You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
249 lines
7.0 KiB
249 lines
7.0 KiB
Enter today's date in ISO format: |
|
$ date -I |
|
To include seconds: |
|
$ date -Is |
|
|
|
Ping scan subnet (find a Raspberry Pi): |
|
$ nmap -sn 192.168.0.0/24 |
|
Port 22 scan subnet: |
|
$ nmap -sS -p 22 192.168.10.0/24 |
|
- run as root to get device names |
|
|
|
To SCP with spaces in path, escape the spaces and surround the whole arg with quotes. |
|
|
|
Serial Terminal: |
|
Minicom /dev/ttyACM0 115200 8N1 w/ Hardware flow control: yes works. |
|
If not, send Break (ctrl-a F). |
|
To enable on server side (systemd): |
|
$ systemctl enable serial-getty@ttyS0.service |
|
$ systemctl start serial-getty@ttyS0.service |
|
|
|
How to list wifi networks: |
|
$ sudo iw dev wlp58s0 scan |
|
|
|
Show top 10 edited files in git repo: |
|
$ git log --pretty=format: --name-only | sort | uniq -c | sort -rg | head -10 |
|
|
|
Recursively hash directory, then hash result: |
|
$ md5deep -rl . | sort | md5sum |
|
|
|
Redirect stderr to stdout and pipe: |& |
|
Redirect stderr to stdout: 2>&1 (do it after) |
|
|
|
Copy torrent but use hardlinks instead: |
|
$ cp -al source dest |
|
|
|
Byobu tmux toggle function keys: |
|
Shift + F12 |
|
- do this if Alt+Arrow is letters |
|
|
|
Get rid of extra byobu sessions: |
|
$ tmux ls | grep ^_ | cut -f1 "-d:" | xargs -t -L1 -r tmux kill-session -t |
|
|
|
Make a PDF look scanned: |
|
$ convert "$1" -alpha Off -density 150 -colorspace gray -blur 0.5x0.5 -rotate 0.4 -level 40%,60% "scanned-$1" |
|
|
|
Insert last arg: alt+. |
|
Insert 2nd last arg: alt+_ alt+. |
|
Insert 3rd last arg: alt+_ 2 alt+. |
|
|
|
SSH reverse tunnel router admin: |
|
$ ssh -L 2222:192.168.0.1:80 user@10.9.0.3 |
|
- open localhost:2222 in browser |
|
|
|
Select a display over ssh: |
|
$ export DISPLAY=:1 |
|
|
|
Spawn new shell with group assignments: |
|
$ exec su -l $USER |
|
|
|
xargs: |
|
- converts stdin to arguments for commands that dont accept stdin |
|
- used with echo, compacts a list to one line |
|
- see each command xargs runs: --verbose |
|
- dont run if stdin is empty: -r |
|
- run command once per line: -L1 |
|
- convert stdin to argument: |
|
$ echo 'foo' | xargs mkdir |
|
- convert list to one line: |
|
$ cat foo.txt | xargs echo |
|
- run a command for each line: |
|
$ cat foo.txt | xargs -L0 --verbose echo |
|
|
|
|
|
Systemd |
|
======= |
|
|
|
Journalctl |
|
---------- |
|
|
|
Examples: |
|
$ journalctl --utc |
|
$ journalctl -b # display logs since boot |
|
$ journalctl --since "2015-01-10" --until "2015-01-11 03:00" |
|
$ journalctl --since 09:00 --until "1 hour ago" |
|
$ journalctl -u nginx.service -u php-fpm.service --since today |
|
|
|
|
|
Bash scripting |
|
============== |
|
|
|
Always quote variables when you use them. |
|
Run set -eu to crash when on errors and when using unset variables. |
|
Use basedir to just get filename. |
|
|
|
Gpg sign, encrypt, and armour: |
|
gpg -sear [NAME] |
|
|
|
Get window's handle with xdotool: |
|
xdotool search --name "Google Play" |
|
|
|
Get window's position and size with xdotool: |
|
xdotool getwindowgeometry 44047673 |
|
Subtract 10 from the Y position, and 82 from the Y |
|
|
|
|
|
Keyboard Shortcuts |
|
================== |
|
|
|
Focus Keepass, Super+Z: bash /home/tanner/scripts/focuskeepass.sh |
|
Arrange Desktop, Super+X: /home/tanner/scripts/arrangedesktop.sh |
|
Home Controller: Super+C: /home/tanner/scripts/homecontroller.sh |
|
Toggle light 0, Super+1: /home/tanner/scripts/homecontroller.sh 0 |
|
Open terminal, Super+T: xfce4-terminal |
|
Rofi, Super+`: rofi -combi-modi window,run -show combi -normal-window |
|
|
|
** set "switch windows" to alt-tab to make it normal |
|
|
|
Make right alt normal: |
|
- tweak tool > keyboard & mouse > Additional Layout Options button |
|
- expand "Key to choose 3rd level" |
|
- deselect Right Alt |
|
|
|
|
|
Nginx |
|
===== |
|
|
|
Log rotate /etc/logrotate.d/nginx: |
|
size 100M |
|
missingok |
|
rotate 20 |
|
compress |
|
delaycompress |
|
notifempty |
|
create 0640 www-data adm |
|
|
|
Logging /etc/nginx/nginx.conf: |
|
# Make sure to copy the GeoIP files! |
|
geoip_country /usr/share/GeoIP/GeoIP.dat; |
|
geoip_city /usr/share/GeoIP/GeoIPCity.dat; |
|
log_format tannersformat '[$time_iso8601] $remote_addr ($geoip_city, $geoip_country_code) $request_method "$server_name$request_uri" $status "$http_referer" "$http_user_agent"'; |
|
access_log /var/log/nginx/access.log tannersformat; |
|
error_log /var/log/nginx/error.log; |
|
|
|
$ wget https://t0.vc/f/GeoIPCity.dat |
|
$ sudo mv GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat |
|
|
|
|
|
OpenVPN |
|
======= |
|
|
|
Setup: |
|
$ sudo su root |
|
- follow steps here: |
|
- https://wiki.debian.org/OpenVPN#TLS-enabled_VPN |
|
- skip editing vars |
|
- add random data to /etc/openvpn/easy-rsa/pki/.rnd to get rid of error messages |
|
- use the # ./easyrsa [command] methods |
|
- encrypt CA with password |
|
- build the optional intermediate CA |
|
- https://wiki.debian.org/OpenVPN#Static-Key_VPN |
|
- improves security |
|
- set auth SHA256 |
|
- save config file to /etc/openvpn/server.conf |
|
- * set root's shell back to /bin/false * |
|
|
|
Static IP: |
|
- create a client (ie. "mediaserver") with easyrsa |
|
$ mkdir /etc/openvpn/ccd |
|
- edit /etc/openvpn/ccd/mediaserver: |
|
ifconfig-push 10.8.0.100 255.255.255.0 |
|
- edit /etc/openvpn/server.conf: |
|
client-config-dir /etc/openvpn/ccd |
|
|
|
Routing / port forward: |
|
- edit /etc/sysctl.conf: |
|
net.ipv4.ip_forward=1 |
|
- edit /etc/default/ufw: |
|
DEFAULT_FORWARD_POLICY="ACCEPT" |
|
- edit /etc/ufw/before.rules at the top: |
|
*nat |
|
:POSTROUTING ACCEPT [0:0] |
|
# ssh port forwarding |
|
-A PREROUTING -d 159.203.223.101 -p tcp --dport 43655 -j DNAT --to-dest 10.8.0.100:43655 |
|
-A POSTROUTING -d 10.8.0.100 -p tcp --dport 43655 -j SNAT --to-source 10.8.0.1 |
|
# Allow traffic from OpenVPN client to eth0 |
|
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE |
|
COMMIT |
|
$ sudo ufw disable && sudo ufw enable |
|
$ sudo sysctl net.ipv4.ip_forward=1 |
|
- source: https://gist.github.com/kimus/9315140 |
|
|
|
Systemd fix: |
|
- ensure config file is at /etc/openvpn/server.conf |
|
$ sudo systemctl start openvpn@server |
|
$ sudo systemctl enable openvpn@client |
|
$ sudo systemctl daemon-reload |
|
$ sudo service openvpn restart |
|
- verify stop / start with ps aux | grep openvpn |
|
- do same for "client" |
|
- source: https://ubuntu.com/server/docs/service-openvpn |
|
|
|
Systemd client: |
|
$ sudo mv vpn2-client.ovpn /etc/openvpn/client.conf |
|
$ sudo chown root:root /etc/openvpn/client.conf |
|
$ sudo chmod 600 /etc/openvpn/client.conf |
|
- if there's a password: |
|
$ sudo -E vim /etc/openvpn/auth.txt |
|
$ sudo chmod 600 /etc/openvpn/auth.txt |
|
- add password to file |
|
- add "askpass /etc/openvpn/auth.txt" to config file |
|
- set up systemd: |
|
$ sudo systemctl start openvpn@client |
|
$ sudo systemctl enable openvpn@client |
|
$ sudo systemctl daemon-reload |
|
$ sudo service openvpn restart |
|
|
|
Disable routing traffic over VPN: |
|
- remove all "redirect-gateway" lines in client config |
|
|
|
Gnome client: |
|
- vpn settings, add |
|
- import from file, select vpn2-client.ovpn |
|
- add missing private key from /home/tanner/.cert/nm-openvpn/ |
|
- add password gush-tilt-shine-chute-pace-gecko |
|
|
|
|
|
New Desktop |
|
----------- |
|
|
|
$ sudo apt install git tree htop byobu unattended-upgrades curl axel man-db vim vim-gtk netcat xfce4-terminal firefox chromium keepassxc mpv network-manager-openvpn-gnome bash-completion xdotool mlocate ncdu |
|
$ sudo apt remove firefox-esr |
|
- set up home directory... |
|
|
|
Firefox extentions: |
|
- Cookie AutoDelete |
|
- Decentraleyes |
|
- HTTPS Everywhere |
|
- I dont care about cookies |
|
- New Tab Override |
|
- NoScript |
|
- Privacy Badger |
|
- SponsorBlock |
|
- uBlock Origin |
|
|
|
Fix popping after audio stops (disable audio power save): |
|
$ sudo bash -c 'echo 0 > /sys/module/snd_hda_intel/parameters/power_save' |
|
- to persist append to /etc/modprobe.d/audio_disable_powersave.conf: |
|
options snd_hda_intel power_save=0 |
|
|
|
|