Linux OSses I currently use : Ubuntu, Centos/Rocky/Fedora, Raspbian (and msdos lol) Have used: Slackware,Gentoo, Kali, ELive, Suse,Debian,Mint,Puppy,Lubuntu
Some directories on my fileserver are encrypted using ecryptfs.
eCryptfs is a POSIX-compliant enterprise cryptographic stacked filesystem for Linux. eCryptfs stores cryptographic metadata in the header of each file, so that encrypted files can be copied between hosts; the file will be decrypted with the proper key in the Linux kernel keyring. There is no need to keep track of any additional information aside from what is already in the encrypted file itself. You may think of eCryptfs as a sort of “gnupg as a filesystem”.
Example crypted directory using filename encryption
You can use the same dir for mounting! Filenames are encrypted also. Use umount go back to the crypted state
NOTE: You can write files to the crypted dir, if you are NOT using filename encryption, you can’t see which one is crypted and which is not. Use the script below to get hints of the readable files!
mount -t ecryptfs securedir securedir
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [xxxxxxxxxxxxxxxxxx]:
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=xxxxxxxxxxxxxxxxxx
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=xxxxxxxxxxxxxxxxxxx
Mounted eCryptfs
Crypting disks for travel/backup
For this i’m using Luks
The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and was originally intended for Linux.
While most disk encryption software implements different, incompatible, and undocumented formats , LUKS implements a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability among different programs, but also assures that they all implement password management in a secure and documented manner
Formatting a disk and mounting
cryptsetup luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb1:
Verify passphrase:
root@workstation:~# cryptsetup luksOpen /dev/sdb1 crypto
Enter passphrase for /dev/sdb1:
root@workstation:~# mkfs.ext4 /dev/mapper/crypto
mke2fs 1.44.1 (24-Mar-2018)
Creating filesystem with 244188672 4k blocks and 61054976 inodes
Filesystem UUID: 844eb9ee-d4da-4dfd-9d94-b62987e96b93
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done
root@workstation:~# mount /dev/mapper/crypto /backup/
Umount and close
umount /backup
cryptsetup luksClose crypto
File crypt checker (checks for data files which COULD be crypted)
#!/bin/bash
find secure -type f -exec file {} \;| egrep -v "ASCII text|MS Windows shortcut|ISO-8859 text|image data|PDF document|PC bitmap|Composite Document File|WebM|ISO Media|Microsoft Word|HTML| Microsoft Excel|Matroska|vCard|Microsoft ASF|Web/
P|RIFF|MPEG|RealMedia|UTF\-8 Unicode|Zip archive data|Macromedia Flash|RAR archive|EPUB document|Adobe Photoshop Image|AppleDouble|OpenType|empty|gzip compressed data|MS Windows|OpenDocument|Paint Shop Pro|executable|PostScript document|
Rich Text|audio data|SVG Scalable|UDF filesystem|very short file|Web Open Font Format|IFF |TrueType|BeautifulWatches|MTS:" > data-or-not
OR
File crypt checker ( When the directory is in crypted state ) All files should be raw data
#!/bin/bash # Set shebang .. interpreter (sh/python/bash)
#set -x # debug flag, shows all output and variables
set -e # exit when an error occurs, Dont use this when sourcing a scriptor using bash ./scriptnaam gebruikt.
set -u # exit when a variable isn't defined
set -o pipefail # exit when a pipe command fails
# Add comments to your scripts!
PIPEFAIL Example
grep string /nonexistenddir/file | sort # Does NOT give an error, sort works!
So echo $? gives 0
When set -o pipefail is set, above example will print 1 or 2
Bash options example
#!/bin/bash
usage ()
{
echo >&2 "usage: $0 <list-of-options>"
}
main ()
{
[ $# -lt 1 ] && usage
INSTALL_DIR=`dirname $0`
for i in $@; do
echo "$INSTALL_DIR $i"
done
}
main $@
Execute output from a script.
Sometimes i write scripts which print the command I want to have executed. Most of the times to check the generated commandline. simple example
ls | grep 2000 | while read ; do echo rm -f "$REPLY" ;done
Above only prints the lines rm -f <filename with 2000> rm -f <other filename with 2000>
Instead of removing the echo command, you can add a | bash , to have it executed.
ls | grep 2000 | while read ; do echo rm -f "$REPLY" ;done | bash
Or even shorter ( Use !! for previous command )
!! | bash
History
Search with CTRL-R in your command history, and use !<number> to execute this command again.
touch file1 file2 file3 file4
chmod 664 !* # will chmod only the files
When you used typed systemctl stop httpd and want to start again use replace ^stop^start This will take previous command containing stop and places stop with start and executes this.
Toggle history on/off with “set -o history”, depending on your setup you can use “<space>command to be executed”
History log original username per date when sudo is being used (creates .history.20230103.fash in /root/ )
HISTFILE=~/.history.$(date +%y%b%d).$(who am i | awk '{ print $1 }')
Skip first 2 lines and join 2 lines
#skip 2 lines
tail -n +3
#join 2 lines
sed 'N;s/\n/,/'
#3rd line from a file
sed "3q;d" /etc/hosts
#join on line line using comma's
paste -sd "," -
Find Tricks
#Remove empty directories
find ??? -empty -type d -delete
#Find multiple extentions
find archieven/ \( -name "*.png" -o -name "*.xml" \)
-print0 to handle filenames with spaces
Remove huge directory structures FAST
mkdir /tmp/empty ; rsync -a --delete /tmp/empty /path/blah
Check program installed and in path
which zenity >/dev/null 2>/tmp/err || ( echo "zenity not found, please install" ; exit 1 )
Change directory to location script for relative path usage
cd $(dirname $0)
ls relativesubdir/
IFS (Internal Field Separator)
IFS=$' ' # internal field separator, strings split here
for f in $(cat /etc/hosts) ; do echo $f ;done
#outputs 127.0.0.1
# localhost
IFS=$'\n\t' # internal field separator, split end of line
for f in $(cat /etc/hosts) ; do echo $f ;done
# Outputs 127.0.0.1 localhost
Difference for and while read example
echo "This will print every word" > text # Places text in file
echo "second line" >> text # Append text
for f in $(cat text) ; do echo $f ;done # for example
This
will
print
every
word
second
line
cat text | while read f ; do echo $f ; done # Read example
This will print every word
second line
Correct way to make a tempfile
tempfile=$(mktemp -d -t /tmp/log.$$) # Temp file, with unique name $$ is the process number
Usage in script :
ls > $tempfile
Cleanup:
rm -f "/tmp/$tempfile" # Remove
Direcory empty test
[ "$(ls -A /tmp)" ] && echo "Not empty" || echo "Empty" # test directory Empty/filled
test -d /tmp/1 && rmdir /tmp/1 # Removes a directory when it exists, will give an error when NOT empty
Using Expand
On directories archive30_tmp till archive35_tmp setting recursive chmod 2775
find achief{30..35}_tmp -type d -exec chmod 2775 {} \;
or
mkdir tmp{1..3} # will create tmp1 tmp2 tmp3
echo pr{ut,utser}s # Outputs "pruts prutsers"
Test root user
if [ $USER == "root" ] ; then … ; fi # execute only when root
if $USER is empty, this will give an error.
if [ w$USER == "wroot" ] works
qouting $USER also, but qouting a number using less/greater test could be problematic
Mount test
grep -qs /media /proc/mounts && echo "/media is mounted"
Date tricks
datum=$(date +%Y%m%d) # datum is yyyymmdd 20230103
today=$(date +%F)
tomorrow=$(date --date="next day" +%F)
p3=$(date --date="$p2" +%F)
dater=$p3
#now=$(date +%s --date="1 days ago")
now=$(date -d $(date --date="1 days ago" +%F) +%s)
p3epoch=$(date --date="$p3" +%s)
dater=$(date -d "$p3 1 year" +%F)
date -d @<UNIX timestamp> # Timestamp to date
Size test in directory
if [ "$(df /tmp |grep -v Available | awk {' print $4 }')" -lt 1000000 ] ; then echo "not enough free in /tmp" ;fi
Parallel Tasks
4 parallel jobs
find jpg -type f -name \*.jpg -print0 | xargs -0 -n1 -P4 ./convert.sh
Cluster ssh trick
Using Clusterssh at work
## clusterssh trick
Only needed to do stuff on server having a certain directory
clusterssh storageservers # ssh to 24 storage servers
sudo su -
cd /bricks/*/backup2 # change directory to this if exists
cd /alternatedir/brick0*/backup2 # change to this alternate directory if it exists
# directories not found? then you are still in /root
pwd | grep testdir || logout # no testdir in found subdirs? (there are non in /root so you will be logged out)
id | grep myuser && logout # if mortal user? then logout again .. you will be disconnected from servers not containing the backup2 directories
Do your work as root
Forgot to sudo?
systemctl restart httpd (wont work as user)
sudo !!
(this will do "sudo systemctl restart httpd")
Top 5 homedir users
du -hsx /home/* | sort -rh | head -5
Removing a huge file takes a long time .. lets truncate it
: > hugefile
rm hugefile
Check memory banks using dmidecode
sudo dmidecode| grep -i -B1 "Form Factor" (B1 means BEFORE 1 line, A is AFTER)
Size: 8192 MB
Form Factor: DIMM
--
Size: 8192 MB
Form Factor: DIMM
--
Size: No Module Installed
Form Factor: DIMM
--
sudo dmidecode -t memory | grep -i size
Size: 4096 MB
--
sudo lshw -short -C memory
H/W path Device Class Description
==========================================================
/0/0 memory 96KiB BIOS
/0/1000 memory 4GiB System Memory
/0/1000/0 memory 4GiB DIMM RAM
cat file | grep -o 'skip_reason.*' # till end
cat file | grep -o 'skip_reason.*tillhere'
Remove space filename
mv *\ * a
rm *\ *
Upper to lower case
tr '[:upper:]' '[:lower:]'
Whole directories to lowercase
#!/bin/bash
#print usage
if [ -z $1 ];then
echo "Usage :$(basename $0) parent-directory"
exit 1
fi
#process all subdirectories and files in parent directory
all="$(find $1 -depth)"
for name in ${all}; do
#set new name in lower case for files and directories
new_name="$(dirname "${name}")/$(basename "${name}" | tr '[A-Z]' '[a-z]')"
#check if new name already exists
if [ "${name}" != "${new_name}" ]; then
[ ! -e "${new_name}" ] && mv -T "${name}" "${new_name}"; echo "${name} was renamed to ${new_name}" || echo "${name} wasn't renamed!"
fi
done
echo
echo
#list directories and file new names in lowercase
echo "Directories and files with new names in lowercase letters"
find $(echo $1 | tr 'A-Z' 'a-z') -depth
exit 0
Later i made a script to push this information in Grafana
Now for the SSH part. I’m jumping from machine to machine using ssh, sometime i loop back to a server i was already connected to .. this helps me to keep track
in ssh_config add
SendEnv SSHTRAIL
in sshd_config add
AcceptEnv SSHTRAIL
in /etc/profile
export SSHTRAIL=$SSHTRAIL:$HOSTNAME
restart sshd
when you do this on all your machines you can get a trail of ssh using:
echo $SSHTRAIL
workstation:server1:server66:server1
I could change the prompt when a loop is detected
echo $SSHTRAIL | sed -e 's/:/\n/g' | sort | uniq -c | grep -v 1 | ... | echo "WARNING: loop in ssh"
I’ve bought ximian desktop with the exchange 2000 connector (For work) in the same package was staroffice 6.0. It was based on Redhat 7.3
Ximian Desktop provides everything you need to put your Linux system to work. It includes a graphical interface based on the GNOME platform, with high-quality applications like the Ximian Evolution® groupware suite.
All editions of Ximian Desktop add the following:
A special Ximian edition of the OpenOffice.org office suite.
The most advanced Linux* printing system available today, integrated with the entire desktop and based on the CUPS subsystem. CUPS supports more printers and makes it much easier to set them up.
Extensive network compatibility for Windows* and UNIX networks.
Easy, removable media tools, including CD burning made simple.
A “My Computer” tool to help you navigate files, networks, and devices, designed especially for people migrating from Microsoft Windows.
The Red CarpetTM software management tool, which makes sure you get critical software updates quickly, easily, and securely.
The Professional Edition of Ximian Desktop includes additional software and services:
Agfa Fonts: High-quality licensed fonts, metrically compatible with those used in Microsoft* Office, to help preserve formatting and styles across platforms.
RealNetworks* RealPlayer*: Media player for RealAudio and RealVideo formats. Works with or without your Web browser.
Macromedia* Flash*: Browser plug-in for display of Flash vector animation on the Web.
Sun* Java* Runtime Environment: Allows you to use the broadest range of Java software with the best performance.
A year’s subscription to Red Carpet Express, the Ximian high-bandwidth update service.
30 days of personalized Web-based support at support.ximian.com.
Outlook integration (needed for work)
Nice icon set
Red Carpet
Vector graphic icons, one of the first distro’s which got it right
Roalt helped me to get my first Linux system running.
I don’t know if it was a floppy install or cd-roms.
I remember buying cdrom sets like these at our local computershop for later installs.
A year later my system was reinstalled with Slackware by Gmc. Although Roalt helped me getting started with Linux, i’ve learned a lot from Gmc.
First time i saw an Unix system was at my friend Richard when i was 16-ish. It was a commercial unix system he had on loan. Later he installed Minix or something simulair. This was all pre-linux
I used the Slackware distribution for a long time, but tried others also.
List of Linux distributions and other Unix variants i remember.
Suse
Redhat
Gentoo
Fedora
Centos/Rocky
Bsd
Aix
Solaris
Debian
Ubuntu
Mint
Damn Small Linux
Backtrack
Kali
OpenZaurus
Slax
Puppy Linux
Linux Router Project
"If something is worth doing, it's worth overdoing."