NEXXTW3020H -> LEDE

Posted on August 20, 2019 by jasiu

Very poor stock firmware

replaced by:
http://dl.eko.one.pl/luci/lede/17.01-SNAPSHOT/targets/ramips/mt7620/luci-17.01-snapshot-r3948-5886a5060a-ramips-mt7620-wt3020-8M-squashfs-factory.bin

Problem after upgrading Zabbix Agent on Debian (from Stretch to Buster)

Posted on July 18, 2019 by jasiu

If You occured the problem in /var/log/zabbix-agent/zabbix_agentd.log
Message from <Zabbix Server IP> is missing header. Message ignored.
Downgrade Zabbix Agent from 4.x to your server version.

# apt-get remove zabbix-agent
Download appropriate version from http://repo.zabbix.com/zabbix/3.0/debian/pool/main/z/zabbix/
# wget http://repo.zabbix.com/zabbix/3.0/debian/pool/main/z/zabbix/zabbix-agent_3.0.28-1%2Bbuster_amd64.deb

install it
# dpkg -i zabbix-agent_3.0.28-1+buster_amd64.deb

lock if for future upgrades
# apt-mark hold zabbix-agent

unmask
# systemctl unmask zabbix-agent

enable and start
# systemctl enable zabbix-agent # systemctl start zabbix-agent

password manager – keepassxc

Posted on May 10, 2019 by jasiu

# apt-get install keepassxc

List all entries:

$ keepassxc-cli locate database.kdbx -k keyfile.key /

Show desired entry:

$ keepassxc-cli show database.kdbx -k keyfile.key entryname

TBC…

How to prevent /etc/resolv.conf of being overwritten by dhcp

Posted on May 6, 2019 by jasiu

When you connecting and obtaining IP through dhcp, the file /etc/resolv.conf could be created.
If You want to have yours DNS servers, not this from your network/internet provider, you can:

1. write protect the file /etc/resolv.conf

# chattr +i /etc/resolv.conf

quick linux wifihotspot

Posted on May 2, 2019 by jasiu

To launch a basic wifi hotspot you need: iwconfig, iptables, dnsmasq, hostapd on your Linux box. Install it. Enable it (systemct enable).

To search what package a file belongs to, help youself an use:

apt-filesearch package

pacman -Fys package

Check if your system is compatibile with hostap, use iwconfig to list interfaces.


$ iwconfig
wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr=2347 B   Fragment thr:off
          Power Management:on

eth0      no wireless extensions.

lo        no wireless extensions.

Edit or create desired files.

For dnsmasq use your internal adress space.

#
# /etc/dnsmasq/dnsmasq.conf
#
dhcp-range=192.168.1.64,192.168.1.128,12h

For Debian edit /etc/default/dnsmasq and add following:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

For hostpad, change parameters for interface (interface), name of your wifi network (ssid), wifimode (hw_mode), channel (channel), password (wpa_passphrase), and use or not isolation (ap_isolate), hide your wifi or not (ignore_broadcast_ssid).

#
# /etc/hostapd/hostapd.conf
#
interface=wlan0
driver=nl80211
hw_mode=g
#ieee80211n=0
#ieee80211n=1
channel=4
ssid=private

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=12345678


#ap_isolate=1
ignore_broadcast_ssid=0

Create script to run hotsopt and internet sharing, define yours external and internal interfaces (EXTIF, INTIF) and make it executable.

#
# masq.sh
#
#!/bin/sh
EXTIF=eth0
INTIF=wlan0
echo killing processes if something is using wifi interface
airmon-ng check kill
ip a a dev $INTIF 192.168.1.254/24
ip l set dev $INTIF up
echo '(re)starting dnsmasq'
systemctl restart dnsmasq
echo '(re)starting hostpad'
systemctl restart hostapd
echo flushing...
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo setting ip_forward...
echo 1 > /proc/sys/net/ipv4/ip_forward
#echo loading modules...
#modprobe ipt_MASQUERADE
echo configuring NAT...
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

Troubleshooting:

hostapd -d /etc/hostapd/hostapd.conf

Of course you can do everything your own way. It is just an outline of how to run basic Acces Point.
I’m using it on my RaspberryPi.

Monitoring UDP datagrams

Posted on April 26, 2019 by jasiu

Run script udpstat.sh in console

#!/bin/sh
while true
do
HOUR=`date '+%H'`
echo $HOUR
sar -n UDP 1 -1 >/var/log/stats/udpstats$HOUR.txt
done

Add job to crontab

0 * * * * /usr/bin/kill $(/usr/bin/ps aux |/usr/bin/grep '[s]ar -n UDP 1 -1' |/usr/bin/awk '{print $2}')

Limit UDP packets

/sbin/iptables -A OUTPUT -p udp -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -m limit --limit 10000/s -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -j DROP

creating md5 sums on filesystem

Posted on April 26, 2019 by jasiu

time find -name "." -type f -not -path "/proc/" -not -path "/sys/" -not -path "/dev/" -not -path "/run" -exec md5sum "{}" + > /root/checklist.chk

List and download APK files from mobile phone

Posted on September 3, 2018 by jasiu

Download ADB https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Extract tools;
Enable USB debugging;
Connect phone in file transfer mode – “Transfer files”;

C:\adb>adb devices List of devices attached * daemon not running; starting now at tcp:5037 * daemon started successfully

C:\adb>adb devices List of devices attached 9WV7N18302039512 device

Use pm to list packages:
C:\adb>adb shell pm list packages

Display where .apk file is:
C:\adb>adb shell pm path com.webcodelab.naszedrinki package:/data/app/com.webcodelab.naszedrinki-s1vmL5z9VyE4LQSYa7uxXw==/base.apk

Use adb pull to download .apk file:
C:\adb>adb pull /data/app/com.webcodelab.naszedrinki-s1vmL5z9VyE4LQSYa7uxXw==/base.apk /data/app/com.webcodelab.naszedrinki-s1vmL5z9VyE4LQSYa7uxXw==/base.apk: 1 file pulled. 21.6 MB/s (8967231 bytes in 0.396s)

apk vulnerability checkers

Posted on September 3, 2018 by jasiu

Quixxi – https://vulnerabilitytest.quixxi.com
AppCritique – https://appcritique.boozallen.com

mpd in userspace with pulseaudio

Posted on June 4, 2018 by jasiu

create config for mpd:

vi ~/.config/mpd/mpd.conf

bind_to_address "172.16.254.254"
music_directory "/home/jasiu/Music"
playlist_directory "/home/jasiu/Music"
#db_file "/var/lib/mpd/mpd.db"
#log_file "/var/log/mpd.log"
user "jasiu"
audio_output {
 type "pulse"
 name "My Pulse Output"
 server "localhost"
# server "remote_server" # optional
# sink "remote_server_sink" # optional
}

modify configuration of pulseaudio to allow play through tcp from localhost

# vi /etc/pulse/default.pa

add this line to config:

load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1

If you do not want to restart your X session load desired module manually

$ pacmd load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1

and finally start mpd in userspace

$ mpd –no-daemon –verbose

To play not in user space:

Add user mpd to pulse access and modify global config /etc/mpd.conf

audio_output {
 type "pulse"
 name "My Pulse Output"
 server "localhost"
# server "remote_server" # optional
# sink "remote_server_sink" # optional
}

modify /etc/pulse/default.pa

load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 auth-anonymous=1

restart pulseaudio

$ pulseaudio -k

Try to play using yours favourite mpd player:
for example MPDroid for mobile phone or Sonata for non Windows environment

jasiu virtual world

about everything and nothing… from FreebSD 4.1 to latest-STABLE