Add local redirection of low port to unpriv high port
Remove any existing entries:
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080 2> /dev/null
Add new redirects:
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080
Map CIFS shares:
NET USE \\1.2.3.4 /USER:DOMAIN\USERID
NET USE
NET USE \\1.2.3.4 /DELETE
Alter boot time settings:
MSCONFIG
smbclient syntax:
# mount -t smbfs -o username=user,password=pass //server/sharepoint /mnt/localmntpoint
Escape admin shares:
//wfsnt55/c\$
LVM Notes
I wanted to upgrade the disks in my Linux PVR to a 1TB pair and thus had to migrate from one existing disk (/dev/sda) to the new (/dev/sdb):
1. Add new physical disk to system
2. Partition disk to have a linux LVM partition – use flag 0x8e
# fdisk /dev/sdb
3. Add to LVM
# pvcreate /dev/sdb2
4. Add physical LVM volume to a LVM volume group (VolGroup00)
# vgextend /dev/VolGroup00 /dev/sdb2
2. Move all lvm volumes off old lvm disk
# vgdisplay -v (look for old physical volume name)
# pvmove /dev/olddisk # will move all physical extents from olddisk to any available pv in the vg
3. Remove old disk from vg
# vgreduce /dev/olddisk
4. Remove old disk from LVM
# pvremove /dev/olddisk
RAID Notes
Debian RAID setup on my PVR:
/dev/md0 /boot
/dev/hda1
/dev/hdb1
/dev/md1 /
/dev/hda2
/dev/hdb2
/dev/md2 swap
/dev/hda3
/dev/hdb3
/dev/md3 /data
/dev/hda4
/dev/hdb4
Show detail of RAID set:
# mdadm –detail /dev/md0
Detach mirror member:
– first mark member as bad (unless is really is bad, in which case it’ll already be marked faulty):
# mdadm –set-faulty /dev/md0 /dev/hdb1
– now remove it from the RAID1 set
# mdadm –remove /dev/md0 /dev/hdb1
To reattach member (after partitioning, or if it’s the same disk):
# mdadm /dev/md0 –add /dev/hdb1
– to watch the progress on the resync, look at /proc/mdstat
# cat /proc/mdstat
I think now (2010/01/24) the faulty syntax is:
mdadm /dev/md0 –fail /dev/sdb1
then
mdadm /dev/md0 –remove /dev/sdb1
Crypto Filesystem Notes
Linux (2.6) crypto filesystems are supported via a loopback device. Various ciphers can be specified. This example, default AES cipher is used and the disk partition is /dev/sdb1 – which is just setup as a normal Linux (0x83) partition.
1. Load the crypto filesystem module
modprobe cryptoloop
2. Start the crypto device (I’ll insert initialization instructions here later)
Note – you don’t need losetup, if the parameters are specified in fstab and mount does the startup. When losetup runs, it will prompt for the passphrase used to encrypt the partition. Once the crypto driver has the correct key to allow on the fly encryption/decryption, then processes that use the partition see cleartext (such as mount).
losetup -e aes /dev/loop0 /dev/sdb1 || exit 1
mount /bu
Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster. Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges. Something like 92% of Microsoft critical vulnerabilities announced in 2008 could have been mitigated by operating day-to-day as a normal user. Splitting your accounts into a normal account and admin account is a good idea, but it can lead to some headaches when the normal user needs to run temporarily as Administrator.
Fortunately there are some work arounds that can be used to temporarily elevate the user’s privileges to Administrator. Most of these involve the RUNAS command:
File explorer
If you’re running IE7 under WinXP, in order to run Windows Explorer with the runas command, it must be run as a separate process. A quick way to do this, without having to change your Folder Options settings, would be to run an instance of Explorer with the undocumented parameter /separate, like this:
runas /user:domain\username "explorer /separate"
Command Line Prompt
You can add a shortcut on the task bar with the following syntax to get an Administrator cmd prompt:
%windir%\system32\runas.exe /user:yourdomain\a-someuser cmd
yourdomain is the name of your AD domain if you have one, if not, leave it out. a-someuser is a suggested naming convention for the Administrator account associated with the user named someuser.
As pointed out in many postings and sites, one can use tr to remove octal 015 (^M or CR)
tr -d '\015' < oldfile > newfile
Well, been working way too hard, so here’s a bit of a humour break. The graph below shows the results of a user poll “What super-power do you wish you had”…
Thanks to Adam B for the tip!