Merge branch 'master' of pigstarter:euer_blog
This commit is contained in:
makefu
commit
fb6b7311b4
68
content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
Normal file
68
content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
Arch+libvirt+bridges+ufw
|
||||
########################
|
||||
:date: 2014-07-03 14:48
|
||||
:tags: archlinux,libvirt,network-bridge,ufw,netctl
|
||||
|
||||
I never thought getting bridged network for libvirt
|
||||
clients to work under archlinux. Here is the digest.
|
||||
|
||||
Adding Bridge Network with netctl
|
||||
---------------------------------
|
||||
eth0 needs to be up in order to get the bridge working
|
||||
|
||||
|
||||
**/etc/netctl/bridge**
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
Description='bridge'
|
||||
Interface=br0
|
||||
Connection=bridge
|
||||
BindsToInterface=(eth0)
|
||||
IP=static # or dhcp
|
||||
Address=('1.2.3.4/24')
|
||||
Gateway='1.2.3.1'
|
||||
DNS=('1.2.3.3')
|
||||
ExecUpPost="brctl stp $Interface on||:"
|
||||
|
||||
**/etc/netctl/eth_bridged**
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
Description='eth0 without ip'
|
||||
Interface=eth0
|
||||
Connection=ethernet
|
||||
IP=no
|
||||
IP6=no
|
||||
|
||||
**enable the bridge**
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
systemctl disable dhcpcd@eth0 # if applicable
|
||||
netctl enable bridge
|
||||
netctl enable eth_bridged
|
||||
|
||||
After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients.
|
||||
If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT :
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
|
||||
|
||||
maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
net.bridge.bridge-nf-call-ip6tables = 0
|
||||
net.bridge.bridge-nf-call-iptables = 0
|
||||
net.bridge.bridge-nf-call-arptables = 0
|
||||
|
||||
enable security changes
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
ufw disable
|
||||
ufw enable
|
||||
sysctl -p /etc/sysctl.d/bridge.conf
|
||||
|
||||
55
content/posts/scripting-forti.rst
Normal file
55
content/posts/scripting-forti.rst
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
Scripting the Fortigate VPN Client
|
||||
##################################
|
||||
:date: 2014-09-12 13:37
|
||||
:tags: expect, fortigate
|
||||
|
||||
Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client .
|
||||
Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable.
|
||||
|
||||
I wrote an Expect script which works work around both issues:
|
||||
|
||||
.. code-block:: tcl
|
||||
|
||||
#!/usr/bin/expect -f
|
||||
# cd into the 64 bit folder of the client
|
||||
# usage: efort.exp
|
||||
|
||||
spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1
|
||||
log_user 0
|
||||
send_user "Logging in\n"
|
||||
expect "Password for VPN:"
|
||||
send "<VPNPASSWORD>\n"
|
||||
|
||||
# i needed ths for 'certificate error'
|
||||
expect "Would you like to connect to this server"
|
||||
send "Y\n"
|
||||
send_user "Beginning to connect\n"
|
||||
expect "STATUS::Tunnel running"
|
||||
send_user "Tunnel running!\n"
|
||||
|
||||
# this is how long the next expect waits for pattern match, in seconds
|
||||
set timeout 90001
|
||||
expect "STATUS::Tunnel closed"
|
||||
send_user "Tunnel closed!\n"
|
||||
send_user "Dying\n"
|
||||
close
|
||||
exit
|
||||
|
||||
|
||||
At the end, enterprise-loop the script and we are done!
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
#!/bin/sh
|
||||
cd "$(dirname "$(readlink -f "$0")")"
|
||||
while sleep 1;do
|
||||
expect efort.exp
|
||||
echo "Restarting forticlient !"
|
||||
done
|
||||
|
||||
|
||||
Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the `official FTP server`_ or have a look at the current `fortclientsslvpn AUR package`_.
|
||||
|
||||
|
||||
.. _official FTP server: ftp://pftpintl:sgn89IOngs@support.fortinet.com/FortiGate/v5.00/5.2/5.2.0/VPN/SSLVPNTools/forticlientsslvpn_linux_4.4.2303.tar.gz
|
||||
.. _fortclientsslvpn AUR package: https://aur.archlinux.org/packages/forticlientsslvpn/
|
||||
File diff suppressed because one or more lines are too long
1
content/wiki/knowledge_base.html
Symbolic link
1
content/wiki/knowledge_base.html
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
/home/autosync/autosync/wiki/private/knowledge_base.html
|
||||
|
|
@ -1,462 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<rss version="2.0">
|
||||
<channel>
|
||||
<title>Knowledge Base</title>
|
||||
<description></description>
|
||||
<language>en</language>
|
||||
<copyright>Copyright 2014 makefu</copyright>
|
||||
<pubDate>Mon, 31 Mar 2014 07:06:35 GMT</pubDate>
|
||||
<lastBuildDate>Mon, 31 Mar 2014 07:06:35 GMT</lastBuildDate>
|
||||
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
|
||||
<generator>TiddlyWiki 2.8.1</generator>
|
||||
<item>
|
||||
<title>OpenSSL</title>
|
||||
<description><h1> generate a new certificate</h1>for example for unrealircd:<br><pre>openssl req -new -x509 -keyout temp.key -out server.cert.pem -days 9001
|
||||
openssl rsa -in temp.key &gt; server.key.pem
|
||||
</pre></description>
|
||||
<link>null#OpenSSL</link>
|
||||
<pubDate>Mon, 31 Mar 2014 07:06:34 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>USB</title>
|
||||
<description><h1> Disable one interface</h1><br><pre>lsusb
|
||||
lsusb -t
|
||||
# syntax of the id:
|
||||
# &lt;bus&gt;-&lt;port&gt;.&lt;port&gt;.&lt;port&gt;...
|
||||
cd /sys/bus/usb/drivers/usb/1-1.6 ; echo 1 &gt; remove
|
||||
</pre></description>
|
||||
<category>usb</category>
|
||||
<link>null#USB</link>
|
||||
<pubDate>Fri, 07 Mar 2014 14:36:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>archlinux</title>
|
||||
<description><h1> basic install</h1><pre># we are using mbr again, guid somehow does not do the right thing
|
||||
fdisk /dev/sda
|
||||
# create linux partition(8300)
|
||||
n;enter;enter;enter
|
||||
# ... and btrfs because all the cool kids do so
|
||||
mkfs.btrfs /dev/sda2
|
||||
mkdir /mnt/btrfs-root /mnt/active
|
||||
mount /dev/sda2 /mnt/btrfs-root
|
||||
btrfs subvolume create __active &amp;&amp; cd __active
|
||||
btrfs subvolume create var
|
||||
mount /dev/sda2 -o default,noatime,subvol=__active /mnt/active
|
||||
|
||||
# install that shit
|
||||
pacstrap /mnt/active base
|
||||
genfstab -p /mnt/active &gt; /mnt/active/etc/fstab
|
||||
cat &gt;&gt; /mnt/active/etc/fstab&lt;&lt;EOF
|
||||
tmpfs /tmp tmpfs defaults 0 0
|
||||
## to never write persistent, uncomment:
|
||||
#tmpfs /var/log tmpfs defaults 0 0
|
||||
EOF
|
||||
arch-chroot /mnt/active
|
||||
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
|
||||
echo "LANG=en_US.UTF-8" &gt;&gt; /etc/locale.conf
|
||||
echo "en_US.UTF-8 UTF-8" &gt;&gt; /etc/locale.gen
|
||||
locale-gen
|
||||
echo "my-host" &gt; /etc/hostname
|
||||
mkinitcpio -p linux
|
||||
pacman -S openssh grub-bios
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
passwd
|
||||
# useradd -d /home/bob -m bob
|
||||
cd /etc/netctl
|
||||
cp examples/ethernet-static lan
|
||||
# edit lan , try network: enp0s25 or something
|
||||
netctl enable lan
|
||||
systemctl enable sshd.service
|
||||
grub-install /dev/sda
|
||||
exit
|
||||
reboot
|
||||
</pre></description>
|
||||
<link>null#archlinux</link>
|
||||
<pubDate>Wed, 26 Feb 2014 09:55:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>curl</title>
|
||||
<description><h1> spoof host_name</h1><pre>curl --resolve host:80:ip host
|
||||
</pre></description>
|
||||
<link>null#curl</link>
|
||||
<pubDate>Tue, 14 Jan 2014 01:38:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>buildbot</title>
|
||||
<description><h1> initial installation</h1><pre>#?/bin/sh
|
||||
# something like this
|
||||
|
||||
useradd ci
|
||||
punani install python-virtualenv
|
||||
su ci
|
||||
virtualenv buildbot
|
||||
echo ". $HOME/buildbot/bin/activate" &gt;~/.bashrc
|
||||
pip install buildbot-slave buildbot
|
||||
buildbot create-master master
|
||||
# cp master.conf master/master.conf
|
||||
buildbot reconf master
|
||||
# or reconfigure as many slaves as you wish
|
||||
buildslave create-slave slave localhost "ubuntu1204-local-slave" aidsballs
|
||||
buildbot start master
|
||||
buildslave start slave
|
||||
|
||||
</pre></description>
|
||||
<link>null#buildbot</link>
|
||||
<pubDate>Tue, 14 Jan 2014 00:39:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>weechat</title>
|
||||
<description><h1> compiling</h1><h2> fresh</h2><pre>./configure --prefix=/usr --sysconfdir=/etc
|
||||
make install
|
||||
</pre><h2> <a tiddlylink="UTF-8" refresh="link" target="_blank" title="External link to null#UTF-8" href="null#UTF-8" class="externalLink null">UTF-8</a> is broken after compilation</h2><pre># you might have missed these two lines when doing ./configure:
|
||||
## *** ncursesw library not found! Falling back to "ncurses"
|
||||
## *** Be careful, UTF-8 display may not work properly if your locale is UTF-8.
|
||||
#install ncursesw header
|
||||
apt-get install libncursesw-dev
|
||||
</pre><h1> search</h1>you will need 0.4.2 or higher. see <code>http://weechat.org/files/doc/devel/weechat_user.en.html#key_bindings_search_context</code>.<br><pre>/key resetall -yes search
|
||||
/save
|
||||
# search in nick names,etc
|
||||
ctrl-r and TAB...
|
||||
</pre><h2> grep</h2><pre>/script install grep.py
|
||||
/grep ball
|
||||
/help grep
|
||||
</pre></description>
|
||||
<link>null#weechat</link>
|
||||
<pubDate>Wed, 08 Jan 2014 15:47:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>dn42</title>
|
||||
<description><pre>auto gre1
|
||||
iface gre1 inet tunnel
|
||||
mode gre
|
||||
netmask 255.255.255.255
|
||||
address -ask crest-
|
||||
dstaddr -ask crest-
|
||||
endpoint -crest endpoint-
|
||||
local -local ip-
|
||||
ttl 255
|
||||
|
||||
</pre></description>
|
||||
<link>null#dn42</link>
|
||||
<pubDate>Sun, 29 Dec 2013 10:57:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>iptables</title>
|
||||
<description><h1> Arch Linux</h1><pre>iptables -F
|
||||
iptables -P FORWARD DROP
|
||||
iptables -P INPUT DROP
|
||||
iptables -P OUTPUT ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 1655 -j ACCEPT
|
||||
iptables -A INPUT -i lo -j ACCEPT
|
||||
iptables-save &gt;/etc/iptables/iptables.rules
|
||||
systemctl enable iptables.service
|
||||
</pre></description>
|
||||
<link>null#iptables</link>
|
||||
<pubDate>Tue, 24 Dec 2013 12:23:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>Metadata</title>
|
||||
<description><h1>wget + exiftool</h1><pre>wget -r -l1 --no-parent -A.jpg http://example.com
|
||||
exiftool -r -h -a -u -gl * &gt;output.html
|
||||
</pre><h1> Videos</h1><h2> Methods</h2><pre>exiftool $file
|
||||
tovid id $file
|
||||
mplayer -vo null -ao null -identify -frames 0 $file
|
||||
|
||||
</pre></description>
|
||||
<link>null#Metadata</link>
|
||||
<pubDate>Mon, 23 Dec 2013 20:31:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>Makefile</title>
|
||||
<description><h1> For Testing</h1><h2> Async test all executables in t/ according to TAP</h2><pre>usage:;cat Makefile
|
||||
test:
|
||||
@export PATH="$(CURDIR)/bin:$(PATH)"; \
|
||||
tests="`find t -type f -executable`"; \
|
||||
i=1; \
|
||||
pids="";\
|
||||
n=`echo "$$tests" | wc -l`; \
|
||||
echo $$i..$$n; \
|
||||
for exe in $$tests; do \
|
||||
{ \
|
||||
./$$exe; \
|
||||
ret=$$?; \
|
||||
case $$ret in 0) result=ok;; *) result='not ok';; esac; \
|
||||
echo $$result $$i - $$exe; \
|
||||
exit $$ret;\
|
||||
} &amp; \
|
||||
pids="$${pids} $$!" \
|
||||
i=$$(( i+1 )); \
|
||||
done; \
|
||||
ret=0;\
|
||||
for pid in $$pids; do \
|
||||
wait $$pid || ret=23;\
|
||||
done; \
|
||||
exit $$ret;
|
||||
</pre><h2> Sync test all executables in t/</h2><pre>usage:;cat Makefile
|
||||
test:
|
||||
@export PATH="$(CURDIR)/bin:$(PATH)"; \
|
||||
tests="`find t -type f -executable`"; \
|
||||
i=1; \
|
||||
n=`echo "$$tests" | wc -l`; \
|
||||
echo $$i..$$n; \
|
||||
ret=0;\
|
||||
for exe in $$tests; do \
|
||||
./$$exe; \
|
||||
thisret=$$?; \
|
||||
case $$thisret in 0) result=ok;; *) result='not ok';ret=255;; esac; \
|
||||
echo $$result $$i - $$exe; \
|
||||
i=$$(( i+1 )); \
|
||||
done; \
|
||||
exit $$ret;
|
||||
</pre></description>
|
||||
<category>journal</category>
|
||||
<link>null#Makefile</link>
|
||||
<pubDate>Tue, 17 Dec 2013 13:42:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>tinc</title>
|
||||
<description>Tinc is your virtual private network.<br><h1>logging</h1>Get infos from current network<br>see also github-&gt;makefu-&gt;retiolum<br><pre>sudo tincd -n retiolum --kill=USR2 --user=tincd --chroot
|
||||
</pre>run with<br><pre>tincd --user=tincd --chroot -n retiolum
|
||||
</pre><br><h1>installation</h1>Use this installation with great caution!<br><pre>curl tinc.krebsco.de | HOSTN=krebsbobkhan sh
|
||||
</pre><h1> v6-only host routing to v4 via tinc</h1><h2> server (pigstarter)</h2><pre>#?/bin/sh
|
||||
# forwarding
|
||||
echo "net.ipv6.conf.conf.all.forwarding=1"&gt;&gt; /etc/sysctl.conf
|
||||
sysctl net.ipv6.conf.conf.all.forwarding=1
|
||||
# ufw
|
||||
sed -i 's/\(DEFAULT_FORWARD_POLICY=\).*/\1"ACCEPT"/' /etc/default/ufw
|
||||
service ufw restart
|
||||
# tinc config
|
||||
echo "Subnet = 0.0.0.0/0" &gt;&gt; /etc/tinc/retiolum/hosts/pigstarter
|
||||
</pre><h2> client (irkel)</h2><pre>cat &gt;&gt;/etc/tinc/retiolum/tinc-up &lt;&lt;EOF
|
||||
ip addr add 10.243.0.153 dev \$INTERFACE
|
||||
ip addr add default dev \$INTERFACE
|
||||
EOF
|
||||
</pre><br><h1> Building on amazon ec2 aws instance</h1><pre>#!/bin/sh
|
||||
set -e
|
||||
sudo yum install -y gcc openssl-devel
|
||||
mkdir build
|
||||
cd build
|
||||
curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
|
||||
cd lzo-2.04
|
||||
./configure --prefix=/usr
|
||||
make
|
||||
sudo make install
|
||||
cd ..
|
||||
curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
|
||||
cd tinc-1.0.13
|
||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
|
||||
make
|
||||
sudo make install
|
||||
</pre></description>
|
||||
<link>null#tinc</link>
|
||||
<pubDate>Wed, 11 Dec 2013 10:27:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>Entropy</title>
|
||||
<description><h1> generate entropy</h1><h2> haveged</h2><pre>pacman -S haveged
|
||||
systemctl start haveged
|
||||
</pre><h2> rng-tools</h2><pre>pacman -S rng-utils
|
||||
rngd -f -r /dev/urandom
|
||||
</pre></description>
|
||||
<link>null#Entropy</link>
|
||||
<pubDate>Tue, 26 Nov 2013 18:03:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>samba</title>
|
||||
<description><h1> Anonymous Samba Share</h1><h2> Create Samba Config</h2>in <code>/etc/samba/smb.conf</code><br><pre>[global]
|
||||
# this disables all the authentication with 'guest ok'
|
||||
#security = SHARE
|
||||
[temp]
|
||||
comment = Shared
|
||||
path = /home/samba
|
||||
force user = sambaman
|
||||
force group = users
|
||||
read only = No
|
||||
guest ok = Yes
|
||||
</pre><h2> Create Samba User</h2><pre>useradd -c "Sambaman" -m -g users -p "moar samba browsing fuck yeah" sambaman
|
||||
</pre><h2> Restart </h2><pre>systemctl restart smbd
|
||||
</pre></description>
|
||||
<link>null#samba</link>
|
||||
<pubDate>Tue, 26 Nov 2013 16:50:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>DNS TUNNEL</title>
|
||||
<description><h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Server-Side" refresh="link" target="_blank" title="External link to null#Server-Side" href="null#Server-Side" class="externalLink null">Server-Side</a></h1><pre>useradd -r tun
|
||||
iodined -f 172.16.0.1 io.krebsco.de -u tun -P "aidsballs" -t /home/tun -c
|
||||
</pre><h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Client-Side" refresh="link" target="_blank" title="External link to null#Client-Side" href="null#Client-Side" class="externalLink null">Client-Side</a></h1><pre># -r skips direct mode (good for testing)
|
||||
sudo iodine -f -I1 io.krebsco.de
|
||||
</pre><h1> Testing</h1><a target="_blank" title="External link to http://code.kryo.se/iodine/check-it/" href="http://code.kryo.se/iodine/check-it/" class="externalLink">http://code.kryo.se/iodine/check-it/</a></description>
|
||||
<link>null#%5B%5BDNS%20TUNNEL%5D%5D</link>
|
||||
<pubDate>Mon, 25 Nov 2013 21:07:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>mutt</title>
|
||||
<description><h1> html view</h1>in .mailcap<br><pre>text/html;w3m -dump '%s' -O utf-8 -I %{charset} ; copiousoutput; description=HTML Text; nametemplate=%s.html
|
||||
</pre>in .muttrc<br><pre>auto_view text/html
|
||||
</pre><h1> smime</h1><pre>echo "source /usr/share/doc/mutt/samples/smime.rc" &gt;&gt; ~/.muttrc
|
||||
smime_keys init
|
||||
wget http://services.support.alcatel-lucent.com/PKI/rootCA.crt
|
||||
smime_keys add_root rootCA.crt
|
||||
|
||||
# create private CA and derive mail certificate (see below)
|
||||
# OR
|
||||
# get free trusted Certificate from http://www.comodo.com/home/email-security/free-email-certificate.php
|
||||
|
||||
smime_keys add_p12 mail.p12
|
||||
echo 'set smime_default_key="&lt;see output above&gt;"' &gt;&gt; ~/.muttrc
|
||||
|
||||
mutt
|
||||
# receive signed mail of crypto partner
|
||||
## CTRL-K
|
||||
#fix the ~/.smime/certificates/.index as extraction of complete chains does not work correctly as of today (31.01.2012) see Mutt #3559
|
||||
</pre><h2> Create own CA</h2><pre>mkdir ca
|
||||
openssl req -new -x509 -keyout ca/rooty.key -out ca/root.pem -days 9001
|
||||
openssl rsa -in ca/rooty.key &gt; ca/root.key
|
||||
rm ca/rooty.key
|
||||
cat &gt; root.cnf &lt;&lt;EOF
|
||||
[ ca ]
|
||||
default_ca = ca_default
|
||||
[ ca_default ]
|
||||
dir = ./ca
|
||||
certs = $dir
|
||||
new_certs_dir = $dir/ca.db.certs
|
||||
database = $dir/ca.db.index
|
||||
serial = $dir/ca.db.serial
|
||||
RANDFILE = $dir/ca.db.rand
|
||||
certificate = $dir/ca.crt
|
||||
private_key = $dir/ca.key
|
||||
default_days = 365
|
||||
default_crl_days = 30
|
||||
default_md = md5
|
||||
preserve = no
|
||||
policy = generic_policy
|
||||
[ generic_policy ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
EOF
|
||||
|
||||
echo '100001' &gt;ca/ca.db.serial
|
||||
touch ./ca/ca.db.index
|
||||
mkdir ./ca/ca.db.certs
|
||||
|
||||
openssl req -new -keyout mail.key -out mail.csr -days 9001
|
||||
openssl ca -config root.cnf -out mail.crt -infiles mail.csr
|
||||
openssl pkcs12 -export -inkey mail.key -certfile ca/root.crt -out mail.p12 -in mail.crt
|
||||
|
||||
smime_keys add_root ca/root.crt
|
||||
smime_keys add_cert ca/root.crt
|
||||
# add private certificate
|
||||
|
||||
</pre><br><h1> <a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="offlineimap" refresh="link" target="_blank" title="External link to null#offlineimap" href="null#offlineimap" class="externalLink null">offlineimap</a></h1></description>
|
||||
<link>null#mutt</link>
|
||||
<pubDate>Mon, 18 Nov 2013 21:28:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>swapdisk</title>
|
||||
<description><h1>create swap from file</h1><pre>truncate --size 8G /swapfile
|
||||
mkswap /swapfile
|
||||
swapon /swapon
|
||||
</pre><h2> /etc/fstab</h2><pre>echo "/swapfile none swap defaults 0 0" &gt;&gt; /etc/fstab
|
||||
</pre><h1>minimize swappiness</h1><pre>echo 0 &gt; /proc/sys/vm/swappiness
|
||||
</pre><br><h2> after reboot</h2>in <code>/etc/sysctl.conf</code><br><pre>vm.swappiness=1
|
||||
</pre></description>
|
||||
<link>null#swapdisk</link>
|
||||
<pubDate>Sun, 17 Nov 2013 23:30:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>MainMenu</title>
|
||||
<description><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="GettingStarted" refresh="link" target="_blank" title="External link to null#GettingStarted" href="null#GettingStarted" class="externalLink null">GettingStarted</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Security" refresh="link" target="_blank" title="External link to null#Security" href="null#Security" class="externalLink null">Security</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Hardware" refresh="link" target="_blank" title="External link to null#Hardware" href="null#Hardware" class="externalLink null">Hardware</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Programming" refresh="link" target="_blank" title="External link to null#Programming" href="null#Programming" class="externalLink null">Programming</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Hacking" refresh="link" target="_blank" title="External link to null#Hacking" href="null#Hacking" class="externalLink null">Hacking</a><br><h1> Misc</h1><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="TODO" refresh="link" target="_blank" title="External link to null#TODO" href="null#TODO" class="externalLink null">TODO</a><br><a tiddlyfields="server.type:&quot;file&quot; server.host:&quot;file:///home/makefu/Downloads/knowledge_base.html&quot;" tiddlylink="Fun" refresh="link" target="_blank" title="External link to null#Fun" href="null#Fun" class="externalLink null">Fun</a><br><a target="_blank" title="External link to /wiki/knowledge_base.xml" href="/wiki/knowledge_base.xml" class="externalLink">RSS of this Blog</a><br></description>
|
||||
<link>null#MainMenu</link>
|
||||
<pubDate>Thu, 07 Nov 2013 14:12:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>VPN</title>
|
||||
<description><h1> Default route via SSH</h1>see more <a target="_blank" title="External link to https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling" href="https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling" class="externalLink">https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling</a><br><h2> using pvpn</h2><h3> prepreqs</h3><pre>GNU/Linux
|
||||
OpenSSH
|
||||
pppd
|
||||
bash
|
||||
iproute2
|
||||
dnsutils (dig(1))
|
||||
asciidoc
|
||||
(make)
|
||||
(binutils)
|
||||
</pre><br><h3> server side</h3><pre>echo "PermitTunnel yes" &gt;&gt; /etc/ssh/sshd_config
|
||||
# deploy client pubkey for root
|
||||
echo "PermitRootLogin without-password" &gt;&gt; /etc/ssh/sshd_config
|
||||
echo "net.ipv4.ip_forward=1" &gt;&gt; /etc/sysctl.conf
|
||||
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" &gt;&gt; /etc/rc.local
|
||||
</pre><h3> client side</h3><pre>yaourt -S pvpn
|
||||
ssh-copy-id root@host
|
||||
pvpn -t ssh-3 root@host default
|
||||
</pre></description>
|
||||
<link>null#VPN</link>
|
||||
<pubDate>Tue, 22 Oct 2013 22:28:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>systemd</title>
|
||||
<description><h1> run shit in tmux</h1>in <code>/etc/systemd/system/start-shit.service</code><br><pre>[Unit]
|
||||
Description=start shit
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
KillMode=none
|
||||
User=root
|
||||
ExecStart=/usr/bin/tmux new-session -s %u -d '&lt;my cool script&gt;'
|
||||
ExecStop=/usr/bin/tmux kill-session -t %u
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
</pre><h1> call rc.local</h1>in <code>/etc/systemd/system/rc-local.service</code><br><pre>[Unit]
|
||||
Description=/etc/rc.local Compatibility
|
||||
ConditionPathExists=/etc/rc.local
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/rc.local start
|
||||
StandardOutput=tty
|
||||
RemainAfterExit=yes
|
||||
SysVStartPriority=99
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
</pre></description>
|
||||
<link>null#systemd</link>
|
||||
<pubDate>Tue, 22 Oct 2013 22:22:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
<item>
|
||||
<title>File Systems</title>
|
||||
<description><h1> umount</h1><pre>fuser -amuv /path/to/mount
|
||||
kill dat-shit
|
||||
</pre><h1> umount nfs</h1><pre>umount -l /path/to/nfs
|
||||
</pre></description>
|
||||
<link>null#%5B%5BFile%20Systems%5D%5D</link>
|
||||
<pubDate>Tue, 22 Oct 2013 17:37:00 GMT</pubDate>
|
||||
|
||||
</item>
|
||||
</channel>
|
||||
</rss>
|
||||
1
content/wiki/knowledge_base.xml
Symbolic link
1
content/wiki/knowledge_base.xml
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
/home/autosync/autosync/wiki/private/knowledge_base.xml
|
||||
Loading…
Reference in a new issue