onlyanegg eegrok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # generally speaking if you run ssh -X <remotehost> | |
| # you'll be able to run X applications on the remote host, displaying them on your machine | |
| # if you need to run them as a different user, there are a couple things you need to setup as the new user | |
| # after su'ing to the new user, you need to: | |
| # (note that the .Xauthority file must be readable by the su'd to user -- or else you need to copy the file somewhere it is readable) | |
| # export XAUTHORITY=/home/[the original user]/.Xauthority | |
| # export DISPLAY=(whatever the DISPLAY property was before you su'd -- probably localhost:10.0) | |
| # the .Xauthority file needs to be readable by the new user as well (when I've done it, I've just copied ~/.Xauthority to /tmp or something for a bit -- of course this means anyone can display on your screen who sees that file -- so caution is a good thing. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you are dropping packets using iptables, you can use a couple commands to log those blocked packets | |
| # for example, to log & block all traffic incoming to 172.25.0.1, you could use the following: | |
| iptables -A INPUT -p tcp -d 172.25.0.1 -j LOG --log-prefix "blocked 172.25.0.1 :" | |
| iptables -A INPUT -p tcp -d 172.25.0.1 -j DROP |
eegrok
/ osx-ip-aliases.txt
Created
June 1, 2011 18:47
***TODO-FIGURE OUT*** - setup multiple aliases for a single ip on mac osx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I currently have the following aliases on mac osx, that I use to allow a bunch of different port forwarding through ssh | |
| # the 10.0.2.16 alias appears to work fine without the route add -host call for it | |
| # but the 10.0.2.18 alias doesn't. | |
| # test (order important?) | |
| # test (more than 2?) | |
| # look at netstat -nr to see routes | |
| alias aliasip='sudo ifconfig en1 alias 10.0.2.16 255.255.255.0; sudo ifconfig en1 alias 10.0.2.18 255.255.255.0; sudo route add -host 10.0.2.18 -interface 127.0.0.1' | |
| alias unaliasip='sudo ifconfig en1 -alias 10.0.2.16; sudo route delete -host 10.0.2.18 -interface 127.0.0.1; sudo ifconfig en1 -alias 10.0.2.18' |
eegrok
/ setuid_script.cpp
Created
May 26, 2011 00:52
use setuid to create script that will run as a specific user regardless of the user running it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // create a file named setuid_script.cpp with the following contents: | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <iostream> | |
| #include <unistd.h> | |
| int main(int argc, const char* argv[]) { | |
| printf( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # so recently I had an issue where I wanted to send email sent to a local user root (from logwatch, e.g.) to a different email address | |
| # simple enough -- just add a ~root/.forward file, with the contents [email protected] | |
| # all the email gets sent there... | |
| # but the email shows up with a to: header of [email protected] | |
| # what I really want is the to: header to be [email protected] | |
| # so I can filter emails, etc... below is how to do that. | |
| #uncomment the following line in /etc/postfix/main.cf | |
| #header_checks = regexp:/etc/postfix/header_checks |
eegrok
/ debug-packets
Created
May 9, 2011 22:36
debug ip issues -- ipfilter / packet sniffing / etc...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #command-line capture packets for viewing in wireshark | |
| tcpdump -i <interface> -s 65535 -w <some-file> | |
| # see how many prerouting packets received / etc... | |
| iptables -t nat --list --verbose | |
| # can compare this with filter packets | |
| iptables -t filter --list --verbose | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from http://www.debuntu.org/how-to-redirecting-network-traffic-a-new-ip-using-iptables | |
| # enable ip forwarding until reboot | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| # enable ip forwarding after reboot | |
| # edit /etc/sysctl.conf | |
| # uncomment line: #net.ipv4.ip_forward=1 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #on redhat based linux's | |
| service iptables save | |
| #on debian based linux's | |
| #put the following 2 lines in your /etc/network/interfaces file | |
| post-up iptables-restore < /etc/iptables.rules | |
| post-down iptables-save > /etc/iptables.rules | |
| # it'll then automatically save -- if you want to guard against a possible hard powerdown (power plug pulled, e.g.) | |
| # you can manually save them then using |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #partially from: http://www.throx.net/2008/04/13/openvpn-and-centos-5-installation-and-configuration-guide/ | |
| wget http://swupdate.openvpn.net/community/releases/openvpn-2.1.4.tar.gz | |
| wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm | |
| wget http://www.opensc-project.org/files/pkcs11-helper/pkcs11-helper-1.08.tar.bz2 | |
| wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/x86_64/dag/RPMS/pkcs11-helper-devel-1.08-1.el5.rf.x86_64.rpm | |
| wget ftp://rpmfind.net/linux/dag/redhat/el5/en/x86_64/dag/RPMS/pkcs11-helper-1.08-1.el5.rf.x86_64.rpm | |
| yum install rpm-build | |
| yum install autoconf.noarch | |
| yum install zlib-devel |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #modify the remote myremote.mydomain to be the server address | |
| remote myremote.mydomain | |
| dev tun | |
| ifconfig 172.23.0.2 172.23.0.1 | |
| secret /etc/openvpn/static.key | |
| # uncomment this to keep this connection alive if you need to connect from the server to the client sometimes | |
| # keepalive 10 120 |