PARANOIDIX

Where technology and lunacy meet

Posts

  • Centos Networking

    Static IPs are typically only used on servers. Remembering how to set it up has always been so-so as it's done only once when setting up the server the first time.
    I've not use Centos much before I started working for my current employer. There we use it constantly though, alongside windows server, and I got into checking it out for my own setup as well.

    The file that needs to be changed is /etc/sysconfig/network-scripts/ifcfg-enp7s0

    TYPE=Ethernet
    PROXY_METHOD=none
    BROWSER_ONLY=no
    BOOTPROTO=none
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=no
    IPV6INIT=yes
    IPV6_AUTOCONF=yes
    IPV6_DEFROUTE=yes
    IPV6_FAILURE_FATAL=no
    IPV6_ADDR_GEN_MODE=stable-privacy
    NAME=enp7s0
    UUID=2c045fc4-538e-3eea-b9ee-bd1dff8ced6b
    DEVICE=enp7s0
    ONBOOT=yes
    IPADDR=192.168.1.14
    PREFIX=24
    GATEWAY=192.168.1.1
    DNS1=1.1.1.1
    DOMAIN=localdomain

    The name of the file contains the name of the network interface. Change settings according to your own setup.
    Finding the interface name can be done using the command nmcli connection show. Example below:

    $ nmcli connection show
    NAME                UUID                                  TYPE      DEVICE 
    Wired connection 1  2c045fc4-538e-3eea-b9ee-bd1dff8ced6b  ethernet  enp7s0 
    
    Both the name and the UUID are used inside the file.

    Now restart the interface with systemctl restart network

  • Move to Jekyll

    As I have grown weary of updating wordpress all the time I have decided to move my blog to static html instead.

    I am using jekyll to archive this and am using a home made theme. If you haven’t tried Jekyll yet, I suggest you do. It’s pretty easy to setup but of course takes a more manual approach and it requires you to re-upload files when they are changed.

  • Ignore case on tab completion

    This is rather handy if you're not sure of the case of the starting letter of a program you wish to expand to using tab completion.
    All that is needed is that the following line is present in either ~/.inputrc or /etc/inputrc

    set completion-ignore-case on
  • List open network ports

    Here are a few ways to list open ports in the linux terminal.
    First we'll try lsof.

    $ lsof -i

    example:

    
    COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
    kdeconnec 1671 john   10u  IPv6   27671      0t0  UDP *:1716 
    kdeconnec 1671 john   11u  IPv6   27672      0t0  TCP *:1716 (LISTEN)
    thunderbi 1712 john   36u  IPv4   28601      0t0  TCP Arach:46604->mail.com:imap2 (ESTABLISHED)
    thunderbi 1712 john   50u  IPv4   25417      0t0  TCP Arach:46694->mail.com:imap2 (ESTABLISHED)
    thunderbi 1712 john   51u  IPv4   25418      0t0  TCP Arach:46696->mail.com:imap2 (ESTABLISHED)
    thunderbi 1712 john   65u  IPv4  871420      0t0  TCP Arach:48490->mail.com:imap2 (ESTABLISHED)
    thunderbi 1712 john   80u  IPv4 1690593      0t0  TCP Arach:49032->mail.com:imap2 (ESTABLISHED)
    java      2342 john   99u  IPv6   38225      0t0  TCP localhost:40834->localhost:4243 (ESTABLISHED)
    firefox   3757 john   49u  IPv4 1809675      0t0  TCP Arach:58736->fra16s08-in-f206.1e100.net:https (ESTABLISHED)
    firefox   3757 john   61u  IPv4 1809667      0t0  TCP Arach:35190->fra07s28-in-f238.1e100.net:https (ESTABLISHED)
    firefox   3757 john   62u  IPv4 1816763      0t0  TCP Arach:43806->cache.google.com:https (ESTABLISHED)
    firefox   3757 john   63u  IPv4 1809767      0t0  TCP Arach:59834->webcluster-ssl2.webpod5-cph3.one.com:https (ESTABLISHED)
    firefox   3757 john   66u  IPv4 1816252      0t0  TCP Arach:35992->fra16s07-in-f10.1e100.net:https (ESTABLISHED)
    firefox   3757 john   69u  IPv4 1779531      0t0  TCP Arach:55194->192.0.73.2:https (ESTABLISHED)
    
  • tar

    As I always forget which switches to use on tar I made this little note.

    Create archive

    
    $ tar -zcvpf <destination> <source>
    
    z = gzip
    c = create
    v = verbose
    p = preserve permissions
    f = file
    
  • rsync

    A quick reminder to myself on rsync usage

    
    $ rsync -Cvrtp <source> <destination>
    C = cvs-exclude
    V = verbose
    r = recursive
    t = times
    p = permissions
    K = keep dir links
    
  • DNSmasq and Pi-hole

    For a long time I have been using bind as a LAN DNS server. Just for my local server setup, so that I can use hostnames instead of IP addresses. I found the hosts file to be a bit low-tech, and it was a good chance to learn a little about DNS along the way. :-)

    A short while ago I was watching the Linux Action Show, where the Pi-hole system was introduced. Now being able to block ads before they are even entering the network (or more correctly before they are requested) seems like a super idea to me. So I started reading up on the requirements.

  • Sakura time

  • Email server and iptables

    Ever notice how many braindead people try to break into your email server? It's a daily battle to stay ahead of them. Especially when, like in my case, fail2ban just... well... fails... :-)

    For some time I have just manually added IP addresses to my iptables array. The list gets kind of long after a while though. See the following for what I did. And then imagine a lot of these lines.

    iptables -A INPUT -s <ip>/<cidr> -p tcp -m tcp --dport 25 -j DROP
  • Software Freedom Conservancy

    Become a Conservancy Supporter!

    If you have the possibility, please support them. They are fighting for you!