2003/12/17
ApacheToolbox
Apache Toolbox: One of the coolest tools I've seen lately.
2003/12/16
WebDAV and iDisks
So using the instructions from this site I set up WebDAV. This allowed me to do some DNS tricks to trick my mac into thinking a WebDAV share is an iDisk....which allows me to run the apple tool 'Backup' regularly. It's nice. Check it out.
2003/12/12
Netfilter
I've been spending a lot of time hacking up netfilter on linux 2.4 lately. Very cool stuff. I use it to firewall all my machines, including home. I've even managed to slow down the sending rate of my ethernet device to keep from filling the queue on my ADSL modem, maintaining good interactive sessions speed.
"The 2.2 and above Linux kernels include a completely redesigned network subsystem. This new networking code brings Linux performance and a feature set with little competition in the general OS arena. In fact, the new routing, filtering, and classifying code is more featureful than the one provided by many dedicated routers and firewalls and traffic shaping products."
If you wanted to just secure your home linux desktop, you could do something as simple as this:
#! /bin/sh
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
But if you had services to run, you would need to add a few lines above those, like this:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
There are endless things you can do, all documented in the URL's below.
I also highly recommend adding the following to the end of any iptables script you are developing:
# print your table so you can see what may have just gone wrong...
iptables -nL
echo "hit ctrl-c if it worked, otherwise, just wait..."
sleep 10
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
...to keep yourself from getting locked out.
Having trouble figuring out where all the packets are disappearing to? Check out the command below.
For those that wonder how to improve interactive performance on your DSL line or cable modem, try this comand:
# tc qdisc add dev eth1 root tbf rate $RATEkbit latency 50ms burst 1540
Where $RATE is a few percentage below the rate of your DSL or cable upstream bandwidth. To use this, you will probably need to load the tbf kernel module:
# insmod /lib/modules/2.4.x/kernel/net/sched/sch_tbf.o
IPTables Tutorial
The Journey of a Packet
Bandwidth Limiting
Traffic Shaping
And one of the best visual aids I've found is this diagram of the way incoming packets traverse the chains and filters.
"The 2.2 and above Linux kernels include a completely redesigned network subsystem. This new networking code brings Linux performance and a feature set with little competition in the general OS arena. In fact, the new routing, filtering, and classifying code is more featureful than the one provided by many dedicated routers and firewalls and traffic shaping products."
If you wanted to just secure your home linux desktop, you could do something as simple as this:
#! /bin/sh
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
But if you had services to run, you would need to add a few lines above those, like this:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
There are endless things you can do, all documented in the URL's below.
I also highly recommend adding the following to the end of any iptables script you are developing:
# print your table so you can see what may have just gone wrong...
iptables -nL
echo "hit ctrl-c if it worked, otherwise, just wait..."
sleep 10
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
...to keep yourself from getting locked out.
Having trouble figuring out where all the packets are disappearing to? Check out the command below.
For those that wonder how to improve interactive performance on your DSL line or cable modem, try this comand:
# tc qdisc add dev eth1 root tbf rate $RATEkbit latency 50ms burst 1540
Where $RATE is a few percentage below the rate of your DSL or cable upstream bandwidth. To use this, you will probably need to load the tbf kernel module:
# insmod /lib/modules/2.4.x/kernel/net/sched/sch_tbf.o
IPTables Tutorial
The Journey of a Packet
Bandwidth Limiting
Traffic Shaping
And one of the best visual aids I've found is this diagram of the way incoming packets traverse the chains and filters.
2003/12/10
Keeping Time in Sync
I usually do something simple like this:
# rdate -s timekeeper.isi.edu
I use an open stratum 1 (primary) time server from ISI.
More here: http://www.eecis.udel.edu/~mills/ntp/servers.html
But this document explains how to architect the correct solution.
tzselect or tzconfig (depending on your distro) will set your timezone, if you messed that up on install or never set it to begin with.
# rdate -s timekeeper.isi.edu
I use an open stratum 1 (primary) time server from ISI.
More here: http://www.eecis.udel.edu/~mills/ntp/servers.html
But this document explains how to architect the correct solution.
tzselect or tzconfig (depending on your distro) will set your timezone, if you messed that up on install or never set it to begin with.
2003/12/01
How to set up an encrypted SOCKS proxy
I downloaded, installed and compiled usocksd on my remote (home) server. I put the long command in a script so I wouldn't have to remember it.
#! /bin/bash -x
ssh -L44444:[remote]:12345 [remote] "usocksd -p 12345 -a[remote] -U[user]"
Where [remote] = remote server (at home) that is running usocksd and [user] = the proxy username.
Running the above script prompts you for your password and then for the password of the proxy, then launches in the foreground. I am using ssh from cygwin on my WindowsXP desktop at work.
Then you set up your software you want sent through the proxy. I set GAIM to use a SOCKS 5 proxy with the appropriate port settings. Now I can't have my AIM messages sniffed by anyone at work. Careful now, remember that is is only encrypted between your desktop and the proxy. For real encrypted AIM, I recommend Gaim-E. But for keeping The Man at bay, this works great.
This would of course, work with anything else that supports SOCKS, web browsing, IRC, etc.
#! /bin/bash -x
ssh -L44444:[remote]:12345 [remote] "usocksd -p 12345 -a[remote] -U[user]"
Where [remote] = remote server (at home) that is running usocksd and [user] = the proxy username.
Running the above script prompts you for your password and then for the password of the proxy, then launches in the foreground. I am using ssh from cygwin on my WindowsXP desktop at work.
Then you set up your software you want sent through the proxy. I set GAIM to use a SOCKS 5 proxy with the appropriate port settings. Now I can't have my AIM messages sniffed by anyone at work. Careful now, remember that is is only encrypted between your desktop and the proxy. For real encrypted AIM, I recommend Gaim-E. But for keeping The Man at bay, this works great.
This would of course, work with anything else that supports SOCKS, web browsing, IRC, etc.
List - Tools - The Freefire Project
VI Tricks
How to pipe the internal VI buffer thru an external program and back.
%! command
example:
:%! sort
or
:%! awk '{print $1}'
Sweet. Remember this kiddies, it's hella useful.
%! command
example:
:%! sort
or
:%! awk '{print $1}'
Sweet. Remember this kiddies, it's hella useful.
