filesystem show
# btrfs filesystem df
6
Chapter 2. Linux
dok Documentation, Release 1.0
2.5.3 Test A
10x 300mb
be comp
real
user
sys
1m57.278s
0m0.044s
0m5.639s
Jei testuojame su loop, ir norime daryti masyva is keliu failu, reikia daryti kitaip:
Create and mount a filesystem made of several disk images
#
#
#
#
#
mkfs.btrfs img0 img1 img2
losetup /dev/loop0 img0
losetup /dev/loop1 img1
losetup /dev/loop2 img2
mount /dev/loop0 /mnt/btrfs
2.6 clustering
Cluster is split into two components; cluster communication managed by cman and resource management provided by
rgmanager.
2.6.1 tools
cman_tool nodes
ccs_config_validate
cman_tool version
cman_tool version -r
clustat
List DLM lockspaces:
dlm_tool ls
Fence status tikrinimas, kai cman veikia:
fence_check
2.6.2 managing a cluster
clusvcadm
clusvcadm
clusvcadm
clusvcadm
clusvcadm
-e
-d
-e
-d
-M
<service> -m <node>
<service>
vm:vm01-win2008 -m an-c05n01.alteeve.ca :: start (enable) a vm
vm:vm01-win2008 :: shutdown (disable) a vm
vm:vm01-win2008 -m an-c05n02.alteeve.ca :: live migrate a vm
2.6.3 Rebooting a cluster node
• Stop rgmanager, cman on every node that is to be restarted (mind the quorum).
• Reboot.
2.6. clustering
7
dok Documentation, Release 1.0
• Start cman, rgmanager.
2.6.4 clvm
Start only when cman is running and cluster is healthy.
2.6.5 links
https://alteeve.ca/w/AN!Cluster_Tutorial_2
2.7 elasticsearch
2.7.1 status
curl
curl
curl
curl
-XGET ’http://localhost:9200/_cluster/health?pretty=true’
-XGET ’http://localhost:9200/_status?pretty=1’
-XGET localhost:9200/_stats?pretty=true
http://localhost:9200/_aliases?pretty=1
2.8 freeipa
2.8.1 administration
klist show active tickets.
kinit admin get admin ticket. Needed for freeipa administration.
2.8.2 installation
http://sgros.blogspot.com/2012/06/installing-freeipa-on-minimal-centos.html
2.9 gollum
Gollum repo ir instaliavimas: https://github.com/gollum/gollum
How to install: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/
Tools: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/
Jeigu OS naudojamas ruby >= 2, reikia instaliuotis ruby 1.9.3 (gollum patarimas). Instaliuojam rbenv (redaguoti
bashrc). cd i git repo ir
$ rbenv local paskutine_ruby_versija
# sudo yum install ruby-devel
# sudo gem install gollum
# sudo yum install ruby-devel
# sudo gem install gollum
8
Chapter 2. Linux
dok Documentation, Release 1.0
2.10 ipmitool
$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power status
$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power on
2.11 iscsi
2.11.1 discovery
iscsiadm -m discovery -t sendtargets -p 10.10.20.3 show LUNs on target
2.11.2 creating targets
/etc/tgt/targets.conf
service tgtd restart
2.11.3 updating targets
tgt-admin --update ALL --force to update your all your targets, incl. active ones (—force)
tgt-admin --update --tid=1 --force For updating Target ID 1
initiator side
iscsiadm -m session -r $SID --rescan
you get the SID from iscsiadm -m session (it is the value in the []) or if you do iscsiadm -m session -P 3 you can see
which session lines with with which lun. Or
iscsiadm -m node -T target --rescan
or you can just take the lazy way and do
iscsiadm -m session --rescan
iscsiadm -m node -R only adds, does not delete
2.11.4 info
tgt-admin --show
tgt-admin --dump dump konfig
2.12 kernel panic
Causing a kernel panic on CentOS6:
# echo c > /proc/sysrq-trigger
May be needed:
2.10. ipmitool
9
dok Documentation, Release 1.0
echo 1 > /proc/sys/kernel/sysrq
2.12.1 configuring kdump on CentOS6
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/chkdump.html
# yum install kexec-tools
Add to ‘/boot/grub/grub.conf’ kernel line:
crashkernel=auto
if host has more than 2GB RAM, or
crashkernel=128M
if host has less than that.
Saving place is configurable, default is ‘/var/crash/’.
# chkconfig kdump on
# reboot
2.12.2 analyzing crash dump with crash
2.12.3 installing kernel-debuginfo
http://serverfault.com/questions/527525/centos-server-rebooted-unexpectedly-and-im-unable-to-process-crash-filewhat-a/527553#527553
# yum clean all
# yum install crash
# versija=‘uname -r‘
Pries ‘y’ patikrinam ar ta versija ir ar ne koks nors centos-plus paketas:
# yum --enablerepo=debug install kernel-debuginfo-$versija
2.12.4 using crash
Kernel cersions must be the same:
# crash /var/crash/timestamp/vmcore /usr/lib/debug/lib/modules/kernel/vmlinux
>
>
>
>
>
>
help [cmd]
log
bt
ps
vm [pid]
files [pid]
kdump.conf(5) — a manual page for the /etc/kdump.conf configuration file containing the full documentation of
available options.
makedumpfile(8) — a manual page for the makedumpfile core collector.
10
Chapter 2. Linux
dok Documentation, Release 1.0
kexec(8) — a manual page for kexec.
crash(8) — a manual page for the crash utility.
/usr/share/doc/kexec-tools-version/kexec-kdump-howto.txt — an overview of the kdump and kexec installation and
usage.
2.13 kvm
2.13.1 solaris
WARNING: /pci@0,0/pci1af4,1100@1,2 (uhci0): No SOF interrupts have been received
, this USB UHCI host controller is unusable
This is harmless and can be safely ignored. Once the install is complete, we will disabled uhci by running rem_drv
uhci in the server.
2.14 logstash
2.14.1 Links
Transport performance: https://docs.google.com/spreadsheet/ccc?key=0Aq9liCTsAyzRdDFEcUp2bjJPMTQzU1ZVTndTVzFwV3c#gid
2.15 luks
2.15.1 installing
# yum install cryptsetup-luks
Removes all data:
# cryptsetup -y -v luksFormat /dev/xvdc
# cryptsetup luksOpen /dev/xvdc backup2
# ls -l /dev/mapper/backup2
# cryptsetup -v status
LUKS headers:
# cryptsetup luksDump /dev/xvdc
2.15.2 formatting
Zero to hide usage patterns:
# pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M
# kill -USR1 PID
# mkfs.ext4 /dev/mapper/backup2
2.13. kvm
11
dok Documentation, Release 1.0
# mkdir /backup2
# mount /dev/mapper/backup2 /backup2
2.15.3 using
Umount:
# umount /backup2
# cryptsetup luksClose backup2
Mount:
# cryptsetup luksOpen /dev/xvdc backup2
# mount /dev/mapper/backup2 /backup2
2.15.4 sources
http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
2.16 lumberjack
git: https://github.com/elasticsearch/logstash-forwarder
2.17 metasploit
2.17.1 install
Install rbenv (linux/rbenv.md) to /root and the latest ruby 1.9.
$ mkdir /opt/metasploit
$ cd /opt/metasploit <- set local rbenv
$ git clone https://github.com/rapid7/metasploit-framework.git msf
Then http://www.phocean.net/2014/02/23/metasploit-on-fedora-20.html
2.17.2 run
# ./msfconsole
2.17.3 commands
global
search
search name:mysql
search path:scada
search platform:aix
12
Chapter 2. Linux
dok Documentation, Release 1.0
search type:post
search cve:2011 author:jduck platform:linux
setg
save
show
show auxiliary
plugin
info
show options
run
jobs
2.17.4 scans
ssdp
use auxiliary/scanner/upnp/ssdp_amp :: amp?
use auxiliary/scanner/upnp/ssdp_msearch :: info
set RHOSTS 192.168.0.0/24
run
2.18 multiboot
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
grub2
=====
search --file SysRescCD
sudo grub2-install --force --no-floppy --boot-directory=/run/media/ignas/MULTIBOOT/boot /dev/sdb
qemu-kvm
========
sudo qemu-kvm -m 512 /dev/sdb
web
===
http://www.circuidipity.com/multi-boot-usb.html
https://help.ubuntu.com/community/Grub2/ISOBoot/Examples
https://wiki.archlinux.de/title/Multiboot_USB_Stick
clonezilla
==========
http://clonezilla.org/livehd.php
# Fedora
# ======
2.18. multiboot
13
dok Documentation, Release 1.0
#
# https://github.com/thias/glim/blob/master/grub2/inc-fedora.cfg
# Timeout for menu
set timeout=30
# Default boot entry
set default=0
# Menu Colours
set menu_color_normal=white/black
set menu_color_highlight=white/green
# Boot ISOs
menuentry "Clonezilla" {
set isofile="/iso/clonezilla-live-2.2.4-12-i686-pae.iso"
set gfxpayload=800x600x16
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/live/vmlinuz boot=live live-config noswap nolocales edd=on nomodeset ocs_live_run=\"oc
initrd (loop)/live/initrd.img
}
menuentry "KAV neveikia" {
loopback loop /iso/kav_rescue_10.iso
set gfxpayload=800x600x16
set root=(loop)
linux /boot/rescue root=live:/dev/well/this/is/nonsense rootfstype=auto init=/init initrd=rescue.i
initrd /boot/rescue.igz
}
menuentry "DBAN ISO" {
set isofile="/iso/dban-2.2.8_i586.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/DBAN.BZI nuke="dwipe" iso-scan/filename=${isofile} silent -}
menuentry "SystemRescueCD 64bit" {
set isofile="/iso/systemrescuecd-x86-4.3.0.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=us
initrd (loop)/isolinux/initram.igz
}
menuentry "SystemRescueCD 64bit to RAM" {
set isofile="/iso/systemrescuecd-x86-4.3.0.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=us docache
initrd (loop)/isolinux/initram.igz
}
menuentry "SystemRescueCD 32bit" {
set isofile="/iso/systemrescuecd-x86-4.3.0.iso"
echo "Using ${isofile}..."
loopback loop $isofile
14
Chapter 2. Linux
dok Documentation, Release 1.0
linux (loop)/isolinux/rescue32 isoloop=${isofile} setkmap=en
initrd (loop)/isolinux/initram.igz
}
menuentry "Fedora 20 64bit Live Gnome" {
set isoname="Fedora-Live-Desktop-x86_64-20-1.iso"
set isofile="/iso/$isoname"
echo "Using ${isoname}..."
loopback loop $isofile
linux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Desktop-x86_64-20-1 rootfstype=auto ro
initrd (loop)/isolinux/initrd0.img
}
menuentry "Fedora 20 64bit Live Xfce" {
set isoname="Fedora-Live-Xfce-x86_64-20-1.iso"
set isofile="/iso/$isoname"
echo "Using ${isoname}..."
loopback loop $isofile
linux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Xfce-x86_64-20-1 rootfstype=auto ro rd
initrd (loop)/isolinux/initrd0.img
}
menuentry "Debian 7.6 - 64bit netinst" {
set isofile="/iso/debian-7.6.0-amd64-netinst.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splash
initrd (loop)/install.amd/initrd.gz
}
menuentry "Debian 7.6 - 64bit CD1" {
set isofile="/iso/debian-7.6.0-amd64-CD-1.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splash
initrd (loop)/install.amd/initrd.gz
}
menuentry "Ubuntu 14.04 LTS - 64bit Mini-Installer" {
set isofile="/iso/ubuntu-14.04-amd64-mini.iso"
echo "Using ${isofile}..."
loopback loop $isofile
linux (loop)/linux boot=casper iso-scan/filename=$isofile noprompt noeject
initrd (loop)/initrd.gz
}
2.19 multicast
2.19.1 bridge config
There are bugs in kernel when forwarding non 224.0.0.* multicast traffic through bridges, so disable snooping:
host# echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping
http://troglobit.com/blog/2013/07/09/multicast-howto/
2.19. multicast
15
dok Documentation, Release 1.0
Then to make it persistent... /etc/sysconfig/network-scripts/ifup-post calls /sbin/ifup-local ${DEVICE} so add there
#!/bin/sh
#/sbin/ifup-local ${DEVICE}
if [[ "$1" == "br0" ]]
then
if [[ -e "/sys/devices/virtual/net/$1/bridge/multicast_snooping" ]]
then
echo "Setting /sys/devices/virtual/net/$1/bridge/multicast_snooping."
echo 0 > /sys/devices/virtual/net/$1/bridge/multicast_snooping
else
echo "Warning: can not find /sys/devices/virtual/net/$1/bridge/multicast_snooping"
fi
#else
#DO_NOTHING
fi
2.19.2 iptables
# multicast (igmp; Internet group management protocol)
iptables -I INPUT -p igmp -j ACCEPT
# Service config
iptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 10.20.
# iperf def port
iptables -I INPUT -m addrtype --dst-type MULTICAST -p udp --dport 5001 -j ACCEPT
2.19.3 test with iperf
Server:
# iperf -s -u -B 224.1.1.1 -i 1
Client:
# iperf -c 224.1.1.1 -u -T 32 -t 3
Problems: - Things to watch out for. Apparently iperf has issues if the ‘server’ is running on a computer with multiple
interfaces. But aside from that, this worked. - Another thing to be careful of; the iperf test client will work correctly
even if /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is set (to 1). In this case, running iperf as a server and trying
to ping the multicast address will NOT work. Whether this matters is dependent on your multicast needs.
2.19.4 netstat
Show joined groups:
# netstat -g
# cat /proc/net/igmp
# ip maddress list
16
Chapter 2. Linux
dok Documentation, Release 1.0
2.19.5 tcpdump
Capture multicast traffic:
# tcpdump -n
-vv net 224.0.0.0/4
2.19.6 ping
# ping 224.1.1.1
# ping 224.0.0.1
Ping specific IP
All hosts configured for multicast will respond with their IP addresses
2.20 mysql
2.20.1 information
#
#
>
>
mysqladmin status
mysqladmin processlist
show status like ’%onn%’;
show processlist;
Table info:
describe mysql.user;
Table sizes:
# SELECT table_schema AS "Database name", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)
User info:
SELECT User, Host, Password FROM mysql.user;
SELECT CONCAT(QUOTE(user),’@’,QUOTE(host)) UserAccount FROM mysql.user;
SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;
SHOW GRANTS FOR ’root’@’localhost’;
Replication:
reset master;
2.20.2 Dumping and restoring
grep a table from full dump:
time sed -n -e ’/DROP TABLE.*‘mytable‘/,/UNLOCK TABLES/p’ mydump.sql > tabledump.sql
2.20. mysql
17
dok Documentation, Release 1.0
2.21 nfs
2.21.1 configuring nfs server on centos6
yum install nfs-utils
vim /etc/sysconfig/nfs (PAPILDYTI)
--> MOUNTD_NFS_V2="no"
> RQUOTAD_PORT=875
> LOCKD_TCPPORT=32803
> LOCKD_UDPPORT=32769
> MOUNTD_PORT=892
> STATD_PORT=662
> STATD_OUTGOING_PORT=2020
--mkdir -p /export/public
vim /etc/exports
--/export/public *(rw,no_subtree_check,insecure,no_root_squash,no_all_squash)
--vim /etc/sysconfig/iptables
---A INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT
-A INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT
--service iptables restart
chkconfig nfs on
service rpcbind start
service nfslock start
service nfs start
Jei reikia reeksportuoti:
# exportfs -rv
Klientas:
#
#
#
#
#
#
#
#
#
#
#
#
#
yum install nfs-utils
showmount -e 10.10.40.210
mkdir /mnt/public
vim /etc/fstab
--10.10.40.210:/export/public /mnt/public nfs defaults
0 0
10.10.40.210:/export/store /mnt/store nfs vers=3,nolock,rw,acl,tcp,hard,intr,rsize=32768,wsize=32
--mount -a
Useriai NFS serveryje ir kliente turi buti vienodu vardu bei UID GID. Todel userius pirmiausia kurti severyje.
Apie GID/UID problemas http://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX
18
Chapter 2. Linux
dok Documentation, Release 1.0
2.21.2 troubleshooting
Clear idmapd cache
# nfsidmap -c
Remove stale handles
Login as root. Issue the commands:
# service netfs stop
# service network restart
# service netfs start
2.22 opennebulla
2.22.1 Nauodjimas
onevnet
# onevnet list
sunstone
http://opennebula.org/documentation:archives:rel4.0:sunstone
The default password for the oneadmin user (which can be changed by doing oneuser passwd oneadmin
<new_password>), can be found in ~/.one/one_auth which is generated randomly on every installation.
one market
# onemarket list --server http://marketplace.c12g.com
2.22.2 Instaliavimas
Irasius servisus, juos isjungti.
Tinklas
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2networkscripts-interfaces_network-bridge.html
ifcfg-eth0:
DEVICE="eth0"
TYPE="Ethernet"
BOOTPROTO="none"
ONBOOT="yes"
NM_CONTROLLED="no"
2.22. opennebulla
19
dok Documentation, Release 1.0
BRIDGE=onebr0
gali reikti HWADDR
ifcfg-onebr0:
DEVICE="onebr0"
TYPE="Bridge"
IPADDR="10.4.1.108"
NETMASK="255.255.255.0"
ONBOOT="yes"
BOOTPROTO="none"
GATEWAY="10.4.1.1"
IPV6INIT="no"
NM_CONTROLLED="no"
add host
Hostas turi galeti useriu oneadmin prisijungti ir prie saves ir prie kitu.
Gali tekti pataisyti eilute oned.conf:
SCRIPTS_REMOTE_DIR=/var/lib/one/remotes
onehost create localhost -i im_kvm -v vmm_kvm -n fw
2.23 openssl
2.23.1 debug
openssl s_client -connect git.phd.msu.edu:443
2.24 pandoc
2.24.1 pdf
Norint naudoti lietuviskas raides, reikia –latex-engine
pandoc gollum2.md -o g2.pdf --latex-engine=xelatex
2.25 partitioning
Using parted -a opt automaticaly aligns partitions. If possible, use it always instead of fdisk.
#
#
#
#
parted -a optimal /dev/sda ["print free"]
print free
mkpart extended 47.8G 898G
mkpart logical 47.8G 590G
Check alignment with partition index, no output if OK:
20
Chapter 2. Linux
dok Documentation, Release 1.0
# align-check opt 5
2.26 puppet
2.26.1 erb
Syntax check:
erb -P -x -T ’-’ mytemplate.erb | ruby -c
2.27 rbenv
https://github.com/sstephenson/rbenv
2.27.1 info
rbenv version parodyti dabartine nustatyta versija.
rbenv versions parodyti instaliuotas versijas.
rbenv global parodyti globalia versija.
rbenv local parodyti lokalia versija.
2.27.2 upgrade
$ cd ~/.rbenv
$ git pull
To use a specific release of rbenv, check out the corresponding tag:
$ cd ~/.rbenv
$ git fetch
$ git checkout v0.3.0
2.27.3 install
Verisiju saraso atnaujinimui reikia ruby-build upgrade (zemiau).
Perziurime esamas ruby versijas:
$ rbenv install --list
Instaliuojame reikalinga ruby versija (raikalingas ruby-build pluginas):
$ rbenv install 1.9.3-p448
$ rbenv global 1.9.3-p448
$ rbenv rehash
2.26. puppet
21
dok Documentation, Release 1.0
2.28 ruby-build
2.28.1 upgrade
$ cd .rbenv/plugins/ruby-build/
$ git pull
2.29 rpm
2.29.1 tools
yum install rpmdevtools rpmlint
rpmdev-setuptree
# Install dependencies of the spec file
yum-builddep -y collectd-5.4.1/contrib/redhat/collectd.spec
2.29.2 srpm
rpm -qpi some.src.rpm
rpm2cpio some.src.rpm | cpio -idmv
2.30 rsyslog
2.30.1 debug
Debug template:
*.* /var/log/all.log;RSYSLOG_DebugFormat
Send a message with netcat:
echo ’<166>Jan 13 13:26:07 srv1.test nginx: resize1.ef.lan 172.14.10.18 - - ’ | nc -v -u -w 0 127.0.0
2.31 salt
2.31.1 cmd
salt-key -L
salt-key -a s.vagrant.localdomain
salt-key -A
salt
salt
salt
salt
salt
22
’<target>’ <function> [arguments]
’*’ test.ping
’*’ cmd.run ’uname -a’
-G ’os:Ubuntu’ test.ping
-E ’virtmach[0-9]’ test.ping
Chapter 2. Linux
dok Documentation, Release 1.0
salt -L ’foo,bar,baz,quo’ test.ping
salt -C ’G@os:Ubuntu and webser* or E@database.*’ test.ping
# List all available functions
salt ’*’ sys.doc
salt ’*’ cmd.exec_code python ’import sys; print sys.version’
salt ’*’ pip.install salt timeout=5 upgrade=True
salt-call -l debug
salt ’*’ test.ping
salt ’*’ test.ping
salt ’*’ test.ping
salt ’*’ test.ping
state.highstate
--out txt
--out yaml
--out raw
--static --out json
salt ’*’ test.version
salt-run manage.versions
salt ’*’ pkg.install salt-minion refresh=True
salt
salt
salt
salt
salt
salt
’*’
’*’
’*’
’*’
’*’
’*’
pkg.install nginx
service.start nginx
disk.usage
network.interfaces
sys.doc | less
grains.items
2.31.2 installing
yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
cd /etc/yum.repos.d/
#overrides 2 epel pkgs.
wget http://copr.fedoraproject.org/coprs/saltstack/zeromq4/repo/epel-6/saltstack-zeromq4-epel-6.repo
installing minion
yum install salt-minion
sed -ie ’s/#master: salt/master: s/’ /etc/salt/minion
chkconfig salt-minion on
service salt-minion start
installing master
yum install salt-master
lokkit -p 4505:tcp -p 4506:tcp
chkconfig salt-master on
service salt-master start
2.31.3 links
https://github.com/saltstack-formulas
pattern
2.31. salt
http://www.willdurness.com/post/101277984950/salt-pillar-driven-design-
23
dok Documentation, Release 1.0
2.32 SELinux
semodule -DB : enable full logging
semanage fcontext -a -t virt_etc_t ’/shared(/.*)?’
restorecon -r /shared
2.32.1 starting auditd (selaert)
# yum install setroubleshoot-server
# service messagebus start
# service auditd restart
More: auditd http://blog.esmnetworks.com/
2.32.2 actions with files
Defaults:
$ matchpathcon /var/spool/rsyslog
Set context to default:
# restorecon -F /katalogas
# restorecon -v /var/www/html/index.html
File se types:
# file_context somewhere /etc/selinux
Change:
# chcon -R --reference=/etc/kazkas /target/dir
# chcon -R -u system_u -t public_content_t /ftp
# chcon -u system_u -r object_r -t tmp_t /tmppt
fcontext
# matchpathcon /exports/foobar
# semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?"
-a :: add
-u :: user
-r :: role
-t :: type
# semanage permissive -a httpd_t
# restorecon -Rv /var/www/html
-n :: noop
2.32.3 actions with users
unconfined_u
guest_u
xguest_u
24
Chapter 2. Linux
dok Documentation, Release 1.0
user_u
staff_u
List selinux users:
# semanage user -l
Change existing user se type:
# semanage login -a [-s user_u] michael
-a add
-s user role
or:
# usermod -Z user_u USERNAME
Change default se type (all default users will be changed also):
# semanage login -m -S targeted -s “user_u” -r s0 __default__
Hmm... something:
# semanage user -m -R"unconfined_r webadm_r staff_r" staff_u
2.32.4 actions with ports
List:
# semanage port -l| grep syslog
Add:
# sudo semanage port -a -t syslogd_port_t -p tcp 7514
2.32.5 actions with processes
Check if httpd is protected with SELinux:
# ps -ZC httpd
List all:
# ps -eZ
SE status:
# sestatus
2.32.6 bools
# sudo setsebool -P httpd_setrlimit 1
# sudo setsebool -P allow_ypbind 1 - kad servisai laisvai galetu jungtis prie portu
# getsebool -a
# /usr/sbin/getsebool -a | grep samba
2.32. SELinux
25
dok Documentation, Release 1.0
2.32.7 analyzing the logs
Aureport:
# aureport -a
# aureport --start today --event --summary -i
http://dgz.dyndns.org/mediawiki/index.php/(RHEL)_HOWTO_configure_the_auditing_of_the_system_(auditd)
Logs can be in messages, user and /var/log/audit/audit.log
# sealert -l bf5c9ba8-3e2b-4780-b6aa-62861de64e7e
Generate sealert messeges from audit.log:
# grep AVC /var/log/audit/audit.log | sedispatch
#
#
#
#
ausearch -m
ausearch -m
ausearch -m
ausearch -m
-c search
avc
avc -ts today
avc -if ./audit.log
avc -c sudo
in executables name
# sealert -a /var/log/audit/audit.log
# grep 945172 /var/log/audit/audit.log | audit2allow -w
2.32.8 seasearch
# sesearch --allow -s cvs_t -c dir -p search
What can user_t do:
# sesearch -A -s user_t
# sesearch -A -s user_t | grep var_log
# sesearch -A -s passenger_t -t passenger_t -c capability -p sys_resource
# sesearch -t passenger_t
-A :: search for allow rules
Log all (disable DontAudit):
(13:00:23) siXy: r2bit: dontaudit rules can be disabled for testing
(13:00:55) siXy: semodule -DB (then -B to reenable them after)
2.32.9 working with modules
List:: # semodule -l
Compile:
#
#
#
#
audit2allow -a -m dansguardian > dansguardian.te
checkmodule -M -m dansguardian.te
checkmodule -M -m dansguardian.te -o dansguardian.mod
semodule_package -o dansguardian.pp -m dansguardian.mod
Install:
26
Chapter 2. Linux
dok Documentation, Release 1.0
# semodule -i dansguardian.pp
2.32.10 Files
/etc/selinux
/etc/selinux/targeted/contexts/files
./file_contexts - baseline file contexts for the entire system
./file_contexts.homedirs - for /home and subdirs
./media - for removable media
2.32.11 module config-history
(3:58:05
(3:58:08
(3:58:24
(3:58:37
(3:58:41
(3:58:47
(3:59:06
(3:59:08
(3:59:24
(3:59:30
(3:59:37
PM)
PM)
PM)
PM)
PM)
PM)
PM)
PM)
PM)
PM)
PM)
grift:
grift:
grift:
grift:
grift:
grift:
grift:
grift:
grift:
grift:
grift:
yes some stupid bug
try this:
cat > mytest.te <<EOF
policy_module(mytest, 1.0)
EOF
cat > mytest.fc <<EOF
/root/mydir/.* <<none>>
EOF
make -f /usr/share/selinux/devel/Makefile mytest.pp
semodule -i mytest.pp
matchpathon /root/mydir/test
cat > mytest.te <<EOF
policy_module(mytest, 1.0)
EOF
cat > mytest.fc <<EOF
/root/mydir/.* <<none>>
EOF
make -f /usr/share/selinux/devel/Makefile mytest.pp
semodule -i mytest.pp
matchpathon /root/mydir/test
2.32.12 building a module 2
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=5
Iskarpos:
allow unconfined_t ext_gateway_t : process transition;
allow unconfined_t secure_services_exec_t : file { execute read getattr };
allow ext_gateway_t in_file_t : file { write create getattr };
allow httpd_sys_script_t net_conf_t:file { open read getattr };
allow ext_gateway_t in_queue_t : dir { write search add_name };
module mysasl 1.0;
require {
type var_spool_t;
type postfix_spool_t;
type saslauthd_t;
type saslauthd_var_run_t;
class dir search;}
2.32. SELinux
27
dok Documentation, Release 1.0
#============= saslauthd_t ==============
allow saslauthd_t var_spool_t:dir search;
allow saslauthd_t postfix_spool_t:dir search;
module myawstats 1.0;
require {
type httpd_awstats_script_t;
type httpd_sys_script_exec_t;
class dir { search getattr }; }
#============= httpd_awstats_script_t ==============
allow httpd_awstats_script_t httpd_sys_script_exec_t:dir search;
require {
type var_lib_t;
class file { append getattr read open };}
2.32.13 macro list
(23:15:15)
(23:20:47)
(23:22:00)
(23:22:56)
(23:23:10)
(23:24:07)
(23:24:34)
sauleta: is there a way to list available macros? I tried semanage interface -l, but had n
grift: install selinux-policy-docs
grift: selinux-policy-doc
grift: then firefox /usr/share/doc/selinux-policy-3.10.0/html/index.html
grift: not all macros but quite a few
grift: you can also cat all the .if files in the various dirs in /usr/share/selinu/devel/i
grift: and the files in the support dir thats also in there
2.32.14 links
SELinux
intro:
http://beginlinux.com/server_training/web-server/976-apache-and-selinux
and:
http://wiki.centos.org/HowTos/SELinux
reference
policy:
http://oss.tresys.com/projects/refpolicy
Booleans:
http://wiki.centos.org/TipsAndTricks/SelinuxBooleans
Issamus
fedoros
FAQ:
http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621954,
http://selinuxproject.org/
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml
https://www.wzdftpd.net/docs/selinux/references.html Confining a process: http://www.adelton.com/docs/spacewalk/selinuxhow-we-confined-spacewalk
2.33 sssd
2.33.1 host authorisation
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/configsssd-domain-access.html
3 Possiblilities: - Simple Access Provider - LDAP Access Filter - authorizedService or host attribute in an entry
access filter and groups
http://thornelabs.net/2013/01/28/linux-restrict-server-login-via-ldap-groups.html
28
Chapter 2. Linux
dok Documentation, Release 1.0
access_provider = ldap
ldap_access_filter = memberOf=cn=Group Name,ou=Groups,dc=thornelabs,dc=net
2.34 sysloggen
syslog log generator.
https://subversion.assembla.com/svn/logzilla/scripts/contrib/sysloggen/
./sysloggen -h
./sysloggen -d 127.0.0.1:5001 -f sample.log -n 1000000 -S -l
./sysloggen -d 127.0.0.1:5000 -f sample.log -n 1000000 -D -l -v
2.35 tcpdump
2.35.1 links
Advanced filters: http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt
2.36 ubuntu
2.36.1 Disable a service
$ sudo invoke-rc.d apparmor stop
$ sudo invoke-rc.d apparmor teardown
$ sudo update-rc.d -f apparmor remove
2.37 varnish
2.37.1 varnishadm
Reload a VCL file:
vcl.load reload01 /usr/local/etc/varnish/default.vcl
vcl.use reload01
2.38 vim
2.38.1 Using tabs
:n and :prev navigate.
:args see which file are open.
2.34. sysloggen
29
dok Documentation, Release 1.0
:n test.pl to add a file.
2.38.2 Using windows
Ctrl-W s and Ctrl-W v to split the current window horizontally and vertically.
Ctrl-W w to swhitch between open windows, and Ctrl-W h (or j or k or l) to navigate through open windows.
Ctrl-W c to close the current window, and Ctrl-W o to close all windows except the current one.
:e file to add a file.
:ls see the current state of buffers.
30
Chapter 2. Linux
CHAPTER 3
Networking
3.1 h3c
3.1.1 information
interfaces
display
display
display
display
display
interface
interface
interface
interface
vlan 100
brief
GigabitEthernet 1/0/11
Vlan-interface brief
Vlan-interface 100
3.1.2 configuration
configuration management
display current-configuration
display saved-configuration
display this
display startup
reset saved-configuration
save
startup saved-configuration
create a trunk
interface GigabitEthernet 1/0/10
port link-type trunk
port trunk permit vlan 807 808
change password
password [ simple | cipher ] password
undo password
31
dok Documentation, Release 1.0
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] local-user test
[H3C-luser-test] password
Password:**********
confirm:**********
Updating the password file, please wait...
3.2 junos
## root cli
root% cli
## junos cli, op mode
user@host>
> show | compare
> configure
## conf mode
# run show configuration
# exit
show security policies from-zone z_1 to-zone z_2
show configuration | display set
commit
Common conf commands:
set
delete
show
commit
copy
rename
set security zones security-zone z_1 address-book address a_1 10.0.0.2
set security policies from-zone z_1 to-zone z_2 policy pol_1 match source-address [ n_1 n_2 ] destina
set security policies from-zone z_1 to-zone z_2 policy pol_1 then permit
3.2.1 links
SRX getting started: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694
3.3 mikrotik
Hairping NAT: http://wiki.mikrotik.com/wiki/Hairpin_NAT
32
Chapter 3. Networking
CHAPTER 4
Programming
4.1 bash
4.1.1 links
BashFAQ: http://mywiki.wooledge.org/BashFAQ
4.2 bash snippets
4.2.1 100% Load 4 CPU cores
for i in 1 2 3 4; do while : ; do : ; done &
done
4.2.2 show my ip
$ dig +short myip.opendns.com @resolver1.opendns.com
4.3 c
Quickguide: http://www.tutorialspoint.com/cprogramming/c_quick_guide.htm
Baigta ties C - Input & Output
4.4 git
4.4.1 rename a local branch
git branch -m <oldname> <newname>
If you want to rename the current branch, you can simply do:
git branch -m <newname>
33
dok Documentation, Release 1.0
4.4.2 commit squashing
http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
Commits must not be pushed. This will do interactive squashing of 4 last commits:
git rebase -i HEAD~4
4.4.3 log
git
git
git
git
log
log
log
log
--author=bob
--pretty=oneline
--graph --oneline --decorate --all
--name-status
Show not pushed commits:
git log --branches --not --remotes
4.4.4 show
View (possibly redirect) a file from a specific point in commit history.
git show <treeish>:<file>
git show HEAD~4:index.html
4.4.5 gitk
Show all branches:
gitk --all
4.5 gitlab
4.5.1 Create Repository (gitlab)
mkdir aliases
cd aliases
git init
touch README
git add README
git commit -m ’first commit’
git remote add origin gitlab@fqdn:puppet2/aliases.git
git push -u origin master
4.5.2 Existing Git Repo? (gitlab)
cd existing_git_repo
git remote add origin gitlab@fqdn:puppet2/aliases.git
git push -u origin master
34
Chapter 4. Programming
dok Documentation, Release 1.0
4.6 ruby
Style guide: https://github.com/bbatsov/ruby-style-guide
4.7 symfony
4.7.1 default bundle tree
$ tree src/Acme/StoreBundle/
src/Acme/StoreBundle/
|-- AcmeStoreBundle.php
|-- Controller
|
‘-- DefaultController.php
|-- DependencyInjection
|
|-- AcmeStoreExtension.php
|
‘-- Configuration.php
|-- Resources
|
|-- config
|
|
|-- routing.yml
|
|
‘-- services.yml
|
|-- doc
|
|
‘-- index.rst
|
|-- public
|
|
|-- css
|
|
|-- images
|
|
‘-- js
|
|-- translations
|
|
‘-- messages.fr.xlf
|
‘-- views
|
‘-- Default
|
‘-- index.html.twig
‘-- Tests
‘-- Controller
‘-- DefaultControllerTest.php
4.7.2 console
Create an AcmeStoreBundle:
php app/console generate:bundle --namespace=Acme/StoreBundle
Create a doctine db:
php app/console doctrine:database:create
Create an entity with doctrine:
php app/console doctrine:generate:entity
4.8 valgrind
gcc -g -o0 prog.c -o prog
4.6. ruby
35
dok Documentation, Release 1.0
-g provide debugging information.
-o0 Valgrind suggestion. With -o1 code runs faster, line numbers may be inacurate.
valgrind code
36
Chapter 4. Programming
CHAPTER 5
Solaris
5.1 SmartOS
Files: https://download.joyent.com/pub/iso/
KVM
->
SmartOS
http://www.the-mesh.org/content/building-smartos-home-data-center
Blog:
http://blog.smartcore.net.au/posts/ VRRP: http://www.c0t0d0s0.org/archives/7549-Less-known-Solaris-FeaturesHighly-available-loadbalancing..html
5.1.1 vmware
Disk controller: LSI Logic Parallel
5.1.2 Info
Cheat sheept: http://wiki.joyent.com/wiki/display/jpc2/The+Joyent+Linux-to-SmartOS+Cheat+Sheet
prstat -Z
5.1.3 Configuring
Changing the hostname
http://wiki.smartos.org/display/DOC/Administering+the+Global+Zone
Changin def vnc port
vmadm update dece98e8-29d7-4394-8cf1-d0185e2258b7 vnc_port=35351
5.2 zfs
dkms status
37
dok Documentation, Release 1.0
5.2.1 links
Naudingi patarimai is Arch: https://wiki.archlinux.org/index.php/ZFS
5.2.2 cheat sheets
http://www.datadisk.co.uk/html_docs/sun/sun_zfs_cs.htm
5.2.3 zfs on linux
zfs set sharenfs="rw=192.168.1.1/24,ro=192.168.2.1/24,no_root_squash"
Does not work with different option for different hosts:
zfs set sharenfs="rw=192.168.1.1/24,async,ro=192.168.2.1/24,sync" rpool/exports
38
Chapter 5. Solaris