LinuxRI.org

Search this site

Join the group!

Resources

Articles


Subscribe to posts

Map Reduce

posted Apr 28, 2013, 5:22 PM by Mike Perry   [ updated Apr 28, 2013, 5:41 PM by Mike Perry ]

Map Reduce


| Attachments: MapReduce.pdf

Getting Started with Mercurial

posted Jun 9, 2012, 10:17 AM by Mike Perry   [ updated Apr 28, 2013, 5:42 PM by Mike Perry ]

Getting Started with Mercurial


March 2012 - SQL

posted Apr 22, 2012, 6:50 PM by Mike Perry   [ updated Apr 28, 2013, 5:42 PM ]

SQL Overview


April 2012 - TiddlyWiki

posted Apr 15, 2012, 8:07 PM by Mike Perry   [ updated Apr 28, 2013, 5:43 PM ]

TiddlyWiki by Matt Curcio


01-2012 Presentation - Debian LAMP Install

posted Jan 15, 2012, 11:47 AM by Mike Perry   [ updated Jan 15, 2012, 12:18 PM ]

01-2012 - Debian LAMP Install


| Attachments: 01-2012-debian-lamp-install

12-10-11 OpenVPN Presentation

posted Dec 13, 2011, 8:28 AM by Adam Gomes   [ updated Jan 15, 2012, 11:54 AM by Mike Perry ]



Drupal Discussion Slides

posted Oct 21, 2011, 6:45 AM by Adam Gomes   [ updated Apr 28, 2013, 5:44 PM by Mike Perry ]

Port Knocking with iptables

posted Sep 12, 2011, 11:24 AM by Mike Perry   [ updated Sep 12, 2011, 11:34 AM ]

More info to come soon, but this example should work out of the box. To use it save the script to a file and then, as root, `iptables-restore < script`. This script assumes that your SSH server is running on the default port of 22 and that you are not using iptables for anything else.
# START SCRIPT
*filter

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
#-A INPUT -p tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allows SSH connections
#  Below is a three port knock which will allow a new ssh session. Client must 'knock' on ports 3820, 5446, and 3015 first. Each knock has a 15 second window before the user has to start over.
#  After the knocking is complete the established connection rule comes into place and this won't be tested.
-A INPUT -p tcp --dport 3820 -m recent --set --rsource --name SSH_AUTH_KNOCK1 -m limit --limit 15/min -j LOG --log-prefix "ssh knock 1 " --log-level 7
-A INPUT -p tcp --dport 5446 -m recent --rcheck --rsource --seconds 15 --name SSH_AUTH_KNOCK1 -m recent --set --rsource --name SSH_AUTH_KNOCK2 -m limit --limit 15/min -j LOG --log-prefix "ssh knock 2 " --log-level 6
-A INPUT -p tcp --dport 3015 -m recent --rcheck --rsource --seconds 15 --name SSH_AUTH_KNOCK2 -m recent --set --rsource --name SSH_AUTH -m limit --limit 15/min -j LOG --log-prefix "ssh knock 3 " --log-level 6
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --rsource --seconds 15 --name SSH_AUTH -j ACCEPT

# Allow ping
#-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# Deny Ping
-A INPUT -p icmp -j DROP

# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT
#END SCRIPT
See also: http://www.netfilter.org, iptables-save(8), iptables-restore(8), ip6tables(8)
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Rolling your own live disk

posted Dec 11, 2010, 2:35 PM by Mike Perry

Rolling your own live disk


Rsync Mini Howto

posted Sep 29, 2010, 1:42 PM by Mike Perry

Simply copying files as a non-root user can be done as the following.

rsync -ax /source/ /target

When copying an entire file system as root it is a bit more complex.

rsync -aHSKvz /source/ /target

This copies all files from /source to a /target. All files are copied
including things like devices and links.  If the slash at the end of source is
omitted, you will end up with a source directory under target instead
of target being the root.

If source is / you probably want to exclude files under /proc and
/sys.
--exclude="/sys/*" --exclude="/proc/*"

Using -x is another option depending on your needs.

Source and target can be a remote host by using the following syntax.

user@hostOrIp:/path

In some cases you  may have to specify '-e ssh' to your argument list.

Common argument definitions:

 -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
  -r, --recursive           recurse into directories
  -l, --links               copy symlinks as symlinks
  -p, --perms               preserve permissions
  -t, --times               preserve modification times
  -g, --group               preserve group
  -o, --owner               preserve owner (super-user only)
  -D                        same as --devices --specials
    --devices               preserve device files (super-user only)
    --specials              preserve special files
-H, --hard-links            preserve hard links
-S, --sparse                handle sparse files efficiently
-K, --keep-dirlinks         treat symlinked dir on receiver as dir
-z, --compress              compress file data during the transfer

Some other useful options are:
-A, --acls                  preserve ACLs (implies -p)
-X, --xattrs                preserve extended attributes
-x, --one-file-system       don't cross filesystem boundaries
-P                        same as --partial --progress
  --progress              show progress during transfer
  --partial               keep partial files when interrupted

1-10 of 13