Scratchpaper.txt - the intestinal tract of linux notes
| scratchpaper.txt - the intestinal tract of linux notes | created June 1998 |
| /sbin/ifconfig | pico -w disables word wrap | |
| /sbin/ifup eth0 | su -l login as root | |
| *from telnet CTRL-H backspace, CTRL-D delete |
- /etc/sysconfig/network-scripts/ifcfg-eth0
- ONBOOT YES
- /usr/sbin/in.telnetd
- /var/log/*
- /etc/inetd.conf
- talcon=zygotech@itsnet.com
- /etc/passwd
- /etc/securetty
ftp.linpeople.org/pub/incoming
- diff ls -la .xdefaults
- .Xmodmap 22=backspace
/--> DontZap in section 'ServerFlags' in /etc/X11/XF86Config < \--> shift-control-alt-backspace /etc/skel
- Jun 7 12:37:43 host inetd[736]:getpwnam:root:No such user
telnet stream tcp nowait root /usr.sbin/tcpd in.telnetd
- modprobe /lib/modules/2.0.32/net/tulip.o
- /sbin/ifup eth0
| #!/bin/bash | ||
| PATH=/sbin/:/usr/sbin | ||
| route del -net 192.168.12.0 | ||
| /etc/sysconfig/network-scripts/dwifup | route add 192.168.12.0 gw 192.168.12.254 | |
| /sbin/ifup | ||
| route add default gw 192.168.12.254 eth0 | ||
| /proc/net/socket | ||
| /proc/net/dev | ||
| /etc/init.d/network | sysctl: ip forwarding off | |
192.168.12.128
network mask: 255.255.255.0
network address: 192.168.12.0
gateway: 192.168.12.254
route -v
- 3c59c.c 3com 905B
- 192.168.12.253
- net-tools-1.33-4.src.rpm
- netcfg-2.19-3.src.rpm
- netkit-base-0.10-5.src.rpm
- /lib/modules/2.0.32/net
- /etc/rc.d/rc2.d
warning: unknown PCI device (10b7:9055) please read include/linux/pci.h
/msdos 502 / hda1 78 LN /usr 1004 /usr hda5 1004 LN /home 1004 /home hda6 1004 LN /usr/local 1004 /usr/local hda7 1004 LN /sur/src 282 /msdos hda8 502 dos 16bit >=32 /tmp 133 /usr/src hda9 282 LN / 78 /tmp hda10 133 LN SWAP 125 SWAP hda11 125 swap
- /tmp/install.log
- 300hex 10irq cc000 8013
[root@bigdog /root]# cat /etc/sysconfig/network NETWORKING=yes FORWARD_IPV4=no HOSTNAME=bigdog.robotz.com GATEWAYDEV=eth0 GATEWAY=192.168.12.254
if [ "${GATEWAY}" != "" ]; then
if [ "${GATEWAYDEV}" = "" -o "${GATEWAYDEV}" = "${DEVICE}" ]; then
# set up default gateway
route add default gw ${GATEWAY} ${DEVICE}
DEFGW=${GATEWAY}
fi
fi
_______________________________________
| |
| this is really old and inacurate: |
| 1114mb 222x5 |
| |
| /usr 300 |
| /home 264 |
| /usr/local 300 |
| /usr/src 200 |
| /tmp 50 |
| / 80 |
| SWAP 32 |
| -------------------- |
|_______________________________________|
I am trapped in telnet: press CNTRL-] to get telnet> prompt
There are three: (port 113), time (port 37), and daytime (port 13).
NTP runs on port 123 using udp
- ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123
- ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123
- ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123
More on ipchains
First estable default policies
You may deny all or accept all depending on how paranoid you are.
:input ACCEPT :forward DENY :output ACCEPT ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
This annoying tosser doesn't even get to see our web site***
ipchains -A input -p tcp -s x.x.x.x -d 0/0 80 -y -j REJECT
Below we block access to port 110 pop3 and ssh so we let a few friends in***
ipchains -A input -p tcp -s x.x.x.x -d 0/0 22 -y -j ACCEPT ipchains -A input -p tcp -s x.x.x.x -d 0/0 110 -y -j ACCEPT
Since we were not paranoid we should block ports not being used.
ipchains -A input -p tcp -s 0/0 -d 0/0 0:19 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 23:24 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 26:79 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 81:1023 -y -j REJECT
You may wish to block udp on all standard ports below 1024
ipchains -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
Do not reply to ICMP TIMESTAMP packets
ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-request -l ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-reply -l
*ipchains are processed in the order read from the top down. See how IP x.x.x.x is blocked right away. Also, we accept ssh and pop from another IP address x.x.x.x before the port is blocked 3 lines later.
wow, new stuff 2003!
I want to find out what version of bind you are running:
nslookup -q=txt -class=chaos version.bind. <host address>
I want to hide from people what version of bind I am running:
vi /etc/named.conf
options {
directory "/var/named";
auth-nxdomain yes;
version "x";
};
It's the version part that allows you to spoof your bind version.
nslookup -q=txt -class=CHAOS version.bind. localhost
lilo: linux single
grub: When GRUB boots up, select the version of the kernel that you wish to boot and type e for edit. You will be presented with a list of items in the configuration file for the title you just selected.
Select the line that starts with kernel and type e to edit the line.
Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode.
Back at the GRUB screen, type b to boot into single user mode.
server: client: ntpd -dddd &_ ntpdate addressof.timeserver.com ntpq -p ntptimeset
Parse a password file, removing everything but the username [with vi and Regular Expressions]
:1,$s/:x:.*false//
The central concepts are superblock, inode, data block, directory block, and indirection block. The superblock contains information about the filesystem as a whole, such as its size (the exact information here depends on the filesystem). An inode contains all information about a file, except its name. The name is stored in the directory, together with the number of the inode. A directory entry consists of a filename and the number of the inode which represents the file. The inode contains the numbers of several data blocks, which are used to store the data in the file. There is space only for a few data block numbers in the inode, however, and if more are needed, more space for pointers to the data blocks is allocated dynamically. These dynamically allocated blocks are indirect blocks; the name indicates that in order to find the data block, one has to find its number in the indirect block first.
- wrong:
STMP = `stty size`:echo $STMP
- right:
STMP=`stty size`;echo $STMP
echo "test"|sed "s/test/cat/" echo "test"|sed "s/.//" STMP=`stty size`;echo $STMP|sed "s/.*//" screen terminal size: STMP=`stty size`;echo $STMP|sed "s/\ .*$//" STMP=`stty size`;echo $STMP|sed "s/^.*\ //" while $null; do echo "hi"; sleep 2s; done
he often stops jobs and then forgets about them He uses his prompt to remind himself of stopped jobs export PS1='\W[\j]\$ '
Redhat Linux default prompt: PS1='[\u@\h \W]\$ ' Trustix Linux default prompt: PS1='\u@\h \w\$ '
want the complete count
function stoppedjobs {
-- jobs -s | wc -l | sed -e "s/ //g"
-- }
export PS1='\W[`stoppedjobs`]\$ '
- Relative speed: 'jobs -s | wc -l | sed -e "s/ //g" ' takes about 0.24 seconds on an unloaded 486SX25
How to create a new partition, using all of the scsi drive.
--- vmware installation notes ---
fdisk /dev/sda | for debian linux |
| 1. apt-get install gcc-2.95 |
n = create new | 2. dpkg -L gcc-2.95 |
| 3. exportCC=/usr/bin/gcc-2.95 | <- observe dash bonehead
p = primary | 4. ./vmware-installer.pl |
| 5. /usr/bin/vmware |
w = write |_________________________________|
mke2fs -j -L /home /dev/sda
-j creates journal for ext3 filesystem
-L specifies volume label
This filesystem will be automatically checked every 25 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
- e2label will display or change the filesystem label on the ext2 filesystem located on device.
- If the optional argument new-label is not present, e2label will simply display the current filesystem label.
force drive controller down to 16 MB/s Multiword DMA Mode 2, since the corruption problem only happens in UltraDMA mode. Use the following command (as root) to select MWDMA mode 2 for device hda:
hdparm -X34 /dev/hda
(-X66 instead of -X34 goes back to UltraDMA.)
Q: I use iptables, but netstat -M won't show masqueraded connections. How do I see them? A: No support for iptables in netstat, the -M is for ipchains+masquerade. Instead you can type this: 'cat /proc/net/ip_conntrack'
cat /usr/local/sendmail/virtusertable|grep "^user\."|sed s/org.*$/org/
To hide your version of bind, add the following value to named.conf version "[SECURED]" in the options section section as follows:
options {
directory "/var/named"; version "[SECURED]";
};
If new hardware is not recognized, a reconfiguration boot might help. During the reconfiguration boot, the anaconda hardware configuration program is run with the --reconfig option.
Directions To perform a reconfiguration boot, create an empty file called /etc/reconfigSys:
touch /etc/reconfigSys
download Knoppix from ftp.cise.ufl.edu at 148 KB/s
symbols for setting file permissions in symbolic mode ------------------------------------------------------------------------------- Symbol Function* Description u Who User (owner) g Who Group o Who Others A Who All = Operation Assign + Operation Add - Operation Remove r Permission Read w Permission Write x Permission Execute l Permission Mandatory locking, setgid bit is on, group execution bit is off s Permission setuid or setgid bit is on S Permission suid bit is on, user execution bit is off t Permission Sticky bit is on, execution bit for others is on T Permission Sticky bit is on, execution bit for others is off ------------------------------------------------------------------------------- The who, operator, and permissions designations in the function column specify the symbols that change the permissions on the file or directory.
graphics: netpbm
make pdf: from tiff, Use Tiff to PS (in linux)
tiff2ps *.tiff > tiffs.ps
from PS to PDF
ps2pdf tiffs.ps
What it looks like when someone has a backdoor and they don't know it...
6969 TCP acmsoda acmsoda 2000 Cracks, Net Controller,IRC 3, GateCrasher, Danton, Priority, 2000Cracks, Bigorna Initiating SYN Stealth Scan against CPE-143-238-120-x.nsw.bigpond.net.au (143.238.120.x) (The 1541 ports scanned but not shown below are in state: filtered) Port State Service 6969/tcp closed acmsoda
Services registered for this port (from Neohapsis) Protocol Service Name tcp 2000Cracks [trojan] 2000 Cracks tcp acmsoda tcp Danton [trojan] Danton tcp GateCrasher [trojan] GateCrasher tcp GateCrasher [trojan] GateCrasher tcp IRC3 [trojan] IRC 3 tcp NetController [trojan] Net Controller tcp Priority [trojan] Priority udp acmsoda
"a daemon for monitoring the temperature of the
soda machine in the computer lab hall".
To check Hard Drive speed
# /sbin/hdparm -Tt /dev/hdx /dev/hdy
where 'x' and 'y' (etc.) are the drive letters you wish to test. It will give you a transfer rate readout.
using split to fit large archives on dvdr
split -b 1048576k fresh-w2k-amd1k-2004091001.gz split_fresh-w2k-amd1k-2004091001.gz.
which - shows the full path of (shell) commands.
lspci lsmod ifconfig -a
/sbin/lspci -vvx <-- which gives verbose info about the PCI bus.
mknod -m 666 /dev/video1394/0 c 171 16 <-- making a device example
Vitesse VSC8201RX VSC8201 VITESSE 8201 onboard ethernet
Ethernet PHY Device
- Modern ethernet subsystems are often separated into two pieces, the media access controller (sometimes known as a MAC) and the physical device or line interface (often referred to as a PHY). In this case, the MAC handles generating and parsing physical frames and the PHY handles how this data is actually moved to/from the wire. The MAC and PHY communicate via a special protocol, known as MII. This MII protocol can handle control over the PHY which allows for selection of such transmission criteria as line speed, duplex mode, etc.
Support for the Cicada 8201 PHY, a.k.a Vitesse VSC8201. This PHY is present on the MPC8349mITX.
drivers/net/phy/cicada.c
lspci: Bridge: nVidia Corporation MCP51 Ethernet Controller (rev a1)
- Network Controller 1 x VITESSE VSC8201RX 10/100/1000Mbps
- nVidia nForce 430 chipsets
- K8NGM2-FID Windows XP reports:
-Network Adapters +1394 Net Adapter +NVIDIA nForce Networking Controller -NVIDIA Network Bus Enumerator +NVIDIA Network Bus Enumerator
Vitesse and Marvell likely won't without recompiling.
The card is listed in the network preferences, but the actual device /dev/net/nforcedeth does not exist.
it shows up in Devices as "Bridge Device"
vendor id: 0x10de card id: 0x269
http://ubuntuforums.org/showthread.php?t=164734&highlight=K8NGM2-FID
- Ubuntu wants to use the forcedeth driver for the ethernet port
- MSI K8NGM2-FID board. Ubuntu wants to use the forcedeth driver for the ethernet port, but (for me) that driver only works if I power down then boot into ubuntu (I dual boot with winxp). If I have been in xp and just reboot into ubuntu, it won't work. So, as a workaround, I have been using the NVIDIA nforce drivers (for the ethernet only, not the sound as it works with the ALSA
driver), and it works fine if you unload both drivers (forcedeth and nvnet), then modprobe nvnet, then reconfigure networking (sudo invoke-rc.d networking restart).
forcedeth 23428 0
compile and use Nvidia's nvnet network driver rather than forcedeth
NFORCE-Linux-x86_64-1.0-0306-pkg1.run
nvnet.ko
MCP51 nvnet
tc command set Netem Network Emulation functionality http://linux-net.osdl.org/index.php/Netem
# tc qdisc add dev eth0 root netem delay 100ms
In g4u Ghost For Unix ghost for unix Now set the IP address by running the command ifconfig <ip address> netmask <subnet mask>. For example, to set the IP address on interface pcn0, you would run ifconfig pcn0 192.168.0.10 netmask 255.255.255.0. ifconfig xx0 1.2.3.4 netmask 255.255.255.0 route add default 2.3.4.5
Now set the IP address by running the command ifconfig <ip address> netmask <subnet mask>. For example, to set the IP address on interface pcn0, you would run
ifconfig pcn0 192.168.0.10 netmask 255.255.255.0.
Ports, Protocols, and Daemons
In the /etc/services file you will find a few lines that refer to Samba services:
- netbios-ns 137/tcp # NetBIOS Name Service
- netbios-ns 137/udp
- netbios-dgm 138/tcp # NetBIOS Datagram Service
- netbios-dgm 138/udp
- netbios-ssn 139/tcp # NetBIOS Session Service
- netbios-ssn 139/udp
- microsoft-ds 445/tcp # Microsoft Directory Service
- microsoft-ds 445/udp
The picture this provides is somewhat deceiving, since the half of those lines could be removed and condensed to:
- netbios-ns 137/udp # NetBIOS Name Service
- netbios-dgm 138/udp # NetBIOS Datagram Service
- netbios-ssn 139/tcp # NetBIOS Session Service
- microsoft-ds 445/tcp # Microsoft Directory Service
When booting a livecd on a modern sata system with an ide for cdrom, the cdrom fails to mount, no ide found.
- No ide channels found
The solution: add a kernel parameter at bootloader prompt. >livecd irqprobe all-generic-ide
