Posts Tagged ‘ALL’

Linux: How to sync user files with rsync on every root user logout – useful for Clusters

Monday, April 6th, 2020

rsync-how-to-transfer-locally-remotely-and-synchronize

For those who run Redhat Linux Enterprise servers / Suse Enterprise Linux or any other Linux distribution with some kind of Application clustering such as Pacemaker ( PCM ) / Corosync and OpenSSH
which are supposed to be always identical in terms of configurations files in /etc/ configurations of haproxy /etc/hosts* below are few steps to follow to always keep files from server1 to server2 the same.

1. Create rsyncuser on 1st machine and second machine

– Create user with useradd on node1 and node2 and generate RSA SSH key pair with ssh-keygen command.

– Copy id_rsa.pub from local server1 host to remote host server2

– Test and confirm remote passwordless authentication is working

– To make rsyncuser be able to copy files with root privileges

echo ‘rsyncuser ALL=NOPASSWD:/usr/bin/rsync’ >> /etc/sudoers

For indepth descriptions of above steps please check my previous artice

Rsync copy files with root privileges between servers with root superuser account disabled.

2. CREATE sync-commands file desired to be executed on logout from the system of the user into
some file like /root/sync_check.sh

root@host # vim /root/sync_check.sh
#!/bin/sh
# sync logout script
echo "###################checking sync Line1 and Line2 now ################"
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/hosts.deny rsyncuser@server2:/etc/hosts.deny
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/haproxy/certs/*.* rsyncuser@server2:/etc/haproxy/certs/
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/haproxy/*.cfg rsyncuser@server2:/etc/haproxy/
echo "################### done sync_check.sh ################"

3. Edit root lougout-script /root/.bash_logout

root@host # vi /root/.bash_logout
== Append the following lines:
# ~ / .bash_logout
echo "################### run root bash_logout ################"
/root/sync_check.sh
echo "################### root logged out ################"
== Save and close the file.

– To make the rsync to sync some specific files such as user's personal home directory etc. and hence you need it to be user wide you can add the file to be executed for all users via
/etc/bashrc or /etc/profile

What you will have as a result is an an override copy of /etc/hosts.deny /etc/haproxy/certs* /etc/haproxy/*.cfg on each and every root logout.
The meaning of all this is to make sure this 3 files always stay identical, to prevent someone to mess up some configuration by mistake and on next haproxy standby / reload to not load with unworking config due to the user stupidity.

That's all folks. Test it and be happy 🙂

Tags: Account, ALL, and, ANY, application, are, authentication, bashrc, Below, between, bin, certs, cfg, check, checking, copy files, logout, rsync, script, synchronize user data on logout
Posted in Everyday Life, Linux, System Administration | No Comments »

The Athonite Monks in Holy Mount Athos serves an All Night Vigil prayer to God to stop Coronavirus COVID-19 epidemic

Saturday, March 28th, 2020

Holy-Mount-Athos-call-for-prayer-for-delivery-of-the-terrible-Coronavirus-COVID-19-All-monasteries-pray-all-night-for-healing-of-mankind

In the Eastern Orthodox World to which my homeland Bulgaria belongs is deeply saddened and worried about the all time worsening situation with the New Worldwide pandemics which caused suffering and death to already thousands of people. We the Orthodox Christians have the rule that if you can't manage a problem you have to pray God to fix the problem and repent and try to fix what is at your power. This is exactly what pushed the Monks from Biggest on Earth Monk Republic situated on an Island near Greece the Holy Mount Athos to create a All Monasteries Night Vigil for concillation of the The God the Holy Trinity – The Father, The Son and The Holy Spirit with the mankind who has done a terrible deeds over the last 30 years against Gods well known law.

All kind of well known and prohibited sins about which the Holy Church, The Saint Writtings, Church Tradition and The Holy Bible warned us would cause a mass suffering, deaths and a havoc, that their unfollowing will bring. As the warnings and signs given by God to mankind in the form of various Cataclysms especially visible in Italy over the last few years and in virtually all countries has been ignored and the attention of the people was falsely led to material stuff and for the never ending consumer needs by the spiritually highly blind mankind, well it is not strange the payback for the Godlessness of mankind is at hand with the quickly spreading new infectious disease codenamed Coronavirus COVID-19.

Of course atheists reject that and they are giving the result of the Coronavirus to Biological Warfare / animal origin or simply a human hygiene breach, but nomatter that for anyone that has the desire to see it, it is clear that what is happening is one of the many God's mercies to mankind.

As over the centuries many times we were send the Lord, other misfortunes wars and epidemics as an attempt to save us and bring up our eyes out of the material things which are doomed to be gone one day to the Heavenly and All time lasting spiritual things.
Since the boom of the COVID-19 pandemics, Monks from Holy Mount Athos has made a Call to all Orthodox Christians world wide from All the Holy Eastern Orthodox country 14 Churches and every Orthodox Christian on Earth to read every day at 21:00 o'clock psalms and a special prayers to The well Known helper in Epidemics and Deadly diaseses Saint Haralambos (Св. Харалампий) / Saint Charalampos of Magnesia on the Maeander (Greek city in Ionia so called Asia Minor).

and the Mother of God (Theotokos) called Acathist to Panagia ( Всецарица ) Pantanassa – a miraculous icon of the Virgin Mary from the holy and great Monastery of Vatopedi, Mount Athos, Greece depicting the Theotokos enthroned and holding her son Lord Jesus Christ.

As the result of this Pandemics would be a prison like state for humanity economics and a decay of civillization as we know it and the clear realization of the Monks on Holy Athos whose spiritual seeing has been widely open to see the things happening on earth such as they're and the overall late temptations within the Church and the actions of some of the Hierarchs that are trying to destroy the unity and love we had for the last 2020 years …

The athonites today decided to pray all night long continuously as they do on a Big Christian feasts such as Resurrection, Nativity and Dormition etc. (which by the way for the Athos island are relatively common but all monasteries all Night vigil together is unique and only happened in most harsh times in human history, where full spiritual backup was necessery).

In each and every monastery just like in every Holy Liturgy served we pray for the inceasingly praying for the sick with Coronavirus, the lonely, the suffering the hungry, the saddened, people in pay for our parents, grandma, grandpas, sons daughters all Nations the God-fearing governmental powers and us the childs of the Holy Eastern Orthodox Church.

This prayer is to be streamed straight from the Monasteries is to be streamed online for everyone who can to be unite to become part of the prayer by listening it and secretly repeating deep in his heart the prayer that is said to be giving the highest goods on earth, the so called Jesus Prayer.

This prayer is very simple and the long version os if consists of the words "Lord Jesus Christ, Son of the Blessed God, have mercy of me the sinner!".
The shorter one is simply "Lord Jesus Christ Have mercy on me", and the shortest one is "Lord Have Mercy".
Monks on Athos depending on their nationality repeat "Lord Have Mercy, Lord Have Mercy, Lord Jesus Christ have mercy on me …" in Greek Bulgarian, Romanian, Serbian, Greek, Georgian, Russian etc. praying for themselves and benefitting from the spiritual well of Eternity spreading this Grace through themselves for the world.

Lets not forget that the Holy Bible and The experience from the Church history and tradition, tells us about multiple epidemics such as Black Death who were destroyed by many miracles for the humility and prayers of the saintly man and the merfiness of Christ and his Holy Mother The Holy Theotoks Virgin Mary and numerous Saints.

It is in the Church tradition in this heavy times of pestilence to make Lithia (Holy Cross Procession, Procession with Miracle making icons, Holy relics from saints) has been used to put an end to the diseases and the God's grace which has been attarcted for the faith of People and their timely repentance stopped the diseases, this can be checked in multiple ancient manuscripts and history books, written by various historions.

Also the story of the paralytic, the blindly born, the lepper, the deaf and innumerous other sick people is found in the Bible and we read that they were easily healed by the savior, so we need to come back to our faith, which we have changed with the Friday lustful enjoyment meet in Discos, Caffeterias, Bars Cinema, Theather and kind of spiritually unhealthy and most of time unusuable activities from the perspective of the Eternal Soul…

Perhaps it is not a coincidence that this difficult for every living soul situation happened exactly during the time of the Great Lent in which the whole Church is praying to God for forgiveness of the multitude of sins done since the last year Lent time …

Let us pray that this terrible disease who is physically separating us, do on the contrary unite us and bring us spiritual-growth, Knowledge of God, turning out from the sinful habits, thoughts and deeds to do what is pleasant good and wonderful as the Bible says and which has been the ultimate reason why we Human were created in the Beginning.

Lord Jesus Christ son of the Blessed God have mercy on us the Sinners !!!! Lord Jesus Save and Heal the Sick, protect the Healthy, give us repentance, give us your love and strenght, forgive us our terrible sins, be with us always until the End of Ages and in all Eternity !

Amen

Tags: about, ALL, amen, and, Animal, are, atheists, attempt, BACK, beginning, bible, BIG, black, Blessed, books, boom, bulgaria, Bulgarian, Call, Holy Mount Athos
Posted in Christianity, Everyday Life | No Comments »

How to unlock AIX user UNIX account / Reset failed login count

Thursday, January 30th, 2020

As part of my daily sysadmin job I had to unlock the user of a colleague who had been locked on some obscure AIX UNIX machine.
IBM AIX Operating System is used mainly for corporate crtical applications within Airports, Financial institutions Banks, U.S Army, Navy, the Stock Exchange etc.

Due to its complexity and price and the lack of people with any expertise, it is now only used for a critical businesses for its great possibilities of Native Application clustering etc.

But enough rant if you happen to come around AIX and need to reset failed login counter which is part of AIX integrated Login Security and blocks the user
after a preset count number here is how.

1. Become superuser

# su – root

2. Check the number of previous unsucessful logins for the account to confirm it is blocked

# lsuser -a unsuccessful_login_count <userid>

i.e.

# lsuser -a unsuccessful_login_count hipo
hipo unsuccessful_login_count=10

3. Reset unsucessful login counter

# chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s hipo

4. Unlock the locked account

# chuser account_locked=false hipo

5. Lock account

If for some reason you need to lock some old and no longer used user (instead of completely deleting it).

# chuser account_locked=true hipo

6. Check account lock / unlock state

# lsuser hipo
hipo id=2086 pgrp=group groups=users,admin home=/home/hipo shell=/usr/bin/bash gecos=Official Name login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=7 registry=files SYSTEM=compat logintimes= loginretries=3 pwdwarntime=14 account_locked=false minage=1 maxage=13 maxexpired=12 minalpha=1 minloweralpha=0 minupperalpha=0 minother=1 mindigit=1 minspecialchar=0 mindiff=3 maxrepeats=2 minlen=8 histexpire=40 histsize=10 pwdchecks= dictionlist= default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 time_last_login=XXXXXXXXXXXX time_last_unsuccessful_login=XXXXXXXXXXX tty_last_login=ssh tty_last_unsuccessful_login=ssh host_last_login=10.10.10.1 host_last_unsuccessful_login=1.2.3.4 unsuccessful_login_count=0 roles=

7. How to reset failed login counter on RedHat / CentOS Linux

Corporate Linux distributions like RHEL / CentOS and SLES have also a similar security feature that allows the sysadmin to block user after a number of unsucessful login count.
To unblock a prohibited to login user, less say due to multiple failure to remember his own password do:

[root@linux: ~]# pam_tally2 –user=Username pam_tally2 –user=Username –reset

Tags: Account, admin, after, AIX, ALL, allows, and, ANY, application, applications, Army, around, bin, Blocks, CentOS, centos linux, check, colleague, complexity, core
Posted in AIX, Linux, System Administration | No Comments »

Linux show largest sized packages / Which Deb, RPM Linux installed package use most disk space and How to Free Space for critical system updates

Sunday, January 12th, 2020

linux-show-largest-sized-packages-which-deb-rpm-linux-package-use-most-disk-space-to-free-space-for-critical-system-updates

A very common problem that happens on both Linux installed servers and Desktop Linux is a starting to fill / (root partition). This problem could happen due to several reasons just to point few of them out of my experience low disk space (ending free space) could be due to:

– Improper initial partitioning / bad space planning / or OS install made in a hurry (due to time constrains)
– Linux installed on old laptop machine with low Hard Disk Drive capacity (e.g. 80 Giga / 160 GB)
– Custom user partitioning on install time aiming for a small root partition originally and changing space requirements in time
– Due to increasing space taken by Linux updates / user stored files etc / distribution OS Level upgrades dist-upgrades.
– Improperly assigned install time partitions cause of lack of knowledge to understand how partitioning is managed.
– Due to install being made in a hurry
– Linux OS installed on a Cloud based VPN (e.g. running) in a Cloud Instance that is hosted in Amazon EC2, Linode, Digital Ocean, Hostgator etc.

So here is a real time situation that happened me many times, you're launching an apt-get upgrade / apt-get dist-upgrade or yum upgrade the packages are about to start downloading or downloaded and suddenly you get a message of not enough disk space to apply OS package updates …
That's nasty stuff mostly irritating and here there are few approaches to take.

a. perhaps easiest you can ofcourse extend the partition (with a free spaced other Primary or Extended partition) with something like:

parted (the disk partitioning manipulator for Linux), gparted (in case if Desktop with GUI / XOrg server running)

b. if not enough space on the Hard Disk Drive or SSD (Solid State Drive) and you have a budget to buy and free laptop / PC slot to place another physical HDD to clone it to a larger sized HDD and use some kind of partition clone tool, such as:

dd
clonezilla
rsync
Mondo GPL Rescue Disaster recovery
Fog – Free Open Source network computer cloning tool

or any of the other multiple clone tools available in Linux.

But what if you don't have the option for some reason to extend the paritiotn, how can you apply the Critical Security Errata Updates issued to patch security vulnerabilities reported by well known CVEs?
Well you can start with the obvious easy you can start removing unnecessery stuff from the system (if home is also stored on the / – root partiiton) to delete something from there, even delete the /usr/local/man pages if you don't plan to read it free some logs by archiving purging logs from /var/log/* …

But if this is not possible, a better approach is simply try to remove / purge any .deb / .rpm whatever distro package manager packages that are not necessery used and just hanging around, that is often the case especially on Linux installed on Notebooks for a personal home use, where with years you have installed a growing number of packages which you don't actively use but installed just to take a look, while hunting for Cool Linux games and you wanted to give a try to Battle of Wesnoth / FreeCIV / AlienArena / SuperTux Kart / TuxRacer etc. or some GUI heavy programs like Krita / Inskape / Audacity etc.

To select which package might be not needed and just takes space hence you need to to list all installed packages on the system ordered by their size this is different in Debian based Linuces e.g. – Debian GNU / Linux / Ubuntu / Mint etc. and RPM based ones Fedora / CentOS / OpenSuSE

1. List all RPM installed packages by Size on CentOS / SuSE

Finding how much space each of the installed rpm packages take on the HDD and displaying them in a sorted order is done with:

rpm -qa –queryformat '%10{size} – %-25{name} \t %{version}\n' | sort -n

From the command above, the '%10{size}' option aligns the size of the package to the right with a padding of 10 characters. The '%-25{name} aligns the name of the package to the left, padded to 25 characters. The '%{version} indicates the version and 'sort -n' flag sorts the packages according to size from the smallest to the largest in bytes.

2. List all installed RPM packages sorted by size on Fedora

Fedora has introduced the dnf package manager instead of yum, to get how much size individual rpm package occupies on system:

dnf info samba
Available Packages
Name : samba
Arch : x86_64
Epoch : 2
Version : 4.1.20
Release : 1.fc21
Size : 558 k
Repo : updates
Summary : Server and Client software to interoperate with Windows machines
URL : http://www.samba.org/
License : GPLv3+ and LGPLv3+
Description : Samba is the standard Windows interoperability suite of programs
: for Linux and Unix.

To get a list of all packages on system with their size

dnf info * | grep -i "Installed size" |sort -n

3. List all installed DEB packages on Debian / Ubuntu / Mint etc. with dpkg / aptitude / apt-get and wajig

The most simple way to get a list of largest packages is through dpkg

# dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n
brscan4
6 default-jre
6 libpython-all-dev
6 libtinfo-dev
6 python-all
6 python-all-dev
6 task-cinnamon-desktop
6 task-cyrillic
6 task-desktop
6 task-english
6 task-gnome-desktop
6 task-laptop
6 task-lxde-desktop
6 task-mate-desktop
6 task-print-server
6 task-ssh-server
6 task-xfce-desktop
8 mysql-client
8 printer-driver-all
…
…
207766   libwine
215625   google-chrome-stable
221908   libwine
249401   frogatto-data
260717   linux-image-4.19.0-5-amd64
262512   linux-image-4.19.0-6-amd64
264899   mame
270589   fonts-noto-extra
278903   skypeforlinux
480126   metasploit-framework

above cmd displays packages in size order, largest package last, but the output will include also size of packages, that used to exist,
have been removed but was not purged. Thus if you find a package that is shown as very large by size but further dpkg -l |grep -i package-name shows package as purged e.g. package state is not 'ii' but 'rc', the quickest work around is to purge all removed packages, that are still not purged and have some configuration remains and other chunks of data that just take space for nothing with:

# dpkg –list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg –purge

Be cautious when you execute above command, because if for some reason you uninstalled a package with the idea to keep old configuration files only and in case if you decide to use it some time in future to reuse already custom made configs but do run above purge commands all such package saved kept configs will disappear.
For people who don't want to mess up with, uninstalled but present packages use this to filter out ready to be purged state packages.

# dpkg-query -Wf '${db:Status-Status} ${Installed-Size}\t${Package}\n' | sed -ne 's/^installed //p'|sort -n

aptitude – (high level ncurses interface like to package management) can also be easily used to list largest size packages eating up your hard drive in both interactive or cli mode, like so:

# aptitude search –sort '~installsize' –display-format '%p %I' '~i' | head
metasploit-framework 492 MB
skypeforlinux 286 MB
fonts-noto-extra 277 MB
mame 271 MB
linux-image-4.19.0-6-amd64 269 MB
linux-image-4.19.0-5-amd64 267 MB
frogatto-data 255 MB
libwine 227 MB
google-chrome-stable 221 MB
libwine:i386 213 MB

–sort is package sort order, and ~installsize specifies a package sort policy.
installsize means 'sort on (estimated) installed size', and the preceding ~ means sort descending (since default for all sort policies is ascending).
–display-format changes the <you guessed :->. The format string '%p %I' tells aptitude to output package name, then installed size.
'~i' tells aptitude to search only installed packages.

How much a certain .deb package removal will free up on the disk can be seen with apt-get as well to do so for the famous 3D acceleration Graphic Card (enabled) or not test game extremetuxracer:

# apt-get –assume-no –purge remove "texlive*" | grep "be freed" |
awk '{print $4, $5}'

Perhaps, the easiest to remember and more human readable output biggest packages occupied space on disk is to install and use a little proggie called wajig to do so

# apt install –yes wajig

Here is how to pick up 10 biggest size packages.

root@jeremiah:/home/hipo# wajig large|tail -n 10
fonts-noto-cjk-extra 204,486 installed
google-chrome-stable 215,625 installed
libwine 221,908 installed
frogatto-data 249,401 installed
linux-image-4.19.0-5-amd64 260,717 installed
linux-image-4.19.0-6-amd64 262,512 installed
mame 264,899 installed
fonts-noto-extra 270,589 installed
skypeforlinux 278,903 installed
metasploit-framework 480,126 installed

As above example lists a short package name and no description for those who want get more in depth knowledge on what exactly is the package bundle used for use:

# aptitude search –sort '~installsize' –display-format '%30p %I %r %60d' '~i' |head

%30p %I %r %60d display more information in your format string, or change field widths, enhanced format string

Meaning of parameters is:

%30p : package name in field width=30 char
%I : estimated install size
%r : 'reverse depends count': approximate number of other installed packages which depend upon this package
%60d : package's short description in field width=60 char

wajig is capable is a python written and idea is to easify Debian console package management (so you don't have to all time remember when and with which arguments to use apt-get / apt-cache etc.), below is list of commands it accepts.

root@jeremiah:/home/hipo## wajig commands
addcdrom Add a Debian CD/DVD to APT's list of available sources
addrepo Add a Launchpad PPA (Personal Package Archive) repository
aptlog Display APT log file
autoalts Mark the Alternative to be auto-set (using set priorities)
autoclean Remove no-longer-downloadable .deb files from the download cache
autodownload Do an update followed by a download of all updated packages
autoremove Remove unused dependency packages
build Get source packages, unpack them, and build binary packages from them.
builddeps Install build-dependencies for given packages
changelog Display Debian changelog of a package
clean Remove all deb files from the download cache
contents List the contents of a package file (.deb)
dailyupgrade Perform an update then a dist-upgrade
dependents Display packages which have some form of dependency on the given package
describe Display one-line descriptions for the given packages
describenew Display one-line descriptions of newly-available packages
distupgrade Comprehensive system upgrade
download Download one or more packages without installing them
editsources Edit list of Debian repository locations for packages
extract Extract the files from a package file to a directory
fixconfigure Fix an interrupted install
fixinstall Fix an install interrupted by broken dependencies
fixmissing Fix and install even though there are missing dependencies
force Install packages and ignore file overwrites and depends
hold Place packages on hold (so they will not be upgraded)
info List the information contained in a package file
init Initialise or reset wajig archive files
install Package installer
installsuggested Install a package and its Suggests dependencies
integrity Check the integrity of installed packages (through checksums)
large List size of all large (>10MB) installed packages
lastupdate Identify when an update was last performed
listall List one line descriptions for all packages
listalternatives List the objects that can have alternatives configured
listcache List the contents of the download cache
listcommands Display all wajig commands
listdaemons List the daemons that wajig can start, stop, restart, or reload
listfiles List the files that are supplied by the named package
listhold List packages that are on hold (i.e. those that won't be upgraded)
listinstalled List installed packages
listlog Display wajig log file
listnames List all known packages; optionally filter the list with a pattern
listpackages List the status, version, and description of installed packages
listscripts List the control scripts of the package of deb file
listsection List packages that belong to a specific section
listsections List all available sections
liststatus Same as list but only prints first two columns, not truncated
localupgrade Upgrade using only packages that are already downloaded
madison Runs the madison command of apt-cache
move Move packages in the download cache to a local Debian mirror
new Display newly-available packages
newdetail Display detailed descriptions of newly-available packages
news Display the NEWS file of a given package
nonfree List packages that don't meet the Debian Free Software Guidelines
orphans List libraries not required by any installed package
policy From preferences file show priorities/policy (available)
purge Remove one or more packages and their configuration files
purgeorphans Purge orphaned libraries (not required by installed packages)
purgeremoved Purge all packages marked as deinstall
rbuilddeps Display the packages which build-depend on the given package
readme Display the README file(s) of a given package
recdownload Download a package and all its dependencies
recommended Display packages installed as Recommends and have no dependents
reconfigure Reconfigure package
reinstall Reinstall the given packages
reload Reload system daemons (see LIST-DAEMONS for available daemons)
remove Remove packages (see also PURGE command)
removeorphans Remove orphaned libraries
repackage Generate a .deb file from an installed package
reportbug Report a bug in a package using Debian BTS (Bug Tracking System)
restart Restart system daemons (see LIST-DAEMONS for available daemons)
rpm2deb Convert an .rpm file to a Debian .deb file
rpminstall Install an .rpm package file
search Search for package names containing the given pattern
searchapt Find nearby Debian package repositories
show Provide a detailed description of package
sizes Display installed sizes of given packages
snapshot Generates a list of package=version for all installed packages
source Retrieve and unpack sources for the named packages
start Start system daemons (see LIST-DAEMONS for available daemons)
status Show the version and available versions of packages
statusmatch Show the version and available versions of matching packages
stop Stop system daemons (see LISTDAEMONS for available daemons)
tasksel Run the task selector to install groups of packages
todo Display the TODO file of a given package
toupgrade List versions of upgradable packages
tutorial Display wajig tutorial
unhold Remove listed packages from hold so they are again upgradeable
unofficial Search for an unofficial Debian package at apt-get.org
update Update the list of new and updated packages
updatealternatives Update default alternative for things like x-window-manager
updatepciids Updates the local list of PCI ids from the internet master list
updateusbids Updates the local list of USB ids from the internet master list
upgrade Conservative system upgrade
upgradesecurity Do a security upgrade
verify Check package's md5sum
versions List version and distribution of given packages
whichpackage Search for files matching a given pattern within packages

4. List installed packages order by size in Arch Linux

ArchLinux is using the funny named package manager – pacman (a nice prank for the good old arcade game).
What is distinctive of pacman uses libalpm (Arch Linux Package Management (ALPM) library) as a back-end to perform all the actions.

# pacman -Qi | awk '/^Name/{name=$3} /^Installed Size/{print $4$5, name}' | sort -hr | head -25
296.64MiB linux-firmware
144.20MiB python
105.43MiB gcc-libs
72.90MiB python2
66.91MiB linux
57.47MiB perl
45.49MiB glibc
35.33MiB icu
34.68MiB git
30.96MiB binutils
29.95MiB grub
18.96MiB systemd
13.94MiB glib2
13.79MiB coreutils
13.41MiB python2-boto
10.65MiB util-linux
9.50MiB gnupg
8.09MiB groff
8.05MiB gettext
7.99MiB texinfo
7.93MiB sqlite
7.15MiB bash
6.50MiB lvm2
6.43MiB openssl
6.33MiB db

There is another mean to list packages by size using a ArchLinux tool called pacgraph

# pacgraph -c | head -25

Autodetected Arch.
Loading package info
Total size: 1221MB
367MB linux
144MB pacgraph
98MB cloud-init
37MB grub
35MB icu
34MB git
31698kB binutils
19337kB pacman
11029kB man-db
8186kB texinfo
8073kB lvm2
7632kB nano
7131kB openssh
5735kB man-pages
3815kB xfsprogs
3110kB sudo
3022kB wget
2676kB tar
2626kB netctl
1924kB parted
1300kB procps-ng
1248kB diffutils

4. Debian Goodies

Most debian users perhaps never hear of debian-goodies package, but I thought it is worthy to mention it as sooner or later as a sysadmin or .deb based Desktop user it might help you somewhere.

Debian-goodies is sall toolbox-style utilities for Debian systems
These programs are designed to integrate with standard shell tools,
extending them to operate on the Debian packaging system.
.
dglob – Generate a list of package names which match a pattern
[dctrl-tools, apt*, apt-file*, perl*]
dgrep – Search all files in specified packages for a regex
[dctrl-tools, apt-file (both via dglob)]
.
These are also included, because they are useful and don't justify
their own packages:
.
check-enhancements
– find packages which enhance installed packages [apt,
dctrl-tools]
checkrestart
– Help to find and restart processes which are using old versions
of upgraded files (such as libraries) [python3, procps, lsof*]
debget – Fetch a .deb for a package in APT's database [apt]
debman – Easily view man pages from a binary .deb without extracting
[man, apt* (via debget)]
debmany – Select manpages of installed or uninstalled packages [man |
sensible-utils, whiptail | dialog | zenity, apt*, konqueror*,
libgnome2-bin*, xdg-utils*]
dhomepage – Open homepage of a package in a web browser [dctrl-tools,
sensible-utils*, www-browser* | x-www-browser*]
dman – Fetch manpages from online manpages.debian.org service [curl,
man, lsb-release*]
dpigs – Show which installed packages occupy the most space
[dctrl-tools]
find-dbgsym-packages
– Get list of dbgsym packages from core dump or PID [dctrl-tools,
elfutils, libfile-which-perl, libipc-system-simple-perl]
popbugs – Display a customized release-critical bug list based on
packages you use (using popularity-contest data) [python3,
popularity-contest]
which-pkg-broke
– find which package might have broken another [python3, apt]
which-pkg-broke-build
– find which package might have broken the build of another
[python3 (via which-pkg-broke), apt]

Even simpler by that is to use dpigs shell script part of the debian-goodies package which will automatically print out the largest packages.

dpigs command output is exactly the same as 'dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -nr | head', but is useful cause you don't have to remember that complex syntax.

5. Checking where your space is gone in a Spacesniffer like GUI manner with Baobab

In my prior article Must have software on a new installed Windows 2 of the of the precious tools to set are Spacesniffer and WinDirStat.
Windows users will be highly delighted to know that SpaceSniffer equivallent is already present on Linux – say hello baobab.
Baobab is simple but useful Graphic disk usage overview program for those who don't want to mess to much with the console / terminal to find out which might be the possible directory candidate for removal. It is very simplistic but it does well what it is aimed for, to install it on a Debian or .deb based OS.

# apt install –yes baobab

baobab-entry-screen-debian-gnu-linux-screenshot

baobab Linux Hard Disk Usage Analyzer for GNOME. – It can easily scan either the whole filesystem or a specific user-requested branch (Iocal or remote)

baobab-entry-screen-debian-gnu-linux-directories-taking-most-space-pie-screenshot

Baobab / (root) directory statistics Rings Chart pie

baobab – Treemap Chart for directory usage sorted by size on disk

!!! Note that before removing any files found as taking up too much space with baobab – make sure this files are not essential parts of a .deb package first, otherwise you might break up your system !!!

KDE (Plasma) QT library users could use Qdirstat instead of baobab

qdirstat-on-gnu-linur checking what is the disk space bottleneck qdirstat KDE

6. Use ncdu or duper perl script tool to generate directory disk usage in ASCII chart bar

ncdu and duper are basicly the same except one is using ncurses and is interactive in a very simplistic interface with midnight commander.

# apt install –yes ncdu
# ncdu /root

# apt-get install –yes durep
# durep -td 1 /usr
[ /usr 14.4G (0 files, 11 dirs) ]
6.6G [############# ] 45.54% lib/
5.5G [########### ] 38.23% share/
1.1G [## ] 7.94% bin/
552.0M [# ] 3.74% local/
269.2M [ ] 1.83% games/
210.4M [ ] 1.43% src/
88.9M [ ] 0.60% libexec/
51.3M [ ] 0.35% sbin/
41.2M [ ] 0.28% include/
8.3M [ ] 0.06% lib32/
193.8K [ ] 0.00% lib64/

Conclusion

In this article, I've shortly explained the few approach you can take to handle low disk space preventing you to update a regular security updates on Linux.
The easiest one is to clone your drive to a bigger (larger) sized SATA HDD or SDD Drive or using a free space left on a hard drive to exnted the current filling up the root partition.

Further, I looked through the common reasons for endind with a disk being low spaced and a quick work around to free disk space through listing and purging larges sized package, this is made differently in different Linux distributions, because different Linux has different package managers. As I'm primary using Debian, I explained thoroughfully on how this is achieved with apt-get / dpkg-query / dpkg / aptitude and the little known debian-goodies .deb package manager helper pack. For GUI Desktop users there is baobab / qdirstat. ASCII lovers could enjoy durep and ncdu.

That's all folks hope you enjoyed and learned something new. If you know of other cool tools or things this article is missing please share.

Tags: about, again, ALL, alternative, alternatives, amazon, amd64, and, another, ANY, approximate number, apt-get, aptitude, archive, archive files, are, around, article, Ascii, audacity, baobab, check linux package size, deb, durep, ncdu, qdirstat, rpm, supertuxkart, wajig
Posted in Linux, Linux on Laptops, Various | 1 Comment »

Windows 7 how to configure Separator delimiter Divider between Pinned and Running Opened programs on Taskbar Classic theme pane

Saturday, October 12th, 2019

I've started to work as a External Consultant for Equens Worldline, who lately merged with Atos – a French multinational information technology.

As the company is mostly into the financial business and as any company that is involved with OLTP Online transaction processing , an information systems that typically facilitate and manage transaction-oriented applications, e.g. in a mortal language takes care for a numerous companies Credit / Debit card online payments.

Of course the technologies used both on a Server / Data Center level and for Employee personal used are a bit old fashioned. In that relation, most of the computers, I've seen used by Worldline – Atos including my work PC notebook is still running a custom version of Windows 7.

Once I had the Computer ready with the OS from the HelpDesk colleague, then it was ready to install, unfortunately, I didn't have administrator account on the Lenovo L serie laptop so I couldn't install applications. To get around this I've used PortableApps – the world's most popular portable software solution allowing you to take your favorite software with you with no need for any Installation and on Win OS computers, where you have limited access.
PortableApps is fully open source and free platform, it works from any synced cloud folder (DropBox, Google Drive, Box, etc), from your local PC on an internal or external drive, or on any portable storage device (USB flash drive, memory card, portable hard drive, etc). Because the applicatons are installed without being really binded to the Win OS, once the PortableApps ported Application is installed it can be easily moved by simply copying between PCs.

portableapps_windows_list-of-installable-programs-screenshot
PortableApps.com is currently used by millions of users all over the world and is the Largest Portable full collection of open source and freeware software, compatible commercial software, and partners in hardware industry for Microsoft Windows.

As I do often with the Windows fresh installed Windows machines I have to work on, install the great set of tools prior described in must have software on any fresh installed Windows OS as this is essential if you're a sysadmin or Advanced user for the daily work with the WinBlows

OS Graphical Interface simplicity is a crucial thing to me, cause if I have to work with Windows and spendan 8 hours each day 5 days a week in front of the Computer Display with this Complex unnecessery coloring (that Windows 7 / Windows 10 default Theme introduced), together with the visual aids on the Window Minimize and Maximize, puts a useless additional eye strain and besides that "fries" the brain (as the brain has to process all this mambo-jambo "virtual" reality graphics turning all down and up and mixing up the gamma of unreal colors for nothing …

So far so good I've set the needed software from above list and continued further to Change my Windows start menu to look like Windows 2000. Start menu and Theme To be the Classic Theme.

After setting up the Windows Classic Theme (which by the way is unfortunately, no longer available in Windows 10), I love to set my Windows Background picture to be a Sold Black Color, I do this as Black color is the less exhausting for the eyes – as one views the desktop picture thousand times and this is extra unnecessery work for the brain.

However next, unpleasant thing faced is even though now my Windows Start and Windows borders looked old-fashioned in the Windows 2000 Server, "wooden" style, the order of my (Open) Running applicaitons on the start menu bar were not isolated but were mixing, with the rest of my Pinned Program Starter icons

! Notice the Windows Media player icon being in the middle between the Lync, Firefox, Chrome and Internet Explorer line … !

I spend some time to rewind some memories on how I did make the pinned program to distinguish itself (separate) from the rest of the Opened Runnign Windows, and had in mind that I used some kind of separator added custom Toolbar, but the bad thing was I couldn't remember exactly how so I spend some good amount of time to Google around.

And found few articles on the topic proposing to add a new Custom empty launcher program of cmd.exe and change the icon of the empty launcher to a | graphical string
I've tried a lot of this approach but it didn't work and after some experimentations, finally I figured it out. The way to do it is to add a New Toolbar that is Pointing to a Directory with a list of Programs whose icons you want to have listed with icon launchers next to Start menu.

Here is step by step what I've done to achieve configuration of Hard Separator Delimiter between my Program Launchers and Running Applications.

1. Create a New Folder somewhere under your User Home directory, lets say:
C:\Users\Username\TaskbarPrograms

2. Add a shortcut or copy the programs starters (icons) to the TaskBar Programs

3. Unlock the Windows 7 Taskbar
E.g. Click over on any of the empty space on the taskbar after Windows Start menu button and untick Lock the Taskbar

4. Remove any Pinned programs (you have placed there earlier)

windows-7-unpin-program-from-taskbar

5. Again On an empty place on the Taskbar press the last button Mouse (Rightest button) to open Taskbar properties menu and
Go to ToolBars menu and Choose (New Toolbar)

new-toolbar-screenshot-windows-os-7

6. As a location for the new toolbar place C:\Users\Username\TaskbarPrograms

add-custom-Quick-Launch-Toolbar-Images-screenshot

The result should be that all the programs in the selected folder will appear in the Windows pane

8. Now go over the empty space of the Windows start menu bar
and untick Show Text / Show Title

9. Hold over the Taskbar Programs holder and drag and drop it constantly holding the left mouse button
and place it over the default separator Holder (for clarity marked in below screenshot as Marked over here).

10. Move the default separator that will appear on the left close to the list of shown applications
(shown in screenshot)

11. Open any of the applications (e.g. Firefox, Chrome, MobaXterm, Opera, RDP, VLC) the result should be a fine ordered icons. Hooray !!!

12. To make more space for the Opened Active (Running) Windows, a good hint is to stretch the start menu pane field – this is done by holding a right mouse button on the edge of the gray line, like shown in below screenshot.

Note that, you will need to remove any icons that are left over binded to the default separator (holder).

13. Finally on the Taskbar (empty space) menu with the Mouse, click again right mouse button and tick on the Lock the Taskbar

That's it now your Windows 7 start menu bar will look pretty much like Linux's GNOME 2.x and GNOME Mate, and if you're a a long years Linux Desktop user you will feel at home even on Windows 7.

To further tweak the Taskbar a very useful Program is Windows 7+ Taskbar Tweaker

"7+ Taskbar Tweaker allows you configure various aspects of the Windows taskbar which can't be tweaked via registry or taskbar properties. The tweaker is designed for Windows 7, Windows 8, Windows 8.1, and Windows 10.

windows-7-taskbart-tweaker-combine-grouped-buttons

I install it mostly because one single feature Combined Grouped Buttons which makes similar Windows to group together. Just having a number of Windows of the same type floating around the Taskbar is really irritating and becomes really confusing once multiple windows.

For example if you have opened 10 Windows of Explorer they will be group under the same window title pointer.

To make the Windows even more bizarre and feel more like a Linux powered Box go on and install MobaXterm as a substitute for Linux's gnome-terminal as well as the rest of things such as CygWin / GNUWin32 / GVim etc.

Also some good start up list of software I do install on new Windows Desktop PCs is described in my previous article Some standard software programs to install on Windows to make your Windows feel more like a Linux / Unix Desktop host

This time I did not needed that but on other locations another Windows useful hint I use every now and then is to set some custom programs (Lets say a PortableApps program) to Automatically run – described earlier in my earlier article how to add startup Windows 7 / 8 program run on startup.

P.S. I've tried to setup the same Classic Theme and Start menu button with the same order on Windows 10 OS, but even though a similar interface could be achieved, I've had problems with setting up the proper Running application Ordering, due to a different behavior of the Delimiter / Separators in Windows 10.

For me this Custom Windows interface and Window ordering works pretty well it saves me a lot of the eye strain and brain overcalculation for nothing.

After all, Lets not forget that God is in the Simplicity ! 🙂

Tags: access, Account, administrator, administrator account, after, again, aids, ALL, amount, and, another, ANY, application, applications, are, around, article, available, background, being
Posted in Everyday Life, Various, Windows | 1 Comment »

Scanning ports with netcat “nc” command on Linux and UNIX / Checking for firewall filtering between source and destination with nc

Friday, September 6th, 2019

Netcat ( nc ) is one of that tools, that is well known in the hacker (script kiddie) communities, but little underestimated in the sysadmin world, due to the fact nmap (network mapper) – the network exploratoin and security auditing tool has become like the standard penetration testing TCP / UDP port tool.

nc is feature-rich network debugging and investigation tool with tons of built-in capabilities for reading from and writing to network connections using TCP or UDP.

Its Plethora of features includes port listening, port scanning & Transferring files due to which it is often used by Hackers and PenTesters as Backdoor. Netcat was written by a guy we know as the Hobbit <hobbit@avian.org>.

For a start-up and middle sized companies if nmap is missing on server usually it is okay to install it without risking to open a huge security hole, however in Corporate world, due to security policies often nmap is not found on the servers but netcat (nc) is present on the servers so you have to learn, if you haven't so to use netcat for the usual IP range port scans, if you're so used to nmap.

There are different implementations of Netcat, whether historically netcat was UNIX (BSD) program with a latest release of March 1996. The Linux version of NC is GNU Netcat (official source here) and is POSIX compatible. The other netcat in Free Software OS-es is OpenBSD's netcat whose ported version is also used in FreeBSD. Mac OS X also comes with default prebundled netcat on its Mac OS X from OS X version (10.13) onwards, on older OS X-es it is installable via MacPorts package repo, even FreeDOS has a port of it called NTOOL.

The (Swiss Army Knife of Embedded Linux) busybox includes a default leightweight version of netcat and Solaris has the OpenBSD netcat version bundled.

A cryptography enabled version fork exists that supports that supports integrated transport encryption capabilities called Cryptcat.

The Nmap suite also has included rewritten version of GNU Netcat named Ncat, featuring new possibilities such as "Connection Brokering", TCP/UDP Redirection, SOCKS4 client and server support, ability to "Chain" Ncat processes, HTTP CONNECT proxying (and proxy chaining), SSL connect/listen support and IP address/connection filtering. Just like Nmap, Ncat is cross-platform.

In this small article I'll very briefly explain on basic netcat – known as the TCP Army knife tool port scanning for an IP range of UDP / TCP ports.

1. Scanning for TCP opened / filtered ports remote Linux / Windows server

Everyone knows scanning of a port is possible with a simple telnet request towards the host, e.g.:

telnet SMTP.EMAIL-HOST.COM 25

The most basic netcat use that does the same is achiavable with:

$ nc SMTP.EMAIL-HOST.COM 25
220 jeremiah ESMTP Exim 4.92 Thu, 05 Sep 2019 20:39:41 +0300

Beside scanning the remote port, using netcat interactively as pointing in above example, if connecting to HTTP Web services, you can request remote side to return a webpage by sending a false referer, source host and headers, this is also easy doable with curl / wget and lynx but doing it with netcat just like with telnet could be fun, here is for example how to request an INDEX page with spoofed HTTP headers.

nc Web-Host.COM 25
GET / HTTP/1.1
Host: spoofedhost.com
Referrer: mypage.com
User-Agent: my-spoofed-browser

2. Performing a standard HTTP request with netcat

To do so just pype the content with a standard bash integrated printf function with the included end of line (the unix one is \n but to be OS independent it is better to use r\n – the end of line complition character for Windows.

printf "GET /index.html HTTP/1.0\r\nHost: www.pc-freak.net\r\n\r\n" | nc www.pc-freak.net 80

3. Scanning a range of opened / filtered UDP ports

To scan for lets say opened remote system services on the very common important ports opened from UDP port 25 till, 1195 – more specifically for:

UDP Bind Port 53
Time protocol Port (37)
TFTP (69)
Kerberos (88)
NTP 123
Netbios (137,138,139)
SNMP (161)
LDAP 389
Microsoft-DS (Samba 445)
Route BGP (52)
LDAPS (639)
openvpn (1194)

nc -vzu 192.168.0.1 25 1195

UDP tests will show opened, if no some kind of firewall blocking, the -z flag is given to scan only for remote listening daemons without sending any data to them.

4. Port Scanning TCP listening ports with Netcat

As prior said using netcat to scan for remote opened HTTP Web Server on port 80 an FTP on Port 23 or a Socks Proxy or MySQL Database on 3306 / PostgreSQL DB on TCP 5432 is very rare case scenario.

Below is example to scan a Local network situated IP for TCP open ports from port 1 till 7000.

# nc -v -n -z -w 5 192.168.1.2 1-7000

           nc: connect to host.example.com 80 (tcp) failed: Connection refused
           nc: connect to host.example.com 20 (tcp) failed: Connection refused
           Connection to host.example.com port [tcp/ssh] succeeded!
           nc: connect to host.example.com 23 (tcp) failed: Connection refused

Be informed that scanning with netcat is much more slower, than nmap, so specifying smaller range of ports is always a good idea to reduce annoying waiting …

The -w flag is used to set a timeout to remote connection, usually on a local network situated machines the timeout could be low -w 1 but for machines across different Data Centers (let say one in Berlin and one in Seattle), use as a minimum -w 5.

If you expect remote service to be responsive (as it should always be), it is a nice idea to use netcat with a low timeout (-w) value of 1 below is example:

netcat -v -z -n -w 1 scanned-hosts 1-1023

5. Port scanning range of IP addresses with netcat

If you have used Nmap you know scanning for a network range is as simple as running something like nmap -sP -P0 192.168.0.* (to scan from IP range 1-255 map -sP -P0 192.168.0.1-150 (to scan from local IPs ending in 1-150) or giving the network mask of the scanned network, e.g. nmap -sF 192.168.0.1/24 – for more examples please check my previous article Checking port security on Linux with nmap (examples).

But what if nmap is not there and want to check a bunch 10 Splunk servers (software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.), with netcat to find, whether the default Splunk connection port 9997 is opened or not:

for i in `seq 1 10`; do nc -z -w 5 -vv splunk0$i.server-domain.com 9997; done

6. Checking whether UDP port traffic is allowed to destination server

Assuring you have access on Source traffic (service) Host A and Host B (remote destination server where a daemon will be set-upped to listen on UDP port and no firewall in the middle Network router or no traffic control and filtering software HUB is preventing the sent UDP proto traffic, lets say an ntpd will be running on its standard 123 port there is done so:

– On host B (the remote machine which will be running ntpd and should be listening on port 123), run netcat to listen for connections

# nc -l -u -p 123
Listening on [0.0.0.0] (family 2, port 123)

Make sure there is no ntpd service actively running on the server, if so stop it with /etc/init.d/ntpd stop
and run above command. The command should run as superuser as UDP port 123 is from the so called low ports from 1-1024 and binding services on such requires root privileges.

– On Host A (UDP traffic send host

nc -uv remote-server-host 123

If the remote port is not reachable due to some kind of network filtering, you will get "connection refused".
An important note to make is on some newer Linux distributions netcat might be silently trying to connect by default using IPV6, bringing false positives of filtered ports due to that. Thus it is generally a good idea, to make sure you're connecting to IPV6

$ nc -uv -4 remote-server-host 123

Another note to make here is netcat's UDP connection takes 2-3 seconds, so make sure you wait at least 4-8 seconds for a very distant located hosts that are accessed over a multitude of routers.

7. Checking whether TCP port traffic allowed to DST remote server

To listen for TCP connections on a specified location (external Internet IP or hostname), it is analogous to listening for UDP connections.

Here is for example how to bind and listen for TCP connections on all available Interface IPs (localhost, eth0, eth1, eth2 etc.)

nc -lv 0.0.0.0 12345

Then on client host test the connection with

nc -vv 192.168.0.103 12345
Connection to 192.168.0.103 12345 port [tcp/*] succeeded!

8. Proxying traffic with netcat

Another famous hackers use of Netcat is its proxying possibility, to proxy anything towards a third party application with UNIX so any content returned be printed out on the listening nc spawned daemon like process.
For example one application is traffic SMTP (Mail traffic) with netcat, below is example of how to proxy traffic from Host B -> Host C (in that case the yandex current mail server mx.yandex.ru)

linux-srv:~# nc -l 12543 | nc mx.yandex.ru 25

Now go to Host A or any host that has TCP/IP protocol access to port 12543 on proxy-host Host B (linux-srv) and connect to it on 12543 with another netcat or telnet.

to make netcat keep connecting to yandex.ru MX (Mail Exchange) server you can run it in a small never ending bash shell while loop, like so:

linux-srv:~# while :; do nc -l 12543 | nc mx.yandex.ru 25; done

Below are screenshots of a connection handshake between Host B (linux-srv) proxy host and Host A (the end client connecting) and Host C (mx.yandex.ru).

host-B-running-as-a-proxy-daemon-towards-Host-C-yandex-mail-exchange-server

Host B netcat as a (Proxy)

Host-A-Linux-client-connection-handshake-to-proxy-server-with-netcat
that is possible in combination of UNIX and named pipes (for more on Named pipes check my previous article simple linux logging with named pipes), here is how to run a single netcat version to proxy any traffic in a similar way as the good old tinyproxy.

On Proxy host create the pipe and pass the incoming traffic towards google.com and write back any output received back in the named pipe.

# mkfifo backpipe
# nc -l 8080 0<backpipe | nc www.google.com 80 1>backpipe

Other useful netcat proxy set-up is to simulate a network connectivity failures.

For instance, if server:port on TCP 1080 is the normal host application would connect to, you can to set up a forward proxy from port 2080 with

nc -L server:1080 2080

then set-up and run the application to connect to localhost:2080 (nc proxy port)

/path/to/application_bin –server=localhost –port=2080

Now application is connected to localhost:2080, which is forwarded to server:1080 through netcat. To simulate a network connectivity failure, just kill the netcat proxy and check the logs of application_bin.

Using netcat as a bind shell (make any local program / process listen and deliver via nc)

netcat can be used to make any local program that can receive input and send output to a server, this use is perhaps little known by the junior sysadmin, but a favourite use of l337 h4x0rs who use it to spawn shells on remote servers or to make connect back shell. The option to do so is -e

-e – option spawns the executable with its input and output redirected via network socket.

One of the most famous use of binding a local OS program to listen and receive / send content is by
making netcat as a bind server for local /bin/bash shell.

Here is how

nc -l -p 4321 -e /bin/sh

If necessery specify the bind hostname after -l. Then from any client connect to 4321 (and if it is opened) you will gain a shell with the user with which above netcat command was run. Note that many modern distribution versions such as Debian / Fedora / SuSE Linux's netcat binary is compiled without the -e option (this works only when compiled with -DGAPING_SECURITY_HOLE), removal in this distros is because option is potentially opening a security hole on the system.

If you're interested further on few of the methods how modern hackers bind new backdoor shell or connect back shell, check out Spawning real tty shells article.

For more complex things you might want to check also socat (SOcket CAT) – multipurpose relay for bidirectional data transfer under Linux.
socat is a great Linux Linux / UNIX TCP port forwarder tool similar holding the same spirit and functionality of netcat plus many, many more.

On some of the many other UNIX operating systems that are lacking netcat or nc / netcat commands can't be invoked a similar utilitiesthat should be checked for and used instead are:

ncat, pnetcat, socat, sock, socket, sbd

To use nmap's ncat to spawn a shell for example that allows up to 3 connections and listens for connects only from 192.168.0.0/24 network on port 8081:

ncat –exec "/bin/bash" –max-conns 3 –allow 192.168.0.0/24 -l 8081 –keep-open

9. Copying files over network with netcat

Another good hack often used by hackers to copy files between 2 servers Server1 and Server2 who doesn't have any kind of FTP / SCP / SFTP / SSH / SVN / GIT or any kind of Web copy support service – i.e. servers only used as a Database systems that are behind a paranoid sysadmin firewall is copying files between two servers with netcat.

On Server2 (the Machine on which you want to store the file)

nc -lp 2323 > files-archive-to-copy.tar.gz

On server1 (the Machine from where file is copied) run:

nc -w 5 server2.example.com 2323 < files-archive-to-copy.tar.gz

Note that the downside of such transfers with netcat is data transferred is unencrypted so any one with even a simple network sniffer or packet analyzier such as iptraf or tcpdump could capture the file, so make sure the file doesn't contain sensitive data such as passwords.

Copying partition images like that is perhaps best way to get disk images from a big server onto a NAS (when you can't plug the NAS into the server).

10. Copying piped archived directory files with netcat

On computer A:

export ARIBTRARY_PORT=3232
nc -l $ARBITRARY_PORT | tar vzxf –

On Computer B:

tar vzcf – files_or_directories | nc computer_a $ARBITRARY_PORT

11. Creating a one page webserver with netcat and ncat

As netcat could listen to port and print content of a file, it can be set-up with a bit of bash shell scripting to serve
as a one page webserver, or even combined with some perl scripting and bash to create a multi-serve page webserver if needed.

To make netact serve a page to any connected client run in a screen / tmux session following code:

while true; do nc -l -p 80 -q 1 < somepage.html; done

Another interesting fun example if you have installed ncat (is a small web server that connects current time on server on connect).

ncat -lkp 8080 –sh-exec 'echo -ne "HTTP/1.0 200 OK\r\n\r\nThe date is "; date;'

12. Cloning Hard disk partitions with netcat

rsync is a common tool used to clone hard disk partitions over network. However if rsync is not installed on a server and netcat is there you can use it instead, lets say we want to clone /dev/sdb
from Server1 to Server2 assuming (Server1 has a configured working Local or Internet connection).

On Server2 run:

nc -l -p 4321 | dd of=/dev/sdb

Following on Server2 to start the Partition / HDD cloning process run

dd if=/dev/sdb | nc 192.168.0.88 4321

Where 192.168.0.88 is the IP address listen configured on Server2 (in case you don't know it, check the listening IP to access with /sbin/ifconfig).

Next you have to wait for some short or long time depending on the partiiton or Hard drive, number of files / directories and allocated disk / partition size.

To clone /dev/sda (a main partiiton) from Server1 to Server2 first requirement is that it is not mounted, thus to have it unmounted on a system assuming you have physical access to the host, you can boot some LiveCD Linux distribution such as Knoppix Live CD on Server1, manually set-up networking with ifconfig or grab an IP via DHCP from the central DHCP server and repeat above example.

Happy netcating 🙂

Tags: access, addresses, after, ALL, ALLOW, allowed, allows, checking, command, destination, due, firewall, linux windows, network, nmap, Scanning, script kiddie, security policies, tool, unix
Posted in Linux, Linux and FreeBSD Desktop, Networking | 1 Comment »

Howto Configure Linux shell Prompt / Setup custom Terminal show Prompt using default shell variables PS1, PS2, PS3, PS4

Tuesday, August 27th, 2019

System Console, Command Operation Console or Terminal is a Physical device for text (command) input from keyboard, getting the command output and monitoring the status of a shell or programs I/O operations generated traditionally with attached screen. With the development of Computers, physical consoles has become emulated and the input output is translated on the monitor usually via a data transfer protocol historically mostly over TCP/IP connection to remote IP with telnet or rsh, but due to security limitations Consoles are now accessed over data (encrypted) network protocols with SHA2 / MD5 cryptography algorithm enabled such as over SSH (Secure Shell) network protocol..
The ancestors of physical consoles which in the past were just a Terminal (Monitoring / Monitor device attached to a MainFrame system computer).

Mainframe-physical-terminal-monitor-Old-Computer

What is Physical Console
A classical TTY (TeleTYpewriter) device looked like so and served the purpose of being just a communication and display deivce, whether in reality the actual computing and storage tape devices were in a separate room and communicating to Terminal.

mainframe-super-computer-computing-tape-machine
TTYs are still present in modern UNIX like GNU / Linux distrubions OSes and the BSD berkley 4.4 code based FreeBSD / NetBSD / OpenBSD if you have installed the OS on a physical computer in FreeBSD and Solaris / SunOS there is also tty command. TTY utility in *nix writes the name of the terminal attached to standard input to standard output, in Linux there is a GNU remake of same program part called GNU tty of coreutils package (try man tty) for more.

The physical console is recognizable in Linux as it is indicated with other tree letters pts – (pseudo terminal device) standing for a terminal device which is emulated by an other program (example: xterm, screen, or ssh are such programs). A pts is the slave part of a pts is pseudo there is no separate binary program for it but it is dynamically allocated in memory.
PTS is also called Line consle in Cisco Switches / Router devices, VTY is the physical Serial Console connected on your Cisco device and the network connection emulation to network device is creates with a virtual console session VTL (Virtual Terminal Line). In freebsd the actual /dev/pts* /dev/tty* temporary devices on the OS are slightly different and have naming such as /dev/ttys001.
But the existence of tty and pts emulator is not enough for communicating interrupts to Kernel and UserLand binaries of the Linux / BSD OS, thus to send the commands on top of it is running a System Shell as CSH / TSH / TCSH or BASH which is usually the first program set to run after user logs in over ptty or pseudo tty virtual terminal.

linux-tty-terminal-explained-brief-intro-to-linux-device-drivers-20-638

Setting the Bash Prompt in Terminal / Console on GNU / Linux

Bash has system environments to control multiple of variables, which are usually visible with env command, one important variable to change in the past was for example USER / USERNAME which was red by IRC Chat clients such as BitchX / irssi and could be displayed publicly so if not changed to a separate value, one could have known your Linux login username by simple /whois query to the Nickname in question (if no inetd / xinetd service was running on the Linux box and usually inetd was not running).

Below is my custom set USER / USERNAME to separate

hipo@pcfreak:~$ env|grep USER
USERNAME=Attitude
USER=Attitude

There is plenty of variables to tune email such as MAIL store directory, terminal used TERM, EDITOR etc. but there are some
variables that are not visible with env query as they're not globally available for all users but just for the single user, to show this ones you need to use declare command instead, to get a full list of All Single and System Wide defined variables and functions type declare in the bash shell, for readability, below is last 10 returned results:

hipo@pcfreak:~$ declare | tail -10
{
    local quoted=${1//\'/\'\\\'\'};
    printf "'%s'" "$quoted"
}
quote_readline ()
{
    local quoted;
    _quote_readline_by_ref "$1" ret;
    printf %s "$ret"
}

PS1 is present there virtually on any modern Linux distribution and is installed through user home's directory $HOME/.bashrc , ~/.profile or .bash_profile or System Wide globally for all existing users in /etc/passwd (password database file) from /etc/bash.bashrc
In Debian / Ubuntu / Mint GNU / Linux this system variable is set in user home's .bashrc but in Fedora / RHEL Linux distro,
PS1 is configured from /home/username/.bash_profile to find out where PS1 is located for ur user:

cd ~
grep -Rli PS1 .bash*

Here is one more example:

hipo@pcfreak:~$ declare|grep -i PS1|head -1
PS1='\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '

hipo@pcfreak:~$ grep PS1 /etc/bash.bashrc
[ -z “$PS1” ] && return
# but only if not SUDOing and have SUDO_PS1 set; then assume smart user.
if ! [ -n “${SUDO_USER}” -a -n “${SUDO_PS1}” ]; then
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '

Getting current logged in user shell configured PS1 variable can be done with echo:

hipo@pcfreak:~$ echo $PS1
\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$

So lets observe a little bit the meaning of this obscure line of (code) instructions code which are understood by BASH when being red from PS1 var to do so, I'll give a list of meaning of main understood commands, each of which is defined with \.

The ${debian_chroot} shell variable is defined from /etc/bash.bashrc

Easiest way to change PS1 is to export the string you like with the arguments like so:

root@linux:/home/hipo# export PS1='My-Custom_Server-Name# '
My-Custom_Server-Name# echo $PS1
My-Custom_Server-Name#

\a : an ASCII bell character (07)
\d : the date in “Weekday Month Date” format (e.g., “Tue May 26”)
\D{format} : the format is passed to strftime(3) and the result is inserted into the prompt string; an empty format results in a locale-specific time representation. The braces are required
\e : an ASCII escape character (033)
\h : the hostname up to the first ‘.’
\H : the hostname
\j : the number of jobs currently managed by the shell
\l : the basename of the shell's terminal device name
\n : newline
\r : carriage return
\s : the name of the shell, the basename of $0 (the portion following the final slash)
\t : the current time in 24-hour HH:MM:SS format
\T : the current time in 12-hour HH:MM:SS format
\@ : the current time in 12-hour am/pm format
\A : the current time in 24-hour HH:MM format
\u : the username of the current user
\v : the version of bash (e.g., 2.00)
\V : the release of bash, version + patch level (e.g., 2.00.0)
\w : the current working directory, with $HOME abbreviated with a tilde
\W : the basename of the current working directory, with $HOME abbreviated with a tilde
\! : the history number of this command
\# : the command number of this command
\$ : if the effective UID is 0, a #, otherwise a $
\nnn : the character corresponding to the octal number nnn
\\ : a backslash
\[ : begin a sequence of non-printing characters, which could be used to embed a terminal control sequence into the prompt
\] : end a sequence of non-printing characters

The default's PS1 set prompt on Debian Linux is:

echo $PS1
\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$

As you can see \u (print username) \h (print hostname) and \W (basename of current working dir) or \w (print $HOME/current working dir)
are the most essential, the rest are bell character, escape character etc.

A very good way to make your life easier and learn the abbreviations / generate exactly the PS1 PROMPT you want to have is with Easy Bash PS1 Generator Web Utility
with which you can just click over buttons that are capable to produce all of the PS1 codes.

1. How to show current hour:minute:seconds / print full date in Prompt Shell (PS)

Here is an example with setting the Bash Shell prompt to include also the current time in format hour:minute:seconds (very useful if you're executing commands on a critical servers and you run commands in some kind of virtual terminal like screen or tmux.

root@pcfreak:~# PS1="\n\t \u@\h:\w# "
14:03:51 root@pcfreak:/home#

PS1-how-to-setup-date-time-hour-minutes-and-seconds-in-bash-shell-prompt

export PS1='\u@\H \D{%Y-%m-%d %H:%M;%S%z}] \W ] \$ '

Make superuser appear in RED color (adding PS1 prompt custom color for a User)

root@pcfreak:~$ PS1="\\[$(tput setaf 1)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"

how-to-change-colors-in-bash-prompt-shell-on-linux-shell-environment

In above example the Shell Prompt Color changed is changed for administrator (root) to shebang symbol # in red, green, yellow and blue for the sake to show you how it is done, however this example can be adapted for any user on the system. Setting different coloring for users is very handy if you have to administer Mail Server service like Qmail or other Application that consists of multiple small ones of multiple daemons such as qmail + vpopmail + clamd + mysql etc. Under such circumstances, coloring each of the users in different color like in the example for debugging is very useful.

Coloring the PS1 system prompt on Linux to different color has been a standard practice in Linux Server environments running Redhat Enterprise Linux (RHEL) and SuSE Enterprise Linux and some Desktop distributions such as Mint Linux.

To make The Root prompt Red colored only for system super user (root) on any Linux distribution
, add the following to /etc/bashrc, e.g.

vim /etc/bashrc

# If id command returns zero, you've root access.
if [ $(id -u) -eq 0 ];
then # you are root, set red colour prompt
PS1="\\[$(tput setaf 1)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"
else # normal
PS1="[\\u@\\h:\\w] $"
fi

2. How to make the prompt of a System user appear Green

Add to ~/.bashrc following line

PS1="\\[$(tput setaf 2)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"

3. Print New line, username@hostname, base PTY, shell level, history (number), newline and full working directory $PWD

export PS1='\n[\u@\h \l:$SHLVL:\!]\n$PWD\$ '

4. Showing the numbert of jobs the shell is currently managing.

This is useful if you run and switch with fg / bg (foreground / background) commands
to switch between jobs and forget some old job.

export PS1='\u@\H \D{%Y-%m-%d %H:%M;%S%z}] \W \$]'

Multi Lines Prompt / Make very colorful Shell prompt full of stats info

PS1="\n\[\033[35m\]\$(/bin/date)\n\[\033[32m\]\w\n\[\033[1;31m\]\u@\h: \[\033[1;34m\]\$(/usr/bin/tty | /bin/sed -e ‘s:/dev/::’): \[\033[1;36m\]\$(/bin/ls -1 | /usr/bin/wc -l | /bin/sed ‘s: ::g’) files \[\033[1;33m\]\$(/bin/ls -lah | /bin/grep -m 1 total | /bin/sed ‘s/total //’)b\[\033[0m\] -> \[\033[0m\]"

prompt-show-how-many-files-and-virtual-pts-ps1-linux

5. Set color change on command failure

If you have a broken command or the command ended with non zero output with some kind of bad nasty message and you want to make, that more appearing making it red heighlighted, here is how:

PROMPT_COMMAND='PS1="\[\033[0;33m\][\!]\`if [[ \$? = “0” ]]; then echo “\\[\\033[32m\\]”; else echo “\\[\\033[31m\\]”; fi\`[\u.\h: \`if [[ `pwd|wc -c|tr -d ” “` > 18 ]]; then echo “\\W”; else echo “\\w”; fi\`]\$\[\033[0m\] “; echo -ne “\033]0;`hostname -s`:`pwd`\007"'

6. Other beautiful PS1 Color Prompts with statistics

PS1="\n\[\e[32;1m\](\[\e[37;1m\]\u\[\e[32;1m\])-(\[\e[37;1m\]jobs:\j\[\e[32;1m\])-(\[\e[37;1m\]\w\[\e[32;1m\])\n(\[\[\e[37;1m\]! \!\[\e[32;1m\])-> \[\e[0m\]"

another-very-beuatiful-bash-colorful-prompt

7. Add Muliple Colors to Same Shell prompt

function prompt { local BLUE="\[\033[0;34m\]” local DARK_BLUE=”\[\033[1;34m\]” local RED=”\[\033[0;31m\]” local DARK_RED=”\[\033[1;31m\]” local NO_COLOR=”\[\033[0m\]” case $TERM in xterm*|rxvt*) TITLEBAR=’\[\033]0;\u@\h:\w\007\]’ ;; *) TITLEBAR=”” ;; esac PS1=”\u@\h [\t]> ” PS1=”${TITLEBAR}\ $BLUE\u@\h $RED[\t]>$NO_COLOR " PS2='continue-> ' PS4='$0.$LINENO+ ' }

colorful-prompt-blue-and-red-linux-console-PS1

8. Setting / Change Shell background Color

export PS1="\[$(tput bold)$(tput setb 4)$(tput setaf 7)\]\u@\h:\w $ \[$(tput sgr0)\]"

tput Color Capabilities:

tput setab [1-7] – Set a background color using ANSI escape
tput setb [1-7] – Set a background color
tput setaf [1-7] – Set a foreground color using ANSI escape
tput setf [1-7] – Set a foreground color

tput Text Mode Capabilities:

tput bold – Set bold mode
tput dim – turn on half-bright mode
tput smul – begin underline mode
tput rmul – exit underline mode
tput rev – Turn on reverse mode
tput smso – Enter standout mode (bold on rxvt)
tput rmso – Exit standout mode
tput sgr0 – Turn off all attributes

Color Code for tput:

0 – Black
1 – Red
2 – Green
3 – Yellow
4 – Blue
5 – Magenta
6 – Cyan
7 – White

9. Howto Use bash shell function inside PS1 variable

If you administrate Apache or other HTTPD servers or any other server whose processes are forked and do raise drastically at times to keep an eye while actively working on the server.

function httpdcount { ps aux | grep apache2 | grep -v grep | wc -l } export PS1="\u@\h [`httpdcount`]> "

10. PS2, PS3, PS4 little known variables

I'll not get much into detail to PS2, PS3, PS4 but will mention them as perhaps many people are not even aware they exist.
They're rarely used in the daily system administrator's work but useful for Shell scripting purposes of Dev Ops and Shell Scripting Guru Programmers.

PS2 – Continuation interactive prompt

A very long unix command can be broken down to multiple line by giving \ at the end of the line. The default interactive prompt for a multi-line command is “> “. Let us change this default behavior to display “continue->” by using PS2 environment variable as shown below.

hipo@db-host :~$ myisamchk –silent –force –fast –update-state \
> –key_buffer_size=512M –sort_buffer_size=512M \
> –read_buffer_size=4M –write_buffer_size=4M \
> /var/lib/mysql/bugs/*.MYI
[Note: This uses the default “>” for continuation prompt]

PS3 – Prompt used by “select” inside shell script (usefulif you write scripts with user prompts)
PS4 – Used by “set -x” to prefix tracing output
The PS4 shell variable defines the prompt that gets displayed.

You can find example with script demonstrating PS2, PS3, PS4 use via small shell scripts in thegeekstuff's article Take control of PS1, PS2, PS3, PS4 read it here

Summary

In this article, I've shortly reviewed on what is a TTY, how it evolved into Pseudo TTY and how it relates to current shells which are the interface communicating with the modern UNIX like Operating systems's userland and kernel.
Also it was reviewed shortly how the current definitions of shell variables could be viewed with declare cmd. Also I went through on how to display the PS1 variable and on how to modify PS1 and make the prompt different statistics and monitoring parameters straight into the command shell. I've shown some common PS1 strings that report on current date hour, minute, seconds, modify the coloring of the bash prompt shell, show processes count, and some PS1 examples were given that combines beuatiful shell coloring as well as how the Prompt background color can be changed.
Finally was shown how a combination of commands can be executed by exporting to PS1 to update process counf of Apache on every shell prompt iteration.
Other shell goodies are mostly welcome

Tags: access, adding, administrate, administrator, after, algorithm, ALL, amp, bash shell, Below, command, current time, default shell, echo, email, home, How to, root linux, Virtual Terminal Line, VTL
Posted in Linux, Linux and FreeBSD Desktop | No Comments »

Helpful Hints For Starting A Small WordPress Website or Ecomerce Business

Wednesday, August 14th, 2019

Wordpress is the web application collection of PHP program behind thirty four percent (43%) of the internet’s websites, and fifteen percent (50%) of the top one hundred websites in the world, so if you’re considering it for your website then you’re perhaps thinking in the right direction. Small start-up projects a community website or even a small personal owned blog or mid to even large business presentation site can benefit greatly from setting up their Web Platrform or Ecommerce shops on a WordPress website platform (that of itself depends just on a small number of technologies such as a Linux server with a Web Server installed on it to serve PHP as well as some kind of Linux host installed Database backend engine such as MYSQL / PostgreSQL etc. …

But if you really want to create a successful ecommerce website on WordPress, that can seem a little intimidating at first as the general complexity to start up with WordPress looks very scary in the beginning. However in this article I’ll point to fewhelpful hints should get you off on the right foot, and make your entry into the world of Wodpress / WP Ecommerce a little easier and less scary.

This article is to be less technical than expected and in that will contrast slightly with many of the articles on this blog, the target audience is more of Web Marketing Manager or a Start-up Search Engine Optimization person at a small personal project or employed in the big bad corporate world.This is no something new that is going to be outlined in this article but a general rules that are known for the professional SEO Gurus but is most likely to be helpful for the starting persons.

If you happen to be one of these you should know you have to follow a set of well known rules on the website structure text, descriptions, text, orientation, ordering of menus and data etc. in order to have the WordPress based website running at full speed attracting more visitors to your site.

Photos

Importance of Photos on a Webiste
Although the text for your website is very important – more on that later – when a user first opens up your website in their browser, their eyes are going to be caught by the images that you have laid out on your website. Not using images is a big mistake, since it bores users’ eyes and makes your website seem amateur and basic, but using low quality images or irrelevant images can also harm your chances of appearing authentic to a user (yes here on this blog there are some of this low quality pictures but this is due to fact this website is more of information blog and not ecommerce. Thus at best case always make sure that you find the best, high-quality images for your website – make sure that you have the correct rights to use the images as well (as copyright infrignmenets) could cause you even a law suits ending in hundred or thousand dollar fines or even if this doesn't happen any publicity of such would reduce your website indexing rating. The images placed should always be relevant to your website. If you find a breath-taking sunset or tech-gadget picture, that’s great, but maybe not for your healthy food ecommerce store, but for your personal ranting or describing a personal experience.

Product Photos

Assuming that sooner or later even if you have a community website you will want to monerize it to bring back to yourself in material form at least part of the many years effort to bring the site to the web rank gained.
Leading on from that point, you’re going to be selling or advertise items – that’s the whole point of ecommerce. But users often find ads / online shopping frustrating due to not being able to properly see and understand what they’re buying before they make their purchase. This can lead to ‘buyer’s remorse’, and, consequently, refunds galore, which is not what you want. Make sure that images of your products are always available and of a high quality – investing in a fairly high quality camera might be a good idea – and consider many pictures for different angles or even rotating images so that the user can decide for themself which angle they want to look at.

Engaging Descriptions

“I can guarantee that you can’t remember the last five product descriptions you read – not even word-for-word, but the general ideas and vocabulary used will have been tossed into your short-term memory and forgotten in an instant. This is where your website can shine, and become better than ninety percent of those lingering on the internet,” Matthew Kelly, a project manager at WriteMyX and NextCoursework, suggests, “since putting effort into writing your product descriptions and making them lively and engaging will make your website memorable, and your subscribers will turn helpfully soon loyal customers will be more likely to come back time and time again and become repeat business, as well as mention you to their friends (social mounth to mouth marketing) and that way working as free advertising for you and making your website incredibly effective.”

Mobile-Friendly

Which device is most used to check email Laptop / PC or Mobile statistics as of year 2019

These days with the bloom of Mobile Devices that are currently overrunning the user of normal Desktop PCs, Laptops and Tablets and this trend is likely to stay and even increase, “If your website isn’t mobile-friendly in this day and age, then you won’t get anywhere with it.” Anne Baker, a marketer at BritStudent and Australia2Write, states. “Most people use their phones when they access websites, especially when they go shopping on the internet.

Statistics on user stay (secs / mins) stay on a website from Desktop PC and Mobile devices

On WordPress, this means finding a more recent theme – an older theme, maybe four-five years old, will probably not support mobile, and you just can’t afford to lose out on the mobile market.” In short, find yourself a mobile-friendly theme or install the right WordPress Pluguin that will enable you to have a Mobile Friendly theme in case if blog is accessed from a Mobile Dev or many of your customers will become frustrated with the badly formatted ‘mobile’ version of your website that they end up using, which might be for instance meant for a much larger screen. It can also ruin the atmosphere (experience) created at the accessed user site and have negative impact on your audience opion of your site or business. This is even more the case if your website or webapp is targetting to be modern and keeping with the times – or especially if it deals with IT and electronics (where the competition is huge)!

Registration

Registration Ecommerce website

Registration form (Sign Up) on a website and the overall business cycle idea behind web product or business is of critical importance as this is the point that will guarantee intimidation with the customer, failing to have the person be engaged will quickly make your website rank lower and your producs less wanted. The general rule here is to make your registration be an easy (to orientate for the user) and be present on a very visible place on the site.

Registration steps should be as less as possible as this might piss off the user and repel him out of the site before the registration is completed. Showing oportunity to register with a Pop-Up window (while the user clicks on a place showing interest for the produce might be useful in some cases but generally might also push the user back so if you decide to implement it do it with a lot of care (beware of too much aggressive marketing on our site).

An example

The registration process should be as intimidating as possible to leave joy in the user that might later return and log in to your site or ecommerce platform, e.g. be interested to stay for a longer time. The marketing tactic aiming to make the user stay for a longer time on the website (dragging his attention / interest to stuff) is nothing new by the way as it is well known marketing rule integrated in every supermarket you buy groceries, where all is made to keep you in the shop for as longer as possible. Research has shown that spending longer time within the supermarket makes the user buy more.

Returning customers can be intimidated with membership or a free gift (be it even virtual picture gift – free email whatever) or information store place could be given or if products are sold, registration will be obligatory to make them use their payment method or delivery address on next login to easify the buy out process. But if registration is convoluted and forced (e.g. user is somehow forced to become meber) then many customers will turn away and find another website for their shopping needs. Using a method like Quora’s ‘login to see more’ in that case might be a good idea even though for me this is also a very irritating and irritating – this method however should never be used if you run a ecommerce selling platform, on ecommerce site gatekeeping will only frustrate customers. Login is good to be implmeneted as a popup option (and not taking too much of the screen). Sign up and Login should be simplistic and self-explanatory – always not required but optioned and user should get the understanding of the advantage to be a member of the website if possible before the sign up procedure. Then, customers are more likely to sign up and won’t feel like they’ve been pushed into the decision – or pushed away, as the case may be.

Katrina Hatchett works as a lifestyle blogger at both Academic Brits and Assignment Help, due to a love of literature and writing, which she has had since youth. Throughout her career, she has become involved with many projects, such as writing for the PhD Kingdom blog.

Tags: access, Advantage, again, age, ALL, and, another, ANY, application, are, article, Database, linux?, little, personal, right, small, target audience, websites, Wordpress
Posted in Educational, Everyday Life, Marketing, Wordpress | No Comments »

Fix staled NFS on server with dmesg error log nfs: server nfs-server not responding, still trying

Saturday, March 16th, 2019

On a server today I've found to have found a number of NFS mounts mounted through /etc/fstab file definitions that were hanging;

nfs-server:~# df -hT
…

command kept hanging as well as any attempt to access the mounted NFS directory was not possible.
The server with the hanged Network File System is running SLES (SuSE Enterprise Linux 12 SP3) a short investigation in the kernel logs (dmesg) as well as /var/log/messages reveales following errors:

nfs-server:~# dmesg
[3117414.856995] nfs: server nfs-server OK
[3117595.104058] nfs: server nfs-server not responding, still trying
[3117625.032864] nfs: server nfs-server OK
[3117805.280036] nfs: server nfs-server not responding, still trying
[3117835.209110] nfs: server nfs-server OK
[3118015.456045] nfs: server nfs-server not responding, still trying
[3118045.384930] nfs: server nfs-server OK
[3118225.568029] nfs: server nfs-server not responding, still trying
[3118255.560536] nfs: server nfs-server OK
[3118435.808035] nfs: server nfs-server not responding, still trying
[3118465.736463] nfs: server nfs-server OK
[3118645.984057] nfs: server nfs-server not responding, still trying
[3118675.912595] nfs: server nfs-server OK
[3118886.098614] nfs: server nfs-server OK
[3119066.336035] nfs: server nfs-server not responding, still trying
[3119096.274493] nfs: server nfs-server OK
[3119276.512033] nfs: server nfs-server not responding, still trying
[3119306.440455] nfs: server nfs-server OK
[3119486.688029] nfs: server nfs-server not responding, still trying
[3119516.616622] nfs: server nfs-server OK
[3119696.864032] nfs: server nfs-server not responding, still trying
[3119726.792650] nfs: server nfs-server OK
[3119907.040037] nfs: server nfs-server not responding, still trying
[3119936.968691] nfs: server nfs-server OK
[3120117.216053] nfs: server nfs-server not responding, still trying
[3120147.144476] nfs: server nfs-server OK
[3120328.352037] nfs: server nfs-server not responding, still trying
[3120567.496808] nfs: server nfs-server OK
[3121370.592040] nfs: server nfs-server not responding, still trying
[3121400.520779] nfs: server nfs-server OK
[3121400.520866] nfs: server nfs-server OK

It took me a short while to investigate and check the NetApp remote NFS storage filesystem and investigate the Virtual Machine that is running on top of OpenXen Hypervisor system.
The NFS storage permissions of the exported file permissions were checked and they were in a good shape, also a reexport of the NFS mount share was re-exported and on the Linux
mount host the following commands ran to remount the hanged Filesystems:

nfs-server:~# umount -f /mnt/nfs_share
nfs-server:~# umount -l /mnt/nfs_share
nfs-server:~# umount -lf /mnt/nfs_share1
nfs-server:~# umount -lf /mnt/nfs_share2
nfs-server:~# mount -t nfs -o remount /mnt/nfs_share

that fixed one of the hanged mount, but as I didn't wanted to manually remount each of the NFS FS-es, I've remounted them all with:

nfs-server:~# mount -a -t nfs

This solved it but, the fix seemed unpermanent as in a time while the issue started reoccuring and I've spend some time
in further investigation on the weird NFS hanging problem has led me to the following blog post where the same problem was described and it was pointed the root cause of it lays
in parameter for MTU which seems to be quite high MTU 9000 and this over the years has prooven to cause problems with NFS especially due to network router (switches) configurations
which seem to have a filters for MTU and are passing only packets with low MTU levels and using rsize / wzise custom mount NFS values in /etc/fstab could lead to this strange NFS hangs.

Below is a list of Maximum Transmission Unit (MTU) for Media Transport excerpt taken from wikipedia as of time of writting this article.

In my further research on the issue I've come across this very interesting article which explains a lot on "Large Internet" and Internet Performance

I've used tracepath command which is doing basicly the same as traceroute but could be run without root user and discovers hops (network routers) and shows MTU between path -> destionation.

Below is a sample example

nfs-server:~# tracepath bergon.net
1?: [LOCALHOST] pmtu 1500
1: 192.168.6.1 0.909ms
1: 192.168.6.1 0.966ms
2: 192.168.222.1 0.859ms
3: 6.192.104.109.bergon.net 1.138ms reached
Resume: pmtu 1500 hops 3 back 3

Optiomal pmtu for this connection is to be 1500 .traceroute in some cases might return hops with 'no reply' if there is a router UDP packet filtering implemented on it.

The high MTU value for the Storage network connection interface on eth1 was evident with a simple:

nfs-server:~# /sbin/ifconfig |grep -i eth -A 2
eth0 Link encap:Ethernet HWaddr 00:16:3E:5C:65:74
inet addr:100.127.108.56 Bcast:100.127.109.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
—
eth1 Link encap:Ethernet HWaddr 00:16:3E:5C:65:76
inet addr:100.96.80.94 Bcast:100.96.83.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1

The fix was as simple to lower MTU value for eth1 Ethernet interface to 1500 which is the value which most network routers are configured too.

To apply the new MTU to the eth1 interface without restarting the SuSE SLES networking , I first used ifconfig one time with:

nfs-server:~# /sbin/ifconfig eth1 mtu 1500
nfs-server:~# ip addr show
…

To make the setting permanent on next SuSE boot:

I had to set the MTU=1500 value in

nfs-server:~#/etc/sysconfig/network/ifcfg-eth1
nfs-server:~# ip address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 8c:89:a5:f2:e8:d8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever

Then to remount the NFS mounted hanged filesystems once again ran:

nfs-server:~# mount -a -t nfs

Many network routers keeps the MTU to low as 1500 also because a higher values causes IP packet fragmentation when using NFS over UDP where IP packet fragmentation and packet
reassembly requires significant amount of CPU at both ends of the network connection.
Packet fragmentation also exposes network traffic to greater unreliability, since a complete RPC request must be retransmitted if a UDP packet fragment is dropped for any reason.
Any increase of RPC retransmissions, along with the possibility of increased timeouts, are the single worst impediment to performance for NFS over UDP.
This and many more is very well explained in Optimizing NFS Performance page (which is a must reading) for any sys admin that plans to use NFS frequently.

Even though lowering MTU (Maximum Transmission Union) value does solved my problem at some cases especially in a modern local LANs with Jumbo Frames, allowing and increasing the MTU to 9000 bytes
might be a good idea as this will increase the amount of packet size.and will raise network performance, however as always on distant networks with many router hops keeping MTU value as low as 1492 / 5000 is always a good idea.

Tags: access, addr, admin, again, ALL, amount, and, ANY, are, fix nfs error, howto fix nfs, linux?, mount nfs, MTU, mtu 1500, mtu 9000, Networking, nfs server, nfs stale, umount
Posted in Linux, Linux and FreeBSD Desktop, Networking, SuSE Linux, Various | No Comments »

Export / Import PuTTY Tunnels SSH Sessions from one to another Windows machine howto

Thursday, January 31st, 2019

As I've started on job position – Linux Architect in last November 2018 in Itelligence AG as a contractor (External Service) – a great German company who hires the best IT specialists out there and offers a flexible time schedules for emploees doing various very cool IT advanced operations and Strategic advancement of SAP's Cloud used Technology and Services improvements for SAP SE – SAP S4HANA and HEC (HANA Enterprise Cloud) and been given for work hardware a shiny Lenovo Thinkpad 500 Laptop with Windows 10 OS (SAP pre-installed), I needed to make some SSH Tunnels to machines to (Hop Station / Jump hosts) for that purpose, after some experimenting with MobaXterm Free (Personal Edition 11.0) and the presumable limitations of tunnels of the free client as well as my laziness to add the multiple ssh tunnels to different ssh / rdp / vnc etc. servers, finally I decided to just copy all the tunnels from a colleague who runs Putty and again use the good old Putty – old school Winblows SSH Terminal Client but just for creating the SSH tunnels and for rest use MobaXterm, just like in old times while still employe in Hewlett Packard. For that reason to copy the Tunnels from my dear German Colleague Henry Beck (A good herated collegue who works in field of Storage dealing with NetApps / filer Clusters QNap etc.).

Till that moment I had no idea how copying a saved SSH Tunnels definition is possible, I did a quick research just to find out this is done not with Putty Interface itself but, insetead through dumping Windows Putty Stored Registry records into a File, then transfer to the PC where Tunnels needs to be imported and then again (either double click the registry file) to load it, into registry or use Windows registry editor command line interface reg, here is how:

1. Export

Run cmd.exe (note below command)

requires elevated Run as Administrator prompt:

Only sessions:

regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

All settings:

regedit /e "%USERPROFILE%\Desktop\putty.reg" HKEY_CURRENT_USER\Software\SimonTatham

Powershell:

If you have powershell installed on machine, to dump

Only sessions:

reg export HKCU\Software\SimonTatham\PuTTY\Sessions ([Environment]::GetFolderPath("Desktop") + "\putty-sessions.reg")

All settings:

reg export HKCU\Software\SimonTatham ([Environment]::GetFolderPath("Desktop") + "\putty.reg")

2. Import

Double-click on the

*.reg

file and accept the import.

Alternative ways:

cmd.exe

, require elevated command prompt:

regedit /i putty-sessions.reg regedit /i putty.reg

PowerShell:

reg import putty-sessions.reg reg import putty.reg

Below are some things to consider:

Note !: do not replace

SimonTatham

with your username.

Note !: It will create a

reg

file on the Desktop of the current user (for a different location modify path)

Note !: It will not export your related (old system stored) SSH keys.

What to expect next?

The result is in Putty you will have the Tunnel sessions loadable when you launch (Portable or installed) Putty version.
Press Load button over the required saved Tunnels list and there you go under

Connection SSH -> Tunnels

you will see all the copied tunnels.

Enjoy!

Tags: administrator, after, again, ALL, alternative, and, another, are, Below, Button, Click, client, Cloud, clusters, cmd, colleague, collegue, command, command line interface, command prompt
Posted in System Administration, Windows | No Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘ALL’

The Athonite Monks in Holy Mount Athos serves an All Night Vigil prayer to God to stop Coronavirus COVID-19 epidemic

Windows 7 how to configure Separator delimiter Divider between Pinned and Running Opened programs on Taskbar Classic theme pane

Helpful Hints For Starting A Small WordPress Website or Ecomerce Business

Photos

Product Photos

Engaging Descriptions

Mobile-Friendly

Registration

An example

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites

April 2020
M	T	W	T	F	S	S
« Mar
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Posts Tagged ‘ALL’

1. Create rsyncuser on 1st machine and second machine

2. CREATE sync-commands file desired to be executed on logout from the system of the user into some file like /root/sync_check.sh

3. Edit root lougout-script /root/.bash_logout

1. Become superuser

2. Check the number of previous unsucessful logins for the account to confirm it is blocked

3. Reset unsucessful login counter

4. Unlock the locked account

5. Lock account

6. Check account lock / unlock state

7. How to reset failed login counter on RedHat / CentOS Linux

1. List all RPM installed packages by Size on CentOS / SuSE

2. List all installed RPM packages sorted by size on Fedora

3. List all installed DEB packages on Debian / Ubuntu / Mint etc. with dpkg / aptitude / apt-get and wajig

4. List installed packages order by size in Arch Linux

4. Debian Goodies

5. Checking where your space is gone in a Spacesniffer like GUI manner with Baobab

6. Use ncdu or duper perl script tool to generate directory disk usage in ASCII chart bar

Conclusion

1. Scanning for TCP opened / filtered ports remote Linux / Windows server

2. Performing a standard HTTP request with netcat

3. Scanning a range of opened / filtered UDP ports

4. Port Scanning TCP listening ports with Netcat

5. Port scanning range of IP addresses with netcat

6. Checking whether UDP port traffic is allowed to destination server

7. Checking whether TCP port traffic allowed to DST remote server

8. Proxying traffic with netcat

Using netcat as a bind shell (make any local program / process listen and deliver via nc)

9. Copying files over network with netcat

10. Copying piped archived directory files with netcat

11. Creating a one page webserver with netcat and ncat

12. Cloning Hard disk partitions with netcat

Setting the Bash Prompt in Terminal / Console on GNU / Linux

1. How to show current hour:minute:seconds / print full date in Prompt Shell (PS)

2. How to make the prompt of a System user appear Green

3. Print New line, username@hostname, base PTY, shell level, history (number), newline and full working directory $PWD

4. Showing the numbert of jobs the shell is currently managing.

5. Set color change on command failure

6. Other beautiful PS1 Color Prompts with statistics

7. Add Muliple Colors to Same Shell prompt

8. Setting / Change Shell background Color

9. Howto Use bash shell function inside PS1 variable

10. PS2, PS3, PS4 little known variables

Summary

Photos

Product Photos

Engaging Descriptions

Mobile-Friendly

Registration

An example

1. Export

Powershell:

2. Import

Alternative ways:

PowerShell:

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Tags

Top Post Views

blogtopsites

2. CREATE sync-commands file desired to be executed on logout from the system of the user into
some file like /root/sync_check.sh