Last active
March 20, 2024 15:31
-
-
Save ychaouche/74e1d31911442ae13aadc63b885a06f7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-*-outline-*- | |
(best viewed in emacs with outline-mode) | |
* by name | |
** apparmor | |
*** intro | |
Some processes are monitored by AppArmor and their actions can be restricted to their AppArmor profile. | |
For example : access to certain paths, or execution of certain commands, or certain kernel capabilities. | |
If the profile doesn't allow, the user gets a permission denied. | |
Example : tcpdump can't read or write files not ending with .pcap. | |
*** log file | |
apparmor actions are logged in /var/log/syslog with the audit facility | |
*** tools | |
**** aa-status | |
get the actual status of aa, | |
useful for introspection as some profiles are not necessarily on disk files | |
**** aa-genprof | |
this will monitor a process and help you defined a profile interactively by answering simple questions like : | |
this process tries to access this ressource, allow/deny? | |
**** aa-logprof | |
this helps to update the profile in case the executable changes -update- by reading the audit logs. If new | |
actions or paths are accessed it will prompt you and update the profile accordingly | |
**** apparmor_parser -r <filename> | |
if you manually modify a profile, run apparmor_parser for it to take effect. | |
** apt | |
*** automatic yes | |
apt-get -y install | |
*** sources.lst | |
**** explication | |
1. 2. 3. 4. | |
deb http://ftp.debian.org/debian/ jessie main | |
1. deb ou deb-src | |
2. url du dépot | |
3. version de debian | |
4. filtre sur les paquets (contrib, nonfree etc.) | |
**** fichier par défaut officiel | |
https://wiki.debian.org/SourcesList#Example_sources.list | |
**** debug symbols | |
ajouter cette source | |
deb http://deb.debian.org/debian-debug/ buster-debug main | |
puis installer le paquet avec le suffixe -dbgsym | |
**** source repos | |
/etc/apt/sources.list.d/official-source-repositories.list | |
*** show only the description of package in the output of apt-cache show <packagename> | |
apt-cache show <package> | grep-dctrl -s Description-en - | |
grep-dctrl is a grep that is specialized to apt files format. | |
it is provided by the dctrl-tools package | |
*** remove unused packages | |
apt-get autoremove | |
*** pourquoi ce paquet est installé | |
apt-cache rdepends <package> | |
ou bien | |
apt rdepends <package> affichera les paquets qui ont pu installé celui-ci, soit | |
comme dépendance, soit comme suggestion (recommendation) | |
*** lister tous les fichiers d'un paquet non installé | |
apt-file show <packagename> | |
*** ce paquet dépend de | |
apt-cache depends <packagename> | |
*** lister les paquets cassés | |
apt-get check | |
*** This must be accepted explicitly before updates for this repository can be applied. see apt-secure(8) manpage for details. | |
You need to run apt-get update with the --allow-releasinfo-change flag | |
apt-get update --allow-releaseinfo-change | |
*** download w/o installing | |
apt-get download | |
** aptitude | |
*** why | |
aptitude why tells why a package got installed. | |
*** understanding the output of aptitude commands | |
first char is state. | |
i : installed | |
c : deleted, config files remain | |
p : purged or never installed | |
v : virtual | |
B : broken dependencies | |
C : half-configured (installation aborted) | |
H : half-installed (installation aborted) | |
W : triggers awaited | |
T : triggers pending | |
second char is the action to be done | |
i : install | |
d : delete | |
p : purge | |
u : upgrade | |
h : hold (won't upgrade) | |
F : Forbid to upgrade | |
r : reinstall | |
B : broken (don't install/reinstall/update until you fix this)a | |
third char is how the package was installed | |
A : automatic | |
fourth char is package trustworthness | |
U : untrusted | |
** ar | |
*** invocation | |
ar <archive> [<member>] | |
*** redirect output to stdout | |
p. This is useful to use it as an input to tar for further processing. | |
** augtool | |
*** whatis | |
edit configuration files programmatically | |
*** changing configuration from the command line | |
17:28:13 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool get /files/home/ychaouche/.ssh/config/Host[10] | |
/files/home/ychaouche/.ssh/config/Host[10] = labonedjma.net | |
17:29:53 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool set /files/home/ychaouche/.ssh/config/Host[10] labonedjma | |
Saved 1 file(s) | |
17:29:59 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool get /files/home/ychaouche/.ssh/config/Host[10] | |
/files/home/ychaouche/.ssh/config/Host[10] = labonedjma | |
17:30:02 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ | |
*** it's also an interactive tool | |
sudo augtool | |
augtool> set /files/etc/ssh/sshd_config/PermitRootLogin no | |
augtool> save | |
augtool> quit | |
** avconv | |
*** disable color in output | |
AV_LOG_FORCE_NOCOLOR=1 avconv ... | |
*** extract part of a video/audio | |
ffmpeg -i input.mp4 -ss 00:09:23 -t 33 -c copy output.mp4 | |
extracts 33 seconds starting from 09:23 | |
** awk | |
*** invoking awk | |
**** specifying program text | |
program text w/ -e | |
**** specifying program file | |
program file w/ -f | |
**** specifying the field separator | |
-F will let you specify the field separator. | |
**** shebang | |
#!/usr/bin/gawk -f | |
**** passing in variables | |
-v var1=val2 var2=val2 etc. | |
access them directly in the script, | |
w/o using the $ sign | |
*** printing specific things | |
**** print last column | |
{print $NF} | |
**** print a captured group | |
I want to capture the Duration of a video, this is from the output of ffprobe on a specific file that has a strange structure... The trick is then to use match($0,pattern,array) then reference the matching group with the array's indice. | |
pattern : without quotes, without escaping any special characters like parens, brackets etc. | |
warning : this only works with gawk | |
ychaouche#ychaouche-PC 16:29:31 ~/VIDEOS/SCREENCASTS $ ffprobeoutput="Facebook: https Duration: 00:00:46.73, start: 0.000000, bitrate: 869 kb/s" | |
ychaouche#ychaouche-PC 16:29:39 ~/VIDEOS/SCREENCASTS $ echo $ffprobeoutput | |
Facebook: https Duration: 00:00:46.73, start: 0.000000, bitrate: 869 kb/s | |
ychaouche#ychaouche-PC 16:35:24 ~/VIDEOS/SCREENCASTS $ echo $ffprobeoutput | awk 'match($0,/Duration: ([^,]+),/,A) {print A[1]}' | |
00:00:46.73 | |
ychaouche#ychaouche-PC 16:35:27 ~/VIDEOS/SCREENCASTS $ | |
**** print the number of lines | |
awk 'END {print NR}' | |
**** print last record | |
awk 'END {print}' | |
You can also change the record separator if records are separated with a specific pattern. For example, here's how to display last worklog.summary entry : | |
alias notes.worklog.last='awk -v RS="\n\\\*" "END {print}" ~/NOTES/LOG/worklog.summary' | |
14:38:01 ~ -2- $ notes.worklog.last | |
Lundi 19 Septembre 2022 | |
- DNS override | |
14:57:09 ~ -2- $ | |
**** select rows with a specific field value | |
$3 ~ /<regexp>/ {do something} | |
$3 ~ /<regexp>/ # will only print rows with <regexp> in third field. | |
$3 ~ "part of a string" # joker is implied with ~ | |
**** nothing is printed | |
don't forget to use print; | |
**** too many lines printed | |
don't do this | |
$0 ~ regex | |
{ | |
print($0,"matches"); | |
} | |
do this | |
$0 ~ regex { | |
print($0,"matches"); | |
} | |
the first is equivalent to $0 ~ regex {print} {print($0,"matches"), which is why all lines are printed as matching (because there's no pattern. | |
**** unbuffered output | |
use fflush(); | |
**** emulate tail | |
there is no easy way | |
**** negative group matching | |
with egrep -P you can | |
relay=(?!127.0.0.1|local) | |
with awk you may | |
/^relay=/ && !/^relay=(127\.0\.0\.1|local)$/ | |
**** printing an array | |
for (key in my_dict) { print key ": " my_dict[key] } | |
*** matching | |
**** matching a string containing meta-characters | |
use index() instead of the ~ operator or match. | |
**** matching regexes defined in user variables | |
put regex w/o the / in between quotes like this : | |
BEGIN { regex="([[:digit:]]{1,3}\\.){3}[[:digit:]]{1,3}"; } | |
{if (match($0,regex,A)) {...} } | |
*** removing things | |
***** remove first/last character | |
***** remove blank lines from a file | |
awk NF file | |
be careful : the file shouldn't contain \r chars. Otherwise, use a tr -d "\r" < file before. | |
*** strings and regexes | |
**** strings vs regexes and the \\ problem | |
"\." is not a valid string | |
"\\." is a valid string, it will be seen as "\." by the regex functions | |
**** strings | |
***** concatenate | |
with space, and probably add \n if adding $0 | |
line = line $0 "\n" | |
***** formatting | |
%06.2f | |
6 is the for the whole number, | |
not just the natural part. | |
**** regexes | |
***** how to write regexes | |
"" can produce errors | |
// is the best fit for regexes | |
***** gawk is ERE | |
mawk is basic regexes only | |
gawk is extended regexes, with a few exceptions | |
\y matches beginning or end of a word | |
\w[ord] constituent (alnum + _) | |
\W is [^\W] | |
\s whitespace | |
\S = [^\s] | |
[:alnum:] | |
[:alpha:] | |
[:punct:] | |
***** no escaping necessary | |
parens, + etc. need not be escaped | |
***** ignore case | |
awk -v IGNORECASE=1 <awk script> | |
***** removing all meta-characters from a string | |
gsub(/[$^*()+\[\]{}.?\\|]/,"\\\\&",task); | |
*** communicating with the shell | |
**** sending output to a pipe | |
***** example | |
root@messagerie-principale[10.10.10.19] ~ # gawk -F: -e '{print $1 | "sort"}' /etc/passwd | |
amavis | |
backup | |
bidon | |
bin | |
clamav | |
daemon | |
Debian-exim | |
debian-spamd | |
dovecot | |
dovenull | |
games | |
glances | |
gnats | |
irc | |
list | |
lp | |
man | |
messagebus | |
mysql | |
news | |
nobody | |
ntp | |
opendkim | |
postfix | |
proxy | |
root | |
serveur | |
sshd | |
statd | |
sync | |
sys | |
systemd-bus-proxy | |
systemd-network | |
systemd-resolve | |
systemd-timesync | |
uucp | |
vmail | |
www-data | |
root@messagerie-principale[10.10.10.19] ~ # | |
***** explanation | |
this is because all output of print is piped to the sort command, which output is delivered at the end. | |
**** getting input from a pipe | |
***** dno't use getline | |
****** here's how to not use getline | |
command = "cmd " var1 " " var2; | |
command | getline x; close(command); | |
will put the result of cmd var1 var2 in x. | |
****** close the pipe | |
we need to close the pipe, otherwise next call to getline won't read (EOF or error). | |
command = " ... "; | |
command | getline var; | |
close(command); | |
****** gl form | |
<var>="undefined"; | |
"<command> " args | getline <var>; | |
close("<command> " args); | |
fflush() | |
} | |
****** example 1 | |
example where <var>=country and <command>=mygeoip (from mailcop-filter) : | |
awk '{country="undef"; "mygeoip " $7 | getline country; close("mygeoip " $7); printf "%s %s %s %-40s %-16s %s\n",$1,$2,$3,$6,$7,country; fflush()}; | |
****** example 2 | |
example for DNS query log analysis | |
awk '/queries/ {gsub(/queries.*client /,""); gsub(/#[0-9]+/,""); gsub(/: query:.*/,""); geoip="null"; "mygeoip.whob " $3 | getline geoip; close("mygeoip.whob " $3); printf("%s %s %16s %s %s\n", $1, $2, $3, geoip, $4); fflush()}' /tmp/somequeries | |
****** récap | |
1. <var> needs to be set to undef, otherwise it will keep last value. | |
2. fflush() needs to be called a the end, because idk. | |
3. you call a command with a string "mygeoip " $7. | |
4. this will call mygeoip with argument $7. | |
5. you capture the output of that command with | getline <var>. | |
***** use system | |
result = system("ls") | |
*** conditionals | |
**** with patterns | |
if (/regex/) { ... } else {...} | |
**** gl | |
if (condition) {<statements>} elif (condition) {statements>} else {<statements>} | |
**** examples | |
l'alias rip : | |
tail -f /var/log/dovecot.log | awk '{if (match($0,/rip=10.10.10.19/)) next; else if (match($0,/Login:.*rip/)) print "external", $0 }' | |
*** functions | |
**** String funcs | |
don't forget to use print, otherwise you won't see anything. | |
***** sub, gsub, gensub | |
sub : 1 time. | |
g[lobal]sub : global sub. | |
gen[erate]sub : generate a new string instead of changing the original. | |
syntax : | |
[g]sub(regex, substitution, [string]) | |
gensub(regex, substitution, mode, [string]) | |
string is $0 by default. | |
mode can be g or G (global), or a number indicating which match to replace. | |
\1 matches first subexpression, \2 second etc. | |
***** match(string, regex, array) | |
array[0] will contain whole match, if any | |
array[n] will contain nth subgroup, if any | |
return index of first occurence. | |
attention sous mawk il n'y a pas de array | |
on a simplement match(string,regex) | |
***** split(string, array, sep) | |
fields are separated by sep. Put each field separatly in the array. | |
Useful for eg. to split a field that contains multiple lines to an array of lines. | |
***** patsplit(string, array, fieldpat) | |
fields are defined fieldpat. Put each field separatly in the array. | |
***** sprintf(format,vars...) | |
store formatted string to out | |
out=sprintf(format,vars...) | |
out=sprintf("it is %f outside", 39.2); | |
*** user variables | |
user variables need not be preceded by a $ | |
*** accessing columns via a variable | |
col=2 | |
$col will select 2nd column. | |
$(NF-3) will access 3rd to last column. | |
*** when things go wrong/unexpected | |
**** // and { on same line | |
the pattern and the actions opening brace need to be on the same line | |
symptoms : | |
same line printed twice | |
*** arrays | |
**** print keys | |
for (key in array) {print key} | |
** base64 | |
Pour décoder un fichier en base64 on peut utiliser : base64 -di | |
-d decode | |
-i ignore garbage. | |
En effet, la format MIME exige des séparations de ligne par CRLF que base64 -d ne parse pas. | |
** bash | |
see ~/NOTES/TXT/bash.info | |
** bc | |
scale=2 | |
ychaouche#ychaouche-PC 09:59:25 ~ $ bc <<< "scale=2; 6/14" | |
.42 | |
ychaouche#ychaouche-PC 09:59:33 ~ $ | |
** beautifulsoup | |
*** BeautifulSoup class | |
**** __init__(self,markup...) | |
markup is either a string or a file-like object | |
**** find(self,) | |
only return first match | |
**** findAll(self,name=None,attrs={},text=None...) | |
name = name of the tag | |
attrs = any attribute | |
**** findNext | |
find after this tag (not in its children) | |
** bind | |
*** ajouter une zone slave | |
éditer le fichier named.conf.local et ajouter un enregistrement en spécifiant : | |
- type : slave | |
- masters : la liste des serveurs maitres términés par un ; | |
- file : le fichier .db qui sera utilisé. | |
exemple | |
zone "radioalgerie.dz."{ | |
type slave; | |
masters {10.10.10.4;}; | |
file "/etc/bind/slave/radioalgerie.dz.db"; | |
}; | |
*** ne pas écouter sur ipv6 | |
par défaut. | |
enlever donc les listen-on-v6 s'il y en a. | |
** binwalk | |
-e[xtract] | |
** boxes | |
pour justifier le text : -a [hv](horizontal/vertical)[jlcr](justify,left,center,right) | |
Example : -ahlvc (horizontal/left, vertical center) | |
pour choisir le design : -d | |
pour lister les designs disponibles : -l | |
pour ajouter un padding : -p (idem que -a pour horizontal, vertical etc. on ajoute t pour top, b pour bottom et -a pour all) | |
Exemple : -pv4h2 | |
** bzr | |
*** bzr move files after they're been moved | |
bzr move --auto | |
*** last revision | |
-r last:1 | |
*** show modified files | |
bzr log -v -r <revspec> | |
*** change parent branch | |
either edit the parent_location in : .bzr/branch/branch.conf (p) | |
or run bzr reconfigure --unstacked-parent=path/to/new/parent/branch (you) | |
** catchsegv | |
$ catchsegv program arguments | |
quand le program crash, output : | |
- le contenu des registres | |
- un stack trace | |
** cg & vg | |
search with cg like regular grep | |
open nth result with vg n | |
** chmod | |
** command | |
command -v / -V will give you path to the command, or specify if the command is a shell builtin | |
** cowsay | |
cowsay / cowthink | |
L'émotion avec -s(toned), -d(ead), -y(oung), -p(arano), -b(org), -g(reedy), -t(ired), -w(eird) | |
l'apparence avec -f (-l pour lister toutes les apparences) | |
** cp | |
*** copier les fichiers pointés par un symlink | |
cp -L | |
*** créer les répertoires intermédiaires | |
cp --parents (ne fonctionne qu'avec un répertoire) | |
** cron | |
*** every 5 minutes | |
m h d dow dom | |
*/5 * * * * | |
** ctags / etags | |
etags *.py. c'est tout. | |
Sinon etags <fichier_source> -o <fichier_etags>. | |
Ensuite il suffit de déplacer le curseur vers un appel de fonction/méthod | |
et de faire M-., | |
ça emmene à la définition. | |
Si ce n'est pas le bon endroit, | |
on fait C-u M.- | |
** curl | |
*** skip certificate | |
-k | |
*** follow redirects | |
-L | |
*** output to a file | |
-o | |
*** only http status (headers) (404/500/200) | |
-I | |
*** spoofing user agent | |
--user-agent | |
example : | |
curl --user-agent "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Waterfox/91.4.2" | |
*** continue old download | |
-C - # - is part of the command, it means do your best. | |
*** use a proxy | |
-x | |
** date | |
*** textual date | |
print what date is three months and one day from now : | |
date --date='3 months 1 day' | |
*** print date as YYYY-MM-DD | |
format is given with +<format string> | |
date --date yesterday +%Y-%m-%d | |
*** date in seconds since epoch | |
date +%s | |
*** convert seconds since epoch to date | |
ychaouche#ychaouche-PC 13:05:43 ~ $ date --date=@1605096302 | |
Wed Nov 11 13:05:02 CET 2020 | |
ychaouche#ychaouche-PC 13:05:48 ~ $ | |
*** add durations to dates | |
$ date -d "2022-05-29 10:00:00 +2 months -4 days + 11 hours - 29 minutes" | |
Sat Jun 25 19:31:00 CET 2022 | |
$ | |
*** dateutils | |
**** convert seconds to hh:mm:ss | |
$ dateutils.dconv -f "%H:%M:%S" -i '%s' 830 | |
00:13:50 | |
**** difference between two time durations | |
petit problème de formatage, je ne sais pas comment régler ça encore. | |
ychaouche#ychaouche-PC 10:03:40 ~ $ dateutils.ddiff -f "%H:%M:%S" "01:50:00" "00:27:00" | |
-1:-23:0 | |
ychaouche#ychaouche-PC 10:03:47 ~ $ | |
-i pour formatter la date en entrée | |
13:44:58 ~ -1- $ dateutils.ddiff -i "%M:%S" "26:41" "27:31" | |
50s | |
13:45:27 ~ -1- $ | |
** dbus | |
voir qdbus et qdbusviewer | |
** dd | |
When to use dd ? | |
1. When you need to copy part of a file, anywhere inside it (skip and count) | |
2. When you need to resume a copy that hasn't finished (skip) | |
cp is sometimes 2.5 times faster than dd, source : https://www.reddit.com/r/linux4noobs/comments/6u6828/dd_vs_cp/dlqhdar/ | |
** di | |
an alternative to df which displays info for mounted filesystems, optimized for real partitions and disks, not loopback and pseudo-filesystems. | |
** diff | |
*** summary of differences | |
-q : show only files that differ between two dirs | |
ychaouche#ychaouche-PC 13:29:03 / $ diff -q /opt/libreoffice* | |
Files /opt/libreoffice6.1/CREDITS.fodt and /opt/libreoffice7.0/CREDITS.fodt differ | |
Common subdirectories: /opt/libreoffice6.1/help and /opt/libreoffice7.0/help | |
Files /opt/libreoffice6.1/LICENSE and /opt/libreoffice7.0/LICENSE differ | |
Only in /opt/libreoffice6.1: LICENSE.fodt | |
Files /opt/libreoffice6.1/LICENSE.html and /opt/libreoffice7.0/LICENSE.html differ | |
Common subdirectories: /opt/libreoffice6.1/presets and /opt/libreoffice7.0/presets | |
Common subdirectories: /opt/libreoffice6.1/program and /opt/libreoffice7.0/program | |
Common subdirectories: /opt/libreoffice6.1/readmes and /opt/libreoffice7.0/readmes | |
Common subdirectories: /opt/libreoffice6.1/share and /opt/libreoffice7.0/share | |
ychaouche#ychaouche-PC 13:29:05 / $ | |
*** use -r on directories | |
otherwise it won't recurse | |
*** -c shows context | |
it is useful to start w/ original file, then the modified file. | |
- : removed from orig | |
+ : added to orig | |
! : changed | |
This shows too much context of both files. Unified output is better. | |
sample output : | |
ychaouche#ychaouche-PC 12:00:43 ~/DOWNLOADS/APPS/VPN_Clients $ diff -c tda.ovpn.orig tda.ovpn | |
*** tda.ovpn.orig 2022-05-17 16:12:15.806757623 +0100 | |
--- tda.ovpn 2022-05-18 11:37:46.981400758 +0100 | |
*************** | |
*** 1,13 **** | |
dev tun | |
persist-tun | |
persist-key | |
- data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC | |
- data-ciphers-fallback AES-256-CBC | |
auth SHA256 | |
tls-client | |
client | |
resolv-retry infinite | |
! remote 80.246.1.223 18223 udp4 | |
verify-x509-name "radioalgerie.local" name | |
auth-user-pass | |
remote-cert-tls server | |
--- 1,12 ---- | |
dev tun | |
persist-tun | |
persist-key | |
auth SHA256 | |
+ cipher AES-256-CBC | |
tls-client | |
client | |
resolv-retry infinite | |
! remote 80.246.1.223 18223 udp | |
verify-x509-name "radioalgerie.local" name | |
auth-user-pass | |
remote-cert-tls server | |
ychaouche#ychaouche-PC 12:01:29 ~/DOWNLOADS/APPS/VPN_Clients $ | |
*** -u unified (compressed) (preferred) context | |
**** intro | |
use orig before modified version | |
- : deleted from original | |
+ : added to original | |
**** sample output | |
ychaouche#ychaouche-PC 12:31:41 ~/DOWNLOADS/APPS/VPN_Clients $ diff -u tda.ovpn.orig tda.ovpn | |
--- tda.ovpn.orig 2022-05-17 16:12:15.806757623 +0100 | |
+++ tda.ovpn 2022-05-18 11:37:46.981400758 +0100 | |
@@ -1,13 +1,12 @@ | |
dev tun | |
persist-tun | |
persist-key | |
-data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC | |
-data-ciphers-fallback AES-256-CBC | |
auth SHA256 | |
+cipher AES-256-CBC | |
tls-client | |
client | |
resolv-retry infinite | |
-remote 80.246.1.223 18223 udp4 | |
+remote 80.246.1.223 18223 udp | |
verify-x509-name "radioalgerie.local" name | |
auth-user-pass | |
remote-cert-tls server | |
ychaouche#ychaouche-PC 12:31:46 ~/DOWNLOADS/APPS/VPN_Clients $ | |
**** short output (-u0) | |
ychaouche#ychaouche-PC 12:35:30 ~/DOWNLOADS/APPS/VPN_Clients $ diff -u0 tda.ovpn.orig tda.ovpn | |
--- tda.ovpn.orig 2022-05-17 16:12:15.806757623 +0100 | |
+++ tda.ovpn 2022-05-18 11:37:46.981400758 +0100 | |
@@ -4,2 +3,0 @@ | |
-data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC | |
-data-ciphers-fallback AES-256-CBC | |
@@ -6,0 +5 @@ | |
+cipher AES-256-CBC | |
@@ -10 +9 @@ | |
-remote 80.246.1.223 18223 udp4 | |
+remote 80.246.1.223 18223 udp | |
ychaouche#ychaouche-PC 12:35:37 ~/DOWNLOADS/APPS/VPN_Clients $ | |
or diff (normal output) | |
ychaouche#ychaouche-PC 12:35:37 ~/DOWNLOADS/APPS/VPN_Clients $ diff tda.ovpn.orig tda.ovpn | |
4,5d3 | |
< data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC | |
< data-ciphers-fallback AES-256-CBC | |
6a5 | |
> cipher AES-256-CBC | |
10c9 | |
< remote 80.246.1.223 18223 udp4 | |
--- | |
> remote 80.246.1.223 18223 udp | |
ychaouche#ychaouche-PC 12:36:59 ~/DOWNLOADS/APPS/VPN_Clients $ | |
** dig | |
*** voir tous les enregistrements DNS | |
dig <nom> ANY | |
*** +short | |
one line | |
*** +search | |
append domains from the search configuration of /etc/resolv.conf | |
*** invoking | |
dig <name> <type> @<server> | |
*** if query takes too long | |
probably timed out queries. | |
use +qr to see the queries. | |
** djbdns | |
package for dns server, cache, client and debugging tools | |
http://cr.yp.to/djbdns.html | |
It is used for millions of hosts around the web. | |
Source : http://cr.yp.to/djbdns/blurb.html | |
<<< | |
November 2008 .com update: There are 78.1 million .com names on the Internet. At least 4.6 million .com names are hosted by servers that, according to the fpdns fingerprint tool, run djbdns. The only software packages used for more names are BIND (20.6 million), MyDNS (17.8 million), and PowerDNS (6.6 million). | |
>>> | |
** dmesg | |
dmesg -T shows timestamps in human readable format. | |
** dpkg / dpkg-query | |
*** by function | |
**** rechercher | |
***** rechercher un paquet installé par motif | |
dpkg/dpkg-query -l *pattern* liste les paquets dont le nom ressemblent à pattern | |
***** quel paquet fournit cette commande / ce fichier | |
dpkg/dpkg-query -S *pattern* | |
**** lister | |
***** afficher tous les paquets installés | |
dpkg-query -l | |
dpkg -l | |
***** lister tous les fichiers installés par un paquet | |
dpkg -L packagename | |
dpkg-query -L packagename | |
***** lister les fichiers d'un paquet .deb | |
dpkg -c <package.deb> | |
***** afficher l'état de tous les paquets matchant un pattern | |
dpkg -l <pattern> | |
dpkg-query -l <pattern> | |
**** vérifications | |
***** how to inspect a .deb package? | |
les paquets sont des archives au format ar, utiliser la commande ar pour extraire le fichier data.tar.xz comme ceci : | |
ar xvf <packet.deb> data.tar.xz | |
puis inspecter à l'aide de tar vJf l'archive data.tar.xz | |
AUTRE METHODE | |
On peu extraire directement vers un réperoire avec ar pvf <paquet.deb> data.tar.xz | tar Jvx -C <target-directory> | |
en effet, p[rint] va rediriger la sortie de ar vers la sortie de standard, de telle sorte à ce que tar puisse lire directement. | |
par exemple : | |
ar fp libssl-dev_1.1.0l-1~deb9u4_amd64.deb data.tar.xz | tar Jvx -C libssl-dev_1.1/ | |
***** est-ce que ce paquet est installé | |
dpkg-query -W <pattern> : show any (installed) package matching pattern | |
dpkg / dpkg-query -s <name> : show description of a specific package | |
***** y a-t-il des paquets qui utilisent des fichiers dans ce dossier ? | |
dpkg/dpkg-query -S /path/vers/dossier | |
exemple: | |
root#ychaouche-PC 13:43:19 /usr/lib/debug/usr/lib # dpkg -S /usr/lib/debug/ | |
kate-dbg, kdelibs5-dbg, kde-baseapps-dbg, konsole-dbg, kde-runtime-dbg, libqt4-dbg:amd64, libgmime-2.6-0-dbg, libc6-dbg:amd64: /usr/lib/debug | |
root#ychaouche-PC 13:44:59 /usr/lib/debug/usr/lib # | |
***** à quel paquet appartient ce fichier ? | |
dpkg/dpkg-query -S /path/vers/fichier | |
***** vérifier l'intégrité des paquets | |
****** commande et sortie | |
dpkg -V en tant root (sans argument) | |
explication de la sortie : | |
1. seulement les fichiers pour lesquels un test a échoué sont affichés | |
2. une série de 9 caractères sont affichés, un pour chaque test. | |
3. ? = le test n'a pas pu être fait. | |
. = test ok | |
[:alnum:] = code d'erreur | |
****** utilité | |
si la machine est déjà compromise, il ne sert à rien de lancer cette commande. | |
ce qu'il faudrait c'est que les hashs soient comparés avec un autre système réputé sain. | |
**** cancel changes to conf files | |
dpkg --force-confnew | |
**** forcer la suppression d'un paquet | |
dpkg --force-all --remove <package> [1] | |
[1] https://wiki.debian.org/DebianPackageManagement#line-271 | |
*** by option | |
**** dpkg-query -S[earch] <pattern> | |
search for filename in installed packages | |
**** dpkg-query -s[tatus] | |
report status for a specified package (installed or not) | |
**** dpkg-query -l[ist packages] <pattern> | |
list packages | |
la première colonne contient deux drapeaux. | |
Le premier drapeau est l'action désiré pour ce paquet : | |
i Install | |
r Remove | |
u unknown | |
Le deuxième drapeau est l'état du paquet | |
i Installed | |
c config-files | |
n not installed | |
**** dpkg-query -L[ist files] <package> | |
list files of a package | |
**** dpkg-query -[sho]W <pattern> | |
identique à -l sauf qu'elle permet de spécifier le format de la sortie. | |
** dpkg-query | |
voir * by function ** working with packages ** debian ** dpkg | |
** ed | |
voir * ed (bookmark-jump "linux::ed") | |
** emacs | |
voir emacs.info | |
** expand | |
transform tabs to spaces | |
see also ** unexpand | |
** expect | |
*** shebang | |
#!/usr/bin/expect | |
*** how to run a command ? | |
spawn command | |
*** how to capture output ? | |
expect 'pattern' {action} | |
*** how to send input ? | |
send "input\r" | |
*** how to keep terminal open after last command ? | |
interact | |
*** don't use simple quotes | |
they don't delimit strings | |
*** how to use a remote bash variable? | |
quote the double quotes and quote the $, like this : | |
\"\$REGX_IP\" | |
** ext4magic | |
*** listing recovarable files | |
# ext4magic /dev/sdXY -a "$(date -d "-2hours" +%s)" -f deleted/folders/root -j /some/safe/path/sdXY.journal -l | |
example: | |
ext4magic /dev/sda1 -Lx -f root/ > /tmp/files | |
list all recoverable files in the last 24h in the /root/ subdir | |
(note that the argument root/ is given w/o first slash) | |
*** options | |
-a[fter] time in seconds since epoch | |
default is 24h | |
-f[older] only scan for files in this folder | |
-j[ournal] use the backup of the journal. | |
Only useful if you made a backup | |
(with debugfs) | |
before a reboot. | |
otherwise it reads the current journal by default. | |
-l[ist] the deleted files | |
-d[estination] | |
-r[ecoverable] 100% recoverable only | |
-R[ecoverable] partially recoverable files too | |
-m[ulti-stage] recover all deleted files in a multi-stage operation | |
- | |
*** notes | |
couldn't recover test.sh file | |
** extundelete | |
extundelete /dev/sda1 --restore-file /root/test.sh | |
** fail2ban | |
*** how to get the config of a jail ? | |
fail2ban-client get <jail> <field> | |
both <jail> and <field> support tab completion | |
fail2ban-client get <tab> <tab> | |
or you can do (nasty) | |
fail2ban-client -d[ump] | grep <jailname> | |
*** how to get dbinfo ? | |
fail2ban-client get dbfile | |
*** how to get the list of banned IPs ? | |
1. grep Ban /var/log/fail2ban.log | |
2. iptables -L INPUT -v -n | |
3. fail2ban-client status <jailname> | |
*** how to unban ? | |
fail2ban-client set <nextcloud> unbanip <192.168.211.76> | |
*** how to test a regex | |
fail2ban-regex [-v[erbose]] <logfile> <regex> | |
both <logfile> and <regex> can be strings or files | |
for example : | |
root@messagerie-principale[10.10.10.19] ~ # fail2ban-regex -v /var/log/mail.warn /etc/fail2ban/filter.d/postfix-sasl.conf | |
Running tests | |
============= | |
Use failregex file : /etc/fail2ban/filter.d/postfix-sasl.conf | |
Use log file : /var/log/mail.warn | |
Results | |
======= | |
Failregex: 23 total | |
|- #) [# of hits] regular expression | |
| 1) [23] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*warning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*={0,2})?\s*$ | |
| 172.16.10.53 Sun Nov 28 07:23:44 2021 | |
| 103.167.84.118 Sun Nov 28 08:06:19 2021 | |
| 136.144.41.223 Sun Nov 28 13:50:58 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:04 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:15 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:25 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:36 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:39 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:45 2021 | |
| 136.144.41.223 Sun Nov 28 13:51:56 2021 | |
| 136.144.41.223 Sun Nov 28 13:52:06 2021 | |
| 136.144.41.223 Sun Nov 28 13:52:17 2021 | |
| 136.144.41.223 Sun Nov 28 13:52:20 2021 | |
| 109.237.103.19 Sun Nov 28 14:09:23 2021 | |
| 109.237.103.19 Sun Nov 28 14:09:32 2021 | |
| 109.237.103.19 Sun Nov 28 14:09:47 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:02 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:08 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:18 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:32 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:46 2021 | |
| 109.237.103.19 Sun Nov 28 14:10:53 2021 | |
| 109.237.103.19 Sun Nov 28 14:11:04 2021 | |
`- | |
Ignoreregex: 0 total | |
[...] | |
root@messagerie-principale[10.10.10.19] ~ # | |
*** simulate a fail2ban run | |
use fail2ban-regex with desired logfile and filter, see (bookmark-jump "fail2ban::fail2ban-regex") | |
exemple: | |
$ fail2ban-regex -v /var/log/mail.warn /etc/fail2ban/filter.d/postfix-sasl.conf | |
** fdisk | |
menu-driven interface to work on disks, partitions | |
** find | |
see ~/.bash_lib/help/find | |
** figlet | |
La commande figlist donne toutes les polices supportés. | |
Utilisez une police particulière avec l'option -f | |
exemple : figlet -f whimsy "le purgatoire" | |
utilisez l'option -w width pour avoir tout sur une ligne (exemple -w 120) | |
exemple | |
ychaouche#ychaouche-PC 17:35:56 ~ $ figlet -f weird -w 120 "le purgatoire 1.0" | |
_ __ | |
/ / / /| / | | |
( ___ ___ ___ ___ ___ (___ ___ ___ ___ ( | ( | | |
| |___) | )| )| )| )| )| | )| | )|___) | ) | ) | |
| |__ |__/ |__/ | |__/ |__/||__ |__/ | | |__ _|/ |__/ | |
| __/ - | |
ychaouche#ychaouche-PC 17:35:59 ~ $ | |
** fold/fmt | |
fmt is superior to fold when joining shorter lines. | |
fold -s is superior to fold when you need to have short lines (bullets) | |
you can use fill in emacs : | |
M-q : fill-paragraphe | |
ruler-mode : you know where you are | |
auto-fill-mode : fill-as-you-type | |
set-fill-column : instead of 80 | |
** fuser | |
*** list processes using a file/dir/mountpoint | |
root@messagerie-prep[10.10.10.20] ~ # fuser -mv /var | |
USER PID ACCESS COMMAND | |
/var: root kernel mount /var | |
root 718 ..c.. cron | |
daemon 719 ..c.. atd | |
clamav 723 F.c.. freshclam | |
root 745 F.... dovecot | |
root 794 F.... rsyslogd | |
root 863 F.... log | |
root 891 F.... apache2 | |
postfix 1178 F.... opendkim | |
mysql 1251 F.c.. mysqld | |
root 1293 F.... fail2ban-server | |
www-data 1312 F.... apache2 | |
www-data 1313 F.... apache2 | |
www-data 1314 F.... apache2 | |
www-data 1315 F.... apache2 | |
www-data 1316 F.... apache2 | |
root 1584 F.c.. master | |
postfix 1585 .rc.. pickup | |
postfix 1586 ..c.. qmgr | |
amavis 1588 F...m /usr/sbin/amavi | |
postfix 1603 Frc.. tlsmgr | |
amavis 1604 F.c.m /usr/sbin/amavi | |
amavis 1605 F...m /usr/sbin/amavi | |
www-data 1696 F.... apache2 | |
dovecot 2176 F.... auth | |
postfix 2181 Frc.m smtpd | |
postfix 2182 ..c.. proxymap | |
root@messagerie-prep[10.10.10.20] ~ # | |
*** kill processes | |
-k[ill] | |
** git | |
*** clone | |
Copies the whole data through the history of the project, | |
not just the working copy. | |
It is an exact copy | |
(a clone) | |
of the remote repo. | |
*** getting only the working tree (checkout) | |
**** archive | |
doesn't work w/ github because command isn't allowed in their git server [1] | |
git archive --remote <url> --format tar <tag> | |
git archive -0 for uncompressed output [2] | |
git archive HEAD (tar format by default) | |
for example: | |
16:06:53 ~/DOWNLOADS/TOOLS -1- $ git archive --remote=git://github.com/roma-glushko/tango.git HEAD | |
fatal: unable to connect to github.com: | |
github.com[0: 140.82.121.4]: errno=Connection timed out | |
16:10:57 ~/DOWNLOADS/TOOLS -1- $ | |
[1] https://stackoverflow.com/questions/2866358/git-checkout-only-files-without-repository#comment47982597_2867314 | |
[2] https://stackoverflow.com/questions/160608/do-a-git-export-like-svn-export#comment16482290_160608 | |
**** clone --depth 1 | |
**** git-export | |
third party script | |
** grep | |
voir /home/ychaouche/.bash_lib/help/grep:1 | |
** grep-dctrl | |
*** gl invocation | |
grep-dctrl <option> <pattern> /var/lib/apt/lists/*_Packages | |
grep-aptavail -P syslog-summary (any package) | |
grep-status -P syslog-summary (only installed packages) | |
grep-available -P syslog-summary (only installed packages) | |
*** grep-available, grep-status, grep-aptavail | |
grep-available : only installed packages, fewer fields. | |
grep-status : only installed packages, more fields. | |
grep-aptavail : any package, fewer fields. | |
grep-dctrl : must supply the control file. | |
*** search by package name | |
-P <package> | |
this is equivalent to | |
-FPattern <package> | |
*** only show a specific field | |
-s <field> | |
exemple : | |
11:43:03 ~ -1- $ grep-dctrl -PX libdbus-1-3 -s Version /var/lib/apt/lists/*_Packages | |
Version: 1.6.18-0ubuntu4.5+esm3 | |
Version: 1.6.18-0ubuntu4.5+esm3 | |
Version: 1.6.18-0ubuntu4.4 | |
Version: 1.6.18-0ubuntu4.4 | |
Version: 1.6.18-0ubuntu4 | |
Version: 1.6.18-0ubuntu4 | |
Version: 1.6.18-0ubuntu4.5 | |
Version: 1.6.18-0ubuntu4.5 | |
11:43:14 ~ -1- $ | |
*** strict package name | |
-X | |
*** search by other field | |
-F<field> <pattern> | |
*** boolean operations | |
-o -a -! --not ( ) | |
*** show one line description | |
-d | |
*** hide field names | |
-n | |
*** negative matching | |
-v | |
** hash | |
*** hash -d | |
delete a hash | |
(forget) | |
hash -d ldd | |
(now ldd is no longer fetched from ~/bin/) | |
** hexedit | |
*** save with F2 | |
*** save and exit : Ctrl-X | |
*** other editors | |
bless < C# | |
hexyl < Rust, colors, no binary | |
oktat < good ! kde compilant | |
** install | |
-o=OWNER : change owner of the file | |
-g=GROUP : change group of the file | |
-m=MODE : change mode (rxw) | |
** inxi | |
*** afficher le bureau (KDE, Gnome...) | |
inxi -S | |
*** pas de couleurs | |
inxi -c 0 | |
** iotop | |
*** useful options | |
sudo iotop -Pok | |
sudo iotop -botkqqq | |
*** options | |
[P]rocesses | |
[a]cumulate | |
[p]id | |
[o]nly | |
[b]atche | |
[q]uiet | |
[k]b | |
[n] iterations (then quit) | |
*** sorting | |
<- -> | |
r to reverse the sorting order | |
*** currently consuming disk I/O | |
o | |
*** processes only | |
P | |
*** accumulated | |
a | |
** ip | |
*** general structure of an ip command | |
ip <object> <command> | |
where <object> can be one of : link, address, route... | |
<command> can be one of : add, delete, show, list or help | |
*** how to conifgure addresse on interface | |
ip addr add <addr> dev <device> | |
*** ifup / ifdown | |
ip link set <dev> up/down | |
*** show route | |
ip route show | |
*** add default gateway | |
ip route add default via <gateway> | |
*** remove route | |
*** flush config | |
ip addr flush <dev> | |
*** get current IP | |
ip -br[ief] a <ens192> | |
*** show all interfaces | |
ip -br[ief] link show | |
** iptables | |
*** common options | |
-v : verbose | |
-n : numeric (don't do long reverse dns lookups on IP) | |
*** lister toutes les règles de toutes les chaines, | |
iptables -L[ist] | |
*** lister toutes les règles d'une chaine | |
iptables -L[ist] <chaine> | |
liste les règles pour la chaine <chaine> | |
*** Ajouter une règle à une chaine | |
iptables -I[nsert] <chaine> 1 (top) <rulespec> | |
exemple : bannir tout traffic venant de <IP> | |
iptables -I[nsert] fail2ban-ssh 1 -s[ource] IP -j[ump] drop | |
*** Supprimer une règle d'une chaine | |
iptables -D[elete] <chaine> <rulespec> | |
example : supprimer une règle drop pour une IP | |
iptables -D file2ban-ssh -s[ource] IP -j[ump] <target> | |
<target> = drop ou logdrop je pense. | |
** javascript | |
voir web.info | |
** jmtpfs | |
*** how to mount phone storage? | |
sudo apt-get install jmtpfs | |
sudo jmtpfs -o allow_other /mnt/any | |
** join | |
join file1 file2 | |
will take every line from file1, match it with line with same id from file2, and output all columns. | |
par exemple | |
$ cat file1 | |
a a1 | |
c c1 | |
b b1 | |
$ cat file2 | |
a a2 | |
c c2 | |
b b2 | |
$ join file1 file2 | |
a a1 a2 | |
c c1 c2 | |
b b1 b2 | |
$ | |
** jshon | |
*** don't use this | |
see ****** extract multiple values from a single key. The API is awkward. | |
*** print keys | |
jshon -k | |
*** extract | |
jshon -e "key/index" | |
*** extract multiple values from a single key | |
jshon -e key/index -e key1 -u -p -e key2 -u -p -e key3 | |
*** map a function for the rest of the document | |
jshon -a <options> | |
will output <option> applied for all the elements remaining | |
** jq | |
see ~/.bash_lib/help/jq | |
** k3b | |
if disc fails to burn, try changing the burning mode (DAO) | |
** kde | |
*** how to get the version of KDE? | |
any kde app should have --version option. | |
That option should display not only the app's version | |
but also qt's and kde's | |
eg. | |
kate --version | |
** klipper | |
*** popup | |
show klipper wih ctrl+shift+k (custom) | |
*** select/filter | |
just start typing to filter | |
*** perform action | |
to perform action based on text saved in the clipboard | |
1. select text | |
2. if it matches a regex it will execution the associated action. | |
perform last action again with Ctrl+alt+R | |
** less | |
voir less.help | |
Pour activer line numbering : -N | |
Stop highlighting search results : M-u (toggle) | |
Pour voir le fichier suivant/précédent : :n/:p | |
[F]ollow : F | |
Pour voir un autre fichier : :e[xamine] | |
Show current file : = | |
Permanently show current file : -M | |
Save to file : :s <filename> | |
Aller à la première occurence : less +/<pattern> <file> | |
Quitter tout de suite si le fichier n'est pas trop long : -F | |
Executer les caractères spéciaux : -r | |
** ld.so | |
*** what is | |
helps load executables and the necessary librairies in memory. | |
*** /lib/ld.so and /lib64/ld.so | |
/lib/ld is for 32bit programs | |
/lib64/ld is for 64bit programs | |
*** /lib64/ld-linux-x86-64.so.2 | |
you can run programs with this and specify the --library-path argument, but I didn't succeed | |
ychaouche#ychaouche-PC 16:28:52 ~/DOWNLOADS/LIBS/FREETYPE2.6/usr/lib/x86_64-linux-gnu $ /lib64/ld-linux-x86-64.so.2 --library-path . /opt/teamviewer/tv_bin/TeamViewer | |
/opt/teamviewer/tv_bin/TeamViewer: relocation error: /opt/teamviewer/tv_bin/RTlib/qt/plugins/platforminputcontexts/libcomposeplatforminputcontextplugin.so: symbol xkb_compose_state_unref, version V_0.5.0 not defined in file libxkbcommon.so.0 with link time reference | |
*** ld.so --verify | |
this will tell you if ld can load the executable | |
*** ld.so --library-path <path> | |
this will tell ld in which directories to look for the shared libraries. | |
*** soname and library versions | |
if a library is libx.1 then all versions reporting their names as libx.1 are compatible. | |
if a newer version of libx breaks compatibility, the version will be upgraded, for eg. | |
libx.2. | |
*** LD_* environement variables | |
**** LD_LIBRARY_PATH | |
***** what it does | |
Prepend user-defined colon-separated paths to the list of directories for library lookups. This is preferred to LD_PRELOAD | |
***** OS exceptions | |
works on most unices, with some exceptions. | |
HP-UX -> SHLIB_PATH | |
AIX -> LIBPATH | |
***** binary exceptions | |
setuid/setgid binaries ignore LD_LIBRARY_PATH. | |
***** caveats | |
If your program runs other programs, they inherit LD_LIBRARY_PATH too. | |
**** LD_PRELOAD | |
LD_PRELOAD=/full/path/to/lib/even/if/it/is/in/pwd /bin/to/execute | |
This will force the binary to pick up the lib you want | |
but better is to run with LD_LIBRARY_PATH=. instead (just tested, it works) | |
**** LD_DEBUG | |
LD_DEBUG=bindings shows where are symbols fetched. | |
LD_DEBUG=versions shows what versions are required. | |
For example, png16 is by libfreetype.6.12, | |
and png12 was required by libfreetype6.11. | |
ychaouche#ychaouche-PC 17:12:00 ~/DOWNLOADS/LIBS/FREETYPE2.6/usr/lib/x86_64-linux-gnu $ LD_DEBUG=versions /opt/teamviewer/tv_bin/TeamViewer 2>&1 | grep PNG | |
20194: checking for version `PNG12_0' in file /lib/x86_64-linux-gnu/libpng12.so.0 [0] required by file /usr/lib/x86_64-linux-gnu/libfreetype.so.6 [0] | |
ychaouche#ychaouche-PC 17:12:41 ~/DOWNLOADS/LIBS/FREETYPE2.6/usr/lib/x86_64-linux-gnu $ LD_DEBUG=versions LD_PRELOAD=./libfreetype.so.6.12.3 /opt/teamviewer/tv_bin/TeamViewer 2>&1 | grep PNG | |
20222: checking for version `PNG16_0' in file /usr/lib/x86_64-linux-gnu/libpng16.so.16 [0] required by file ./libfreetype.so.6.12.3 [0] | |
^C | |
^Cychaouche#ychaouche-PC 17:14:26 ~/DOWNLOADS/LIBS/FREETYPE2.6/usr/lib/x86_64-linux-gnu $ | |
** ldconfig | |
*** cache file | |
/etc/ld.so.conf | |
*** print where ld will find libs | |
ldconfig -p | |
** ldd | |
*** what is | |
sets LD_TRACE_LOADED_OBJECTS=1 to list shared libs an executable relies upon | |
*** LD_TRACE_LOADED_OBJECTS=1 | |
/usr/bin/ldd is a bash script | |
it's a thin wrapper around ld.so | |
all it does is setting the environement variable LD_TRACE_LOADED_OBJECTS=1. | |
you can have the same effect with setting that env variable yourself before calling an executable. The executable won't be executed. | |
*** --verbose | |
Adds a version information section | |
# ldd --verbose /lib/arm-linux-gnueabihf/libm.so.6 | |
linux-vdso.so.1 (0xbefe7000) | |
/usr/lib/arm-linux-gnueabihf/libarmmem-${PLATFORM}.so => /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so (0xb6e4d000) | |
libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6cec000) | |
/lib/ld-linux-armhf.so.3 (0xb6ee4000) | |
Version information: | |
/lib/arm-linux-gnueabihf/libm.so.6: | |
ld-linux-armhf.so.3 (GLIBC_2.4) => /lib/ld-linux-armhf.so.3 | |
libc.so.6 (GLIBC_PRIVATE) => /lib/arm-linux-gnueabihf/libc.so.6 | |
libc.so.6 (GLIBC_2.4) => /lib/arm-linux-gnueabihf/libc.so.6 | |
/usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so: | |
libc.so.6 (GLIBC_2.4) => /lib/arm-linux-gnueabihf/libc.so.6 | |
/lib/arm-linux-gnueabihf/libc.so.6: | |
ld-linux-armhf.so.3 (GLIBC_2.4) => /lib/ld-linux-armhf.so.3 | |
ld-linux-armhf.so.3 (GLIBC_PRIVATE) => /lib/ld-linux-armhf.so.3 | |
** lnav | |
*** why I don't use | |
you can't use filter-in and filter-out at the same time. | |
Try this : | |
filter-in postfix | |
filter-out anvil | |
anvil still displayed | |
try other way around, anvil still displayed. | |
*** automatic completions | |
C-g | |
*** moving around | |
o/O forward/backward 1h | |
d/D forward/backward 1D | |
1-6/Shift 1-6 forward/backward hour + 10-60 minutes -backrwards doesn't work in azerty layout- | |
0/Shift 0 next day boundary | |
home/end top/bottom of file | |
s/s previous/next [s]lowdown (log rate drops) | |
e/E next/previous error | |
w/W next/previous warning | |
f/F next/previous file | |
*** searching | |
**** string search | |
n/N next/previous search hit | |
<> next/previous search hit on same line | |
some words and values avaiable in the logs are auto-completable with <tab> | |
**** sql search | |
sqlite tables are created on the fly to search for things. | |
use with ;<sql> | |
*** display | |
**** marking lines and bookmarking | |
m mark/unmarks a line | |
u/U next/previous bookmarked line | |
C[lear] clear all bookmarks | |
**** Elapsed [T]ime | |
**** Histogram | |
i : toggle histogram | |
z/Z : zoom in/out | |
**** filtering | |
:filter-in : only show lines matching <filter> | |
:filter-out : hide lines matching <filter> | |
:disable-filter : <tab> completion available | |
:enable-filter : <tab> completion available | |
:set-min-loglevel : <tab> completion available | |
**** word-wrap | |
:enable-word-wrap | |
:disable-word-wrap | |
**** follow | |
By default. Just go to EOF. | |
*** output | |
:append-to <file> : write marked lines to file | |
*** partitionning | |
the logfile can be partitionned with :partition-name | |
*** linuxquestion cheat-sheet | |
*** criticism | |
**** missing | |
disable all filters | |
view all filters | |
some filtering combination doesn't work, example : filter-in postifx, filter-out anvil, anvil isn't filtered out. | |
** logcheck | |
*** modes | |
paranoid for firewalls | |
servers, we want this | |
workstation, self explanatory | |
*** must read | |
/usr/share/doc/logcheck-database/README.logcheck-database.gz | |
this explains how to customize messages and get the most out of logcheck | |
*** types of messages | |
security alerts / cracking attempts : config file in /etc/logcheck/cracking.d/ | |
security events : config file in /etc/logcheck/violations.d/ | |
system events : any other line is considered a system event. | |
*** config files | |
**** logcheck.conf | |
email address to send to and if we want uniq lines or not (not by default) | |
*** evolution | |
logsentry | |
*** pour tester que ça marche | |
voir /var/mail/* | |
les mails sont peut être envoyés là. | |
sinon on peut utiliser logger pour ajouter des mots clés comme error, kernel panic, OOM, access denied etc. | |
*** source code | |
https://salsa.debian.org/debian/logcheck/-/blob/master/src/logcheck | |
warn function is never called. | |
*** how it works | |
logtail will only print new lines | |
syslog-summary will produce a summary of the logfile | |
If lines match an ignore regex, they're discarded. | |
If not, a mail will be sent with all un-ignored lines. | |
You should add lines to the desired ignore file so that you only see new/unexpected lines. | |
if any line matches a regex from cracking.d then logcheck sends a **security alert** mail | |
if any line matches a regex from violations.d then logcheck sends a **security event** mail. | |
otherwise logcheck sends a **system events** mail. | |
*** adding rules | |
to ignore some loglines, add them to ignore.d.server/ | |
** logger | |
ajoute des messages à syslog | |
utile pour tester logcheck | |
** logrotate | |
use logrotate -dv /etc/logrotate.conf | |
with the -d[ebug] switch, | |
no log file will be rotated, | |
but you get interesting output with the -v[erbose] file | |
the status file is : /var/lib/logrotate/status | |
** logtail | |
print only lines that haven't been read on previous invocations of logtail. | |
logtail keeps the offset files in /var/cache/logcheck/offset.<filename> | |
** ls / touch | |
*** misc | |
ls -l shows last modification time (content has changed) | |
touch changes the modification time | |
stat show access, modification and change time | |
*** timestamps | |
access time : last time it was accessed | |
modify time : content has changed | |
change time : content or attribute has changed. This may differ from modify time. | |
*** list directories first | |
ls --group-directories-first | |
*** dereference symlinks | |
ls -H symlink | |
*** display full path to file | |
use ls -d | |
11:46:17 ~ -1- $ command ls -1td /home/ychaouche/NOTES/LOG/TASKS/* | head -1 | |
/home/ychaouche/NOTES/LOG/TASKS/shorewall-procedures.flow | |
11:47:48 ~ -1- $ | |
*** parsing ls output | |
Is considered dangerous because filepaths can contain any character other than the null byte, this includes spaces, new lines, all kinds of punctuation. | |
see also : http://mywiki.wooledge.org/ParsingLs | |
** lsmod | |
list modules | |
** lsof | |
*** main options | |
-a : AND (options are OR'ed by default) | |
-c comm : list files opened by command which name starts with comm | |
+d dir : any file that belongs to the dir directory, non recursively. Use -x to follow symbolic links. | |
-i @host : commands opening a connexion to host | |
-r : repeat mode (watch) | |
*** is there anything listening on this port ? | |
lsof -i:<portnum> | |
*** toutes les connexions réseau d'un programme | |
lsof -i(nternet) -a(nd) -p(rocess) <pid> | |
lsof -i(nternet) -a(nd) -c(ommand) <command> | |
*** don't resolve names | |
-n | |
*** don't name port numbers | |
-P | |
*** show ongoing connexions by application | |
while true; do lsof -i; sleep 1; done | |
à combiner avec tcpdump -A sur un host en particulier pour voir le contenu des paquets envoyés. | |
*** voir aussi | |
Voir ~/howm/2018/04/2018-04-25-143016.txt | |
** lsyncd | |
*** voir aussi | |
linux.info: /home/ychaouche/NOTES/TXT/linux.info:3037 | |
*** run from cmdline | |
sudo lsyncd -nodaemon <configfile> | |
*** using a specific ssh identity key | |
1. use default.rsync instead of default.rsyncssh | |
2. use target instead of host | |
3. don't use targetdir | |
4. don't use an ssh section | |
5. add an rsh config in the rsync section in which rsh is ssh (the complete command line) | |
sync { | |
default.rsync, | |
source = "/home/ychaouche/SYNCHRO", | |
target = "10.10.10.82:/root/SYNCHRO", | |
rsync = { | |
copy_links = true, | |
rsh = "/usr/bin/ssh -i /root/.ssh/idroot", | |
} | |
} | |
** modinfo | |
show module information | |
** modprobe | |
*** add a module | |
modprobe <module> | |
*** remove a module | |
modprobe -r <module> | |
*** show module dependency | |
modprobe --show-depends | |
** monit | |
*** main config | |
/etc/monit/monitrc | |
*** restart the monitoring of a proceszs | |
monit monitor <proc> | |
*** configuring retries | |
use retry keyword | |
if failed | |
... | |
retry 3 | |
then | |
restart | |
** mount | |
*** --bind | |
mount an already visible directory somewhere else | |
mount --bind /proc /usr/local/proc | |
*** chroot | |
usually | |
mount --bind /proc <chroot>/proc | |
mount --bind /dev <chroot>/dev | |
mount --bind /sys <chroot>/sys | |
** mv | |
*** creating backups | |
mv --backup (method) : make a backup of destination file (in case it gets overwritten). Useful methods : numbered / simple. | |
mv -b : backup with the ~ suffix, or use --suffix to supply a custom prefix | |
*** verbose | |
mv -v : show what it's doing. | |
*** creating parent directories | |
mkdir -p parents/parents/parents && mv things to $_ | |
** mysql | |
*** status information | |
**** show full processlist | |
list les threads de mysql avec la requête en cours, l'état de la requête, et le temps, exprimé en secondes, pendant lequel le process est resté dans cet état. | |
show full processlist\G : le \G permet d'avoir un meilleur affichage lorsque les lignes sont très longues. | |
**** show engine innodb status\G | |
trouvé sur SO | |
à creuser. | |
<from howm :: mysql> | |
show engine innodb status\G | |
--------------------------- | |
Pour diagnostic | |
*** engines | |
**** The MyISAM Engine | |
No support for FK | |
No support for transactions | |
Don't use it[1] | |
[1] #mysql | |
[14:09] <ychaouche> I wonder what's a good usage of MyISAM tables. No foreign key support, no transcations. | |
[14:09] <thumbs> ychaouche: none | |
[14:09] <Isotopp> never use myisam, too | |
**** Migration from MyISAM to InnoDB | |
According to : https://dev.mysql.com/doc/refman/5.7/en/converting-tables-to-innodb.html | |
key_buffer_size was 16 Mb, will keep it that way | |
innodb_buffer_pool_size is 128Mb, will keep it that way | |
Now we have to COMMIT or ROLLBACK each time we change a table, or else a transcation may stay astray and eventually slow down the system. | |
Don't rollback a million rows, just trancate the table and start over. | |
autocommit should be set to 0. One should commit after a number of inserts/updates/deletes instead of one commit for each operation, to save I/O. | |
Even selects open transactions ! | |
set innodb_file_per_table to ON, this will create one file per table and help the OS reclaim free disk space from truncated and deleted tables. | |
To convert an existing table : ALTER TABLE table_name ENGINE=InnoDB; | |
*** variables | |
show variables like <pattern> | |
*** writing queries | |
**** JOINS | |
***** whatis | |
used to combine data from two (or more) tables based on shared/common columns, called the join key or common key. | |
***** types of joins | |
LEFT means include all results from left table | |
RIGHT means include all results from right table | |
INNER is an intersection | |
OUTER is a union | |
CROSS is match every row from left with every row from right. | |
***** join syntax | |
1. select <> from t1 JOIN t2 USING (field) -- parens are mandatory | |
1. select <> from t1 JOIN t2 ON t1.field = t2.field | |
**** COUNT | |
COUNT(column) counts the number of rows where column isn't NULL. | |
COUNT(*) counts the number of rows. | |
**** UPDATE | |
UPDATE table_name SET column1 = value1, column2 = value2 WHERE condition | |
*** login with a file | |
mysql --defaults-extra-file=<file> | |
file is typically : | |
[mysql] | |
username=<username> | |
password=<password> | |
chmod 600 <file>. | |
*** change output format | |
end queries with \G; | |
like so: | |
SELECT * FROM your_table\G; | |
*** user management | |
**** show users | |
select host,user from mysql.user | |
**** show current user | |
SELECT CURRENT_USER(); | |
**** change user password | |
mysql> SET PASSWORD FOR 'backup'@'localhost' = PASSWORD("..."); | |
mysql> FLUSH PRIVILEGES | |
**** show privileges of a user | |
SHOW GRANTS FOR 'user'@'host'; | |
**** granting privileges | |
GRANT ALL ON roundcube.* TO 'roundcube'@'localhost'; | |
**** create a user | |
*** dumps | |
**** no need to create the database beforehand | |
you can just mysql < dump.sql and it will create the database for you | |
** netstat | |
*** show only internet connections | |
--inet / --ip | |
*** show program names | |
-p | |
*** continuous output | |
-c | |
*** comparison with lsof | |
**** lsof | |
ychaouche#ychaouche-PC 15:01:46 ~/NOTES/LOG $ lsof -i -a -c thunderbird | |
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME | |
thunderbi 4230 ychaouche 58u IPv4 22149 0t0 TCP 192.168.211.84:42336->mail.radioalgerie.dz:imap2 (ESTABLISHED) | |
thunderbi 4230 ychaouche 59u IPv4 203900 0t0 TCP 192.168.211.84:58482->mail.radioalgerie.dz:imaps (ESTABLISHED) | |
thunderbi 4230 ychaouche 66u IPv4 98381 0t0 TCP 192.168.211.84:57574->mail.radioalgerie.dz:imaps (ESTABLISHED) | |
thunderbi 4230 ychaouche 135u IPv4 23430 0t0 TCP 192.168.211.84:56802->mail.radioalgerie.dz:imaps (ESTABLISHED) | |
thunderbi 4230 ychaouche 138u IPv4 23431 0t0 TCP 192.168.211.84:56804->mail.radioalgerie.dz:imaps (ESTABLISHED) | |
thunderbi 4230 ychaouche 139u IPv4 23432 0t0 TCP 192.168.211.84:56806->mail.radioalgerie.dz:imaps (ESTABLISHED) | |
thunderbi 4230 ychaouche 141u IPv4 23434 0t0 TCP 192.168.211.84:42312->mail.radioalgerie.dz:imap2 (ESTABLISHED) | |
thunderbi 4230 ychaouche 142u IPv4 23435 0t0 TCP 192.168.211.84:42314->mail.radioalgerie.dz:imap2 (ESTABLISHED) | |
thunderbi 4230 ychaouche 143u IPv4 23436 0t0 TCP 192.168.211.84:42316->mail.radioalgerie.dz:imap2 (ESTABLISHED) | |
ychaouche#ychaouche-PC 15:01:49 ~/NOTES/LOG $ | |
**** netstat | |
ychaouche#ychaouche-PC 15:01:49 ~/NOTES/LOG $ netstat --inet -p | grep thunderbird | |
(Not all processes could be identified, non-owned process info | |
will not be shown, you would have to be root to see it all.) | |
tcp 0 0 192.168.211.84:42312 messagerie.algeri:imap2 ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:56802 messagerie.algeri:imaps ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:42316 messagerie.algeri:imap2 ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:56804 messagerie.algeri:imaps ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:56806 messagerie.algeri:imaps ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:58482 messagerie.algeri:imaps ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:57574 messagerie.algeri:imaps ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:42336 messagerie.algeri:imap2 ESTABLISHED 4230/thunderbird | |
tcp 0 0 192.168.211.84:42314 messagerie.algeri:imap2 ESTABLISHED 4230/thunderbird | |
ychaouche#ychaouche-PC 15:02:00 ~/NOTES/LOG $ | |
*** show full IP :: don't truncate | |
-W / --wide | |
** nginx | |
*** increase gateway timeout | |
si un script php prend trop de temps à s'executer il faudrait augementer le fastcgi_read_timeout dans nginx | |
server { | |
location ~ \.(php)$ { | |
fastcgi_pass unix:/var/run/php74-example.com.sock; | |
fastcgi_read_timeout 300s; | |
} | |
source : https://stackoverflow.com/a/65488991/212044 | |
*** test config | |
$ nginx -t | |
*** list of variables | |
http://nginx.org/en/docs/varindex.html | |
*** if conditions and maps | |
if conditions aren't sophisticated enough. | |
For example, | |
no complex expressions with "and" or "or" boolean operators are possible. | |
Instead, | |
we use maps. | |
See https://imgur.com/a/I5VKF6W for how maps work | |
*** customizing the logs | |
**** steps | |
***** log_format name <format>; | |
log_format myformat '$remote_addr - $remote_user [$time_local] ' | |
'"$request" $status $bytes_sent ' | |
'"$http_referer" "$http_user_agent" test was $test'; | |
***** access_log <path> <format>; | |
***** restart, don't forget ";" | |
*** reload/restart/stop/quit | |
nginx -s reload/restart/stop/quit | |
stop: immediatly | |
quit: gracefully | |
*** add a server alias | |
there's no server alias | |
just add names one after the other in the server_name directive, | |
separated by spaces | |
server_name www.example.com example.com; | |
** nl | |
number lines matching a certain basic regular expression | |
nl -bp'<BRE>' | |
for example : | |
nl -bp'^[^ ]' | |
Number only lines not starting with a space or tab | |
** nm | |
*** show dynamic symbols (dynamic library function calls) | |
-D | |
*** understaing the output of nm | |
**** columns | |
column1 : value in hexa | |
column2 : type of symbol | |
column3 : name of symbol | |
**** symbol types | |
T[ext] symbol is in text section | |
B[SS] symbol is in the uninitalized data section | |
U[ndefined] symbol is undefined | |
D[ata] symbol is in the initialized data seection | |
W[eak] symbol | |
**** symbol names and mangling[2] | |
_Z means the name of the symbol is mangled (function name + args and type of args)[1] | |
It is usually followed by a number which is the next name length, P for parameter, sometimes parameter type (b for bool) [3] | |
// version 1.0 | |
void SetImage(Image *img) | |
-> _Z8SetImageP5Image | |
// version 1.1 | |
void SetImage(Image *img, bool keep_aspect=false) | |
-> _Z8SetImageP5Imageb | |
[1] http://web.mit.edu/tibbetts/Public/inside-c/www/mangling.html | |
[2] https://www.ibm.com/docs/en/i/7.1?topic=linkage-name-mangling-c-only | |
[3] https://www.sciencedirect.com/topics/computer-science/name-mangling | |
** nmap | |
voir nmap.help | |
** notify-send | |
notify-send "label" "all the info you need" | |
this will send a desktop notification. | |
** number | |
convert "1" to "one" | |
number is avaiable in the bsdgames debian package | |
** numfmt | |
format numbers | |
ychaouche#ychaouche-PC 12:20:32 ~ $ numfmt 2000 --grouping | |
2,000 | |
ychaouche#ychaouche-PC 12:20:34 ~ $ | |
You can have human format (-h) with --to=iec (M,K,G etc.) | |
** occ | |
voir web.info * nextcloud ** occ | |
** openssl | |
*** how to | |
see * by function ** working on files *** working on specific files **** working on certificates | |
*** s_client | |
**** gle | |
-connect host:port -CApath /etc/ssl/certs | |
first verifies should return 1 (validation partielle) | |
last verify should return 0 (OK) | |
**** verity return: 1 | |
validation partielle, | |
c'est normal | |
**** show all certs | |
-showcerts | |
**** access server with a specifc name | |
-servername mail.radioalgerie.dz | |
this is necessary when testing a server with more than one name, for e.g mail.radioalgerie.dz and messagerie.algerian-radio.dz | |
*** s_server | |
**** --accept | |
port | |
**** -cert | |
certificate to use | |
**** -key | |
private key | |
**** -state | |
print ssl states | |
**** -debug | |
**** -msg | |
print protocol messages with hex dumps | |
**** commands | |
Q : quit | |
*** x509 | |
**** how to specify the certificate file | |
***** with -in | |
openssl x509 -in file | |
***** with stdin redirection | |
openssl x509 < file | |
*** verify | |
**** introduction | |
verifies a certificate locally, | |
but you have to download all the intermediate certs and add them to the -untrusted flag | |
+ add the -CApath argument pointing it to /etc/ssl/certs/ | |
**** example | |
ychaouche#ychaouche-PC 14:14:27 ~/DATA/CERTIFICATS/messagerie.algerian-radio.dz $ openssl verify -CApath /etc/ssl/certs/ -untrusted R3.pem | |
fullchain.pem: OK | |
ychaouche#ychaouche-PC 14:14:36 ~/DATA/CERTIFICATS/messagerie.algerian-radio.dz $ | |
**** mandatory options | |
***** -untrusted | |
add all the intermediate certs here | |
***** -CApath | |
point this to /etc/ssl/certs | |
if the root certificate is in the file, you don't need this option | |
**** other options | |
***** -issuer_checks | |
This must be used to check if issuers match. | |
*** ca | |
**** what's this for | |
certificate authority operations (sign CSRs and issue certs) | |
** openvpn | |
sudo openvpn --config <configfile> --auth-user-pass <credfile> | |
<credfile> has username at line 1 and password at line 2 | |
** parted | |
*** Voir les disques et partitions | |
parted > print devices | |
sudo parted -l (no need to specify device) | |
*** check a filesystem | |
parted recommends to use filesystem specifc tools | |
parted should only be used to manipulate partition tables. | |
** paste | |
if file1 is | |
a | |
b | |
c | |
and file2 is | |
1 | |
2 | |
3 | |
then paste file1 file2 would be | |
a 1 | |
b 2 | |
c 3 | |
** pgrep | |
*** this command comes from Solaris | |
*** common options | |
-f[ull] : search on the full command line instead of just the command name | |
-l[ist] : output process name | |
-a[ll] : output the full command line | |
-[light]w[eight] : output threads | |
*** how I call it : pgrep -flaw | |
** php | |
voir web.info * PHP | |
** php-fpm | |
*** what is it ? | |
php-fpm est du fastcgi pour php, mais amélioré. | |
CGI > FastCGI > FPM (FastCGI Process Manager). | |
php-fpm permet d'executer du code php en mode CGI, comme si c'était une application standalone écrite en C [u] | |
*** relation avec nginx | |
nginx a besoin qu'on lui dise ce qu'il doit utiliser pour prendre en charge les urls qui demandent à executer du code PHP | |
avec l'instruction *upstream php-handler* | |
upstream php-handler { | |
server unix:/run/php/php7.3-fpm.sock; | |
} | |
ici, | |
php-fpm est configuré pour parler avec le reste du monde | |
(dont nginx) | |
à travers une socket. | |
*** nginx 504 gateway timeout | |
si un script php prend trop de temps à s'executer | |
il faudrait augementer le fastcgi_read_timeout dans nginx | |
server { | |
location ~ \.(php)$ { | |
fastcgi_pass unix:/var/run/php74-example.com.sock; | |
fastcgi_read_timeout 300s; | |
} | |
source : https://stackoverflow.com/a/65488991/212044 | |
*** modes de fonctionnement | |
**** static | |
Use this on high traffic websites. This assures the shortest response time, but consumes memory and cpu[u] | |
pm = static | |
pm.max_children = 32 | |
S'assure que vous avez toujours 32 process qui attendent une requête pour la servir. C'est ce qu'il y a de plus rapide pour prendre en charge une requête, mais ça bouffe aussi de la ressource système en continue même si ça ne sert rien derrière [u]. | |
Pour voir le nombre de process, utiliser pstree -c[ompact] pour voir les process php-fpm lancés. | |
**** dynamic | |
in this mode, child processes are created and killed dynamically. | |
; start with this many children | |
; they could eventually get killed if they're idle | |
; but there won't be less than min_spare_servers | |
pm.start_server = cores x 4 (so 8 if 2 cores) | |
pm.min_spare_servers = cores x 2 (so 4 if 2 cores) | |
; this is the max, we will never create more | |
; than this, which is the number of starting children | |
; so the idea is to start high and kill if idle | |
pm.max_spare_servers = cores x 4 | |
pm.process_idle_timeout = 10s (seconds) seems good | |
**** on-demand | |
for low traffic, this is a good choice. It will save memory. Respawning takes little time and users won't notice. | |
create process as they're recieved. | |
pm = ondemand | |
pm.max_children = 32; | |
pm.process_idle_timeout = 10s | |
; number of requests a process should serve before | |
; respawning. Good to fix memory leaks. | |
pm.max_requests = 10 | |
*** configuring different pools | |
link : https://tideways.com/profiler/blog/an-introduction-to-php-fpm-tuning | |
could be useful to have different configs for high activity / low activiy parts of your websites / apps (like frontend / backend) | |
** pip | |
*** mise à jour d'un paquet | |
pip install --upgrade <package_name> | |
*** lister les paquets installés | |
pip list | |
*** search pour chercher | |
** pkg-config | |
*** what for | |
gives library version information | |
heavily used in configure scripts[u] | |
*** pc files | |
pkg-config gets its information from pc files, | |
installed by -dev packages. | |
for eg.: | |
11:59:33 ~/DOWNLOADS/CODE/mozjsonlz4 -1- $ cat /usr/lib/x86_64-linux-gnu/pkgconfig/gobject-2.0.pc | |
prefix=/usr | |
exec_prefix=${prefix} | |
libdir=${prefix}/lib/x86_64-linux-gnu | |
includedir=${prefix}/include | |
Name: GObject | |
Description: GLib Type, Object, Parameter and Signal Library | |
Requires: glib-2.0 | |
Version: 2.40.2 | |
Libs: -L${libdir} -lgobject-2.0 | |
Libs.private: -lffi | |
Cflags: | |
11:59:34 ~/DOWNLOADS/CODE/mozjsonlz4 -1- $ package.search.byfile /usr/lib/x86_64-linux-gnu/pkgconfig/gobject-2.0.pc | |
libglib2.0-dev: /usr/lib/x86_64-linux-gnu/pkgconfig/gobject-2.0.pc | |
12:00:10 ~/DOWNLOADS/CODE/mozjsonlz4 -1- $ | |
mais certaines lib ne livrent pas ce genre de fichier, | |
par exemple liblz4-dev | |
12:00:21 ~/DOWNLOADS/CODE/mozjsonlz4 -1- $ package.files.list liblz4-dev | |
/. | |
/usr | |
/usr/lib | |
/usr/lib/x86_64-linux-gnu | |
/usr/lib/x86_64-linux-gnu/liblz4.a | |
/usr/share | |
/usr/share/doc | |
/usr/share/doc/liblz4-dev | |
/usr/share/doc/liblz4-dev/lz4_format_description.txt.gz | |
/usr/share/doc/liblz4-dev/copyright | |
/usr/include | |
/usr/include/lz4hc.h | |
/usr/include/lz4.h | |
/usr/lib/x86_64-linux-gnu/liblz4.so | |
/usr/share/doc/liblz4-dev/changelog.Debian.gz | |
12:00:34 ~/DOWNLOADS/CODE/mozjsonlz4 -1- $ | |
*** what to do if pc files are missing | |
**** short version | |
just add the -l<libname> flag to LDLIBS | |
-I and -L are usually standard. | |
**** long | |
if make fails because the makefile needs pkg-config to fill CFLAGS and LDFLAGS, | |
you can set them yourself. | |
list the files of -dev package by using package.files.list for eg. | |
define -I an -L accordingly, | |
don't forget to add the -l to link to the appropriate library. | |
for eg. | |
if the library file is liblz4 | |
like this: | |
12:21:19 ~ -1- $ ls /usr/lib/x86_64-linux-gnu/liblz4.* | |
-rw-r--r-- 1 root root 34K Apr 14 2014 /usr/lib/x86_64-linux-gnu/liblz4.a | |
lrwxrwxrwx 1 root root 15 Apr 14 2014 /usr/lib/x86_64-linux-gnu/liblz4.so -> liblz4.so.1.0.0 | |
lrwxrwxrwx 1 root root 15 Apr 14 2014 /usr/lib/x86_64-linux-gnu/liblz4.so.1 -> liblz4.so.1.0.0 | |
-rw-r--r-- 1 root root 34K Apr 14 2014 /usr/lib/x86_64-linux-gnu/liblz4.so.1.0.0 | |
12:21:57 ~ -1- $ | |
then the flag should be | |
-llz4 | |
(skip the lib prefix, | |
and skip the so suffix) | |
** postgres::psql | |
*** links | |
https://pinboard.in/u:winks/t:postgresql/ | |
https://pinboard.in/u:winks/t:postgres/ | |
*** connexion | |
root ne peut pas se connecter. | |
il faut se connceter avec l'utilisateur système postgres, sans mot de pass | |
$ su postgres -c psql | |
ou bien | |
$ su postgres | |
$ psql | |
*** connexion en tant qu'un autre utilisateur | |
il faut ajouter l'option -h | |
root#cloud 15:05:00 /var/www/nextcloud # psql -U nextcloud -W | |
Password: | |
psql: FATAL: Peer authentication failed for user "nextcloud" | |
root#cloud 15:05:14 /var/www/nextcloud # psql -U nextcloud -W -h localhost | |
Password: | |
psql: FATAL: database "nextcloud" does not exist | |
root#cloud 15:08:33 /var/www/nextcloud # | |
*** création d'un nouvel utilisateur (role) | |
en tant qu'utilisateur postgres, faire : | |
$ createuser --interactive -P | |
*** \d[ump]u[sers] | |
\du | |
*** \l[ist databases] | |
\l | |
*** \d[escribe] table | |
\d table will describe table | |
\d+ table will add internal details | |
*** \d[escribe]t[ables] | |
\dt | |
*** show current user/database | |
\conninfo | |
*** create a new database | |
$ createdb -U nextcloud -h localhost nextcloud | |
*** turn off the pager | |
\pset pager off | |
*** authentication methods | |
**** overview | |
local connections : peer authentication | |
remote connections : password authentication | |
other methods : require 3rd party security infrastructure or are platform specific. | |
**** pg_hba.conf | |
***** role | |
This is the file that specifies how clients may connect (h[ost] b[ased] a[uthentication]) | |
***** structure | |
connection type : local (unix sockets) / host (TCP/IP) | |
client IP range (if it applies) | |
database name : all = *, sameuser, samerole. Multiple database names may be separated by commas. | |
user name : all = *, multiple users may be separated by commas. | |
authentication method : peer, trust, password | |
**** peer | |
When peer is chosen, the username is taken from the OS. | |
if the username is connected to the OS, he is granted access to the DB. | |
*** privileges | |
**** list of privilege | |
select, insert, update, delete, truncate, trigger | |
create : schemas for databases, objects inside schemas, tables indices for tablespaces | |
connect : | |
execute : | |
usage : | |
references : allows creation of FK | |
all : all the privileges | |
**** owner | |
has all the rights | |
*** change the owner of multiple objects at a time | |
REASSIGN OWNED BY nextcloud TO oc_theboss; | |
This will reassign tables, sequences, views etc of all objects in current database. | |
*** write results to file | |
\o out.txt | |
\o to get output back to stdout | |
*** convert integers (16291029) to timestamps (2021-03-05 11:02:33) | |
to_timestamp(integer) | |
*** select uniq / select distinct | |
select distinct <fields>, from <table> [...] | |
*** run query from command line | |
psql [connection string] -c[command] "query" | |
*** listen to connections from outside | |
listen_addresses = 'localhost' -> listen_addresses = '*' | |
dans | |
/etc/postgresql/11/main/postgresql.conf | |
*** use/connect to a database | |
\c <database> | |
*** list tables | |
\d | |
*** list system tables | |
\dS | |
*** more info when listing tables | |
\d+ | |
*** use/connect to a specific database (mysql use equivalent) | |
\c database | |
** pr | |
-n : adds line numbers | |
-2 : 2 columns | |
-l# : specifies the number of lines per page (and thus the number of resulting pages) | |
-w : width of the page -for all columns ?- | |
Here's an example of how it could look like, in combination with fold -s | |
ychaouche#ychaouche-PC 13:57:45 ~ $ fold -s TMP/wanderlust.txt -w 42 | pr -3n -w 180 -l 40 | |
2020-12-16 13:57 Page 1 | |
1 <html> 31 up at first, even though I found it still 61 In short: install Wanderlust and put some | |
2 <p> 32 much easier than the other emacs-based 62 stuff in two files (~/.wl and ~/.folders). | |
3 (This is part I of entry on the 33 clients I tried. Anyway, I am sharing a 63 | |
4 wanderlust e-mail client; part II will 34 very basic setup here, enough to get you 64 A little bit longer: | |
5 appear soon). 35 going. 65 | |
6 36 66 get wanderlist - I am using the | |
7 Earlier, I have written about how I am 37 What about my setup? Well: I use maildirs 67 wl-beta packages from Ubuntu/Debian, | |
8 using mutt as my e-mailclient. I 38 – that is, I download my mail into a 68 which makes this a painless process, but | |
9 discussed running mutt inside emacs as 39 local ~/Maildir directory-tree, either 69 you can also use source packages; | |
10 well. Of course, mutt is an external 40 with e.g. fetchmail or with offlineimap. 70 put your Wanderlust-configuration in | |
11 program, which puts some limits on its 41 It's a particulary nice setup for 71 a special file: ~/.wl; | |
12 integration with emacs. I did try various 42 offline-usage: whenever there's a network 72 put a list of the mail folders you're | |
13 emacs-based clients, such as VM 43 connection, I suck up all the mails and 73 interested in, in a file called | |
14 (ViewMail) and GNUS, but they always left 44 have them available offline. I work like 74 | |
15 me a bit unsatisfied. 45 this since the days when there was only 75 ~/.folders. (yes, you can customize all | |
16 46 expensive dial-up access to the net, and 76 this) | |
17 To start with, it was rather hard to set 47 later I found it very convenient when I 77 | |
18 these programs up – and I am an 48 was traveling with a laptop and had only 78 For the rest of the discussion, let's | |
19 Emacs-user, I like tweaking things… 49 occasional net-access. 79 assume we have a Maildir which contains | |
20 Still, it was hard to get even simple 50 80 some folders: | |
21 things working. Maybe I have uncommon 51 So, Maildir access is pretty important 81 | |
22 wishes, but my desired setup already sent 52 for me, and I'll describe my setup for 82 inbox for incoming e-mail | |
23 me to the edges of the googleable 53 using Wanderlust with it here. If you're 83 bulk for incoming Mailing List mail | |
24 universe. 54 using IMAP instead of Maildirs, you might 84 drafts for drafts | |
25 55 be interested in the Emacs with 85 sent for sent e-mail | |
26 But now I have found an emacs-based 56 Wanderlust and GMail-article. 86 trash for junk email | |
27 client that seems to work really well for 57 Getting started 87 | |
28 me. It's called Wanderlust, and it's a 58 88 All incoming mail is going to either | |
29 fine piece of Japanese engineering. It 59 So, how to get started with Wanderlust? 89 inbox or bulk. I'm not going to discuss | |
30 can be a little bit intimidating to set 60 90 how to get the mails there – I assume | |
2020-12-16 13:57 Page 2 | |
91 you're already have these thing set up; 121 wl-message-id-domain 151 (default: wl-biff-check-interval) | |
92 otherwise, you can take a look at tools 122 "myhost.example.com" ;; ... 152 | |
93 like fetchmail, retchmail, procmail and 123 153 ;; hide many fields from message buffers | |
94 friends. Note that much of the discussion 124 wl-from "Me <me@example.com>" 154 wl-message-ignored-field-list '("^.*:") | |
95 here applies as well if you're using 125 ;; my From: 155 wl-message-visible-field-list | |
96 Wanderlust with POP or IMAP. 126 156 '("^\\(To\\|Cc\\):" | |
97 What to put in ~/.wl? 127 ;; note: all below are dirs (Maildirs) 157 "^Subject:" | |
98 128 under elmo-maildir-folder-path 158 "^\\(From\\|Reply-To\\):" | |
99 So, how to setup Wanderlust to use this? 129 ;; the '.'-prefix is for marking them 159 "^Organization:" | |
100 Well, our configuration goes into a file 130 as maildirs 160 "^Message-Id:" | |
101 called ~/.wl. There's a million more 131 wl-fcc ".sent" ;; 161 "^\\(Posted\\|Date\\):" | |
102 things you can set up here , but let's 132 sent msgs go to the "sent"-folder 162 ) | |
103 stick to the basics here. I'll discuss 133 wl-fcc-force-as-read t ;; 163 wl-message-sort-field-list | |
104 more tricks and extensions later. 134 mark sent messages as read 164 '("^From" | |
105 135 wl-default-folder ".inbox" ;; 165 "^Organization:" | |
106 ;; mode:-*-emacs-lisp-*- 136 my main inbox 166 "^X-Attribution:" | |
107 ;; wanderlust 137 wl-draft-folder ".drafts" ;; 167 "^Subject" | |
108 (setq 138 store drafts in 'postponed' 168 "^Date" | |
109 elmo-maildir-folder-path "~/Maildir" 139 wl-trash-folder ".trash" ;; 169 "^To" | |
110 ;; where i store my mail 140 put trash in 'trash' 170 "^Cc")) | |
111 141 wl-spam-folder ".trash" ;; 171 | |
112 wl-stay-folder-window t 142 ...spam as well 172 What to put in ~/.folders? | |
113 ;; show the folder pane (left) 143 wl-queue-folder ".queue" ;; 173 | |
114 wl-folder-window-width 25 144 we don't use this 174 So, that was the basic setup. Now we need | |
115 ;; toggle on/off with 'i' 145 175 to tell wanderlust about the folders we'd | |
116 146 ;; check this folder periodically, and 176 like to see in the user-interface: | |
117 wl-smtp-posting-server "localhost" 147 update modeline 177 ~/.folders. Wanderlust does not | |
118 ;; put the smtp server here 148 wl-biff-check-folder-list '(".todo") ;; 178 automatically use all the folder in your | |
119 wl-local-domain "myhost.example.com" 149 check every 180 seconds 179 ~/Maildir. The folder names in ~/.folders | |
120 ;; put something here... 150 ;; 180 can refer to maildirs, newsgroups, | |
** ps | |
*** gle | |
name : [p]rocess [s]tatus | |
Three types of options : | |
- zero dash -> BSD | |
- single dash -> UNIX (standard) | |
- double dash -> GNU | |
shows the processes of the current terminal by the current user. | |
If no program was launched from this terminal, then you'll only see bash and ps | |
$ ps | |
PID TTY TIME CMD | |
4127 pts/3 00:00:00 bash | |
18628 pts/3 00:00:00 ps | |
$ | |
*** options | |
**** ps a | |
remove same user filter | |
**** ps x | |
remove same terminal filter | |
**** ps -N(egate) | |
filter out | |
**** ps r[unning] | |
only running processes | |
**** ps -A(ll) and ps -e(very) | |
All processes. They have the exact same output. | |
$ diff <(ps -A) <(ps -e) | |
$ | |
*** display ressource usage (cpu+mem) | |
ps u[sage] | |
*** process states codes | |
+ : is in the foreground process group | |
< : high-priority, not nice to other users (nice very low) | |
l : multi-threaded | |
N[ice] : low-priority, nice to other users. | |
R[un] : Running/runnable | |
S[leep] : interruptible sleep | |
s[ession] : session leader | |
*** sorting | |
ps --sort <column header> | |
column headers : | |
%cpu | |
%mem | |
args,cmd,command - the complete command with all its arguments | |
comm - only the executable name | |
cputime | |
etime - elapsed time since process has started | |
*** tree | |
use f | |
ps fax | |
for example | |
** pstree | |
*** -c | |
don't collapse same looking processes (default is to collapse) | |
*** -H <pid> | |
[h]ighlight the specified process | |
*** -s <pid> | |
show parents of <pid> only | |
** pup | |
*** intro | |
select elements using css selectors | |
gle syntax : pup [selectors] [extractors] | |
selectors are css selectors | |
some interesting extractors : | |
attr{<attr>} : get the attr attribute (attr{href} for example) | |
text{} : get the element's text | |
json{} : get a json representation of the element | |
*** invocation | |
**** pasting HTML text | |
$ pup [selectors] [extractors] [Enter] | |
<paste> | |
<C-d> | |
<output> | |
$ | |
**** from HTML file | |
$ pup [selectors] [extractors] < <file> | |
<output> | |
$ | |
*** selectors | |
**** select by name of the HTML Entity | |
12:07:45 ~ -1- $ pup title text{} < /tmp/youtube.html | |
27 INGENIOUSLY EASY HACKS YOU'VE NEVER SEEN BEFORE - YouTube | |
12:08:22 ~ -1- $ | |
**** select by text | |
element :contains{text} | |
**** select the parent of an element | |
:parentof(element) | |
**** select by attribute | |
element[attribute='value'] | |
**** select the first child | |
tr td:first-child : selects first td of a row | |
*** extractors | |
**** extract an html attribute | |
a attr{href} | |
**** extract the text of an element | |
h1 text{} | |
*** see also | |
web.info > css | |
** pv | |
*** typical usage | |
operation | pv -s size in human format | operation | |
some useful options : | |
-t --timer | |
-p --progress | |
-e --eta | |
*** asciinema usage | |
pv -q[uiet] -L[imit] 2000[bytes/s] file.vt | |
this will just slowly print the contents of file to stdout. | |
*** similar Packages | |
bar | |
** pwd | |
*** -P resolve symlinks | |
** pyenv | |
*** mise à jour de pyenv | |
git pull origin master | |
*** lister les versions installées | |
pyenv versions | |
*** lister les versions de python disponible à l'installation | |
pyenv install --list | |
*** installer une version particulilère de python | |
pyenv install <version> | |
or better | |
pyenv install -v[erbose] <version> | |
Par exemple : | |
ychaouche#ychaouche-PC 15:35:27 ~/.pyenv $ pyenv install 3.10.1 | |
Downloading Python-3.10.1.tar.xz... | |
-> https://www.python.org/ftp/python/3.10.1/Python-3.10.1.tar.xz | |
[...] | |
*** shims | |
pyenv uses shims to interecept every call to | |
python, | |
pip | |
or virtualenv | |
and redirect it to the desired version. | |
they're in ~/.pyenv/shims | |
there's one shim for python | |
on for pip | |
one for virtualenv. | |
switching between version of python is done through these shims. | |
they're put at the beginning of the $PATH variable | |
so they take precedence over other versions of python. | |
*** how to set a python version for | |
**** the current shell | |
use | |
pyenv shell | |
to set a python version for the specific shell | |
it will take precdence over everything. | |
**** a specific app | |
if you want to set a specific version for an app, | |
cd into that app and pyenv local | |
this will create a file named .python-version | |
with the desired version | |
**** default/global | |
if no local version if found, | |
neither in the local directory or any of the parents, | |
then the ~/.pyenv directory's version is picked up, | |
which is called the global version, | |
also set with | |
pyenv global | |
*** you can have many at a time for any level | |
pyenv global system 3.2 3.7 | |
will make system's python, python3.2 and python3.7 all available in your PATH. | |
*** keeping a cache of downloaded files | |
create a cache directory in ~/.pyenv | |
** python | |
*** PYTHONHOME | |
where to look for standard library modules | |
*** PYTHONPATH | |
where to look for additional modules | |
** qdbus | |
*** view buses | |
qdbusviewer | |
*** qdbus invocation | |
general invocation is | |
qdbus <service> <path> <method> <args> | |
*** kglobalaccel | |
**** get all shortcuts | |
qdbus org.kde.kglobalaccel /component/kwin allShortcutInfo | |
qdbus org.kde.kglobalaccel /component/kwin shortcutNames | |
**** invoke a shortcut | |
qdbus org.kde.kglobalaccel /component/kwin invokeShortcut "Shortcut name" # see get all shortcuts | |
**** lower window | |
qdbus org.kde.kglobalaccel /component/kwin invokeShortcut "Window Minimize | |
** qdbusviewer | |
view buses | |
** rcconf | |
rcconf uses a zenity gui to configure the startup of services at bootime | |
** readelf | |
*** see also | |
similar to objdump | |
*** display program headers | |
-l | |
this lists the loader for example | |
10:55:28 ~ -1- $ readelf -l DOWNLOADS/APPS/magick | grep interpreter | |
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] | |
10:55:37 ~ -1- $ | |
** readline | |
if a key sequence doens't work, | |
see if it's not already bound with stty | |
for example, | |
C-w needs to be unbound from stty in order to be avaiable to readline. | |
do this: | |
stty werase undef | |
Then bind C-w in inputrc: | |
"\C-w": kill-region | |
** resolv.conf | |
search <domaine1> <domaine2> | |
domains need to be separated by spaces | |
** rndc | |
*** rndc output files | |
/var/cache/bind/ | |
*** vider le cache | |
rndc flush | |
*** dump the cache | |
rndc dumpdb -cache | |
then look for files in /var/cache/bind/ | |
*** querylog | |
rndc querylog | |
cette commande est un toggle | |
*** transférer une zone | |
rndc retransfer <zone> | |
puis grep xfer /var/log/named/main.log pour voir si la zone a bien été ramenée. | |
** rsync | |
voir rsync.help | |
** scp | |
-P[ort] | |
scp -P[ort] <user>@<host>:<path> <localpath> | |
** sed | |
*** tutorial | |
https://www.grymoire.com/Unix/Sed.html#uh-48 | |
*** how sed works | |
- it scans the file line by line | |
- each line is put in the pattern space | |
- the pattern space only holds the current line | |
- next line will clear last line | |
- hold space is where you put stuff for long term storage. | |
- you can't operate on the hold space. | |
- to operate on data stored in the hold space, you first need to copy it to pattern space beacuse commands such as p and s only work on the pattern space. | |
- many commands to move data to and between the two buffers | |
g : overwrite the pattern space with the hold space | |
G : append the hold space to the pattern space | |
h : overwrite pattern space with hold space | |
H : append pattern space to hold space | |
x : swap pattern and hold spaces | |
*** shebang | |
#!/bin/sed -f | |
*** regex style | |
**** gle | |
BRE (basic) | |
gnu sed supports Extended RE with the -r flag | |
things like \d aren't supported by sed, they are PCRE. | |
**** matching digits | |
[[:digit:]] | |
**** multiple occurences | |
{n,m}, requires -r flag | |
'\{n,m\}', requires quotes (or else the shell will remove them \) | |
**** \( \| \{ \+ \? but not \[ | |
all special characters must be escaped with a \, EXCEPT square brackets [] : s/\(this\|or\|that\)/that/ | |
\w\+ instead of \w+ | |
Apparemment la raison est que les autres caractères sont considérés comme ERE alors que [] c'est une BRE et sed par défaut utilise les BRE. | |
Si on veut utiliser les ERE en sed on ajoute -r ou -E (non documenté) | |
**** Remplacer par un saut de ligne \n | |
make sure the expression is quoted and \n will be replaced by a newline as expected. | |
*** think about using tr for substitution | |
tr "SET1" "SET2" < file | |
tr "[:space:]," '\n' | |
is the equivalent of | |
sed 's/[[:space:],]/\n/g' | |
*** unbuffered output | |
sed -u | |
*** Remplacer une chaine dans plusieurs fichiers | |
sed -i 's/pattern/replacement/g' * | |
*** replace multiple occurences of a string | |
if a string can repeat more than once, use g | |
*** -n and s | |
you can use s without -n | |
*** hold and pattern space | |
**** gle info | |
for each line it reads, | |
sed places its output to the pattern space | |
the pattern space is printed (unless -n) | |
then cleared out for next line, | |
contrary to the hold space | |
**** putting things in the hold space | |
[h]old : overwrite | |
[H]old : append | |
**** getting things from hold space to pattern space | |
[g]et : overwrite | |
[G]et : append | |
**** swapping hold and pattern space | |
x | |
*** emulate tail | |
there is no easy way | |
*** emulate grep -A n | |
you can do sed -n '/regex/,+3p' to print 3 lines after /regex/ is found, /regex/ line included. | |
*** print between pat1 and pat2 excluded | |
sed -n /pat1/,/pat2/ | sed '1d;$d' | |
or | |
/begin/,/end/ {/(begin|end)/!p} | |
13:54:58 ~ -1- $ printf "%s\n" {1..12} | sed -En '5,10{/(5|10)/!p}' | |
6 | |
7 | |
8 | |
9 | |
13:55:09 ~ -1- $ | |
*** change the regex delimiters | |
sed '\cregexcp' prints regex delimited by c, first occurence of c must be escaped, unless you invoke the s command, then you don't have to. | |
sed 's%regex%replacement%' | |
*** negative matching | |
sed -n "1,5!p" print everything but lines 1-5. this is equivalent to 1,5d | |
*** [i]nsert, [a]ppend, [c]hange line | |
doesn't make sense with sed -n. | |
better with sed w/o -n. | |
a<line><newline> | |
c<line><newline> | |
i<line><newline> | |
if used inside braces (grouped commands), the closing brace needs to be on a newline because a, c and i consider everything until the new line to be their argument. | |
a, i and c don't touch the pattern space. | |
example : | |
4:16:56 ~ -1- $ printf "%s\n" {1..12} | sed -E '5{chello world | |
> }' | |
1 | |
2 | |
3 | |
4 | |
hello world | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
14:17:08 ~ -1- $ printf "%s\n" {1..12} | sed -E '5{ahello world | |
}' | |
1 | |
2 | |
3 | |
4 | |
5 | |
hello world | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
14:17:14 ~ -1- $ printf "%s\n" {1..12} | sed -E '5{ihello world | |
}' | |
1 | |
2 | |
3 | |
4 | |
hello world | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
14:17:18 ~ -1- $ | |
*** [b]ranching (goto) | |
usage is : | |
<...> b <label> | |
<...> b <label> | |
:<label> | |
#!/bin/sh | |
sed -n ' | |
# if an empty line, check the paragraph | |
/^$/ b para | |
# else add it to the hold buffer | |
H | |
# at end of file, check paragraph | |
$ b para | |
# now branch to end of script | |
b | |
# this is where a paragraph is checked for the pattern | |
:para | |
# return the entire paragraph | |
# into the pattern space | |
x | |
# look for the pattern, if there - print | |
/'"$1"'/ p | |
' | |
*** case insenitive matching | |
*** delete last line | |
$d | |
remember to use single quotes, | |
otherwise bash will change $d with blank | |
*** multiline sed scripts | |
$ sed -e command1;command2;command3 | |
$ sed -e "command1; | |
command2; | |
command3;" | |
$ sed -f commands.sed | |
$ cat commands.sed | |
command1 | |
command2 | |
$ | |
*** backreferences | |
use parens to create matching groups | |
parens need to be escaped | |
use \1 to reference 1st group | |
\n to reference nth group | |
sed s/\(group1\) ... \(group2\)/... \1 ... \2/ | |
*** colorize the output | |
you can use the reverse video ascii escape sequence | |
\x1b[7m | |
then use the reset ascii escape sequence | |
\x1b[0m | |
example: | |
sed 's/\(Not After.*\)/ \x1b[7m \1 \x1b[0m /' | |
** shorewall | |
*** Shorewall clear au lieu de stop | |
Ceci va supprimer les règles et autoriser tout le traffic. Rétablir avec shorewall start. | |
Shorewall stop bloque toutes les connexions entrantes. | |
*** Shorewall safe-start au lieu de reload ou start. | |
la version de shorewall installé sur la messagerie n'accepte pas de fonction reload. Un shorewall start fait l'affaire. | |
safe commands resets the shorewall to the previous state user hasn't confirmed in 60 seconds. | |
*** Shorewall safe-restart au lieu restart | |
*** How to tell if shorewall is running ? | |
shorewall status | |
** sleep | |
sleep <seconds> | |
** snap | |
*** install a snap | |
snap install <package> | |
*** remove a snap | |
snap remove <packagename> | |
*** update a snap | |
snap refresh <package> # tab completion supported | |
*** inspect a snap | |
unsquashfs -l <image.snap> | |
*** list installed packages | |
snap list | |
*** find a snap | |
snap find <string> | |
apparently no regex allowed | |
for eg. find ce.tbot has no results | |
*** getting info | |
**** get info on a specific snap | |
snap info <snap> | |
snap info --verbose <snap> to show confinement level | |
**** get the confinement level of a specific snap | |
1. snap info --verbose <snap> | |
2. the "notes" column in the snap list output | |
*** get help | |
snap help <command> | |
*** interfaces and connections | |
**** show all interfaces | |
snap interfaces | |
**** [dis]connect an interface | |
snap [dis]connect <snap>:<plug> <snap>:<slot> | |
or | |
snap [dis]connect <snap>:<plug> :<slot> | |
**** show all connections | |
snap connections | |
**** show connections of a specific snap | |
snap connections <snap> | |
*** snap storage directory | |
**** old info | |
/var/lib/snapd/snaps is where .snap files are actually put. Each snap is relatively small! the whole OS is like 60Mo of disk. | |
ychaouche#ychaouche-PC 18:05:01 /var/lib/snapd/snaps $ ls | |
total 370M | |
-rw------- 2 root root 4.0K Dec 26 13:44 bare_5.snap | |
-rw------- 2 root root 56M Dec 26 13:44 core18_2253.snap | |
-rw------- 2 root root 56M Jan 30 12:33 core18_2284.snap | |
-rw------- 2 root root 56M Mar 17 13:23 core18_2344.snap | |
-rw------- 1 root root 48M May 8 18:05 core20_1434.snap.partial | |
-rw------- 2 root root 156M Dec 26 13:48 opera_157.snap | |
drwxr-xr-x 2 root root 4.0K Mar 25 2019 partial | |
ychaouche#ychaouche-PC 18:05:01 /var/lib/snapd/snaps $ | |
there's also a snap directory in $HOME | |
**** new info | |
.snaps are in /var/lib/snapd/snaps/ | |
when run, the snaps will be mounted and available on /snap/<snap-name>/ | |
/snap/bin has been added to the $PATH at installation time (of snapd) | |
the /snap/core contains all the needed libs. | |
the problem is that it's empty :( | |
*** repair a broken snap | |
when a snap is broken, | |
you can't enable it, | |
you can't refresh it, | |
you can't revert it. | |
You just throw it away it seems. | |
*** inspect recent changes | |
snap changes | |
for details on a specific change | |
snap changes ID | |
*** logs | |
sudo journalctl -u snapd | |
** snapctl | |
this is used internally by snaps : | |
to interact with the system and services in its own environement | |
snapctl start <service-name> --enable | |
snapctl stop <service-name> --disable | |
snapctl start <service-name> | |
snapctl stop <service-name> | |
snapctl restart <service-name> | |
snapctl services <service-name> | |
** sort | |
*** sort by date | |
-k6M -k7n : sort by [M]onth on sixth column, and [n]umerically on seventh | |
root@messagerie-prep[10.10.10.20] /var/backup/sql # find . -mtime +30 -type f -exec ls -rthl {} \; | sort -k6M -k7n | |
[...] | |
-rw-r--r-- 1 root root 67K Oct 11 06:15 ./mail.sql.33.gz | |
-rw-r--r-- 1 root root 451M Oct 12 06:15 ./roundcube.sql.32.gz | |
-rw-r--r-- 1 root root 67K Oct 12 06:15 ./mail.sql.32.gz | |
root@messagerie-prep[10.10.10.20] /var/backup/sql # | |
*** -t field separator | |
sort -t, -k3 sorts on third field | |
*** shuf or sort -R ? | |
shuf uses random permutations (randperm library in coreutils / gl) | |
shuf supports the -n option which gives at most n results (no need to pipe to head) | |
voir : | |
~/DOWNLOADS/CODE/sort.c | |
http://www.maizure.org/projects/decoded-gnu-coreutils/shuf.html | |
sort uses md5 | |
voir : | |
http://www.maizure.org/projects/decoded-gnu-coreutils/sort.html | |
*** Sorting version numbers with -V | |
this will turn this | |
ychaouche#ychaouche-PC 13:34:02 ~/DOWNLOADS/APPS/waterfox $ strings ~/DOWNLOADS/LIBS/libstdc++.so.6.0.21 | grep ^GLIBCXX_3. | sort | |
GLIBCXX_3.4 | |
GLIBCXX_3.4 | |
GLIBCXX_3.4.1 | |
GLIBCXX_3.4.1 | |
GLIBCXX_3.4.10 | |
GLIBCXX_3.4.10 | |
GLIBCXX_3.4.11 | |
GLIBCXX_3.4.11 | |
GLIBCXX_3.4.12 | |
GLIBCXX_3.4.12 | |
GLIBCXX_3.4.13 | |
GLIBCXX_3.4.13 | |
GLIBCXX_3.4.14 | |
GLIBCXX_3.4.14 | |
GLIBCXX_3.4.15 | |
GLIBCXX_3.4.15 | |
GLIBCXX_3.4.16 | |
GLIBCXX_3.4.16 | |
GLIBCXX_3.4.17 | |
GLIBCXX_3.4.17 | |
GLIBCXX_3.4.18 | |
GLIBCXX_3.4.18 | |
GLIBCXX_3.4.19 | |
GLIBCXX_3.4.19 | |
GLIBCXX_3.4.2 | |
GLIBCXX_3.4.2 | |
GLIBCXX_3.4.20 | |
GLIBCXX_3.4.20 | |
GLIBCXX_3.4.21 | |
GLIBCXX_3.4.21 | |
GLIBCXX_3.4.3 | |
GLIBCXX_3.4.3 | |
GLIBCXX_3.4.4 | |
GLIBCXX_3.4.4 | |
GLIBCXX_3.4.5 | |
GLIBCXX_3.4.5 | |
GLIBCXX_3.4.6 | |
GLIBCXX_3.4.6 | |
GLIBCXX_3.4.7 | |
GLIBCXX_3.4.7 | |
GLIBCXX_3.4.8 | |
GLIBCXX_3.4.8 | |
GLIBCXX_3.4.9 | |
GLIBCXX_3.4.9 | |
ychaouche#ychaouche-PC 13:34:14 ~/DOWNLOADS/APPS/waterfox $ | |
into this | |
ychaouche#ychaouche-PC 13:34:14 ~/DOWNLOADS/APPS/waterfox $ strings ~/DOWNLOADS/LIBS/libstdc++.so.6.0.21 | grep ^GLIBCXX_3. | sort -V | |
GLIBCXX_3.4 | |
GLIBCXX_3.4 | |
GLIBCXX_3.4.1 | |
GLIBCXX_3.4.1 | |
GLIBCXX_3.4.2 | |
GLIBCXX_3.4.2 | |
GLIBCXX_3.4.3 | |
GLIBCXX_3.4.3 | |
GLIBCXX_3.4.4 | |
GLIBCXX_3.4.4 | |
GLIBCXX_3.4.5 | |
GLIBCXX_3.4.5 | |
GLIBCXX_3.4.6 | |
GLIBCXX_3.4.6 | |
GLIBCXX_3.4.7 | |
GLIBCXX_3.4.7 | |
GLIBCXX_3.4.8 | |
GLIBCXX_3.4.8 | |
GLIBCXX_3.4.9 | |
GLIBCXX_3.4.9 | |
GLIBCXX_3.4.10 | |
GLIBCXX_3.4.10 | |
GLIBCXX_3.4.11 | |
GLIBCXX_3.4.11 | |
GLIBCXX_3.4.12 | |
GLIBCXX_3.4.12 | |
GLIBCXX_3.4.13 | |
GLIBCXX_3.4.13 | |
GLIBCXX_3.4.14 | |
GLIBCXX_3.4.14 | |
GLIBCXX_3.4.15 | |
GLIBCXX_3.4.15 | |
GLIBCXX_3.4.16 | |
GLIBCXX_3.4.16 | |
GLIBCXX_3.4.17 | |
GLIBCXX_3.4.17 | |
GLIBCXX_3.4.18 | |
GLIBCXX_3.4.18 | |
GLIBCXX_3.4.19 | |
GLIBCXX_3.4.19 | |
GLIBCXX_3.4.20 | |
GLIBCXX_3.4.20 | |
GLIBCXX_3.4.21 | |
GLIBCXX_3.4.21 | |
ychaouche#ychaouche-PC 13:34:39 ~/DOWNLOADS/APPS/waterfox $ | |
*** Sorting on part of a field | |
**** example 1 | |
$ sort --debug -k3.8,3 /tmp/scores | |
This will sort on third field which looks like this : | |
1661767449.M745000P3402.messagerie,S=8134,W=8323:2,c:X-Spam-Status: No, score=-3.412 tagged_above=-999 required=5 | |
so score is 5 characters, score= is 6 characters, but first character is the space precedeing score, so we actually want the 8th character, starting from space, and we need to stop the comparison on 3rd field (,3), otherwise sort will conitnue the comparison to EOL by default. | |
**** example 2 | |
sort -k8.2,8.7 /tmp/quotalist | |
sort on 8th field | |
but only between 2nd and 7th characters | |
works pretty well : | |
root@messagerie-principale[10.10.10.19] ~ # sort -k8.2,8.7 /tmp/quotalist | tail | |
pub.blida@algerian-radio.dz : 1004.24 Mo / 1024 Mo (098.00%) | |
lamine.harrane@algerian-radio.dz : 1020.36 Mo / 1024 Mo (099.00%) | |
y.hamel@algerian-radio.dz : 1021.43 Mo / 1024 Mo (099.00%) | |
contact@radioalgerie.dz : 1027.92 Mo / 1024 Mo (100.00%) | |
dg.eprs@algerian-radio.dz : 1024.41 Mo / 1024 Mo (100.00%) | |
fouzia.boulehbel@algerian-radio.dz : 1026.32 Mo / 1024 Mo (100.00%) | |
mustafa.benaoumeur@algerian-radio.dz : 1028.86 Mo / 1024 Mo (100.00%) | |
radionet@radioalgerie.dz : 1025.49 Mo / 1024 Mo (100.00%) | |
saad.tarafi@algerian-radio.dz : 1027.14 Mo / 1024 Mo (100.00%) | |
dcrr@algerian-radio.dz : 1200.56 Mo / 1024 Mo (117.00%) | |
root@messagerie-principale[10.10.10.19] ~ # | |
*** Visual debugging | |
--debug will show where sort occurs. | |
*** sort | uniq -> sort -u | |
nuf saidxs | |
** sqlite | |
*** getting help | |
.help | |
*** open a database | |
.open path | |
*** show tables | |
.tables | |
*** describe table | |
.schema <table> (omit semi-colon) | |
pragma table_info(table_name) (osqueryi) | |
*** show current db | |
.databases | |
*** run query from command line | |
sqlite3 databasefile.sqlite "query in between quotes" | |
use -column -csv -list to change output formatting | |
*** change output format | |
**** .mode column | |
.mode column | |
name path cmdline process state start_time elapsed_time remote_address remote_port state | |
---------- ------------ --------------------------------------------- ------------- ---------- ------------ -------------- ----------- ----------- | |
ssh /usr/bin/ssh ssh -p44044 root@messagerie.algerian-radio.dz S 1657203011 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh -p44044 root@messagerie.algerian-radio.dz S 1657203160 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657204190 10.10.10.19 44044 ESTABLISHED | |
konversati /usr/bin/kon /usr/bin/konversation -caption Konversation S 1657208270 162.251.69.69 6667 ESTABLISHED | |
kdeconnect /usr/lib/kde /usr/lib/kde4/libexec/kdeconnectd S 1657184878 0.0.0.0 0 LISTEN | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 204.79.197.200 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 104.21.61.82 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 142.250.201.42 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 13.107.42.14 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 142.251.37.227 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 10x4.21.61.82 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 13.107.42.14 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 87.248.119.252 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 52.35.251.160 443 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh serveur@messagerie.algerian-radio.dz -p 4 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh serveur@messagerie.algerian-radio.dz -p 4 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
**** .mode line | |
osquery> select processes.name, processes.path, processes.cmdline, processes.state as "process state", processes.start_time, processes.elapsed_time, process_open_sockets.remote_address, process_open_sockets.remote_port, process_open_sockets.state from processes JOIN process_open_sockets ON processes.pid = process_open_sockets.pid where process_open_sockets.family=2 and process_open_sockets.protocol=6; | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh -p44044 root@messagerie.algerian-radio.dz | |
process state = S | |
start_time = 1657203011 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh -p44044 root@messagerie.algerian-radio.dz | |
process state = S | |
start_time = 1657203160 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657204190 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = konversation | |
path = /usr/bin/konversation | |
cmdline = /usr/bin/konversation -caption Konversation | |
process state = S | |
start_time = 1657208270 | |
elapsed_time = | |
remote_address = 162.251.69.69 | |
remote_port = 6667 | |
state = ESTABLISHED | |
name = kdeconnectd | |
path = /usr/lib/kde4/libexec/kdeconnectd | |
cmdline = /usr/lib/kde4/libexec/kdeconnectd | |
process state = S | |
start_time = 1657184878 | |
elapsed_time = | |
remote_address = 0.0.0.0 | |
remote_port = 0 | |
state = LISTEN | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 13.107.42.14 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 87.248.119.252 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 52.35.251.160 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh serveur@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh serveur@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
osquery> | |
**** .mode list | |
osquery> .separator " | " | |
osquery> select processes.name, processes.path, processes.cmdline, processes.state as "process state", processes.start_time, processes.elapsed_time, process_open_sockets.remote_address, process_open_sockets.remote_port, process_open_sockets.state from processes JOIN process_open_sockets ON processes.pid = process_open_sockets.pid where process_open_sockets.family=2 and process_open_sockets.protocol=6; | |
name | path | cmdline | process state | start_time | elapsed_time | remote_address | remote_port | state | |
ssh | /usr/bin/ssh | ssh -p44044 root@messagerie.algerian-radio.dz | S | 1657203011 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh -p44044 root@messagerie.algerian-radio.dz | S | 1657203160 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657204190 | | 10.10.10.19 | 44044 | ESTABLISHED | |
konversation | /usr/bin/konversation | /usr/bin/konversation -caption Konversation | S | 1657208270 | | 162.251.69.69 | 6667 | ESTABLISHED | |
kdeconnectd | /usr/lib/kde4/libexec/kdeconnectd | /usr/lib/kde4/libexec/kdeconnectd | S | 1657184878 | | 0.0.0.0 | 0 | LISTEN | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 13.107.42.14 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 13.107.42.14 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 87.248.119.252 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 52.35.251.160 | 443 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh serveur@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh serveur@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
osquery> | |
**** .mode csv | |
same as list with .separator set to "," | |
**** .mode pretty | |
default | |
*** date time functions | |
datetime(timestamp,'unixepoch') | |
*** write results to a files | |
.headers on | |
.mode column | |
.once query_results.txt (only one query) | |
.output query_results.txt | |
.output (revert to stdout) | |
*** queries | |
***** join | |
SELECT fields... FROM T1 JOIN T2 USING field | |
** ssh | |
voir (bookmark-jump "bash_help::ssh") | |
/home/ychaouche/.bash_lib/help/ssh:1 | |
** strace | |
*** filtrer | |
**** -e file | |
tracer uniquement les appels systèmes qui prennent un fichier en argument. | |
**** -e network | |
les appels système réseau (socket, accept, bind, connect, recvmsg, sendto etc.) | |
accept: connexions entrantes | |
connect: connexions sortantes | |
bind: bind a socket to an address and port number | |
listen: listen for incomming connexions | |
how it usually works: | |
socket: create a socket to listen for incoming connexions | |
bind: bind the socket to an IP and a port | |
listen: listen for incoming connexions | |
when a new connexion comes in, accept it (accept syscall). | |
then create another socket for that specific connexion, | |
bind it to a different port, | |
and use that socket to communicate with that client, | |
the first socket continues to listen for other incoming connexions. | |
**** -e process | |
fork, wait, exec.. | |
**** -e signal | |
self-ex | |
*** verbose | |
-s(tring) : maximum string size (default 32) | |
-v(erbose) : show all the arguments to a function call | |
*** passing env variables to the executable | |
strace -E var=value | |
*** show file paths associated to fd | |
-y | |
*** dump read/write data from specific fd | |
-e read=fd,fd | |
-e write=fd,fd | |
*** only trace syscalls accessing /path/ | |
-P /path/ | |
*** show timestamps | |
-r : relative | |
-t : time | |
-tt : µs | |
*** profiling | |
-T : show time spent in syscall | |
*** distillerror :: summary | |
source: https://www.brendangregg.com/Shell/distillerror_example01.txt | |
d/l: ~/DOWNLOADS/CODE/SCRIPTS/distillerror | |
** stty | |
helps to define some terminal properties. | |
For example : | |
stty wearse undef | |
this line ^ would free C-w so that we can redefine it in inputrc. | |
stty stop undef | |
this line frees C-s so that we can use it in readline for interactive forward search. | |
** su | |
*** howtos | |
**** execute a command as another user | |
su - <user> -s /bin/bash -c "command with arguments in between quotes" | |
-s /bin/bash is necessary if the user doesn't have a shell. | |
*** the "-" | |
the - is the same -l | |
It starts a login shell, not just a regular shell. It loads the environement the user would have had he logged in. | |
** swapon / swapoff | |
use a partition as swap | |
swapon /dev/sda7/ | |
will use sda7 as a swap partition. | |
no need for the partition to be mounted. | |
swapoff turns off swapping | |
** syslog-summary | |
résume les lignes du syslog | |
root@cloud[10.10.10.84/24] 12:15:38 ~ # syslog-summary /var/log/syslog | sed '1,4d;$d' | |
2 cloud rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="428" x-info="https://www.rsyslog.com"] rsyslogd was HUPed | |
1 cloud systemd: logrotate.service: Succeeded. | |
1 cloud systemd: Started Rotate log files. | |
13 cloud CRON: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi) | |
147 cloud CRON: (www-data) CMD (/usr/bin/php /var/www/nextcloud/cron.php) | |
74 cloud CRON: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) | |
25 cloud CRON: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) | |
25 cloud systemd: Starting Clean php session files... | |
25 cloud systemd: phpsessionclean.service: Succeeded. | |
25 cloud systemd: Started Clean php session files. | |
12 cloud CRON: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) | |
2 cloud systemd: Starting Daily apt download activities... | |
2 cloud systemd: apt-daily.service: Succeeded. | |
2 cloud systemd: Started Daily apt download activities. | |
1 cloud CRON: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )) | |
1 cloud systemd: Starting Daily apt upgrade and clean activities... | |
1 cloud systemd: apt-daily-upgrade.service: Succeeded. | |
1 cloud systemd: Started Daily apt upgrade and clean activities. | |
1 cloud CRON: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )) | |
1 cloud systemd: Started Session 341473 of user root. | |
1 cloud systemd: session-341473.scope: Succeeded. | |
1 cloud systemd: Started Session 341500 of user root. | |
1 cloud systemd: Started Session 341503 of user root. | |
1 cloud systemd: Started Session 341513 of user root. | |
root@cloud[10.10.10.84/24] 12:15:40 ~ # | |
** systemctl | |
*** whatis | |
permet de controller systemd | |
*** how to invoke it? | |
systemctl <action> <service> | |
eg: | |
systemctl stop mysqld[u] | |
*** start/stop enable/disable | |
enable / disable a service at bootup | |
start / stop the service now | |
systemctl stop <service> | |
*** status | |
status + dernière ligne de log | |
17:01:43 ~ -1- $ systemctl status snap-certbot-2836.mount | |
Failed to issue method call: No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/systemd1/unit/snap_2dcertbot_2d2836_2emount | |
17:01:45 ~ -1- $ | |
*** mask/unmask | |
systmectl mask/unmask service | |
*** revert | |
this will revert a unit file to its initial state (as shipped by the vendro/distro[u]) | |
** tar | |
*** copy a directory over to another location | |
DLtar vcf- sourcedir | pv -s SIZE in human readable form | tar vxf- -C targetdir | |
*** what is an archive | |
an archive is a file containing the contents of many files, along with their metadata (name, owner, permissions) | |
*** misc info | |
**** extract only some files | |
you can extract only some files out of an archive | |
**** good for backups | |
tar has useful features to make incremental or full backups | |
**** always use -f option | |
always use -f option. By default, -f is - | |
**** recursive by default | |
tar is recusrive by default | |
*** commands | |
**** list | |
tar -t -f archive.tar | |
tar tvzf archive.tar.gz | |
**** extract | |
***** extract a single member | |
tar -f archive.tar -x path/to/file | |
will extract to $PWD | |
***** extract a member without creating its parents | |
--strip-components=<N>, where N is the number of parents to skip (do not create) | |
***** extract a XZ compressed file | |
-J or --xz | |
***** extract a to a directory | |
--directory=dir / --directory dir | |
-C dir | |
**** create an archive of a directory | |
***** all members | |
tar -cvzf dir.tar.gz dir/ | |
***** exclude some members | |
tar -cvzf dir.tar.gz dir/ --exclude=PATTERN | |
**** update old archive | |
tar uvzf archive.tar DIR1/ DIR2/ | |
doesn't work on compressed archives | |
**** remove a member | |
--delete path/to/member | |
**** follow symlinks | |
tar uhf .bash_lib2.tar .bash_lib/ | |
this will include the help subdirectory | |
which is a link | |
*** compression options | |
***** XZ = J | |
debian's .deb file contain XZ compressed tar files. | |
ar fp libssl-dev_1.1.0l-1~deb9u4_amd64.deb data.tar.xz | tar Jvx -C libssl-dev_1.1/ | |
*** read from stdin | |
this is the default (-f -) | |
** tctrace | |
A TCP traceroute, useful when ICMP is filtered by a firewal. | |
** tcpdump | |
*** device selection | |
-i[nterface] | |
*** how to capture | |
. use -i to specify the interface | |
. use -v to get verbose output | |
. use "or"/"and" to combine filters | |
. save to file with -w <filename> | |
- open with wireshark / tshark | |
*** output formats | |
**** display port numbers instead of port names | |
-n[umeric] | |
**** display IPs instead of hostnames | |
-n[umeric] | |
**** verbose | |
-v[erbose] | |
**** capture a certain number of packets | |
-c[apture] <n> | |
*** filerting | |
**** gle syntax | |
man pcap-filter | |
tcpdump <direction> <type> <protocol> | |
type = host[default], net, port, portrange | |
direction = dst,src | |
protocol = tcp,udp | |
examples : | |
tcpdump dst host 192.168.100.10 and src port 25 | |
**** show traffic coming through a specific port | |
tcpdump port n | |
tcpdump src port n | |
tcpdump dst port n | |
**** show incoming connexions | |
tcpdump tcp[13]==2 and host <myhost> | |
see man tcpdump to understand what tcp[13] is. | |
basically, this will look at the 13th byte of the TCP packet where control flags are. | |
1st byte 2nd byte 3rd byte 4th byte | |
,----------- ,----------- ,------------- ,---------- | |
/ `\ / `\/ `\/ `\ | |
0 7 15 23 31 | |
----------------------------------------------------------------- | |
| source port[2]] | destination port [2] | | |
----------------------------------------------------------------- | |
| sequence number [4] | | |
----------------------------------------------------------------- | |
| ack number [4] | | |
----------------------------------------------------------------- | |
| HL+RSVD[1] |control bits[1]| window size[2] | | |
----------------------------------------------------------------- | |
| TCP checksum[2] | urgent pointer[2] | | |
----------------------------------------------------------------- | |
The flags work like a mask, with values starting at the right. | |
+--------------------+ | |
| control bits | | |
|--------------------| | |
| C | E| U| A|P|R|S|F| | |
|--------------------| | |
| 7| 6| 5| 4|3|2|1|0| bit order | |
|128|64|32|16|8|4|2|1| bit value | |
+--------------------+ | |
So, for filtering on FIN, tcp[13]==1 | |
for filtering on SYN+ACK, tcp[13]==16+2=18 | |
etc. | |
**** filter by network | |
tcpdump dst net not (192.168.0.0/16 or 10.0.0.0/8) | |
show only packets going to outside of the network. | |
*** output interpretation | |
**** flags | |
P[ush] | |
. ack | |
S[yn] | |
F[in] | |
U[rgent] | |
R[eset] | |
**** [S] > [R.] | |
A Syn immediately followed by a Reset+Ack : port closed. Don't talk to me. | |
**** [S] > [S.] > [.] | |
Complete three-way handshake. | |
**** sequence numbers | |
should increase. | |
first in a series should be equal to last ack number | |
**** ack numbers | |
should increase; | |
next seq number should be last ack number | |
*** unbuffering output | |
-l | |
*** common options | |
**** -A[SCII] | |
Dump packet contents as strings | |
Show HTTP/IMAP for ex. | |
**** -l[line-bufferd] | |
line-buffered (unbuffered output) | |
**** -q[uick] | |
quick|quiet : print less | |
**** -v[erbose] | |
verbose output | |
**** -w[rite] | |
save to file | |
*** -r permission denied | |
this is blocked by apparmor. | |
file extension must be .pcap | |
** tee | |
*** append | |
tee -a | |
** telnet | |
you *NEED* to invoke telnet w/o arguments to enter its interactive mode. | |
$ telnet | |
telnet> open google.fr 443 | |
Trying 142.251.37.163... | |
Connected to google.fr. | |
Escape character is '^]'. | |
^] | |
telnet> open google.fr 80 | |
?Already connected to google.fr | |
telnet> close | |
Connection closed. | |
telnet> open google.fr 443 | |
Trying 142.251.37.163... | |
Connected to google.fr. | |
Escape character is '^]'. | |
^] | |
telnet> | |
** timeout | |
run a command within the specified amount of time | |
timeout "$timeout" bash -c "echo > /dev/tcp/$host/$port" && echo "port $port reached" || echo "couldn't reach port $port" | |
** top | |
z : couleurs | |
x : highlight sort column | |
y : highlight running tasks | |
c : show full command name / path | |
mm : change meter style of memory to blocks | |
tt : change meter style of cpu to blocks | |
V : tree view | |
0 : leave blanks where the value is 0 | |
1 : show all cpus | |
** tr | |
*** keep only one occurence | |
tr -s[queeze] | |
useful for replacing multiple newlines with just one | |
*** replace spaces and puntuations with "_" | |
tr -s "[:space:][:punct:]" _ | |
source : https://www.linuxquestions.org/questions/blog/michael-uplawski-1023960/download-radio-broadcasts-in-mp3-format-37903/ | |
*** remove newlines | |
remove both \n and \r with tr -d | |
root@messagerie-principale[10.10.10.19] ~ # grep -E '(FN|TEL)' /tmp/meziane | tr -d '\n\r' | |
FN:Tahar MEZIANEFN:Meziane ZIANIFN:MEZIANE HamidFN:Abdelkader mezianeFN:MEZIANE MouradTEL;TYPE=home:5375root@messagerie-principale[10.10.10.19] ~ # | |
** tracepath | |
tracepath is a replacement to traceroute | |
except it uses random udp ports instead of ICMP protocol | |
so theoritically can be used even if ICMP disabled on host | |
practically, if a host doesn't respond with traceroute, it won't respond to tracepath too. | |
** truncate | |
-s 0 : zero the file | |
** type | |
*** get the path only | |
type -p <name> will return only the path to the command instead of <name> is <path> | |
** tty | |
gives the pts associated with current virtual terminal | |
exemple | |
ychaouche#ychaouche-PC 10:00:29 ~ $ tty | |
/dev/pts/7 | |
ychaouche#ychaouche-PC 10:00:30 ~ $ | |
** ulimit | |
*** whatis | |
The ulimit bash builtin allows to set resource limits for programs run by current shell. | |
*** print current limits | |
ulimit -a | |
*** specifying values | |
values must be in 1024 increments | |
*** unset a limit | |
set it to unlimited | |
ulimit -<option> unlimited | |
*** resident memory (rss) limit | |
-m[emory] | |
*** virtual memory limit | |
-v[irtual] | |
*** soft and hard limits | |
when neither -H or -S are supplied, both hard and soft limits are changed | |
soft limits can be changed but have to remain lower than hard limits. | |
hard limits can only be lowered. | |
** unexpand | |
transform spaces to tab | |
see also ** expand | |
** unoconv | |
$ unoconv file.doc | |
will create file.pdf | |
it can also convert excel files! | |
** update-alternatives | |
*** voir les alternatives à une commande | |
--query <command> | |
exemple : | |
ychaouche#ychaouche-PC 13:26:03 /usr/share/man $ update-alternatives --query pager | |
Name: pager | |
Link: /usr/bin/pager | |
Slaves: | |
pager.1.gz /usr/share/man/man1/pager.1.gz | |
Status: auto | |
Best: /usr/bin/lv | |
Value: /usr/bin/lv | |
Alternative: /bin/less | |
Priority: 77 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/less.1.gz | |
Alternative: /bin/more | |
Priority: 50 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/more.1.gz | |
Alternative: /usr/bin/lv | |
Priority: 80 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/lv.1.gz | |
Alternative: /usr/bin/most | |
Priority: 60 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/most.1.gz | |
Alternative: /usr/bin/pg | |
Priority: 10 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/pg.1.gz | |
ychaouche#ychaouche-PC 13:28:09 /usr/share/man $ | |
*** changer l'alternative à une commande | |
sudo update-alternatives --config <command> (TUI) | |
** unsquashfs :: squashfs | |
*** list files in a squash image | |
unsquashfs -lls <file> | |
*** extract files | |
unsquashfs -li <file> | |
*** extract specific files | |
unsquashfs -li <file> <path> | |
** useradd / adduser | |
*** wiw (which is which) | |
useradd : bas niveau, ne pas utiliser. | |
adduser : haut niveau, à utiliser, même pour ajouter un user existant à un group existant. | |
*** system users | |
**** Pour ajouter un utilisateur system | |
adduser --system username | |
**** difference avec un utilisateur ordinaire | |
Normal users are used by people. System users are used by daemons. | |
System users do not have homes and no login shells. | |
*** ajouter un utilisateur existant à un groupe existant | |
adduser <user> <group> | |
or | |
newgrp <group>, which doesn't require logout/login | |
** valgrind | |
warns if the number of frees is inferior to the number of mallocs. | |
significantly slows down the execution of the program | |
compiler avec les symboles de débogage pour avoir la ligne de code qui pose problème | |
kcachegrind permet de lire les fichiers produits par callgrind (valgrind --callref ou qqch comme ça). Il permet de voir quelles sont les fonctions appelées et à quelles fréquences elles sont appelées. | |
plus de 2 000 000 d'instructions sont nécessaires pour faire tourner le plus simple des programmes C++. Tout ça concerne le runtime. | |
** vim | |
*** copying the whole line | |
yy | |
*** paste | |
p | |
*** replace character under cursor | |
r | |
*** delete character under cursor | |
x | |
** vsphere :: ESXi :: vmware | |
*** voir aussi tech.info | |
section * ESXi :: vmware | |
*** Changer l'IP du host à partir de la webui | |
-------------------------------------------- | |
Dans Networking, choisir la carte vmk0, cliquer sur éditer. Voir : https://imgur.com/a/AEjLfZj | |
*** how to resize the disk | |
1. You need to power off the VM and remove snapshots. | |
2. Le disque augmente, mais pas la partition, il faut donc lancer l'utilitaire de disque windows (formattage) et étendre la partition. | |
aucun redémarrage n'est nécessaire. | |
*** Installation de vmware tools | |
Il suffit de cliquer sur install vmware tools, | |
cela va monter le CD/DVD vmware sur la machine hôte. | |
Il faut ensuite aller vers la machine hôte et naviguer avec le clavier pour lancer l'installation depuis le CD/DVD. | |
*** comment faire le backup d'une VM | |
Il faut l'exporter en tant que template, | |
ce qui permet de recréer la VM | |
même sur un autre hyperviseur. | |
*** cloner une VM par copie de fichiers | |
** watch | |
*** highlights differences | |
-d | |
*** watch an alias or complicated bash line | |
turn that to a script file and exec that file instead | |
** wget | |
-O[utput file] | |
-c[ontinue] | |
** whob | |
in scripts, don't do | |
whob $IP | |
do | |
echo "$IP" | whob | |
because whob only reads from stdin. | |
** wireshark | |
*** filtres de capture | |
Le filtre de capture comprend le format bpf, | |
bcp moins granulaire que les filtres d'affichage. | |
Seuls les protocoles de la couche 3 sont filtrables | |
(tcp, ip, icmp), | |
ni ceux plus haut (applicatif http, dns), | |
ni ceux plus bas (ethernet, 802.11...) | |
exemple : | |
host 192.168.100.150 and tcp port 445 | |
*** Remonter une info en colonne | |
**** clique-droit sur le champ | |
Appliquer en colonne | |
**** clique-droit sur l'en tête des colonnes | |
Column preferences > + | |
*** trouver le nom d'un champ | |
Voir le nom du champ entre parenthèse dans la status bar une fois qu'on est dessus. | |
*** suivre une conversation particulière | |
Statistiques > Conversations > select one then right-clic > apply as filter. | |
*** rechercher l'host avec la plus grande consommation de b/w | |
statistics > endpoints > IPv4 > sort by bytes | |
*** voir les requêtes HTTP | |
statistiques > HTTP > Requests | |
*** détecter des lenteurs dans le réseau | |
Stats > Conversations > choisir une conversation puis cliquer sur Graph > <type>, choisir <RTT> (round-trip time), cocher éventuellement <RTT by sequence number>. | |
Ça donne un graphique étalé dans le temps des temps de réponse | |
*** ne pas utiliser ...!=... mais !(...==...) | |
par exemple, ip.addr peut être soit l'addresse de destination ou l'addresse source. | |
ip.addr != <IP> veut dire soit l'une ou l'autre des addresses est différente de <IP>, ce qui est tout le temps vrai quand il y a deux machines différentes qui se parlent. | |
mais !(ip.addr == <IP>) veut dire aucune des addresses ne doit être égale à <IP>, c'est ce qu'on utilise pour filtrer les conversations incluant notre IP. | |
ip.addr != <myip> donne quelques paquets venant de mon IP. | |
!(ip.addr == <myip>) ne donne aucune paquet venant de mon IP. | |
source : https://www.wireshark.org/lists/wireshark-users/200903/msg00247.html | |
explication : https://ask.wireshark.org/question/1751/difference-between-ipaddr-192021-and-ipaddr-192021/ | |
*** voir la consommation global de b/w | |
donne une indication sur d'éventuels pics | |
Statistiques > I/O Graphs | |
*** grapher n'importe quelle valeur | |
stats > I/O graph > + | |
puis mettre la valeur qu'on veut grapher et la fonction d'aggeregation si on le souhaite (moyenne) | |
*** grep sur les paquets | |
frame contains chainedecaractèressansguillemets | |
ou bien | |
frame match regex | |
ça va chercher dans tous les champs de tous les paquets (tous protocoles confondus) | |
*** créer un bouton de filtre rapide | |
Il suffit de cliquer tout à fait à droite du input de filtrage pour créer un bouton qui servira à appliquer directement le filtre désiré. | |
*** extraire des fichiers | |
Fichier > Exporter objets > HTTP/SMB/TFTP | |
*** infos rapides (erreurs, warnings) | |
bouton doré en bas à gauche | |
** wmctrl | |
*** gle | |
permet de faire les opérations de wm depuis la ligne de commande | |
(move, resize, stick, always on top etc.) | |
*** combien de fenêtre ouvertes ? | |
wmctrl -l | |
** xargs | |
use -0 in conjunction with find -print0 to parse files with special characters, spaces etc. | |
** xbindkeys | |
*** config file | |
~/.xbindkeysrc | |
*** how to get key codes | |
xbindkeys -k | |
*** mouse buttons | |
b:1(left) b:2(middle) b:3(right) b:4(mousewheel-up) b:5(mousewheel-down) | |
*** special keys | |
Release, Control, Shift, Mod1 (Alt), Mod4 | |
windows key : Mod4 + Super_L[left] | |
*** reload after config file change | |
it is automatic. Nevertheless, you can still use | |
killall -HUP xbindkeys | |
** xclip | |
*** invokation | |
# 1. print the contents of the clipboard | |
$ xclip -o -selection clipboard | |
# 2. set the content of the clipboard | |
$ echo "ha" | xclip [-i] -selection clipboard | |
$ xclip -selection clipboard <<<"HA" | |
# 3. paste file to the clipboard | |
$ xclip [-i] -selection clipboard <file> | |
*** put things in the clipboard | |
echo "what" | xclip -selection clipboard | |
now Ctrl+v will paste what. | |
*** get things from the clipboard | |
xclip -o -selection clipboard | |
will output what's in the clipboard | |
** xdotool | |
xdotool type --window <wid> "whatever" <- this will simulate keyboard input to window that has the <wid> id. | |
xdotool search --class <class> --limit 1 key "ctrl+l" <- send ctrl+l to the first window wich class <class> | |
classname : specific (capoizapodizapodiza, Google-cahrome) | |
class : generic (Google-chrome) | |
** xmllint | |
shell to navigate xml code | |
** xprop | |
*** à quel programe appartient cette fenêtre ? | |
xprop > click. Parfois WM_COMMAND donne la commande (systemsettings, vlc) mais pas tout le temps (firefox, libreoffice) | |
** youtube-dl | |
*** n'est plus maintenu | |
voir youtube-dlp, nécessite python3.6, n'est pas fourni sur mint. | |
*** pour éviter qu'il ne se plante | |
youtube-dl -f mp4 pour éviter qu'il cherche du webm tout seul et du m4a tout seul et qu'il se plante à la fusion. | |
youtube-dl -f mp3 ne fonctionnera pas. On télécharge avec -x et on transforme après -avconv/ffmpeg- | |
--prefer-avconv | |
--external-downloader avconv | |
--yes-playlist | |
*** Pour télécharger une playlist | |
simplement mettre l'ID de la playlist, -i éventuellement pour ignorer les erreurs des vidéos qui ne sont plus dispos etc. | |
*** output filename | |
-o filename.ext | |
%(ext)s | |
%(title)s | |
*** mise à jour | |
?? | |
*** --geo-bypass | |
** zip | |
voir ~/.bash_lib/help/zip | |
* by function | |
** text processing | |
*** transforming | |
**** convert tabs to spaces | |
expand | |
**** convert spaces to tab | |
unexpand | |
**** formatting numbers | |
see * byname ** numfmt | |
**** converting "1" to "one" | |
see * byname ** number | |
**** replace multiple newlines with just one | |
tr -s[queeze] | |
useful for replacing multiple newlines with just one | |
**** replace spaces and puntuations with underscore | |
tr -s "[:space:][:punct:]" _ | |
source : https://www.linuxquestions.org/questions/blog/michael-uplawski-1023960/download-radio-broadcasts-in-mp3-format-37903/ | |
**** remove newlines | |
remove both \n and \r with tr -d | |
root@messagerie-principale[10.10.10.19] ~ # grep -E '(FN|TEL)' /tmp/meziane | tr -d '\n\r' | |
FN:Tahar MEZIANEFN:Meziane ZIANIFN:MEZIANE HamidFN:Abdelkader mezianeFN:MEZIANE MouradTEL;TYPE=home:5375root@messagerie-principale[10.10.10.19] ~ # | |
*** searching | |
**** grep | |
voir * core commands | |
**** tre-agrep, grep approximatif | |
*** producing | |
**** figlet | |
voir * byname ** figlet | |
**** boxes | |
voir * byname ** boxes | |
**** cowsay | |
voir * byname ** cowsay | |
*** processing | |
**** join fields with paste | |
see * byname ** paste | |
**** sed | |
voir * byname ** sed | |
**** awk | |
voir * byname ** awk | |
**** nl | |
voir * core commands | |
**** sort | |
voir * core commands | |
**** get info from file2 based on id from file1 with join | |
see * byname ** join | |
**** fold -s / fmt | |
see * byname ** fold/fmt | |
**** paginate a file with pr | |
see * byname ** pr | |
**** json | |
***** jq | |
see * byname ** jq | |
***** jshon | |
voir * byname ** jshon | |
***** other tools | |
****** gle | |
- aeson-pretty : provides a single pretty print command, written in haskell | |
- jparse : compacts to a single line | |
- jq | |
- jshon : The API is awkward. see ***** jshon ****** extract multiple values from a single key. | |
- kwalify <- this is for YAML | |
- yajl-tools : validate / minmize / beautify json | |
- emacs json-mode | |
- VS code | |
****** ff ext | |
json-lite : has some folding | |
json-formatter : only adds newlines and tabs | |
**** diff | |
voir * core commands | |
** command line tricks | |
*** pick a random element from a list | |
ychaouche#ychaouche-PC 16:15:04 ~ $ shuf -n1 -e one two three four | |
two | |
ychaouche#ychaouche-PC 16:15:20 ~ $ shuf -n1 -e one two three four | |
four | |
ychaouche#ychaouche-PC 16:15:21 ~ $ shuf -n1 -e one two three four | |
three | |
ychaouche#ychaouche-PC 16:15:22 ~ $ shuf -n1 -e one two three four | |
one | |
ychaouche#ychaouche-PC 16:15:22 ~ $ shuf -n1 -e one two three four | |
one | |
ychaouche#ychaouche-PC 16:15:22 ~ $ shuf -n1 -e one two three four | |
four | |
ychaouche#ychaouche-PC 16:15:23 ~ $ shuf -n1 -e one two three four | |
three | |
ychaouche#ychaouche-PC 16:15:23 ~ $ shuf -n1 -e one two three four | |
one | |
ychaouche#ychaouche-PC 16:15:23 ~ $ shuf -n1 -e one two three four | |
two | |
ychaouche#ychaouche-PC 16:15:23 ~ $ | |
*** Rejouer une commande précédente avec correctif | |
^coquille^correctif^ va rejouter l'ancienne commande en changeant coquille par correctif | |
*** defining a function in linear code | |
use a ; at the end of the last command | |
foo(){command; command; command;}; foo $1 | |
*** undefining a function | |
unset -f funcname | |
*** to know if ^D will quit the shell or not :: how many nested levels | |
echo $SHLVL # if this prints 1, then you are at the top level shell | |
*** paste to a command | |
**** direct paste | |
if the command has a read, you just paste after the read, no need for EOF anywhere. | |
ychaouche#ychaouche-PC 16:55:16 ~/MUSIQUE/UNEDIT $ while read file; do echo $file; done | |
demosophie.aac | |
socialcredit.aac | |
critiquedepierrehillard.aac | |
wikipedia.aac | |
PierreHILLARDPANDEMIEMONDIALISME.aac | |
VitaminD.aac | |
--- ^ pasted ^ --- | |
--- v echo v --- | |
demosophie.aac | |
socialcredit.aac | |
critiquedepierrehillard.aac | |
wikipedia.aac | |
PierreHILLARDPANDEMIEMONDIALISME.aac | |
VitaminD.aac | |
^C | |
ychaouche#ychaouche-PC 16:55:31 ~/MUSIQUE/UNEDIT $ | |
**** sponge | |
reads all stdin before passing it to the next command | |
$ sponge | command | |
^V | |
[...] | |
^D | |
[next command] | |
$ | |
*** get the path to a command | |
command -v | |
command -V prints an additional "is" as in x "is" y | |
gives path to the command, | |
or tell if the command is a shell builtin | |
*** numeric sequence | |
for file in /var/log/log.{2..14}.gz | |
do | |
<...> | |
done | |
ychaouche#ychaouche-PC 14:55:04 ~ $ for i in {1..10}; do echo -n $i; done; echo | |
12345678910 | |
ychaouche#ychaouche-PC 14:55:05 ~ $ | |
see also [1] | |
[1] https://stackoverflow.com/questions/5349718/how-can-i-repeat-a-character-in-bash | |
*** redirections | |
command > file 2>&1 will redirect both 1 and 2 to file | |
but command 2>&1 > file will only redirect 1 to file, because when 2 was redirected 1 was still pointing to stdout. | |
*** command grouping | |
{ command1; command2; command3 } | process_output | |
*** globbing | |
**** examples | |
ls {fullchain,privkey}.pem | |
ychaouche#ychaouche-PC 14:49:27 ~/SCRIPTS $ ls ~/DATA/RADIOALGERIE.DZ/SSL/{fullchain,privkey}.pem | |
-rwxrwxrwx 1 root root 3.5K Nov 2 10:50 /home/ychaouche/DATA/RADIOALGERIE.DZ/SSL/fullchain.pem | |
-rwxrwxrwx 1 root root 1.7K Nov 2 10:50 /home/ychaouche/DATA/RADIOALGERIE.DZ/SSL/privkey.pem | |
ychaouche#ychaouche-PC 14:54:28 ~/SCRIPTS $ | |
**** characters | |
? : any character | |
. : itself | |
* : any string | |
[abc] : a or b or c | |
[!abc] : anything but a or b or c | |
[a-z] : the a to z range | |
{abc,def} : abc or def | |
**** extended globs (extglobs) | |
***** setting/setting extglobs | |
shopt -s extglob # set | |
<do things> | |
shopt -u extglob # unset | |
***** constructs | |
?(pattern-list) : Matches zero or one occurrence of the given patterns | |
*(pattern-list) : Matches zero or more occurrences of the given patterns | |
+(pattern-list) : Matches one or more occurrences of the given patterns | |
@(pattern-list) : Matches one of the given patterns | |
!(pattern-list) : Matches none of the given patterns | |
*** execute previous command with string substitution | |
replace all : !!:gs/from/to/ | |
replace all : ^from^to^:G # didn't work, | |
12:36:52 /usr/share/man -1- $ di -h -t ext4 -t fuseblk -t btrfs -t ntfs -t fat | |
stat: ext4 No such file or directory | |
stat: -t No such file or directory | |
stat: fuseblk No such file or directory | |
stat: -t No such file or directory | |
stat: btrfs No such file or directory | |
stat: -t No such file or directory | |
stat: ntfs No such file or directory | |
stat: -t No such file or directory | |
stat: fat No such file or directory | |
12:37:38 /usr/share/man -1- $ ^-t^-I^:G | |
bash: | |
12:38:09 /usr/share/man -1- $ | |
*** stopping a pipe after head finishes | |
so (long | pipe | command) | head -1 | |
Any command writing to stdout will be captured by head. | |
If it tries to write to it while head has finished, it will receive a sigpipe and die. | |
Sometimes, for example if you're writing a for loop, the last command will die but the for loop will continue to run. | |
So what needs to be done is to add a "break" when sigpipe is sent. | |
for example : | |
root@messagerie-principale[10.10.10.19] ~ # command ls -1t /var/log/dovecot.log* | while read -r filename; do zgrep -H --line-buffered --color -E 'login.*a.chaouche' $filename | tail -1 || break; done | head -1/var/log/dovecot.log:Oct 11 09:58:19 imap-login: Info: Login: user=<a.chaouche@algerian-radio.dz>, method=PLAIN, rip=192.168.211.106, lip=10.10.10.19, lport=993, service=imap, ssl=TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) | |
root@messagerie-principale[10.10.10.19] ~ # | |
Will return immediately, because of the | |
tail -1 || break | |
w/o the break, all other files will be processed. | |
*** wait until a process writes to a FIFO | |
< /path/to/fifo || continue | |
*** do precise arihtmetic operations (floats) | |
scale=2 | |
ychaouche#ychaouche-PC 09:59:25 ~ $ bc <<< "scale=2; 6/14" | |
.42 | |
ychaouche#ychaouche-PC 09:59:33 ~ $ | |
*** tab-complete hostnames defined in /etc/host | |
some commands like ssh can complete it automatically, | |
but commands like krdp do not. | |
In such cases, use M-@. | |
*** print a tree of the filesystem | |
tree. | |
Example: | |
root@messagerie-secours[CHROOT][10.10.10.20] ~/SCRIPTS/APACHE # tree /var/www/MAINTENANCE-MODE/ | |
/var/www/MAINTENANCE-MODE/ | |
├── css | |
│ ├── style.css | |
│ └── style.css~ | |
├── images | |
│ ├── linen_header.jpg | |
│ ├── linen.jpg | |
│ ├── linen_login.jpg | |
│ └── roundcube_logo.png | |
├── javascript | |
│ ├── jquery.min.js | |
│ └── TimeCircles.js | |
├── maintenance.html | |
├── maintenance.html~ | |
└── style | |
├── TimeCircles.css | |
└── TimeCircles.css~ | |
4 directories, 12 files | |
root@messagerie-secours[CHROOT][10.10.10.20] ~/SCRIPTS/APACHE # | |
*** redirect stdout to more than one process | |
command | tee >(p1) >(p2) >(p3) >/dev/null | |
10:54:22 ~ -1- $ openssl s_client -connect messagerie.algerian-radio.dz:443 -CApath /etc/ssl/certs/ </dev/null | tee >(grep Verify) >(grep Start) >/dev/null | |
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 | |
verify return:1 | |
depth=1 C = US, O = Let's Encrypt, CN = R3 | |
verify return:1 | |
depth=0 CN = algerian-radio.dz | |
verify return:1 | |
Start Time: 1694685269 | |
Verify return code: 0 (ok) | |
DONE | |
10:54:29 ~ -1- $ | |
see also: pee | |
*** colorize part of the output | |
use sed to replace the matching line with ascii escape sequences | |
you can use the reverse video ascii escape sequence | |
\x1b[7m | |
then use the reset ascii escape sequence | |
\x1b[0m | |
example: | |
sed 's/\(Not After.*\)/ \x1b[7m \1 \x1b[0m /' | |
*** break long lines | |
use fmt -s | |
-s prevent the joining of the next line. | |
example output | |
------------------------------ -------------------- | |
Dec 10 11:00:28 to=<sabrinagostotop@gmail.com>, status=deferred (host | |
alt1.gmail-smtp-in.l.google.com[142.250.153.26] said: 452-4.2.2 The | |
recipient's inbox is out of storage space. Please direct the 452-4.2.2 | |
recipient to 452 4.2.2 https://support.google.com/mail/?p=OverQuotaTemp | |
n24-20020a170906b31800b00a1c9d73e570si2436365ejz.529 - gsmtp (in reply | |
to RCPT TO command)) | |
------------------------------ -------------------- | |
Dec 10 11:03:28 to=<gacemcpradio@gmail.dz>, status=bounced (Name service | |
error for name=gmail.dz type=MX: Malformed or unexpected name server | |
reply) | |
------------------------------ -------------------- | |
Dec 10 11:09:14 to=<fouzia.boulehbel@algerian-radio.dz>, status=bounced | |
(host messagerie.algerian-radio.dz[private/dovecot-lmtp] said: 552 5.2.2 | |
<fouzia.boulehbel@algerian-radio.dz> Quota exceeded (mailbox for user | |
is full) (in reply to end of DATA command)) | |
------------------------------ -------------------- | |
*** add timestamps to stdin | |
just pipe it to /usr/bin/ts | |
** other gems | |
https://github.com/alebcay/awesome-shell | |
** Editors | |
vim | |
hexedit | |
Emacs -> voir emacs.info | |
ed -> voir linux.info * ed (bookmark-jump "linux::ed") | |
** working on files | |
*** working on specific files | |
**** working on log files | |
logcheck | |
logger | |
lnav | |
logrotate | |
dmesg | |
syslog-summary | |
logtail | |
**** working on source files | |
cg & vg | |
ctags / etags | |
git | |
bzr | |
**** working with archives | |
pax prend en charge plusieurs types d'archives. | |
**** working with XML files | |
Chercher dans un fichier xml avec xgrep en utilisant xpath avec l'option -x ou des regexpn avec -s | |
**** working with csv files | |
***** csvkit | |
****** installation | |
pip install csvkit | |
this installs openpyxl 3.0.5 which only works with python3 | |
****** tools | |
after that, you will have a bunch of utilities in /usr/local/bin | |
ychaouche#ychaouche-PC 15:00:38 ~ $ ls /usr/local/bin/csv | |
csvclean csvformat csvjoin csvlook csvsort csvstack | |
csvcut csvgrep csvjson csvpy csvsql csvstat | |
ychaouche#ychaouche-PC 15:00:38 ~ $ | |
****** csvgrep | |
csvgrep -m <search_pattern> -c<column_number> | |
**** working with pdf files | |
***** packages | |
poppler-uils | |
libpodofo-utils | |
***** move pages | |
podofopages --move <from> <to> [0 based] | |
will move page number <from> to number <to> | |
it is part of the libpodofo-utils package | |
***** merge pdfs into one document | |
pdfunite will concatenate multiple pdf files into one single file | |
it is part of the poppler-utils package | |
***** extract pages | |
pdftk 6-serveurs.pdf cat 1 output 6-serveurs.p1.pdf | |
***** convert pdfs to image | |
same as ** convert images to pdf except use -density 300 to get sharp text. | |
**** working with doc files | |
***** convert to pdf | |
$ unoconv file.doc | |
will create file.pdf | |
***** examine malicious macros | |
article [1] | |
uses oledump.py[2], | |
itslef using ole python modules | |
sources : | |
[1] http://web.archive.org/web/20220816195545/https://fishtech.group/cybersecurity/extracting-and-analyzing-malicious-word-macros-for-threat-hunting/ | |
[2] https://github.com/DidierStevens/DidierStevensSuite/blob/bc54396e18e7957bb27502dfbbb8ab072509bc9f/oledump.py#L1888 | |
**** working on binary files | |
binwalk | |
binary diffs : radare, dhex | |
**** working on links | |
***** copier les fichiers pointés par un symlink | |
cp -L | |
rsync --copy-links | |
***** dereference symlinks | |
ls -H symlink | |
readlink -f symlink | |
realpath symlink | |
stat -c "%N" symlink | |
find symlink -printf "%l\n" | |
***** print real path to current directory | |
pwd -P | |
readlink -f . | |
realpath . | |
ls -ld . | |
stat -c "%N" . | |
find . -printf "%l\n" | |
12:11:48 ~/VIDEOS -1- $ readlink -f . | |
/mnt/partage_local/VIDEOS | |
12:11:55 ~/VIDEOS -1- $ realpath . | |
/mnt/partage_local/VIDEOS | |
12:12:02 ~/VIDEOS -1- $ pwd -P | |
/mnt/partage_local/VIDEOS | |
12:12:09 ~/VIDEOS -1- $ pwd | |
/home/ychaouche/VIDEOS | |
12:12:11 ~/VIDEOS -1- $ | |
***** finding all links | |
find -type l | |
***** finding broken links only | |
find -xtype l | |
for more explanation see *** find **** -xtype l | |
***** finding working links only | |
find -type l -not -xtype l | |
example : | |
19:07:31 ~/snap -1- $ find . -type l -not -xtype l -exec file {} \; | |
./slack/67/.config/gtk-2.0/gtkfilechooser.ini: symbolic link to `/home/ychaouche/.config/gtk-2.0/gtkfilechooser.ini' | |
./slack/67/.config/dconf/user: symbolic link to `/home/ychaouche/.config/dconf/user' | |
./slack/67/.config/ibus/bus: symbolic link to `/home/ychaouche/.config/ibus/bus' | |
./slack/67/.config/gtk-3.0/settings.ini: symbolic link to `/home/ychaouche/.config/gtk-3.0/settings.ini' | |
./slack/67/.config/gtk-3.0/bookmarks: symbolic link to `/home/ychaouche/.config/gtk-3.0/bookmarks' | |
./slack/68/.config/gtk-2.0/gtkfilechooser.ini: symbolic link to `/home/ychaouche/.config/gtk-2.0/gtkfilechooser.ini' | |
./slack/68/.config/dconf/user: symbolic link to `/home/ychaouche/.config/dconf/user' | |
./slack/68/.config/ibus/bus: symbolic link to `/home/ychaouche/.config/ibus/bus' | |
./slack/68/.config/gtk-3.0/settings.ini: symbolic link to `/home/ychaouche/.config/gtk-3.0/settings.ini' | |
./slack/68/.config/gtk-3.0/bookmarks: symbolic link to `/home/ychaouche/.config/gtk-3.0/bookmarks' | |
./riseup-vpn/current: symbolic link to `179' | |
./certbot/current: symbolic link to `2618' | |
19:07:44 ~/snap -1- $ | |
**** working on ceritificates | |
***** how to verify a chained cert | |
openssl crl2pkcs7 -nocrl -certfile <file> | openssl pkcs7 -print_certs -noout | |
explanation | |
----------- | |
CRL : Certificate Revocation List | |
crl2pkcs7 will convert the certfile from <> to PKCS7 format [u] | |
-in option is wrong. It is for CRL files. | |
Use -certfile to give the certificate file | |
-nocrl is mandatory. w/o this the program will wait for input from stdin | |
the pkcs7 command will print the certificates | |
***** verify alt subject | |
x509 -text | grep DNS | |
root#ychaouche-PC 11:56:19 /etc/letsencrypt/live # openssl x509 -in radioalgerie.dz-0001/fullchain.pem -text | grep DNS | |
DNS:*.radioalgerie.dz, DNS:radioalgerie.dz | |
root#ychaouche-PC 11:56:23 /etc/letsencrypt/live # | |
or | |
x509 -text then grep -A1 on Alt | |
example : | |
ychaouche#ychaouche-PC 11:41:58 ~/DOWNLOADS/TOOLS $ openssl x509 -in fullchain.pem -text | grep -i alt -A1 | |
X509v3 Subject Alternative Name: | |
DNS:*.radioalgerie.dz, DNS:radioalgerie.dz | |
ychaouche#ychaouche-PC 11:42:19 ~/DOWNLOADS/TOOLS $ | |
***** print subject and dates | |
openssl x509 -in <certfile> -noout -subject -dates | |
***** verify a remote certificate | |
openssl s_client -servername <servername> -connect host:port -CApath /etc/ssl/certs [-starttls <smtp|pop3|imap>] | openssl x509 -noout -subject -dates | |
**** working on HTML files | |
html2txt | |
**** working on configuration files | |
You can use augtool from the augeas library to edit any value in any config file, | |
provided it has its own lense | |
17:28:13 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool get /files/home/ychaouche/.ssh/config/Host[10] | |
/files/home/ychaouche/.ssh/config/Host[10] = labonedjma.net | |
17:29:53 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool set /files/home/ychaouche/.ssh/config/Host[10] labonedjma | |
Saved 1 file(s) | |
17:29:59 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ augtool get /files/home/ychaouche/.ssh/config/Host[10] | |
/files/home/ychaouche/.ssh/config/Host[10] = labonedjma | |
17:30:02 ~/DOCUMENTS/INTERNE/MESSAGERIE -1- $ | |
*** Get/Change the encoding of a file | |
uchardet permet de donner l'encodage d'un fichier. Dans quelques cas, file aussi. | |
iconv -to -from | |
recode est dangereux car il ré-encode sur place. | |
*** renaming files | |
**** rename | |
you need to know perl | |
on my machine it is a link to alternatives which is a link to prename (perl rename) | |
**** mmv | |
easiest : | |
mmv *.html.* #2.html.#1 <- will replace main.html.en to main.en.html. #n will be replaced by the wildcards characters : * anything, ? a single char, [a-z] a range of chars. | |
a special wildcard character ";" is for specifying recursivity : ;*.html.* will find any .html. file in any subdirectory, including the 0th (cwd). | |
**** prename | |
*** data recovery | |
extundelete /dev/sda1 --restore-file /root/test.sh | |
# list files | |
ext4magic /dev/sda1 -a "$(date -d "-4hours" +%s)" -f /root/ -j -l | |
# list files | |
ext4magic /dev/sda1 -Lx -f root/ > /tmp/files | |
other tools: | |
dff (digital forensics framework) | |
scalpel | |
testdisk | |
*** finding file duplicates | |
fdupes https://github.com/adrianlopezroche/fdupes | |
dugu https://github.com/DeaDSouL/dugu | |
rmlint | |
ddupes | |
rdfind https://rdfind.pauldreik.se/ | |
jdupes | |
fslint | |
findup | |
duff | |
hadori | |
hardlink | |
*** finding broken links | |
see *** find **** -xtype l | |
*** creating temporary files | |
outfile=$(mktemp) | |
echo blah > "$outfile" | |
rm -f $outfile | |
*** remove old files | |
tmpreaper | |
*** file paths | |
**** extract filename out of file path | |
basename | |
but using bash is also good. | |
see filename.path.basename | |
function filename.path.basename () { | |
# much faster than calling basename, especially in a loop | |
echo ${1##*/} | |
} | |
**** getting full path to a file | |
realpath <file> | |
readlink -f <file> | |
*** emptying a file | |
1. > <file> | |
2. echo -n > <file> | |
3. cat < /dev/zero|null > <file> | |
4. truncate -s 0 <file> | |
*** printing files | |
to print large diagrams into multiple pages use rasterbator.net | |
or look for a printing software that has a "tiling" option | |
adobe acrobat has it, | |
but last version for linux is 2014 | |
** working on directories | |
*** monitoring directories | |
**** fsniper | |
Write rules on file names or filetypes that are triggered as soon as a new file arrives in a watched directory. | |
*** disk usage viewers | |
**** filelight | |
lent, vue radiale ne permet pas de voir rapidement ce qui consomme le plus. | |
**** ncdu | |
***** description | |
fast, vue en barchart avec options de tri permet de voir rapidement les plus gros. Permet d'effacer. Plusieurs façons de trier. | |
***** keys | |
c : show count of files in subdir | |
i : info | |
g : show perecentage + graph | |
r : refresh (recalc) | |
< / h : up | |
***** src | |
see https://dev.yorhel.nl/ncdu | |
*** print real path to current directory | |
pwd -P | |
readlink -f . | |
realpath . | |
ls -ld . | |
12:11:48 ~/VIDEOS -1- $ readlink -f . | |
/mnt/partage_local/VIDEOS | |
12:11:55 ~/VIDEOS -1- $ realpath . | |
/mnt/partage_local/VIDEOS | |
12:12:02 ~/VIDEOS -1- $ pwd -P | |
/mnt/partage_local/VIDEOS | |
12:12:09 ~/VIDEOS -1- $ pwd | |
/home/ychaouche/VIDEOS | |
12:12:11 ~/VIDEOS -1- $ | |
** working on filesystems | |
*** mount an already mounted directory somewhere else | |
use --bind | |
mount --bind /proc /usr/local/proc | |
*** how to create a working chroot | |
you need to mount /proc /dev and /sys of the live system. | |
mount --bind /proc <chroot>/proc | |
mount --bind /dev <chroot>/dev | |
mount --bind /sys <chroot>/sys | |
*** squashfs | |
**** list files in a squash image | |
unsquashfs -lls <file> | |
**** extract files | |
unsquashfs -li <file> | |
**** extract specific files | |
unsquashfs -li <file> <path> | |
*** how to run a program inside a chroot | |
use schroot | |
voir /home/ychaouche/NOTES/TXT/linux.info:1543 | |
** working on processes | |
*** redirect output of a running process | |
reredirect on github : https://github.com/jerome-pouiller/reredirect/ | |
dupx -used gdb- | |
https://github.com/nelhage/reptyr | |
*** locate and modify a variable in a running process | |
scanmem + gameconqueror | |
gameconquere is a UI to scanmem | |
*** how do you know if a service boots or not ? | |
systemctl is-enabled <servicename>.service | |
tab completion works for systemctl commands and services | |
example : | |
root#cloud 13:11:07 ~ # systemctl is-enabled lsyncd.service | |
lsyncd.service is not a native service, redirecting to systemd-sysv-install. | |
Executing: /lib/systemd/systemd-sysv-install is-enabled lsyncd | |
disabled | |
root#cloud 13:11:15 ~ # | |
*** is the service running ? | |
systemctl is-active <service> | |
** working on disks | |
*** documented | |
parted | |
fdisk | |
di | |
*** other tools | |
cfdisk | |
parted | |
gdisk pour GPT | |
lsblk <- most useful to have an overview. | |
root@pve:~# lsblk | |
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT | |
loop0 7:0 0 30G 0 loop | |
loop1 7:1 0 40G 0 loop | |
sda 8:0 0 558.7G 0 disk | |
├─sda1 8:1 0 1007K 0 part | |
├─sda2 8:2 0 512M 0 part | |
└─sda3 8:3 0 558.2G 0 part | |
├─pve-swap 253:0 0 8G 0 lvm [SWAP] | |
├─pve-root 253:1 0 96G 0 lvm / | |
├─pve-data_tmeta 253:2 0 4.4G 0 lvm | |
│ └─pve-data-tpool 253:4 0 429.5G 0 lvm | |
│ ├─pve-data 253:5 0 429.5G 0 lvm | |
│ ├─pve-vm--101--disk--0 253:7 0 20G 0 lvm | |
│ ├─pve-vm--102--disk--0 253:8 0 20G 0 lvm | |
│ ├─pve-vm--103--disk--0 253:10 0 32G 0 lvm | |
│ └─pve-vm--103--state--http_OK 253:12 0 4.5G 0 lvm | |
└─pve-data_tdata 253:3 0 429.5G 0 lvm | |
└─pve-data-tpool 253:4 0 429.5G 0 lvm | |
├─pve-data 253:5 0 429.5G 0 lvm | |
├─pve-vm--101--disk--0 253:7 0 20G 0 lvm | |
├─pve-vm--102--disk--0 253:8 0 20G 0 lvm | |
├─pve-vm--103--disk--0 253:10 0 32G 0 lvm | |
└─pve-vm--103--state--http_OK 253:12 0 4.5G 0 lvm | |
sdb 8:16 0 1.4T 0 disk | |
└─sdb1 8:17 0 1.4T 0 part | |
├─DataStorage-vm--106--disk--2 253:9 0 100G 0 lvm | |
└─DataStorage-vm--106--disk--0 253:17 0 250G 0 lvm | |
sr0 11:0 1 1024M 0 rom | |
root@pve:~# | |
*** ajout d'un disque à la 10.10.10.21 | |
======================================= | |
Copie du mail que j'ai envoyé à Mounia aujourd'hui mardi 07/02/17 à 12:19 sous le titre : [SRV] Comment ajouter un nouveau disque à une machine linux | |
Voici le contenu du mail : | |
#######################################"" | |
Quand tu branches le disque tu dois pouvoir le retrouver dans /dev/sdX où X va représenter une lettre (a,b,c,d, etc.) | |
Sur la 10.10.10.21 : | |
root@backup[10.10.10.21] /mnt/diskB # ls /dev/sd* | |
brw-rw---T 1 root disk 8, 0 Aug 17 09:18 /dev/sda | |
brw-rw---T 1 root disk 8, 1 Aug 17 09:18 /dev/sda1 | |
brw-rw---T 1 root disk 8, 2 Aug 17 09:18 /dev/sda2 | |
brw-rw---T 1 root disk 8, 5 Aug 17 09:18 /dev/sda5 | |
brw-rw---T 1 root disk 8, 16 Aug 17 09:18 /dev/sdb | |
brw-rw---T 1 root disk 8, 17 Aug 17 09:18 /dev/sdb1 | |
root@backup[10.10.10.21] /mnt/diskB # | |
On voit que la machine possède deux disques : /dev/sda et /dev/sdb. Chaque partition est un numéro dans le disque. Ainsi, le disque /dev/sda possède 3 prtitions numérotées sda1, sd2 et sda5. Le disque sdb possède une seule partition sdb1. | |
Chaque partition est montée sur "un point de montage" c'est à dire un dossier dans le système de fichier, souvent à la racine mais pas forcément. Pour voir les partitions et leurs points de montage on tape la commande mount comme ceci : | |
root@backup[10.10.10.21] /mnt/diskB # mount | |
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) | |
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) | |
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=251735,mode=755) | |
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) | |
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=202580k,mode=755) | |
/dev/disk/by-uuid/93b60fb8-c831-4413-a854-65d2888fa41d on / type ext4 (rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered) | |
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) | |
tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1229660k) | |
/dev/sdb1 on /var/vmail type ext4 (rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered) | |
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) | |
root@backup[10.10.10.21] /mnt/diskB # | |
Dans cet exemple, on peut voir que la machine possède 2 partitions montées : l'une sur "/" et l'autre sur /var/vmail/. | |
- /dev/disk/by-uuid/93b60fb8-c831-4413-a854-65d2888fa41d est montée sur "/" | |
- /dev/sdb1 est montée sur /var/vmail/ | |
La première partition est monté par ID universel unique ou UUID (Universal Unique ID) du disque et non par son nom classique "/dev/sda2", c'est juste une autre manière de catégoriser les disques qui est plus universelle. | |
La commande mount ne montre que les partitions montées sur le système, il peut y avoir des partitions non montées (par ex. des partitions windows). | |
Pour voir toutes les partitions, on utilise la commande parted -l comme ceci : | |
root@backup[10.10.10.21] /mnt/diskB # parted -l | |
Model: ATA ST3250318AS (scsi) | |
Disk /dev/sda: 250GB | |
Sector size (logical/physical): 512B/512B | |
Partition Table: msdos | |
Number Start End Size Type File system Flags | |
1 1049kB 246GB 246GB primary ext4 boot | |
2 246GB 250GB 4222MB extended | |
5 246GB 250GB 4222MB logical linux-swap(v1) | |
Model: ATA ST500DM002-1BD14 (scsi) | |
Disk /dev/sdb: 500GB | |
Sector size (logical/physical): 512B/4096B | |
Partition Table: gpt | |
Number Start End Size File system Name Flags | |
1 2097kB 500GB 500GB ext4 storage | |
root@backup[10.10.10.21] /mnt/diskB # | |
On vois bien ici que la machine possède une partition supplémentaire qui est le swap et dont le numéro est 5, on peut donc la retrouver dans /dev/sda5. Cette partition de 422 Mb sert uniquement à conserver sur le disque toute ou partie de la RAM, par exemple lors d'une mise en veille ou d'une hibernation (mise en veille prolongée). C'est ce qui permet au système au moment d'être réactivé de retrouver toutes les données qui étaient en mémoire avant sa mise en veille. | |
On peut utiliser une autre commande pour voir les partitions avec le taux de consommation, c'est la commande df comme ceci : | |
root@backup[10.10.10.21] /mnt/diskB # df -h | |
Filesystem Size Used Avail Use% Mounted on | |
rootfs 226G 9.7G 205G 5% / | |
udev 10M 0 10M 0% /dev | |
tmpfs 198M 328K 198M 1% /run | |
/dev/disk/by-uuid/93b60fb8-c831-4413-a854-65d2888fa41d 226G 9.7G 205G 5% / | |
tmpfs 5.0M 0 5.0M 0% /run/lock | |
tmpfs 1.2G 0 1.2G 0% /run/shm | |
/dev/sdb1 459G 77G 359G 18% /var/vmail | |
root@backup[10.10.10.21] /mnt/diskB # | |
On vois ici que la première partition du premier disque montée sur la racine du système de fichier "/" est présente deux fois dans les résultats de la commande df : une fois avec le libellé rootfs et une fois avec son UUID. Elle est utilisée à seulement 5%. | |
La première partition du deuxième disque /dev/sdb1 et utilisée à 18% et est montée sur /var/vmail, c'est elle qui contient toutes les boites principales et les boites de backup. | |
Je pense que le système de fichier racine ne devrait pas dépasser les 50Go d'espace disque. Cette partition contient les bibliothèques systèmes et les executables. | |
Ce que je préconise c'est de mettre tout /var/ dans une partition à part, car c'est elle qui contiendra les boites emails ainsi que les bases de données et les fichiers log, ce qui va prendre le plus de place. | |
Comme nous avons deux disques, l'un de 226G et l'autre de 460 Go, je préconise de créer le schéma de partitionnement suivant : | |
50 Go depuis le disque 1 pour "/" | |
175Go depuis le disque 1 + 459 Go depuis le disque 2 = 634 Go pour "/var/" | |
Comme ça on peut profiter de l'espace disque perdu du disque 1 qui ne sera jamais utilisé si on laisse le schéma de partionnement actuel. | |
Comment monter une partition ? | |
Une fois que tu as branché le disque et que tu connais sa lettre, tu peux monter le disque temporairement à l'emplacement souhaité avec la commande mount, comme ceci : | |
mount /dev/sdb1/ /mnt/diskB/ | |
Le dossier /mnt/ est un dossier classiquement utilisé pour le montage temporaire d'une partition. Il faut au préalable créer le dossier diskB à cet emplacement. | |
mkdir /mnt/diskB/ | |
A partir de là on pourra lire et écrire sur cette partition, mais uniquement pour cette session... au prochain redémarrage de la machine la partition ne sera pas montée. | |
Pour que le montage soit persistant, il faut ajouter une ligne dans le fichier /etc/fstab. C'est un fichier qui est lu par le système au démarrage et qui indique quelles sont les partitions à monter et à quels emplacements dans le système de fichier elles seront disponibles (les points de montages). | |
Par exemple, voici le contenu de la fstab sur 10.10.10.21 : | |
root@backup[10.10.10.21] /mnt/diskB # cat /etc/fstab | |
# /etc/fstab: static file system information. | |
# | |
# Use 'blkid' to print the universally unique identifier for a | |
# device; this may be used with UUID= as a more robust way to name devices | |
# that works even if disks are added and removed. See fstab(5). | |
# | |
# <file system> <mount point> <type> <options> <dump> <pass> | |
# / was on /dev/sda1 during installation | |
UUID=93b60fb8-c831-4413-a854-65d2888fa41d / ext4 errors=remount-ro 0 1 | |
# swap was on /dev/sda5 during installation | |
UUID=6baf6f45-7521-489d-b808-3c9029de431d none swap sw 0 0 | |
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0 | |
/dev/sdb1 /var/vmail ext4 errors=remount-ro 0 1 | |
root@backup[10.10.10.21] /mnt/diskB # | |
Si tu regardes la dernière ligne c'est celle-là que j'ai ajouté pour le deuxième disque. | |
Voici l'ordre des champs et leur significations : | |
# <file system> <mount point> <type> <options> <dump> <pass> | |
Le premier champ va indiquer le chemin vers le device : /dev/sdb1 | |
Ensuite, le point de montage /var/vmail | |
Ensuite le type du système de fichier, j'ai formatté la partition en ext4 donc j'indique ext4. Si c'était une partition windows, on aurait eu probablement du NTFS. | |
Ensuite les options de montage. Il y en a beaucoup, j'ai juste indiqué qu'en cas d'erreurs trouvées sur le disque que la partition soit monté en lecture seule (remount-ro, ro = read only). | |
Les deux dernières colonnes 0 et 1 j'ai simplement copié ce que j'ai trouvé dans la première ligne (celle du premier disque) | |
Quand la machine va redémarrer elle va lire le fichier /etc/fstab et va monter le deuxième disque comme indiqué. | |
N'hésite pas à revenir vers moi pour toute question ou commentaire. | |
CC à système : documentation. | |
#######################################"" | |
*** using swap | |
swapon /dev/sda7 | |
will use sda7 as swap | |
swapoff will turn off swap | |
*** comment avoir le UUID d'une partition | |
sudo blkid /dev/<device> | |
only works as root | |
09:36:28 ~ -2- $ sudo blkid /dev/sda1 | |
/dev/sda1: LABEL="RM-CM-)servM-CM-) au systM-CM-(me" UUID="2C1AE3A61AE36B72" TYPE="ntfs" | |
09:36:31 ~ -2- $ sudo blkid /dev/sda2 | |
/dev/sda2: UUID="367A3A5F7A3A1BD5" TYPE="ntfs" | |
09:36:33 ~ -2- $ | |
*** partition resizing | |
cfdisk -> resize | |
** working on other hardware | |
*** list | |
best tool : hwlist.sh | |
download : https://docs.google.com/uc?export=download&id=0Bwop4xigaCYXUG0xYThNU1QzSjg | |
url : http://simplylinuxfaq.blogspot.in/p/how-to-find-hardware-details-in-linux.html | |
hwlist.sh <- top, strips off uninstalled modules : | |
dmidecode <- best, not too much details | |
hwinfo <- good, too much detail | |
inxi <- very readable | |
lshw <- | |
pourquoi différence entre output de inxi et Ctrl-Echap ? (system activity) | |
what are bogomips ? | |
*** k3b | |
voir * by name | |
** working with loopdevices | |
losetup -a to show all loopdevices | |
** working with libraries | |
*** undocumented | |
readelf -x | |
objdump -x <lib> -> has a "versions definitions" section | |
where libraries put their version number | |
for binaries to process. | |
*** how to | |
**** show dynamic symbols | |
nm -D <bin or lib> | |
this will show functions or global variables not resolved until runtime, | |
probably after loading all the proper shared libraries | |
**** check if ld.so can load an executable | |
$ /lib64/ld-linux-x86-64.so.2 --verify <bin> | |
$ echo $? | |
**** run a program w/ particular libs | |
ld.so --library-path <path> <bin> | |
or | |
LD_LIBRARY_PATH=<...> <bin> | |
**** show where symbols are being fetched from | |
LD_DEBUG=bindings <bin> | |
**** show what version of libraries are needed to run a binary | |
LD_DEBUG=versions <bin> | |
For example, png16 is by libfreetype.6.12, and png12 was required by libfreetype6.11. | |
$ LD_DEBUG=versions /opt/teamviewer/tv_bin/TeamViewer 2>&1 | grep PNG | |
20194: checking for version `PNG12_0' in file /lib/x86_64-linux-gnu/libpng12.so.0 [0] required by file /usr/lib/x86_64-linux-gnu/libfreetype.so.6 [0] | |
ychaouche#ychaouche-PC 17:12:41 ~/DOWNLOADS/LIBS/FREETYPE2.6/usr/lib/x86_64-linux-gnu $ LD_DEBUG=versions LD_PRELOAD=./libfreetype.so.6.12.3 /opt/teamviewer/tv_bin/TeamViewer 2>&1 | grep PNG | |
20222: checking for version `PNG16_0' in file /usr/lib/x86_64-linux-gnu/libpng16.so.16 [0] required by file ./libfreetype.so.6.12.3 [0] | |
^C | |
$ | |
**** show the required shared libraries needed by a binary | |
ldd <bin> | |
**** print where ld will search for libs | |
ldconfig -p | |
the cache fil being /etc/ld.so.conf | |
**** show the versions supplied by a library | |
find which lib provides that version using strings: | |
$ strings /lib/i686/libc.so.6 | grep GLIBC_2.3 | |
$ strings /path/to/newglib/libc.so.6 | grep GLIBC_2.3 | |
for example | |
16:54:38 ~/DOWNLOADS/APPS/MAGIK/usr/lib -1- $ strings /lib/x86_64-linux-gnu/libm.so.6 | grep GLIBC | |
GLIBC_2.2.5 | |
GLIBC_2.4 | |
GLIBC_2.15 | |
GLIBC_2.18 | |
GLIBC_PRIVATE | |
16:57:37 ~/DOWNLOADS/APPS/MAGIK/usr/lib -1- $ | |
**** show what version of libc6 is installed | |
# package.is.installed libc6 | |
libc6:amd64 2.19-18+deb8u10 | |
# | |
*** see also | |
linux.info * libraries | |
** working with the desktop | |
*** documented | |
wmctrl | |
xdotool | |
xprop | |
notify-send | |
xbindkeys | |
qdbus | |
qdbusviewer | |
klipper | |
*** keyboard | |
**** send keyboard strokes | |
xdotool type --window <wid> "whatever" <- this will simulate keyboard input to window that has the <wid> id. | |
xdotool search --class <class> --limit 1 key "ctrl+l" <- send ctrl+l to the first window with class <class> | |
classname : this is specific (capoizapodizapodiza, Google-cahrome) | |
class : this is generic (Google-chrome) | |
**** working with the clipboard | |
***** get content of the clipboard | |
xclip -o -selection clipboard | |
***** set content of the clipboard | |
echo "thing" | xclip -selection clipboard # puts "thing" in the clipboard | |
***** keep a history of selected text | |
see * by name ** klipper | |
**** visual keyboard | |
xvkbd | |
**** get all shortcuts | |
qdbus org.kde.kglobalaccel /component/kwin allShortcutInfo | |
qdbus org.kde.kglobalaccel /component/kwin shortcutNames | |
**** invoke a shortcut | |
qdbus org.kde.kglobalaccel /component/kwin invokeShortcut "Shortcut name" # see get all shortcuts | |
**** show keyboard keys | |
***** screenkey | |
version mint non configurable. C'est la version originelle. | |
J'ai modifié timeout directement dans le code source. | |
version en ligne configurable. C'est la 0.2 [1][2] | |
[1] https://gitlab.com/screenkey/screenkey | |
[2] https://www.thregr.org/~wavexx/software/screenkey/#cannot-stop-screenkey-or-no-status-icon | |
***** key-mon | |
*** show mouse clicks | |
kde config center > desktop effects > all effects > Mouse click animation | |
Win + Alt + c | |
*** wm operations | |
**** gle | |
wmctrl | |
**** combien de fenêtre ouvertes ? | |
wmctl -l | |
**** lower a specific window | |
qdbus org.kde.kglobalaccel /component/kwin invokeShortcut "Window Minimize | |
**** à quel programe appartient cette fenêtre ? | |
xprop > click. Parfois WM_COMMAND donne la commande (systemsettings, vlc) mais pas tout le temps (firefox, libreoffice) | |
**** sending desktop notification | |
notify-send "label" "all the info you need" | |
this will send a desktop notification. | |
*** dbus | |
**** view buses | |
qdbusviewer | |
**** keyboard shortcuts | |
voir *** keyboard | |
*** sound | |
**** view controls | |
ychaouche#ychaouche-PC 11:34:29 /usr/share/man $ amixer scontrols | |
Simple mixer control 'Master',0 | |
Simple mixer control 'Headphone',0 | |
Simple mixer control 'Headphone Mic',0 | |
Simple mixer control 'Headphone Mic Boost',0 | |
Simple mixer control 'Headphone+LO',0 | |
Simple mixer control 'Speaker',0 | |
Simple mixer control 'PCM',0 | |
Simple mixer control 'Line Out',0 | |
Simple mixer control 'Beep',0 | |
Simple mixer control 'Capture',0 | |
Simple mixer control 'Capture',1 | |
Simple mixer control 'Auto-Mute Mode',0 | |
Simple mixer control 'Digital',0 | |
Simple mixer control 'Headset Mic',0 | |
Simple mixer control 'Headset Mic Boost',0 | |
Simple mixer control 'Input Source',0 | |
Simple mixer control 'Input Source',1 | |
Simple mixer control 'Loopback Mixing',0 | |
ychaouche#ychaouche-PC 11:43:01 /usr/share/man $ | |
**** increase/decrease volume | |
amixer set Master 5%+ | |
amixer set Master 5%- | |
**** mute PC speakers | |
amixer set Speaker mute | |
unplug/replug head/earphones if necessary. | |
**** get current volume | |
ychaouche#ychaouche-PC 15:39:24 /usr/share/man $ amixer get Master | egrep -o '[0-9]{1,3}%' | |
51% | |
ychaouche#ychaouche-PC 15:39:27 /usr/share/man $ | |
*** automation | |
use xvfb-run | |
xvfb-run is a command-line tool | |
that simplifies the task of running X11 clients | |
(typically GUI applications) | |
in a virtual X server environment. | |
It is a wrapper for the Xvfb command, | |
which creates a virtual X server | |
that runs in memory | |
without a physical display. | |
xvfb-run sets up an X authority file, | |
writes a cookie to it, | |
and then starts the specified command within the virtual X server environment. | |
This allows X11 clients to run without requiring a physical display or user interaction. | |
xvfb-run is often used for automated testing of GUI applications, | |
as well as for running X11 clients in headless environments | |
such as servers or containers. | |
** working with databases | |
*** sqlite | |
**** getting help | |
.help | |
**** open a database | |
.open path | |
**** show tables | |
.tables | |
**** describe table | |
.schema <table> (omit semi-colon) | |
pragma table_info(table_name) (osqueryi) | |
**** show current db | |
.databases | |
**** run query from command line | |
sqlite3 databasefile.sqlite "query in between quotes" | |
**** change output format | |
***** .mode column | |
.mode column | |
name path cmdline process state start_time elapsed_time remote_address remote_port state | |
---------- ------------ --------------------------------------------- ------------- ---------- ------------ -------------- ----------- ----------- | |
ssh /usr/bin/ssh ssh -p44044 root@messagerie.algerian-radio.dz S 1657203011 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh -p44044 root@messagerie.algerian-radio.dz S 1657203160 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657204190 10.10.10.19 44044 ESTABLISHED | |
konversati /usr/bin/kon /usr/bin/konversation -caption Konversation S 1657208270 162.251.69.69 6667 ESTABLISHED | |
kdeconnect /usr/lib/kde /usr/lib/kde4/libexec/kdeconnectd S 1657184878 0.0.0.0 0 LISTEN | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
thunderbir /home/ychaou /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/th S 1657184924 10.10.10.19 993 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 204.79.197.200 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 104.21.61.82 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 142.250.201.42 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 13.107.42.14 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 142.251.37.227 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 10x4.21.61.82 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 13.107.42.14 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 87.248.119.252 443 ESTABLISHED | |
waterfox-g /tmp/.mount_ /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 S 1657185139 52.35.251.160 443 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh serveur@messagerie.algerian-radio.dz -p 4 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh root@messagerie.algerian-radio.dz -p 4404 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
ssh /usr/bin/ssh ssh serveur@messagerie.algerian-radio.dz -p 4 S 1657186761 10.10.10.19 44044 ESTABLISHED | |
***** .mode line | |
osquery> select processes.name, processes.path, processes.cmdline, processes.state as "process state", processes.start_time, processes.elapsed_time, process_open_sockets.remote_address, process_open_sockets.remote_port, process_open_sockets.state from processes JOIN process_open_sockets ON processes.pid = process_open_sockets.pid where process_open_sockets.family=2 and process_open_sockets.protocol=6; | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh -p44044 root@messagerie.algerian-radio.dz | |
process state = S | |
start_time = 1657203011 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh -p44044 root@messagerie.algerian-radio.dz | |
process state = S | |
start_time = 1657203160 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657204190 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = konversation | |
path = /usr/bin/konversation | |
cmdline = /usr/bin/konversation -caption Konversation | |
process state = S | |
start_time = 1657208270 | |
elapsed_time = | |
remote_address = 162.251.69.69 | |
remote_port = 6667 | |
state = ESTABLISHED | |
name = kdeconnectd | |
path = /usr/lib/kde4/libexec/kdeconnectd | |
cmdline = /usr/lib/kde4/libexec/kdeconnectd | |
process state = S | |
start_time = 1657184878 | |
elapsed_time = | |
remote_address = 0.0.0.0 | |
remote_port = 0 | |
state = LISTEN | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = thunderbird-bin | |
path = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | |
cmdline = /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | |
process state = S | |
start_time = 1657184924 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 993 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 13.107.42.14 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 87.248.119.252 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = waterfox-g4 | |
path = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
cmdline = /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | |
process state = S | |
start_time = 1657185139 | |
elapsed_time = | |
remote_address = 52.35.251.160 | |
remote_port = 443 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh serveur@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh root@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
name = ssh | |
path = /usr/bin/ssh | |
cmdline = ssh serveur@messagerie.algerian-radio.dz -p 44044 | |
process state = S | |
start_time = 1657186761 | |
elapsed_time = | |
remote_address = 10.10.10.19 | |
remote_port = 44044 | |
state = ESTABLISHED | |
osquery> | |
***** .mode list | |
osquery> .separator " | " | |
osquery> select processes.name, processes.path, processes.cmdline, processes.state as "process state", processes.start_time, processes.elapsed_time, process_open_sockets.remote_address, process_open_sockets.remote_port, process_open_sockets.state from processes JOIN process_open_sockets ON processes.pid = process_open_sockets.pid where process_open_sockets.family=2 and process_open_sockets.protocol=6; | |
name | path | cmdline | process state | start_time | elapsed_time | remote_address | remote_port | state | |
ssh | /usr/bin/ssh | ssh -p44044 root@messagerie.algerian-radio.dz | S | 1657203011 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh -p44044 root@messagerie.algerian-radio.dz | S | 1657203160 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657204190 | | 10.10.10.19 | 44044 | ESTABLISHED | |
konversation | /usr/bin/konversation | /usr/bin/konversation -caption Konversation | S | 1657208270 | | 162.251.69.69 | 6667 | ESTABLISHED | |
kdeconnectd | /usr/lib/kde4/libexec/kdeconnectd | /usr/lib/kde4/libexec/kdeconnectd | S | 1657184878 | | 0.0.0.0 | 0 | LISTEN | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird-bin | /home/ychaouche/DOWNLOADS/APPS/THUNDERBIRD/thunderbird/thunderbird | S | 1657184924 | | 10.10.10.19 | 993 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 13.107.42.14 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 13.107.42.14 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 87.248.119.252 | 443 | ESTABLISHED | |
waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | /tmp/.mount_waterfjpzMfx/usr/bin/waterfox-g4 | S | 1657185139 | | 52.35.251.160 | 443 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh serveur@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh root@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
ssh | /usr/bin/ssh | ssh serveur@messagerie.algerian-radio.dz -p 44044 | S | 1657186761 | | 10.10.10.19 | 44044 | ESTABLISHED | |
osquery> | |
***** .mode csv | |
same as list with .separator set to "," | |
***** .mode pretty | |
default | |
**** date time functions | |
datetime(timestamp,'unixepoch') | |
**** write results to a files | |
.headers on | |
.mode column | |
.once query_results.txt (only one query) | |
.output query_results.txt | |
.output (revert to stdout) | |
**** queries | |
****** join | |
SELECT fields... FROM T1 JOIN T2 USING field | |
*** postgres | |
**** links | |
https://pinboard.in/u:winks/t:postgresql/ | |
https://pinboard.in/u:winks/t:postgres/ | |
**** connexion | |
root ne peut pas se connecter. | |
il faut se connceter avec l'utilisateur système postgres, sans mot de pass | |
$ su postgres -c psql | |
ou bien | |
$ su postgres | |
$ psql | |
**** connexion en tant qu'un autre utilisateur | |
il faut ajouter l'option -h | |
root#cloud 15:05:00 /var/www/nextcloud # psql -U nextcloud -W | |
Password: | |
psql: FATAL: Peer authentication failed for user "nextcloud" | |
root#cloud 15:05:14 /var/www/nextcloud # psql -U nextcloud -W -h localhost | |
Password: | |
psql: FATAL: database "nextcloud" does not exist | |
root#cloud 15:08:33 /var/www/nextcloud # | |
**** création d'un nouvel utilisateur (role) | |
en tant qu'utilisateur postgres, faire : | |
$ createuser --interactive -P | |
**** \d[ump]u[sers] | |
\du | |
**** \l[ist databases] | |
\l | |
**** \d[escribe] table | |
\d table will describe table | |
\d+ table will add internal details | |
**** \d[escribe]t[ables] | |
\dt | |
**** show current user/database | |
\conninfo | |
**** create a new database | |
$ createdb -U nextcloud -h localhost nextcloud | |
**** turn off the pager | |
pset pager off | |
**** authentication methods | |
***** overview | |
local connections : peer authentication | |
remote connections : password authentication | |
other methods : require 3rd party security infrastructure or are platform specific. | |
***** pg_hba.conf | |
****** role | |
This is the file that specifies how clients may connect (h[ost] b[ased] a[uthentication]) | |
****** structure | |
connection type : local (unix sockets) / host (TCP/IP) | |
client IP range (if it applies) | |
database name : all = *, sameuser, samerole. Multiple database names may be separated by commas. | |
user name : all = *, multiple users may be separated by commas. | |
authentication method : peer, trust, password | |
***** peer | |
When peer is chosen, the username is taken from the OS. | |
if the username is connected to the OS, he is granted access to the DB. | |
**** privileges | |
***** list of privilege | |
select, insert, update, delete, truncate, trigger | |
create : schemas for databases, objects inside schemas, tables indices for tablespaces | |
connect : | |
execute : | |
usage : | |
references : allows creation of FK | |
all : all the privileges | |
***** owner | |
has all the rights | |
**** change the owner of multiple objects at a time | |
REASSIGN OWNED BY nextcloud TO oc_theboss; | |
This will reassign tables, sequences, views etc of all objects in current database. | |
**** write results to file | |
\o out.txt | |
\o to get output back to stdout | |
**** convert integers (16291029) to timestamps (2021-03-05 11:02:33) | |
to_timestamp(integer) | |
**** select uniq / select distinct | |
select distinct <fields>, from <table> [...] | |
**** run query from command line | |
psql [connection string] -c[command] "query" | |
**** listen to connections from outside | |
listen_addresses = 'localhost' -> listen_addresses = '*' | |
dans | |
/etc/postgresql/11/main/postgresql.conf | |
*** mysql | |
**** status information | |
***** show full processlist | |
list les threads de mysql avec la requête en cours, l'état de la requête, et le temps, exprimé en secondes, pendant lequel le process est resté dans cet état. | |
show full processlist\G : le \G permet d'avoir un meilleur affichage lorsque les lignes sont très longues. | |
***** show engine innodb status\G | |
trouvé sur SO | |
à creuser. | |
<from howm :: mysql> | |
show engine innodb status\G | |
--------------------------- | |
Pour diagnostic | |
**** engines | |
***** The MyISAM Engine | |
No support for FK | |
No support for transactions | |
Don't use it[1] | |
[1] #mysql | |
[14:09] <ychaouche> I wonder what's a good usage of MyISAM tables. No foreign key support, no transcations. | |
[14:09] <thumbs> ychaouche: none | |
[14:09] <Isotopp> never use myisam, too | |
***** Migration from MyISAM to InnoDB | |
According to : https://dev.mysql.com/doc/refman/5.7/en/converting-tables-to-innodb.html | |
key_buffer_size was 16 Mb, will keep it that way | |
innodb_buffer_pool_size is 128Mb, will keep it that way | |
Now we have to COMMIT or ROLLBACK each time we change a table, or else a transcation may stay astray and eventually slow down the system. | |
Don't rollback a million rows, just trancate the table and start over. | |
autocommit should be set to 0. One should commit after a number of inserts/updates/deletes instead of one commit for each operation, to save I/O. | |
Even selects open transactions ! | |
set innodb_file_per_table to ON, this will create one file per table and help the OS reclaim free disk space from truncated and deleted tables. | |
To convert an existing table : ALTER TABLE table_name ENGINE=InnoDB; | |
**** variables | |
show variables like <pattern> | |
**** writing queries | |
***** JOINS | |
****** whatis | |
used to combine data from two (or more) tables based on shared/common columns, called the join key or common key. | |
****** types of joins | |
LEFT means include all results from left table | |
RIGHT means include all results from right table | |
INNER is an intersection | |
OUTER is a union | |
CROSS is match every row from left with every row from right. | |
****** join syntax | |
1. select <> from t1 JOIN t2 USING (field) -- parens are mandatory | |
1. select <> from t1 JOIN t2 ON t1.field = t2.field | |
***** COUNT | |
COUNT(column) counts the number of rows where column isn't NULL. | |
COUNT(*) counts the number of rows. | |
***** UPDATE | |
UPDATE table_name SET column1 = value1, column2 = value2 WHERE condition | |
**** login | |
mysql --defaults-extra-file=<file> | |
file is typically : | |
[mysql] | |
username=<username> | |
password=<password> | |
chmod 600 <file>. | |
**** change user password | |
mysql> SET PASSWORD FOR 'backup'@'localhost' = PASSWORD("..."); | |
mysql> FLUSH PRIVILEGES | |
** working with packages | |
*** debian | |
**** mise à jours | |
***** Lister les updates sans les installer | |
Source : http://unix.stackexchange.com/a/188014/22046 | |
Problème : elle n'affiche pas toutes les descriptions. | |
Ajouté au bashrc : Oui, fonction updatable_packages | |
Aide sur IRC : utiliser | |
Code : | |
(function a { read input;dpkg -l ${input} | grep " ${input} " | awk '{$1=$2=$3=$4=$5=$6="";print $0 }' | sed 's/^ */,/';unset input;};{ apt-get --just-print upgrade 2>&1 | perl -ne 'if (/Inst\s([\w,\-,\d,\.,~,:,\+]+)\s\[([\w,\-,\d,\.,~,:,\+]+)\]\s\(([\w,\-,\d,\.,~,:,\+]+)\)? /i) {print "$1 ,$2, $3 \n"}';} | while read -r line; do echo -en "$line $(echo $line | awk '{print $1}' | a )\n"; done;) > /tmp/updates.csv | |
***** Mises à jour auto | |
You need two softwares : unattended-upgrades and apt-listchanges | |
Edit conf files of both at /etc/apt/apt.conf.d/50unattended-upgrades and 20auto-upgrades and 02periodic and /etc/apt/listchanges.conf | |
Quand il peut pas installer un paquet | |
------------------------------------- | |
Vérifier les sources : elles doivent contenir buster-update et buster tout court. | |
***** mise à jour de la distro | |
1. apt-get dist-upgrade pour déjà être au top de la distro courante | |
2. reboot | |
3. mettre les repos de la prochaine distro | |
(ne pas sauter de distro) | |
dans /etc/apt/sources.list | |
4. reprendre à 1 jusqu'à ce qu'on soit à la version la plus à jour. | |
**** rechercher | |
***** rechercher un paquet installé par motif | |
dpkg/dpkg-query -l *pattern* liste les paquets dont le nom ressemblent à pattern | |
***** quel paquet fournit cette commande / ce fichier | |
dpkg/dpkg-query -S *pattern* | |
**** lister | |
***** afficher tous les paquets installés | |
dpkg-query -l | |
dpkg -l | |
***** lister tous les fichiers installés par un paquet | |
dpkg -L packagename | |
dpkg-query -L packagename | |
***** lister tous les fichiers d'un paquet non installé | |
apt-file show <packagename> | |
***** lister les fichiers d'un paquet .deb | |
dpkg -c <package.deb> | |
***** lister les paquets cassés | |
apt-get check | |
**** vérifications | |
***** how to inspect a .deb package? | |
les paquets sont des archives au format ar, utiliser la commande ar pour extraire le fichier data.tar.xz comme ceci : | |
ar xvf <packet.deb> data.tar.xz | |
puis inspecter à l'aide de tar vJf l'archive data.tar.xz | |
AUTRE METHODE | |
On peu extraire directement vers un réperoire avec ar pvf <paquet.deb> data.tar.xz | tar Jvx -C <target-directory> | |
en effet, p[rint] va rediriger la sortie de ar vers la sortie de standard, de telle sorte à ce que tar puisse lire directement. | |
par exemple : | |
ar fp libssl-dev_1.1.0l-1~deb9u4_amd64.deb data.tar.xz | tar Jvx -C libssl-dev_1.1/ | |
***** vérifier l'intégrité des paquets | |
****** commande et sortie | |
dpkg -V en tant root (sans argument) | |
explication de la sortie : | |
1. seulement les fichiers pour lesquels un test a échoué sont affichés | |
2. une série de 9 caractères sont affichés, un pour chaque test. | |
3. ? = le test n'a pas pu être fait. | |
. = test ok | |
[:alnum:] = code d'erreur | |
****** utilité | |
si la machine est déjà compromise, il ne sert à rien de lancer cette commande. | |
ce qu'il faudrait c'est que les hashs soient comparés avec un autre système réputé sain. | |
***** lister les paquets cassés | |
apt-get check | |
**** cancel changes to conf files | |
dpkg --force-confnew | |
**** infos | |
***** why did this package got installed? | |
aptitude why | |
ou bien | |
apt-cache rdepends <package> | |
ou bien | |
apt rdepends <package> affichera les paquets qui ont pu installé celui-ci, soit | |
comme dépendance, soit comme suggestion (recommendation) | |
***** infos sur un paquet .deb | |
dpkg --infos <package.deb> | |
***** show only the description of package in the output of apt-cache show <packagename> | |
apt-cache show <package> | grep-dctrl -s Description-en - | |
grep-dctrl is a grep that is specialized to apt files format. | |
it is provided by the dctrl-tools package | |
***** à quel paquet appartient ce fichier ? | |
dpkg/dpkg-query -S /path/vers/fichier | |
***** est-ce que ce paquet est installé | |
dpkg-query -W <pattern> : show any (installed) package matching pattern | |
dpkg / dpkg-query -s <name> : show description of a specific package | |
***** y a-t-il des paquets qui utilisent des fichiers dans ce dossier ? | |
dpkg/dpkg-query -S /path/vers/dossier | |
exemple: | |
root#ychaouche-PC 13:43:19 /usr/lib/debug/usr/lib # dpkg -S /usr/lib/debug/ | |
kate-dbg, kdelibs5-dbg, kde-baseapps-dbg, konsole-dbg, kde-runtime-dbg, libqt4-dbg:amd64, libgmime-2.6-0-dbg, libc6-dbg:amd64: /usr/lib/debug | |
root#ychaouche-PC 13:44:59 /usr/lib/debug/usr/lib # | |
***** afficher l'état de tous les paquets matchant un pattern | |
dpkg -l <pattern> | |
dpkg-query -l <pattern> | |
***** afficher les dépendances d'un paquet | |
apt-cache depends <packagename> | |
***** lister les paquets cassés | |
apt-get check | |
**** suppression | |
***** forcer la suppression d'un paquet | |
dpkg --force-all --remove <package> [1] | |
[1] https://wiki.debian.org/DebianPackageManagement#line-271 | |
***** remove unused packages | |
apt-get autoremove | |
**** erreurs et solutions | |
***** This must be accepted explicitly before updates for this repository can be applied. see apt-secure(8) manpage for details. | |
you need to run apt-get update with the --allow-releaseinfo-change flag | |
**** installer des paquets avec symboles de débogage | |
ajouter cette source à sources.lst | |
deb http://deb.debian.org/debian-debug/ buster-debug main | |
puis installer le paquet avec le suffixe -dbgsym | |
**** installer un .deb | |
dpkg -i paquet.deb | |
installer les dépendances d'abord. | |
*** snaps | |
voir * by name | |
** working with terminals | |
*** get the /dev/pts/? associated with the current virtual terminal | |
use tty | |
like this | |
ychaouche#ychaouche-PC 10:00:29 ~ $ tty | |
/dev/pts/7 | |
ychaouche#ychaouche-PC 10:00:30 ~ $ | |
*** asciinema | |
pv -q[uiet] -L[imit] 2000[bytes/s] file.vt | |
this will just slowly print the contents of file to stdout. | |
** working with users | |
*** adding users | |
**** always use adduser | |
mnemonic : | |
- it starts with an a. | |
- you want to add a user | |
useradd : bas niveau, ne pas utiliser. | |
adduser : haut niveau, à utiliser, même pour ajouter un user existant à un group existant. | |
**** system users | |
***** Pour ajouter un utilisateur system | |
adduser --system username | |
***** difference avec un utilisateur ordinaire | |
System users are used by daemons, | |
do not have homes nor login shells. | |
**** add to a group | |
adduser user --ingroup group | |
*** ajouter un utilisateur existant à un groupe existant | |
adduser <user> <group> | |
or | |
newgrp <group>, which doesn't require logout/login | |
*** supprimer un utiliasteur d'un group | |
** working with kernel modules | |
*** add/remove modules | |
modporbe to add | |
modprobe -r to remove | |
*** list modules | |
lsmod | |
*** module info | |
modinfo | |
*** show modules dependency | |
modprobe --show-depends | |
** working with services | |
*** sysvinit | |
**** disable/enable services at boot time | |
***** update-rc.d | |
update-rc.d <service-name> disable/enable | |
# update-rc.d lsyncd disable | |
# ls /etc/rc?.d/*lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc0.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc1.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc2.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc3.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc4.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc5.d/K01lsyncd -> ../init.d/lsyncd | |
lrwxrwxrwx 1 root root 16 May 20 07:55 /etc/rc6.d/K01lsyncd -> ../init.d/lsyncd | |
# | |
***** rcconf | |
rcconf uses a zenity gui to configure the startup of services at bootime | |
** working with alternatives | |
*** voir les alternatives à une commande | |
--query <command> | |
exemple : | |
ychaouche#ychaouche-PC 13:26:03 /usr/share/man $ update-alternatives --query pager | |
Name: pager | |
Link: /usr/bin/pager | |
Slaves: | |
pager.1.gz /usr/share/man/man1/pager.1.gz | |
Status: auto | |
Best: /usr/bin/lv | |
Value: /usr/bin/lv | |
Alternative: /bin/less | |
Priority: 77 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/less.1.gz | |
Alternative: /bin/more | |
Priority: 50 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/more.1.gz | |
Alternative: /usr/bin/lv | |
Priority: 80 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/lv.1.gz | |
Alternative: /usr/bin/most | |
Priority: 60 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/most.1.gz | |
Alternative: /usr/bin/pg | |
Priority: 10 | |
Slaves: | |
pager.1.gz /usr/share/man/man1/pg.1.gz | |
ychaouche#ychaouche-PC 13:28:09 /usr/share/man $ | |
*** changer l'alternative à une commande | |
sudo update-alternatives --config <command> (TUI) | |
** working with A/V files | |
*** working with mp3 files | |
**** cutting | |
***** general note about mp3cut | |
mp3cut -o option MUST precede all others. | |
***** Skip first seconds | |
mp3cut -o output.mp3 -t 00:00:00- input.mp3 | |
***** Trim last seconds | |
mp3cut -o output.mp3 -t -00:00:00 input.mp3 | |
***** From-To | |
mp3cut -o output.mp3 -t 00:00:00-00:00:00 input.mp3 | |
**** sound gain | |
mp3gain : | |
-g n : apply gain of n | |
-u : undo changes | |
-r : all files set to same loudness | |
-a : normalize album loudness, but files keep their relative loudness (the louder are still louder) | |
use like this: | |
mp3gain -g 5 sound.mp3 | |
*** adding bgm | |
**** command | |
avconv -i video.in -i audio.in video.out | |
**** video w/ audio | |
add -filter_complex "amix=duration=shortest" | |
example : | |
avconv -i file:///home/ychaouche/MUSIQUE/SMALLCHUNKS/roserouge-22db-02\:24_stgermain.mp3 -i ~/VIDEOS/SCREENCASTS/audiomon-withdates.mkv -filter_complex "amix=duration=shortest" ~/VIDEOS/SCREENCASTS/audiomon-withdates-music.mkv | |
**** video w/o audio | |
add -shortest. | |
REM : l'option -shortest seul ne va pas mixer les deux sons (video + mp3) mais grader un seul (soit vidéo soit mp3) | |
*** Extracting audio from a video file | |
**** old | |
You need to specify exactly the same extension to the output file as the one you see in the input file. | |
Then use the follwing two options : | |
- -map 0:1 if the audio is in 0:1 (avprobe to check) | |
- -c:a copy : copy the audio codec. | |
Like this : | |
avconv -i ~/VIDEOS/SCREENCASTS/libreofficemacrosbgm.mp4.mp4 -map 0:1 -c:a copy extractedaudio.ac3 | |
**** new | |
two steps : | |
1/ detect the audio format with avprobe | |
2/ use -c:a and specify the same extension as the input file | |
example : | |
avconv -i u2_lamp.mp4 -c:a copy u2_lamp.aac | |
*** get duration of a media | |
avprobe -v error -show_format_entry duration -sexagesimal file.mp4 | |
the -v error will get rid of most output | |
-show_format_entry duration will output duration only | |
-sexagesimal will print in HH:MM:SS form instead of number of seconds. | |
*** capture desktop sound ? | |
using audacity, see this screen capture : ~/IMAGES/SCREENSHOT/audacityrecorddesktopsounds.jpg | |
Audio host : choisir Alsa | |
Output device : pulse est choisi chez moi | |
Input device : Headphone Mic:1 est choisi chez moi | |
*** test the microphone ? | |
Using audacity, click on the microphone vuemeter, it will activate it. Change input source if necessary. | |
If that's not working, run alsamixer and change the input source there ! (yes sometimes that works) | |
What works on my particular config : | |
in alsamixer : input source = headset mic | |
in audacity : input source = sysdefault : headphone mic:0 | |
Le mieux pour la capture sonor c'est de mettre capture et capture 1 à 100% dans alsamixer. | |
If that doesn't work, unplug/re-plug the headphones. | |
2023-05-02 at 11:23:19 | |
As of today, | |
here's what works: | |
https://imgur.com/a/nMFj2ZL | |
in alsamixer | |
- input source = headset mic | |
- desaturate the gains | |
in audacity | |
- input source = HDA Intel PCH HW:0,0 Headphone Mic:0 | |
** working with images | |
*** get dimensions/geometry of an image | |
identify <image> (works on most formats) | |
file <image> (works on some formats) | |
ychaouche#ychaouche-PC 08:53:12 ~/DOWNLOADS/APPS/firefox $ file ~/TMP/b668d036.png | |
/home/ychaouche/TMP/b668d036.png: PNG image data, 240 x 215, 8-bit/color RGBA, non-interlaced | |
ychaouche#ychaouche-PC 08:55:21 ~/DOWNLOADS/APPS/firefox $ | |
*** convert images to pdf | |
this is restricted by /etc/Imagemagick/policy.xml | |
Edit the file to enable conversion to pdf. | |
convert <images> output.pdf | |
*** convert pdfs to image | |
same as ** convert images to pdf except use -density 300 to get sharp text. | |
*** resize image | |
convert -resize 50% <in> <out> | |
*** optimizing/reducing GIF size | |
resize it: | |
convert source.gif -resize 50% destination.gif | |
reduce the number of colors: | |
gifsicle <input.gif> > <output.gif> --colors 256 | |
select one frame every n frames | |
gifsicle in.gif \#{1..47..5} > out.gif | |
will select one out of every 5 frames | |
the # must be escaped. | |
the number of frames can be obtained with av.image.frames | |
add delay | |
gifsicle -b -d c <image.gif> #inplace modification | |
-b : batch operations (on every frame) | |
-d : delay | |
c : centiseconds | |
to get the delay in the original gif | |
identify -format "%T+" <orig.gif> | |
+ is just a separator | |
it can be anything else. | |
%T is the delay | |
*** extract text from images :: OCR | |
tesseract <image input file> <outputwithoutthe.txtextension> | |
*** convert images to ascii art | |
jp2a | |
-i --invert | |
--colors | |
--width= | |
--height= | |
*** identify -format formats | |
\ backslash, the next character is literal and not subject to interpretation | |
\n newline | |
\r carriage return | |
< less-than character. | |
> greater-than character. | |
& ampersand character. | |
%% a percent sign | |
%b file size of image read in (use -precision 16 to force results in B) | |
%c comment meta-data property | |
%d directory component of path | |
%e filename extension or suffix | |
%f filename (including suffix) | |
%g layer canvas page geometry (equivalent to "%Wx%H%X%Y") | |
%h current image height in pixels | |
%i image filename (note: becomes output filename for "info:") | |
%k CALCULATED: number of unique colors | |
%l label meta-data property | |
%m image file format (file magic) | |
%n number of images in current image sequence, report once per frame | |
%o output filename (used for delegates) | |
%p index of image in current image list | |
%q quantum depth (compile-time constant) | |
%r image class and colorspace | |
%s scene number (from input unless re-assigned) | |
%t filename without directory or extension (suffix) | |
%u unique temporary filename (used for delegates) | |
%w current width in pixels | |
%x x resolution (density) | |
%y y resolution (density) | |
%z image depth (as read in unless modified, image save depth) | |
%A image transparency channel. Values include Undefined (no transparency channel), Blend, Copy, or Update. | |
%B file size of image read in bytes | |
%C image compression type | |
%D image GIF dispose method | |
%G original image size (%wx%h; before any resizes) | |
%H page (canvas) height | |
%M Magick filename (original file exactly as given, including read mods) | |
%N number of images in current image sequence, report once per image sequence | |
%O page (canvas) offset ( = %X%Y ) | |
%P page (canvas) size ( = %Wx%H ) | |
%Q image compression quality ( 0 = default ) | |
%S ?? scenes ?? | |
%T image time delay (in centi-seconds) | |
%U image resolution units | |
%W page (canvas) width | |
%X page (canvas) x offset (including sign) | |
%Y page (canvas) y offset (including sign) | |
%Z unique filename (used for delegates) | |
%@ CALCULATED: trim bounding box (without actually trimming) | |
%# CALCULATED: 'signature' hash of image values | |
*** convert webp to png | |
convert won't work | |
you need to install webp | |
then use dwebp to decompress it, | |
and -o to save the result to a png file | |
dwebp image.webp -o image.png | |
*** get the number of frames in a gif | |
identify image.gif | |
identify -format "%n" image.gif | |
** working with binaries | |
*** which loader does this binary need? | |
$ readelf -l myapp | grep interpreter | |
[Requesting program interpreter: /lib/ld-linux.so.2] | |
*** print which loader does this binary runs | |
patchelf --print-interpreter <bin> | |
*** print rpath variable | |
patchelf --print-rpath <bin> | |
ou bien readelf -a/d chercher la variable runpath | |
0x000000000000001d (RUNPATH) Library runpath: [/snap/core18/current/lib/x86_64-linux-gnu/] | |
** working with printers | |
*** listing printers | |
lpstat -a | |
16:49:13 ~ -1- $ lpstat -a | |
hpitsysnet accepting requests since Sun 14 Feb 2021 11:19:39 AM CET | |
hpitsysnet_samba_pw accepting requests since Tue 27 Feb 2024 09:34:30 AM CET | |
rai accepting requests since Mon 18 May 2020 11:41:48 AM CET | |
X548-Series accepting requests since Mon 21 Mar 2022 03:48:34 PM CET | |
17:00:12 ~ -1- $ | |
*** printing | |
lpr -P<printer_name> document.pdf | |
(tested, works) | |
** network | |
*** geoip fencing | |
**** at the kernel level | |
***** step 1 : install the requirements | |
apt install xtables-addons-dkms libtext-csv-xs-perl | |
dkms : dynamic kerenl module support (load modules which code isn't the kernel) | |
***** step 2 : build the geoip database | |
mkdir -p /usr/share/xt_geoip/ | |
cd /usr/share/xt_geoip/ | |
/usr/lib/xtables-addons/xt_geoip_dl | |
/usr/lib/xtables-addons/xt_geoip_build -D . *.csv | |
***** step 3 : load the xt_geoip kernel module | |
modprobe xt_geoip | |
lsmod | grep xt_geoip | |
***** step 4 : change firewall rules with cctld | |
for example : | |
set a policy that drops everything by default | |
root@messagerie[192.168.100.20] ~ # cat /etc/shorewall/policy | |
[...] | |
$FW net ACCEPT | |
net $FW DROP | |
then set exception rules to allow incoming connections from Algeria | |
root@messagerie[192.168.100.20] ~ # cat /etc/shorewall/rules | |
ACCEPT net:^[DZ] $FW all | |
**** at nginx level | |
***** source | |
https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu | |
***** steps | |
****** make sure nginx is compiled with geoip support | |
nginx -V 2>&1 | sed -E s/--/'\n'/g | grep geoip | |
****** install the geoip-database | |
either | |
apt-get install geoip-database libgeoip1 | |
or | |
curl http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz | gunzip > /usr/share/GeoIP/GeoIP.dat [u] | |
****** use the $geoip_country variable and the map function | |
******* in nginx.conf | |
locate the http block and add the following before any include [Q] | |
http { | |
[...] | |
geoip_country /usr/share/GeoIP/GeoIP.dat; | |
map $geoip_country_code $allowed_country { | |
default no; | |
DZ yes; | |
} | |
[...] | |
} | |
This will set the $allowed_country variable to no, | |
except for algerian IPs. | |
******* in the vhost conf | |
locate the server block and add | |
[...] | |
if ($allowed_country = no) { | |
redirect https://http.cat/403 [u] | |
# return 444; | |
} | |
[...] | |
**** see also | |
~/howm/2018/03/2018-03-25-095648.txt | |
*** Tunnels | |
ssh passerelle -L portlocal:destination:portdest | |
Si je veux accéder à un port de la passerelle, destination sera localhost et localhost sera donc la passerelle et pas ma propre machine. | |
Si je veux accéder à une autre machine, je met son addresse IP dans le schéma d'addressage de la passerelle (LAN de la passerelle). | |
Exemple : accéder depuis ma machine vers la machine proxy qui n'est pas accessible directement, en passant par proxmox. | |
ssh root@pve.radioalgerie.dz -p 5022 -L 5023:10.250.20.30:22 -N | |
Je peux maintenant accéder par ssh (port 22) à la machine 10.250.20.30 (proxy) en me connectant localement sur le port 5023, comme ceci : | |
ychaouche#ychaouche-PC 13:30:26 ~/DOWNLOADS/TOOLS $ ssh root@localhost -p 5023 | |
Enter passphrase for key '/home/ychaouche/.ssh/id_rsa': | |
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 5.3.10-1-pve x86_64) | |
* Documentation: https://help.ubuntu.com | |
* Management: https://landscape.canonical.com | |
* Support: https://ubuntu.com/advantage | |
Last login: Sun Sep 6 12:26:12 2020 from 10.250.20.1 | |
-bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) | |
-bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) | |
root@proxy1:~# | |
Tada !! | |
On va essayer maintenant le SCP. | |
ychaouche#ychaouche-PC 13:34:05 ~/DOWNLOADS/TOOLS $ scp -P 5023 root@localhost:/etc/nginx/sites-enabled/default /home/ychaouche/SRV/ | |
Enter passphrase for key '/home/ychaouche/.ssh/id_rsa': | |
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) | |
default 100% 4646 4.5KB/s 00:00 | |
ychaouche#ychaouche-PC 13:34:20 ~/DOWNLOADS/TOOLS $ | |
Re-tadaaa !! | |
*** remote command execution | |
**** executer une commande | |
ssh -t[ty] host command | |
l'option -t permet d'éviter les erreurs suivantes : | |
bash: cannot set terminal process group (-1): Inappropriate ioctl for device | |
bash: no job control in this shell | |
stty: standard input: Inappropriate ioctl for device | |
**** executer plusieurs commandes | |
ssh host "bash -s" < script | |
**** executer un alias | |
use ssh -t to force pseudo-tty allocation | |
ssh -t login@host "bash -ci <alias>" | |
13:58:17 ~ -1- $ net.host.messagerie.ssh -t "bash -ci sys.distro" | |
/root/.bashrc_common: line 321: net.ip.private: command not found | |
Debian GNU/Linux 8 \n \l | |
Connection to messagerie.algerian-radio.dz closed. | |
14:01:06 ~ -1- $ | |
*** ip spoofing | |
voir ~/DATA/BACKUPS/NEWWIKI/data/pages-426/firewalltest.txt | |
hping3 <IP> -a <spoofed IP> -p <port> -S[yn] | |
*** file transfer & file sharing | |
**** fex | |
send and receive large files over the internet with last-byte resume capability. | |
**** filetea | |
share files through urls | |
**** how to copy the output of a command to a remote host | |
use cat like this | |
command | ssh host 'cat > file' | |
*** packet tracing | |
tctrace is A TCP traceroute, useful when ICMP is filtered by a firewal. | |
*** network configuration steps | |
**** 1. set static ip | |
ip addr add <address> dev <device> | |
**** 2. set default gateway | |
ip route add default via <gateway address> | |
**** 3. profit | |
**** 4. if you want to start afresh | |
ip addr flush <device> | |
*** Get NetBIOS name of an IP | |
**** command | |
nmblookup -A <IP> | |
**** output interpretation | |
10:39:43 /usr/share/man -1- $ nmblookup -A 192.168.211.86 | |
Looking up status of 192.168.211.86 | |
ITSNOWY <00> - B <ACTIVE> | |
WORKGROUP <00> - <GROUP> B <ACTIVE> | |
ITSNOWY <20> - B <ACTIVE> | |
WORKGROUP <1e> - <GROUP> B <ACTIVE> | |
WORKGROUP <1d> - B <ACTIVE> | |
..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> | |
MAC Address = 08-2E-5F-07-88-19 | |
10:49:12 /usr/share/man -1- $ | |
first line : | |
ITSNOWY : name | |
<00> : suffix for workstation. | |
Other possible values : | |
<20> : File server | |
<01> : browser | |
<03> : messenger | |
<1B> : domain master browser | |
<1C> : domain controller | |
- : ? | |
: no group name | |
B : broadcast node type | |
other possible values : | |
P : point-to-point | |
M : Mixed (B then P) | |
H : Hybrid (P then B) | |
<ACTIVE> : successfully registered. | |
Other possible values : | |
<PERMANENT> : doesn't expire | |
*** collect DNS stats | |
dsc | |
*** ban an IP | |
shorewall ban|logdrop <IP> | |
to stop a connexion that was already established, use cutter | |
cutter | |
*** copy files to another machine and create intermedite parent folders | |
create a tar archive on the source machine | |
copy to dst machine | |
untar | |
I bet this can be done in a single operation (pipes) | |
*** probe a port from outside | |
use ipvoid.com | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment