SysAdmin Stuff | Linux | Network | Security| ittavern.com
| Home on ITTAVERN.COM
| Home on ITTAVERN.COM
| Home on ITTAVERN.COM
| Home on ITTAVERN.COM
| Home on ITTAVERN.COM
SysAdmin Stuff | Linux | Network | Security| ittavern.com
SysAdmin Stuff | Linux | Network | Security| ittavern.com
In this blog post, I'll focus on the basics of netcat. More advanced options and scenarios will follow in separate posts at some point. Netcat is available on almost any Linux host and is easy to use. It is an excellent tool for troubleshooting network issues or gathering information and a great addition to any tool portfolio. Basics of netcat # Netcat and nc can be used interchangeably. I've decided to use nc for this blog post. On RHEL, it is often called ncat and part of the nmap packet. T...| ITTavern.com
Curl is a powerful tool that is mainly used to transfer data. It has way more functions, but I won't be able to cover everything. This blog post is mainly a reference for later use and not a step-by-step guide. Therefore I won't cover everything in depth. Most of it should work on other operating systems too, but I'll use Linux as reference. I'll keep this page up-to-date and add more topics in the future. General # Side note: put the URL into single or double quotes if it contains special ch...| ITTavern.com
Disclaimer Scripts are not run in a sandbox and thus could accidentally or maliciously damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or h| ITTavern.com
SysAdmin Stuff | Linux | Network | Security| ittavern.com
iperf3 is available for all kinds of operating systems. The download page is on their official homepage. I'll use Linux as a reference for the server and client. Basic usage iperf3 is a tool to measure the throughput between hosts in a network and can test TCP, UDP, and SCPT, whereby TCP is the default. iperf3 must be installed and active on two hosts in which one host acts as a server and the other one as a client. By default, you measure the upload from the client to the server, but you can...| ITTavern.com
Just as a heads-up, this is going to be a quick reference guide for the use of the ICMP echo request - or better known as PING. I have to look up some options multiple times a week, so I thought it is beneficial to write it up in a post like this. I might add more options at some point, but those are the most important ones in my experience. In a nutshell: ICMP echo requests can be used to check the reachability of two hosts on layer 3. This is indispensable in any troubleshooting session if ...| ITTavern.com
Side note: Using a secondary network interface is recommended since the following commands could make a remote machine unreachable. This a blog post about the basics of netem and tc on how to modify the outgoing traffic. You could modify the incoming traffic with an Intermediate Functional Block pseudo-device in Linux, but I am not too familiar with it and is out of scope for now. Reasons to simulate an unreliable network connection # There are various reasons why you want to modify the traff...| ITTavern.com
What is a rogue DHCP server # A rogue DHCP server is an unauthorized DHCP server that distributes knowingly or unknowingly wrong or malicious information to clients that send DHCP discover packets wit| ITTavern.com
The bash command history shows the previously used commands. By default, the history is saved in memory per session and can be saved to a file for later sessions. We will explore ways to show, search and modify the history in this blog post. I use RHEL and Debian-based Linux distributions and bash in this blog post as a reference. Configuration # I want to start with ways to configure the behavior of the bash history. The configuration of the history can be changed in the bash startup file. T...| ITTavern.com
Screen is a terminal multiplexer and has a wide feature set. It allows you to split your terminal window into multiple windows (split screen feature), detach sessions to let commands run in the background, connect to a device via serial interface, and many more. Screen sessions keep running even if you disconnect, which is especially great for unreliable connections. There are more advanced use cases, but we will focus on the basics. Basics # You can have multiple sessions within the screen a...| ITTavern.com
Power over Ethernet - or short 'PoE' - allows you to supply DC power for another device over the ethernet network cable. The most common Power Source Equipment (PSE) types are switches and routers (endspan), but you could just as well put a PoE-injector (midspan) between a standard switch and the Powered Device (PD). Especially in corporate environments, PoE devices are growing in popularity, and just to list some examples of PDs: VoIP hardware, wireless access points, access control terminal...| ITTavern.com
I was curious about what the difference between RSS and Atom was. This blog post is a small primer to RSS and Atom feeds and describes the differences between both. I've linked links to the technical specification at the end of this post. General RSS (Really Simple Syndication) and Atom are often used interchangeably, and most feed readers can process both formats. Both use an open dialect of XML, which is computer-readable and allows feed-/RSS-/Atom readers to subscribe to a feed and pull ne...| ITTavern.com
I won't go into specific cases in this blog post. This is a general guide on how to gather the necessary information that will help you to get your problem fixed. In this post, I'll use a Linux client| ITTavern.com
SysAdmin Stuff | Linux | Network | Security| ittavern.com
There a multiple use cases to run a script on login. Configuration, starting services, logging, sending a notification, and so on. I want to show you different ways to do so. Example script The examp| ITTavern.com
Goal - removing target without data loss Unplugging or unmount -l (lazy unmount) can cause data loss. I want to share a way o avoid data loss. Side note: unmount -l will let you unmount the device, but as far as I know only 'hides' the mountpoint, and active processes can still write on said device. The problem Error unmounting /dev/sdc1: target is busy So, there are now different ways to unmount the target safely. Side note: the most common case is that you are still in a directory of said t...| ITTavern.com
To make it quick, I wish I had known about port forwarding and tunneling earlier. With this blog post, I try to understand it better myself and share some experiences and tips with you. Topics: use ca| ITTavern.com
The goal of this post This post is a quick reference for using the display filters in Wireshark. The display filter is used to filter a packet capture file or live traffic, and it is essential to know| ITTavern.com
What is this about? Let me start with; there is no perfect security. Your goal is to make it as difficult as possible to 'break in', so it is simply not worth it. There is a balance between security a| ITTavern.com
Side note: This is not an ad, and there are no affiliate links. Just a show case of my current EDC kit for professional and private use. What is an EDC kit? EDC stands for 'Every Day Carry'. It is - as the name implies - a kit that you bring with you every day. As someone who likes to watch EDC kit show cases or read blog posts about EDCs, there is an unlimited range of use cases, tools, sizes, combinations, and so on. I recently bought a new bag and switched out various tools, so I thought i...| ITTavern.com
Table of content 1 - Cats 2 - Robot 3 - Donut 4 - Dackel 5 - Poster 6 - Citylife 7 - Dolphin 8 - Light 9 - Monster 10 - Cyberpunk Technical write-up What is this all about? We were curious about how much variance the AI has. So, what would be the results if we were to request 100 images with the same prompt? - I won't review the results and rather just present the results to you. These prompts are a result of a quick brain storming. If you have suggestions, please let me know. I might create ...| ITTavern.com
Disclaimer: Please read the whole post before you start. This will help you avoid a lock-out Generating a secure key pair SSH keys use asymmetric cryptographic algorithms that generate a pair of se| ITTavern.com
There are many ways to support your favorite open-source project. Even though code contributions are the most obvious method, not everyone - including me - can do so. I just want to share some ideas, on how someone can support the open-source space. Coding As mentioned before, the most obvious contribution to an open-source project might be to code yourself. This can be a small bug fix, a new feature, or even becoming a maintainer of the whole project, depending on your time and capabilities....| ITTavern.com
Disclaimer: Only scan networks you have permission for. Many VPS providers do not allow the scanning of other networks and can cause you trouble. Please be aware of it. Installation I won't cover the| ITTavern.com
Important disclaimer: This solution is not secure! - It is fine for a quick and temporary solution for your local network, but it is not a secure solution for important ressources that are available over the internet. As a side note: without TLS (HTTPs), the credentials will be sent in plain text, and are easily accessable. Creating the user Even though you could do it per hand, it is recommended to use the Apache utility to create the user. The package needed is called apache2-utils for Debi...| ITTavern.com
Disclaimer: There are more meaningful, and more advanced solutions to test your security solutions, but for a quick, simple, and riskless test, the upcoming test files are more than enough. EICAR test file The most common test file to test said solutions is the EICAR Anti-Virus Test File. The European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO) developed the test file, and is in the end a simple text file with a plain string of ASCII c...| ITTavern.com
It can frustrate to work on complex commands in the terminal. I'll present you some tips on how to manage them. If you have another tip, I'd appreciate a quick message. Use backslash\ to add a line break This is fairly simple. Having one or multiple long lines with no structure can be messy and confusing. By adding \ for a line break adds more structure. A really simple example: podman run -d --restart=always -p 127.0.0.1:3001:3001 -v /path/data:/app/data --name status.brrl.net docker.io/loui...| ITTavern.com
There are a bunch of programs out there, that can get you connected to a serial port of a switch, but using screen was the best and easiest solution I've found. Works perfectly in the CLI, can be run in the background, and easy to set up - if it is not already installed. It worked with various combinations of serial-to-usb-cables, Cisco switches, and Linux machines. Let us start with the command itself: sudo screen /dev/ttyUSB0 9600sudo screen - run screen as sudo /dev/ttyUSB0 - the tty numbe...| ITTavern.com
There are good reasons to expose a port of a docker container only to the localhost of the host machine. Security reasons or the use of a reverse proxy are only 2 of them (please don't ask for more). And it is fairly easy. It is a simple modification to the argument of the -p flag while when running podman run: podman run -d -p 8080:80/tcp docker.io/library/httpd From the manual: -p, --publish strings Publish a container's port, or a range of ports, to the host (default []) This is a quick ex...| ITTavern.com
Formatting MAC addresses Cisco seems to require a different format for every solution they have. I use this almost daily, so change the format of one or multiple MAC addresses. Input: aa-aa-aa-bb-bb-bb Output: aaaaaabbbbbb AAAAAABBBBBB aa-aa-aa-bb-bb-bb AA-AA-AA-BB-BB-BB aa:aa:aa:bb:bb:bb AA:AA:AA:BB:BB:BB aaaa.aabb.bbbb AAAA.AABB.BBBB Try it yourself Tipp: the easiest way to change the format of multiple formats, is to choose the desired format, input 1 MAC address per line, and remove the e...| ITTavern.com
Restarting the tmux server every time you change the configuration is tedious and unnecessary. From the shell:tmux source-file ~/.tmux.confAs a tmux command:Prefix + :source-file ~/.tmux.confJust in case: the default prefix is CTRL + bThose methods reload the tmux configuration without affection the sessions or windows. Info: some changes still require a restart of the tmux server. If you were to remove a key bind, you would need to restart the tmux server or explicitly unbind the key. The se...| ITTavern.com
Temporary or permanent redirect First you have to decide whether the redirect will be permanent (301), or just temporary (302). If you are uncertain, just pick temporary and switch later. Use cases from my understanding: Permanent 301 redirects:switching to another domainmerging multiple domainsswitching from HTTP to HTTPsbetter SEO experienceTemporary 302 redirect:testing (A/B testing, etc)single redirects to another domainredirect to a maintenance pageredirect traffic for load balancingBoth...| ITTavern.com
Tmux is a terminal multiplexer. It allows you to work with multiple terminal sessions at once. Installation It is easy to install, and there are many guides already out there, so I won't cover it in this blog post. Tmux terminology So, let us start with the basics. tmux server (programm) > session > window > pane The tmux server starts after running tmux. You can work on the attached sessions or detach them so they run in the background. Every server can have multiple sessions, every session ...| ITTavern.com
So, you've got a tmux window with 10 panes, and you want to clear the panes, switch to a different directory, stop multiple process, and so on. There is a simple way to do it: Prefix + :set synchronize-panes on Just in case: the default prefix is CTRL + b. The input of all panes within a window will be synchronized until you turn it off again: Prefix + :set synchronize-panes off Create keybinding If you need this function often, you could create a simple keybind for it. For examples, if you w...| ITTavern.com
Sometimes you just need your public IP, and nothing more. A simple config change in nginx can offer you exactly this. Add the following location segment to the server segment of your choice. You could replace /ip with another term. location /ip { default_type text/plain; return 200 $remote_addr;} Now, if you visit the destination of the server segment with the subdirectory /ip, you'll find your IP. Try it out and visit https://brrl.net/ip. The neat part is that it works well in the CLI too:cu...| ITTavern.com
So, since I am too stupid to remove empty lines easily, I present to you my overcomplicated solution. Search for the Find / Replace in the operations and replace ^(?:[\t ]*(?:\r?\n|\r))+ with nothing.| ITTavern.com
There is no trash can for the Linux CLI. rm removes the data permanently, and there is practically no way of recovering deleted files reliably. trash-cli fills this role and lets you 'trash' files and| ITTavern.com
There are various implementations. I am using nmap-ncat on rockOS 8 on both hosts. Netcat's using TCP by default and this test is not limited by disk I/O from what I understood. That said, it is not| ITTavern.com
rsync is a CLI tool that covers various use cases. Transfering data, creating backups or archives, mirroring data sets, integrity checks, and many more. Reference for this article: rsync version 3.2.| ITTavern.com
In this article, I'll use Ubuntu 22.04 (Debian-derivative) and rockyOS 9.2 (RHEL-derivative) as references. If it is not mentioned, commands are the same for both systems. Basics # Cron jobs are sched| ITTavern.com
Port knocking is like a secret handshake or magic word between client and server. It can be used in various ways, but most commonly as a security feature to deny all contact to a specific service - li| ITTavern.com
Rclone is an open-source cross-platform data synchronization application focusing on cloud services. It can act as the CLI for your cloud storage. Rclone provides a broad set of features, from simple| ITTavern.com
Let me start with a list of things that are required: Access to Cisco, via GUI and CLI as admin SFTP server + user, and root access Network access: ISE > SFTP server over TCP/22 (SSH - as SFTP transf| ITTavern.com
Getting started with dig Please note that this blog post is not an in-depth guide on DNS and dig. It will provide you with the basics, and more advanced topics that are out of the scope. Some more adv| ITTavern.com
I want to show you how to get started with Fail2Ban to keep your Linux servers more secure. For this blog post, I've used Ubuntu 22.04 LTS as a reference and will use it to secure my SSH service with| ITTavern.com
In this post, I'll try to explain the syntax and use of an URL and the difference between URI, URL, URN, and URC. URL explained # This will be our example for this post: https://username:password@www| ITTavern.com
Asking the right question In this post, I want to present some simple questions on how to start any troubleshooting session. The main goal is to gather enough information to narrow down the root cause| ITTavern.com
I am a big fan of tmux, but there is - without adding plugins - a way to save and restore sessions or layouts. For this reason, I've decided to work on a bash script that restores and builds my favori| ITTavern.com
In this blog post, I assume that tcpdump is already installed since the installation method can vary from system to system, and basic Linux and CLI skills already exist. I'll try to keep it as short a| ITTavern.com
This is an updated version from last year. Thank you for the great feedback! This article covers mainly the configuration of the SSH service and only references ways to protect the service on the hos| ITTavern.com
