Scratchpaper.txt - the intestinal tract of linux notes

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 13:46, 26 June 2007 by Admin (Talk | contribs)

Jump to: navigation, search
scratchpaper.txt - the intestinal tract of linux notes     created June 1998
/sbin/ifconfig     pico -w disables word wrap
/sbin/ifup eth0     su -l login as root
      *from telnet CTRL-H backspace, CTRL-D delete
/etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT YES
/usr/sbin/in.telnetd
/var/log/*
/etc/inetd.conf
talcon=zygotech@itsnet.com
/etc/passwd
/etc/securetty

ftp.linpeople.org/pub/incoming

diff               ls -la .xdefaults
.Xmodmap 22=backspace
  /--> DontZap in section 'ServerFlags' in /etc/X11/XF86Config
 <
  \--> shift-control-alt-backspace                                     /etc/skel
  • Jun 7 12:37:43 host inetd[736]:getpwnam:root:No such user

telnet stream tcp nowait root /usr.sbin/tcpd in.telnetd

modprobe /lib/modules/2.0.32/net/tulip.o
/sbin/ifup eth0


#!/bin/bash      
PATH=/sbin/:/usr/sbin      
      route del -net 192.168.12.0
/etc/sysconfig/network-scripts/dwifup     route add 192.168.12.0 gw 192.168.12.254
/sbin/ifup      
      route add default gw 192.168.12.254 eth0
/proc/net/socket      
/proc/net/dev      
/etc/init.d/network     sysctl: ip forwarding off
       
                 192.168.12.128
   network mask: 255.255.255.0
network address: 192.168.12.0
        gateway: 192.168.12.254

route -v

3c59c.c 3com 905B
192.168.12.253
  • net-tools-1.33-4.src.rpm
  • netcfg-2.19-3.src.rpm
  • netkit-base-0.10-5.src.rpm
/lib/modules/2.0.32/net
/etc/rc.d/rc2.d

warning: unknown PCI device (10b7:9055) please read include/linux/pci.h

/msdos         502             /               hda1    78      LN
/usr           1004            /usr            hda5    1004    LN
/home          1004            /home           hda6    1004    LN
/usr/local     1004            /usr/local      hda7    1004    LN
/sur/src       282             /msdos          hda8    502     dos 16bit >=32
/tmp           133             /usr/src        hda9    282     LN
/              78              /tmp            hda10   133     LN
SWAP           125             SWAP            hda11   125     swap
/tmp/install.log
300hex 10irq cc000 8013
[root@bigdog /root]# cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=no
HOSTNAME=bigdog.robotz.com
GATEWAYDEV=eth0
GATEWAY=192.168.12.254
    if [ "${GATEWAY}" != "" ]; then
        if [ "${GATEWAYDEV}" = "" -o "${GATEWAYDEV}" = "${DEVICE}" ]; then
            # set up default gateway
            route add default gw ${GATEWAY} ${DEVICE}
            DEFGW=${GATEWAY}
        fi
    fi  


                                _______________________________________
                               |                                       |
                               | this is really old and inacurate:     |
                               | 1114mb 222x5                          |
                               |                                       |
                               | /usr           300                    |
                               | /home          264                    |
                               | /usr/local     300                    |
                               | /usr/src       200                    |
                               | /tmp            50                    |
                               | /               80                    |
                               | SWAP            32                    |
                               | --------------------                  |
                               |_______________________________________|

I am trapped in telnet: press CNTRL-] to get telnet> prompt

There are three: (port 113), time (port 37), and daytime (port 13).

NTP runs on port 123 using udp

  • ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123
  • ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123
  • ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123

More on ipchains

First estable default policies

You may deny all or accept all depending on how paranoid you are.

 :input ACCEPT
 :forward DENY
 :output ACCEPT
 ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPT

This annoying tosser doesn't even get to see our web site***

 ipchains -A input -p tcp -s x.x.x.x -d 0/0 80 -y -j REJECT

Below we block access to port 110 pop3 and ssh so we let a few friends in***

 ipchains -A input -p tcp -s x.x.x.x -d 0/0 22 -y -j ACCEPT
 ipchains -A input -p tcp -s x.x.x.x -d 0/0 110 -y -j ACCEPT

Since we were not paranoid we should block ports not being used.

 ipchains -A input -p tcp -s 0/0 -d 0/0 0:19 -y -j REJECT
 ipchains -A input -p tcp -s 0/0 -d 0/0 23:24 -y -j REJECT
 ipchains -A input -p tcp -s 0/0 -d 0/0 26:79 -y -j REJECT
 ipchains -A input -p tcp -s 0/0 -d 0/0 81:1023 -y -j REJECT

You may wish to block udp on all standard ports below 1024

 ipchains -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT

Do not reply to ICMP TIMESTAMP packets

 ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-request -l
 ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-reply -l

*ipchains are processed in the order read from the top down. See how IP x.x.x.x is blocked right away. Also, we accept ssh and pop from another IP address x.x.x.x before the port is blocked 3 lines later.

wow, new stuff 2003!

I want to find out what version of bind you are running:

nslookup -q=txt -class=chaos version.bind. <host address>

I want to hide from people what version of bind I am running:

vi /etc/named.conf

options {
        directory "/var/named";
        auth-nxdomain yes;
        version "x";
};

It's the version part that allows you to spoof your bind version.

nslookup -q=txt -class=CHAOS version.bind. localhost

lilo: linux single

grub: When GRUB boots up, select the version of the kernel that you wish to boot and type e for edit. You will be presented with a list of items in the configuration file for the title you just selected.

Select the line that starts with kernel and type e to edit the line.

Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode.

Back at the GRUB screen, type b to boot into single user mode.

server:               client:
ntpd -dddd &_         ntpdate addressof.timeserver.com
ntpq -p               ntptimeset

Parse a password file, removing everything but the username [with vi and Regular Expressions]

:1,$s/:x:.*false//

The central concepts are superblock, inode, data block, directory block, and indirection block. The superblock contains information about the filesystem as a whole, such as its size (the exact information here depends on the filesystem). An inode contains all information about a file, except its name. The name is stored in the directory, together with the number of the inode. A directory entry consists of a filename and the number of the inode which represents the file. The inode contains the numbers of several data blocks, which are used to store the data in the file. There is space only for a few data block numbers in the inode, however, and if more are needed, more space for pointers to the data blocks is allocated dynamically. These dynamically allocated blocks are indirect blocks; the name indicates that in order to find the data block, one has to find its number in the indirect block first.

  • wrong:
STMP = `stty size`:echo $STMP
  • right:
STMP=`stty size`;echo $STMP
echo "test"|sed "s/test/cat/"
echo "test"|sed "s/.//"

STMP=`stty size`;echo $STMP|sed "s/.*//"

screen terminal size:
STMP=`stty size`;echo $STMP|sed "s/\ .*$//"
STMP=`stty size`;echo $STMP|sed "s/^.*\ //"

while $null; do echo "hi"; sleep 2s; done

he often stops jobs and then forgets about them He uses his prompt to remind himself of stopped jobs export PS1='\W[\j]\$ '

 Redhat Linux default prompt:  PS1='[\u@\h \W]\$ '
Trustix Linux default prompt:  PS1='\u@\h \w\$ '

want the complete count

function stoppedjobs {
-- jobs -s | wc -l | sed -e "s/ //g"
-- }
export PS1='\W[`stoppedjobs`]\$ '
  • Relative speed: 'jobs -s | wc -l | sed -e "s/ //g" ' takes about 0.24 seconds on an unloaded 486SX25

How to create a new partition, using all of the scsi drive.

                                                                 --- vmware installation notes ---
fdisk /dev/sda                                                  |       for debian linux          |
                                                                | 1. apt-get install gcc-2.95     |
  n = create new                                                | 2. dpkg -L gcc-2.95             |  
                                                                | 3. exportCC=/usr/bin/gcc-2.95   | <- observe dash bonehead
  p = primary                                                   | 4. ./vmware-installer.pl        |
                                                                | 5. /usr/bin/vmware              |
  w = write                                                     |_________________________________|

mke2fs -j -L /home /dev/sda
 
  -j creates journal for ext3 filesystem
  -L specifies volume label

This filesystem will be automatically checked every 25 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.

e2label will display or change the filesystem label on the ext2 filesystem located on device.
If the optional argument new-label is not present, e2label will simply display the current filesystem label.

force drive controller down to 16 MB/s Multiword DMA Mode 2, since the corruption problem only happens in UltraDMA mode. Use the following command (as root) to select MWDMA mode 2 for device hda:

hdparm -X34 /dev/hda

(-X66 instead of -X34 goes back to UltraDMA.)

Q: I use iptables, but netstat -M won't show masqueraded connections. How do I see them? A: No support for iptables in netstat, the -M is for ipchains+masquerade. Instead you can type this: 'cat /proc/net/ip_conntrack'

cat /usr/local/sendmail/virtusertable|grep "^user\."|sed s/org.*$/org/

To hide your version of bind, add the following value to named.conf version "[SECURED]" in the options section section as follows:

options {

  directory "/var/named";
  version "[SECURED]";

};

If new hardware is not recognized, a reconfiguration boot might help. During the reconfiguration boot, the anaconda hardware configuration program is run with the --reconfig option.

Directions To perform a reconfiguration boot, create an empty file called /etc/reconfigSys:

touch /etc/reconfigSys

download Knoppix from ftp.cise.ufl.edu at 148 KB/s

symbols for setting file permissions in symbolic mode
-------------------------------------------------------------------------------
Symbol         Function*       Description
u      Who             User (owner)
g      Who             Group
o      Who             Others
A      Who             All
=      Operation       Assign
+      Operation       Add
-      Operation       Remove
r      Permission      Read
w      Permission      Write
x      Permission      Execute
l      Permission      Mandatory locking, setgid bit is on, group execution bit is off
s      Permission      setuid or setgid bit is on
S      Permission      suid bit is on, user execution bit is off
t      Permission      Sticky bit is on, execution bit for others is on
T      Permission      Sticky bit is on, execution bit for others is off
-------------------------------------------------------------------------------
The who, operator, and permissions designations in the function column specify
the symbols that change the permissions on the file or directory.

graphics: netpbm


make pdf: from tiff, Use Tiff to PS (in linux)

 tiff2ps *.tiff > tiffs.ps

from PS to PDF

 ps2pdf tiffs.ps

What it looks like when someone has a backdoor and they don't know it...

6969 	TCP 	acmsoda 	acmsoda 	
2000 Cracks, Net Controller,IRC 3, GateCrasher, Danton, Priority, 2000Cracks, Bigorna
Initiating SYN Stealth Scan against CPE-143-238-120-x.nsw.bigpond.net.au (143.238.120.x)
(The 1541 ports scanned but not shown below are in state: filtered)
Port       State       Service
6969/tcp   closed      acmsoda
Services registered for this port (from Neohapsis)
Protocol	Service	Name
tcp	2000Cracks	[trojan] 2000 Cracks
tcp	acmsoda	
tcp	Danton	[trojan] Danton
tcp	GateCrasher	[trojan] GateCrasher
tcp	GateCrasher	[trojan] GateCrasher
tcp	IRC3	[trojan] IRC 3
tcp	NetController	[trojan] Net Controller
tcp	Priority	[trojan] Priority
udp	acmsoda	
"a daemon for monitoring the temperature of the

soda machine in the computer lab hall".


To check Hard Drive speed

# /sbin/hdparm -Tt /dev/hdx /dev/hdy 

where 'x' and 'y' (etc.) are the drive letters you wish to test. It will give you a transfer rate readout.


using split to fit large archives on dvdr

split -b 1048576k fresh-w2k-amd1k-2004091001.gz split_fresh-w2k-amd1k-2004091001.gz.

which - shows the full path of (shell) commands.

lspci
lsmod
ifconfig -a

/sbin/lspci -vvx <-- which gives verbose info about the PCI bus.

mknod -m 666 /dev/video1394/0 c 171 16 <-- making a device example

 

 


Vitesse VSC8201RX VSC8201 VITESSE 8201 onboard ethernet


Ethernet PHY Device

Modern ethernet subsystems are often separated into two pieces, the media access controller (sometimes known as a MAC) and the physical device or line interface (often referred to as a PHY). In this case, the MAC handles generating and parsing physical frames and the PHY handles how this data is actually moved to/from the wire. The MAC and PHY communicate via a special protocol, known as MII. This MII protocol can handle control over the PHY which allows for selection of such transmission criteria as line speed, duplex mode, etc.

Support for the Cicada 8201 PHY, a.k.a Vitesse VSC8201. This PHY is present on the MPC8349mITX.

drivers/net/phy/cicada.c
lspci: Bridge: nVidia Corporation MCP51 Ethernet Controller (rev a1)
  • Network Controller 1 x VITESSE VSC8201RX 10/100/1000Mbps
  • nVidia nForce 430 chipsets
  • K8NGM2-FID Windows XP reports:
-Network Adapters
  +1394 Net Adapter
  +NVIDIA nForce Networking Controller
-NVIDIA Network Bus Enumerator
  +NVIDIA Network Bus Enumerator

Vitesse and Marvell likely won't without recompiling.

The card is listed in the network preferences, but the actual device /dev/net/nforcedeth does not exist.

it shows up in Devices as "Bridge Device"

vendor id: 0x10de 
card id: 0x269

http://ubuntuforums.org/showthread.php?t=164734&highlight=K8NGM2-FID

Ubuntu wants to use the forcedeth driver for the ethernet port
MSI K8NGM2-FID board. Ubuntu wants to use the forcedeth driver for the ethernet port, but (for me) that driver only works if I power down then boot into ubuntu (I dual boot with winxp). If I have been in xp and just reboot into ubuntu, it won't work. So, as a workaround, I have been using the NVIDIA nforce drivers (for the ethernet only, not the sound as it works with the ALSA

driver), and it works fine if you unload both drivers (forcedeth and nvnet), then modprobe nvnet, then reconfigure networking (sudo invoke-rc.d networking restart).

forcedeth 23428 0

compile and use Nvidia's nvnet network driver rather than forcedeth

NFORCE-Linux-x86_64-1.0-0306-pkg1.run

nvnet.ko

MCP51 nvnet


tc command set Netem Network Emulation functionality http://linux-net.osdl.org/index.php/Netem

# tc qdisc add dev eth0 root netem delay 100ms

In g4u Ghost For Unix ghost for unix Now set the IP address by running the command ifconfig <ip address> netmask <subnet mask>. For example, to set the IP address on interface pcn0, you would run ifconfig pcn0 192.168.0.10 netmask 255.255.255.0. ifconfig xx0 1.2.3.4 netmask 255.255.255.0 route add default 2.3.4.5

Now set the IP address by running the command ifconfig <ip address> netmask <subnet mask>. For example, to set the IP address on interface pcn0, you would run

ifconfig pcn0 192.168.0.10 netmask 255.255.255.0.


Ports, Protocols, and Daemons

In the /etc/services file you will find a few lines that refer to Samba services:

  1. netbios-ns 137/tcp # NetBIOS Name Service
  2. netbios-ns 137/udp
  3. netbios-dgm 138/tcp # NetBIOS Datagram Service
  4. netbios-dgm 138/udp
  5. netbios-ssn 139/tcp # NetBIOS Session Service
  6. netbios-ssn 139/udp
  7. microsoft-ds 445/tcp # Microsoft Directory Service
  8. microsoft-ds 445/udp

The picture this provides is somewhat deceiving, since the half of those lines could be removed and condensed to:

  • netbios-ns 137/udp # NetBIOS Name Service
  • netbios-dgm 138/udp # NetBIOS Datagram Service
  • netbios-ssn 139/tcp # NetBIOS Session Service
  • microsoft-ds 445/tcp # Microsoft Directory Service