andonome/lk
2
1
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more cleanup

Browse Source
This commit is contained in:
Malin Freeborn
2022-01-26 23:35:07 +01:00
parent f806bc35f5
commit 4cb4fca66a
76 changed files with 295 additions and 12029 deletions
Download Patch File Download Diff File Expand all files Collapse all files
networking/basics.md
+4 -4
View File
@@ -1,6 +1,6 @@
---
title: "basics"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# You
@@ -53,12 +53,12 @@ The starting numbers tell you about the address. You just have to memorize the m
|:---:|:---:|
| 127.X | The computer's name for itself, for when you want to ssh into your own machine |
| ::1/128 | Same thing, with ipv6 |
| 192.168.X | A small network address, given by a DHCP server (possibly your router) |
| 192.168.X | A small Network address, given by a DHCP server (possibly your router) |
| 169.X | The interface to the internet wasn't given an ip address, so it's made up its own |
# `arp-scan`
Look around your local network with `arp-scan`.
Look around your local Network with `arp-scan`.
> sudo arp-scan -l
@@ -85,7 +85,7 @@ Mac addresses are easy to fake, so don't trust this output to keep you safe.
# `nmap`
Look around your entire network from 192.168.0.1 to 192.168.0.255:
Look around your entire Network from 192.168.0.1 to 192.168.0.255:
> sudo nmap -F 192.168.0.1/24
networking/dns.md
-27
View File
@@ -1,27 +0,0 @@
---
title: "dns"
tags: [ "Documentation", "networking" ]
---
# Designate DNS
On Debian, a file might gain DNS services by adding the following to /etc/network/interfaces:
```
auto eth0
iface eth0 inet static
address 10.0.0.23
netmast 255.255.255.0
gateway 10.0.0.1
dns-nameservers 208.67.222.222 208.67.220.220
dns-search example.com
```
# URL Aliases
To change where hosts go, edit /etc/hostnames. You can enter, e.g.:
`54.239.25.200 www.amazon.com a`
... which then means simply the letter 'a' will lead you to amazon.com.
networking/fail2ban.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "fail2ban"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# SSH Daemon Jail
networking/troubleshooting.txt → networking/graph-easy.md
+39 -1
View File
@@ -1,5 +1,28 @@
Set up a file like this, called `troubleshooting.txt`.
```
[ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
[ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
[ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
[ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
[ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
[ Can you ping a DNS address? ] -- yes --> [ Traceroute ]
```
Then translate it with:
> graph-easy troubleshooting.txt --as boxart
```
┌────────────┐ ┌─────────────────────────┐ yes ┌────────────────────────────────────┐ yes ┌─────────────────────────────┐ yes ┌────────────┐
│ no network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
│ no Network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
└────────────┘ └─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘ └────────────┘
│ │ │
│ no │ no │ no
@@ -7,3 +30,18 @@
┌─────────────────────────┐ ┌────────────────────────────────────┐ ┌─────────────────────────────┐
│ Check NIC driver, dmesg │ │ Check cables, router, and switches │ │ Trying pinging 8.8.8.8 │
└─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘
```
Many options allow different displays.
Try placing this in a file:
```
[ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
[ One ] => { arrow-style: closed; } [ Three ]
[ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
[ One ] .. Test\n label ..> [ Four ]
[ Three ] { border-style: dashed; }
.. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
[ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
[ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }
[ no Network ] --> [ Is there an IP address? ]
```
networking/graph-easy/example.txt
-12
View File
@@ -1,12 +0,0 @@
[ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
[ One ] => { arrow-style: closed; } [ Three ]
[ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
[ One ] .. Test\n label ..> [ Four ]
[ Three ] { border-style: dashed; }
.. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
[ Seven ] -- [ Eight ]
[ Five ] --> [ Eight ]
[ Five ] --> [ Seven ]
[ Two ] -> [ Four ]
[ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
[ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }
networking/graph-easy/troubleshooting-map
-15
View File
@@ -1,15 +0,0 @@
[ no network ] --> [ Is there an IP address? ]
[ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
[ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
[ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
[ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
[ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
[ Can you ping a DNS address? ] -- yes --> [ Traceroute ]
networking/graph-easy/troubleshooting.map
-9
View File
@@ -1,9 +0,0 @@
┌────────────┐ ┌─────────────────────────┐ yes ┌────────────────────────────────────┐ yes ┌─────────────────────────────┐ yes ┌────────────┐
│ no network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
└────────────┘ └─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘ └────────────┘
│ │ │
│ no │ no │ no
∨ ∨ ∨
┌─────────────────────────┐ ┌────────────────────────────────────┐ ┌─────────────────────────────┐
│ Check NIC driver, dmesg │ │ Check cables, router, and switches │ │ Trying pinging 8.8.8.8 │
└─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘
networking/iptables.md
+25 -2
View File
@@ -1,6 +1,6 @@
---
title: "iptables"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Intro
@@ -24,7 +24,7 @@ Let's 'A'dd, or 'A'ppend a rule with -A. Let's drop all input from a nearby IP
> iptables -A INPUT -s 192.168.0.23 -j DROP
Or we can block all input from a particular port on the full network.
Or we can block all input from a particular port on the full Network.
> iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
@@ -55,3 +55,26 @@ Flush all existing rules with:
> iptables -F
# Examples
```
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
# that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
# Allow established sessions to receive traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ICMP pings
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow SSH remote
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Reject all other inbound connections
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
```
networking/iptables/examples.sh
-19
View File
@@ -1,19 +0,0 @@
#!/bin/sh
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
# that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
# Allow established sessions to receive traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ICMP pings
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow SSH remote
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Reject all other inbound connections
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
networking/iptables/iptables.md
-56
View File
@@ -1,56 +0,0 @@
---
title: "iptables"
tags: [ "Documentation", "networking" ]
---
# Intro
This is a basic Linux firewall program.
Look at your firewalls:
> iptables -L
We see the output of input, output and forwarding rules.
# Forward
I don't need any forwarding, so I'm going to drop all forwarding:
> iptables -P FORWARD DROP
# Input
Let's 'A'dd, or 'A'ppend a rule with -A. Let's drop all input from a nearby IP
> iptables -A INPUT -s 192.168.0.23 -j DROP
Or we can block all input from a particular port on the full network.
> iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
> iptables -A INPUT --dport 80 -j ACCEPT
This allows http traffic to an Apache web server over port 80.
However, rules are accepted in order - so a packet cannot be rejected and then accepted.
To delete rule 2 from the INPUT chain:
> iptables -D INPUT 3
Alternatively, you can 'I'nsert a rule at the start, rather than 'A'ppending it.
> iptables -I INPUT -s 192.168.0.13 DROP
# Catchalls
Catchall rules state that anything which is not permitted is forbidden. They must be allowed last.
# -Jurice-Diction
The -j flag accepts ACCEPT/REJECT/DROP. The last two are identical except that "REJECT" acknowledges the rejection.
Flush all existing rules with:
> iptables -F
networking/ldap/guide.html
-11390
View File
File diff suppressed because it is too large Load Diff
networking/nmap.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "nmap"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Example:
networking/pi-hole-server.md
+56
View File
@@ -0,0 +1,56 @@
---
title: "pi-hole-server"
tags: [ "Documentation", "Distros" ]
---
# Installation
## Arch
> yay -S pi-hole-server
> sudo systemctl enable --now pihole-FTL
> sudo systemctl disable --now systemd-resolved
> sudo rm -f /dev/shm/FTL-\*
## Debian
Debian has a long, boring setup.
> sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
> curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
# Setup
> sudo usermod -aG pihole $USER
Remove that google dns server.
> pihole -a setdns 9.9.9.9 1.0.0.1
Disable pihole password by setting a blank password.
> pihole -a -p
Get a new list of blocked domains, then reload:
> pihole -g -r
Every so often, run `pihole -g` again (perhaps put it in crontab).
## Check the Pihole
Observe the pihole's output while you ask it a question:
> pihole -t
Then ask the question from another computer:
> dig @[ pihole ip ] archlinux.org
## System-Wide Setup
To make the pihole work for the entire Network, enter your router and set the DNS server as nothing but your pihole.
networking/pihole/pihole.md
-30
View File
@@ -1,30 +0,0 @@
---
title: "pihole"
tags: [ "Documentation", "networking" ]
---
View DNS traffic
> pihole -t
Change password
> pihole -a -p
Get new list of cancer
> pihole -g
Change upstream DNS
> sudo vim /etc/dnsmasq/01-pihole.conf
## Troubleshooting
> sudo usermod -aG pihole $USER
> sudo systemctl stop systemd-resolved
> sudo rm -f /dev/shm/FTL-*
> pihole -g -r
networking/pip.md
+7 -1
View File
@@ -1,8 +1,14 @@
---
title: "pip"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Searching does not work.
Install with:
> pip install [ package ]
Upgrade all packages
> pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
networking/protocols.md
+6 -6
View File
@@ -1,6 +1,6 @@
---
title: "protocols"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Protocols
@@ -16,7 +16,7 @@ tags: [ "Documentation", "networking" ]
## IPv4
Three address ranges pertain only to private networks, so no computer looks beyond the local router to resolve them:
Three address ranges pertain only to private Networks, so no computer looks beyond the local router to resolve them:
10.0.0.0 to 10.255.255.255
@@ -24,7 +24,7 @@ Three address ranges pertain only to private networks, so no computer looks beyo
192.168.0.0 to 192.168.255.255
In theory, networks should fall within one of 3 ranges, depending upon their first octet:
In theory, Networks should fall within one of 3 ranges, depending upon their first octet:
Class A 1-127
@@ -63,13 +63,13 @@ Add an interface to a device as so:
> sudo ip a add 192.168.0.15/255.255.255.0 dev eth1
See network interfaces available on Fedora with:
See Network interfaces available on Fedora with:
> less /etc/sysconfig/network-scripts/ifcfg-enp2s0f0
> less /etc/sysconfig/Network-scripts/ifcfg-enp2s0f0
or on Debian with:
> less /etc/network/interfaces
> less /etc/Network/interfaces
Mostly, interfaces will receive automatic addresses from a DHCP server. If this hasn't happened for you, you can request a dhcp address with:
networking/rclone.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "rclone"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
The manpage's 'Synopsis' provides a fast reference.
networking/screen.md
+5 -3
View File
@@ -1,6 +1,6 @@
---
title: "screen"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
start session: screen
@@ -46,8 +46,10 @@ Screens have a list of commands to send
------Example----------
Start a new session with 'screen -S base' (which calls that session 'base'). Make a horizontal split with ^|, move into it with ^tab then create a new screen with ^c in that second split. The new screen can be named with ^A as 'music' before entering cmus. Next up, visualizations with vis in another screen. ^S makes a horizontal split and you can switch into that with ^tab to name is 'visualizations' and start vis. Switch back to the first screen and make another horizontal split and a screen in there with the name 'reading'. Inside reading you type ^? to get a list of useless screen commands. Reading can then be detatched with ^d and the horizontal split destroyed with ^X.
Those visualizations should be larger, so we enlarge them with Ctrl+: to send the command resize 50 and :resize -h 100.
Once done with reading, you can destroy it wil ^k then destroy the lot once done with ^\. Outside the screens entirely you can ensure complete death with 'killall screen'.
Those visualizations should be larger, so we enlarge them with Ctrl+: to send the command resize 50 and :resize -h 100.
Once done with reading, you can destroy it wil ^k then destroy the lot once done with ^\. Outside the screens entirely you can ensure complete death with 'killall screen'.
----------------------
networking/servers/agate.md
+2 -2
View File
@@ -1,6 +1,6 @@
---
title: "agate"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Make sure your dns is in order.
My domain name is `belgradecats.tk`, so put your own in there.
@@ -31,7 +31,7 @@ Make a service file.
```
[Unit]
Description=agate
After=network.target
After=Network.target
[Service]
User=gemini
networking/ssh/sshfs.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "sshfs"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Mount
networking/ssh/tricks.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "tricks"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Mount a remote filesystem locally with fuse-sshfs:
networking/tor.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "tor"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Get a hostname
networking/transmission.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "transmission"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Torrench
networking/troubleshooting.md
+3 -4
View File
@@ -1,11 +1,11 @@
---
title: "troubleshooting"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Do you have an IP?
If not, try checking out what your local networking interfaces are, then check if they have been picked up:
If not, try checking out what your local Networking interfaces are, then check if they have been picked up:
> dmesg | grep eth0
@@ -13,8 +13,7 @@ If not, try checking out what your local networking interfaces are, then check i
> netstat -l
... or maybe narrow it down to http:
...or maybe narrow it down to http:
> netstat -l | grep http
networking/website/nginx.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "nginx"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Install nginx:
networking/wifi.md
+7 -5
View File
@@ -1,6 +1,6 @@
---
title: "wifi"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Netstat Stuff
@@ -50,19 +50,21 @@ This tells you that your ESSID is 'Gandalf WajFaj', and the access point name is
> nmcli radio
You get an overview of your radio devices. You're told that eth0 deals with your ethernet and wlan0 deals with wifi. wlan0 is a file which represents your wifi device.
You get an overview of your radio devices.
You're told that eth0 deals with your ethernet and `wlan0` deals with wifi.
`wlan0` is a file which represents your wifi device.
> nmcli wlan0 wifi rescan
> nmcli device wifi list
Now to connect.
Now to connect.
> nmcli device wifi connect [SSID] [your password] [wifi password]
Alternatively, you can use
Alternatively, you can use
> nmcli -ask device wifi connect [SSID]
And it'll ask for your password, so you're not typing it in in full view.
And it'll ask for your password, so you're not typing it in in full view.
networking/wireless.md
+1 -1
View File
@@ -1,6 +1,6 @@
---
title: "wireless"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Check wifi's working
networking/wpa_supplicant.md
+8 -9
View File
@@ -1,6 +1,6 @@
---
title: "wpa_supplicant"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
wpa_supplicant configurations are stored in /etc/wpa_supplicant/wpa_supplicant-wlan0 (or equivalent).
@@ -33,23 +33,23 @@ This has a number of commands to input. In order:
> scan_results
> add_network
> add_Network
This outputs a network number, e.g. '3'. This is the new network you'll work with.
This outputs a Network number, e.g. '3'. This is the new Network you'll work with.
> set_network 3 ssid "Kosachok Cafe"
> set_Network 3 ssid "Kosachok Cafe"
> set_network 3 psk "Kosachok2019"
> set_Network 3 psk "Kosachok2019"
OR
> set_network 3 key_mgmt NONE
> set_Network 3 key_mgmt NONE
> enable_network 3
> enable_Network 3
> save_config
... and possibly:
...and possibly:
> sudo sv restart dhcpcd
@@ -57,4 +57,3 @@ or maybe:
> dhcpd wlp3s0