The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

bash – How to get the primary IP address of the local machine on Linux and OS X? – Stack Overflow

Posted by jpluimers on 2021/02/05

[WayBack] bash – How to get the primary IP address of the local machine on Linux and OS X? – Stack Overflow (thanks [WayBackCollin Anderson!):

I tried on OS X 10.13.6 (macOS High Sierra) and these two work fine:

ip route get 1 | awk '{print $NF;exit}'

and

ip route get 8.8.8.8 | head -1 | cut -d' ' -f8

The first one needs the $ back-slash escaped as bash alias; the second does not need that.

Related:

–jeroen

Posted in *nix, *nix-tools, Apple, bash, Mac OS X / OS X / MacOS, macOS 10.13 High Sierra, Power User | Leave a Comment »

Thread by @b0rk: “nmap i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know! […]”

Posted by jpluimers on 2021/02/05

[WayBack] Thread by @b0rk: “nmap i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know! […]”


i haven’t used nmap much except to scan my home network for fun so if i missed something really important i’d love to know!

also i need to find space in there somewhere for “if you don’t run nmap as root it can’t send icmp (ping) packets, it’s better to run nmap as root”

also be careful when nmapping in a network you don’t administer! it’s a popular hacking tool so using nmap is often discouraged / banned. i made all of the examples in this comic “nmap scanme.nmap.org” and “nmap your home network” for a reason :)

There are are quite a few interesting comments on the thread:

And it taught me about scanme.nmap.org: [WayBack] Go ahead and ScanMe!

Hello, and welcome to Scanme.Nmap.Org, a service provided by the Nmap Security Scanner Project and Insecure.Org.

We set up this machine to help folks learn about Nmap and also to test and make sure that their Nmap installation (or Internet connection) is working properly. You are authorized to scan this machine with Nmap or other port scanners. Try not to hammer on the server too hard. A few scans in a day is fine, but dont scan 100 times a day or use this site to test your ssh brute-force password cracking tool.

Thanks
Fyodor

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

Thread by @b0rk: “this poster is like a SUPER EXTRA COMPRESSED version of the “Bite Size Networking” zine […]”

Posted by jpluimers on 2021/02/01

[WayBack] Thread by @b0rk: “this poster is like a SUPER EXTRA COMPRESSED version of the “Bite Size Networking” zine I’m working on: the goal of that zine is to teach yo […]”

Related:

Read the rest of this entry »

Posted in *nix, *nix-tools, Power User | Leave a Comment »

56 Linux Networking commands and scripts

Posted by jpluimers on 2021/01/25

Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.

An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.

Source: [WayBack55 Linux Networking commands and scripts

List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):

  1. arpwatch – Ethernet Activity Monitor.
  2. bmon – bandwidth monitor and rate estimator.
  3. bwm-ng – live network bandwidth monitor.
  4. curl – transferring data with URLs. (or try httpie)
  5. darkstat – captures network traffic, usage statistics.
  6. dhclient – Dynamic Host Configuration Protocol Client
  7. dig – query DNS servers for information.
  8. dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
  9. ethtool – utility for controlling network drivers and hardware.
  10. gated – gateway routing daemon.
  11. host – DNS lookup utility.
  12. hping – TCP/IP packet assembler/analyzer.
  13. ibmonitor – shows bandwidth and total data transferred.
  14. ifstat –  report network interfaces bandwidth.
  15. iftop – display bandwidth usage.
  16. ip (PDF file) – a command with more features that ifconfig (net-tools).
  17. iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
  18. iproute2 – collection of utilities for controlling TCP/IP.
  19. iptables – take control of network traffic.
  20. IPTraf – An IP Network Monitor.
  21. iputils – set of small useful utilities for Linux networking.
  22. jwhois (whois) – client for the whois service.
  23. “lsof -i” – reveal information about your network sockets.
  24. mtr – network diagnostic tool.
  25. net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
  26. ncat – improved re-implementation of the venerable netcat.
  27. netcat – networking utility for reading/writing network connections.
  28. nethogs – a small ‘net top’ tool.
  29. Netperf – Network bandwidth Testing.
  30. netsniff-ng – Swiss army knife for daily Linux network plumbing.
  31. netstat – Print network connections, routing tables, statistics, etc.
  32. netwatch – monitoring Network Connections.
  33. ngrep – grep applied to the network layer.
  34. nload – display network usage.
  35. nmap – network discovery and security auditing.
  36. nslookup – query Internet name servers interactively.
  37. ping – send icmp echo_request to network hosts.
  38. route – show / manipulate the IP routing table.
  39. slurm – network load monitor.
  40. snort – Network Intrusion Detection and Prevention System.
  41. smokeping –  keeps track of your network latency.
  42. socat – establishes two bidirectional byte streams and transfers data between them.
  43. speedometer – Measure and display the rate of data across a network.
  44. speedtest-cli – test internet bandwidth using speedtest.net
  45. ss – utility to investigate sockets.
  46. ssh –  secure system administration and file transfers over insecure networks.
  47. tcpdump – command-line packet analyzer.
  48. tcptrack – Displays information about tcp connections on a network interface.
  49. telnet – user interface to the TELNET protocol.
  50. tracepath – very similar function to traceroute.
  51. traceroute – print the route packets trace to network host.
  52. vnStat – network traffic monitor.
  53. wget –  retrieving files using HTTP, HTTPS, FTP and FTPS.
  54. Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
  55. Wireshark – network protocol analyzer.

Via:

–jeroen

Posted in *nix, *nix-tools, cURL, dig, Internet, nmap, Power User, SpeedTest, ssh/sshd, tcpdump, Wireshark | Leave a Comment »

TUMBLEWEED Ordering cycle at boot with nss-lookup: named fails to start initially; workaround: manually `rcnamed start`

Posted by jpluimers on 2021/01/15

I have seen this on one Raspberry Pi 3 system: named failing to start during a normal reboot.

The solution is to manually rcnamed start as root after boot.

From [Wayback] TUMBLEWEED Ordering cycle at boot with nss-lookup, the rcnamed status is the same as on my system, but no solution in that thread:

# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
     Active: inactive (dead) Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found ordering cycle on named.service/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on time-sync.target/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on ntpd.service/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Found dependency on nss-lookup.target/start
Jul 02 08:13:40 hpprol2 systemd[1]: nss-lookup.target: Job named.service/start deleted to break ordering cycle starting with nss-lookup.target/start

Apparently, sometimes there is a service startup dependency loop, and named becomes the victim of it, effectively rendering DNS inoperable.

My system was running this version of Tumbleweed:

statler:~ # cat /etc/SUSE-brand /etc/os-release 
openSUSE
VERSION = tumbleweed
NAME="openSUSE Tumbleweed"
# VERSION="20200825"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20200825"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20200825"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
LOGO="distributor-logo"

On an identical system, the boot just worked fine, so it might be timing related.

waldorf:~ # cat /etc/SUSE-brand /etc/os-release 
openSUSE
VERSION = tumbleweed
NAME="openSUSE Tumbleweed"
# VERSION="20200825"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20200825"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20200825"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
LOGO="distributor-logo"

It has been fixed late January 2021 as per [Wayback] Bug 1177491 – systemd ordering cycle with nss-lookup.target:

Josef Möllers 2021-01-27 15:50:15 UTC
Fixed by removing "Before=nss-lookup.target" from systemd's service file.

It means editing /etc/systemd/system/multi-user.target.wants/named.service from

[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-sync.target
Before=nss-lookup.target
Wants=nss-lookup.target
Wants=time-sync.target

[Service]
Type=forking
ExecStart=/usr/sbin/named.init start
ExecReload=/usr/sbin/named.init reload
ExecStop=/usr/sbin/named.init stop

[Install]
WantedBy=multi-user.target

into

[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-sync.target
Wants=nss-lookup.target
Wants=time-sync.target

[Service]
Type=forking
ExecStart=/usr/sbin/named.init start
ExecReload=/usr/sbin/named.init reload
ExecStop=/usr/sbin/named.init stop

[Install]
WantedBy=multi-user.target

Note that it is an alias, so it won’t show up in a versioned /etc directory (for instance using etckeeper):

# ls -Alh /etc/systemd/system/multi-user.target.wants/named.service 
lrwxrwxrwx 1 root root 37 Sep  5  2020 /etc/systemd/system/multi-user.target.wants/named.service -> /usr/lib/systemd/system/named.service

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

TODO: if weerslag hasn’t supported https yet, dig deeper into ProxyPass / ProxyPassReverse

Posted by jpluimers on 2021/01/12

I’ve this page for my brother: https://martijn.pluimers.com/agenda-month-weather.html.

It serves his agenda plus a few weather widgets.

The weerslag widget fails to load as it’s in an iframe pointing to http but the page is https. That’s not allowed as shown in this nice table at [WayBackssl – Insecure content in iframe on secure page – Stack Overflow by amol-ghotankar and richard:

page  - iframe - status
----- - -----  - -----------
http  - http   - allowed
http  - https  - allowed
https - http   - not allowed
https - https  - allowed

So I put it behind a simple Apache reverse proxy: https://www.pluimers.com/maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10:


<Location /maps.weerslag.nl>
ProxyPass http://maps.weerslag.nl
ProxyPassReverse http://maps.weerslag.nl
Require all granted
</Location>

view raw

maps.weerslag.nl.conf

hosted with ❤ by GitHub

If they still haven’t fixed their https access, I need to dig deeper into this.

When writing this [Arhive.ishttps://maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10 gave a 404 and http://maps.weerslag.nl/GratisRadar/1201/864/verwacht?zoom=10 misbehaved behind the proxy:

–jeroen

Posted in *nix, Apache2, Development, Power User, Web Development | Leave a Comment »

Opensuse Community Account Migration

Posted by jpluimers on 2021/01/11

Apparently, during my 15 month rectum cancer fight, I missed the one month window of migrating my opensuse account (because of the sale of opensuse from Microfocus to a German investment company named EQT Partners).

I got the email on may 1st (right before my first surgery) and since I only just am recovering from the last surgery, discovered [Wayback] Community Account Migration:

The Community Accounts (aka. Bugzilla Accounts) will migration to the SUSE datacenter in Nuremberg

SUSE is the largest independent open source company.
We are finalizing this independence also on the technical level.
The Community Accounts (a.k.a. Bugzilla Accounts) were moved back to SUSE to a new system in our Nuremberg data center.

All accounts have been migrated. Except for the password.
To access your migrated account a migration tool was offered until June 18th
The migration is no longer possible.
To regain access to your account you have to request a password reset.
This requires that the account has your correct email address registered.
If this is not the case you will have to create a new account.

It looks like the account migration uses Okta (identity management) – Wikipedia as authentication service (quite odd for a German company to use a USA based company for authentication: hellp GDPR!), using mail servers having hostnames not ending in opensuse.org, but like o#.mailrelay.okta.com.

Hopefully identify emails do get through: they are now trying to get past my grey-list filters.

Edit:

The okta mail servers didn’t get through the grey-list, so I forced them to the secondary mail servers where they did get through.

It indicated migration is not possible any more and I should seek help:

At this time your password can only be reset by an administrator. To send them a request, go to your Sign-in Help page. Then click the Request help link.

So I did:

Hi,

Due to my 15 months fight with rectumcancer and the “SUSE Account Changes – Coming soon!” last May not indicating any deadline for the migration, I missed the one month account migration window (2020-05-18 to 2020-06-18) mentioned at https://idp-portal-info.suse.com/

Can you please re-activate the account jeroen.suffix@example.com and re-bind the forums.opensuse.org username accountname for me and send me a password reset email on that above email address?

Thanks,

–jeroen

Edit 20210112:

I got an account activation email, added password/question/mobile-phone-number, then got redirected to https://myaccount.suse.com/app/UserHome, then the “Forums” link allowed me to enter a forums alias the same as my old alias. So it looks it sort of works now: my old jpluimers posts have not been linked to my new account.

Some reading for when I have more energy:

I just checked and the email about migration did not indicate any deadline apart from that password reset links were valid for 90 days, a lot longer than one month window.

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

🔎Julia Evans🔍 on Twitter: “ssh tips… “

Posted by jpluimers on 2021/01/08

Great work by [WayBack]  🔎Julia Evans🔍 on Twitter: “ssh tips… “

[WayBackssh tips JPG

Via:

Some more tips:

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SSH, ssh/sshd | Leave a Comment »

Binding #Uptimerobot monitoring to your own subdomain: embarcaderomonitoring.wiert.me

Posted by jpluimers on 2021/01/01

Below a few screenshots on how to bind your own subdomain to a set of uptimerobot monitors.

This case is about [Archive.isembarcaderomonitoring.wiert.me, which I setup because of the not so well way that Embarcadero maintained their web facing infrastructure in the past.

The steps for that are really simple, assuming you already have an uptimerobot account and some monitor set-up. If you don’t: check out the first video (thanks onewebstreet!) linked below the fold, as it is a step-by-step introduction.

Steps for your own subdomain

If you like video more than a list of steps, check out the second video (thanks Kyle!) below the fold.

  1. Ensure you have a DNS CNAME record that points your subdomain (in my case embarcaderomonitoring.wiert.me) to stats.uptimerobot.com:

    Note that [Archive.is] stats.uptimerobot.com by itself will not display any dashboard, as it requires a CNAME to be involved that is registered in the Uptime robot Custom Domain list.

  2. Login to Uptime robot, which brings you to uptimerobot.com/dashboard#mainDashboard
  3. Click on settings, which brings you to uptimerobot.com/dashboard#mySettings
  4. Observe the “Disable RSS” (or “Enable RSS” if you have not yet enabled it) and the “this link” (which in my case points to this RSS feed [WayBack])
  5. Clicking on “show them” will get you something like this:
  6. Clicking on the pencil icon then will get you where you can set the “Custom Domain”, which notes

    Custom Domain

    (make sure you create a CNAME DNS record for your domain to stats.uptimerobot.com. And, it can take up to 30 mins for the custom domain to be activated.)

  7. Wait a while and check your CNAME for a valid Uptime robot status dashboard.

–jeroen

Read the rest of this entry »

Posted in *nix, LifeHacker, Monitoring, Power User, Uptimerobot | Leave a Comment »

Uptimerobot: TCP uptime only verifies the three-way TCP handshake

Posted by jpluimers on 2020/12/28

I like uptimerobot a lot (wrote about it earlier, and will write about it soon again), but there are two important things to keep in mind on how it does connection uptime verification:

  1. HTTP checks: [WayBack] Introducing “HTTP Method Selection” (HEAD/GET/POST/PUT/PATCH/DELETE) | Uptime Robot – Blog
    • HTTP requests by default are HEAD for plain HTTP monitors or GET for HTTP keyword monitors, but in the advanced settings, you have options to choose other methods as well: HEAD/GET/POST/PUT/PATCH/DELETE are supported, which means the only unsupported methods (see Hypertext Transfer Protocol: Request Methods – Wikipedia) are TRACE/OPTIONS/CONNECT.
  2. TCP checks: [WayBack] New Feature – Monitoring Ports | Uptime Robot – Blog

If you want to see a few specific TCP protocol tests in action, then check these:

I did not find a good site to test IMAP servers in a simple way like the above sites. If anyone has one: please share it in a comment below.

I did find a post with public FTP servers (they are becoming rare): [WayBack] Is there a Public FTP server to test upload and download? – Stack Overflow

jeroen

Posted in *nix, Monitoring, Power User, Uptimerobot | Leave a Comment »

« Previous Entries
Next Entries »