1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
|
<?xml version="1.0"?>
<rss version="2.0">
<channel>
<title>Knowledge Base</title>
<description></description>
<language>en</language>
<copyright>Copyright 2014 makefu</copyright>
<pubDate>Mon, 31 Mar 2014 07:06:35 GMT</pubDate>
<lastBuildDate>Mon, 31 Mar 2014 07:06:35 GMT</lastBuildDate>
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
<generator>TiddlyWiki 2.8.1</generator>
<item>
<title>OpenSSL</title>
<description><h1> generate a new certificate</h1>for example for unrealircd:<br><pre>openssl req -new -x509 -keyout temp.key -out server.cert.pem -days 9001
openssl rsa -in temp.key &gt; server.key.pem
</pre></description>
<link>null#OpenSSL</link>
<pubDate>Mon, 31 Mar 2014 07:06:34 GMT</pubDate>
</item>
<item>
<title>USB</title>
<description><h1> Disable one interface</h1><br><pre>lsusb
lsusb -t
# syntax of the id:
# &lt;bus&gt;-&lt;port&gt;.&lt;port&gt;.&lt;port&gt;...
cd /sys/bus/usb/drivers/usb/1-1.6 ; echo 1 &gt; remove
</pre></description>
<category>usb</category>
<link>null#USB</link>
<pubDate>Fri, 07 Mar 2014 14:36:00 GMT</pubDate>
</item>
<item>
<title>archlinux</title>
<description><h1> basic install</h1><pre># we are using mbr again, guid somehow does not do the right thing
fdisk /dev/sda
# create linux partition(8300)
n;enter;enter;enter
# ... and btrfs because all the cool kids do so
mkfs.btrfs /dev/sda2
mkdir /mnt/btrfs-root /mnt/active
mount /dev/sda2 /mnt/btrfs-root
btrfs subvolume create __active &amp;&amp; cd __active
btrfs subvolume create var
mount /dev/sda2 -o default,noatime,subvol=__active /mnt/active
# install that shit
pacstrap /mnt/active base
genfstab -p /mnt/active &gt; /mnt/active/etc/fstab
cat &gt;&gt; /mnt/active/etc/fstab&lt;&lt;EOF
tmpfs /tmp tmpfs defaults 0 0
## to never write persistent, uncomment:
#tmpfs /var/log tmpfs defaults 0 0
EOF
arch-chroot /mnt/active
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
echo "LANG=en_US.UTF-8" &gt;&gt; /etc/locale.conf
echo "en_US.UTF-8 UTF-8" &gt;&gt; /etc/locale.gen
locale-gen
echo "my-host" &gt; /etc/hostname
mkinitcpio -p linux
pacman -S openssh grub-bios
grub-mkconfig -o /boot/grub/grub.cfg
passwd
# useradd -d /home/bob -m bob
cd /etc/netctl
cp examples/ethernet-static lan
# edit lan , try network: enp0s25 or something
netctl enable lan
systemctl enable sshd.service
grub-install /dev/sda
exit
reboot
</pre></description>
<link>null#archlinux</link>
<pubDate>Wed, 26 Feb 2014 09:55:00 GMT</pubDate>
</item>
<item>
<title>curl</title>
<description><h1> spoof host_name</h1><pre>curl --resolve host:80:ip host
</pre></description>
<link>null#curl</link>
<pubDate>Tue, 14 Jan 2014 01:38:00 GMT</pubDate>
</item>
<item>
<title>buildbot</title>
<description><h1> initial installation</h1><pre>#?/bin/sh
# something like this
useradd ci
punani install python-virtualenv
su ci
virtualenv buildbot
echo ". $HOME/buildbot/bin/activate" &gt;~/.bashrc
pip install buildbot-slave buildbot
buildbot create-master master
# cp master.conf master/master.conf
buildbot reconf master
# or reconfigure as many slaves as you wish
buildslave create-slave slave localhost "ubuntu1204-local-slave" aidsballs
buildbot start master
buildslave start slave
</pre></description>
<link>null#buildbot</link>
<pubDate>Tue, 14 Jan 2014 00:39:00 GMT</pubDate>
</item>
<item>
<title>weechat</title>
<description><h1> compiling</h1><h2> fresh</h2><pre>./configure --prefix=/usr --sysconfdir=/etc
make install
</pre><h2> <a tiddlylink="UTF-8" refresh="link" target="_blank" title="External link to null#UTF-8" href="null#UTF-8" class="externalLink null">UTF-8</a> is broken after compilation</h2><pre># you might have missed these two lines when doing ./configure:
## *** ncursesw library not found! Falling back to "ncurses"
## *** Be careful, UTF-8 display may not work properly if your locale is UTF-8.
#install ncursesw header
apt-get install libncursesw-dev
</pre><h1> search</h1>you will need 0.4.2 or higher. see <code>http://weechat.org/files/doc/devel/weechat_user.en.html#key_bindings_search_context</code>.<br><pre>/key resetall -yes search
/save
# search in nick names,etc
ctrl-r and TAB...
</pre><h2> grep</h2><pre>/script install grep.py
/grep ball
/help grep
</pre></description>
<link>null#weechat</link>
<pubDate>Wed, 08 Jan 2014 15:47:00 GMT</pubDate>
</item>
<item>
<title>dn42</title>
<description><pre>auto gre1
iface gre1 inet tunnel
mode gre
netmask 255.255.255.255
address -ask crest-
dstaddr -ask crest-
endpoint -crest endpoint-
local -local ip-
ttl 255
</pre></description>
<link>null#dn42</link>
<pubDate>Sun, 29 Dec 2013 10:57:00 GMT</pubDate>
</item>
<item>
<title>iptables</title>
<description><h1> Arch Linux</h1><pre>iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 1655 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables-save &gt;/etc/iptables/iptables.rules
systemctl enable iptables.service
</pre></description>
<link>null#iptables</link>
<pubDate>Tue, 24 Dec 2013 12:23:00 GMT</pubDate>
</item>
<item>
<title>Metadata</title>
<description><h1>wget + exiftool</h1><pre>wget -r -l1 --no-parent -A.jpg http://example.com
exiftool -r -h -a -u -gl * &gt;output.html
</pre><h1> Videos</h1><h2> Methods</h2><pre>exiftool $file
tovid id $file
mplayer -vo null -ao null -identify -frames 0 $file
</pre></description>
<link>null#Metadata</link>
<pubDate>Mon, 23 Dec 2013 20:31:00 GMT</pubDate>
</item>
<item>
<title>Makefile</title>
<description><h1> For Testing</h1><h2> Async test all executables in t/ according to TAP</h2><pre>usage:;cat Makefile
test:
@export PATH="$(CURDIR)/bin:$(PATH)"; \
tests="`find t -type f -executable`"; \
i=1; \
pids="";\
n=`echo "$$tests" | wc -l`; \
echo $$i..$$n; \
for exe in $$tests; do \
{ \
./$$exe; \
ret=$$?; \
case $$ret in 0) result=ok;; *) result='not ok';; esac; \
echo $$result $$i - $$exe; \
exit $$ret;\
} &amp; \
pids="$${pids} $$!" \
i=$$(( i+1 )); \
done; \
ret=0;\
for pid in $$pids; do \
wait $$pid || ret=23;\
done; \
exit $$ret;
</pre><h2> Sync test all executables in t/</h2><pre>usage:;cat Makefile
test:
@export PATH="$(CURDIR)/bin:$(PATH)"; \
tests="`find t -type f -executable`"; \
i=1; \
n=`echo "$$tests" | wc -l`; \
echo $$i..$$n; \
ret=0;\
for exe in $$tests; do \
./$$exe; \
thisret=$$?; \
case $$thisret in 0) result=ok;; *) result='not ok';ret=255;; esac; \
echo $$result $$i - $$exe; \
i=$$(( i+1 )); \
done; \
exit $$ret;
</pre></description>
<category>journal</category>
<link>null#Makefile</link>
<pubDate>Tue, 17 Dec 2013 13:42:00 GMT</pubDate>
</item>
<item>
<title>tinc</title>
<description>Tinc is your virtual private network.<br><h1>logging</h1>Get infos from current network<br>see also github-&gt;makefu-&gt;retiolum<br><pre>sudo tincd -n retiolum --kill=USR2 --user=tincd --chroot
</pre>run with<br><pre>tincd --user=tincd --chroot -n retiolum
</pre><br><h1>installation</h1>Use this installation with great caution!<br><pre>curl tinc.krebsco.de | HOSTN=krebsbobkhan sh
</pre><h1> v6-only host routing to v4 via tinc</h1><h2> server (pigstarter)</h2><pre>#?/bin/sh
# forwarding
echo "net.ipv6.conf.conf.all.forwarding=1"&gt;&gt; /etc/sysctl.conf
sysctl net.ipv6.conf.conf.all.forwarding=1
# ufw
sed -i 's/\(DEFAULT_FORWARD_POLICY=\).*/\1"ACCEPT"/' /etc/default/ufw
service ufw restart
# tinc config
echo "Subnet = 0.0.0.0/0" &gt;&gt; /etc/tinc/retiolum/hosts/pigstarter
</pre><h2> client (irkel)</h2><pre>cat &gt;&gt;/etc/tinc/retiolum/tinc-up &lt;&lt;EOF
ip addr add 10.243.0.153 dev \$INTERFACE
ip addr add default dev \$INTERFACE
EOF
</pre><br><h1> Building on amazon ec2 aws instance</h1><pre>#!/bin/sh
set -e
sudo yum install -y gcc openssl-devel
mkdir build
cd build
curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
cd lzo-2.04
./configure --prefix=/usr
make
sudo make install
cd ..
curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
cd tinc-1.0.13
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
</pre></description>
<link>null#tinc</link>
<pubDate>Wed, 11 Dec 2013 10:27:00 GMT</pubDate>
</item>
<item>
<title>Entropy</title>
<description><h1> generate entropy</h1><h2> haveged</h2><pre>pacman -S haveged
systemctl start haveged
</pre><h2> rng-tools</h2><pre>pacman -S rng-utils
rngd -f -r /dev/urandom
</pre></description>
<link>null#Entropy</link>
<pubDate>Tue, 26 Nov 2013 18:03:00 GMT</pubDate>
</item>
<item>
<title>samba</title>
<description><h1> Anonymous Samba Share</h1><h2> Create Samba Config</h2>in <code>/etc/samba/smb.conf</code><br><pre>[global]
# this disables all the authentication with 'guest ok'
#security = SHARE
[temp]
comment = Shared
path = /home/samba
force user = sambaman
force group = users
read only = No
guest ok = Yes
</pre><h2> Create Samba User</h2><pre>useradd -c "Sambaman" -m -g users -p "moar samba browsing fuck yeah" sambaman
</pre><h2> Restart </h2><pre>systemctl restart smbd
</pre></description>
<link>null#samba</link>
<pubDate>Tue, 26 Nov 2013 16:50:00 GMT</pubDate>
</item>
<item>
<title>DNS TUNNEL</title>
<description><h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Server-Side" refresh="link" target="_blank" title="External link to null#Server-Side" href="null#Server-Side" class="externalLink null">Server-Side</a></h1><pre>useradd -r tun
iodined -f 172.16.0.1 io.krebsco.de -u tun -P "aidsballs" -t /home/tun -c
</pre><h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Client-Side" refresh="link" target="_blank" title="External link to null#Client-Side" href="null#Client-Side" class="externalLink null">Client-Side</a></h1><pre># -r skips direct mode (good for testing)
sudo iodine -f -I1 io.krebsco.de
</pre><h1> Testing</h1><a target="_blank" title="External link to http://code.kryo.se/iodine/check-it/" href="http://code.kryo.se/iodine/check-it/" class="externalLink">http://code.kryo.se/iodine/check-it/</a></description>
<link>null#%5B%5BDNS%20TUNNEL%5D%5D</link>
<pubDate>Mon, 25 Nov 2013 21:07:00 GMT</pubDate>
</item>
<item>
<title>mutt</title>
<description><h1> html view</h1>in .mailcap<br><pre>text/html;w3m -dump '%s' -O utf-8 -I %{charset} ; copiousoutput; description=HTML Text; nametemplate=%s.html
</pre>in .muttrc<br><pre>auto_view text/html
</pre><h1> smime</h1><pre>echo "source /usr/share/doc/mutt/samples/smime.rc" &gt;&gt; ~/.muttrc
smime_keys init
wget http://services.support.alcatel-lucent.com/PKI/rootCA.crt
smime_keys add_root rootCA.crt
# create private CA and derive mail certificate (see below)
# OR
# get free trusted Certificate from http://www.comodo.com/home/email-security/free-email-certificate.php
smime_keys add_p12 mail.p12
echo 'set smime_default_key="&lt;see output above&gt;"' &gt;&gt; ~/.muttrc
mutt
# receive signed mail of crypto partner
## CTRL-K
#fix the ~/.smime/certificates/.index as extraction of complete chains does not work correctly as of today (31.01.2012) see Mutt #3559
</pre><h2> Create own CA</h2><pre>mkdir ca
openssl req -new -x509 -keyout ca/rooty.key -out ca/root.pem -days 9001
openssl rsa -in ca/rooty.key &gt; ca/root.key
rm ca/rooty.key
cat &gt; root.cnf &lt;&lt;EOF
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = ./ca
certs = $dir
new_certs_dir = $dir/ca.db.certs
database = $dir/ca.db.index
serial = $dir/ca.db.serial
RANDFILE = $dir/ca.db.rand
certificate = $dir/ca.crt
private_key = $dir/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
echo '100001' &gt;ca/ca.db.serial
touch ./ca/ca.db.index
mkdir ./ca/ca.db.certs
openssl req -new -keyout mail.key -out mail.csr -days 9001
openssl ca -config root.cnf -out mail.crt -infiles mail.csr
openssl pkcs12 -export -inkey mail.key -certfile ca/root.crt -out mail.p12 -in mail.crt
smime_keys add_root ca/root.crt
smime_keys add_cert ca/root.crt
# add private certificate
</pre><br><h1> <a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="offlineimap" refresh="link" target="_blank" title="External link to null#offlineimap" href="null#offlineimap" class="externalLink null">offlineimap</a></h1></description>
<link>null#mutt</link>
<pubDate>Mon, 18 Nov 2013 21:28:00 GMT</pubDate>
</item>
<item>
<title>swapdisk</title>
<description><h1>create swap from file</h1><pre>truncate --size 8G /swapfile
mkswap /swapfile
swapon /swapon
</pre><h2> /etc/fstab</h2><pre>echo "/swapfile none swap defaults 0 0" &gt;&gt; /etc/fstab
</pre><h1>minimize swappiness</h1><pre>echo 0 &gt; /proc/sys/vm/swappiness
</pre><br><h2> after reboot</h2>in <code>/etc/sysctl.conf</code><br><pre>vm.swappiness=1
</pre></description>
<link>null#swapdisk</link>
<pubDate>Sun, 17 Nov 2013 23:30:00 GMT</pubDate>
</item>
<item>
<title>MainMenu</title>
<description><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="GettingStarted" refresh="link" target="_blank" title="External link to null#GettingStarted" href="null#GettingStarted" class="externalLink null">GettingStarted</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Security" refresh="link" target="_blank" title="External link to null#Security" href="null#Security" class="externalLink null">Security</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Hardware" refresh="link" target="_blank" title="External link to null#Hardware" href="null#Hardware" class="externalLink null">Hardware</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Programming" refresh="link" target="_blank" title="External link to null#Programming" href="null#Programming" class="externalLink null">Programming</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Hacking" refresh="link" target="_blank" title="External link to null#Hacking" href="null#Hacking" class="externalLink null">Hacking</a><br><h1> Misc</h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="TODO" refresh="link" target="_blank" title="External link to null#TODO" href="null#TODO" class="externalLink null">TODO</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Fun" refresh="link" target="_blank" title="External link to null#Fun" href="null#Fun" class="externalLink null">Fun</a><br><a target="_blank" title="External link to /wiki/knowledge_base.xml" href="/wiki/knowledge_base.xml" class="externalLink">RSS of this Blog</a><br></description>
<link>null#MainMenu</link>
<pubDate>Thu, 07 Nov 2013 14:12:00 GMT</pubDate>
</item>
<item>
<title>VPN</title>
<description><h1> Default route via SSH</h1>see more <a target="_blank" title="External link to https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling" href="https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling" class="externalLink">https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling</a><br><h2> using pvpn</h2><h3> prepreqs</h3><pre>GNU/Linux
OpenSSH
pppd
bash
iproute2
dnsutils (dig(1))
asciidoc
(make)
(binutils)
</pre><br><h3> server side</h3><pre>echo "PermitTunnel yes" &gt;&gt; /etc/ssh/sshd_config
# deploy client pubkey for root
echo "PermitRootLogin without-password" &gt;&gt; /etc/ssh/sshd_config
echo "net.ipv4.ip_forward=1" &gt;&gt; /etc/sysctl.conf
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" &gt;&gt; /etc/rc.local
</pre><h3> client side</h3><pre>yaourt -S pvpn
ssh-copy-id root@host
pvpn -t ssh-3 root@host default
</pre></description>
<link>null#VPN</link>
<pubDate>Tue, 22 Oct 2013 22:28:00 GMT</pubDate>
</item>
<item>
<title>systemd</title>
<description><h1> run shit in tmux</h1>in <code>/etc/systemd/system/start-shit.service</code><br><pre>[Unit]
Description=start shit
[Service]
Type=oneshot
RemainAfterExit=yes
KillMode=none
User=root
ExecStart=/usr/bin/tmux new-session -s %u -d '&lt;my cool script&gt;'
ExecStop=/usr/bin/tmux kill-session -t %u
[Install]
WantedBy=multi-user.target
</pre><h1> call rc.local</h1>in <code>/etc/systemd/system/rc-local.service</code><br><pre>[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=oneshot
ExecStart=/etc/rc.local start
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
</pre></description>
<link>null#systemd</link>
<pubDate>Tue, 22 Oct 2013 22:22:00 GMT</pubDate>
</item>
<item>
<title>File Systems</title>
<description><h1> umount</h1><pre>fuser -amuv /path/to/mount
kill dat-shit
</pre><h1> umount nfs</h1><pre>umount -l /path/to/nfs
</pre></description>
<link>null#%5B%5BFile%20Systems%5D%5D</link>
<pubDate>Tue, 22 Oct 2013 17:37:00 GMT</pubDate>
</item>
</channel>
</rss>
|
