Paste into a VMWare VM
December 16, 2019 — 15:33

Author: silver  Category: virtualization  Comments: Off

Tired of typing that root (or admin) password into console? Thanks to the always excellent virtuallyghetto.com there’s an easier method now. It works with all kinds of text by sending usb scan codes.

It uses an object VMware.Vim.UsbScanCodeSpecKeyEvent which is used with $vm.PutUsbScanCodes()

However, ready to use PS and GO code is already provided. Using PowerShell this can be combined with Get-Credential for example.

ClamAV
December 16, 2019 — 15:14

Author: silver  Category: linux  Comments: Off

ClamAV is a decent anti virus scanner for Linux. Unfortunately it does not run every well on low memory systems (<1GB).

Running it’s database update tool freshclam can cause OOM. You will notice this if getting daily cdiff’s keeps failing (see ‘dmesg’ and /var/log/clamdb). These are db differences only instead of full files. The problem is processing these to create whole cvd’s.

If there’s close to enough RAM you could try using cgroups (or systemd) – if thats available, or good old ulimit:

Edit /etc/cron.d/clamav-freshclam and replace whats there with:

29 */1 * * *    clamav [ -x /usr/bin/freshclam ] && { ulimit -Sm 512000; ulimit -Sv 512000; ulimit -Hm 1024000; ulimit -Hv 1024000; /usr/bin/freshclam --quiet; } > /dev/null

But what if you’re on an embedded system or small vps and there’s not even close to 1GB memory available?

Simple, just get the full cvd files instead:

29 */1 * * *     clamav { for i in bytecode.cvd daily.cvd main.cvd; do wget -N -q "http://db.local.clamav.net/$i" -O /var/lib/clamav/$i; done; }  > /dev/null

Password Managers
December 11, 2019 — 15:34

Author: silver  Category: encryption linux windows  Comments: Off

There are basically 3 different categories to choose from, depending on location of service and db: Local, "Cloud"/SaaS or selfhosted On-Premise.

For single user/home usage KeePass is fine or perhaps even the password manager included in web browsers. Using one of the SaaS options such as LastPass adds ease of access.

For company/enterprise usage sharing passwords in groups/teams should be supported and preferably an on-prem option.

Private ranges
December 11, 2019 — 14:41

Author: silver  Category: network  Comments: Off

RFC1918 (IPv4)

  • 10.0.0.0 – 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

https://tools.ietf.org/html/rfc1918

https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

RFC1918 (IPv6)

  • fd00::/8

Uncompressed:

fd00:0000:0000:0000:0000:0000:0000:0000

Range start-end:

fd00:0000:0000:0000:0000:0000:0000:0000
fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

https://tools.ietf.org/html/rfc4193

https://tools.ietf.org/html/draft-delong-ula-example-00

https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml

nftables
December 11, 2019 — 14:32

Author: silver  Category: linux network  Comments: Off

nftables (nft) replaces iptables:

  • Debian (10 buster) links ‘iptables’ to ‘iptables-nft’ and ‘iptables-legacy’ is actually ‘iptables’
  • RH uses nft as as preferred firewall since RHEL8 and firewalld uses nft as backend

config

rules are located in:

  • Debian /etc/nftables.conf
  • RH /etc/sysconfig/nftables.conf

list

nft list ruleset

nft list chain ip filter INPUT

nft list tables nft list table ip filter

flush

nft flush ruleset

more info








We use Matomo free and open source web analytics