<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>General &#8211; Blog of Kliment Andreev &#8211; A place so I won&#039;t forget things</title>
	<atom:link href="https://blog.andreev.it/tag/general/feed/" rel="self" type="application/rss+xml" />
	<link>https://blog.andreev.it</link>
	<description></description>
	<lastBuildDate>Wed, 12 Jul 2023 13:33:16 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>General: Tips &#038; Tricks and one-liners (Part I)</title>
		<link>https://blog.andreev.it/2011/12/prevent-root-login-in-ssh/</link>
					<comments>https://blog.andreev.it/2011/12/prevent-root-login-in-ssh/#respond</comments>
		
		<dc:creator><![CDATA[Kliment Andreev]]></dc:creator>
		<pubDate>Sat, 03 Dec 2011 21:26:30 +0000</pubDate>
				<category><![CDATA[Editor's Pick]]></category>
		<category><![CDATA[General]]></category>
		<guid isPermaLink="false">http://blog.iandreev.com/?p=134</guid>

					<description><![CDATA[Part II, Part III, Part IV. MySQL Backup/Restore BACKUP Do not leave space between&#8230;]]></description>
										<content:encoded><![CDATA[<div id="bsf_rt_marker"></div><p><a href="https://blog.andreev.it/?p=203" rel="noopener noreferrer" target="_blank">Part II</a>, <a href="https://blog.andreev.it/?p=5117" rel="noopener noreferrer" target="_blank">Part III</a>, <a href="https://blog.andreev.it/?p=9343" rel="noopener noreferrer" target="_blank">Part IV.</p>
<h1>MySQL Backup/Restore</h1>
<p><strong>BACKUP</strong></p>
<pre class="brush: sql; title: ; notranslate">
mysqldump -u &lt;username&gt;  -p &lt;password&gt; databasename &gt; /somewhere/dbname.sql
</pre>
<p>Do not leave space between -p and the password.</p>
<p><strong>RESTORE</strong></p>
<pre class="brush: sql; title: ; notranslate">
mysql -u &lt;username&gt;  -p   &lt;password&gt; databasename &lt;  /somewhere/dbname.sql
</pre>
<p><strong>CREATE USER/DATABASE and GRANT RIGHTS</strong></p>
<pre class="brush: sql; title: ; notranslate">
mysql -u adminusername -p
CREATE USER &#039;custom&#039;@&#039;localhost&#039; IDENTIFIED BY &#039;obscure&#039;;
CREATE DATABASE databasename;
GRANT ALL PRIVILEGES ON databasename.* TO &quot;custom&quot;@&quot;localhost&quot; IDENTIFIED BY &quot;obscure&quot;;
FLUSH PRIVILEGES;
</pre>
<h1>FreeBSD update OS and ports</h1>
<p>To update the OS (not upgrade):</p>
<pre class="brush: plain; title: ; notranslate">
freebsd-update fetch
freebsd-update install
</pre>
<p>To update the ports tree:</p>
<pre class="brush: plain; title: ; notranslate">
portsnap fetch
portsnap update
</pre>
<p>Update the actual ports:</p>
<pre class="brush: plain; title: ; notranslate">
portmaster -a
</pre>
<h1>tail under Windows</h1>
<pre class="brush: powershell; title: ; notranslate">
Get-Content -Path &quot;&lt;drive&gt;:\Folder\FileName.extension&quot; -Wait
</pre>
<h1>tcpdump to monitor HTTP traffic</h1>
<p>1. To monitor HTTP traffic including request and response headers and message body:</p>
<pre class="brush: bash; title: ; notranslate">
tcpdump -A -s 0 &#039;tcp port 80 and (((ip&#x5B;2:2] - ((ip&#x5B;0]&amp;amp;0xf)&lt;&lt;2)) - ((tcp&#x5B;12]&amp;amp;0xf0)&gt;&gt;2)) != 0)&#039;
</pre>
<p>2. To monitor HTTP traffic including request and response headers and message body from a particular source:</p>
<pre class="brush: bash; title: ; notranslate">
tcpdump -A -s 0 &#039;src example.com and tcp port 80 and (((ip&#x5B;2:2] - ((ip&#x5B;0]&amp;amp;0xf)&lt;&lt;2)) - ((tcp&#x5B;12]&amp;amp;0xf0)&gt;&gt;2)) != 0)&#039;
</pre>
<p>3. To monitor HTTP traffic including request and response headers and message body from local host to local host:</p>
<pre class="brush: bash; title: ; notranslate">
tcpdump -A -s 0 &#039;tcp port 80 and (((ip&#x5B;2:2] - ((ip&#x5B;0]&amp;amp;0xf)&lt;&lt;2)) - ((tcp&#x5B;12]&amp;amp;0xf0)&gt;&gt;2)) != 0)&#039; -i lo
</pre>
<p>4. To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands</p>
<h1>Get the OU for a user or a computer in PowerShell.</h1>
<pre class="brush: powershell; title: ; notranslate">
$comp=Get-ADComputer -identity &lt;computer_name&gt; -properties CanonicalName
</pre>
<pre class="brush: powershell; title: ; notranslate">
$user=Get-ADUser -identity &lt;user_name&gt; -properties CanonicalName
</pre>
<h1>Send e-mail using Python and AWS SES</h1>
<p>Create an index.html file in the same directory where this script will reside called index.html. That will be the body of your e-mail.<br />
In my case index.html looks like this.</p>
<pre class="brush: xml; title: ; notranslate">
&lt;h1&gt;Hello!&lt;/h1&gt;
</pre>
<p>You can comment line #24 below if you don&#8217;t want to see the debug output. I suggest you leave it as is.</p>
<pre class="brush: python; title: ; notranslate">
import smtplib

from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText

fromaddr = &quot;no-reply@somedomain.com&quot;
toaddr = &quot;kliment.andreev@whatever.com&quot;
EMAIL_HOST = &#039;email-smtp.us-east-1.amazonaws.com&#039;
EMAIL_HOST_USER = &#039;AKIAJUEQQ7DIHJUCKAVA&#039;
EMAIL_HOST_PASSWORD = &#039;AlRPmyef-qAkajSzCtn43YY447rFlJ8GXCBMWyaNide&#039;
EMAIL_PORT = 587

msg = MIMEMultipart(&#039;alternative&#039;)
msg&#x5B;&#039;Subject&#039;] = &quot;AWS TEST&quot;
msg&#x5B;&#039;From&#039;] = fromaddr
msg&#x5B;&#039;To&#039;] = toaddr

html = open(&#039;index.html&#039;).read()

mime_text = MIMEText(html, &#039;html&#039;)
msg.attach(mime_text)

s = smtplib.SMTP(EMAIL_HOST, EMAIL_PORT)
s.set_debuglevel(10)
s.starttls()
s.login(EMAIL_HOST_USER, EMAIL_HOST_PASSWORD)
s.sendmail(fromaddr, toaddr, msg.as_string())
s.quit()
</pre>
<p>If you want to send to multiple recipients, replace the lines #7 and #27 to look like this.</p>
<pre class="brush: python; title: ; notranslate">
toaddr = &quot;kliment.andreev@domain1.com,klimenta@domain2.com,kandreev@domain3.com&quot;
s.sendmail(fromaddr, msg&#x5B;&#039;To&#039;].split(&#039;,&#039;), msg.as_string())
</pre>
<h1>Display remote SSL certificate</h1>
<pre class="brush: bash; title: ; notranslate">
echo | openssl s_client -showcerts -servername blog.andreev.it -connect blog.andreev.it:443 2&gt;/dev/null | openssl x509 -inform pem -noout -text
</pre>
<h1>Windows DNS server &#8211; clear cache</h1>
<p>From an elevated cmd prompt</p>
<pre class="brush: bash; title: ; notranslate">
dnscmd /clearcache
</pre>
<h1>List public IP addresses associated with an instance in AWS</h1>
<pre class="brush: bash; title: ; notranslate">
aws ec2 describe-instances --query &quot;Reservations&#x5B;*].Instances&#x5B;*].PublicIpAddress&quot; --output=text
</pre>
<h1>RHEL\CentOS 7: Limit SSH to specific IPs</h1>
<p>I have a CentOS VM that&#8217;s running behind a pfSense firewall and a NAT rule that forwards all SSH traffic to this VM. So, pretty much my VM is exposed to the public. I saw a lot of scripts trying to penetrate so what I did is, I used the <strong>firewalld </strong>service to restrict SSH to specific IPs. Make sure that you have <strong>firewalld </strong>enabled and running.</p>
<pre class="brush: bash; title: ; notranslate">
systemctl status firewalld
</pre>
<p>Now, add the trusted IPs or ranges. In my case my home network range and a single public IP.</p>
<pre class="brush: bash; title: ; notranslate">
firewall-cmd --zone=&quot;trusted&quot; –-add-source=192.168.1.0/24
firewall-cmd --zone=&quot;trusted&quot; –-add-source=11.12.99.88
</pre>
<p>Add the SSH service to the trusted zone.</p>
<pre class="brush: bash; title: ; notranslate">
firewall-cmd --zone=&quot;trusted&quot; –add-service=ssh
</pre>
<p>Check if everything is OK</p>
<pre class="brush: bash; title: ; notranslate">
firewall-cmd --zone=&quot;trusted&quot; –list-all
</pre>
<pre class="brush: bash; title: ; notranslate">
firewall-cmd –-zone=public –remove-service=ssh
</pre>
<p>Try to access your server from some other IP and you&#8217;ll see you are blocked. In order for these changes to be permanent, you&#8217;ll have to execute all these commands again with the <strong>&#8211;permanent</strong> option.</p>
<pre class="brush: bash; title: ; notranslate">
firewall-cmd --zone=&quot;trusted&quot; –-add-source=192.168.1.0/24 --permanent
firewall-cmd --zone=&quot;trusted&quot; –-add-source=11.12.99.88 --permanent
firewall-cmd --zone=&quot;trusted&quot; –add-service=ssh --permanent
firewall-cmd –-zone=public –remove-service=ssh --permanent
</pre>
<p>Now, the changes will stay across reboots. You can use the same scenario for other services as well.</p>
<h1>Download Oracle JRE from command prompt</h1>
<p>Go to the <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html" rel="noopener noreferrer" target="_blank">download </a>page and find the archive that you want to download. Click to accept the agreement and then get the URL of the archive.</p>
<pre class="brush: bash; title: ; notranslate">
wget --header &quot;Cookie: oraclelicense=accept-securebackup-cookie&quot; &lt;URL&gt;
</pre>
<h1>Convert MP3 files to Ogg-Vorbis using sox in all subfolders</h1>
<pre class="brush: bash; title: ; notranslate">
find . -name &#039;*.mp3&#039; -exec bash -c &#039; sox -V3 &quot;$1&quot; &quot;${1%.mp3}.ogg&quot;&#039; -- {} \;
</pre>
<p>Delete all mp3 files after.</p>
<pre class="brush: bash; title: ; notranslate">
find . -name &quot;*.mp3&quot; -exec rm {} \;
</pre>
<h1>Extract a tar archive (tarball) without the head/container directory (folder)</h1>
<p>You have a tarball aaa.tar.gz with the following structure.<br />
<aaa><br />
&#8212;-file1.txt<br />
&#8212;-file2.txt<br />
You want to extract the files to a directory without the top aaa folder.</p>
<pre class="brush: bash; title: ; notranslate">
tar xzvf aaa.tar.gz --strip 1 -C destination_folder
</pre>
<p></aaa></p>
<h1>Samba 4.x, list Windows share, mount Windows share</h1>
<pre class="brush: plain; title: ; notranslate">
sudo mount.cifs -v -o username=my_username,domain=netbios_domain_name,vers=2.1 //host.domain.local/share /mnt
</pre>
<p>If you are unable to write to the mounted folder, specify the user as -o&#8230;vers=2.1,uid=4801105,gid=4800513 which is a user that has rights to that share.</p>
<pre class="brush: plain; title: ; notranslate">
smbclient //host.domain.local/share -U my_username@domain.local -m SMB3 -W netbios_domain_name
</pre>
<h1>Speed up video files x30</h1>
<pre class="brush: bash; title: ; notranslate">
ffmpeg -i input.mov -vf &quot;setpts=(PTS-STARTPTS)/30&quot; -crf 18 output.mov
</pre>
<h1>Replace pattern in file names</h1>
<p>E.g. You want to remove [BBB] from these files 123[BBB]aaa.txt and asd[BBB]123.txt.</p>
<pre class="brush: powershell; title: ; notranslate">
Get-ChildItem *.txt | ForEach { Move-Item -LiteralPath $_.Name $_.Name.Replace(&quot;&#x5B;BBB]&quot;, &quot;&quot;) }
</pre>
<h1>PowerShell &#8211; create TCP listener</h1>
<pre class="brush: powershell; title: ; notranslate">
$Listener = &#x5B;System.Net.Sockets.TcpListener]9999;
$Listener.Start();
# Test the port with telnet
# once completed execute below
$Listener.Stop();
</pre>
<h1>Get the model name of the computer from BIOS</h1>
<pre class="brush: bash; title: ; notranslate">
wmic csproduct get name
</pre>
<h1>uptime in Windows</h1>
<p>Download the zipped EXE <a href="https://blog.andreev.it/wp-content/uploads/2011/12/uptime.zip" rel="noopener noreferrer" target="_blank">here</a>. MD5: e37822139136b6296bc58617fceb010d. Source in C.</p>
<pre class="brush: cpp; title: ; notranslate">
// uptime - shows the uptime on a Windows system
// K.Andreev - 20180803 - BSD Simplified License

#include &quot;stdafx.h&quot;
#include &lt;Windows.h&gt;

int main()
{
DWORD dMilliseconds = GetTickCount();
DWORD dDays = dMilliseconds / 86400000;
DWORD dHours = dMilliseconds / 3600000 - dDays * 24;
DWORD dMinutes = dMilliseconds / 60000 - dHours * 60 - dDays * 1440;
DWORD dTemp = dDays * 86400 - dHours * 3600 - dMinutes * 60;
DWORD dSeconds = dMilliseconds / 1000 - dDays * 86400 - dHours * 3600 - dMinutes * 60;

if (dDays != 0) {
printf(&quot;up %d days, %d hours, %d minutes, %d seconds&quot;, dDays, dHours, dMinutes, dSeconds);
return 0;
}
if (dHours != 0) {
printf(&quot;up %d hours, %d minutes, %d seconds&quot;, dHours, dMinutes, dSeconds);
return 0;
}
if (dMinutes != 0) {
printf(&quot;up %d minutes, %d seconds&quot;, dMinutes, dSeconds);
return 0;
}
printf(&quot;up %d seconds&quot;, dSeconds);

return 0;
}
</pre>
<h1>Replace CRLF in a file, DOS 2 UNIX text format</h1>
<pre class="brush: bash; title: ; notranslate">
sed -i &#039;s/\r//g&#039; /tmp/script.sh
</pre>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.andreev.it/2011/12/prevent-root-login-in-ssh/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
