aespipe

Create 65 random encryption keys and encrypt those keys using gpg. Reading from /dev/random may take indefinitely long if kernel's random entropy pool is empty. If that happens, do some other work on some other console (use keyboard, mouse and disks). Use of gpg-encrypted key file depends on encrypted swap.

• head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a >mykey1.gpg

Write files to bzip2 compressed, encrypted tar archive. aespipe asks for passphrase to decrypt the key file.

• tar cvf - files... | bzip2 | aespipe -w 10 -K ~/Documents/mykey1.gpg >archive.aes

Restore files from bzip2 compressed, encrypted tar archive. aespipe asks for passphrase to decrypt the key file.

• aespipe -d -K ~/Documents/mykey1.gpg <archive.aes | bzip2 -d -q | tar xvpf -

rclone

# configure
rclone config 

# Exclude dir in rclone
rclone -v sync --exclude .git/ /home/username/Documents/ googledrive:intex/backups/Documents/

# Exclude and delete in dest.
rclone -v sync --delete-before --delete-excluded --exclude .git/ /home/username/Documents/ googledrive:intex/backups/Documents/

# use rclone-browser for GUI

# mount google drive
sudo rclone mount googledrive: ~/gdrive/ --vfs-cache-mode full

aa

AutoArchive is a simple utility to help create backups more easily.

Usage

aa [options] [command] [AA_SPEC …]

autoarchive [options] [command] [AA_SPEC …]

 

nweb

Example: nweb 8181 /home/nwebdir &

ss

another utility to investigate sockets

 Args
-4/-6 list ipv4/ipv6 sockets
-n numeric addresses instead of hostnames
-l list listing sockets
-u/-t/-x list udp/tcp/unix sockets
-p Show process(es) that using socket

# show all listening tcp sockets including the corresponding process
ss -tlp

# show all sockets connecting to 192.168.2.1 on port 80
ss -t dst 192.168.2.1:80

# show all ssh related connection
ss -t state established '( dport = :ssh or sport = :ssh )'

 

darkhttpd

darkhttpd is a simple and secure static HTTP server

# slackware security patches

darkhttp /mnt/data1/notCritical/Softwares/iso/linux

 

# Redirect

darkhttpd . --forward-all https://goodwilltechnologies.in 

journalctl

# To actively follow log (like tail -f):
journalctl -f

# To display all errors since last boot:
journalctl -b -p err

# To filter by time period:
journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"

# To filter yesterday's log
journalctl -u NetworkManager -S yesterday > NetworkManager_logs_1day.txt

# To show list of systemd units logged in journal:
journalctl -F _SYSTEMD_UNIT

# To filter by specific unit:
journalctl -u dbus

# To filter by executable name:
journalctl /usr/bin/dbus-daemon

# To filter by PID:
journalctl _PID=123

# To filter by Command, e.g., sshd:
journalctl _COMM=sshd

# To filter by Command and time period:
journalctl _COMM=crond --since '10:00' --until '11:00'

# To list all available boots:
journalctl --list-boots

# To filter by specific User ID e.g., user id 1000:
journalctl _UID=1000

# To filter by specific SYSLOG_INDENTIFIER:
journalctl -t systemd-resolved

# To output in old syslog format
journalctl -u NetworkManager --output=short > NetworkManager.log

nikto

# nikto
# Web server scanner which performs tests against web servers for multiple items.
# More information: <https://cirt.net/Nikto2>.

# Perform a basic Nikto scan against a target host:
perl nikto.pl -h 192.168.0.1

# Specify the port number when performing a basic scan:
perl nikto.pl -h 192.168.0.1 -p 443

# Scan ports and protocols with full URL syntax:
perl nikto.pl -h https://192.168.0.1:443/

# Scan multiple ports in the same scanning session:
perl nikto.pl -h 192.168.0.1 -p 80,88,443

# Update to the latest plugins and databases:
perl nikto.pl -update

# Scan web application for vulnerabilities nikto
perl ~/bin/nikto-2.1.6/program/nikto.pl -host www.host.com -S /tmp/niktoSave3 -o /tmp/niktoSave3/host_`date +%F_%H%M`.htm -F htm -until 5m -p 443

nc

# To open a TCP connection from <src-port> to <dest-port> of <dest-host>, with a timeout of <seconds>
nc -p <src-port> -w <seconds> <dest-host> <dest-port>

# To open a UDP connection to <dest-port> of <dest-host>:
nc -u <dest-host> <dest-port>

# To open a TCP connection to port 42 of <host> using <source-host> as the IP for the local end of the connection:
nc -s <source-host> <dest-host> <port>

# To create and listen on a UNIX-domain stream socket:
nc -lU /var/tmp/dsocket

# To connect to <dest-port> of <dest-host> via an HTTP proxy at <proxy-host>,
# <proxy-port>. This example could also be used by ssh(1); see the ProxyCommand
# directive in ssh_config(5) for more information.
nc -x<proxy-host>:<proxy-port> -Xconnect <dest-host> <dest-port>

# The same example again, this time enabling proxy authentication with username "ruser" if the proxy requires it:
nc -x<proxy-host>:<proxy-port> -Xconnect -Pruser <host> <port>

# To choose the source IP for the testing using the -s option
nc -zv -s source_IP target_IP Port

# To check if port is open
nc -v -G4 google.com 443 

date

# To print Abbreviated weekday name:
date +"%a"

# To print Full month name:
date +"%B"

# To print ISO date (same as %Y-%m-%d):
date +"%F"

# To print Time (same as %H:%M:%S):
date +"%T"

# To print Sunday week number (00 to 53):
date +"%U"

# To print Monday week number (00 to 53):
date +"%W"

# To print Time (localized):
date +"%X"

# To print 4-digit year:
date +"%Y"

# To print Timezone name:
date +"%Z"

# To print the date in a format suitable for affixing to file names:
date +"%Y%m%d_%H%M%S"

# To convert a Unix timestamp to Date (Linux):
date -d @1440359821

# To convert a Unix timestamp to Date (OSX):
date -r 1440359821

# To show the current timezone:
date +%Z

# To show date in RFC format with TZ offset:
date -R

# To show date in UTC/GMT:
date -u

# To show date in CET:
TZ=CET date

# To show the time on the west coast of the US (use tzselect(1) to find TZ):
TZ='America/Los_Angeles' date

# To show yesterday's date
date -d "yesterday 13:00" '+%Y-%m-%d'

 

tcpdump

# Intercepts all packets on eth0
tcpdump -i eth0

# Intercepts all packets from/to 173.194.40.120
tcpdump host 173.194.40.120

# Intercepts all packets on all interfaces from / to 173.194.40.120 port 80
# -nn => Disables name resolution for IP addresses and port numbers.
tcpdump -nn -i any host 173.194.40.120 and port 80

# Make a grep on tcpdump (ASCII)
# -A  => Show only ASCII in packets.
# -s snaplen => Capture only snaplen bytes of data from each packet.
#    By default, tcpdump captures 262144 bytes.
#    Packets truncated because of a limited snapshot are indicated in the
#    output with '[|protocol]'.
tcpdump -i any -A host 173.194.40.120 and port 80 | grep 'User-Agent'

# With ngrep
# -d eth0 => To force eth0 (else ngrep work on all interfaces)
# -s0 => force ngrep to look at the entire packet. (Default snaplen: 65536 bytes)
ngrep 'User-Agent' host 173.194.40.120 and port 80

# Intercepts all packets on all interfaces from / to 8.8.8.8 or 173.194.40.127 on port 80
tcpdump 'host ( 8.8.8.8 or 173.194.40.127 ) and port 80' -i any

# Intercepts all packets SYN and FIN of each TCP session.
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'

# To display SYN and FIN packets of each TCP session to a host that is not on our network
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net local_addr'

# To display all IPv4 HTTP packets that come or arrive on port 80 and that contain only data (no SYN, FIN no, no packet containing an ACK)
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

# Saving captured data
tcpdump -w file.cap

# Reading from capture file
tcpdump -r file.cap

# Show content in hexa
# Change -x to -xx => show extra header (ethernet).
tcpdump -x

# Show content in hexa and ASCII
# Change -X to -XX => show extra header (ethernet).
tcpdump -X

# Note on packet maching:
# Port matching:
# - portrange 22-23
# - not port 22
# - port ssh
# - dst port 22
# - src port 22
#
# Host matching:
# - dst host 8.8.8.8
# - not dst host 8.8.8.8
# - src net 67.207.148.0 mask 255.255.255.0
# - src net 67.207.148.0/24

at

 # To schedule a one time task:
at <time>
<command 0>...
Ctrl-d

# <time> can be either
now | midnight | noon | teatime (4pm)
HH:MM
now + N <minutes | hours | days | weeks>
MM/DD/YY

# To list pending jobs:
atq

# To remove a job (use id from atq):
atrm <id>

grub

grub-mkconfig - generate a GRUB configuration file

• grub-mkconfig -o /boot/grub/grub.cfg

mailman

mailman

• list_lists  :to list the lists
• To create list: http://172.19.10.9/mailman/create
• To add members : /opt/mailman/bin/add_members -r memberlist --welcome-msg=n list1
• To remove members: /opt/mailman/bin/remove_members -f list1.2025-07-10.txt --nouserack --noadminack list1
• To list members: list_members list1

=================================
> I've recently moved to a new server.  It is an Xserve G5 running  
> 10.4.3 OSX.
> I'd like to migrate the mailman lists from the old server (Xserve G4).
> 
> Does anyone have experience migrating lists?
> If so, please let me know what procedure you followed.
If you have command line access to both servers, it's dead easy.  I've done it twice.  Here is the procedure I followed.  Note that your file paths may differ because OS X does strange things:
1. Copied all of /var/lib/mailman/lists/ from the old server to the new one.
2. Fixed the permissions with "chown -R list.list /var/lib/mailman/lists/"
3. Fixed the urls for the new one with "withlist -l -r fix_url [listname]" for each list.  (Only necessary if the new server has a different domain name than the old one - one time I was moving from xcski.com to list.xcski.com and the other time I was keeping the same list.xcski.com url.)
4. Copied all /var/lib/mailman/archives/private/*mbox/*mbox to the new server.
5. Fixed the permissions with "chown -R list.list /var/lib/mailman/archives/private"
6. Regenerated the archives using "/var/lib/mailman/bin/arch [listname]" for each list.  Note that if your archives are big, this process can consume all the memory in your system and then some, so you may have to split the mbox files up and regenerate the list archives in pieces or use the "--start" and "--end" options to arch.
=================================

iptables

# Start by defining out default policies to drop everything
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP

# Make sure we can always talk on the loopback device
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# Control what actually comes back into the host
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP

# For a webserver
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

# Log and block everything else
/sbin/iptables -A INPUT -m limit --limit 10/minute --limit-burst 5 -j LOG --log-level warn --log-prefix "INPUT "
/sbin/iptables -A INPUT -j DROP

# Now for stuff going back out

# Allow already established connections back in
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow root connections outbound
/sbin/iptables -A OUTPUT -m state --state NEW -m owner --uid-owner 0 -j ACCEPT

# Allow certain icmp types out
/sbin/iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

# Allow DNS requests out (from any user)
/sbin/iptables -A OUTPUT -p udp -m udp --dst "yourdnsserver" --dport 53 -j ACCEPT

# Allow NTP out
/sbin/iptables -A OUTPUT -p udp -m udp --dst "yourntpserver" --dport 123 -j ACCEPT

# Log and block the rest
/sbin/iptables -A OUTPUT -m limit --limit 10/minute --limit-burst 5 -j LOG --log-level warn --log-prefix "OUTPUT "
/sbin/iptables -A OUTPUT -j DROP

# All done

After these commands are entered, and you're satisfied, you can use iptables-save to save them to a file so that you don't have to retype them each time. To get iptables to start on boot the following steps need to be performed (on Redhat based systems):
/sbin/iptables-save > /etc/sysconfig/iptables
chkconfig --level 2345 iptables on

# 1) Show all rules
iptables -L INPUT --line-numbers
# OR iptables -nL --line-numbers

# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
iptables -D INPUT 2

# 2.b) OR INSERT a rule.
iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"

wordpress

 https://docs.aws.amazon.com/linux/al2023/ug/hosting-wordpress-aml-2023.html

To fix file permissions for the Apache web server

Some of the available features in WordPress require write access to the Apache document root (such as uploading media though the Administration screens). If you have not already done so, apply the following group memberships and permissions (as described in greater detail in the LAMP web server tutorial).

Grant file ownership of /var/www and its contents to the apache user.
[ec2-user ~]$ sudo chown -R apache /var/www

Grant group ownership of /var/www and its contents to the apache group.
[ec2-user ~]$ sudo chgrp -R apache /var/www

Change the directory permissions of /var/www and its subdirectories to add group write permissions and to set the group ID on future subdirectories.
[ec2-user ~]$ sudo chmod 2775 /var/www
[ec2-user ~]$ find /var/www -type d -exec sudo chmod 2775 {} \;

Recursively change the file permissions of /var/www and its subdirectories.
[ec2-user ~]$ find /var/www -type f -exec sudo chmod 0644 {} \;

Note
If you intend to also use WordPress as an FTP server, you'll need more permissive Group settings here. Please review the recommended steps and security settings in WordPress to accomplish this.  See "To set file permissions" below.

Restart the Apache web server to pick up the new group and permissions.
[ec2-user ~]$ sudo systemctl restart httpd


To set file permissions
-------------------------------
Add your user (in this case, ec2-user) to the apache group.
[ec2-user ~]$ sudo usermod -a -G apache ec2-user

Log out and then log back in again to pick up the new group, and then verify your membership.
[ec2-user ~]$ exit

To verify your membership in the apache group, reconnect to your instance, and then run the following command:
[ec2-user ~]$ groups
ec2-user adm wheel apache systemd-journal

Change the group ownership of /var/www and its contents to the apache group.
[ec2-user ~]$ sudo chown -R ec2-user:apache /var/www

To add group write permissions and to set the group ID on future subdirectories, change the directory permissions of /var/www and its subdirectories.
[ec2-user ~]$ sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;

To add group write permissions, recursively change the file permissions of /var/www and its subdirectories:
[ec2-user ~]$ find /var/www -type f -exec sudo chmod 0664 {} \;

Now, ec2-user (and any future members of the apache group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.

dnf

# List active /enable repos.
sudo dnf repolist
repo id                repo name
ol9_UEKR7              Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons             Oracle Linux 9 Addons (x86_64)
ol9_appstream          Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest      Oracle Linux 9 BaseOS Latest (x86_64)
ol9_ksplice            Ksplice for Oracle Linux 9 (x86_64)
ol9_oci_included       Oracle Linux 9 OCI Included Packages (x86_64)

# Disable the active repos.
sudo dnf config-manager --set-disabled ol9_oci_included ol9_ksplice ol9_baseos_latest ol9_appstream  \ ol9_addons ol9_UEKR7

# Check updates
sudo dnf check-update

# Update
sudo dnf update

PAC

 Perl Auto Connector

 GUI to manage/launch connections to remote machines

sbopkg

 sbopkg: Will not install dependencies automatically.

• Sync: sbopkg -r
• Search: sbopkg -g package
• Search: `sbopkg -g polybar`
• Info: `sbopkg -s polybar` 
• Install: sbopkg -i package
• sqg -p pcmanfm  (will make a queue file with dependencies & sbopkg -i pcmanfm will build from queue.)
• sbopkg -c (will list all packages will can be updated)

whatweb

# whatweb
# Next-generation web scanner.
# More information: <https://morningstarsecurity.com/research/whatweb>.

# Scan websites/targets for web technologies:
whatweb website1 website2 ...

# Read targets/websites from a file:
whatweb -i targets_file

# Scan a website/target in verbose mode:
whatweb -v example.com

# Run an aggressive scan on a website:
whatweb -a 3 example.com

# Scan a network and suppress errors:
whatweb --no-errors 192.168.0.0/24

# List plugins:
whatweb -l

# List plugin details:
whatweb -I plugin_name