====== Computer Dies & Das ====== ===== TEST ===== [[testseite|Test]] ===== Allgemein ===== === Uni-Wlan: === Hier die Konfigurationsdaten für die diversen Netzwerktools der einzelnen Distributionen: * Sicherheit: WPA/TKIP oder WPA2/AES * EAP-Type: EAP-TTLS * Anonyme Identität: anonymous@tu-dresden.de * CA-Zertifikat: TUD-CACert.pem * Innere Autorisierugsmethode: PAP * Benutzername: @tu-dresden.de * Passwort: * IP-Vergabe: automatisch per DHCP == Zertifikat (TUD-CACert.pem): == * [[http://www.inf.tu-dresden.de/content/units/frzneu/Dienste/WLAN/TUD-CACert.pem|Download]] === Aldebaran (Thinkpad x60) === == Allgemeines: == * [[http://www.thinkwiki.org/wiki/ThinkWiki|Thinkwiki]] == Stromsparen: == * [[http://thinkpad-wiki.org/TLP_-_Stromspareinstellungen_fuer_Ubuntu|TLP]] (Grundlegende Stromsparfunktionen) * [[http://wiki.ubuntuusers.de/PowerTOP|powertop]] (Anzeigen der Prozessorleistung und Aufwachzeiten) * [[http://wiki.ubuntuusers.de/Ubuntu_Tweak|UbuntuTweak]] (Überflüssige Sachen abstellen, Pakete entfernen etc.) * [[http://wiki.ubuntuusers.de/Bleachbit|BleachBit]] (Verwaiste Dateien und Programme entfernen) * [[http://wiki.ubuntuusers.de/Granola|Granola]] (Dauerhaft niedrige Prozessortaktung) * [[http://wiki.ubuntuusers.de/Thinkpad_ACPI?highlight=thinkpad#fan|thinkfan]] (Lüftersteuerung, Config Datei /etc/thinkfan.conf)) == Aktuelle Einstellungen: == * (0, 0, 58) * (1, 55, 61) * (2, 60, 61) * (3, 60, 61) * (4, 60, 61) * (5, 60, 66) * (7, 60, 32767) == Weitere Links & Infos == * [[http://thinkpad-wiki.org/TLP_-_Stromspareinstellungen_fuer_Ubuntu|http://thinkpad-wiki.org/TLP_-_Stromspareinstellungen_fuer_Ubuntu]] * [[http://maketecheasier.com/install-android-4-0-ice-cream-sandwich-in-virtualbox/2012/03/02|Android unter Virtualbox installieren]] === Nmap netzwerk scannen und die Verfügbaren Hosts auf listen: === nmap -sP 172.16.2.* === Installierte Pakete in liste speichern === [[http://wiki.ubuntuusers.de/Paketverwaltung/Tipps|http://wiki.ubuntuusers.de/Paketverwaltung/Tipps]] ---- '+Wine daran hindern ins internet zu gehen:+' * [[http://ubuntuforums.org/showthread.php?t=1188099&page=3|http://ubuntuforums.org/showthread.php?t=1188099&page=3]] * [[http://en.gentoo-wiki.com/wiki/Iptables_for_newbies#Rules|http://en.gentoo-wiki.com/wiki/Iptables_for_newbies#Rules]] I made a few modifications to original poster's HOWTO, to make it work well in Ubuntu 10.10 (32-bit): 1. Since putting iptables_no-internet_rule script in if-pre-up.d didn't work for me (it wasn't executed after system restart, I had to manually start it every time I booted the machine), I put it in if-up.d. 2. Because rule for iptables was put at the end of OUTPUT rules, and because of rules that precedes it, it was never executed. To solve this, I changed the rule to Code: iptables -I OUTPUT 1 -m owner –gid-owner no-internet -j DROP so it would be placed at the top of OUTPUT rules (and applied first). 3. Original ni script required quotes around command if there were any arguments, ie: Code: ni "command arg1 arg2 arg3" This was very troublesome if you wanted to alter parameters from the script (especially if they contain spaces). I changed the ni script to ommit necessary quotes around such commands: Code: #!/bin/bash COMMAND="$1" shift for arg; do COMMAND="$COMMAND \"$arg\"" done sg no-internet "$COMMAND" Now it can be invoked with: Code: ni command arg1 arg2 arg3 which is much better for scripts. zzarko is offline Reply With Quote The average home user might want something that accepts certain incoming connections but blocks everything else. Open /etc/iptables.bak in your favorite text editor and insert the following text. File: /etc/iptables.bak # Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 2005 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # accept all from localhost -A INPUT -i lo -j ACCEPT # drop invalid packets -A INPUT -m state –state INVALID -j DROP # accept all previously established connections -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT # permit people to ssh into this computer -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT # permit ftp and web hosting services -A INPUT -p tcp -m state –state NEW -m tcp –dport 20 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT # permit windows file sharing -A INPUT -p tcp -m state –state NEW -m tcp –dport 137:139 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 426 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT # permit five ports for bitorrent -A INPUT -p tcp -m state –state NEW -m tcp –dport 6881:6886 -j ACCEPT # reject all other packets coming into the computer, even from other computers in the local area network -A INPUT -j REJECT –reject-with icmp-port-unreachable COMMIT # Completed on Tue May 10 08:06:58 2005 You can now load the above file using the following command: Now, you can tell iptables about this file: # iptables-restore /etc/iptables.bak Although the rules have now been added to iptables, they are not saved explicitly. As a result, you should have iptables save the newly added rules using the following command: # /etc/init.d/iptables save Note: If you want to make a backup of all the rules you have added, copy /var/lib/iptables/rules-save to a place of your choosing. Now try and start iptables: # /etc/init.d/iptables start # /etc/init.d/iptables stop # /etc/init.d/iptables start The reason we start, then stop, then start again is because we haven't yet started the iptables script, so we must set the �initialized� status before stopping. Stopping essentially erases all settings and puts you back to zero. If everything works well and you don't seem to have lost access to the server, then you can add iptables to the default runlevel. This will have the iptables service start up each time you boot the computer. # rc-update add iptables default *NAS Platte im System einhängen Zuerst die Platte mit folgendem Befehl auf ein Device md0 (falls nicht vorhanden) mappen: # $ mdadm –assemble –run /dev/md0 /dev/sdc1 anschließend kann das Device (Die platte) mit folgendem Befehl gemountet werden: # $ mount /dev/md0 /mnt/test * Umbenennen von Bildern nach Exif-Daten: ''exiftool '-filename<%f_iso${iso}_s${myspeed}_a${myaperture}_f${myfocal}.%e' *'' ExifTool-Config-Datei: ~/.ExifTool_config %Image::ExifTool::UserDefined = ( 'Image::ExifTool::Composite' => { MyAperture => { Require => 'Aperture', ValueConv => '$val =~ tr/./_/; $val', }, MyFocal => { Require => 'FocalLength', ValueConv => '$val =~ tr/./_/; $val =~ s{mm} {}; $val', }, MySpeed => { Require => 'ShutterSpeed', ValueConv => '$val =~ tr(.)(_); $val', }, }, ); 1; # end ! Ferneinloggen per SSH-X-Forwarding ssh -c arcfour,blowfish-cbc -XC julia@172.16.2.4 ! KAlenderadresse hofmannweb: http://mail.hofmannweb.org/horde/rpc.php/kronolith/christoph@hofmannweb.org/christoph@hofmannweb.org.ics ! Farben des Linux Prompts: User: [033[01;32m]u@\h[033[01;34m\] \w $[\033[00m\] Root: [033[01;31m]h[033[01;34m\] \W $[\033[00m\] ! Festplatte retten - Zerschossenes Filesystem wiederherstellen QUELLE: [[http://forum.ubuntuusers.de/topic/unknown-filesystem-system-startet-nicht/#post-3079277|http://forum.ubuntuusers.de/topic/unknown-filesystem-system-startet-nicht/#post-3079277]] 1. Live Version von Ubuntu (gleiche Distribution) auf USB-Stick geladen und neueste Version von Testdisk [[http://www.cgsecurity.org/wiki/TestDisk_DE|http://www.cgsecurity.org/wiki/TestDisk_DE]] installiert. 2. Testdisk starten sudo testdisk-6.12/testdisk_static ACHTUNG: auf Version (z.B. 6.12) achten 3. Festplatte Analysieren, im Expertenmodus (Advanced) die Superblock Sektoren auslesen [[http://www.cgsecurity.org/wiki/Schritt_für_Schritt_Wiederherstellungsbeispiel|http://www.cgsecurity.org/wiki/Schritt_für_Schritt_Wiederherstellungsbeispiel]] bis einschliesslich Sektion Quicksearch und dann weiter mit [[http://www.cgsecurity.org/wiki/Sicherungskopie_des_erweiterten_ext2-/ext3-SuperBlocks_finden|http://www.cgsecurity.org/wiki/Sicherungskopie_des_erweiterten_ext2-/ext3-SuperBlocks_finden]] 4. Testdisk wieder verlassen und z.B. fsck.ext4 -p -b 32768 -B 4096 /dev/sda1 OBACHT: ext4 auf das eigene Dateisystem anpassen, -b stellt die Blocknummer des Superblock Backups dar (z.B 32786), -B stellt die Blockgröße dar (z.B. 4096) sda1 ist in diesem Fall die beschädigte Partition. Falls dabei Probleme auftreten hat es bei mir ohne -p funktioniert: z.B. fsck.ext4 -b 32768 -B 4096 /dev/sda1 (dann musste ich nur noch ca. 650 mal "y" drücken um die Reparatur manuell zu bestätigen) ! Thinkpad x230 DualView mit 2 Monitoren in Dockingstation * [[https://wiki.archlinux.org/index.php/multihead|https://wiki.archlinux.org/index.php/multihead]] * [[http://www.thinkwiki.org/wiki/Xorg_RandR_1.2|http://www.thinkwiki.org/wiki/Xorg_RandR_1.2]] Eigene Lösung: Eine Datei /etc/X11/xorg.conf.d/45-twinview.conf anlegen und folgenden Inhalt rein packen Section "Monitor" Identifier "DP2" Option "Primary" "true" EndSection Section "Monitor" Identifier "VGA1" Option "LeftOf" "DP2" EndSection ! Thinkpad Multimediatasten (Fn+Play/Pause,Next,Prev) Mediaplayer steuern Einfach diese dBus-Kommandos zum steuern eines AudioPlayers nutzen: #Pause/Unpause "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Pause" m:0x0 + c:172 XF86AudioPlay #Next Track "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Next" m:0x0 + c:171 XF86AudioNext #Previous Track "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Prev" m:0x0 + c:173 XF86AudioPrev #Audio Stop "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Stop" m:0x0 + c:174 XF86AudioStop ==== DVDs rippen / kopieren und als Iso speichern ==== == Allgemein == * DVD Rippen mit: dvdbackup -i /dev/sr1 -o ~ -M * ISO file aus Verzeichnis erstellen: mkisofs -dvd-video -udf -o ~/dvd.iso ~/ == Weitere Infos == * [[https://wiki.archlinux.org/index.php/dvdbackup|https://wiki.archlinux.org/index.php/dvdbackup]] * [[https://wiki.archlinux.org/index.php/Optical_disc_drive#DVD_2|https://wiki.archlinux.org/index.php/Optical_disc_drive#DVD_2]] == Windows 10 on USB Stick == default=1 timeout=15 color_normal=light-cyan/dark-gray menu_color_normal=black/light-cyan menu_color_highlight=white/black menuentry "Start Windows Installation" { insmod ntfs insmod search_fs_uuid insmod chain search –no-floppy –fs-uuid –set root chainloader +1 boot } menuentry "Boot from the first hard drive" { insmod ntfs insmod chain insmod part_msdos set root=(hd1) chainloader +1 boot } ===== Juniper DNS Problem (Netzwerk) ===== Bei der Abfrage einer adresse bei z.b. ping google.de kommt sofort der A reply vom DNS Server zurück. Der AAAA reply wird aber dann blockiert weil die Juniper sofort zu macht. Um das Problem zu lösen wurde in der SSG5 per telnet folgendes gesetzt: unset alg dns enable Links: * [[https://kb.juniper.net/InfoCenter/index?page=content&id=KB12312&actp=search|https://kb.juniper.net/InfoCenter/index?page=content&id=KB12312&actp=search]] * [[http://unix.stackexchange.com/questions/141163/dns-lookups-sometimes-take-5-seconds|http://unix.stackexchange.com/questions/141163/dns-lookups-sometimes-take-5-seconds]] ===== IPv6 mit Juniper SSG5 ===== * [[https://blog.webernetz.net/2015/10/05/juniper-screenos-dhcpv6-prefix-delegation/|https://blog.webernetz.net/2015/10/05/juniper-screenos-dhcpv6-prefix-delegation/]] * [[http://michaeldale.com.au/archive/2010/01/17/native-ipv6-over-pppoe-with-internode-and-a-juniper-ssg5/|http://michaeldale.com.au/archive/2010/01/17/native-ipv6-over-pppoe-with-internode-and-a-juniper-ssg5/]] ===== ===== ===== VM tuxhelfer.de ===== Noch zu erledigen: * Gitlab * Jabber * [[http://selfoss.aditu.de/|http://selfoss.aditu.de/]] * [[https://github.com/kellerben/dudle/|dudle]]? * git host * Nagios * ansible * NFS & BACKUP ===== VoIP Fritzbox hinter Juniper ===== === Links === * [[http://www.3cx.com/blog/docs/avm-fritzbox-firewall-voip/|http://www.3cx.com/blog/docs/avm-fritzbox-firewall-voip/]] * [[http://www.tecchannel.de/kommunikation/handy_pda/433069/voip_hinter_einer_nat_firewall/index6.html|http://www.tecchannel.de/kommunikation/handy_pda/433069/voip_hinter_einer_nat_firewall/index6.html]] * [[http://blog.webernetz.net/2014/12/29/voip-von-fritzbox-uber-juniper-ssg-firewall/|http://blog.webernetz.net/2014/12/29/voip-von-fritzbox-uber-juniper-ssg-firewall/]] * [[https://www.administrator.de/frage/fritzbox-pfsense-voip-probleme-231636.html|https://www.administrator.de/frage/fritzbox-pfsense-voip-probleme-231636.html]] * [[http://kyza.de/2011/03/30/fritzbox-hinter-anderem-nat-router-oder-firewall/|http://kyza.de/2011/03/30/fritzbox-hinter-anderem-nat-router-oder-firewall/]] * [[https://www.godo.ch/index.php/2014/01/16/isdn-voip-mit-fritzbox-und-pfsense/|https://www.godo.ch/index.php/2014/01/16/isdn-voip-mit-fritzbox-und-pfsense/]] * [[http://blog.james.rcpt.to/2006/02/27/sip-and-netscreen-firewalls/|http://blog.james.rcpt.to/2006/02/27/sip-and-netscreen-firewalls/]] ===== Arch Linux Bereinigen ===== [[https://yhaupenthal.org/1409227216.htm|https://yhaupenthal.org/1409227216.htm]] Programm zum anzeigen geordnet nach größe / welcher Ordner welche datei nimmt am meisten Speicherplatz ein: ncdu ===== Display Settings überprüfen ===== [[http://www.lagom.nl/lcd-test/display_settings.php|http://www.lagom.nl/lcd-test/display_settings.php]] ===== Jabber Server (ejabberd) @ jabber.tuxhelfer.de ===== Server Name: jabber.tuxhelfer.de Admin user: admin@jabber.tuxhelfer.de Passwd: mk… ===== Gitlab Server (gitlab) @ git.tuxhelfe.de ===== git.tuxhelfer.de https://about.gitlab.com/downloads/#debian8 [[http://ryansechrest.com/2015/08/use-apache-instead-of-built-in-nginx-in-gitlab-ce/]] [[http://serverfault.com/questions/735270/gitlab-8-0-3-with-apache2-nginx|http://serverfault.com/questions/735270/gitlab-8-0-3-with-apache2-nginx]] https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache [[http://stackoverflow.com/questions/25785903/gitlab-7-2-1-with-apache-server-instead-of-nginx]]