disu1950/lk
1
0
Fork 0
forked from andonome/lk
Code Pull Requests Activity

more cleanup

Browse Source
This commit is contained in:
Malin Freeborn
2022-01-26 23:35:07 +01:00
parent f806bc35f5
commit 4cb4fca66a
76 changed files with 295 additions and 12029 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
networking/basics.md
View File

@@ -1,6 +1,6 @@
---
title: "basics"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# You
@@ -53,12 +53,12 @@ The starting numbers tell you about the address. You just have to memorize the m
|:---:|:---:|
| 127.X | The computer's name for itself, for when you want to ssh into your own machine |
| ::1/128 | Same thing, with ipv6 |
| 192.168.X | A small network address, given by a DHCP server (possibly your router) |
| 192.168.X | A small Network address, given by a DHCP server (possibly your router) |
| 169.X | The interface to the internet wasn't given an ip address, so it's made up its own |
# `arp-scan`
Look around your local network with `arp-scan`.
Look around your local Network with `arp-scan`.
> sudo arp-scan -l
@@ -85,7 +85,7 @@ Mac addresses are easy to fake, so don't trust this output to keep you safe.
# `nmap`
Look around your entire network from 192.168.0.1 to 192.168.0.255:
Look around your entire Network from 192.168.0.1 to 192.168.0.255:
> sudo nmap -F 192.168.0.1/24

27
networking/dns.md
View File

@@ -1,27 +0,0 @@
---
title: "dns"
tags: [ "Documentation", "networking" ]
---
# Designate DNS
On Debian, a file might gain DNS services by adding the following to /etc/network/interfaces:
```
auto eth0
iface eth0 inet static
address 10.0.0.23
netmast 255.255.255.0
gateway 10.0.0.1
dns-nameservers 208.67.222.222 208.67.220.220
dns-search example.com
```
# URL Aliases
To change where hosts go, edit /etc/hostnames. You can enter, e.g.:
`54.239.25.200 www.amazon.com a`
... which then means simply the letter 'a' will lead you to amazon.com.

2
networking/fail2ban.md
View File

@@ -1,6 +1,6 @@
---
title: "fail2ban"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# SSH Daemon Jail

40
networking/troubleshooting.txt → networking/graph-easy.md
View File

@@ -1,5 +1,28 @@
Set up a file like this, called `troubleshooting.txt`.
```
[ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
[ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
[ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
[ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
[ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
[ Can you ping a DNS address? ] -- yes --> [ Traceroute ]
```
Then translate it with:
> graph-easy troubleshooting.txt --as boxart
```
┌────────────┐ ┌─────────────────────────┐ yes ┌────────────────────────────────────┐ yes ┌─────────────────────────────┐ yes ┌────────────┐
│ no network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
│ no Network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
└────────────┘ └─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘ └────────────┘
│ │ │
│ no │ no │ no
@@ -7,3 +30,18 @@
┌─────────────────────────┐ ┌────────────────────────────────────┐ ┌─────────────────────────────┐
│ Check NIC driver, dmesg │ │ Check cables, router, and switches │ │ Trying pinging 8.8.8.8 │
└─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘
```
Many options allow different displays.
Try placing this in a file:
```
[ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
[ One ] => { arrow-style: closed; } [ Three ]
[ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
[ One ] .. Test\n label ..> [ Four ]
[ Three ] { border-style: dashed; }
.. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
[ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
[ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }
[ no Network ] --> [ Is there an IP address? ]
```

12
networking/graph-easy/example.txt
View File

@@ -1,12 +0,0 @@
[ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
[ One ] => { arrow-style: closed; } [ Three ]
[ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
[ One ] .. Test\n label ..> [ Four ]
[ Three ] { border-style: dashed; }
.. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
[ Seven ] -- [ Eight ]
[ Five ] --> [ Eight ]
[ Five ] --> [ Seven ]
[ Two ] -> [ Four ]
[ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
[ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }

15
networking/graph-easy/troubleshooting-map
View File

@@ -1,15 +0,0 @@
[ no network ] --> [ Is there an IP address? ]
[ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
[ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
[ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
[ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
[ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
[ Can you ping a DNS address? ] -- yes --> [ Traceroute ]

9
networking/graph-easy/troubleshooting.map
View File

@@ -1,9 +0,0 @@
┌────────────┐ ┌─────────────────────────┐ yes ┌────────────────────────────────────┐ yes ┌─────────────────────────────┐ yes ┌────────────┐
│ no network │ ──> │ Is there an IP address? │ ─────> │ Can you ping the router? │ ─────> │ Can you ping a DNS address? │ ─────> │ Traceroute │
└────────────┘ └─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘ └────────────┘
│ │ │
│ no │ no │ no
┌─────────────────────────┐ ┌────────────────────────────────────┐ ┌─────────────────────────────┐
│ Check NIC driver, dmesg │ │ Check cables, router, and switches │ │ Trying pinging 8.8.8.8 │
└─────────────────────────┘ └────────────────────────────────────┘ └─────────────────────────────┘

27
networking/iptables.md
View File

@@ -1,6 +1,6 @@
---
title: "iptables"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Intro
@@ -24,7 +24,7 @@ Let's 'A'dd, or 'A'ppend a rule with -A. Let's drop all input from a nearby IP
> iptables -A INPUT -s 192.168.0.23 -j DROP
Or we can block all input from a particular port on the full network.
Or we can block all input from a particular port on the full Network.
> iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
@@ -55,3 +55,26 @@ Flush all existing rules with:
> iptables -F
# Examples
```
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
# that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
# Allow established sessions to receive traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ICMP pings
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow SSH remote
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Reject all other inbound connections
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
```

19
networking/iptables/examples.sh
View File

@@ -1,19 +0,0 @@
#!/bin/sh
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
# that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
# Allow established sessions to receive traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ICMP pings
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Allow SSH remote
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Reject all other inbound connections
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable

56
networking/iptables/iptables.md
View File

@@ -1,56 +0,0 @@
---
title: "iptables"
tags: [ "Documentation", "networking" ]
---
# Intro
This is a basic Linux firewall program.
Look at your firewalls:
> iptables -L
We see the output of input, output and forwarding rules.
# Forward
I don't need any forwarding, so I'm going to drop all forwarding:
> iptables -P FORWARD DROP
# Input
Let's 'A'dd, or 'A'ppend a rule with -A. Let's drop all input from a nearby IP
> iptables -A INPUT -s 192.168.0.23 -j DROP
Or we can block all input from a particular port on the full network.
> iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
> iptables -A INPUT --dport 80 -j ACCEPT
This allows http traffic to an Apache web server over port 80.
However, rules are accepted in order - so a packet cannot be rejected and then accepted.
To delete rule 2 from the INPUT chain:
> iptables -D INPUT 3
Alternatively, you can 'I'nsert a rule at the start, rather than 'A'ppending it.
> iptables -I INPUT -s 192.168.0.13 DROP
# Catchalls
Catchall rules state that anything which is not permitted is forbidden. They must be allowed last.
# -Jurice-Diction
The -j flag accepts ACCEPT/REJECT/DROP. The last two are identical except that "REJECT" acknowledges the rejection.
Flush all existing rules with:
> iptables -F

11390
networking/ldap/guide.html
View File

File diff suppressed because it is too large Load Diff

2
networking/nmap.md
View File

@@ -1,6 +1,6 @@
---
title: "nmap"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Example:

56
networking/pi-hole-server.md Normal file
View File

@@ -0,0 +1,56 @@
---
title: "pi-hole-server"
tags: [ "Documentation", "Distros" ]
---
# Installation
## Arch
> yay -S pi-hole-server
> sudo systemctl enable --now pihole-FTL
> sudo systemctl disable --now systemd-resolved
> sudo rm -f /dev/shm/FTL-\*
## Debian
Debian has a long, boring setup.
> sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
> curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
# Setup
> sudo usermod -aG pihole $USER
Remove that google dns server.
> pihole -a setdns 9.9.9.9 1.0.0.1
Disable pihole password by setting a blank password.
> pihole -a -p
Get a new list of blocked domains, then reload:
> pihole -g -r
Every so often, run `pihole -g` again (perhaps put it in crontab).
## Check the Pihole
Observe the pihole's output while you ask it a question:
> pihole -t
Then ask the question from another computer:
> dig @[ pihole ip ] archlinux.org
## System-Wide Setup
To make the pihole work for the entire Network, enter your router and set the DNS server as nothing but your pihole.

30
networking/pihole/pihole.md
View File

@@ -1,30 +0,0 @@
---
title: "pihole"
tags: [ "Documentation", "networking" ]
---
View DNS traffic
> pihole -t
Change password
> pihole -a -p
Get new list of cancer
> pihole -g
Change upstream DNS
> sudo vim /etc/dnsmasq/01-pihole.conf
## Troubleshooting
> sudo usermod -aG pihole $USER
> sudo systemctl stop systemd-resolved
> sudo rm -f /dev/shm/FTL-*
> pihole -g -r

8
networking/pip.md
View File

@@ -1,8 +1,14 @@
---
title: "pip"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Searching does not work.
Install with:
> pip install [ package ]
Upgrade all packages
> pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U

12
networking/protocols.md
View File

@@ -1,6 +1,6 @@
---
title: "protocols"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Protocols
@@ -16,7 +16,7 @@ tags: [ "Documentation", "networking" ]
## IPv4
Three address ranges pertain only to private networks, so no computer looks beyond the local router to resolve them:
Three address ranges pertain only to private Networks, so no computer looks beyond the local router to resolve them:
10.0.0.0 to 10.255.255.255
@@ -24,7 +24,7 @@ Three address ranges pertain only to private networks, so no computer looks beyo
192.168.0.0 to 192.168.255.255
In theory, networks should fall within one of 3 ranges, depending upon their first octet:
In theory, Networks should fall within one of 3 ranges, depending upon their first octet:
Class A 1-127
@@ -63,13 +63,13 @@ Add an interface to a device as so:
> sudo ip a add 192.168.0.15/255.255.255.0 dev eth1
See network interfaces available on Fedora with:
See Network interfaces available on Fedora with:
> less /etc/sysconfig/network-scripts/ifcfg-enp2s0f0
> less /etc/sysconfig/Network-scripts/ifcfg-enp2s0f0
or on Debian with:
> less /etc/network/interfaces
> less /etc/Network/interfaces
Mostly, interfaces will receive automatic addresses from a DHCP server. If this hasn't happened for you, you can request a dhcp address with:

2
networking/rclone.md
View File

@@ -1,6 +1,6 @@
---
title: "rclone"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
The manpage's 'Synopsis' provides a fast reference.

8
networking/screen.md
View File

@@ -1,6 +1,6 @@
---
title: "screen"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
start session: screen
@@ -46,8 +46,10 @@ Screens have a list of commands to send
------Example----------
Start a new session with 'screen -S base' (which calls that session 'base'). Make a horizontal split with ^|, move into it with ^tab then create a new screen with ^c in that second split. The new screen can be named with ^A as 'music' before entering cmus. Next up, visualizations with vis in another screen. ^S makes a horizontal split and you can switch into that with ^tab to name is 'visualizations' and start vis. Switch back to the first screen and make another horizontal split and a screen in there with the name 'reading'. Inside reading you type ^? to get a list of useless screen commands. Reading can then be detatched with ^d and the horizontal split destroyed with ^X.
Those visualizations should be larger, so we enlarge them with Ctrl+: to send the command resize 50 and :resize -h 100.
Once done with reading, you can destroy it wil ^k then destroy the lot once done with ^\. Outside the screens entirely you can ensure complete death with 'killall screen'.
Those visualizations should be larger, so we enlarge them with Ctrl+: to send the command resize 50 and :resize -h 100.
Once done with reading, you can destroy it wil ^k then destroy the lot once done with ^\. Outside the screens entirely you can ensure complete death with 'killall screen'.
----------------------

4
networking/servers/agate.md
View File

@@ -1,6 +1,6 @@
---
title: "agate"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Make sure your dns is in order.
My domain name is `belgradecats.tk`, so put your own in there.
@@ -31,7 +31,7 @@ Make a service file.
```
[Unit]
Description=agate
After=network.target
After=Network.target
[Service]
User=gemini

2
networking/ssh/sshfs.md
View File

@@ -1,6 +1,6 @@
---
title: "sshfs"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Mount

2
networking/ssh/tricks.md
View File

@@ -1,6 +1,6 @@
---
title: "tricks"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Mount a remote filesystem locally with fuse-sshfs:

2
networking/tor.md
View File

@@ -1,6 +1,6 @@
---
title: "tor"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Get a hostname

2
networking/transmission.md
View File

@@ -1,6 +1,6 @@
---
title: "transmission"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Torrench

7
networking/troubleshooting.md
View File

@@ -1,11 +1,11 @@
---
title: "troubleshooting"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Do you have an IP?
If not, try checking out what your local networking interfaces are, then check if they have been picked up:
If not, try checking out what your local Networking interfaces are, then check if they have been picked up:
> dmesg | grep eth0
@@ -13,8 +13,7 @@ If not, try checking out what your local networking interfaces are, then check i
> netstat -l
... or maybe narrow it down to http:
...or maybe narrow it down to http:
> netstat -l | grep http

2
networking/website/nginx.md
View File

@@ -1,6 +1,6 @@
---
title: "nginx"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
Install nginx:

12
networking/wifi.md
View File

@@ -1,6 +1,6 @@
---
title: "wifi"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Netstat Stuff
@@ -50,19 +50,21 @@ This tells you that your ESSID is 'Gandalf WajFaj', and the access point name is
> nmcli radio
You get an overview of your radio devices. You're told that eth0 deals with your ethernet and wlan0 deals with wifi. wlan0 is a file which represents your wifi device.
You get an overview of your radio devices.
You're told that eth0 deals with your ethernet and `wlan0` deals with wifi.
`wlan0` is a file which represents your wifi device.
> nmcli wlan0 wifi rescan
> nmcli device wifi list
Now to connect.
Now to connect.
> nmcli device wifi connect [SSID] [your password] [wifi password]
Alternatively, you can use
Alternatively, you can use
> nmcli -ask device wifi connect [SSID]
And it'll ask for your password, so you're not typing it in in full view.
And it'll ask for your password, so you're not typing it in in full view.

2
networking/wireless.md
View File

@@ -1,6 +1,6 @@
---
title: "wireless"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
# Check wifi's working

17
networking/wpa_supplicant.md
View File

@@ -1,6 +1,6 @@
---
title: "wpa_supplicant"
tags: [ "Documentation", "networking" ]
tags: [ "Documentation", "Networking" ]
---
wpa_supplicant configurations are stored in /etc/wpa_supplicant/wpa_supplicant-wlan0 (or equivalent).
@@ -33,23 +33,23 @@ This has a number of commands to input. In order:
> scan_results
> add_network
> add_Network
This outputs a network number, e.g. '3'. This is the new network you'll work with.
This outputs a Network number, e.g. '3'. This is the new Network you'll work with.
> set_network 3 ssid "Kosachok Cafe"
> set_Network 3 ssid "Kosachok Cafe"
> set_network 3 psk "Kosachok2019"
> set_Network 3 psk "Kosachok2019"
OR
> set_network 3 key_mgmt NONE
> set_Network 3 key_mgmt NONE
> enable_network 3
> enable_Network 3
> save_config
... and possibly:
...and possibly:
> sudo sv restart dhcpcd
@@ -57,4 +57,3 @@ or maybe:
> dhcpd wlp3s0