dok documentation - read the docs documentation, release 1.0 2.5.3test a 10x 300mb be comp real...

dok DocumentationRelease 1.0

Ignas

September 07, 2015

Contents

1 Android 31.1 adb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.2 cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.4 root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Linux 52.1 ansible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 avamar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 awesant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.4 beaver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.5 btrfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.6 clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.7 elasticsearch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.8 freeipa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.9 gollum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.10 ipmitool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.11 iscsi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.12 java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.13 kernel panic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.14 kvm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.15 logstash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.16 luks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.17 lumberjack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.18 metasploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.19 multiboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142.20 multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162.21 mysql . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.22 nfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.23 opennebulla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.24 openssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.25 pandoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.26 partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.27 postgresql . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.28 puppet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.29 rbenv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.30 ruby-build . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.31 rpm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

i

2.32 rsyslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.33 salt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.34 SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252.35 sqlite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.36 sssd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.37 sysloggen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.38 tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.39 ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.40 varnish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.41 vim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.42 vmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3 Networking 333.1 h3c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.2 junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.3 mikrotik . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4 Programming 354.1 bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.2 bash snippets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.3 c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364.4 git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364.5 gitlab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374.6 ruby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384.7 symfony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384.8 valgrind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5 Solaris 415.1 SmartOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415.2 zfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

6 Hardware 436.1 storcli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

7 Other 457.1 virtualbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

ii

dok Documentation, Release 1.0

Contents:

Contents 1


2 Contents

CHAPTER 1

Android

1.1 adb

1.1.1 connecting

1.1.2 installing recovery

Installing modified TWRP:

adb sideload TWRP-2.8.5.0-F2FS.zip

1.1.3 getting logs

1.2 cm

Installing video: https://www.youtube.com/watch?v=SpHZ2n9lTcs

1.3 encryption

Change crypt pw: http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html

1.3.1 encrypting

1. unrooted

2. encrypt

3. root

4. vdc cryptfs changepw YOURBOOTPASSWORD (will not be able to unlock! don not use this!)

1.3.2 apps

Chats:

• threema

3

https://www.youtube.com/watch?v=SpHZ2n9lTcs

http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html


• myenigma

1.4 root

saferoot: http://forum.xda-developers.com/showthread.php?t=2565758

4 Chapter 1. Android

http://forum.xda-developers.com/showthread.php?t=2565758

CHAPTER 2

Linux

2.1 ansible

2.1.1 Configuring hosts

File /etc/ansible/hosts

ansible vu-prod -m ping ansible “~(host1|host2)” -m ping

2.1.2 ssh-agent

ssh-agent bash ssh-add -t 8h ~/.ssh/id_my

List all current keys:

ssh-add -l

Delete all current keys:

ssh-add -D

2.1.3 Commands

Safe, one cmd, uses command module:

ansible all -a “/bin/echo hello”

Multiple cmds, uses shell module. Attention to quoting:

ansible all -m shell -a ‘/usr/sbin/sestatus | grep status’

Sudo command:

ansible vu -a ‘find /etc/sudoers.d -type f’ –sudo

2.2 avamar

2.2.1 users

root (ava), admin, dpn.

5


2.2.2 cli tools

Capacity planning and info:

admin@testgrid01:~/ija/>: ./capacity.sh

2.2.3 mccli

2.2.4 avtar

avtar --backups --noinformationals --id=${AVUSER}@/${AVDOMAIN} --password=${AVPASS} --path=/${AVDOMAIN}/${HOST} --count=3

2.3 awesant

git: https://github.com/bloonix/awesant

2.4 beaver

Log shipper.

git: https://github.com/josegonzalez/beaver

Docs: http://beaver.readthedocs.org/en/latest/user/usage.html

Latest v docs: http://beaver.readthedocs.org/en/latest/

2.5 btrfs

Use ZFS on Linux instead!

http://www.funtoo.org/BTRFS_Fun

2.5.1 Install

# yum install btrfs-progs

Jeigu kuriam is vieno disko:

# mkfs.btrfs -m single /dev/sdb# mount -o compress=zlib

compress=zlib - Better compression ratio. It is the default and safe for olders kernels. compress=lzo - Faster compres-sions, newer kernels.

2.5.2 Info

# btrfs filesystem show# btrfs filesystem df

6 Chapter 2. Linux

https://github.com/bloonix/awesant

https://github.com/josegonzalez/beaver

http://beaver.readthedocs.org/en/latest/user/usage.html

http://beaver.readthedocs.org/en/latest/

http://www.funtoo.org/BTRFS_Fun


2.5.3 Test A

10x 300mb

be comp

real 1m57.278suser 0m0.044ssys 0m5.639s

Jei testuojame su loop, ir norime daryti masyva is keliu failu, reikia daryti kitaip:

Create and mount a filesystem made of several disk images

# mkfs.btrfs img0 img1 img2# losetup /dev/loop0 img0# losetup /dev/loop1 img1# losetup /dev/loop2 img2# mount /dev/loop0 /mnt/btrfs

2.6 clustering

Cluster is split into two components; cluster communication managed by cman and resource management provided byrgmanager.

2.6.1 tools

cman_tool nodesccs_config_validatecman_tool versioncman_tool version -rclustat

List DLM lockspaces:

dlm_tool ls

Fence status tikrinimas, kai cman veikia:

fence_check

2.6.2 managing a cluster

clusvcadm -e <service> -m <node>clusvcadm -d <service>clusvcadm -e vm:vm01-win2008 -m an-c05n01.alteeve.ca :: start (enable) a vmclusvcadm -d vm:vm01-win2008 :: shutdown (disable) a vmclusvcadm -M vm:vm01-win2008 -m an-c05n02.alteeve.ca :: live migrate a vm

2.6.3 Rebooting a cluster node

• Stop rgmanager, cman on every node that is to be restarted (mind the quorum).

• Reboot.

2.6. clustering 7


• Start cman, rgmanager.

2.6.4 clvm

Start only when cman is running and cluster is healthy.

2.6.5 links

https://alteeve.ca/w/AN!Cluster_Tutorial_2

2.7 elasticsearch

2.7.1 status

curl -XGET 'http://127.0.0.1:9200/_cat/shards'curl -XGET 'http://127.0.0.1:9200/_cluster/health?pretty'curl -XGET 'http://127.0.0.1:9200/_status?pretty'curl -XGET 'http://127.0.0.1:9200/_stats?pretty'curl -XGET 'http://127.0.0.1:9200/_aliases?pretty'curl -XGET 'http://127.0.0.1:9200/_nodes/plugins?pretty'

2.8 freeipa

2.8.1 administration

klist show active tickets.

kinit admin get admin ticket. Needed for freeipa administration.

2.8.2 installation

http://sgros.blogspot.com/2012/06/installing-freeipa-on-minimal-centos.html

2.9 gollum

Gollum repo ir instaliavimas: https://github.com/gollum/gollum

How to install: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/

Tools: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/

Jeigu OS naudojamas ruby >= 2, reikia instaliuotis ruby 1.9.3 (gollum patarimas). Instaliuojam rbenv (redaguotibashrc). cd i git repo ir

$ rbenv local paskutine_ruby_versija

# sudo yum install ruby-devel# sudo gem install gollum

8 Chapter 2. Linux

https://alteeve.ca/w/AN!Cluster_Tutorial_2

http://sgros.blogspot.com/2012/06/installing-freeipa-on-minimal-centos.html

https://github.com/gollum/gollum

http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/

http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/


# sudo yum install ruby-devel# sudo gem install gollum

2.10 ipmitool

$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power status$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power on

2.11 iscsi

2.11.1 discovery

iscsiadm -m discovery -t sendtargets -p 10.10.20.3 show LUNs on target

2.11.2 creating targets

/etc/tgt/targets.conf

service tgtd restart

2.11.3 updating targets

tgt-admin --update ALL --force to update your all your targets, incl. active ones (—force)tgt-admin --update --tid=1 --force For updating Target ID 1

initiator side

iscsiadm -m session -r $SID --rescan

you get the SID from iscsiadm -m session (it is the value in the []) or if you do iscsiadm -m session -P 3 you can seewhich session lines with with which lun. Or

iscsiadm -m node -T target --rescan

or you can just take the lazy way and do

iscsiadm -m session --rescan

iscsiadm -m node -R only adds, does not delete

2.11.4 info

tgt-admin --show

tgt-admin --dump dump konfig

2.10. ipmitool 9


2.12 java

2.12.1 debug

the hard way with visualvm

Debugging a remote java process.

Req localhost: visualvm Req remote: java-devel

Target host.

Create file jstatd.all.policy:

grant codebase "file:${java.home}/../lib/tools.jar" {permission java.security.AllPermission;

};

Run:

jstatd -p 8888 -J-Djava.security.policy=jstatd.all.policy

Local host.

Localhost tunnels through jump_server to target_host.

ssh -NL 9998:target_server:22 jump_server &ssh -ND 9696 -p 9998 localhost &jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:9696 -J-Djava.net.useSystemProxies=true

In visualvm add statsd connection with port 8888.

No cpu stats etc. Use JMX connection for that.

2.13 kernel panic

Causing a kernel panic on CentOS6:

# echo c > /proc/sysrq-trigger

May be needed:

echo 1 > /proc/sys/kernel/sysrq

2.13.1 configuring kdump on CentOS6

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-kdump.html

# yum install kexec-tools

Add to ‘/boot/grub/grub.conf’ kernel line:

crashkernel=auto

if host has more than 2GB RAM, or

10 Chapter 2. Linux




crashkernel=128M

if host has less than that.

Saving place is configurable, default is ‘/var/crash/’.

# chkconfig kdump on# reboot

2.13.2 analyzing crash dump with crash

2.13.3 installing kernel-debuginfo

http://serverfault.com/questions/527525/centos-server-rebooted-unexpectedly-and-im-unable-to-process-crash-file-what-a/527553#527553

# yum clean all# yum install crash# versija=`uname -r`

Pries ‘y’ patikrinam ar ta versija ir ar ne koks nors centos-plus paketas:

# yum --enablerepo=debug install kernel-debuginfo-$versija

2.13.4 using crash

Kernel cersions must be the same:

# crash /var/crash/timestamp/vmcore /usr/lib/debug/lib/modules/kernel/vmlinux

> help [cmd]> log> bt> ps> vm [pid]> files [pid]

kdump.conf(5) — a manual page for the /etc/kdump.conf configuration file containing the full documentation ofavailable options.

makedumpfile(8) — a manual page for the makedumpfile core collector.

kexec(8) — a manual page for kexec.

crash(8) — a manual page for the crash utility.

/usr/share/doc/kexec-tools-version/kexec-kdump-howto.txt — an overview of the kdump and kexec installation andusage.

2.14 kvm

2.14.1 solaris

2.14. kvm 11




WARNING: /pci@0,0/pci1af4,1100@1,2 (uhci0): No SOF interrupts have been received, this USB UHCI host controller is unusable

This is harmless and can be safely ignored. Once the install is complete, we will disabled uhci by running rem_drvuhci in the server.

2.15 logstash

2.15.1 Links

Transport performance: https://docs.google.com/spreadsheet/ccc?key=0Aq9liCTsAyzRdDFEcUp2bjJPMTQzU1ZVTndTVzFwV3c#gid=0

2.16 luks

2.16.1 installing

# yum install cryptsetup-luks

Removes all data:

# cryptsetup -y -v luksFormat /dev/xvdc

# cryptsetup luksOpen /dev/xvdc backup2# ls -l /dev/mapper/backup2# cryptsetup -v status

LUKS headers:

# cryptsetup luksDump /dev/xvdc

2.16.2 formatting

Zero to hide usage patterns:

# pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M# kill -USR1 PID

# mkfs.ext4 /dev/mapper/backup2

# mkdir /backup2# mount /dev/mapper/backup2 /backup2

2.16.3 using

Umount:

# umount /backup2# cryptsetup luksClose backup2

Mount:

12 Chapter 2. Linux

https://docs.google.com/spreadsheet/ccc?key=0Aq9liCTsAyzRdDFEcUp2bjJPMTQzU1ZVTndTVzFwV3c#gid=0


# cryptsetup luksOpen /dev/xvdc backup2# mount /dev/mapper/backup2 /backup2

2.16.4 sources

http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/

2.17 lumberjack

git: https://github.com/elasticsearch/logstash-forwarder

2.18 metasploit

2.18.1 install

Install rbenv (linux/rbenv.md) to /root and the latest ruby 1.9.

$ mkdir /opt/metasploit$ cd /opt/metasploit <- set local rbenv$ git clone https://github.com/rapid7/metasploit-framework.git msf

Then http://www.phocean.net/2014/02/23/metasploit-on-fedora-20.html

2.18.2 run

# ./msfconsole

2.18.3 commands

global

searchsearch name:mysqlsearch path:scadasearch platform:aixsearch type:postsearch cve:2011 author:jduck platform:linuxsetgsaveshowshow auxiliary

plugin

2.17. lumberjack 13

http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/

https://github.com/elasticsearch/logstash-forwarder

http://www.phocean.net/2014/02/23/metasploit-on-fedora-20.html


infoshow optionsrunjobs

2.18.4 scans

ssdp

use auxiliary/scanner/upnp/ssdp_amp :: amp?use auxiliary/scanner/upnp/ssdp_msearch :: info

set RHOSTS 192.168.0.0/24run

2.19 multiboot

# grub2# =====## search --file SysRescCD# sudo grub2-install --force --no-floppy --boot-directory=/run/media/ignas/MULTIBOOT/boot /dev/sdb## qemu-kvm# ========## sudo qemu-kvm -m 512 /dev/sdb## web# ===## http://www.circuidipity.com/multi-boot-usb.html# https://help.ubuntu.com/community/Grub2/ISOBoot/Examples# https://wiki.archlinux.de/title/Multiboot_USB_Stick### clonezilla# ==========## http://clonezilla.org/livehd.php

# Fedora# ======## https://github.com/thias/glim/blob/master/grub2/inc-fedora.cfg

# Timeout for menuset timeout=30

# Default boot entryset default=0

# Menu Coloursset menu_color_normal=white/black

14 Chapter 2. Linux


set menu_color_highlight=white/green

# Boot ISOsmenuentry "Clonezilla" {

set isofile="/iso/clonezilla-live-2.2.4-12-i686-pae.iso"set gfxpayload=800x600x16echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/live/vmlinuz boot=live live-config noswap nolocales edd=on nomodeset ocs_live_run=\"ocs-live-general\" ocs_live_extra_param=\"\" keyboard-layouts=\"\" ocs_live_batch=\"no\" locales=\"\" ip=frommedia nosplash toram=filesystem.squashfs findiso=$isofile i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1initrd (loop)/live/initrd.img

}

menuentry "KAV neveikia" {loopback loop /iso/kav_rescue_10.isoset gfxpayload=800x600x16set root=(loop)linux /boot/rescue root=live:/dev/well/this/is/nonsense rootfstype=auto init=/init initrd=rescue.igz kav_lang=${kav_lang} udev liveimg splash quiet doscsi nomodesetinitrd /boot/rescue.igz

}

menuentry "DBAN ISO" {set isofile="/iso/dban-2.2.8_i586.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/DBAN.BZI nuke="dwipe" iso-scan/filename=${isofile} silent --

}

menuentry "SystemRescueCD 64bit" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=usinitrd (loop)/isolinux/initram.igz

}

menuentry "SystemRescueCD 64bit to RAM" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=us docacheinitrd (loop)/isolinux/initram.igz

}

menuentry "SystemRescueCD 32bit" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue32 isoloop=${isofile} setkmap=eninitrd (loop)/isolinux/initram.igz

}

menuentry "Fedora 20 64bit Live Gnome" {set isoname="Fedora-Live-Desktop-x86_64-20-1.iso"set isofile="/iso/$isoname"echo "Using ${isoname}..."loopback loop $isofilelinux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Desktop-x86_64-20-1 rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}initrd (loop)/isolinux/initrd0.img

2.19. multiboot 15


}

menuentry "Fedora 20 64bit Live Xfce" {set isoname="Fedora-Live-Xfce-x86_64-20-1.iso"set isofile="/iso/$isoname"echo "Using ${isoname}..."loopback loop $isofilelinux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Xfce-x86_64-20-1 rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}initrd (loop)/isolinux/initrd0.img

}

menuentry "Debian 7.6 - 64bit netinst" {set isofile="/iso/debian-7.6.0-amd64-netinst.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splashinitrd (loop)/install.amd/initrd.gz

}

menuentry "Debian 7.6 - 64bit CD1" {set isofile="/iso/debian-7.6.0-amd64-CD-1.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splashinitrd (loop)/install.amd/initrd.gz

}

menuentry "Ubuntu 14.04 LTS - 64bit Mini-Installer" {set isofile="/iso/ubuntu-14.04-amd64-mini.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/linux boot=casper iso-scan/filename=$isofile noprompt noejectinitrd (loop)/initrd.gz

}

2.20 multicast

2.20.1 bridge config

There are bugs in kernel when forwarding non 224.0.0.* multicast traffic through bridges, so disable snooping:

host# echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping

http://troglobit.com/blog/2013/07/09/multicast-howto/

Then to make it persistent... /etc/sysconfig/network-scripts/ifup-post calls /sbin/ifup-local ${DEVICE} so add there

#!/bin/sh#/sbin/ifup-local ${DEVICE}

if [[ "$1" == "br0" ]]then

if [[ -e "/sys/devices/virtual/net/$1/bridge/multicast_snooping" ]]thenecho "Setting /sys/devices/virtual/net/$1/bridge/multicast_snooping."echo 0 > /sys/devices/virtual/net/$1/bridge/multicast_snooping

16 Chapter 2. Linux

http://troglobit.com/blog/2013/07/09/multicast-howto/


elseecho "Warning: can not find /sys/devices/virtual/net/$1/bridge/multicast_snooping"

fi#else

#DO_NOTHINGfi

2.20.2 iptables

# multicast (igmp; Internet group management protocol)iptables -I INPUT -p igmp -j ACCEPT

# Service configiptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 --dports 5404,5405 -j ACCEPT

# iperf def portiptables -I INPUT -m addrtype --dst-type MULTICAST -p udp --dport 5001 -j ACCEPT

2.20.3 test with iperf

Server:

# iperf -s -u -B 224.1.1.1 -i 1

Client:

# iperf -c 224.1.1.1 -u -T 32 -t 3

Problems: - Things to watch out for. Apparently iperf has issues if the ‘server’ is running on a computer with multipleinterfaces. But aside from that, this worked. - Another thing to be careful of; the iperf test client will work correctlyeven if /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is set (to 1). In this case, running iperf as a server and tryingto ping the multicast address will NOT work. Whether this matters is dependent on your multicast needs.

2.20.4 netstat

Show joined groups:

# netstat -g# cat /proc/net/igmp# ip maddress list

2.20.5 tcpdump

Capture multicast traffic:

# tcpdump -n -vv net 224.0.0.0/4

2.20.6 ping

# ping 224.1.1.1 Ping specific IP# ping 224.0.0.1 All hosts configured for multicast will respond with their IP addresses

2.20. multicast 17


2.21 mysql

2.21.1 information

# mysqladmin status# mysqladmin processlist> show status like '%onn%';> show processlist;

Table info:

describe mysql.user;

Table sizes:

# SELECT table_schema AS "Database name", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema;

User info:

SELECT User, Host, Password FROM mysql.user;SELECT CONCAT(QUOTE(user),'@',QUOTE(host)) UserAccount FROM mysql.user;SHOW GRANTS;SHOW GRANTS FOR CURRENT_USER;SHOW GRANTS FOR 'root'@'localhost';

Replication:

reset master;

2.21.2 Dumping and restoring

grep a table from full dump:

time sed -n -e '/DROP TABLE.*`mytable`/,/UNLOCK TABLES/p' mydump.sql > tabledump.sql

2.22 nfs

2.22.1 configuring nfs server on centos6

yum install nfs-utils

vim /etc/sysconfig/nfs (PAPILDYTI)---> MOUNTD_NFS_V2="no"> RQUOTAD_PORT=875> LOCKD_TCPPORT=32803> LOCKD_UDPPORT=32769> MOUNTD_PORT=892> STATD_PORT=662> STATD_OUTGOING_PORT=2020---

mkdir -p /export/public

18 Chapter 2. Linux


vim /etc/exports---/export/public *(rw,no_subtree_check,insecure,no_root_squash,no_all_squash)---

vim /etc/sysconfig/iptables----A INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT-A INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT---

service iptables restartchkconfig nfs onservice rpcbind startservice nfslock startservice nfs start

Jei reikia reeksportuoti:

# exportfs -rv

Klientas:

# yum install nfs-utils## showmount -e 10.10.40.210## mkdir /mnt/public## vim /etc/fstab# ---# 10.10.40.210:/export/public /mnt/public nfs defaults 0 0# 10.10.40.210:/export/store /mnt/store nfs vers=3,nolock,rw,acl,tcp,hard,intr,rsize=32768,wsize=32768 0 0# ---## mount -a

Useriai NFS serveryje ir kliente turi buti vienodu vardu bei UID GID. Todel userius pirmiausia kurti severyje.

Apie GID/UID problemas http://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX

2.22.2 troubleshooting

Clear idmapd cache

# nfsidmap -c

Remove stale handles

Login as root. Issue the commands:

# service netfs stop# service network restart# service netfs start

2.22. nfs 19

http://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX


2.23 opennebulla

2.23.1 Nauodjimas

onevnet

# onevnet list

sunstone

http://opennebula.org/documentation:archives:rel4.0:sunstone

The default password for the oneadmin user (which can be changed by doing oneuser passwd oneadmin<new_password>), can be found in ~/.one/one_auth which is generated randomly on every installation.

one market

# onemarket list --server http://marketplace.c12g.com

2.23.2 Instaliavimas

Irasius servisus, juos isjungti.

Tinklas

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces_network-bridge.html

ifcfg-eth0:DEVICE="eth0"TYPE="Ethernet"BOOTPROTO="none"ONBOOT="yes"NM_CONTROLLED="no"BRIDGE=onebr0gali reikti HWADDR

ifcfg-onebr0:DEVICE="onebr0"TYPE="Bridge"IPADDR="10.4.1.108"NETMASK="255.255.255.0"ONBOOT="yes"BOOTPROTO="none"GATEWAY="10.4.1.1"IPV6INIT="no"NM_CONTROLLED="no"

20 Chapter 2. Linux

http://opennebula.org/documentation:archives:rel4.0:sunstone




add host

Hostas turi galeti useriu oneadmin prisijungti ir prie saves ir prie kitu.

Gali tekti pataisyti eilute oned.conf:

SCRIPTS_REMOTE_DIR=/var/lib/one/remotes

onehost create localhost -i im_kvm -v vmm_kvm -n fw

2.24 openssl

2.24.1 debug

openssl s_client -connect git.phd.msu.edu:443

2.25 pandoc

2.25.1 pdf

Norint naudoti lietuviskas raides, reikia –latex-engine

pandoc gollum2.md -o g2.pdf --latex-engine=xelatex

2.26 partitioning

Using parted -a opt automaticaly aligns partitions. If possible, use it always instead of fdisk.

# parted -a optimal /dev/sda ["print free"]# print free# mkpart extended 47.8G 898G# mkpart logical 47.8G 590G

Check alignment with partition index, no output if OK:

# align-check opt 5

2.27 postgresql

2.27.1 info

psql postgrespsql db_name

\l :: list databases\l+\d :: show all tables, views, and sequences\d+

2.24. openssl 21


\dt :: tables\dv :: views

\c db_name :: change db

\timing :: timing on/off

select version();

\e :: use an editor to type the command\q :: quit

2.27.2 help

\?\h CREATE\h CREATE INDEX

2.27.3 users

ALTER USER postgres WITH PASSWORD 'tmppassword'; :: change root pwALTER USER username WITH PASSWORD 'tmppassword'; :: change user pw

2.27.4 databases

CREATE DATABASE mydb WITH OWNER ramesh;DROP DATABASE mydb;SELECT pg_size_pretty(pg_database_size('mydatabasename')) As fulldbsize;

2.28 puppet

2.28.1 erb

Syntax check:

erb -P -x -T '-' mytemplate.erb | ruby -c

2.29 rbenv

https://github.com/sstephenson/rbenv

2.29.1 info

rbenv version parodyti dabartine nustatyta versija.

rbenv versions parodyti instaliuotas versijas.

22 Chapter 2. Linux

https://github.com/sstephenson/rbenv


rbenv global parodyti globalia versija.

rbenv local parodyti lokalia versija.

2.29.2 upgrade

$ cd ~/.rbenv$ git pull

To use a specific release of rbenv, check out the corresponding tag:

$ cd ~/.rbenv$ git fetch$ git checkout v0.3.0

2.29.3 install

Verisiju saraso atnaujinimui reikia ruby-build upgrade (zemiau).

Perziurime esamas ruby versijas:

$ rbenv install --list

Instaliuojame reikalinga ruby versija (raikalingas ruby-build pluginas):

$ rbenv install 1.9.3-p448$ rbenv global 1.9.3-p448$ rbenv rehash

2.30 ruby-build

2.30.1 upgrade

$ cd .rbenv/plugins/ruby-build/$ git pull

2.31 rpm

2.31.1 tools

yum install rpmdevtools rpmlintrpmdev-setuptree# Install dependencies of the spec fileyum-builddep -y collectd-5.4.1/contrib/redhat/collectd.spec

rpm --eval "%{_datarootdir}"rpm --showrc | grep topdir

Installing dependencies:

2.30. ruby-build 23


yum-builddep [package]

2.31.2 srpm

rpm -qpi some.src.rpmrpm2cpio some.src.rpm | cpio -idmv

2.32 rsyslog

2.32.1 debug

Debug template:

*.* /var/log/all.log;RSYSLOG_DebugFormat

Send a message with netcat:

echo '<166>Jan 13 13:26:07 srv1.test nginx: resize1.ef.lan 172.14.10.18 - - ' | nc -v -u -w 0 127.0.0.1 514

2.33 salt

2.33.1 cmd

salt-key -Lsalt-key -a s.vagrant.localdomainsalt-key -A

salt '<target>' <function> [arguments]salt '*' test.pingsalt '*' cmd.run 'uname -a'salt -G 'os:Ubuntu' test.pingsalt -E 'virtmach[0-9]' test.pingsalt -L 'foo,bar,baz,quo' test.pingsalt -C 'G@os:Ubuntu and webser* or E@database.*' test.ping# List all available functionssalt '*' sys.docsalt '*' cmd.exec_code python 'import sys; print sys.version'salt '*' pip.install salt timeout=5 upgrade=True

salt-call -l debug state.highstatesalt '*' test.ping --out txtsalt '*' test.ping --out yamlsalt '*' test.ping --out rawsalt '*' test.ping --static --out json

salt '*' test.versionsalt-run manage.versionssalt '*' pkg.install salt-minion refresh=True

salt '*' pkg.install nginxsalt '*' service.start nginx

24 Chapter 2. Linux


salt '*' disk.usagesalt '*' network.interfacessalt '*' sys.doc | lesssalt '*' grains.items

2.33.2 installing

yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmcd /etc/yum.repos.d/#overrides 2 epel pkgs.wget http://copr.fedoraproject.org/coprs/saltstack/zeromq4/repo/epel-6/saltstack-zeromq4-epel-6.repo

installing minion

yum install salt-minionsed -ie 's/#master: salt/master: s/' /etc/salt/minionchkconfig salt-minion onservice salt-minion start

installing master

yum install salt-masterlokkit -p 4505:tcp -p 4506:tcpchkconfig salt-master onservice salt-master start

2.33.3 links

https://github.com/saltstack-formulas http://www.willdurness.com/post/101277984950/salt-pillar-driven-design-pattern

2.34 SELinux

semodule -DB : enable full loggingsemanage fcontext -a -t virt_etc_t '/shared(/.*)?'restorecon -r /shared

2.34.1 starting auditd (selaert)

# yum install setroubleshoot-server# service messagebus start# service auditd restart

More: auditd http://blog.esmnetworks.com/

2.34. SELinux 25

https://github.com/saltstack-formulas

http://www.willdurness.com/post/101277984950/salt-pillar-driven-design-pattern

http://www.willdurness.com/post/101277984950/salt-pillar-driven-design-pattern

http://blog.esmnetworks.com/


2.34.2 actions with files

Defaults:

$ matchpathcon /var/spool/rsyslog

Set context to default:

# restorecon -F /katalogas# restorecon -v /var/www/html/index.html

File se types:

# file_context somewhere /etc/selinux

Change:

# chcon -R --reference=/etc/kazkas /target/dir# chcon -R -u system_u -t public_content_t /ftp# chcon -u system_u -r object_r -t tmp_t /tmppt

fcontext

# matchpathcon /exports/foobar# semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?"

-a :: add-u :: user-r :: role-t :: type

# semanage permissive -a httpd_t# restorecon -Rv /var/www/html

-n :: noop

2.34.3 actions with users

unconfined_uguest_uxguest_uuser_ustaff_u

List selinux users:

# semanage user -l

Change existing user se type:

# semanage login -a [-s user_u] michael-a add-s user role

or:

# usermod -Z user_u USERNAME

Change default se type (all default users will be changed also):

26 Chapter 2. Linux


# semanage login -m -S targeted -s “user_u” -r s0 __default__

Hmm... something:

# semanage user -m -R"unconfined_r webadm_r staff_r" staff_u

2.34.4 actions with ports

List:

# semanage port -l| grep syslog

Add:

# sudo semanage port -a -t syslogd_port_t -p tcp 7514

2.34.5 actions with processes

Check if httpd is protected with SELinux:

# ps -ZC httpd

List all:

# ps -eZ

SE status:

# sestatus

2.34.6 bools

# sudo setsebool -P httpd_setrlimit 1# sudo setsebool -P allow_ypbind 1 - kad servisai laisvai galetu jungtis prie portu

# getsebool -a# /usr/sbin/getsebool -a | grep samba

2.34.7 analyzing the logs

Aureport:

# aureport -a# aureport --start today --event --summary -i

http://dgz.dyndns.org/mediawiki/index.php/(RHEL)_HOWTO_configure_the_auditing_of_the_system_(auditd)

Logs can be in messages, user and /var/log/audit/audit.log

# sealert -l bf5c9ba8-3e2b-4780-b6aa-62861de64e7e

Generate sealert messeges from audit.log:

2.34. SELinux 27

http://dgz.dyndns.org/mediawiki/index.php/(RHEL)_HOWTO_configure_the_auditing_of_the_system_(auditd


# grep AVC /var/log/audit/audit.log | sedispatch

# ausearch -m avc# ausearch -m avc -ts today# ausearch -m avc -if ./audit.log# ausearch -m avc -c sudo# ausearch -m avc -x nginx --start recent# ausearch -m avc --event 10085951 | audit2allow -w

-c search in executables name

# sealert -a /var/log/audit/audit.log

2.34.8 seasearch

# sesearch --allow -s cvs_t -c dir -p search

What can user_t do:

# sesearch -A -s user_t# sesearch -A -s user_t | grep var_log

# sesearch -A -s passenger_t -t passenger_t -c capability -p sys_resource# sesearch -t passenger_t

-A :: search for allow rules

Log all (disable DontAudit):

(13:00:23) siXy: r2bit: dontaudit rules can be disabled for testing(13:00:55) siXy: semodule -DB (then -B to reenable them after)

2.34.9 working with modules

List:: # semodule -l

Compile:

# audit2allow -a -m dansguardian > dansguardian.te# checkmodule -M -m dansguardian.te# checkmodule -M -m dansguardian.te -o dansguardian.mod# semodule_package -o dansguardian.pp -m dansguardian.mod

Install:

# semodule -i dansguardian.pp

2.34.10 Files

/etc/selinux/etc/selinux/targeted/contexts/files

./file_contexts - baseline file contexts for the entire system

./file_contexts.homedirs - for /home and subdirs

./media - for removable media

28 Chapter 2. Linux


2.34.11 module config-history

(3:58:05 PM) grift: yes some stupid bug(3:58:08 PM) grift: try this:(3:58:24 PM) grift: cat > mytest.te <<EOF(3:58:37 PM) grift: policy_module(mytest, 1.0)(3:58:41 PM) grift: EOF(3:58:47 PM) grift: cat > mytest.fc <<EOF(3:59:06 PM) grift: /root/mydir/.* <<none>>(3:59:08 PM) grift: EOF(3:59:24 PM) grift: make -f /usr/share/selinux/devel/Makefile mytest.pp(3:59:30 PM) grift: semodule -i mytest.pp(3:59:37 PM) grift: matchpathon /root/mydir/test

cat > mytest.te <<EOFpolicy_module(mytest, 1.0)EOFcat > mytest.fc <<EOF/root/mydir/.* <<none>>EOF

make -f /usr/share/selinux/devel/Makefile mytest.ppsemodule -i mytest.ppmatchpathon /root/mydir/test

2.34.12 building a module 2

http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=5

Iskarpos:allow unconfined_t ext_gateway_t : process transition;allow unconfined_t secure_services_exec_t : file { execute read getattr };allow ext_gateway_t in_file_t : file { write create getattr };allow httpd_sys_script_t net_conf_t:file { open read getattr };allow ext_gateway_t in_queue_t : dir { write search add_name };

module mysasl 1.0;require {

type var_spool_t;type postfix_spool_t;type saslauthd_t;type saslauthd_var_run_t;class dir search;}

#============= saslauthd_t ==============allow saslauthd_t var_spool_t:dir search;allow saslauthd_t postfix_spool_t:dir search;

module myawstats 1.0;require {

type httpd_awstats_script_t;type httpd_sys_script_exec_t;class dir { search getattr }; }

#============= httpd_awstats_script_t ==============allow httpd_awstats_script_t httpd_sys_script_exec_t:dir search;

require {

2.34. SELinux 29

http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=5


type var_lib_t;class file { append getattr read open };}

2.34.13 macro list

(23:15:15) sauleta: is there a way to list available macros? I tried semanage interface -l, but had no luck(23:20:47) grift: install selinux-policy-docs(23:22:00) grift: selinux-policy-doc(23:22:56) grift: then firefox /usr/share/doc/selinux-policy-3.10.0/html/index.html(23:23:10) grift: not all macros but quite a few(23:24:07) grift: you can also cat all the .if files in the various dirs in /usr/share/selinu/devel/include(23:24:34) grift: and the files in the support dir thats also in there

2.34.14 links

SELinux intro: http://beginlinux.com/server_training/web-server/976-apache-and-selinux and:http://wiki.centos.org/HowTos/SELinux reference policy: http://oss.tresys.com/projects/refpolicyBooleans: http://wiki.centos.org/TipsAndTricks/SelinuxBooleans Issamus fedoros FAQ:http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621954,http://selinuxproject.org/ http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xmlhttps://www.wzdftpd.net/docs/selinux/references.html Confining a process: http://www.adelton.com/docs/spacewalk/selinux-how-we-confined-spacewalk

2.35 sqlite

2.35.1 info

SELECT name FROM sqlite_master WHERE type='table';.schema table_name

2.36 sssd

2.36.1 host authorisation

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/config-sssd-domain-access.html

3 Possiblilities: - Simple Access Provider - LDAP Access Filter - authorizedService or host attribute in an entry

access filter and groups

http://thornelabs.net/2013/01/28/linux-restrict-server-login-via-ldap-groups.html

access_provider = ldapldap_access_filter = memberOf=cn=Group Name,ou=Groups,dc=thornelabs,dc=net

30 Chapter 2. Linux

http://beginlinux.com/server_training/web-server/976-apache-and-selinux

http://wiki.centos.org/HowTos/SELinux

http://oss.tresys.com/projects/refpolicy

http://wiki.centos.org/TipsAndTricks/SelinuxBooleans

http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621954

http://selinuxproject.org/

http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml

https://www.wzdftpd.net/docs/selinux/references.html

http://www.adelton.com/docs/spacewalk/selinux-how-we-confined-spacewalk

http://www.adelton.com/docs/spacewalk/selinux-how-we-confined-spacewalk



http://thornelabs.net/2013/01/28/linux-restrict-server-login-via-ldap-groups.html


2.37 sysloggen

syslog log generator.

https://subversion.assembla.com/svn/logzilla/scripts/contrib/sysloggen/

./sysloggen -h

./sysloggen -d 127.0.0.1:5001 -f sample.log -n 1000000 -S -l

./sysloggen -d 127.0.0.1:5000 -f sample.log -n 1000000 -D -l -v

2.38 tcpdump

2.38.1 links

Advanced filters: http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt

2.39 ubuntu

2.39.1 Disable a service

$ sudo invoke-rc.d apparmor stop$ sudo invoke-rc.d apparmor teardown$ sudo update-rc.d -f apparmor remove

2.40 varnish

2.40.1 varnishadm

Reload a VCL file:

vcl.load reload01 /usr/local/etc/varnish/default.vclvcl.use reload01

2.41 vim

2.41.1 Using tabs

:n and :prev navigate.

:args see which file are open.

:n test.pl to add a file.

2.37. sysloggen 31

https://subversion.assembla.com/svn/logzilla/scripts/contrib/sysloggen/

http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt


2.41.2 Using windows

Ctrl-W s and Ctrl-W v to split the current window horizontally and vertically.

Ctrl-W w to swhitch between open windows, and Ctrl-W h (or j or k or l) to navigate through open windows.

Ctrl-W c to close the current window, and Ctrl-W o to close all windows except the current one.

:e file to add a file.

:ls see the current state of buffers.

2.42 vmware

2.42.1 tools

centos 6

Note: ESXi will show a grey sign “Tools installed (managed by guest)”.

Install correct vmware-tools-repo version from https://packages.vmware.com/tools/index.html esx.

rpm --import https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pubyum install vmware-tools-esx-kmods vmware-tools-esx-nox

32 Chapter 2. Linux

https://packages.vmware.com/tools/index.html

CHAPTER 3

Networking

3.1 h3c

3.1.1 information

interfaces

display interface briefdisplay interface GigabitEthernet 1/0/11display interface Vlan-interface briefdisplay interface Vlan-interface 100display vlan 100

3.1.2 configuration

configuration management

display current-configurationdisplay saved-configurationdisplay thisdisplay startupreset saved-configurationsavestartup saved-configuration

create a trunk

interface GigabitEthernet 1/0/10port link-type trunkport trunk permit vlan 807 808

change password

password [ simple | cipher ] passwordundo password

33


<H3C> system-viewSystem View: return to User View with Ctrl+Z.[H3C] local-user test[H3C-luser-test] passwordPassword:**********confirm:**********Updating the password file, please wait...

3.2 junos

## root cliroot% cli## junos cli, op modeuser@host>> show | compare> configure## conf mode# run show configuration# exit

show security policies from-zone z_1 to-zone z_2show configuration | display setcommit

Common conf commands:

setdeleteshowcommitcopyrename

set security zones security-zone z_1 address-book address a_1 10.0.0.2set security policies from-zone z_1 to-zone z_2 policy pol_1 match source-address [ n_1 n_2 ] destination-address as_1 application [ junos-http junos-https ]set security policies from-zone z_1 to-zone z_2 policy pol_1 then permit

3.2.1 links

SRX getting started: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

3.3 mikrotik

Hairping NAT: http://wiki.mikrotik.com/wiki/Hairpin_NAT

34 Chapter 3. Networking

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

http://wiki.mikrotik.com/wiki/Hairpin_NAT

CHAPTER 4

Programming

4.1 bash

4.1.1 links

BashFAQ: http://mywiki.wooledge.org/BashFAQ

4.2 bash snippets

4.2.1 100% Load 4 CPU cores

for i in 1 2 3 4; do while : ; do : ; done & done

4.2.2 show my ip

$ dig +short myip.opendns.com @resolver1.opendns.com

4.2.3 remove old files

Find and clean files in a directory and its subdirectories:

/usr/bin/find /dir -maxdepth 2 $ -name "access*.gz" -o -name "error*.gz" $ -a -mtime +178 -print0 | xargs -0 rm -vf 2>&1 | logger

4.2.4 template

#!/bin/bash

# ./script [-t DAYS] -a AGE -d DIR# -t today date# ex: ./script -a 366 -d /srv/log

DAY_ZERO=0LOG_DIR="/usr/local/empty"SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )

35

http://mywiki.wooledge.org/BashFAQ


# Logging tagLTAG="$(basename $0)[$$]"

do_log() {logger -t $LTAG "$*"

}

do_log "Started with params $*"

# Script paramswhile [ "$#" -ge "2" ] ; do

case $1 in-t)

DAY_ZERO=$2shift 2 ;;

-a)AGE=$2shift 2 ;;

-d)LOG_DIR=$2shift 2 ;;

*) shift 1 ;;esac

done

find_in_dir() {}

find_in_dir $LOG_DIR $AGE

do_log "Finished."

exit 0

4.3 c

Quickguide: http://www.tutorialspoint.com/cprogramming/c_quick_guide.htm

Baigta ties C - Input & Output

4.4 git

4.4.1 rename a local branch

git branch -m <oldname> <newname>

If you want to rename the current branch, you can simply do:

git branch -m <newname>

4.4.2 commit squashing

http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html

36 Chapter 4. Programming

http://www.tutorialspoint.com/cprogramming/c_quick_guide.htm

http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html


Commits must not be pushed. This will do interactive squashing of 4 last commits:

git rebase -i HEAD~4

4.4.3 log

git log --author=bobgit log --pretty=onelinegit log --graph --oneline --decorate --allgit log --name-status

Show not pushed commits:

git log --branches --not --remotes

4.4.4 show

View (possibly redirect) a file from a specific point in commit history.

git show <treeish>:<file>git show HEAD~4:index.html

4.4.5 gitk

Show all branches:

gitk --all

4.5 gitlab

4.5.1 Create Repository (gitlab)

mkdir aliasescd aliasesgit inittouch READMEgit add READMEgit commit -m 'first commit'git remote add origin gitlab@fqdn:puppet2/aliases.gitgit push -u origin master

4.5.2 Existing Git Repo? (gitlab)

cd existing_git_repogit remote add origin gitlab@fqdn:puppet2/aliases.gitgit push -u origin master

4.5. gitlab 37


-g provide debugging information.

-o0 Valgrind suggestion. With -o1 code runs faster, line numbers may be inacurate.

valgrind code

4.8. valgrind 39

CHAPTER 5

Solaris

5.1 SmartOS

Files: https://download.joyent.com/pub/iso/

KVM -> SmartOS http://www.the-mesh.org/content/building-smartos-home-data-center Blog:http://blog.smartcore.net.au/posts/ VRRP: http://www.c0t0d0s0.org/archives/7549-Less-known-Solaris-Features-Highly-available-loadbalancing..html

5.1.1 vmware

Disk controller: LSI Logic Parallel

5.1.2 Info

Cheat sheept: http://wiki.joyent.com/wiki/display/jpc2/The+Joyent+Linux-to-SmartOS+Cheat+Sheet

prstat -Z

5.1.3 Configuring

Changing the hostname

http://wiki.smartos.org/display/DOC/Administering+the+Global+Zone

Changin def vnc port

vmadm update dece98e8-29d7-4394-8cf1-d0185e2258b7 vnc_port=35351

5.2 zfs

dkms status

41

https://download.joyent.com/pub/iso/

http://www.the-mesh.org/content/building-smartos-home-data-center

http://blog.smartcore.net.au/posts/

http://www.c0t0d0s0.org/archives/7549-Less-known-Solaris-Features-Highly-available-loadbalancing..html

http://www.c0t0d0s0.org/archives/7549-Less-known-Solaris-Features-Highly-available-loadbalancing..html

http://wiki.joyent.com/wiki/display/jpc2/The+Joyent+Linux-to-SmartOS+Cheat+Sheet

http://wiki.smartos.org/display/DOC/Administering+the+Global+Zone


5.2.1 links

Naudingi patarimai is Arch: https://wiki.archlinux.org/index.php/ZFS

5.2.2 cheat sheets

http://www.datadisk.co.uk/html_docs/sun/sun_zfs_cs.htm

5.2.3 zfs on linux

zfs set sharenfs="rw=192.168.1.1/24,ro=192.168.2.1/24,no_root_squash"

Does not work with different option for different hosts:

zfs set sharenfs="rw=192.168.1.1/24,async,ro=192.168.2.1/24,sync" rpool/exports

42 Chapter 5. Solaris

https://wiki.archlinux.org/index.php/ZFS

http://www.datadisk.co.uk/html_docs/sun/sun_zfs_cs.htm

CHAPTER 6

Hardware

6.1 storcli

Full info:

storcli /c0 show

Physical drives:

storcli /c0/eall/sall showstorcli /c0/e64/s4,5,6,7 show

Drive groups:

storcli /c0/dall show all

Virtual drives:

storcli /c0/vall show

6.1.1 Creating RAID10

List new drives:

storcli /c0/e64/s4,5,6,7 show

Change status of all drives to good, use force if status is JBOD:

storcli /c0/e64/s4 set good

Show drive groups:

storcli /c0/dall show all

If drive group is marked as foreign, and it shouldn’t be, init it:

storcli /c0/e64/s5 start initializationstorcli /c0/e64/s5 show initialization

Create raid10 vd:

storcli /c0 add vd r10 drives=64:4,64:5,64:6,64:7 pdperarray=2

If the new vd is not consistent, init it:

43


storcli /c0/v1 showstorcli /c0/v1 start init [full]storcli /c0/v1 show init

44 Chapter 6. Hardware

CHAPTER 7

Other

7.1 virtualbox

7.1.1 VBoxManage

VBoxManage list dhcpserversVBoxManage dhcpserver modify --netname nat_10_1_2 --ip 10.1.2.3 --netmask 255.255.255.0 --lowerip 10.1.2.100 --upperip 10.1.2.254

45

dok documentation - read the docs documentation, release 1.0 2.5.3test a 10x 300mb be comp real...

Documents