- FlorianWoegerer 's Personal Notes (mainly linux/debian orientated)

linux stuff

FILES

.bashrc - includes "aliases" for the command line... i.e. ls = ls --color 
.bash_profile - check die file auch mal...
/etc/motd - Message of the day
crontab -e - make new crontabs (add 2>&1 > /dev/null 2>&1 > /dev/null to not receive any email notification)

Chown change owner of file

CHMOD change permissions of file

(r = 4), Write (w=2), Execute (x=1)

         OWNER  |  GROUP  |  OTHER
Write      2         2         2
Read       4         4         4
Execute    1         1         1

i.e: Full permission to owner, read permission to group and no permission to world would be:
7 2 0
makes sense huh? ''Not much.''

THE POWER OF DEBIAN - APT!

apt-get PACKAGE NAME - will install that package with all unmeet dependencies and download those as well
apt-get update       - will update your source list
apt-get upgrade      - will update all install packages to the most current version if available

apt-cache search PACKAGE - Searches your APT list for PACKAGE.
Lets say you want an irc client...you dont know any irc clients? (man you suck ;)) well, type in:
apt-cache search irc client <enter>
and you will get something like:

irssi-text - text-mode version of the irssi IRC client
ksirc - IRC Client based on Qt and KDE
xchat - IRC client for X similar to AmIRC
xchat-gnome - IRC client for GNOME similar to AmIRC
xchat-text - IRC client for console similar to AmIRC
bitchx - Advanced Internet Relay Chat client
bitchx-ssl - SSL support for BitchX
blackened - A feature rich ircII based IRC client

well now you can choose yourself what you want!
Lets see I want irssi (neat IRC client) type in:
apt-get install irssi

and you got it!

changing apt sources. Apt uses a sources list found at:
/etc/apt/sources.list

where all websites containing sources and binaries are listed.

Installing Kernel (debian)

apt-get kernel sources
apt-get install kernel-package

# mehr zu folgendem siehe LinuxKernel
make-kpkg clean
make-kpkg kernel_image

PORTS/SCANS

netstat -a | grep LISTEN - display ports
nmap -Ss HOST - Stealth scan

whois

whois - make a whois query on a domain name - address, contact details, nameserveretc. 
dig  -  technical details of domains

Networking / Internet

ifconfig eth0 OPTIONS     - configures your network card
iface eth0 inet dhcp      - dhcp client...if ure on a network with DHCP server this is the easiest way to go

Nameservers go in here:
/etc/resolv.conf

Samba - windows connectivity

Start Samba /etc/rc.d/init.d/samba start
Stop Samba /etc/rc.d/init.d/samba stop
Restart Samba /etc/rc.d/init.d/samba restart 

Creating Shares
[myshare]
comment = Share for John and Sam
path = /usr/share
valid users = john sam
public = no
writable = yes
printable = no
create mask = 0765

Apache

Securing directories:

Creating the .htpass file
htpasswd -cb .htpass USER PASS
-c :makes a new file
-b :Uses password stated in command line
-m: MD5 encryption
-d: CRYPT encryption

Creating the .htaccess file

AuthUserFile /var/htpass/.htpasswd
#AuthGroupFile /var/htpass/.htgroup
AuthName priv area
AuthType Basic

require user nexflo whoever

Screening

screen -w                       - shows all current processes
screen -r pid                   - jumps to process
[strg] [a] [d]                  - detach
screen -r                       - opens last screen

Printer related

Installing printer via CUPS:
apt-get install cupsys

Mounting/HDD related

View HDD's:
fdisk -l

View supported filesystems:
cat /proc/filesystems
    
make dir and mount:
mkdir /mnt/windows
mount /dev/hda1 /mnt/windows -t ntfs -r
FileSystems:
adfs, affs, autofs,coda, coherent, cramfs, devpts, efs, ext, ext2,
ext3, hfs, hpfs, iso9660, jfs, minix, msdos, ncpfs, nfs, ntfs,
proc, qnx4, reiserfs, romfs, smbfs, sysv, tmpfs, udf, ufs, umsdos
vfat, xenix, xfs, xiafs

vi

[esc]q                          - quit
[esc]!q                         - quit without saving
[esc]wq                         - save and quit
[esc]w                          - save
[insert]                        - inserts characters without replacing anything
[insert][insert]                - inserts characters over existing charcters   

Firewall/security

PortSentry: Great app which monitors ports, and if it detects a portscan, it blocks the scanning IP.

Default configuration file located at:
/usr/local/psionic/portsentry/portsentry.conf

Uncheck the lines below: "# Use these if you just want to be aware" to watch those standart ports. (143 port is used for IMAP so u should remove that from the list)

add the following to the rc.local file to boot portsentry at start up:

echo "PortSentry started"
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
echo "Loaded! - Have a nice day :)"


IPtables:

Browsing and outgoing connections only: (blocks all incoming(sshd,ftpd, httpd )
/sbin/iptables -A INPUT -p tcp --syn -j DROP

Block all ports, besides port 22 to allow sshd:
/sbin/iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --syn -j DROP

Block all ports,besides port 22, and only allow predefined IP to access that port.

/sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.100/32 --destination-port 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --syn -j DROP

To add other services now, just add to that lines (commands are read sequentially)

/sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.100/32 --destination-port 22 -j ACCEPT #allow connection to sshd from IP 192.168.1.100
/sbin/iptables -A INPUT -p tcp --syn --destination-port 80 -j ACCEPT #allow httpd server to be accessed by world
/sbin/iptables -A INPUT -p tcp --syn -j DROP #block all ports (besides the limitations of above)

just commands

ls -la                          - shows all files in folder
ls --color                      - shows files in folder with color
cat                             - outputs a file into the shell
ps aux -u nexflo |grep screen   - shows all current screen sessions
kill pid                        - kills a process or screen
ln                              - create a link / shortcut

flos bin

http://berlin.cubic-international.com/downloads/canon/eflenses1-english.pdf
max power - jordan


(!) Wie wäre es, auf den globalen Seiten zu diesen Themen mitzuarbeiten, anstatt hier ne eigene Baustelle aufzumachen? Hätte den Vorteil, dass es dann auch von allen genutzt/bearbeitet und korrigiert würde.

FlorianWoegerer/Notizen (zuletzt geändert am 2007-12-23 22:47:31 durch localhost)