November 2018

How fast is my boot? (Linux)

28/11/2018 FN Comments 0 Comment

PROBLEM: SSH is disconnecting after a short time! SOLUTION: Edit SSH server configuration and increase timeout. [?] Boot what? https://www.computerhope.com/jargon/b/boot.htm It is good to reboot the machine and run these 3 commands to understand what is happening during boot and how fast it was. This will show kernel and userspace boot start time.

root@server:~# systemd-analyze

1	root@server:~# systemd-analyze

OUTPUT:

Startup finished in <strong>3.972s</strong> (kernel) + <strong>9.259s</strong> (userspace) = <strong>13.232s</strong>
graphical.target reached after 7.717s in userspace

1 2	Startup finished in <strong>3.972s</strong> (kernel) + <strong>9.259s</strong> (userspace) = <strong>13.232s</strong> graphical.target reached after 7.717s in userspace

Show services startup order:

root@server:~# systemd-analyze blame

1	root@server:~# systemd-analyze blame

And to show very detailed report run:

root@server:~# dmesg

1	root@server:~# dmesg

And now you should determine what is slowing down your boot!

SSH Timeout? (Linux)

27/11/2018 FN Comments 0 Comment

PROBLEM: I would like to see how fast is boot of my machine! SOLUTION: No problem! [?] What is SSH? https://www.youtube.com/watch?v=X9jAjG3PWPo By adjusting SSH timeout we can achieve a balance between security (if you forget to close your SSH client) and irritating interruption of your work. You can adjust configure your client or server. I prefer to do this on the server, because you don’t have to do this on every client for every user. Just edit SSH deamon config…

Read More Read More

OpenVPN in 5 minutes! (Linux)

22/11/2018 FN Comments 0 Comment

PROBLEM: I have Ubuntu machine and I would like to use it as a VPN server. SOLUTION: Easy 5 minutes setup! [?] What is VPN? https://thebestvpn.com/what-is-vpn-beginners-guide/ 1.0 Find your IP (it has to be public), in my case it is (example) 1.2.3.4.

root@server:~# ifconfig

1	root@server:~# ifconfig

Output:

eth0: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt;  mtu 1500
        inet <strong><span style="color: #ff0000;">1.2.3.4</span></strong>  netmask 255.255.255.0  broadcast 1.2.3.4
        inet6 fff::fff:ff:f  prefixlen 64  scopeid 0x20
        ether ff:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 1333033  bytes 1624453300 (1.6 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1368419  bytes 939479780 (939.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet <strong><span style="color: #ff0000;">1.2.3.4</span></strong> netmask 255.255.255.0 broadcast 1.2.3.4

inet6 fff::fff:ff:f prefixlen 64 scopeid 0x20

ether ff:00:00:00:00:00 txqueuelen 1000 (Ethernet)

RX packets 1333033 bytes 1624453300 (1.6 GB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 1368419 bytes 939479780 (939.4 MB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

2.0 Download openvpn-install.sh script

root@server:~# wget https://git.io/vpn -O openvpn-install.sh

1	root@server:~# wget https://git.io/vpn -O openvpn-install.sh

2.1 Runs the script!

root@server:~# bash openvpn-install.sh

1	root@server:~# bash openvpn-install.sh

Use IP address you discovered in step 1, use port 1194 (standart OpenVPN port). Pick your favourite DNS service and put name of the first…

Read More Read More

Connect to your server using FileZilla (Windows)

22/11/2018 FN Comments 0 Comment

PROBLEM: I want some files from my linux server! SOLUTION: Use FileZilla! [?] Get FileZilla client today! https://filezilla-project.org/ Open Site Manager (CTRL+S) and create New Site Switch Protocol to SFTP, put server’s IP and port number (by defautl it is 22). Choose Logon Type – Normal is basic username / password auth. if you are using certificates choose Key file instead. And Connect! And you should see your home folder now! You can start transfer data to our from your server!

List active connections on OpenVPN (Linux)

21/11/2018 FN Comments 0 Comment

PROBLEM: I would like to check all active connections to my VPN server. SOLUTION: Simple one line command CAT just simply shows what is inside the status log with current connections and IP addresses.

root@server:~# cat /etc/openvpn/openvpn-status.log

1	root@server:~# cat /etc/openvpn/openvpn-status.log

OUTPUT (1.2.3.4 is a host address with port used)

OpenVPN CLIENT LIST
Updated,Wed Nov 21 17:53:43 2018
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
srvrv,1.2.3.4:5552,1159072,4339219,Wed Nov 21 17:47:54 2018
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.5.0.2,srvrv,1.2.3.4:5552,Wed Nov 21 17:53:42 2018
GLOBAL STATS
Max bcast/mcast queue length,1
END

OpenVPN CLIENT LIST

Updated,Wed Nov 21 17:53:43 2018

Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since

srvrv,1.2.3.4:5552,1159072,4339219,Wed Nov 21 17:47:54 2018

ROUTING TABLE

Virtual Address,Common Name,Real Address,Last Ref

10.5.0.2,srvrv,1.2.3.4:5552,Wed Nov 21 17:53:42 2018

GLOBAL STATS

Max bcast/mcast queue length,1

END

Restrict SSH access from specific IP /e.g. VPN/ (Linux)

21/11/2018 FN Comments 0 Comment

PROBLEM: Everyone can test SSH access on my server SOLUTION: Use ufw to allow connection only from specified network Just use simple ufw command, where 10.5.0.0/24 is your e.g. VPN network (or you can use your public IP) and port number is desired port for SSH (can be adjusted in /etc/ssh/sshd_config).

root@server:~# ufw allow from 10.5.0.0/24  to any port 22

1	root@server:~# ufw allow from 10.5.0.0/24 to any port 22

Disable telnet now or cry later (CISCO)

13/11/2018 FN Comments 0 Comment

PROBLEM: Enabled telnet as a security vulnerability. SOLUTION: Disable telnet and enable SSH [?] Telnet vs. SSH https://www.ssh.com/ssh/telnet Telnet is a way how to remotely control something. This sounds great, but you should know telnet has been developed in the 1960’s and it is unencrypted. So everyone with e.g. Wireshark can read your username & password combo. The more secure way how to access your devices over the net is using SSH, which is significantly more secure. //Just use this code…

Read More Read More

Router redundany using HSRP (CISCO)

13/11/2018 FN Comments 0 Comment

PROBLEM: I would like would like to use the second router/switch as a backup one. SOLUTION: Use very simple HSRP! [?] What is EIGRP? https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html Let’s have a look at the topology diagram, at first: We can see two networks (A, B) and two Routers (1, 2). We would like to keep one router as a primary (e.g. Router 1) and the second one as a backup. So e.g. if Router 1 goes down, we can still access the other network through Router…

Read More Read More

Devil’s VLAN 666? (NETWORKING/CISCO)

12/11/2018 FN Comments 0 Comment

PROBLEM: What the hell stands VLAN 666 for? SOLUTION: Native VLAN feature! [?] What is VLAN? https://study-ccna.com/what-is-a-vlan/ In most of the times, you can observe Vlan1 on your switch to be down / administratively down. And this is fine and correct, simply because of security reasons. Vlan1 is default Vlan so it cannot be deleted, but we can disable it and create another Vlan and force it to behave as the native one. By default, all ports are under Vlan 1, which…

Read More Read More

Simple HTTPS redirect using .htaccess (WEB)

09/11/2018 FN Comments 0 Comment

PROBLEM: I have SSL certificate installed, but web is still on http instead of https. SOLUTION: Put simple code to your .htaccess file. [?] How secure is HTTPS today? https://www.eff.org/deeplinks/2011/10/how-secure-https-today //Put this code into your .htaccess file

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.filipniko.cz/$1 [R,L]

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.filipniko.cz/$1 [R,L]

Credit: https://serverguy.com/servers/redirect-http-to-https/

FN

My 'wiki'

Browsed by
Month: November 2018

How fast is my boot? (Linux)

28/11/2018 FN Comments 0 Comment

SSH Timeout? (Linux)

27/11/2018 FN Comments 0 Comment

OpenVPN in 5 minutes! (Linux)

22/11/2018 FN Comments 0 Comment

Connect to your server using FileZilla (Windows)

22/11/2018 FN Comments 0 Comment

List active connections on OpenVPN (Linux)

21/11/2018 FN Comments 0 Comment

Restrict SSH access from specific IP /e.g. VPN/ (Linux)

21/11/2018 FN Comments 0 Comment

Disable telnet now or cry later (CISCO)

13/11/2018 FN Comments 0 Comment

Router redundany using HSRP (CISCO)

13/11/2018 FN Comments 0 Comment

Devil’s VLAN 666? (NETWORKING/CISCO)

12/11/2018 FN Comments 0 Comment

Simple HTTPS redirect using .htaccess (WEB)

09/11/2018 FN Comments 0 Comment