LFS211

2. Systemd

  • /usr/lib/systemd/system/*

  • /etc/systemd/system/*

  • /etc/systemd/system/foo.service.d/00-change.conf - Drop-in files

  • additional features

    • cgroups controls

    • systemd slice directive

3. Network Configuration

  • Layer 2: Configuration

    • ip link set eth0 mtu 1500 (set mtu)

    • ethtool -s eth0 speed 1000 duplex full (set speed and duplex)

    • ethtool eth0 (show settings)

    • ethtool -i enp0s25 (show driver)

    • ip -s link show dev eth0 (show statistics)

    • modinfo e1000

    • udevadm info -a /sys/class/net/eth0

    • /etc/modprobe.d/mynic.conf

      • options e1000 Speed=100 Duplex=0 AutoNeg=0

  • Layer 2: Advanced Configuration

    • MACVlan Modes

  • Layer 3: Configuration

    • ip addr add 10.0.2.25/24 dev eth0

    • ip route add default via 10.0.2.2

    • echo "nameserver 4.2.2.1" >> /etc/resolv.conf

  • Boot Time Network Configuration (nmcli, networkctl)

  • Network Manager

  • netplan

4. Network Troubleshooting and Monitoring

  • openssl s_client -connect www.example.com:443

  • sudo tcpdump -i eth0 -s 65535 -w capture.pcap port 22

  • sudo ss -ltp | grep httpd

  • /etc/hosts.allow and /etc/hosts.deny

  • netcat

  • tcpdump -i lo proto ICMP

5. Remote Access

  • OpenSSH Server

    • PermitRootLogin no (No root access)

    • PermitRootLogin prohibit-password (Key-only root access)

    • X11Forwarding no (yes)

    • AllowAgentForwarding yes (no)

    • LocalForward and RemoteForward tokens

    • $HOME/.ssh/config

      • Host web KeepAlive yes IdentityFile ~/.ssh/web_id_rsa HostName www.example.com Port 2222 User webusr ForwardX11 no Host * Port 22

    • OpenSSH Key-Based Authentication

      • ssh-keygen -f $HOME/.ssh/id_rsa -N 'supersecret' -t rsa

      • eval $(ssh-agent)

      • ssh-add $HOME/.ssh/id_rsa

      • ssh-copy-id joe@overthere

    • OpenSSH Tunnel

      • Local Tunnel - ssh -Nf -L 4242:destination:2200 user@sshserver

        • ssh -p 4242 localhost

      • Remote Tunnel - ssh -Nf -R 2424:destination:2200 user@sshserver

        • ssh -p 2424 sshserver

      • Dynamic Port Forwarding

    • Parallel SSH Commands

      • pssh -i -h ~/ips.txt date

    • VNC server & client - vncviewer -via student@hostname localhost:1

    • X Window System - ssh -X student@server xeyes

6. Domain Name Service

  • BIND

    • /etc/named.conf

      • listen-on port 53 { 127.0.0.1; };

      • listen-on-v6 port 53 { ::1; };

      • allow-query { 192.168.196.0/24; localhost; };

      • recursion yes;

      • forwarders {

        • 8.8.8.8;

        • 8.8.4.4;

      • };

      • forward — Specifies the forwarding behavior of the forwarder's directive.

        first — Specifies that the nameservers listed in the forwarders directive be queried before named attempts to resolve the name itself.

        only — Specifies that named does not attempt name resolution itself in the event queries to nameservers specified in the forwarders directive fail.

      • acl goodclients {

        192.0.2.0/24;

        localhost;

        localnets;

        };

    • named-checkconf -z - test load any defined primary zone files

    • BIND Zone Configuration

      • zone "example.com" {

        type master;

        file "/etc/bind/db.example.com";

      };

      • zone "1.168.192.in-addr.arpa" {

        type master;

        file "/etc/bind/db.192";

        };

      • zone "foo.example." IN { type slave; primary { 192.168.122.11; 192.168.131.45; }; };

      • Forward zone file: /etc/bind/db.example.com

        $TTL    3600
@       IN      SOA     ns.local.net. root.local.net. (
                   2015101504           ; Serial
                         3600           ; Refresh [1h]
                          600           ; Retry   [10m]
                        86400           ; Expire  [1d]
                          600 )         ; Negative Cache TTL [1h]
;
@                IN      NS      ns.local.net.
ns               IN      A       192.168.1.10
www              IN      A       192.168.1.20

      • Reverse zone file: /etc/bind/db.192

        $TTL    604800
@ IN SOA        ns.local.net. root.local.net. (
                   2015101504           ; Serial
                         3600           ; Refresh [1h]
                          600           ; Retry   [10m]
                        86400           ; Expire  [1d]
                          600 )         ; Negative Cache TTL [1h]
;
@       IN      NS      ns.local.net.
10      IN      PTR     ns.local.net.
20      IN      PTR     www.example.com.

      • named-checkzone example.com. /var/named/chroot/var/named/example.com.zone

    • DNS Views

      • view trusted {
     match-clients { 10.0.0.0/24; };
     zone "myzone.example" {
          type primary;
          file "trusted/db.myzone.example";
     };
     zone "7.168.192.in-addr.arpa" {
          type primary;
          file "trusted/db.192.168.7";
     };
};
view guest {
     match-clients { any; };
     zone "myzone.example" {
          type primary;
          file "guest/db.myzone.example";
     };
};

7. HTTP Servers

  • /etc/httpd/conf/httpd.conf

  • /etc/httpd/conf.d/*.conf

  • IP/Port Virtual Hosts

  • Name-Based Virtual Hosts

  • Access Control and .htaccess

  • Secure Sockets Layer (SSL)

    • openssl genrsa -aes128 2048 > server.key

    • openssl req -new -key server.key -out server.csr

    • openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

    • openssl rsa -in server.key -out server.key.unlocked

8. Advanced HTTP Servers

9.

PreviousLinux Tricks

Last updated

Was this helpful?