X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=grml_tips;h=7825e12696d1122b1e1385410392e20820cc4879;hb=2a869a51f5eb5fed53a0bf6b745372639af0f13b;hp=c9ce7469ce206581166c972d435f64dc31878801;hpb=d0cb224f9ab51d699f5dad27c1f262bd4e668032;p=grml-tips.git diff --git a/grml_tips b/grml_tips index c9ce746..7825e12 100644 --- a/grml_tips +++ b/grml_tips @@ -413,13 +413,17 @@ Test sound: Improved grep version: % glark +-- +Grep with highlighting: -glark grep extract-matches +% grep --color=auto ... +% hgrep ... -- -Highlith +Extract matches when grepping: -grepc -hgrep +Usage examples: +% ifconfig | grepc 'inet addr:(.*?)\s' +% ifconfig | glark --extract-matches 'inet addr:(.*?)\s' -- Output text as sound: @@ -573,9 +577,9 @@ vim -c "se ff=dos|x" file # ... and even shorter ;) recode ibmpc..lat1 file # convert using recode echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile -- -Save live stream to file: +Save live audio stream to file: -% mplayer -ao pcm -aofile $FILE +% mplayer -ao pcm:file=$FILE or @@ -593,8 +597,8 @@ MPEG: WMV: -% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -o file1.avi -% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -o file2.avi +% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi +% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi % avimerge -i file1.avi file2.avi -o blub.avi -- Display MS-Word file: @@ -700,8 +704,9 @@ Write back the guessed table: Develop, test and use exploit code with the Metasploit Framework: cd /tmp -unp /usr/share/grml-sectools/tools/metasploit_framework*.tar.gz -cd framework* +wget http://framework-mirrors.metasploit.com/msf/downloader/framework-3.0.tar.gz +unp framework-3.0.tar.gz +cd framework-3.0 ./msfcli -- Useful documentation: @@ -854,6 +859,14 @@ local host: remote host: % netcat 192.168.0.1 3333 -- +Reverse Shell via SSH: + +local host (inside the network): +% ssh -NR 1234:localhost:22 remote_host + +remote host (outside the network): +% ssh localhost -p 1234 +-- Remove empty directories with zsh: % rmdir ./**/*(/od) 2> /dev/null @@ -988,6 +1001,7 @@ cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml sys umount /mnt/test && reboot # unmount partition and reboot... See also: http://www.debian.org/releases/stable/i386/apcs04.html.en +Avoid all of the above steps - use grml-debootstrap(8) instead! -- Install (plain) Debian (etch release) via grml @@ -1003,7 +1017,7 @@ dpkg-reconfigure locales console-data # adjust locales to your needs apt-get install vim most zsh screen less initrd-tools file grub \ usbutils pciutils bzip2 sysfsutils dhcp3-client resolvconf \ strace lsof w3m # install useful software -apt-get install linux-headers-2.6-686 linux-image-2.6.15-1-686 # install current kernel +apt-get install linux-headers-2.6-686 linux-image-686 # install current kernel echo "127.0.0.1 localhost" > /etc/hosts # adjust /etc/hosts and network: cat >> /etc/network/interfaces << EOF @@ -1026,14 +1040,14 @@ passwd # set password of user root mkdir /boot/grub # setup grub cp /usr/share/doc/grub/examples/menu.lst /boot/grub cat >> /boot/grub/menu.lst << EOF -title Debian Etch, kernel 2.6.15-1-686 (on /dev/sda1) +title Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1) root (hd0,0) -kernel /boot/vmlinuz-2.6.15-1-686 root=/dev/sda1 ro -initrd /boot/initrd.img-2.6.15-1-686 +kernel /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro +initrd /boot/initrd.img-2.6.18-3-686 EOF vim /boot/grub/menu.lst # adjust grub configuration to your needs cd /dev && MAKEDEV generic # create default devices -cp -i /lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/ +cp -i /usr/lib/grub/i386-pc/* /boot/grub/ # copy stage-files to /boot/grub/ grub install # now install grub, run in grub-cmdline following commands: > root (hd0,0) > setup (hd0) @@ -1064,16 +1078,17 @@ timeout=1 map=/boot/map vga=normal -image=/boot/vmlinuz-2.6.17-grml - label="2.6.17-grml" +image=/boot/vmlinuz-2.6.18-grml + label="2.6.18-grml" #append="...." read-only - initrd=/boot/initrd.img-2.6.17-grml + initrd=/boot/initrd.img-2.6.18-grml EOF See also: http://www.debian.org/releases/stable/i386/apcs04.html.en +Avoid all of the above steps - use grml-debootstrap(8) instead! -- -Convert files from Unicode / UTF to ISO: +Convert files from Unicode / UTF-8 to ISO: % iconv -f utf8 -t iso-8859-15 < utffile > isofile @@ -1163,7 +1178,17 @@ Check self signed certificate: Estable OpenSSL-connection using self-signed-certificate.pem and display certificate: # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443 -Also take a look at make-ssl-cert (debconf wrapper for openssl) +Generate ssl-certificate for use with apache2: + +export RANDFILE=/dev/random +mkdir /etc/apache2/ssl/ +openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem +chmod 600 /etc/apache2/ssl/apache.pem + +Also take a look at make-ssl-cert (debconf wrapper for openssl): + +# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem + and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/). -- Change Windows NT password(s): @@ -1509,6 +1534,10 @@ You can even activate the port forwarding by default globally: Host * RemoteForward 1234 127.0.0.1:1234 ForwardAgent yes + +Notice: if you get 'ABORT: Requested font not found' make sure the +requested font is available, running 'LANG=C LC_ALL=C osd_server.py...' +might help as well. -- Avoid automatical startup of init scripts via invoke-rc.d: @@ -1627,9 +1656,10 @@ grant all on grml.* to enrico identified by "PASSWORD"; -- Setup an HTTPS website: -create a certificate: +Create a certificate: -/usr/sbin/apache2-ssl-certificate -days 365 +# mkdir /etc/apache2/ssl +# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Create a virtual host on port 443: @@ -1645,6 +1675,10 @@ SSLCertificateFile /etc/apache2/ssl/apache.pem Enable listening on the HTTPS port (/etc/apache2/ports.conf): Listen 443 + +and make sure the SSL module is used: + +# a2enmod ssl -- Useful Apache / Apache2 stuff @@ -1681,7 +1715,7 @@ GET http://www.google.com HTTP/1.0 [press enter twice] Adjust system for use of qemu with kqemu: Make sure you have all you need: -# apt-get update ; apt-get install qemu grml-kerneladdons +# apt-get update ; apt-get install qemu grml-kerneladdons-$KERNELVERSION Then set up kqemu: @@ -1704,7 +1738,7 @@ dstat # versatile tool for generating system resource statistics Usage examples: -# mptstat -P ALL +# mpstat -P ALL # iostat -x 1 # iostat -xtc 5 3 # vmstat 1 @@ -1722,12 +1756,16 @@ Start X and lock console via exiting: % startx 2>~/.xsession-errors &| exit -- -Which process is writing to disk? +Which process is writing to disk and/or causes the disk to spin up? + +First of all use lsof to check what's going on. Does not help? -> # echo 1 > /proc/sys/vm/block_dump -Warning: you must disable syslogd before you do this, or you must -make sure that kernel output is not logged. +The command sets a sysctl to cause the kernel to log all disk +writes. Please notice that there is a lot of data. So please +disable syslogd/syslog-ng before you do this, or you must make +sure that kernel output is not logged. When you're done, disable block dump using: # echo 0 > /proc/sys/vm/block_dump @@ -1735,10 +1773,14 @@ When you're done, disable block dump using: Alternative: laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler) which handles block_dump on its own. + +See: $KERNEL-SOURCE/Documentation/laptop-mode.txt + +Also take a look at event-viewer(8) which is part of grml-debugtools. -- Install initrd via initramfs-tools for currently running kernel: -# update-initramfs -u -t -k $(uname -r) +# update-initramfs -c -t -k $(uname -r) -- Install initrd via yaird for currently running kernel: @@ -1914,11 +1956,26 @@ Resync: Stop and rebuild: # mdadm --stop --scan -# mdadm --assemble /dev/md0 --auto --scan --update=summaries --verbose + +Scan for and setup arrays automatically: +# mdadm --assemble --scan --auto=yes --verbose + +Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains: +DEVICE partitions +CREATE owner=root group=disk mode=0660 auto=yes +HOMEHOST +MAILADDR root + +Running +# /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf +might help as well. Monitoring the sw raid # nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0 +Producing /etc/mdadm/mdadm.conf: +# mdadm --detail --scan > /etc/mdadm/mdadm.conf + See also: man mdadm | less -p "^EXAMPLES" http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html -- @@ -2000,7 +2057,7 @@ How to use APT locally Sometimes you have lots of packages .deb that you would like to use APT to install so that the dependencies would be automatically solved. Solution: -mkdir ~debs +mkdir debs dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz echo " deb file:/root debs/" >> /etc/apt/sources.list dpkg-scansources debs | gzip > debs/Sources.gz @@ -2020,10 +2077,13 @@ xfs without vol_id: # xfs_admin -l /dev/sda1 reiserfs without vol_id: -# debugreiserfs /dev/sda1 | grep UUID +# debugreiserfs /dev/sda1 | grep -i label + +jfs without vol_id: +# jfs_tune -l /dev/sda1 | grep -i label reiser4 without vol_id: -# debugfs.reiser4 /dev/sda1 | grep uuid +# debugfs.reiser4 /dev/sda1 | grep -i label -- Check filesystem's UUID: @@ -2031,16 +2091,41 @@ generic way: # vol_id -u /dev/sda1 ext2/3 without vol_id: -# dumpe2fs /dev/sda1 | grep UUID +# dumpe2fs /dev/sda1 | grep -i UUID xfs without vol_id: # xfs_admin -u /dev/sda1 reiserfs without vol_id: -# debugreiserfs /dev/sda1 | grep LABEL +# debugreiserfs /dev/sda1 | grep -i UUID reiser4 without vol_id: -# debugfs.reiser4 /dev/sda1 | grep label +# debugfs.reiser4 /dev/sda1 | grep -i UUID +-- +Change a filesystem's LABEL: + +swap: +# mkswap -L $LABEL /dev/sda1 + +ext2/ext3: +# e2label /dev/sda1 $LABEL +# tune2fs -L $LABEL /dev/sda1 + +reiserfs: +# reiserfstune -l $LABEL /dev/sda1 + +jfs: +# jfs_tune -L $LABEL /dev/sda1 + +xfs: +# xfs_admin -L $LABEL /dev/sda1 + +fat/vfat: +# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc +# mlabel -s i:$LABEL + +ntfs: +# ntfslabel $LABEL /dev/sda1 -- Disable pdiffs feature of APT: @@ -2211,3 +2296,276 @@ Set up a CGI server on your webserver: Mercurial repositories of grml can be found at http://hg.grml.org/ -- +Download binary codecs for mplayer: + +# /usr/share/mplayer/scripts/win32codecs.sh + +or + +# /usr/share/mplayer/scripts/binary_codecs.sh install + +(depending on the mplayer version you have). + +To play encrypted DVDs and if you are living in a country where using +libdvdcss code is not illegal can install Debian package libdvdread3 +and use the script /usr/share/doc/libdvdread3/install-css.sh. +-- +Read manpages of uninstalled packages with debman: + +% debman -p git-core git +-- +Test network performance using netperf: + +Server: +# netserver + +Client: +# netperf -t TCP_STREAM -H 192.168.0.41 +-- +Setup Xen within 20 minutes on Debian/grml + +Install relevant software und update grub's menu.lst (Xen does not work with +usual lilo so install grub instead if not done already): + +apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \ + xen-utils-3.0.3-1 xen-tools bridge-utils +update-grub + +Example for installation of Debian etch as DomU: + +mkdir /mnt/md1/xen +xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \ + --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \ + --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \ + --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/ + +Start services: + +/etc/init.d/xend start +/etc/init.d/xendomains start + +Setup a bridge for network, either manually: + +brctl addbr xenintbr +brctl stp xenintbr off +brctl sethello xenintbr 0 +brctl setfd xenintbr 0 +ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up + +or via /etc/network/interfaces (run ifup xenintbr to bring up the device then +without rebooting): + +auto xenintbr +iface xenintbr inet static + pre-up brctl addbr xenintbr + post-down brctl delbr xenintbr + address 192.168.1.1 + netmask 255.255.255.0 + bridge_fd 0 + bridge_hello 0 + bridge_stp off + +Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and +add the iptables commands to a startup script like /etc/init.d/rc.local): + +echo 1 > /proc/sys/net/ipv4/ip_forward +iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP +iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP + +Adjust network configuration of Xend: + +cat >> /etc/xen/xend-config.sxp << EOF +(network-script network-route) +(vif-bridge xenintbr) +(vif-script vif-bridge) +EOF + +List domains, start up a DomU, shutdown later again: + +xm create -c /etc/xen/xengrml1.cfg +xm list +xm shutdown 1 + +This HowTo is also available online at http://grml.org/xen/ +-- +Play tetris with zsh: + +autoload -U tetris +zle -N tetris +bindkey "^Xt" tetris + +Now press 'ctrl-x t'. +-- +Set up a router with grml + +Run grml-router script: +# grml-router + +Install dnsmasq if not already present: +# apt-get update ; apt-get install dnsmasq + +Adjust /etc/dnsmasq.conf according to your needs: +# cat >> /etc/dnsmasq.conf << EOF +domain-needed +bogus-priv +dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range +dhcp-option=3,192.168.0.1 # dns server +dhcp-option=1,255.255.255.0 # netmask +EOF + +Start dnsmasq finally: +# Restart dnsmasq +-- +Display stats about memory allocations performed by a program: + +Usage example for 'ls': + +% LD_PRELOAD=/lib/libmemusage.so ls > /dev/null +-- +Use KVM (Kernel-based Virtual Machine for Linux): + +Make sure to install the relevant tools: +# apt-get update ; apt-get install kvm +# modprobe kvm + +Test it with a minimal system like ttylinux: +# wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz +# gzip -d bootcd-i386-5.3.iso.gz +# kvm -cdrom bootcd-i386-5.3.iso +-- +EEPROM data decoding for SDRAM DIMM modules: + +# modprobe eeprom +# /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl +-- +Set up and use DVB: + +Make sure your device is supported by Linux and running. +See http://www.linuxtv.org/ for more details. + +If the DVB device works on your system (see 'hwinfo --usb' +when using a DVB usb device for example), then make sure you +have the scan util from dvb-utils available: + +# aptitude install dvb-utils + +Then create a channels.conf configuration file: + +% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf + +You can find some example configuration files on +your grml system in ~/.channels. Usage example: + +% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf + +Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html) +might be useful if you do not know the initial configuration +details. +-- +Get the lastest mercurial snapshot: + +Make sure you have the python-dev package available: +# apt-get update ; apt-get install python-dev + +Get and build the source: +% hg clone http://selenic.com/repo/hg mercurial +% cd mercurial +% make local +% export PYTHONPATH=$(pwd) +% export PATH=$PATH:$(pwd) + +now you should have the newest version of mercurial whenever you execute hg. + +To update to the lastest development snapshot, additionally use +the following commands: +% hg pull -u http://hg.intevation.org/mercurial/crew +% make local +-- +Configure timezone +================== + +Available bootoptions relevant in live-cd mode: +----------------------------------------------- + +* utc: set UTC, if your system clock is set to UTC (GMT) +* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc] +* tz=$option: set timezone to corresponding $option, usage example: + tz=Europe/Vienna + +Configuration options relevant on harddisk installation: +-------------------------------------------------------- + +* Use the tzconfig utility to set the local timezone: + + # tzconfig + + which adjusts /etc/timezone and /etc/localtime according + to the provided information. Running: + + # dpkg-reconfigure tzdata + + might be useful as well. + +* /etc/default/rcS: set variable UTC according to your needs, + whether your system clock is set to UTC (UTC='yes') or + not (UTC='no') + +* /etc/localtime: adjust zoneinfo according to your needs: + + # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime + + The zoneinfo directory contains the time zone files that were + compiled by zic. The files contain information such as rules + about DST. They allow the kernel to convert UTC UNIX time into + appropriate local dates and times. Use the zdump utility to + print current time and date (in the specified time zone). + +* /etc/adjtime: This file is used e.g. by the adjtimex function, + which can smoothly adjust system time while the system runs + +* If you change the time (using 'date --set ...', ntpdate,...) + it is worth setting also the hardware clock to the correct time: + + # hwclock --systohc [--utc] + + Remember to add the --utc -option if the hardware clock is set + to UTC! + +Still problems? +--------------- + +Check your current settings via: + + cat /etc/timezone + zdump /etc/localtime + echo $TZ + hwclock --show + grep hwclock /etc/runlevel.conf + grep '^UTC' /etc/default/rc + +Further information: +-------------------- + + hwclock(8) tzselect(1) tzconfig(8) + http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html + http://wiki.debian.org/TimeZoneChanges +-- +Recorder shellscript session using script: + +% script -t 2>~/upgrade.time -a ~/upgrade.script +% scriptreplay ~/upgrade.time ~/upgrade.script +-- +Test UTF-8 capabilities of terminal: + +wget http://melkor.dnp.fmph.uniba.sk/~garabik/debian-utf8/download/UTF-8-demo.txt.gz +zcat UTF-8-demo.txt.gz + +or: + +wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt +cat UTF-8-test.txt +-- +UTF-8 at grml / some general information regarding Unicde/UTF-8: + + http://wiki.grml.org/doku.php?id=utf8 +--