Linux
recover files with linux tools
by Emre Tugriceri on Jul.16, 2015, under Forensic, Linux, Recovery
dd
https://en.wikipedia.org/wiki/Dd_%28Unix%29
dd_rescue
http://www.garloff.de/kurt/linux/ddrescue/
PhotoRec
http://www.cgsecurity.org/wiki/PhotoRec
Foremost
http://foremost.sourceforge.net/
MagicRescue
http://www.itu.dk/people/jobr/magicrescue/
RecoverJpeg
http://www.rfc1149.net/devel/recoverjpeg.html
StrongSwan and Android configs
by Emre Tugriceri on Apr.27, 2013, under Linux, Security, StrongSwan
root@six #cat ipsec.conf
conn tugriceri.com
leftsubnet=0.0.0.0/0
left=209.208.63.204
leftcert=/cert/strongswan.pem
leftauth=pubkey
leftsendcert=yes
leftid=six.tugriceri.com
right=%any
rightid=%any
rightsourceip=10.0.5.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
root@six #cat ipsec.secrets
# strongSwan IPsec secrets file
: RSA /cert/strongswan.key
six.tugriceri.com : RSA /cert/strongswan.key
testuser : EAP "secretpass"
root@six #cat openssl-req.cfg
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[ v3_req ]
# Extensions to add to a certificate request
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = "DNS:six.tugriceri.com,DNS:www.tugriceri.com,IP:209.208.63.204,DNS:tugriceri.com"
#subjectAltName = @alt_names
[alt_names]
DNS.1 = six.tugriceri.com
DNS.2 = www.tugriceri.com
[ req_distinguished_name ]
CN = six.tugriceri.com
GN = six.tugriceri.com
OU = Tugriceri.com
O = Tugriceri.com
L = Istanbul
ST = Istanbul
C = TR
emailAddress = root@tugriceri.com
subjectAltName = six.tugriceri.com
subjectAltName is importend point of configuration. Your certificate must be have this.
root@six #cat certyarat.sh
rm -f strongswan.req
rm -f strongswan.pem
openssl req -new -out strongswan.req -key strongswan.key -config openssl-req.cfg
openssl ca -batch -notext -in strongswan.req -out strongswan.pem -config ca.conf
root@six #cat showcert
openssl x509 -in strongswan.pem -text -noout
Command Output :
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:six.tugriceri.com, DNS:www.tugriceri.com, IP Address:209.208.63.204, DNS:tugriceri.com
root@six #cat ca.conf
[ ca ]
default_ca = tugricerica
[ tugricerica ]
copy_extensions = copy
#Removed lines
copy_extension must be in your ca.conf
libgcc_s.so.1 must be installed for pthread_cancel to work
by Emre Tugriceri on Jul.30, 2012, under HTTP
If you are trying to use the chroot feature with a multithreaded Apache installation you may get the folllowing message “libgcc_s.so.1 must be installed for pthread_cancel to
work”. Add LoadFile /lib/libgcc_s.so.1
to your Apache configuration to fix this problem.

SELinux FTP Home dir write permission
by Emre Tugriceri on Oct.07, 2011, under Linux, Security, SELinux
Connected to 127.0.0.1.
220 (vsFTPd 2.2.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): test1
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/test1
Login failed.
ftp> quit
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> off
[root@legion mnt]# setsebool -P ftp_home_dir 1
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> on

tacacs+ compile error
by Emre Tugriceri on Oct.04, 2011, under Linux
if you are getting this error when compiling tacacs+ , you should compile with –enable-maxsess option.
gcc -DHAVE_CONFIG_H -I. -I/usr/local/include -g -O2 -pthread -MT maxsessint.o -MD -MP -MF .deps/maxsessint.Tpo -c -o maxsessint.o maxsessint.c
maxsessint.c: In function ‘maxsess_check_count’:
maxsessint.c:60: error: ‘S_maxsess’ undeclared (first use in this function)
maxsessint.c:60: error: (Each undeclared identifier is reported only once
maxsessint.c:60: error: for each function it appears in.)
gmake[1]: *** [maxsessint.o] Error 1
gmake[1]: Leaving directory `/usr/local/tacacs+-F5.0.0a1′
make: *** [all] Error 2
./configure –sysconfdir=/etc –enable-maxsess

ZFS deduplication test on Fedora 15 Linux
by Emre Tugriceri on Jun.18, 2011, under Linux, ZFS
I recently tested ZFS deduplication test on Fedora 15 Linux.
This is my test script. I tested only text file. For final report, other file format tests is unnecessary.
[root@etugriceri fast]# du -ch 0/textfile
6.5K 0/textfile
6.5K total
[root@etugriceri fast]# zpool list dimmpool
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
dimmpool 294M 262M 31.8M 89% 1.89x ONLINE
[root@etugriceri fast]# cat ded.sh
a=”1″
while [ $a -lt “1000” ];
do
mkdir $a
let b=$a-1
cp $b/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
let a=$a+1
done
#####
[root@etugriceri fast]# zpool list dimmpool
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
dimmpool 294M 132M 162M 45% 1.00x ONLINE –
[root@etugriceri fast]# cat ded.sh
a=”1″
while [ $a -lt “10000” ];
do
mkdir $a
let b=$a-1
cp 0/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
cat 0/textfile >> $a/textfile
let a=$a+1
done

Deny user for remote login
by Emre Tugriceri on Jun.06, 2011, under Linux, Security
sudo vi /etc/security/access.conf
-:root:ALL EXCEPT LOCAL

Yum Proxy settings
by Emre Tugriceri on Mar.26, 2011, under Linux, Yum
[root@localhost ~]# vi /etc/yum.conf
- proxy=http://10.129.0.23:8080
- http_proxy=http://10.129.0.23:8080
[root@localhost ~]# declare -x ftp_proxy=”http://10.129.0.23:8080″
[root@localhost ~]# declare -x http_proxy=”10.129.0.23:8080″

Corrupted RPM database
by Emre Tugriceri on Feb.26, 2011, under Linux
1019 rm -f /var/lib/rpm/__db*
1020 rpm -vv –rebuilddb

Hide Apache version
by Emre Tugriceri on Jan.21, 2011, under HTTP, Linux
vi httpd.conf
ServerSignature Off
ServerTokens Prod
apachectl restart

LVM Create
by Emre Tugriceri on Jan.21, 2011, under Linux, LVM
1031 dmsetup ls –tree
1040 dmsetup remove /dev/dm-11 (silinen partition ın dmden kalkmaması sebebi ile)
1041 fdisk -l
1044 pvcreate /dev/mapper/mpath11
1045 pvdisplay
1046 vgcreate VolGroupBackup /dev/mapper/mpath11
1047 pvdisplay
1048 vgdisplay
1049 lvcreate -L 699.99G VolGroupBackup lvBackup
1050 lvcreate -L 699.99G VolGroupBackup -n lvBackup
1051 lvdisplay
1052 ls /dev/VolGroupBackup/lvBackup
1053 ls /dev/mapper/
1054 mkfs.ext3 /dev/mapper/VolGroupBackup-lvBackup
1058 mount
1059 mount /dev/mapper/VolGroupBackup-lvBackup /mnt/backup/

Find WWN’s of HBA
by Emre Tugriceri on Dec.24, 2010, under Linux
systool -av -c fc_host

Mysql Connection limit
by Emre Tugriceri on Oct.04, 2010, under Mysql
SET GLOBAL max_connections = 200;

Text file download from apache
by Emre Tugriceri on Sep.02, 2010, under HTTP
<Files *.txt>
ForceType application/octet-stream
Header set Content-Disposition attachment
</Files>

Multipath – Volume Groups
by Emre Tugriceri on Jul.26, 2010, under Linux
Multipath in SAN den diskleri hatalı gormesi sebebi ile volume gruplarda problem oluyor. Diskleri düzgün görmesi için config i flush layıp tekrardan dm leri oluşturmalı ve volume groupları tekrar enable etmeliyiz.
/sbin/multipath -F
/sbin/multipath
/sbin/vgchange -a y
mount /dev/vg0/lvol0 /mnt/data

Directory sync with rsync over ssh
by Emre Tugriceri on May.29, 2009, under Linux, Shell
<a name="linuxsvrhack-CHP-3-SECT-2">root@emre:~# <b class="emphasis-bold">rsync -ave ssh server:/opt/dir /opt</b></a>
Transponder Lists for Kaffeine
by Emre Tugriceri on May.20, 2009, under DVB, Linux, Shell
There is a link that include transponder lists.
http://www.fastsatfinder.com/transponders.html
This script will convert fastsatfinder’s transponder lists to kaffeine format.
I used 0130.ini file for Hotbird.
cat 0130.ini | awk -F “=” ‘{print $2}’ > out
for aa in `cat out`
do
echo $aa |sed ‘s/,34/,3\/4/; s/,56/,5\/6/; s/,23/,2\/3/’ | awk -F “,” ‘{print “S”” “$1″000 “$2” “$3″000 “$4″”}’ >> Hotbird-13.0E
done

Nec firmware update under linux
by Emre Tugriceri on Apr.25, 2009, under Hardware, Linux
Nec firmware update under linux
Please download necflash utility from http://binflash.cdfreaks.com/
[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com
List of supported devices:
Device : /dev/sg3
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.11
Device : /dev/scd0
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.11
This is our dvdrom info.
We should get a backup our current firmware with this command. sg3 is our device.
./necflash -dump Optiarc-AD-5170A-1.11.bin /dev/sg3
Following links have Liggy’s and Dee’s modified firmwares. I want to use it. You can easly find original firmware.
http://liggydee.cdfreaks.com/page/en/Optiarc-AD-5170A/
[root@frost local]# unzip 114bt_rpc1.zip
Archive: 114bt_rpc1.zip
This file was downloaded from http://liggydee.cdfreaks.com
Please read the instructions included in this zipfile and
on our website at http://liggydee.cdfreaks.com/page/5170/
inflating: readme.txt
inflating: 114bt_rpc1.bin
inflating: Liggy’s and Dee’s Website.url
[root@frost local]# ./necflash -flash -v -s 114bt_rpc1.bin /dev/sg3
Vendor: Optiarcberat sitesi
Identification: DVD RW AD-5170A
Version: 1.14
Remember no one can be held responsible for any kind of failure!
Are you sure you want to proceed? (y/n)
if you get “Error submitting checksum” error. You should set your device to pio mode. I couldnt set with hdparm and i set it on bios.
[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com
List of supported devices:
Device : /dev/sg3
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.14
Device : /dev/scd0
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.14

run command via ssh (remote)
by Emre Tugriceri on Apr.08, 2009, under Linux, Security, Shell
cat ls_keykur.sh | ssh root@10.94.12.3
ssh root@10.94.12.3 “date”

snmpwalk example
by Emre Tugriceri on Apr.08, 2009, under Linux
snmpwalk -v 2c -c hoba 1.12.0.68 system

Domain join error
by Emre Tugriceri on Apr.08, 2009, under Linux, Samba
[root@px2 ~]# /usr/bin/net join -S 192.168.2.5 -U etadmin
[2009/04/08 14:00:17, 0] param/loadparm.c:lp_do_parameter(7172)
Enter etadmin’s password:
[2009/04/08 14:00:23, 0] libnet/libnet_join.c:libnet_join_ok(1035)
libnet_join_ok: failed to get schannel session key from server 10.129.0.20 for domain ET. Error was NT_STATUS_INVALID_COMPUTER_NAME
Failed to join domain: failed to verify domain membership after joining: Invalid computer name
ADS join did not work, falling back to RPC…
Enter etadmin’s password:
Interupted by signal.
[root@px2 ~]# /usr/bin/net join -S dc1 -U etadmin
[2009/04/08 14:00:36, 0] param/loadparm.c:lp_do_parameter(7172)
Ignoring unknown parameter “default domain”
Enter etadmin’s password:
Using short domain name — ET
Joined ‘PX2’ to realm ‘tugriceri.com
You should use netbios name. not ip.

Execute remote command via ssh
by Emre Tugriceri on Apr.02, 2009, under Linux
ssh root@server ‘uname -a’

Changing linux system time
by Emre Tugriceri on Mar.30, 2009, under Linux
change system time and sync. hardware time.

check: no loaded plugin implements ‘check_main’:
by Emre Tugriceri on Oct.04, 2008, under Spam
<i>check: no loaded plugin implements 'check_main': cannot scan! at</i><i> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line</i><i> 164.<br /><br />vi init.pre<br /></i>loadplugin Mail::SpamAssassin::Plugin::Check<br />
mysql deki snort loglarini temizlemek
by Emre Tugriceri on Sep.21, 2008, under Mysql, Security
reset master
purge master logs
delete from data
delete from event where timestamp<‘2008-8-01’