SSH key-based authentication

First, generate a key without password:

root@example:~# ssh-keygen -f ~/.ssh/id_rsa -q -P ""

You will see id_rsa and id_rsa.pub

root@example:~# ls -la .ssh
total 20
drwx------ 2 root root 4096 Nov 18 15:19 .
drwx------ 7 root root 4096 Apr 14  2018 ..
-rw------- 1 root root 1679 Nov 18 15:19 id_rsa
-rw-r--r-- 1 root root  401 Nov 18 15:19 id_rsa.pub
-rw-r--r-- 1 root root  444 Sep 22  2017 known_hosts

Read more “SSH key-based authentication”

acgrep.sh

https://github.com/xdth/misc/blob/master/acgrep.sh


#!/bin/bash

######################### acgrep.sh v0.1 ###############################
# This script will grep a given set of strings from a text file (syslog)
# and output the result, excluding lines containing another set of
# strings, to a specified location, with a dated file name.
#
# The script will then delete all files in the destination folder older
# than X days and change the ownership of the resulting files to the
# web server.
#
# It can be used, for example, to generate logs from AssaultCube or
# UrbanTerror servers, one log per server.
#
# author: dth@dthlabs.com
#
# To run daily, add to your cron:
# 0 */1 * * * /root/aclogs/acgrep.sh

# #######################################################################
# ## Parameters

# The file to grep
acgrep_filePath="/var/log/syslog"

# Location where the files will be generated. Keep the trailing slash.
acgrep_destinationPath="/root/aclogs/"

# grep this string
acgrep_string="AssaultCube"

# The AC servers' ports
acgrep_substrings="28763 8000 9000 10000 16000"

# Delete generate files after this amount of days
acgrep_keep_days=7

# Regex to skip lines containing these strings
acgrep_skipline="/xskip\|pwd/d"

# #######################################################################
# ## Functions

function acgrep_init {
# feed $YESTERDAY with the syslog format "Jan 31"
YESTERDAY=$(date -d "yesterday 06:00" '+%b %d')
# feed $YESTERDAY2 with yesterday's date in the format 2018-01-31
YESTERDAY2=$(date -d "yesterday 06:00" '+%Y-%m-%d')
}

function acgrep_finish {
# Make destination folder readable to the web server
chown www-data:www-data -R "$acgrep_destinationPath"

# Delete file older than x days
/usr/bin/find "$acgrep_destinationPath" -mtime +$acgrep_keep_days -type f -delete
}

function acgrep_main {
# initialize date variables
acgrep_init

# main loop
for i in $acgrep_substrings
do
# cat /var/log/syslog | grep "AssaultCube" | grep "$YESTERDAY" | grep 8000 > /home/dth/8000_2018-01-31.txt
sed $acgrep_skipline $acgrep_filePath | grep $acgrep_string | grep "$YESTERDAY" | grep $i > "$acgrep_destinationPath"$i"_"$YESTERDAY2.txt
done

# clean up and finish
acgrep_finish
}

# Execute
acgrep_main

Linux LAN domain – BIND9 and Debian

Disclaimer :: the information in this post was altered in order to avoid disclosing the real details of our internal network.

I wanted to change my LAN domain to srv.dth. All devices connected to my network must resolve this domain automatically and certain devices will have their own FQDN, like: printer.srv.dth.


domain:  srv.dth
network: 10.0.0.0
host:    hs.srv.dth       // "home server", machine where the DNS server will run
host IP: 10.0.0.10

devices:
router.srv.dth            // ISP router
router1.srv.dth           // Home network
router2.srv.dth           // Lab 
hs.srv.dth                // DNS server
printer.srv.dth           // Printer
cam0.srv.dth              // Security cameras
cam1.srv.dth
cam2.srv.dth

Read more “Linux LAN domain – BIND9 and Debian”

USB device encrypted LVM on LUKS

Let’s encrypt an external USB hard disk drive. Get root already and type lsblk. Then insert the USB key and check its name by typing lsblk again. In my case, it was sdb1, but yours might be different. Get yours right, or bad things can happen to your other devices.

[root@slayer dth]# lsblk
NAME                    MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
...
sdb                       8:16   0   1.8T  0 disk  
└─sdb1                    8:17   0   1.8T  0 part  
...

Read more “USB device encrypted LVM on LUKS”

Quick proxy script for sharing internet among devices

I created this script to automatize sharing of the hotspot connection I’m using.

Scenario:
My laptop is connected to the hotspot wifi. This internet connection will be shared to a router via an ethernet cable (which is also plugged to the laptop). The router then will distribute the connection to multiple devices.

Read more “Quick proxy script for sharing internet among devices”

Adding a (hidden) folder to your Linux $PATH

Create a hidden .bin folder somewhere you like. I did it on my home folder:

mkdir ~/.bin

You can add this folder to your $PATH by adding to .bashrc:

## Path
export PATH=$PATH:/home/dth/.bin

Now let’s test by adding a bash script I wrote called qdb (creates SQL DB, user and pwd)

cd ~/.bin && wget https://raw.githubusercontent.com/xdth/qdb/master/qdb

Read more “Adding a (hidden) folder to your Linux $PATH”