IOzone is a filesystem benchmark tool that

The following allows you to forward (NAT) traffic from an internal interface to an external interface (and back again ;]). In other words, creating a Gateway for a LAN (internal network).

Debian Based (apt-get)

1. # apt-get install iptables
2. # vi /etc/network/if-up.d/iptables

RedHat (rpm) Based

1. # yum install iptables
2. # vi /etc/sysconfig/iptables

1. #!/bin/sh
2.  
3. PATH=/usr/sbin:/sbin:/bin:/usr/bin
4.  
5. # user defined
6. WAN="eth0"
7. LAN="eth1"
8.  
9. # delete existing rules
10. iptables -F
11. iptables -t nat -F
12. iptables -t mangle -F
13. iptables -X
14.  
15. # always accept loopback traffic
16. iptables -A INPUT -i lo -j ACCEPT
17.  
18. # allow established connections, and those not coming from the outside
19. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
20. iptables -A INPUT -m state --state NEW ! -i $LAN -j ACCEPT
21. iptables -A FORWARD -i $LAN -o $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
22.  
23. # allow outgoing connections from the LAN side
24. iptables -A FORWARD -i $WAN -o $LAN -j ACCEPT
25.  
26. # masquerade out LAN interface
27. iptables -t nat -A POSTROUTING -o $LAN -j MASQUERADE
28.  
29. # do not forward from wan to lan
30. iptables -A FORWARD -i $WAN -o $LAN -j REJECT
31.  
32. # enable forwarding packets from interface to interface
33. echo 1 > /proc/sys/net/ipv4/ip_forward

Debian Based (apt-get)

1. # chmod +x /etc/network/if-up.d/iptables
2. # sh /etc/network/if-up.d/iptables

RedHat (rpm) Based

1. # service iptables restart

Note that this config does not give the ability to provide DHCP or DNS services to LAN clients.

You can easily tar up a Linux box and extract the files on a Linux partition (some version of ext). This can be great for making an image of a dying hard-drive or putting a hard-drive in another box, mounting it, and then making a backup (great if you need to mount read-only).

The following creates an archive, gzips the archive for greater compression, verbosely prints to the screen what is being backed up, preserves all permissions, and stores it in a file "device" /path/to/archive.tar.gz.

History lesson: most implementations of tar still default to using a tape device as output for the file stream!

1. # tar -pczvf /path/to/archive.tar.gz \
2. > --directory=/ \
3. > --exclude=proc --exclude=sys --exclude=dev/pts \
4. > .

To decompress the archive to the current working directory:

1. # tar -pxzvf archive.tar.gz

Use update instead of install chromium-browser if you already have it installed. This will update the previously installed version.

1. $ sudo add-apt-repository ppa:chromium-daily/ppa
2. $ sudo apt-get update
3. $ sudo apt-get -y install chromium-browser

I stumbled across pv the other day and found it interesting. It is not so much a utility as eye-candy, but useful non-the-less.

from the man page: pv allows a user to see the progress of data through a pipeline, by giving information such as time elapsed, percentage completed (with progress bar), current throughput rate, total data transferred, and ETA.

First, install pv with what ever package manager you use.

• # cd /usr/ports/sysutils/pv && make install clean
• # apt-get install pv
• # yum install pv

Using pv is analogous to using cat, only with a progress bar and some extra goodies!

1. # pv file.iso | dd of=/dev/cd0 bs=64k

1. (server)
2. # pv file.iso > nc -l 4444
3. (client)
4. # nc host 444 > file.iso

I always seem to forget this command. The following mounts the UFS2 FreeBSD filesystem to /mnt/fbsd directory on a Linux box. Notice the read-only permission. Unfortunately, (as of this writing) Linux does not have write support for UFS2. Please let me know if I am in error.

Change /dev/sda3 to your disk device!

1. # mkdir /mnt/fbsd
2. # mount -t ufs -o ro,ufstype=ufs2 /dev/sda3 /mnt/fbsd

You must install the rpm2cpio package on what ever operating system you are running. The following will extract a rpm hierarchy to the current directory.

1. $ mkdir ~/extracted_rpm
2. $ cd ~/extracted_rpm
3. $ rpm2cpio /path/to/FILENAME.rpm | cpio -div

Never edit /boot/grub/grub.cfg directly! You have to make changes in a special file under /etc/grub.d so that your changes will not get overwritten every time you update kernels, etc.

I am using my disk device name here. Make sure you use the one that fits your system.

• hd0       hard drive number
• 3           partition of FreeBSD partition (indexed from 1)
• a           slice of /boot partition

1. # vi /etc/grub.d/40_custom
2. #!/bin/sh
3. exec tail -n +3 $0
4.  
5. menuentry "FreeBSD 8.0-RELEASE" {
6.     insmod ufs2
7.     set root=(hd0,3,a)
8.     chainloader +1
9. }

Run update-grub2 to merge the changes in /etc/grub.d/40_custom. You should also be able to verify that the new entry will be seen next time grub2 is loaded.

1. # update-grub2
2. # cat /boot/grub/grub.cfg | grep FreeBSD

Reboot and give it a try!

First, see what stray packages are on the system so you know what is about to get deleted.

1. $ dpkg -l | grep ^rc | cut -d ' ' -f3 | less

What just happened there? We listed the packages that are installed with dpkg -l, filtered out results to only show lines starting with rc, then further trimmed the output to the third column which contains only the package names. less just allows us to easily scroll through the output in the terminal.

Now that you have verified what packages are going to be deleted and taken care of any loose ends, you should then be able to append a simple command to purge the packages in question.

1. # dpkg -l | grep ^rc | cut -d ' ' -f3 | xargs dpkg -P

You can use sudo on the xargs command if you are a user and need priviledges.

xargs is a handy command that allows you to pipe output delimited by tab, space, etc and do an action on each value. In this case, we have a list of packages that we need to purge, so we run dpkg -P one each package name that we extract.

First, install the necessary dependencies:

1. $ sudo apt-get install ruby subversion libyaml-ruby libzlib-ruby libopenssl-ruby libreadline-ruby libiconv-ruby rubygems

Technically, to use the GUI you need to install libgtk2-ruby and libglade2-ruby, but the GUI is now deprecated and will no longer be developed or updated. I encourage you to forget about using it.

It is great to have a database backend to keep up with data from session to session. A simple sqlite3 backend will do for most, but if you need more robustness and performance, MySQL and Postgres are available to you. Simply install the database server and supporting Ruby library for that specific database server.

1. sudo apt-get install sqlite3 libsqlite3-ruby

1. sudo apt-get install mysql-server libmysql-ruby

1. sudo apt-get install postgresql libpgsql-ruby

Now sync the Metasploit subversion tree into a directory of your choice.

1. $ mkdir ~/.msf3
2. $ cd ~/.msf3
3. $ svn co https://www.metasploit.com/svn/framework3/trunk framework

You should now have the latest and greatest Metasploit tree. For now on, you can simply use the command svn update inside the ~/.msf3/framework directory (or where ever else you synced the svn tree to) and it will sync the latest changes in the repository to your existing Metasploit installation.

1. $ cd ~/.msf3/framework
2. $ svn update

I have compiled a list of system commands that I felt were frequent enough to mention. The list covers commands that you use to ti interact with the file system and network, use the vi/vim editor, and utilize screen to make life easier.

I have put together a basic reference of chmod permissions. Enjoy!

For a more complete "e;guide"e; to little things like this, check out my full guide to using a shell.

R is read   W is write   X is execute

scrotwm is an excellent tiling window manager that I have been doing my development work in lately. I have found it amazingly useful, though the docs on it are pretty scarce. As of this writing, there is still no .deb package for it and it is not in the repository, so I have outlined a quick install.

Adobe has always denied FreeBSD native flash support, but you can use Linux emulation to get Adobe Flash 10 working on a FreeBSD system with a few simple steps. Although it might have its occasional quirks, Flash works pretty well with anything I have ever thrown at it. It gets better every update!

I had the need to set up irssi on my University shell account with minimal user access, so I took some notes on what I did. I have found out that a lot of people encounter the missing glib dependency, which is absolutely necessary for irssi to execute properly. Due to the problem's popularity, I included installing glib in this guide.

Apache's HTTP Authentication is a fast and easy way to lock down a directory so that it prompts users with a password dialog box to view the files.

This guide assumes that you have Apache2 already up and running.

Most any fresh Linux install, Debian in my specific case, automatically enables a multitude of wonderful high pitched beeps and tones for your listening pleasure. You might have noticed them by hitting a TAB on an invalid auto-complete, when you incorrectly login to GDM, or any of the other seemingly infinite ways to get an ear crunching BEEEEP.

To fix this issue you can go about disabling beeps in individual programs, but I have a better idea! Let's get the job done right and just blacklist the whole internal speaker to get rid of all beeps in all programs. Unless you are listening to motherboard beeps, who really need the internal speaker, anyways?

I use both modules as an example, just note the basic difference is that pcspkr is used in newer kernels. If one command does not work ('Module xxx does not exist' errors, etc), try the other.

Lets try to unload the (possibly) already running module.

1. # rmmod snd_pcsp
2. # rmmod pcspkr

Now we just need to make sure the module does not get loaded on system boot.

1. # echo 'blacklist snd_pcsp' >> /etc/modprobe.d/blacklist
2. # echo 'blacklist pcspkr' >> /etc/modprobe.d/blacklist
3. # reboot

I just noticed FireFox 3.5 is in my ports tree! I upgraded immediately to check out the JavaScript speeds that everyone was always reporting about... and I see why there were ranting so much! All my AJAX scripts that I am used to using are sped up dramatically. I am very impressed, although I find it weird that I have to load a Kernel module to use my browser. Oh, and Firefox 3.0 is in conflict with Firefox 3.5, so you have to remove Firefox 3.0 before you can even install Firefox 3.5. Also worth mentioning is the fact that Firefox 3.5 uses Firefox 3.0's /usr/local/lib/firefox3 directory don't worry about reinstalling plugins or bookmarks!

Check out how to update your ports tree to get the latest and greatest versions and sources for applications.

1. # pkg_delete firefox-3\*
2. # cd /usr/ports/www/firefox35
3. # make install clean distclean
4. # kldload sem
5. # echo 'sem_load="YES"' >> /boot/loader.conf

BackupPC is a free and open source program that I personally think is at the top of the list in great back up tools. I am not a huge fan of GUI programs and dreaded web interfaces, but BackupPC's interface is fast, straight forward, not bloated, and directly linked to great documentation. BackupPC can also back up nearly any operating system, Windows or *nix, by using a variety of popular, free, tools (rsync, rsyncd, samba, tar).