Linux
General Linux stuff that I wasn’t sure how to categorize.
Table of contents
- Hardening
- Wireshark over SSH
- Create a RAMDISK
- find
- Control sound with pulseaudio
- Mount VMWare share
- Encrypted volume using LUKS
- Delete files with a negative pattern
- Squid
- Create a LVM
- Extend a LVM
Hardening
Lynis - https://cisofy.com/documentation/lynis/get-started/
Wireshark over SSH
Analyze traffic with wireshark and SSH.
ssh root@example.com tcpdump -w - 'port !22' | wireshark -k -i -
Create a RAMDISK
mkdir /mnt/ramdisk
mount -t ramfs -o size=512M ramfs /mnt/ramdisk
find
Some common uses of find that may not be so easy to remember.
Search suid files
find / -perm -4000
Search world-writable files
find / -type f -perm -o+w
Search and exec command for each file
find / -iname *.c -exec grep password '{}' \;
Control sound with pulseaudio
pavucontrol
Mount VMWare share
vmhgfs-fuse .host:ShareName dest_folder/
Encrypted volume using LUKS
Create the volume (replace /dev/sdb1 with the partition of the volume to be encrypted):
sudo cryptsetup --cipher aes-xts-plain64 --hash sha256 -v --verify-passphrase luksFormat /dev/sdb1
Open the volume:
sudo cryptsetup luksOpen /dev/sdb1 somename
The above step creates a device on /dev/mapper/somename. This needs to be formatted now:
sudo mkfs.ext4 /dev/mapper/somename
Mount the encrypted volume now:
sudo mkdir /mnt/somename
sudo mount /dev/mapper/somename /mnt/somename
When done using the volume, don’t forget to unmount and close it:
sudo umount /mnt/somename
sudo cryptsetup luksClose /dev/mapper/somename
Now, in order to use the volume again, just use a luksOpen, mount the device that will be on /dev/mapper and you are good to go.
Delete files with a negative pattern
Not sure if negative pattern is the right term, but that’s how I wrote it.
These are ways of deleting a list of files that do not match a certain pattern. For example, let’s say you want to delete all files in a directory except the ones that end in .zip
shopt -s extglob
rm -v !(*.zip)
shopt -u extglob
Another way using find:
find /dir/ -type f -not -name '*.zip' -delete
Source: https://www.tecmint.com/delete-all-files-in-directory-except-one-few-file-extensions/
Squid
We want Squid with SSL support, so we have to compile it ourselves. Download it from http://www.squid-cache.org/Versions/
Install dependencies:
apt-get -y install \
libcppunit-dev \
libsasl2-dev \
libxml2-dev \
libkrb5-dev \
libdb-dev \
libnetfilter-conntrack-dev \
libexpat1-dev \
libcap2-dev \
libldap2-dev \
libpam0g-dev \
libgnutls28-dev \
libssl-dev \
libdbi-perl \
libecap3 \
libecap3-dev
Compile with:
$ ./configure '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,NCSA,NIS' '--enable-auth-digest=file' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake' '--enable-external-acl-helpers=file_userip,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' --with-openssl
$ make
$ make install
Create a file /etc/systemd/system/squid.service with the following contents:
## Downloaded from:
## https://raw.githubusercontent.com/squid-cache/squid/master/tools/systemd/squid.service
## Copyright (C) 1996-2019 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##
[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z
ExecStart=/usr/sbin/squid -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
[Install]
WantedBy=multi-user.target
Enable the service
systemctl enable squid
Here is a simple squid.conf for Squid 3, that requires the user to authenticate. It runs on port 9989:
Note: Do not forget to replace the tls-cert and key values for the https_port. I am using my Let's Encrypt cert here.
#http_access deny
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Gilgalab
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
forwarded_for delete
# Port
http_port 9987
https_port 9989 tls-cert=/etc/letsencrypt/live/www.gilgalab.com/fullchain.pem key=/etc/letsencrypt/live/www.gilgalab.com/privkey.pem
# Logs
access_log daemon:/var/log/squid/access.log squid
# Process configuration
cache_effective_user squid
cache_effective_group squid
dns_v4_first on
To create the users:
sudo htpasswd -c /etc/squid/passwords some_username
sudo service squid restart
Create a LVM
pvcreate /dev/sdX
vgcreate vg-name /dev/sdX
lvcreate -n lv-name -l 100%FREE vg-name
To see the logical volume:
lvs
For detailed information use:
lvdisplay vg-name/lv-name
Create the filesystem in it:
mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/vg-name/lv-name
Extend a LVM
Create the physical volume in the new disk:
pvcreate /dev/sdX
Add this physical volume to the desired volume group:
vgextend vg-name /dev/sdX
Extend the desired logical volume inside the volume group:
lvextend -l +100%FREE /dev/vg-name/lv-name
Resize the partition:
resize2fs /dev/vg-name/lv-name
Create ext4 partition with disabled lazy init
Lazy init can cause some slowdown on the use of the disk while it is still running. I prefer to have the whole initialization of the inodes done at time of formating so that when I want to use the disk it is already at its prime.
mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/vg-name/lv-name