Run this in Windows as an administrator:
bcdedit /set {bootmgr} path \EFI\ubuntu\grubx64.efi
Or:
bcdedit /set "{bootmgr}" path \EFI\ubuntu\grubx64.efi
If you are using PowerShel.
Shell History with date
Include in /root/.bashrc
# History with date
HISTTIMEFORMAT="%F-%T "
or
HISTTIMEFORMAT="%d/%m/%y %T "
Optional: Clear history
history -c
Logoff and login again.
Insert character at specified position
awk '{$2="#"$2;print $0}' your_file
This will add # to the start of the second (space-separated) column regardless of which position it occurs at.sed -r -e 's/^.{15}/&#/' fileInsert '#' in position 15
Add / Remove users from AD groups with Powershell
For a users list:
1 - create a file (ex: add-users.ps1);
2 - paste the commands and change file name and group;
3 - the first line of users list must be UserName;
4 - Run the ps1 file with admin user.
Import-module ActiveDirectory
Import-CSV "C:\list_of_users.csv" | % {
Add-ADGroupMember -Identity GROUP -Members $_.UserName
}
pause
For add only one user
Add-ADGroupMember -Identity GROUP -Members USER
To remove users, change Add-ADGroupMember to Remove-ADGroupMember
APT install only security updates
Check security updates:
sudo unattended-upgrade --dry-run -d
If previous command show packages to update:
sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
sudo unattended-upgrade --dry-run -d
If previous command show packages to update:
sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
List AD group members from linux
List group members using samba 4 samba-tool:
samba-tool group listmembers <group> -H ldap://<servername> -d0
samba-tool group listmembers <group> -H ldap://<servername> -d0
Enable remote desktop from command line
netsh advfirewall firewall add rule name="Open Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
Active / deactive windows firewall command line
Windows Firewall on computers running Windows Vista, Windows 7 and
Windows Server 2008 is enabled by default. You may need turn it off for
various reasons.
This is how you do it using a command prompt:
This is how you do it using a command prompt:
- To Turn Off:
- NetSh Advfirewall set allprofiles state off
- To Turn On:
- NetSh Advfirewall set allprofiles state on
- To check the status of Windows Firewall:
- Netsh Advfirewall show allprofiles
psexec for linux
wget http://downloads.sourceforge.net/project/winexe/winexe-1.00.tar.gz
tar xzvf winexe-1.00.tar.gz
cd winexe-1.00/source4/
./autogen.sh
./configure
make
bin/winexe -U user%password //xps8500 'cmd'
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>
tar xzvf winexe-1.00.tar.gz
cd winexe-1.00/source4/
./autogen.sh
./configure
make
bin/winexe -U user%password //xps8500 'cmd'
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>
Squid regex
\.sex\.com
\.redtube\.com
I also recommend you to block this way to cover all the possibilities:
^http://.*\.*sex\.com/*.*
^http://.*\.*redtube\.com/*.*
Let me explain what are you telling to squid to do with this regex:
^ = this is the beginning of the url
http:// = is the protocol that is always required
. = anything, for example, can be a subdomain or a www
* = the expression BEFORE (the subdomain or www) can happen or not
\ = the next char is not "anything" but a real dot
. = the real dot...
* = ...that can happen or not
sex = the domain
. = next char is a real real dot again
com = top level domain
/* = a dash that can happen or not (covering all the possible websites configurations here)
.* = anything can happen or not after the last dash (/index.php, blah blah)
\.redtube\.com
I also recommend you to block this way to cover all the possibilities:
^http://.*\.*sex\.com/*.*
^http://.*\.*redtube\.com/*.*
Let me explain what are you telling to squid to do with this regex:
^ = this is the beginning of the url
http:// = is the protocol that is always required
. = anything, for example, can be a subdomain or a www
* = the expression BEFORE (the subdomain or www) can happen or not
\ = the next char is not "anything" but a real dot
. = the real dot...
* = ...that can happen or not
sex = the domain
. = next char is a real real dot again
com = top level domain
/* = a dash that can happen or not (covering all the possible websites configurations here)
.* = anything can happen or not after the last dash (/index.php, blah blah)
colored tail
tail, with specific pattern colored
tail -F file | egrep --color 'pattern|$'
OR
tail -f file | egrep --color=always $\|PATTERN
tail -f file | egrep --color=always $\|"PATTERN1|PATTERN2"
tail with coloured output with the help of perl - need more colours? here is a colour table: http://www.tuxify.de/?p=23 Show Sample Output
tail -f FILE | perl -pe 's/KEYWORD/\e[1;31;43m$&\e[0m/g'
Colorize matching string without skipping others this is useful to highlight only some code without losing other lines (eg. software, logs, scripts)
egrep --color=auto 'usb|' /var/log/messages
tail -F file | egrep --color 'pattern|$'
OR
tail -f file | egrep --color=always $\|PATTERN
tail -f file | egrep --color=always $\|"PATTERN1|PATTERN2"
tail with coloured output with the help of perl - need more colours? here is a colour table: http://www.tuxify.de/?p=23 Show Sample Output
tail -f FILE | perl -pe 's/KEYWORD/\e[1;31;43m$&\e[0m/g'
Colorize matching string without skipping others this is useful to highlight only some code without losing other lines (eg. software, logs, scripts)
egrep --color=auto 'usb|' /var/log/messages
Shutdown or Restart windows server via linux
Use this command to shutdown the computer remotely:
net rpc shutdown --ipaddress ip --user username%password
Add -r if you want to restart, not shutdown:
net rpc shutdown -r -f --ipaddress ip --user username%password
net rpc shutdown --ipaddress ip --user username%password
Add -r if you want to restart, not shutdown:
net rpc shutdown -r -f --ipaddress ip --user username%password
Get all IPs from host
Ubuntu 16.x
ifconfig | grep inet |awk '{print $2}'
Ubuntu 18.x
ifconfig | grep inet |awk '{print $3}'
nmap essential
Scan IP
nmap 192.168.1.1
Scan network
nmap 192.168.1.0/24
Fast scan
nmap -F 192.168.1.1
Scan machines up
nmap -sP 192.168.1.0/24
Read hosts for a file (one IP or name per line)
nmap -iL /tmp/test.txt
detect remote services (server / daemon) version numbers
nmap -sV 192.168.1.1
Turn on OS and version detection
nmap -v -A 192.168.1.254
nmap -A -iL /tmp/test.txt
Find out if a host/network is protected by a firewall
nmap -sA 192.168.1.254
Scan a host when protected by the firewall
nmap -PN 192.168.1.1
Scan TCP port 80
nmap -p T:80 192.168.1.1
Scan UDP port 53
nmap -p U:53 192.168.1.1
Scan two ports
nmap -p 80,443 192.168.1.1
Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS 192.168.1.1
nmap -PS 21,80,443 192.168.1.1
nmap -PA 192.168.1.1
Scan a host using IP protocol ping
nmap -PO 192.168.1.1
Display the reason a port is in a particular state
nmap --reason 192.168.1.1
Only show open (or possibly open) ports
nmap --open 192.168.1.1
Show all packets sent and received
nmap --packet-trace 192.168.1.1
nmap --packet-trace server1.cyberciti.biz
Scan a host using UDP ping
nmap -PU 192.168.1.1
Stealthy scan
nmap -sS 192.168.1.1
TCP scan
nmap -sT 192.168.1.1
Find out the most commonly used TCP ports using TCP ACK scan
nmap -sA 192.168.1.1
Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip
nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5
How do I save output to a text file?
nmap 192.168.1.1 > output.txt
nmap -oN /path/to/filename 192.168.1.1
nmap -oN output.txt 192.168.1.1
nmap 192.168.1.1
Scan network
nmap 192.168.1.0/24
Fast scan
nmap -F 192.168.1.1
Scan machines up
nmap -sP 192.168.1.0/24
Read hosts for a file (one IP or name per line)
nmap -iL /tmp/test.txt
detect remote services (server / daemon) version numbers
nmap -sV 192.168.1.1
Turn on OS and version detection
nmap -v -A 192.168.1.254
nmap -A -iL /tmp/test.txt
Find out if a host/network is protected by a firewall
nmap -sA 192.168.1.254
Scan a host when protected by the firewall
nmap -PN 192.168.1.1
Scan TCP port 80
nmap -p T:80 192.168.1.1
Scan UDP port 53
nmap -p U:53 192.168.1.1
Scan two ports
nmap -p 80,443 192.168.1.1
Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS 192.168.1.1
nmap -PS 21,80,443 192.168.1.1
nmap -PA 192.168.1.1
Scan a host using IP protocol ping
nmap -PO 192.168.1.1
Display the reason a port is in a particular state
nmap --reason 192.168.1.1
Only show open (or possibly open) ports
nmap --open 192.168.1.1
Show all packets sent and received
nmap --packet-trace 192.168.1.1
nmap --packet-trace server1.cyberciti.biz
Scan a host using UDP ping
nmap -PU 192.168.1.1
Stealthy scan
nmap -sS 192.168.1.1
TCP scan
nmap -sT 192.168.1.1
Find out the most commonly used TCP ports using TCP ACK scan
nmap -sA 192.168.1.1
Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip
nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5
How do I save output to a text file?
nmap 192.168.1.1 > output.txt
nmap -oN /path/to/filename 192.168.1.1
nmap -oN output.txt 192.168.1.1
Linux Uptime history
Report the historical and statistical running time of system, keeping it
between restarts. Like uptime command but with more interesting output.
apt-get install tuptime
tuptime
apt-get install tuptime
tuptime
Colored tail command
apt install multitail
multitail -c /var/log/syslog
OR
apt install grc
grc tail -f /var/log/apache2/error.log
OR
apt install colortail
colortail -f /var/log/apache2/error.log
multitail -c /var/log/syslog
OR
apt install grc
grc tail -f /var/log/apache2/error.log
OR
apt install colortail
colortail -f /var/log/apache2/error.log
Locking a directory
For privacy of my data I wanted to lock down /downloads on my file server. So I ran:
chmod 0000 /downloads
The root user can still has access and ls and cd commands will not work. To go back:
chmod 0755 /downloads
chmod 0000 /downloads
The root user can still has access and ls and cd commands will not work. To go back:
chmod 0755 /downloads
Enable Google TCP BBR congestion control
Increase your Linux server Internet speed with TCP BBR congestion control
You must use the Linux kernel version 4.9 or above. On a Debian/Ubuntu Linux type the following grep command/egrep command:
$ grep 'CONFIG_TCP_CONG_BBR' /boot/config-$(uname -r)
$ grep 'CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)
$ egrep 'CONFIG_TCP_CONG_BBR|CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)
Edit the /etc/sysctl.conf file or create a new file in /etc/sysctl.d/ directory:
$ sudo vi /etc/sysctl.conf
OR
$ sudo vi /etc/sysctl.d/10-custom-kernel-bbr.conf
Append the following two lines:
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
$ sudo reboot
OR
$ sudo sysctl --system
You can verify new settings with the following sysctl command. Run:
$ sysctl net.core.default_qdisc
net.core.default_qdisc = fq
$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr
more info:
https://cloud.google.com/blog/products/gcp/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
You must use the Linux kernel version 4.9 or above. On a Debian/Ubuntu Linux type the following grep command/egrep command:
$ grep 'CONFIG_TCP_CONG_BBR' /boot/config-$(uname -r)
$ grep 'CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)
$ egrep 'CONFIG_TCP_CONG_BBR|CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)
Edit the /etc/sysctl.conf file or create a new file in /etc/sysctl.d/ directory:
$ sudo vi /etc/sysctl.conf
OR
$ sudo vi /etc/sysctl.d/10-custom-kernel-bbr.conf
Append the following two lines:
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
$ sudo reboot
OR
$ sudo sysctl --system
You can verify new settings with the following sysctl command. Run:
$ sysctl net.core.default_qdisc
net.core.default_qdisc = fq
$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr
more info:
https://cloud.google.com/blog/products/gcp/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
Display Bandwidth Usage on Network Interface By Host
Linux Display Bandwidth Usage on Network Interface By Host Using iftop command
sudo apt-get install iftop
iftop
iftop -i interface
iftop [options]
However, iftop works best when you use filters. For example, if you want to find out how much bandwidth users are wasting or trying to figure out why the network is slow, run:
# iftop -f icmp
You can display or analyses packet flowing in and out of the 192.168.1.0/24 network:
# iftop -F 192.168.1.0/24
Disable output for DNS traffic by using filter code such as:
# iftop -f 'not port domain'
sudo apt-get install iftop
iftop
iftop -i interface
iftop [options]
However, iftop works best when you use filters. For example, if you want to find out how much bandwidth users are wasting or trying to figure out why the network is slow, run:
# iftop -f icmp
You can display or analyses packet flowing in and out of the 192.168.1.0/24 network:
# iftop -F 192.168.1.0/24
Disable output for DNS traffic by using filter code such as:
# iftop -f 'not port domain'
Linux cmatrix
sudo apt install cmatrix
cmatrix -bas
-a: Asynchronous scroll
-b: Bold characters on
-B: All bold characters (overrides -b)
-f: Force the linux $TERM type to be on
-l: Linux mode (uses matrix console font)
-o: Use old-style scrolling
-h: Print usage and exit
-n: No bold characters (overrides -b and -B, default)
-s: "Screensaver" mode, exits on first keystroke
-x: X window mode, use if your xterm is using mtx.pcf
-V: Print version information and exit
-u delay (0 - 10, default 4): Screen update delay
-C [color]: Use this color for matrix (default green) ex: red, blue, white
Adminer on Ubuntu 18.04
Download the latest Adminer into our server
sudo mkdir /usr/share/adminer
sudo mkdir /usr/share/adminer/adminer
sudo mkdir /usr/share/adminer/editor
sudo wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/adminer/latest.php
sudo ln -s /usr/share/adminer/adminer/latest.php /usr/share/adminer/adminer/index.php
echo "Alias /adminer /usr/share/adminer/adminer" > /etc/apache2/conf-available/adminer.conf
sudo a2enconf adminer.conf
reload the Apache config
sudo systemctl reload apache2
Access the adminer interface at
http://<Server_IP_or_Domain>/adminer/
Install adminer-editor:
Download from
https://www.adminer.org/en/editor/#download
Copy file to /usr/share/adminer/editor and rename to index.php
echo "Alias /adminer-editor /usr/share/adminer/editor" >> /etc/apache2/conf-available/adminer.conf
reload the Apache config
sudo systemctl reload apache2
Access the adminer interface at
http://<Server_IP_or_Domain>/adminer-editor
sudo mkdir /usr/share/adminer
sudo mkdir /usr/share/adminer/adminer
sudo mkdir /usr/share/adminer/editor
sudo wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/adminer/latest.php
sudo ln -s /usr/share/adminer/adminer/latest.php /usr/share/adminer/adminer/index.php
echo "Alias /adminer /usr/share/adminer/adminer" > /etc/apache2/conf-available/adminer.conf
sudo a2enconf adminer.conf
reload the Apache config
sudo systemctl reload apache2
Access the adminer interface at
http://<Server_IP_or_Domain>/adminer/
Install adminer-editor:
Download from
https://www.adminer.org/en/editor/#download
Copy file to /usr/share/adminer/editor and rename to index.php
echo "Alias /adminer-editor /usr/share/adminer/editor" >> /etc/apache2/conf-available/adminer.conf
reload the Apache config
sudo systemctl reload apache2
Access the adminer interface at
http://<Server_IP_or_Domain>/adminer-editor
Fix MYSQL authentication issue in Ubuntu 18.04
Secure your MySQL installation and set the root password
sudo mysql_secure_installation
From here, you can just press Y and then ENTER to accept the defaults for all the subsequent questions.
Fix authentication issue caused by Ubuntu using auth_socket plugin by default for the root user.
You can set the root user to use the mysql_native_password instead to fix this issue, and we will have to set the root password again to correct this.
log in as sudo to mysql using the username and password set before.
sudo mysql -u root
in MySQL enter the following
USE mysql;
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Note:
For security make this password different than your server's password, and dont use the root user in any application that requires a database to store and pull data from.
FLUSH PRIVILEGES;
exit;
sudo mysql_secure_installation
From here, you can just press Y and then ENTER to accept the defaults for all the subsequent questions.
Fix authentication issue caused by Ubuntu using auth_socket plugin by default for the root user.
You can set the root user to use the mysql_native_password instead to fix this issue, and we will have to set the root password again to correct this.
log in as sudo to mysql using the username and password set before.
sudo mysql -u root
in MySQL enter the following
USE mysql;
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Note:
For security make this password different than your server's password, and dont use the root user in any application that requires a database to store and pull data from.
FLUSH PRIVILEGES;
exit;
File /etc/mail.rc
File /etc/mail.rc
set smtp=10.1.1.1:587
set from=user@example.com
set smtp-use-starttls
set ssl-verify=ignore
set smtp-auth=login
set smtp-auth-user=user@example.com
set smtp-auth-password=Password
set smtp=10.1.1.1:587
set from=user@example.com
set smtp-use-starttls
set ssl-verify=ignore
set smtp-auth=login
set smtp-auth-user=user@example.com
set smtp-auth-password=Password
Copy AD group
$Source_Group = "CN=Group,OU=Unity,DC=example,DC=com"
$Destination_Group = "CN=Group,OU=Unity,DC=example,DC=com"
$Target = Get-ADGroupMember -Identity $Source_Group
foreach ($Person in $Target) {
Add-ADGroupMember -Identity $Destination_Group -Members $Person.distinguishedname
}
Send desktop notification from shell scripts
Install packages
sudo apt-get install libnotify-bin
send some notification
notify-send "rsnapshot done :)"
#another example
...
alert=18000
live=$(lynx --dump http://money.rediff.com/ | grep 'BSE LIVE' | awk '{ print $5}' | sed 's/,//g;s/\.[0-9]*//g')
[ $notify_counter -eq 0 ] && [ $live -ge $alert ] && { notify-send -t 5000 -u low -i "BSE Sensex touched 18k"; notify_counter=1; }
...
-t 5000: Specifies the timeout in milliseconds ( 5000 milliseconds = 5 seconds)
-u low : Set the urgency level (i.e. low, normal, or critical).
-i gtk-dialog-info : Set an icon filename or stock icon to display (you can set path as -i /path/to/your-icon.png).
A Note About GUI Tools and Cronjob
You need to request local display/input service using export DISPLAY=[user’s machine]:0 command if you are using cronjob to call your scripts. For example, call /home/vivek/scripts/monitor.stock.sh as follows which uses zenity tool:
@hourly DISPLAY=:0.0 /home/vivek/scripts/monitor.stock.sh
sudo apt-get install libnotify-bin
send some notification
notify-send "rsnapshot done :)"
#another example
...
alert=18000
live=$(lynx --dump http://money.rediff.com/ | grep 'BSE LIVE' | awk '{ print $5}' | sed 's/,//g;s/\.[0-9]*//g')
[ $notify_counter -eq 0 ] && [ $live -ge $alert ] && { notify-send -t 5000 -u low -i "BSE Sensex touched 18k"; notify_counter=1; }
...
-t 5000: Specifies the timeout in milliseconds ( 5000 milliseconds = 5 seconds)
-u low : Set the urgency level (i.e. low, normal, or critical).
-i gtk-dialog-info : Set an icon filename or stock icon to display (you can set path as -i /path/to/your-icon.png).
A Note About GUI Tools and Cronjob
You need to request local display/input service using export DISPLAY=[user’s machine]:0 command if you are using cronjob to call your scripts. For example, call /home/vivek/scripts/monitor.stock.sh as follows which uses zenity tool:
@hourly DISPLAY=:0.0 /home/vivek/scripts/monitor.stock.sh
SSH timeout interval
A user can log in to the server via ssh, and you can set an idle timeout interval to avoid unattended ssh session. Open sshd_config and make sure following values are configured:
ClientAliveInterval 300
ClientAliveCountMax 0
You are setting an idle timeout interval in seconds (300 secs == 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out).
ClientAliveInterval 300
ClientAliveCountMax 0
You are setting an idle timeout interval in seconds (300 secs == 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out).
Find and fix World-Writable Files
Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files:
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
You need to investigate each reported file and either set correct user and group permission or remove it.
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
You need to investigate each reported file and either set correct user and group permission or remove it.
Linux partitions security
Create separate partitions for Apache and FTP server roots.
Edit /etc/fstab file and make sure you add the following configuration options:
noexec – Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
nodev – Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
nosuid – Do not set SUID/SGID access on this partition (prevent the setuid bit).
Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
Edit /etc/fstab file and make sure you add the following configuration options:
noexec – Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
nodev – Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
nosuid – Do not set SUID/SGID access on this partition (prevent the setuid bit).
Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
Assinar:
Postagens (Atom)