Differences

This shows you the differences between two versions of the page.

--- linux [2019-07-10 T 17:51]
admin [DNS]
+++ linux [2022-03-28 T 19:07] (current)
admin [dig]
@@ Line 791: / Line 791: @@
   * $gpg --keyring /usr/share/keyrings/debian-keyring.gpg -a --export 21E764DF | sudo apt-key add -
 ====== Network ======
+usefull links:
+  * https://wiki.debian.org/NetworkConfiguration
+  * http://www.howtogeek.com/118337/stupid-geek-tricks-change-your-ip-address-from-the-command-line-in-linux/
 ====Network Interfaces====
 Network interfaces have a name and many commands will default to an interface, or require you to say which interface you want to use. There are a few different ways to list all interfaces and their status. one common ways is:
-  * $ifconfig -a
+  ifconfig -a
 Here are some examples:
   * lo Loopback interface. Important for internal network communications
   * eth0 First Ethernet interface. additional will be eth1, eth2, etc.
-  * e***** This is a new naming convention which will be outlined below
   * wlan0 First Wireless interface.
   * bridge0 a representation of a bridged interface, usually consisting of multiple physical or virtual interfaces
   * vlan0 a vlan interface
   * ath0 sometimes represented in openwrt distros or from interfaces of the atheros brand
-==Predictable Network Interface Names==
+  * e***** is predictable network interface names. Starting with System D version 197 the name of hardware devices was changed to represent a more physical location name, for example enp2s0. You can still use this name just like everything else. For more info on this: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
-Starting with System D version 197 the name of hardware devices was changed to represent a more physical location name, for example enp2s0. You can still use this name just like everything else. For more info on this: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
-==Linux network links==
-For More info go to:
-  * https://wiki.debian.org/NetworkConfiguration
-  * http://www.howtogeek.com/118337/stupid-geek-tricks-change-your-ip-address-from-the-command-line-in-linux/
 ====ifconfig====
 With linux networking, ifconfig allows you to make some changes and get some info about the networking. For a readout:
@@ Line 816: / Line 813: @@
   route add default gw 192.168.99.254
 These settings will be lost once the computer restarts
-== network interface config file ====
+==== network interface config file ====
 Of course, you may want to set the ip manually. to do this you need to edit /etc/network/interfaces with something like vi. Here is an example script:
 <code>
@@ Line 843: / Line 840: @@
   * # - means that line is skipped
 Normally after changing this you can do this to reset it. There are a few ways to do this.
-====ifdown and ifup==
+====restart network interface====
+There are a few different ways to restart the interface and depending on your system you may need to use different ones. this is also very helpful for running scripts.
+===ifdown and ifup===
 This command is a simple way to enable and disable and interface
   * $ifdown [options] [iface]
@@ Line 851: / Line 850: @@
 Or another is to use the -a for all
   * $ifdown -a && ifup -a
+Sometimes ifdown and ifup do not work so you may need to do other commands to restart the network service.
+=== Debian systemctl===
+This is for systems that use systemctl, but it does not always work:
+   sudo systemctl restart networking.service
+===invoke-rc.d===
+This will perform a restart at the high level of processes. it is effective
+  invoke-rc.d networking restart
 ==== Network RHLE ====
 Redhat, centos, etc have a bit different method
@@ Line 858: / Line 865: @@
   * Other things you can modify in that:
   * ONBOOT=on/off for changing it to turn on the eth on boot
+==== Bonding with Debian ====
+This is a more advanced setup and usually made for using multiple interfaces on a server for things like redundancy or increased performance. You will be editing the same debian network config file located at:
+  /etc/network/interfaces
+=== Kernal Modual ===
+You need to have this kernal module installed:
+ bonding
+If you dont have it you can use modprobe to set for the session or set it in the modules file. See in this wiki the section about [[modprobe]]
+=== Modes ===
+There are several modes you can set. You will need to define the bondoing mode in the config file. You can use either the number or the name in the config file
+  https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.l0wlcb00/l0wlcb00_bondingmodes.html
+Here are some modes that are most commonly used:
+  * Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.
+===Config file===
+The basics for the config file is to define an bond as an interface. First you define the interfaces, then you define the bond interface.
+  # The primary network interface
+  auto eth0
+  iface eth0 inet manual
+  	bond-master bond0
+  	bond-primary eth0
+  # The secondary network interface
+  auto eth1
+  iface eth1 inet manual
+  	bond-master bond0
+  # The bond with bond configurations and first IP address
+  auto bond0
+  iface bond0 inet static
+      address 192.168.1.99
+      netmask 255.255.255.0
+      gateway 192.168.1.1
+      bond-mode 1
+      bond-miimon 100
+      bond-updelay 200
+      bond-downdelay 200
+Config properties for bonding
+  * bond-mode - As mentioned above you can use the name or number. In this example we are saying active-backup
+  * bond-miimon [milliseconds] - time for MII checking link (media-independent interface is a type of daemon that checks status of interfaces)
+  * bond_primary: choose the primary slave iface_name (used with mode active-backup).
+  * bond-downdelay/updelay - Has to do with failover. A note about updelay and downdelay, both of these values must be multiples of the miimon value otherwise the system will round down.
+===Links===
+  * Ubuntus basic config page (does not include multiple IPs or Vlans) :https://help.ubuntu.com/community/UbuntuBonding
+  * Debians Bonding page. Much more extensive then Ubuntus (no vlans): https://wiki.debian.org/Bonding
+  * RHLS instructions:https://www.howtoforge.com/tutorial/how-to-configure-high-availability-and-network-bonding-on-linux/
+  * Answer about multiple IPs: https://askubuntu.com/questions/785149/multiple-ip-addresses-with-bonded-interfaces
+  * Original extensive documentation about how the modual bonding and the package ifenslave works: https://www.kernel.org/doc/Documentation/networking/bonding.txt
+====Vlan with Debian====
+You will be editing the same debian network config file located at:
+  /etc/network/interfaces
+=== Kernal Modual ===
+You need to have this kernal module installed:
+q
+=== Config file===
+This is an example of how to use Vlan 700. It is simple. There are other ways of doing it
+  auto eth0.700
+  iface eth0.700 inet static
+   address 10.100.10.77
+   netmask 255.255.255.0
+===Links===
+  * https://blog.sleeplessbeastie.eu/2012/12/23/debian-how-to-create-vlan-interface/
+==== Bonding and Vlan Combo ====
+Using the above information, here is an example of how to have 2 different IP addresses on a bond interface of a server, and one of the IPs with a VLAN.
+  ## beginning of interface config file
+  # The loopback network interface
+  auto lo
+  iface lo inet loopback
+  # The primary network interface
+  auto eno1
+  iface eno1 inet manual
+  	bond-master bond0
+  	bond-primary eno1
+  # The secondary network interface
+  auto eno2
+  iface eno2 inet manual
+	  bond-master bond0
+  # The bond with bond configurations and first IP address
+  auto bond0
+  iface bond0 inet static
+      address 1.2.3.4
+      netmask 255.255.255.0
+      gateway 1.2.3.1
+      bond-mode 1
+      bond-miimon 100
+      bond-updelay 200
+      bond-downdelay 200
+      bond-slaves none
+  # Vlan and what bond to belong to:
+  auto vlan670
+  iface vlan670 inet static
+      address 192.168.0.253
+      netmask 255.255.255.0
+  vlan-raw-device bond0
+===Links===
+https://www.beyondvm.com/2014/03/quick-tip-bonding-lacp-and-vlans-in-linux/
+====Checking network configuration====
+this page indicates some checks that could be done after configuring the interfaces file. https://www.tecmint.com/network-nic-bonding-teaming-in-debian-linux/2/
+\\ Mainly it suggests to perform these checks:
+  * ifconfig to look that interfaces are configured properly
+  * mii-tool (not sure how this will work)
 ==== ip ====
 Use ip to show / manipulate routing, devices, policy routing and tunnels. Many of the things you do with ifconfig can now be done with ip. Here is a good link, and some examples that will be expanded uppon later.
@@ Line 878: / Line 987: @@
 </code>
   * Please note that DNS is Auto generated via network manager. So if you change it but have nm running, it will override any changes to this file upon the next reboot.
-==== Vlan ====
-Here is a basic idea behind adding vlans. This is not comprehensive
-  * be sure your network card is compatable with the 802.1q standard.
-  * Make sure the VLAN modual is loaded To check do:
-  * $lsmod | grep 8021q
-  * If not loaded, you can do:
-  * $modprobe 8021q
-  * You can add vlans mainly with 2 commands:
-  * $ip link add link eht0 name eth0.100 type vlan id 100
-  * or
-  * $vconfig add eth0 5
-  * vconfig may requrire a package not standard. in Advanced Package Tool its simply called vlan
-There are several other ways and types of configurations we will add to this later.
-===remove vlan===
-you can remove a vlan with something like:
-  * $ip link delete eth0.100
 ==== Network Manager Service ====
 Network manager or nm is a very common service running to manage networks and give an easy to use gui for network releated operations in linux. It is very common with many distros and perfect for easily connectng wifi or changing IP.
@@ Line 971: / Line 1065: @@
   * -D to list available interfaces
   * -n does not resolve name servers, useful if in a slow devices
+  * -e Shows Mac address
   * src [ip] / dst [ip] shows you lines with that source or desitnation ip respectivly.
   * proto [protocal] for types of packages
@@ Line 984: / Line 1079: @@
   sudo tcpdump -i eth0 ether host aa:bb:cc:11:22:33
 This is an excellent page for more options: https://danielmiessler.com/study/tcpdump/#gs.lU0pRcE
+==== dig===
+Use dig to easily lookup what the DNS entry of an ip is.
+  dig [host] [options]
+Some options
+  * +short to just show the IP address entry
+Example to look up what IP google has and what Ip it returns:
+  User@mend:~#dig google.com +short
+.251.46.238
 ==== SSH ====
 ssh stands for secure shell. It is a service that allows for you to remote access a terminal using encryption. It is very universally standard and exists on most linux systems or can be easly installed
@@ Line 1171: / Line 1274: @@
   * $wget -qO- http://ipecho.net/plain ; echo
 This will call up a website that can display your ip in a simple way. The operators for wget are just quiet and save to a standard file which is then echoed with the echo command.
-====snmp====
+====SNMP====
+Simple Network Management Protocol allows you to get information from network devices. You can also use it to control, but this is not the typical way it is used.
+  * OID is the address of a specific date point that can be used when querying a network device with SNMP.
+  * MIB is the Management information base, and is usual a file formatted a specific way to indicated what OIDs mean what. The device itself does not necessarily have identifiers of what each OID means.
+  * ASN1 is Abstract Syntax Notation One. This is the Syntax that MIBs are in.
+  * Agent - Is the device queering the client device for data using various types of SNMP gathering software
+  * Community - The agent uses the community string to Authenticate that it can gather information from devices. Note that this is a low security model in version 1 and 2c of snmp
+  * SNMP version 1 and 2c. Version 2c allows for more expansion of what data can be passed with SNMP, and some other improvements, It is very common
+  * SNMP version 3 adds extra security and authorization beyond just knowing the community
+To install the suite of packages
   * The package name in ubuntu/debian is snmp
   * The package name in Centos/RHEL is net-snmp
-=== snmpwalk ===
+=== snmpstatus===
+To get the status of if snmp and if it is running on a device you need to know the IP of the host, the community string, and the version
+ snmpstatus -c [community] -v [version] [host]
+For example
+ snmpstatus -c public -v 2c 192.168.0.99
+=== snmpwalk and snmpget===
 snmpwalk is a tool to scan for snmp. To install you you just install the package called snmp
   snmpwalk [opts] -c [community] [ip address] [OID]
@@ Line 1182: / Line 1299: @@
   * -m "[mib file]" This will tell snmp walk to look up the mib file. The defualt MIB search path is several paths defined by the : /home/btowne/.snmp/mibs
   * You can put in the OID address at the end to just get data from that data point
+snmpwalk will go through every sub OID possible from the highest point you are calling it from. This is very good when discovering sets of data, but if you want to find the specific information of a specific OID, you want to try snmpget. This is very hepful because if you use walk for what you think is specific OID. It might append a 1 or another number on the end. For example, lets say that oid.99.500.3.5 is supposed to tell you how may foos are in the network device so you run:
+  snmpwalk -v1 -c public 192.168.1.99 oid.99.500.3.5
+You might get a return of:
+  SNMPv2-SMI::oid.99.500.3.5.1 = INTEGER: 33,
+You can see that in the readout it shows the oid with a .1 on the end. So if you did snmpget instead:
+  snmpget -v1 -c public 192.168.1.99 oid.99.500.3.5
+This might be a return readout:
+  SNMPv2-SMI::oid.99.500.3.5 = No Such Instance currently exists at this OID
+If you do walk, you may see that the o
 ===snmpd===
 To allow your linux device to act as a simple snmp agent you can install snmpd
@@ Line 1203: / Line 1329: @@
   systemctl enable snmpd  <<<ubuntu
   service snmpd enable <<<<RHEL
+===Advanced snmp config file===
+snmpd supports the View-Based Access Control Model (VACM) as defined in RFC 2575, to control who can retrieve or update information. You The above instructions for editing just the community is very basic, but if you want more access you need to modify the config file to include some things. First we want to map a community the the VCAM module. Here is the format and an example. SECNAME, or security name is arbitrary. In this example we define 2 SECNAMES as local and mynetwork. So only SNMP will go to those networks.
+  #com2sec [-Cn CONTEXT] SECNAME SOURCE COMMUNITY
+  com2sec local localhost  foocommunitylocal
+  com2sec mynetwork 1.2.3.4/24  foocommunity
+Then we need to define groups based on the SECNAME and what they are capable of doing. In  this example we are defining a group called myRWGroup and saying it can use snmp v1 with the local security name
+  # group NAME MODEL SECNAME
+  group   MyRWGroup       v1      local
+View defines what OIDs are accessible by what group. This example says that all groups can view all snmp oid available. More detials about the masks can be found in the link below. By saying .1  it will allow anything that starts with .1, which all snmp oid should. By saying 80, we are doing something about limiting the hex code (but not sure what it is??)
+  #view NAME TYPE SUBTREE [MASK]
+  view    all     included        .1      80
+Last, we define access for the groups. Below is a simple best practice way.
+  #access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
+  access  MyRWGroup ""      any       noauth    exact  all none none
+With all this combined, here is a simple script that can be used. This is very critical when you have advanced monitoring systems like zenoss trying to access things like hard drive space, CPU, etc.
+<code>
+# Replace things appropriate, mostly things that start with foo
+# This is The View Access Control Model and it maps the commuinity to the VACM module
+#com2sec SECNAME SOURCE COMMUNITY
+com2sec local           localhost       foocommunitylocal
+com2sec mynetwork       1.2.3.4/24		foocommunity
+# Groups define paramiters groups have access to
+#group GROUPNAME MODEL SECNAME
+group   MyRWGroup       v1      local
+group   MyRWGroup       v2c     local
+group   MyRWGroup       usm     local
+group   MyROGroup       v1      mynetwork
+group   MyROGroup       v2c     mynetwork
+group   MyROGroup       usm     mynetwork
+# View defines what is accessable by what group
+#view NAME/ALL TYPE SUBTREE [MASK]
+view    all     included        .1      80
+# This is for creating the access:
+#access GROUPNAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
+access  MyROGroup ""      any       noauth    exact  all none none
+access  MyRWGroup ""      any       noauth    exact  all all none
+# SNMP identification paramiters
+syslocation fooSittingonadockatthebay
+syscontact fooperson@cool.net
+</code>
+===snmp links===
+  * http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAF << For extended details of the man page for access control of snmpd
+  * http://net-snmp.sourceforge.net/wiki/index.php/Vacm#VACM_Masks.2C_or_How_to_restrict_access_to_a_particular_index_.28row.29_in_a_Table << More info about masks for access
+  * https://mibs.observium.org/ << A big database of MIBs
+  * http://www.circitor.fr/Mibs/Mibs.php << Another big databse of MIBs
 ==== iperf ====
 Iperf is a way of transferring bulk benign files to see pure transfer rates. Here is a good tuturial: [[http://openmaniak.com/iperf.php#iperf-w|http://openmaniak.com/iperf.php#iperf-w]]
@@ Line 1230: / Line 1400: @@
   * -p shows PID
   * -n shows numerical addresses instead of trying to determine symbolic host, port, or user names
+====SSL Cert====
+A secure socket layer certificate is used to authenticate a website with various authorities that give out certificates. It allows for a url to operate has https within a browser or any service that accesses that domain. This is not really a network tool, but rather a security tool for domains within a network.
+===Cert basics and location===
+A certificate is a file with an encryption key. It uses public key cryptography between the web client, like your browser, and the server, or the website you are trying to access with https. The file is located in a few different locations depending on what system you have. Ultimately though you will be defining where the file is with the httpd.conf file. More about that below
+===Obtain cert===
+First you must obtain the cert. Certs can be found with some hosting providers like godadd, or with a free service like https://letsencrypt.org/
+===conf file===
+There is an ssl.conf file but that just has to do with paramiters of how you want ssl to work. You will need to locate the httpd.conf file and make sure that your cert files are pointed to the right locations. here is an example /etc/httpd/conf/httpd.conf configuration:
+  SSLCertificateFile /root/sslcerts/ca.crt
+  SSLCertificateKeyFile /root/sslcerts/ca.key
+  SSLCertificateChainFile /root/sslcerts/ca.bundle
@@ Line 1235: / Line 1416: @@
 Some aspects of linux involve modifying the kernal moduals that are loaded.
 ==== Modprobe ====
-This will add or remove modals, or modify them.
+This will add, remove or modify modules for the kernal.
-=== beep ===
+  modprobe [module]
-Using modprobe to remove the computer beep
+A simple way to see if a specific module is installed is to do:
-http://www.thinkwiki.org/wiki/How_to_disable_the_pc_speaker_(beep!)
+  lsmod | grep [module]
 ====== Processes and Services ======
 Init management is how linux manages processes and when they start, such as at startup. There is a lot of complexity and difference in this system, but the 2 most common commands for managing startup are:
@@ Line 1731: / Line 1913: @@
 To exit:
   * Ctl + a + x (can do as holding ctl, press a, release a, press x)
+=== Remove computer beep ===
+Using modprobe to remove the computer beep: http://www.thinkwiki.org/wiki/How_to_disable_the_pc_speaker_(beep!)
+  modprobe beep
 ====== Packages Services ======
 The following are very popular packages used in many Linux administration systems.

wiki.mendiculus.info

User Tools

Site Tools

Differences

Page Tools