hacks and tips and tricks
| what it is |
what it does |
apt-get install firmware-linux |
apt-get install firmware-linux |
gets rid of missing firmware errors when upgrading |
|
|
gets rid of pesky “perl: warning: Setting locale failed.” error messages |
| .bashrc |
PS1='${debian_chroot:+($debian_chroot)}\A/$? \[\033[01;35m\][\u@\h] \[\033[01;34m\]\w \$ \[\033[00m\]' |
PS1='${debian_chroot:+($debian_chroot)}\A/$? \[\033[01;35m\][\u@\h] \[\033[01;34m\]\w \$ \[\033[00m\]'
PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >:\[\033[0;00m\] ' |
PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >:\[\033[0;00m\] ' alias lst='ls -R | grep ":$" | sed -e '"'"'s/:$//'"'"' -e '"'"'s/[^-][^\/]*\//--/g'"'"' -e '"'"'s/^/ /'"'"' -e '"'"'s/-/|/'"'" |
alias lst='ls -R | grep ":$" | sed -e '"'"'s/:$//'"'"' -e '"'"'s/[^-][^\/]*\//--/g'"'"' -e '"'"'s/^/ /'"'"' -e '"'"'s/-/|/'"'" |
| ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up |
brings interface eth0 up with ip of 192.168.1.10 and netmask of 255.255.255.0, you may still have to add a route if you run route and you don’t see a last entry like “default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0” with 192.168.1.1 being the gateway in this example |
| route add default gw 192.168.1.1 eth0 |
you need a default route to tell your box where to send all the packets that get routed (hopefully) outside the machine, this generates one, change your ip to suit your application |
update-alternatives --config editor |
update-alternatives --config editor |
updates your crontab editor |
simple wired network howto
The first example uses simple DHCP, typical in home router situations and laptops:
vi /etc/network/interface
# The loopback network interface
auto lo
iface lo inet loopback
#
# The primary network interface
auto eth0
iface eth0 inet dhcp
/etc/init.d/networking restart |
vi /etc/network/interface
# The loopback network interface
auto lo
iface lo inet loopback
#
# The primary network interface
auto eth0
iface eth0 inet dhcp
/etc/init.d/networking restart
You may have to add a default route if this doesn’t work, Debian is sometimes weird about that.
vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
#
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1 |
vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
#
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
If you are using Stretch, you’ll need these commands instead:
ip addr add 192.168.50.5 dev eth1
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:28:fd:4c brd ff:ff:ff:ff:ff:ff
inet 192.168.50.2/24 brd 192.168.50.255 scope global eth0
inet6 fe80::20c:29ff:fe28:fd4c/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:28:fd:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.5/24 scope global eth1
inet6 fe80::20c:29ff:fe28:fd56/64 scope link
valid_lft forever preferred_lft forever
set up/secure Debian
ip addr del 192.168.50.5/24 dev eth1
ip link set eth1 up
ip link set eth1 down
ip route show
10.10.20.0/24 via 192.168.50.100 dev eth0
192.168.160.0/24 dev eth1 proto kernel scope link src 192.168.160.130 metric 1
192.168.50.0/24 dev eth0 proto kernel scope link src 192.168.50.2
169.254.0.0/16 dev eth0 scope link metric 1002
default via 192.168.50.1 dev eth0 proto static
ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route del 10.10.20.0/24 |
ip addr add 192.168.50.5 dev eth1
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:28:fd:4c brd ff:ff:ff:ff:ff:ff
inet 192.168.50.2/24 brd 192.168.50.255 scope global eth0
inet6 fe80::20c:29ff:fe28:fd4c/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:28:fd:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.5/24 scope global eth1
inet6 fe80::20c:29ff:fe28:fd56/64 scope link
valid_lft forever preferred_lft forever
set up/secure Debian
ip addr del 192.168.50.5/24 dev eth1
ip link set eth1 up
ip link set eth1 down
ip route show
10.10.20.0/24 via 192.168.50.100 dev eth0
192.168.160.0/24 dev eth1 proto kernel scope link src 192.168.160.130 metric 1
192.168.50.0/24 dev eth0 proto kernel scope link src 192.168.50.2
169.254.0.0/16 dev eth0 scope link metric 1002
default via 192.168.50.1 dev eth0 proto static
ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route del 10.10.20.0/24
add persistent route
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.50.2
netmask 255.255.255.0
gateway 192.168.50.100
#########{Static Route}###########
up ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route add default via 192.168.50.100 |
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.50.2
netmask 255.255.255.0
gateway 192.168.50.100
#########{Static Route}###########
up ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route add default via 192.168.50.100
email aliases
set up a real e-mail address for you to get e-mail notifications
vi /etc/aliases
root: youruser
youruser: you@whatever.com
newaliases |
vi /etc/aliases
root: youruser
youruser: you@whatever.com
newaliases
ssh
change standard port and only allow certain users:
vi /etc/ssh/sshd_config
Port 12345
AllowUsers user1 user2@1.2.3.4
/etc/init.d/ssh restart |
vi /etc/ssh/sshd_config
Port 12345
AllowUsers user1 user2@1.2.3.4
/etc/init.d/ssh restart
configure firewall (IPTables)
This will set up a basic firewall, nothing fancy. first save your existing firewall rules:
iptables-save > /etc/iptables.up.rules |
iptables-save > /etc/iptables.up.rules
add these before line that says COMMIT at the end:
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic - modify to only allow certain traffic
-A OUTPUT -j ACCEPT
# allow http connections, uncomment line below
# -A INPUT -p tcp --dport 80 -j ACCEPT
# Allows SSH connections
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-A INPUT -p tcp -m state --state NEW --dport 12345 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT |
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic - modify to only allow certain traffic
-A OUTPUT -j ACCEPT
# allow http connections, uncomment line below
# -A INPUT -p tcp --dport 80 -j ACCEPT
# Allows SSH connections
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-A INPUT -p tcp -m state --state NEW --dport 12345 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
after this, make the rules active by doing:
iptables-restore < /etc/iptables.up.rules |
iptables-restore < /etc/iptables.up.rules
/etc/apt/sources.list set up
This is an example of a working /etc/apt/sources.list from a wheezy box. Comment out the cdrom line like shown, otherwise it will keep asking your server for a cd when you update/upgrade:
# deb cdrom:...
deb http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb-src http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free |
# deb cdrom:...
deb http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb-src http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
reset Debian root password
reboot, then when you see the GRUB menu, hit ‘e’ for edit
use your arrow key to scroll down the line that says
linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet |
linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet
(you’re UUID and vmlinuz will be different than mine, but this is the line you want. Now add init=/bin/bash to the end of that line so it looks something like this:
linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet init=/bin/bash |
linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet init=/bin/bash
Now hit ‘F10’ (or ctrl-x in older versions) to save and boot to the prompt where you reset your password. Then enter:
mount -n -o remount,rw /
passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
reboot |
mount -n -o remount,rw /
passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
reboot
Disable IPv6
IPv6 screws up some process which try to bind to an IPv6 address, but then not bind to the IPv4 address you were probably really wanting to use. To disable this do:
vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
sysctl -p |
vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
sysctl -p
Now if you run netstat -plunt you shouldn’t see something like ::::80, but instead 127.0.0.1:80 (for apache non-ssl)
Java and Flash in Firefox/Iceweazel
apt-get install icedtea-7-plugin flashplugin-nonfree
update-flashplugin-nonfree --install |
apt-get install icedtea-7-plugin flashplugin-nonfree
update-flashplugin-nonfree --install
then reboot Firefox
run web-based java
you may have to allow access to the IP you’re downloading the java app from in Menu > Internet > Oracle Java 8 Web Start > Security > Edit Site List > Add > OK, but then download the link and do:
javaws /path/to/your.jnlp |
javaws /path/to/your.jnlp