The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

56 Linux Networking commands and scripts

Posted by jpluimers on 2021/01/25

Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.

An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.

Source: [WayBack55 Linux Networking commands and scripts

List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):

  1. arpwatch – Ethernet Activity Monitor.
  2. bmon – bandwidth monitor and rate estimator.
  3. bwm-ng – live network bandwidth monitor.
  4. curl – transferring data with URLs. (or try httpie)
  5. darkstat – captures network traffic, usage statistics.
  6. dhclient – Dynamic Host Configuration Protocol Client
  7. dig – query DNS servers for information.
  8. dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
  9. ethtool – utility for controlling network drivers and hardware.
  10. gated – gateway routing daemon.
  11. host – DNS lookup utility.
  12. hping – TCP/IP packet assembler/analyzer.
  13. ibmonitor – shows bandwidth and total data transferred.
  14. ifstat –  report network interfaces bandwidth.
  15. iftop – display bandwidth usage.
  16. ip (PDF file) – a command with more features that ifconfig (net-tools).
  17. iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
  18. iproute2 – collection of utilities for controlling TCP/IP.
  19. iptables – take control of network traffic.
  20. IPTraf – An IP Network Monitor.
  21. iputils – set of small useful utilities for Linux networking.
  22. jwhois (whois) – client for the whois service.
  23. “lsof -i” – reveal information about your network sockets.
  24. mtr – network diagnostic tool.
  25. net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
  26. ncat – improved re-implementation of the venerable netcat.
  27. netcat – networking utility for reading/writing network connections.
  28. nethogs – a small ‘net top’ tool.
  29. Netperf – Network bandwidth Testing.
  30. netsniff-ng – Swiss army knife for daily Linux network plumbing.
  31. netstat – Print network connections, routing tables, statistics, etc.
  32. netwatch – monitoring Network Connections.
  33. ngrep – grep applied to the network layer.
  34. nload – display network usage.
  35. nmap – network discovery and security auditing.
  36. nslookup – query Internet name servers interactively.
  37. ping – send icmp echo_request to network hosts.
  38. route – show / manipulate the IP routing table.
  39. slurm – network load monitor.
  40. snort – Network Intrusion Detection and Prevention System.
  41. smokeping –  keeps track of your network latency.
  42. socat – establishes two bidirectional byte streams and transfers data between them.
  43. speedometer – Measure and display the rate of data across a network.
  44. speedtest-cli – test internet bandwidth using speedtest.net
  45. ss – utility to investigate sockets.
  46. ssh –  secure system administration and file transfers over insecure networks.
  47. tcpdump – command-line packet analyzer.
  48. tcptrack – Displays information about tcp connections on a network interface.
  49. telnet – user interface to the TELNET protocol.
  50. tracepath – very similar function to traceroute.
  51. traceroute – print the route packets trace to network host.
  52. vnStat – network traffic monitor.
  53. wget –  retrieving files using HTTP, HTTPS, FTP and FTPS.
  54. Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
  55. Wireshark – network protocol analyzer.

Via:

–jeroen

Posted in *nix, *nix-tools, cURL, dig, Internet, nmap, Power User, SpeedTest, ssh/sshd, tcpdump, Wireshark | Leave a Comment »

TUMBLEWEED Ordering cycle at boot with nss-lookup: named fails to start initially; workaround: manually `rcnamed start`

Posted by jpluimers on 2021/01/15

I have seen this on one Raspberry Pi 3 system: named failing to start during a normal reboot.

The solution is to manually rcnamed start as root after boot.

From [Wayback] TUMBLEWEED Ordering cycle at boot with nss-lookup, the rcnamed status is the same as on my system, but no solution in that thread:

# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
     Active: inactive (dead) Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found ordering cycle on named.service/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on time-sync.target/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on ntpd.service/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on nss-lookup.target/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Job named.service/start deleted to break ordering cycle starting with nss-lookup.target/start

Apparently, sometimes there is a service startup dependency loop, and named becomes the victim of it, effectively rendering DNS inoperable.

My system was running this version of Tumbleweed:

statler:~ # cat /etc/SUSE-brand /etc/os-release 
openSUSE
VERSION = tumbleweed
NAME="openSUSE Tumbleweed"
# VERSION="20200825"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20200825"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20200825"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
LOGO="distributor-logo"

On an identical system, the boot just worked fine, so it might be timing related.

waldorf:~ # cat /etc/SUSE-brand /etc/os-release 
openSUSE
VERSION = tumbleweed
NAME="openSUSE Tumbleweed"
# VERSION="20200825"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20200825"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20200825"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
LOGO="distributor-logo"

It has been fixed late January 2021 as per [Wayback] Bug 1177491 – systemd ordering cycle with nss-lookup.target:

Josef Möllers 2021-01-27 15:50:15 UTC
Fixed by removing "Before=nss-lookup.target" from systemd's service file.

It means editing /etc/systemd/system/multi-user.target.wants/named.service from

[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-sync.target
Before=nss-lookup.target
Wants=nss-lookup.target
Wants=time-sync.target

[Service]
Type=forking
ExecStart=/usr/sbin/named.init start
ExecReload=/usr/sbin/named.init reload
ExecStop=/usr/sbin/named.init stop

[Install]
WantedBy=multi-user.target

into

[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-sync.target
Wants=nss-lookup.target
Wants=time-sync.target

[Service]
Type=forking
ExecStart=/usr/sbin/named.init start
ExecReload=/usr/sbin/named.init reload
ExecStop=/usr/sbin/named.init stop

[Install]
WantedBy=multi-user.target

Note that it is an alias, so it won’t show up in a versioned /etc directory (for instance using etckeeper):

# ls -Alh /etc/systemd/system/multi-user.target.wants/named.service 
lrwxrwxrwx 1 root root 37 Sep  5  2020 /etc/systemd/system/multi-user.target.wants/named.service -> /usr/lib/systemd/system/named.service

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

TODO: if weerslag hasn’t supported https yet, dig deeper into ProxyPass / ProxyPassReverse

Posted by jpluimers on 2021/01/12

I’ve this page for my brother: https://martijn.pluimers.com/agenda-month-weather.html.

It serves his agenda plus a few weather widgets.

The weerslag widget fails to load as it’s in an iframe pointing to http but the page is https. That’s not allowed as shown in this nice table at [WayBackssl – Insecure content in iframe on secure page – Stack Overflow by amol-ghotankar and richard:

page  - iframe - status
----- - -----  - -----------
http  - http   - allowed
http  - https  - allowed
https - http   - not allowed
https - https  - allowed

So I put it behind a simple Apache reverse proxy: https://www.pluimers.com/maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10:


<Location /maps.weerslag.nl>
ProxyPass http://maps.weerslag.nl
ProxyPassReverse http://maps.weerslag.nl
Require all granted
</Location>

view raw

maps.weerslag.nl.conf

hosted with ❤ by GitHub

If they still haven’t fixed their https access, I need to dig deeper into this.

When writing this [Arhive.ishttps://maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10 gave a 404 and http://maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10 misbehaved behind the proxy:

–jeroen

Posted in *nix, Apache2, Development, Power User, Web Development | Leave a Comment »

Opensuse Community Account Migration

Posted by jpluimers on 2021/01/11

Apparently, during my 15 month rectum cancer fight, I missed the one month window of migrating my opensuse account (because of the sale of opensuse from Microfocus to a German investment company named EQT Partners).

I got the email on may 1st (right before my first surgery) and since I only just am recovering from the last surgery, discovered [Wayback] Community Account Migration:

The Community Accounts (aka. Bugzilla Accounts) will migration to the SUSE datacenter in Nuremberg

SUSE is the largest independent open source company.
We are finalizing this independence also on the technical level.
The Community Accounts (a.k.a. Bugzilla Accounts) were moved back to SUSE to a new system in our Nuremberg data center.

All accounts have been migrated. Except for the password.
To access your migrated account a migration tool was offered until June 18th
The migration is no longer possible.
To regain access to your account you have to request a password reset.
This requires that the account has your correct email address registered.
If this is not the case you will have to create a new account.

It looks like the account migration uses Okta (identity management) – Wikipedia as authentication service (quite odd for a German company to use a USA based company for authentication: hellp GDPR!), using mail servers having hostnames not ending in opensuse.org, but like o#.mailrelay.okta.com.

Hopefully identify emails do get through: they are now trying to get past my grey-list filters.

Edit:

The okta mail servers didn’t get through the grey-list, so I forced them to the secondary mail servers where they did get through.

It indicated migration is not possible any more and I should seek help:

At this time your password can only be reset by an administrator. To send them a request, go to your Sign-in Help page. Then click the Request help link.

So I did:

Hi,

Due to my 15 months fight with rectumcancer and the “SUSE Account Changes – Coming soon!” last May not indicating any deadline for the migration, I missed the one month account migration window (2020-05-18 to 2020-06-18) mentioned at https://idp-portal-info.suse.com/

Can you please re-activate the account jeroen.suffix@example.com and re-bind the forums.opensuse.org username accountname for me and send me a password reset email on that above email address?

Thanks,

–jeroen

Edit 20210112:

I got an account activation email, added password/question/mobile-phone-number, then got redirected to https://myaccount.suse.com/app/UserHome, then the “Forums” link allowed me to enter a forums alias the same as my old alias. So it looks it sort of works now: my old jpluimers posts have not been linked to my new account.

Some reading for when I have more energy:

I just checked and the email about migration did not indicate any deadline apart from that password reset links were valid for 90 days, a lot longer than one month window.

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

🔎Julia Evans🔍 on Twitter: “ssh tips… “

Posted by jpluimers on 2021/01/08

Great work by [WayBack]  🔎Julia Evans🔍 on Twitter: “ssh tips… “

[WayBackssh tips JPG

Via:

Some more tips:

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SSH, ssh/sshd | Leave a Comment »

Binding #Uptimerobot monitoring to your own subdomain: embarcaderomonitoring.wiert.me

Posted by jpluimers on 2021/01/01

Below a few screenshots on how to bind your own subdomain to a set of uptimerobot monitors.

This case is about [Archive.isembarcaderomonitoring.wiert.me, which I setup because of the not so well way that Embarcadero maintained their web facing infrastructure in the past.

The steps for that are really simple, assuming you already have an uptimerobot account and some monitor set-up. If you don’t: check out the first video (thanks onewebstreet!) linked below the fold, as it is a step-by-step introduction.

Steps for your own subdomain

If you like video more than a list of steps, check out the second video (thanks Kyle!) below the fold.

  1. Ensure you have a DNS CNAME record that points your subdomain (in my case embarcaderomonitoring.wiert.me) to stats.uptimerobot.com:

    Note that [Archive.is] stats.uptimerobot.com by itself will not display any dashboard, as it requires a CNAME to be involved that is registered in the Uptime robot Custom Domain list.

  2. Login to Uptime robot, which brings you to uptimerobot.com/dashboard#mainDashboard
  3. Click on settings, which brings you to uptimerobot.com/dashboard#mySettings
  4. Observe the “Disable RSS” (or “Enable RSS” if you have not yet enabled it) and the “this link” (which in my case points to this RSS feed [WayBack])
  5. Clicking on “show them” will get you something like this:
  6. Clicking on the pencil icon then will get you where you can set the “Custom Domain”, which notes

    Custom Domain

    (make sure you create a CNAME DNS record for your domain to stats.uptimerobot.com. And, it can take up to 30 mins for the custom domain to be activated.)

  7. Wait a while and check your CNAME for a valid Uptime robot status dashboard.

–jeroen

Read the rest of this entry »

Posted in *nix, LifeHacker, Monitoring, Power User, Uptimerobot | Leave a Comment »

Uptimerobot: TCP uptime only verifies the three-way TCP handshake

Posted by jpluimers on 2020/12/28

I like uptimerobot a lot (wrote about it earlier, and will write about it soon again), but there are two important things to keep in mind on how it does connection uptime verification:

  1. HTTP checks: [WayBack] Introducing “HTTP Method Selection” (HEAD/GET/POST/PUT/PATCH/DELETE) | Uptime Robot – Blog
    • HTTP requests by default are HEAD for plain HTTP monitors or GET for HTTP keyword monitors, but in the advanced settings, you have options to choose other methods as well: HEAD/GET/POST/PUT/PATCH/DELETE are supported, which means the only unsupported methods (see Hypertext Transfer Protocol: Request Methods – Wikipedia) are TRACE/OPTIONS/CONNECT.
  2. TCP checks: [WayBack] New Feature – Monitoring Ports | Uptime Robot – Blog

If you want to see a few specific TCP protocol tests in action, then check these:

I did not find a good site to test IMAP servers in a simple way like the above sites. If anyone has one: please share it in a comment below.

I did find a post with public FTP servers (they are becoming rare): [WayBack] Is there a Public FTP server to test upload and download? – Stack Overflow

jeroen

Posted in *nix, Monitoring, Power User, Uptimerobot | Leave a Comment »

Mariuz’s Blog: Understanding Debian: The Universal Operating System

Posted by jpluimers on 2020/12/25

Blast from the past: [WayBack] Mariuz’s Blog: Understanding Debian: The Universal Operating System.

Small image below; large image: [WayBackinfographic_debian.png.

Via [WayBack] Adrian Marius Popa – Google+

–jeroen

Posted in *nix, Debian, Linux, Power User | Leave a Comment »

mkcert: valid HTTPS certificates for localhost (Windows/Mac/Linux) — a short blog post about it, by FiloSottile

Posted by jpluimers on 2020/12/21

Cool: [WayBack] Filippo Valsorda on Twitter: “mkcert: valid HTTPS certificates for localhost — a short blog post mkcert now that it’s almost done 🔒 “

Blog post: [WayBackmkcert: valid HTTPS certificates for localhost:

The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let’s Encrypt, development still mostly ends up happening over HTTP because no one can get an…

Code: [WayBack] GitHub – FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you’d like.

It is cross platform and works way better than good old Windows makecert (which is from the 2000’s era: [Archive.is] Public Key Infrastructure: Second European PKI Workshop: Research and … – David Chadwick, Greece) European PKI Workshop: Research and Applications (1st : 2004 : Samos Island – Google Books).

Related:

–jeroen

Read the rest of this entry »

Posted in *nix, Apple, Encryption, HTTPS/TLS security, Linux, Mac OS X / OS X / MacOS, Power User, Security, Windows | Leave a Comment »

RAMBOOT – booting Linux into a RAM disk…

Posted by jpluimers on 2020/12/14

Interesting as this should work for other Linux distributions as well: [WayBack] RAMBOOT – How to booting Debian into a RAM disc for speed and silence. How to RAMBOOT. It’s a poor man’s SSD, or a way to get SSD benefits on a laptop … – Isaac Kuo – Google+

Via: [WayBack] RAMBOOT – How to booting Debian into a RAM disc for speed and silence. How to RAMBOOT. It’s a poor man’s SSD, or a way to get SSD benefits on a laptop … – Jürgen Christoffel – Google+

Covers: [WayBack] RAMBOOT is an initrd hack that loads the entire OS partition in RAM, making it run like an extremely fast SSD, at the expense of perhaps 1.5+GB of RAM.

A quick search revealed these:

–jeroen

Posted in *nix, *nix-tools, Linux, Power User | Leave a Comment »

« Previous Entries
Next Entries »