X-Git-Url: http://git.grml.org/?p=grml-tips.git;a=blobdiff_plain;f=grml_tips;h=b26d5d94e111fcae2c8edce013e6080cebf821e4;hp=b19aea372ebd9c7f83c96fdb5aac0ca94a4ee1b7;hb=873c857ff67e6ce682059a758a91549df9cfa9ac;hpb=691fdd12c4dcff324dcfd179574555982d9f4e06 diff --git a/grml_tips b/grml_tips index b19aea3..b26d5d9 100644 --- a/grml_tips +++ b/grml_tips @@ -43,12 +43,6 @@ Configure network: # grml-network -- -Boot grml via network: - -# grml-terminalserver - -See: man grml-terminalserver + http://grml.org/terminalserver/ --- Deactivate error correction of zsh: % NOCOR=1 zsh @@ -413,13 +407,17 @@ Test sound: Improved grep version: % glark +-- +Grep with highlighting: -glark grep extract-matches +% grep --color=auto ... +% hgrep ... -- -Highlith +Extract matches when grepping: -grepc -hgrep +Usage examples: +% ifconfig | grepc 'inet addr:(.*?)\s' +% ifconfig | glark --extract-matches 'inet addr:(.*?)\s' -- Output text as sound: @@ -573,13 +571,21 @@ vim -c "se ff=dos|x" file # ... and even shorter ;) recode ibmpc..lat1 file # convert using recode echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile -- +Save live audio stream to file: + +% mplayer -ao pcm:file=$FILE $URL +-- Save live stream to file: -% mplayer -ao pcm -aofile $FILE +% mplayer -dumpfile $FILE -dumpstream $STREAM + +or + +% mencoder mms://$URL -o $FILE -ovc copy -oac copy or -% mencoder mms://file.wmv -o $FILE -ovc copy -oac copy +% mimms mms://file.wmv -- Merge video files: @@ -621,7 +627,7 @@ Read BIOS: -- Read HTTP via netcat: -echo "GET / HTTP/1.0\r\n\r\n" | netcat $DOMAIN 80 +echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80 -- Get X ressources for specific program: @@ -655,7 +661,9 @@ to get a list of all supported trees -- Transfer your SSH public key to another host: -% ssh-copy-id -i ~/.ssh/id_dsa.pub user@remote-system +% ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet +[...] +% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system or % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys' -- @@ -700,9 +708,9 @@ Write back the guessed table: Develop, test and use exploit code with the Metasploit Framework: cd /tmp -wget http://www.metasploit.com/tools/framework-2.7-snapshot.tar.gz -unp framework-2.7-snapshot.tar.gz -cd framework* +wget http://spool.metasploit.com/releases/framework-3.2.tar.gz +unp framework-3.2.tar.gz +cd framework-3.2 ./msfcli -- Useful documentation: @@ -855,6 +863,14 @@ local host: remote host: % netcat 192.168.0.1 3333 -- +Reverse Shell via SSH: + +local host (inside the network): +% ssh -NR 1234:localhost:22 remote_host + +remote host (outside the network): +% ssh localhost -p 1234 +-- Remove empty directories with zsh: % rmdir ./**/*(/od) 2> /dev/null @@ -989,6 +1005,7 @@ cp /etc/network/interfaces /mnt/test/etc/network/ # ...from the running grml sys umount /mnt/test && reboot # unmount partition and reboot... See also: http://www.debian.org/releases/stable/i386/apcs04.html.en +Avoid all of the above steps - use grml-debootstrap(8) instead! -- Install (plain) Debian (etch release) via grml @@ -1027,10 +1044,10 @@ passwd # set password of user root mkdir /boot/grub # setup grub cp /usr/share/doc/grub/examples/menu.lst /boot/grub cat >> /boot/grub/menu.lst << EOF -title Debian Etch, kernel 2.6.17-2-686 (on /dev/sda1) +title Debian Etch, kernel 2.6.18-3-686 (on /dev/sda1) root (hd0,0) -kernel /boot/vmlinuz-2.6.17-2-686 root=/dev/sda1 ro -initrd /boot/initrd.img-2.6.17-2-686 +kernel /boot/vmlinuz-2.6.18-3-686 root=/dev/sda1 ro +initrd /boot/initrd.img-2.6.18-3-686 EOF vim /boot/grub/menu.lst # adjust grub configuration to your needs cd /dev && MAKEDEV generic # create default devices @@ -1065,55 +1082,47 @@ timeout=1 map=/boot/map vga=normal -image=/boot/vmlinuz-2.6.17-grml - label="2.6.17-grml" +image=/boot/vmlinuz-2.6.18-grml + label="2.6.18-grml" #append="...." read-only - initrd=/boot/initrd.img-2.6.17-grml + initrd=/boot/initrd.img-2.6.18-grml EOF See also: http://www.debian.org/releases/stable/i386/apcs04.html.en +Avoid all of the above steps - use grml-debootstrap(8) instead! -- -Convert files from Unicode / UTF to ISO: +Convert files from Unicode / UTF-8 to ISO: -% iconv -f utf8 -t iso-8859-15 < utffile > isofile +% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile and vice versa: % iconv -f iso-8859-15 -t utf8 < isofile > utffile -- -Assign static setup for network cards (eth0 and eth1) via udev: +Assign static setup for network cards (NICs) via udev: -First method - manual: -~~~~~~~~~~~~~~~~~~~~~~ -Get information for SYSFS address: -# udevinfo -a -p /sys/class/net/eth0/ | grep address +Retrieve information for address (corresponding to MAC address): -Then create udev rules: -# cat /etc/udev/network.rules -# match eth* stuff: -KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:01", NAME="wlan0" -KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:02", NAME="lan0" -# do not match eth* drivers but also e.g. firewire stuff: -ACTION=="add", SUBSYSTEM=="net", SYSFS{address}=="00:00:00:00:00:03", NAME="1394" + # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}' -Now activate the rules: -# cd /etc/udev/rules.d/ && ln -s ../network.rules z35_network.rules +Execute /lib/udev/write_net_rules with according values (INTERFACE +is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR +is the MAC address retrieved with udevadm info command): -Unload the drivers, restart udev and load the drivers again to activate -the settings. + # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules -Second method - automatic: -~~~~~~~~~~~~~~~~~~~~~~~~~~ -Run /lib/udev/write_net_rules shipped with recent udev versions: +This will generate file /etc/udev/rules.d/70-persistent-net.rules with content: -# INTERFACE=wlan1 /lib/udev/write_net_rules 00:00:00:00:00:04 +SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0" -This command will create /etc/udev/rules.d/z25_persistent-net.rules containing: +Finally take down the interface (ifdown/ifconfig) and execute: -SUBSYSTEM=="net", DRIVER=="?*", SYSFS{address}=="00:00:00:00:00:04", NAME=wlan1 + # udevadm trigger --action=add --subsystem-match=net -See /usr/share/doc/udev/writing_udev_rules/index.html for more information. +so the interface will be renamed. (Rebooting or +unloading drivers/restart udev/loading drivers again +works as well of course.) -- Change the suffix from *.sh to *.pl using zsh: @@ -1164,7 +1173,17 @@ Check self signed certificate: Estable OpenSSL-connection using self-signed-certificate.pem and display certificate: # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443 -Also take a look at make-ssl-cert (debconf wrapper for openssl) +Generate ssl-certificate for use with apache2: + +export RANDFILE=/dev/random +mkdir /etc/apache2/ssl/ +openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem +chmod 600 /etc/apache2/ssl/apache.pem + +Also take a look at make-ssl-cert (debconf wrapper for openssl): + +# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem + and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/). -- Change Windows NT password(s): @@ -1243,31 +1262,65 @@ via using grml nodma at the bootprompt. -- Write a Microsoft compatible boot record (MBR) using ms-sys -Write a Windows 2000/XP/2003 MBR to device: +Write a Windows 2000/XP/2003 MBR to a device: # ms-sys -m /dev/ice + +Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo: + + wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz + unp ms-sys-2.1.3.tgz + cd ms-sys-2.1.3 + make + ./bin/ms-sys ... -- Use a Vodafone 3G Datacard (UMTS) with Linux: Plug in your vodafone card and check in syslog whether the appropriate -(probably /dev/ttyUSB0 or /dev/noz0 when using newer vodafone cards) has -been created. If so run: +(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run: -# gcom -d $DEVICE +# comgt -d $DEVICE # wvdial --config /etc/wvdial.conf.umts $PROFILE Usage examples: -# gcom -d /dev/ttyUSB0 +# comgt -d /dev/ttyUSB0 # wvdial --config /etc/wvdial.conf.umts a1usb -# gcom -d /dev/noz0 +# comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts tmnozomi -# gcom -d /dev/noz0 +# comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts dreiusb -Notice: newer vodafone cards require the nozomi driver. Run 'modprobe nozomi' on -your grml system. +# comgt -d /dev/ttyACM0 +# wvdial --config /etc/wvdial.conf.umts yesss + +If you receive invalid DNS nameservers when connecting, like: + +[...] +--> primary DNS address 10.11.12.13 +--> secondary DNS address 10.11.12.14 + +just provide a working nameserver to resolvconf via: + +# echo "nameserver 80.120.17.70" | resolvconf -a ppp0 + +Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on +your grml system), some other ones require the sierra driver (run +'modprobe sierra'). + +If your device isn't supported by usbserial yet, manually provide vendor and +product ID when loading the usbserial module. Usage example: + +% lsusb +[...] +Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc. + +# modprobe usbserial vendor=0x1199 product=0x6813 + +To get a list of available providers execute: + +# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator -- hdparm - get/set hard disk parameters @@ -1634,7 +1687,8 @@ Setup an HTTPS website: Create a certificate: -# make-ssl-cert +# mkdir /etc/apache2/ssl +# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Create a virtual host on port 443: @@ -1650,6 +1704,10 @@ SSLCertificateFile /etc/apache2/ssl/apache.pem Enable listening on the HTTPS port (/etc/apache2/ports.conf): Listen 443 + +and make sure the SSL module is used: + +# a2enmod ssl -- Useful Apache / Apache2 stuff @@ -1686,7 +1744,7 @@ GET http://www.google.com HTTP/1.0 [press enter twice] Adjust system for use of qemu with kqemu: Make sure you have all you need: -# apt-get update ; apt-get install qemu grml-kerneladdons +# aptitude update ; aptitude install qemu kqemu-modules-$(uname -r) Then set up kqemu: @@ -1709,7 +1767,7 @@ dstat # versatile tool for generating system resource statistics Usage examples: -# mptstat -P ALL +# mpstat -P ALL # iostat -x 1 # iostat -xtc 5 3 # vmstat 1 @@ -1727,12 +1785,16 @@ Start X and lock console via exiting: % startx 2>~/.xsession-errors &| exit -- -Which process is writing to disk? +Which process is writing to disk and/or causes the disk to spin up? + +First of all use lsof to check what's going on. Does not help? -> # echo 1 > /proc/sys/vm/block_dump -Warning: you must disable syslogd before you do this, or you must -make sure that kernel output is not logged. +The command sets a sysctl to cause the kernel to log all disk +writes. Please notice that there is a lot of data. So please +disable syslogd/syslog-ng before you do this, or you must make +sure that kernel output is not logged. When you're done, disable block dump using: # echo 0 > /proc/sys/vm/block_dump @@ -1740,6 +1802,10 @@ When you're done, disable block dump using: Alternative: laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler) which handles block_dump on its own. + +See: $KERNEL-SOURCE/Documentation/laptop-mode.txt + +Also take a look at event-viewer(8) which is part of grml-debugtools. -- Install initrd via initramfs-tools for currently running kernel: @@ -2020,7 +2086,7 @@ How to use APT locally Sometimes you have lots of packages .deb that you would like to use APT to install so that the dependencies would be automatically solved. Solution: -mkdir ~debs +mkdir debs dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz echo " deb file:/root debs/" >> /etc/apt/sources.list dpkg-scansources debs | gzip > debs/Sources.gz @@ -2031,36 +2097,64 @@ See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html Check filesystem's LABEL: generic way: -# vol_id -l /dev/sda1 +# blkid /dev/sda1 -ext2/3 without vol_id: +ext2/3 without blkid: # dumpe2fs /dev/sda1 | grep "Filesystem volume name" -xfs without vol_id: +xfs without blkid: # xfs_admin -l /dev/sda1 -reiserfs without vol_id: -# debugreiserfs /dev/sda1 | grep UUID +reiserfs without blkid: +# debugreiserfs /dev/sda1 | grep -i label + +jfs without blkid: +# jfs_tune -l /dev/sda1 | grep -i label -reiser4 without vol_id: -# debugfs.reiser4 /dev/sda1 | grep uuid +reiser4 without blkid: +# debugfs.reiser4 /dev/sda1 | grep -i label -- Check filesystem's UUID: generic way: -# vol_id -u /dev/sda1 +# blkid /dev/sda1 -ext2/3 without vol_id: -# dumpe2fs /dev/sda1 | grep UUID +ext2/3 without blkid: +# dumpe2fs /dev/sda1 | grep -i UUID -xfs without vol_id: +xfs without blkid: # xfs_admin -u /dev/sda1 -reiserfs without vol_id: -# debugreiserfs /dev/sda1 | grep LABEL +reiserfs without blkid: +# debugreiserfs /dev/sda1 | grep -i UUID + +reiser4 without blkid: +# debugfs.reiser4 /dev/sda1 | grep -i UUID +-- +Change a filesystem's LABEL: + +swap: +# mkswap -L $LABEL /dev/sda1 -reiser4 without vol_id: -# debugfs.reiser4 /dev/sda1 | grep label +ext2/ext3: +# e2label /dev/sda1 $LABEL +# tune2fs -L $LABEL /dev/sda1 + +reiserfs: +# reiserfstune -l $LABEL /dev/sda1 + +jfs: +# jfs_tune -L $LABEL /dev/sda1 + +xfs: +# xfs_admin -L $LABEL /dev/sda1 + +fat/vfat: +# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc +# mlabel -s i:$LABEL + +ntfs: +# ntfslabel $LABEL /dev/sda1 -- Disable pdiffs feature of APT: @@ -2083,7 +2177,7 @@ Restore the backup using unzsplit: More usage examples: man zsplit + man unzsplit -- -Measure network performance using ipserf +Measure network performance using iperf: Server side: % iperf -s -V @@ -2228,13 +2322,17 @@ host2% hg merge # merge changes into your working directory Set up a CGI server on your webserver: % cp hgwebdir.cgi ~/public_html/hg/index.cgi % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults - -Mercurial repositories of grml can be found at http://hg.grml.org/ -- Download binary codecs for mplayer: # /usr/share/mplayer/scripts/win32codecs.sh +or + +# /usr/share/mplayer/scripts/binary_codecs.sh install + +(depending on the mplayer version you have). + To play encrypted DVDs and if you are living in a country where using libdvdcss code is not illegal can install Debian package libdvdread3 and use the script /usr/share/doc/libdvdread3/install-css.sh. @@ -2317,4 +2415,769 @@ xm shutdown 1 This HowTo is also available online at http://grml.org/xen/ -- +Play tetris with zsh: + +autoload -U tetris +zle -N tetris +bindkey "^Xt" tetris + +Now press 'ctrl-x t'. +-- +Set up a router with grml + +Run grml-router script: +# grml-router + +Install dnsmasq if not already present: +# apt-get update ; apt-get install dnsmasq + +Adjust /etc/dnsmasq.conf according to your needs: +# cat >> /etc/dnsmasq.conf << EOF +domain-needed +bogus-priv +dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range +dhcp-option=3,192.168.0.1 # dns server +dhcp-option=1,255.255.255.0 # netmask +EOF + +Start dnsmasq finally: +# Restart dnsmasq +-- +Display stats about memory allocations performed by a program: + +Usage example for 'ls': + +% LD_PRELOAD=/lib/libmemusage.so ls > /dev/null +-- +Use KVM (Kernel-based Virtual Machine for Linux): + +Make sure to install the relevant tools: +# apt-get update ; apt-get install kvm +# modprobe kvm + +Test it with a minimal system like ttylinux: +# wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz +# gzip -d bootcd-i386-5.3.iso.gz +# kvm -cdrom bootcd-i386-5.3.iso +-- +EEPROM data decoding for SDRAM DIMM modules: + +# modprobe eeprom +# /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl +-- +Set up and use DVB: + +Make sure your device is supported by Linux and running. +See http://www.linuxtv.org/ for more details. + +If the DVB device works on your system (see 'hwinfo --usb' +when using a DVB usb device for example), then make sure you +have the scan util from dvb-utils available: + +# aptitude install dvb-utils + +Then create a channels.conf configuration file: + +% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf + +You can find some example configuration files on +your grml system in ~/.channels. Usage example: + +% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf + +Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html) +might be useful if you do not know the initial configuration +details. +-- +Get the lastest mercurial snapshot: + +Make sure you have the python-dev package available: +# apt-get update ; apt-get install python-dev + +Get and build the source: +% hg clone http://selenic.com/repo/hg mercurial +% cd mercurial +% make local +% export PYTHONPATH=$(pwd) +% export PATH=$PATH:$(pwd) + +now you should have the newest version of mercurial whenever you execute hg. + +To update to the lastest development snapshot, additionally use +the following commands: +% hg pull -u http://hg.intevation.org/mercurial/crew +% make local +-- +Configure timezone +================== + +Available bootoptions relevant in live-cd mode: +----------------------------------------------- + +* utc: set UTC, if your system clock is set to UTC (GMT) +* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc] +* tz=$option: set timezone to corresponding $option, usage example: + tz=Europe/Vienna + +Configuration options relevant on harddisk installation: +-------------------------------------------------------- + +* Use the tzconfig utility to set the local timezone: + + # tzconfig + + which adjusts /etc/timezone and /etc/localtime according + to the provided information. Running: + + # dpkg-reconfigure tzdata + + might be useful as well. + +* /etc/default/rcS: set variable UTC according to your needs, + whether your system clock is set to UTC (UTC='yes') or + not (UTC='no') + +* /etc/localtime: adjust zoneinfo according to your needs: + + # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime + + The zoneinfo directory contains the time zone files that were + compiled by zic. The files contain information such as rules + about DST. They allow the kernel to convert UTC UNIX time into + appropriate local dates and times. Use the zdump utility to + print current time and date (in the specified time zone). + +* /etc/adjtime: This file is used e.g. by the adjtimex function, + which can smoothly adjust system time while the system runs + +* If you change the time (using 'date --set ...', ntpdate,...) + it is worth setting also the hardware clock to the correct time: + + # hwclock --systohc [--utc] + + Remember to add the --utc -option if the hardware clock is set + to UTC! + +Still problems? +--------------- + +Check your current settings via: + + cat /etc/timezone + zdump /etc/localtime + echo $TZ + hwclock --show + grep hwclock /etc/runlevel.conf + grep '^UTC' /etc/default/rc + +Further information: +-------------------- + + hwclock(8) tzselect(1) tzconfig(8) + http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html + http://wiki.debian.org/TimeZoneChanges +-- +Recorder shellscript session using script: + +% script -t 2>~/upgrade.time -a ~/upgrade.script +% scriptreplay ~/upgrade.time ~/upgrade.script +-- +Test UTF-8 capabilities of terminal: + +wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz +zcat UTF-8-demo.txt.gz + +or: + +wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt +cat UTF-8-test.txt +-- +UTF-8 at grml / some general information regarding Unicde/UTF-8: + + http://wiki.grml.org/doku.php?id=utf8 +-- + +This allows one ssh connection attepmt per minute per source ip, with a initial +burst of 10. The available burst is like a counter which is initialised with +10. Every connection attempt decrements the counter, and every minute where the +connection limit of one per minute is not overstepped the counter is +incremented by one. If the burst counter is exhausted the real rate limit +comes into play. This gives you 11 connectionattepmts in the first minute +before blocked for 10minutes. After 10 minutes block the game restarts. + +Hint: you could set the burst value to 5 and the block time to only 5 minutes +to achive the same average connection rate but with halve the block time. + +iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \ + --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip \ + --hashlimit-htable-expire 600000 -j ACCEPT +iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT +-- +Tunnel a specific connection via socat: + +On the client: +% socat TCP4-LISTEN:8003 TCP4:gateway:500 + +On the gateway: +# socat TCP4-LISTEN:500,fork TCP4:target:$PORT + +Using localhost:8003 on the client uses the tunnel now. +-- +Set date: + +# date --set=060916102007 + +where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4) + +Set date using a relative date: + +# date -s '+3 mins' + +or + +# date -s '+tomorrow' + +Display a specific relative date: + +# date -d '+5 days -2 hours' + +Don't forget to set hardware clock via: + +# hwlock -w +-- +Booting grml via network / PXE: + +Start grml-terminalserver on a system with network access +and where grml is running: + +# grml-terminalserver + +Then booting your client(s) via PXE should work without +any further work. + +See: man grml-terminalserver + http://grml.org/terminalserver/ +-- +Debugging SSL communications: + +% openssl s_client -connect server.adress:993 > output_file +% openssl x509 -noout -text -in output_file + +or + +# ssldump -a -A -H -i eth0 + +See http://prefetch.net/articles/debuggingssl.html for more details. +-- +Remove bootmanager from MBR: + +# lilo -M /dev/hda -s /dev/null +-- +Rewrite grub to MBR: + +# mount /mnt/sda1 +# grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda +-- +Rewrite lilo to MBR: + +# mount /mnt/hda1 +# lilo -r /mnt/hda1 +-- +Create screenshot of plain/real console - tty1: + +# fbgrab -c 1 screeni.png +-- +Create screenshot when running X: + +% scrot + +Tip: use the gkrellshoot plugin when using gkrellm +-- +Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are +different networks: + +Run the following commands on hostA: + +echo 1 > /proc/sys/net/ipv4/ip_forward +iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB +iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT +iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT +iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA +-- +Flash BIOS without DOS/Windows: + +Dump flash info and set the flash chip to writable: +# flashrom + +Backup the original BIOS: +# flashrom -r backup.bin + +Notice: the following step will overwrite your current BIOS! +So make sure you really know what you are doing. + +Flash the BIOS image: +# flashrom -wv newbios.bin + +Also check out LinuxBIOS: http://linuxbios.org/ +-- +Enable shadow passwords: + +# shadowconfig on +-- +Set up an IPv6 tunnel on grml: + +# ipv6-tunnel start +-- +Set up console newsreader slrn for use with Usenet: + +% grml-slrn +-- +Calculate with IPv6 addresses: + +% ipv6calc + +For usage examples refer to manpage ipv6calc(8). +-- +Common network debugging tools for use with IPv6: + +% ping6 +% tracepath6 +% traceroute6 +% tracert6 +% nc6 +% tcpspray6 +-- +Set up NFS (Network File System): + +Server-side +~~~~~~~~~~~ +Make sure the relevant services are running on the server side: + +# /etc/init.d/portmap start +# /etc/init.d/nfs-common start +# /etc/init.d/nfs-kernel-server start + +Export shares via /etc/exports: + +/backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check) + +... or manually export a directory running: + +# exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups + +and unexport a share running: + +# exportfs -u 192.168.1.100:/backups + +and every time when you modify /etc/exports file run + +# exportfs -ra + +Display what NFS components are running: + +# rpcinfo -p + +Display list of exported shares: + +# exportfs -v +or +# showmount -e + +Client-side +~~~~~~~~~~~ +Make sure the relevant services are running on the client side: + +# /etc/init.d/portmap start +# /etc/init.d/nfs-common start + +Verify that the server allows you to access its RPC/NFS services: + +# rpcinfo -p server_name + +Check what directories the server exports: + +# showmount -e server_name + +On the client side you can use something like the following in /etc/fstab: + +192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0 +-- +Mount a cloop file: + +# aptitude install cloop-src +# m-a a-i cloop-src + +# modprobe cloop file=/path/to/cloop/file +# mount -r -t iso9660 /dev/cloop /mnt/test +-- +Create a PS/PDF of a plaintext file: + +% a2ps --medium A4dj -E -o output.ps input_file +% ps2pdf output.ps +-- +Print two pages on one in a PDF file: + +% pdfnup --nup 2x1 input.pdf + +Concatenate, extract pages/parts, encrypt/decrypt, +compress PDFs using 'pdftk'. +-- +Read a PS/PDF file on console: + +% pstotext file.pdf + +or on plain framebuffer console in graphical mode: + +% pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png + +or + +% fbgs file.pdf +-- +Bypass the password of a PDF file: + +% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit +-- +Record sound: + +% rec test.aiff + +This will record a AIFF audio file. +-- +Change passphrase / password of an existing SSH key: + +% ssh-keygen -p +-- +Enable syntax highlighting in nano: + +Just uncomment the include directives for your respective +language at the bottom of the file /etc/nanorc +-- +Create netboot package for grml-terminalserver: + +# bash /usr/share/doc/grml-terminalserver/examples/create-netboot +-- +To boot grml via network (PXE) check out grml-terminalserver: + +# grml-terminalserver + +See http://grml.org/terminalserver/ for more details. +-- +Rotate pictures: + +Using the 'Orientation' tag of the Exif header, rotate +the image so that it is upright: +% jhead -autorot *.jpg + +Manually rotate a picture: +% convert -rotate 270 input.jpg output.jpg +-- +Rename files based on the information inside their exif header: + +% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg + +This will rename a file named img_2071.jpg to something like: + +2007-08-17_10h38_img_2071.jpg + +if it was shot at 10:38 o'clock on 2007-08-17 (according to +the information inside the exif header). +-- +Calculate network / netmask: + +Usage examples: +% ipcalc 10.0.0.28 255.255.255.0 +% ipcalc 10.0.0.0/24 +-- +Blacklist a kernel module: + +# blacklist + +-> running 'blacklist hostap_cs' for example will generate an +entry like this in /etc/modprobe.d/grml: + +blacklist hostap_cs +alias hostap_cs off + +To remove the module from the blacklist again just invoke: + +# unblacklist + +or manually remove the entry from /etc/modprobe.d/grml. +-- +Create a Debian package of a perl module: + +% dh-make-perl --cpan Acme::Smirch --build +-- +The Magic SysRq Keys (SysReq or Sys Req, short for System Request): + +To reboot your system using the SysRq keys just hold down the Alt and +SysRq (Print Screen) key while pressing the keys REISUB ("Raising +Elephants Is So Utterly Boring"). +R = take the keyboard out of raw mode +E = terminates all processes (except init) +I = kills all processes (except init) +S = synchronizes the disk(s) +U = remounts all filesystems read-only +B = reboot the system + +Notice: use O instead of B for poweroff. + +Or write the sequence to /proc/sysrq-trigger instead: + +# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done + +To enable or disable SysRq calls: + +# echo 0 > /proc/sys/kernel/sysrq +# echo 1 > /proc/sys/kernel/sysrq + +See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details. +-- +Memtest / memcheck: + +Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest +with Memtest86+. +-- +Tunnel TCP-Traffic through DNS using dns2tcp: + +Server-side: +~~~~~~~~~~~~ +1. Create necessary DNS-Records: +dnstun.example.com. 3600 IN NS host.example.com. +dnstun.example.com. 3600 IN A 192.168.1.1 +host.example.com. 3600 IN A 192.168.1.1 + +2. Configure dns2tcpd on host.example.com.: +# cat /etc/dns2tcpd.conf +listen = 192.168.1.1 #the ip dns2tcpd should listen on +port = 53 #" port " " " " +user = nobody +chroot = /tmp +domain = dnstun.example.com. # the zone as specified inside dns +ressources = ssh:127.0.0.1:22 # available resources + +3. Start the daemon: +# cat > /etc/default/dns2tcp << EOF +# Set ENABLED to 1 if you want the init script to start dns2tcpd. +ENABLED=1 +USER=nobody +EOF +# /etc/init.d/dns2tcp start + +Client-side: +~~~~~~~~~~~~ +You have two possibilities: +- Use the DNS inside your network (DNS must allow resolving for external domains) +# grep nameserver /etc/resolv.conf +nameserver 172.16.42.1 +# dns2tcpc -z dnstun.example.com 172.16.42.1 +Available connection(s) : + ssh +# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 & +Listening on port : 2222 +# ssh localhost -p 2222 +user@host.example.com:~# + +- Directly contact the endpoint (port 53 UDP must be allowed outgoing) +# dns2tcpc -z dnstun.example.com dnstun.example.com +Available connection(s) : + ssh +# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com & +Listenning on port : 2222 +# ssh localhost -p 2222 +user@host.example.com:~# + +Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on +localhost:8080 which you can use to tunnel everything through your "dns-uplink". +-- +Configure a MadWifi device for adhoc mode: + +Disable the autocreation of athX devices: +# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi + +Remove the autocreated device for now: +# wlanconfig ath0 destroy + +Configuration in /etc/network/interfaces: + +iface ath0 inet static + madwifi-base wifi0 + madwifi-mode adhoc + ... + +Hints: + - Do not use interface names without ending 0 (otherwise startup fails). + - Only chooss unique names for interfaces. +-- +Find dangling symlinks using zsh: + +% ls **/*(-@) +-- +Use approx with runit supervision +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Install the packages: +# apt-get install approx runit + +Add user approxlog for the logging daemon: +# adduser --system --home /nonexistent --no-create-home approxlog + +Create config directory: +# mkdir /etc/sv/approx + +Use /var/run/sv.approx as supervise directory: +# ln -s /var/run/sv.approx /etc/sv/approx/supervise + +# cat > /etc/sv/approx/run << EOF +#!/bin/sh +echo 'approx starting' +exec approx -f 2>&1 +EOF + +You normally do not need a logging service for approx because it logs +to syslog too. So just for completion: +# mkdir -p /etc/sv/approx/log +# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise +# cat > /etc/sv/approx/log/run << EOF +#!/bin/sh +set -e +LOG="/var/log/approx" +test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG" +exec chpst -uapproxlog svlogd -tt -v "$LOG" +EOF + +Now activate the new approx service (will be started within 5s): +# ln -s /etc/sv/approx/ /var/service/ + +Make approx managed via runit available via init-script interface: +# dpkg-divert --local --rename /etc/init.d/approx +# ln -s /usr/bin/sv /etc/init.d/approx +-- +Remote-reboot a grml system using SysRQ via /proc (execute as root): + +eject &>/dev/null +umount -l /cdrom +eject /dev/cdrom +echo b > /proc/sysrq-trigger +-- +Show what happens on /dev/sda0: + +# mount the debugfs to relay kernel info to userspace +mount -t debugfs none /sys/kernel/debug + +# is a convenient wrapper arround blktrace and blkparse +btrace /dev/sda0 +-- +Convert Flash to Avi: + +% ffmpeg -i input.flv output.avi + +Extract MP3 from Flash file: + +% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done +-- +Usage example for cryptsetup / -luks encrypted partition on LVM: + +volume group name: x61 +logical volume name: home + +echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab +Start cryptdisks +mount /dev/mapper/grml-crypt_home /mnt/test +-- +fdisk/parted/... complains with something like +'unable to open /dev/sda - unrecognised disk label'?! + +See http://grml.org/faq/#fdisk => + +* use /sbin/fdisk.distrib from util-linux +* switch to sfdisk, cfdisk,... +* use parted's mklabel command (but please read the + parted manual before executing this command) +-- +dmraid - support for SW-RAID / FakeRAID controllers +like Highpoint HPT and Promise FastTrack + +Activate all software RAID sets discovered: +# dmraid -ay + +Deactivates all active software RAID sets: +# dmraid -an + +Discover all software RAID devices supported on the system: +# dmraid -r +-- +Extract winmail.dat: + +List content: +% ytnef winmail.dat + +Extract files to current directory: +% ytnef -f . winmail.dat +-- +Approx - Debian package proxy/cacher howto + +% apt-get install approx +% echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf +% Restart approx + +Add your new approx to sources.list + +eg. +deb http://localhost:9999/debian unstable main contrib non-free + +use approx in grml-debootstrap like: +% grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian +-- +Simple webserver with python: + +% python -m SimpleHTTPServer +-- +Upgrade only packages from the grml-stable Debian repository: + +echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list +apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update +apt-get upgrade +-- +Install Centos into a directory: + +% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/ +-- +Install Fedora into a directory: + +% febootstrap fedora-11 target_directory +-- +Use Nessus / OpenVAS (remote network security auditor): + +Install software packages: +# apt-get update +# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg + +Add a user: +# openvas-adduser + +Start openvas server (takes a while): +# Start openvas-server + +Invoke client as user: +% OpenVAS-Client +-- +Find packages not available from any active apt repository: + +% apt-show-versions | awk '/No available version in archive/{print $1}' +-- +Simple mailserver with python: + +% python -m smtpd -n -c DebuggingServer localhost:1025 +-- +finger via netcat: + +echo $USER | nc $HOST 79 +-- +Install Archlinux using Grml: + +https://wiki.archlinux.org/index.php/Install_from_Existing_Linux +or +wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh +--