250 lines
7.0 KiB
Plaintext
250 lines
7.0 KiB
Plaintext
|
Enter today's date in ISO format:
|
||
|
$ date -I
|
||
|
To include seconds:
|
||
|
$ date -Is
|
||
|
|
||
|
Ping scan subnet (find a Raspberry Pi):
|
||
|
$ nmap -sn 192.168.0.0/24
|
||
|
Port 22 scan subnet:
|
||
|
$ nmap -sS -p 22 192.168.10.0/24
|
||
|
- run as root to get device names
|
||
|
|
||
|
To SCP with spaces in path, escape the spaces and surround the whole arg with quotes.
|
||
|
|
||
|
Serial Terminal:
|
||
|
Minicom /dev/ttyACM0 115200 8N1 w/ Hardware flow control: yes works.
|
||
|
If not, send Break (ctrl-a F).
|
||
|
To enable on server side (systemd):
|
||
|
$ systemctl enable serial-getty@ttyS0.service
|
||
|
$ systemctl start serial-getty@ttyS0.service
|
||
|
|
||
|
How to list wifi networks:
|
||
|
$ sudo iw dev wlp58s0 scan
|
||
|
|
||
|
Show top 10 edited files in git repo:
|
||
|
$ git log --pretty=format: --name-only | sort | uniq -c | sort -rg | head -10
|
||
|
|
||
|
Recursively hash directory, then hash result:
|
||
|
$ md5deep -rl . | sort | md5sum
|
||
|
|
||
|
Redirect stderr to stdout and pipe: |&
|
||
|
Redirect stderr to stdout: 2>&1 (do it after)
|
||
|
|
||
|
Copy torrent but use hardlinks instead:
|
||
|
$ cp -al source dest
|
||
|
|
||
|
Byobu tmux toggle function keys:
|
||
|
Shift + F12
|
||
|
- do this if Alt+Arrow is letters
|
||
|
|
||
|
Get rid of extra byobu sessions:
|
||
|
$ tmux ls | grep ^_ | cut -f1 "-d:" | xargs -t -L1 -r tmux kill-session -t
|
||
|
|
||
|
Make a PDF look scanned:
|
||
|
$ convert "$1" -alpha Off -density 150 -colorspace gray -blur 0.5x0.5 -rotate 0.4 -level 40%,60% "scanned-$1"
|
||
|
|
||
|
Insert last arg: alt+.
|
||
|
Insert 2nd last arg: alt+_ alt+.
|
||
|
Insert 3rd last arg: alt+_ 2 alt+.
|
||
|
|
||
|
SSH reverse tunnel router admin:
|
||
|
$ ssh -L 2222:192.168.0.1:80 user@10.9.0.3
|
||
|
- open localhost:2222 in browser
|
||
|
|
||
|
Select a display over ssh:
|
||
|
$ export DISPLAY=:1
|
||
|
|
||
|
Spawn new shell with group assignments:
|
||
|
$ exec su -l $USER
|
||
|
|
||
|
xargs:
|
||
|
- converts stdin to arguments for commands that dont accept stdin
|
||
|
- used with echo, compacts a list to one line
|
||
|
- see each command xargs runs: --verbose
|
||
|
- dont run if stdin is empty: -r
|
||
|
- run command once per line: -L1
|
||
|
- convert stdin to argument:
|
||
|
$ echo 'foo' | xargs mkdir
|
||
|
- convert list to one line:
|
||
|
$ cat foo.txt | xargs echo
|
||
|
- run a command for each line:
|
||
|
$ cat foo.txt | xargs -L0 --verbose echo
|
||
|
|
||
|
|
||
|
Systemd
|
||
|
=======
|
||
|
|
||
|
Journalctl
|
||
|
----------
|
||
|
|
||
|
Examples:
|
||
|
$ journalctl --utc
|
||
|
$ journalctl -b # display logs since boot
|
||
|
$ journalctl --since "2015-01-10" --until "2015-01-11 03:00"
|
||
|
$ journalctl --since 09:00 --until "1 hour ago"
|
||
|
$ journalctl -u nginx.service -u php-fpm.service --since today
|
||
|
|
||
|
|
||
|
Bash scripting
|
||
|
==============
|
||
|
|
||
|
Always quote variables when you use them.
|
||
|
Run set -eu to crash when on errors and when using unset variables.
|
||
|
Use basedir to just get filename.
|
||
|
|
||
|
Gpg sign, encrypt, and armour:
|
||
|
gpg -sear [NAME]
|
||
|
|
||
|
Get window's handle with xdotool:
|
||
|
xdotool search --name "Google Play"
|
||
|
|
||
|
Get window's position and size with xdotool:
|
||
|
xdotool getwindowgeometry 44047673
|
||
|
Subtract 10 from the Y position, and 82 from the Y
|
||
|
|
||
|
|
||
|
Keyboard Shortcuts
|
||
|
==================
|
||
|
|
||
|
Focus Keepass, Super+Z: bash /home/tanner/scripts/focuskeepass.sh
|
||
|
Arrange Desktop, Super+X: /home/tanner/scripts/arrangedesktop.sh
|
||
|
Home Controller: Super+C: /home/tanner/scripts/homecontroller.sh
|
||
|
Toggle light 0, Super+1: /home/tanner/scripts/homecontroller.sh 0
|
||
|
Open terminal, Super+T: xfce4-terminal
|
||
|
Rofi, Super+`: rofi -combi-modi window,run -show combi -normal-window
|
||
|
|
||
|
** set "switch windows" to alt-tab to make it normal
|
||
|
|
||
|
Make right alt normal:
|
||
|
- tweak tool > keyboard & mouse > Additional Layout Options button
|
||
|
- expand "Key to choose 3rd level"
|
||
|
- deselect Right Alt
|
||
|
|
||
|
|
||
|
Nginx
|
||
|
=====
|
||
|
|
||
|
Log rotate /etc/logrotate.d/nginx:
|
||
|
size 100M
|
||
|
missingok
|
||
|
rotate 20
|
||
|
compress
|
||
|
delaycompress
|
||
|
notifempty
|
||
|
create 0640 www-data adm
|
||
|
|
||
|
Logging /etc/nginx/nginx.conf:
|
||
|
# Make sure to copy the GeoIP files!
|
||
|
geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||
|
geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||
|
log_format tannersformat '[$time_iso8601] $remote_addr ($geoip_city, $geoip_country_code) $request_method "$server_name$request_uri" $status "$http_referer" "$http_user_agent"';
|
||
|
access_log /var/log/nginx/access.log tannersformat;
|
||
|
error_log /var/log/nginx/error.log;
|
||
|
|
||
|
$ wget https://t0.vc/f/GeoIPCity.dat
|
||
|
$ sudo mv GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat
|
||
|
|
||
|
|
||
|
OpenVPN
|
||
|
=======
|
||
|
|
||
|
Setup:
|
||
|
$ sudo su root
|
||
|
- follow steps here:
|
||
|
- https://wiki.debian.org/OpenVPN#TLS-enabled_VPN
|
||
|
- skip editing vars
|
||
|
- add random data to /etc/openvpn/easy-rsa/pki/.rnd to get rid of error messages
|
||
|
- use the # ./easyrsa [command] methods
|
||
|
- encrypt CA with password
|
||
|
- build the optional intermediate CA
|
||
|
- https://wiki.debian.org/OpenVPN#Static-Key_VPN
|
||
|
- improves security
|
||
|
- set auth SHA256
|
||
|
- save config file to /etc/openvpn/server.conf
|
||
|
- * set root's shell back to /bin/false *
|
||
|
|
||
|
Static IP:
|
||
|
- create a client (ie. "mediaserver") with easyrsa
|
||
|
$ mkdir /etc/openvpn/ccd
|
||
|
- edit /etc/openvpn/ccd/mediaserver:
|
||
|
ifconfig-push 10.8.0.100 255.255.255.0
|
||
|
- edit /etc/openvpn/server.conf:
|
||
|
client-config-dir /etc/openvpn/ccd
|
||
|
|
||
|
Routing / port forward:
|
||
|
- edit /etc/sysctl.conf:
|
||
|
net.ipv4.ip_forward=1
|
||
|
- edit /etc/default/ufw:
|
||
|
DEFAULT_FORWARD_POLICY="ACCEPT"
|
||
|
- edit /etc/ufw/before.rules at the top:
|
||
|
*nat
|
||
|
:POSTROUTING ACCEPT [0:0]
|
||
|
# ssh port forwarding
|
||
|
-A PREROUTING -d 159.203.223.101 -p tcp --dport 43655 -j DNAT --to-dest 10.8.0.100:43655
|
||
|
-A POSTROUTING -d 10.8.0.100 -p tcp --dport 43655 -j SNAT --to-source 10.8.0.1
|
||
|
# Allow traffic from OpenVPN client to eth0
|
||
|
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
|
||
|
COMMIT
|
||
|
$ sudo ufw disable && sudo ufw enable
|
||
|
$ sudo sysctl net.ipv4.ip_forward=1
|
||
|
- source: https://gist.github.com/kimus/9315140
|
||
|
|
||
|
Systemd fix:
|
||
|
- ensure config file is at /etc/openvpn/server.conf
|
||
|
$ sudo systemctl start openvpn@server
|
||
|
$ sudo systemctl enable openvpn@client
|
||
|
$ sudo systemctl daemon-reload
|
||
|
$ sudo service openvpn restart
|
||
|
- verify stop / start with ps aux | grep openvpn
|
||
|
- do same for "client"
|
||
|
- source: https://ubuntu.com/server/docs/service-openvpn
|
||
|
|
||
|
Systemd client:
|
||
|
$ sudo mv vpn2-client.ovpn /etc/openvpn/client.conf
|
||
|
$ sudo chown root:root /etc/openvpn/client.conf
|
||
|
$ sudo chmod 600 /etc/openvpn/client.conf
|
||
|
- if there's a password:
|
||
|
$ sudo -E vim /etc/openvpn/auth.txt
|
||
|
$ sudo chmod 600 /etc/openvpn/auth.txt
|
||
|
- add password to file
|
||
|
- add "askpass /etc/openvpn/auth.txt" to config file
|
||
|
- set up systemd:
|
||
|
$ sudo systemctl start openvpn@client
|
||
|
$ sudo systemctl enable openvpn@client
|
||
|
$ sudo systemctl daemon-reload
|
||
|
$ sudo service openvpn restart
|
||
|
|
||
|
Disable routing traffic over VPN:
|
||
|
- remove all "redirect-gateway" lines in client config
|
||
|
|
||
|
Gnome client:
|
||
|
- vpn settings, add
|
||
|
- import from file, select vpn2-client.ovpn
|
||
|
- add missing private key from /home/tanner/.cert/nm-openvpn/
|
||
|
- add password gush-tilt-shine-chute-pace-gecko
|
||
|
|
||
|
|
||
|
New Desktop
|
||
|
-----------
|
||
|
|
||
|
$ sudo apt install git tree htop byobu unattended-upgrades curl axel man-db vim vim-gtk netcat xfce4-terminal firefox chromium keepassxc mpv network-manager-openvpn-gnome bash-completion xdotool mlocate ncdu
|
||
|
$ sudo apt remove firefox-esr
|
||
|
- set up home directory...
|
||
|
|
||
|
Firefox extentions:
|
||
|
- Cookie AutoDelete
|
||
|
- Decentraleyes
|
||
|
- HTTPS Everywhere
|
||
|
- I dont care about cookies
|
||
|
- New Tab Override
|
||
|
- NoScript
|
||
|
- Privacy Badger
|
||
|
- SponsorBlock
|
||
|
- uBlock Origin
|
||
|
|
||
|
Fix popping after audio stops (disable audio power save):
|
||
|
$ sudo bash -c 'echo 0 > /sys/module/snd_hda_intel/parameters/power_save'
|
||
|
- to persist append to /etc/modprobe.d/audio_disable_powersave.conf:
|
||
|
options snd_hda_intel power_save=0
|
||
|
|