Tag Archive for linux

Tcpdump usage examples

Tcpdump usage examples

In most cases you will need root permission to be able to capture packets on an interface. Using tcpdump (with root) to capture the packets and saving them to a file to analyze with Wireshark (using a regular account) is recommended over using Wireshark with a root account to capture packets on an «untrusted» interface. See the Wireshark security advisories for reasons why.

See the list of interfaces on which tcpdump can listen:

tcpdump -D

Listen on interface eth0:

tcpdump -i eth0
Read more

Hardening Nginx SSL/TSL Configuration

Days ago I had to investigate a SSL issue in one of my customer’s servers, he installed a SSL certificate but the Nginx SSL configuration was not hardened at all, so he was getting a very poor grade while checking his site at SSL Server Test.

In the same case, if you have a grade lower than A, you should try to optimize your Nginx SSL configuration. Here are some tips to harden your Nginx SSL Configuration.
Read more

CentOS 6 — Configure NFS Client

Configure NFS Client to mount directories provided from NFS Server.
Read more

Use Speedtest.net from command line

Wouldn’t it be nice to be able to test your upload/download speed from your VPS and share the “famous” picture from speedtest.net ?

Speedtest.net uses Flash to test upload/download speed which is a hassle on most VPS.
The long way to get this is to install VNC and run it from a browser, but that is no longer necessary.
We can now use Matt Martz python script speedtest-cli to accomplish this from the commandline.

Read more

How to run a template that creates a init.d script before the service is created in Chef

How to run a template that creates a init.d script before the service is created in Chef
Read more

Востановление mdraid на переустановленной системе

apt-get install mdadm
mdadm --detail --scan --verbose | awk '/ARRAY/ {print}' >> /etc/mdadm/mdadm.conf

И поправить fstab

/dev/md1p1      /media/2TB      xfs     defaults        0 0

Linux: emergency reboot or shutdown with magic commands

Most linux distributions use some type of mechanism to gracefully stop daemons and unmount storage volumes during a reboot or shutdown. It’s most commonly done via scripts that will wait for each daemon to shut down gracefully before proceeding to the next daemon.

As we know, sometimes servers misbehave due to things put them through, and you can quickly end up in a situation where things are going badly. I’m talking about the type of situation where you’re connected via SSH to a server that controls phone lines for five million people and it sits in a tiny building 400 miles away from the nearest human being. We’re talking bad. If you issue a plain reboot command, it might not even make it that far. Once SSH stops running, you’re going to be out of luck.
Read more

Disable IPv6 on Centos 6, 5

Check whether ur system is enabled with IPv6 (::1:500,:::22) or just for IPv4 (0.0.0.0:22)
====================================

netstat -atnu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 192.168.122.1:53            0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:34843               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN
tcp        0    128 116.90.239.114:22           116.90.239.126:52548        ESTABLISHED
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::5989                     :::*                        LISTEN
udp        0      0 0.0.0.0:783                 0.0.0.0:*
udp        0      0 127.0.0.1:4500              0.0.0.0:*
udp        0      0 116.90.239.114:4500         0.0.0.0:*
udp        0      0 0.0.0.0:42018               0.0.0.0:*
udp        0      0 0.0.0.0:930                 0.0.0.0:*
udp        0      0 192.168.122.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:67                  0.0.0.0:*
udp        0      0 0.0.0.0:34384               0.0.0.0:*
udp        0      0 0.0.0.0:848                 0.0.0.0:*
udp        0      0 0.0.0.0:5353                0.0.0.0:*
udp        0      0 0.0.0.0:111                 0.0.0.0:*
udp        0      0 127.0.0.1:500               0.0.0.0:*
udp        0      0 116.90.239.114:500          0.0.0.0:*
udp        0      0 0.0.0.0:631                 0.0.0.0:*
udp        0      0 ::1:500                     :::*
====================================
# ping6 ::1    ———–> Ping your loopback ipv6 IP.

Read more

Centos 6 bonding + bridge

How to install and configure bridge on Centos 6

yum install bridge-utils
cd /etc/sysconfig/network-scripts/
vi ifcfg-bond0

Read more

How to solve the «unknown filesystem type exfat» problem

If you are getting the following dialog:
Unable to mount XX GB Filesystem Error mounting: mount: unknown filesystem type exfat.

You need to install ExFat support in Ubuntu.
Read more