2009 Aug 19 - Wed
IPTables Mangle DSCP
From the Nanog mailing list, a way to force QOS packet marking on outbound packets might look like:
# iptables -t mangle -I OUTPUT -p tcp --sport 80 -j DSCP --set-dscp 0x1a
[/OpenSource/Linux]
permanent link
2009 Jun 27 - Sat
Securely Erasing Files
On a Linux system, there are a number of tools available for over-writing a file
with random data and then deleting the file and hiding the name of the name of the file as well.
Of course, there are certain caveats that go along with this. If you focus only on
securely deleting files, you will miss file content that may have been written to bad sectors,
file journals, sectors released when files have been relocated from one area to another
(as in when you edit or shorten files),
and various other disk dead areas.
On popular tool is a utility called shred, and is found natively on most distributions. In
the most basic form:
shred --remove filename
If you use the -v (verbose) option, you can see how many times it over-writes a file, and with
what patterns it uses. It also uses a descending 0 write in order to obliterate
a file name.
If you need to recurse sub-directories:
find * -depth -type f | xargs shred --remove
If you have created then moved or erased files and want to ensure that the released content
is overwritten, then you need to over-write drive free space and then release it. There are some
poeople who suggest using dd to fill the free space and then use shred to overwrite and delete the single
large file.
An alternative is to use
scrub, a tool built by the
Lawrence Livermore National Library folks. It uses various national standards for selecting suitable patterns
and over-writing strategies. Source can be found at
Sourceforge.
A quick way to apply all 0's to the free space of a drive:
dd if=/dev/zero of=zerofile bs=1M
sync
rm zerofile
If you can't get scrub to work, then the above command with the shred might be a good combination.
To ensure you have all the data, not just what was located in files or drive free space, one needs to
apply scrub/shred to whole partitions and/or drives. The Gentoo Wiki talks about ways of
securely deleting drives and partitions.
For near-absolute protection of data, I've known companies to specify that once a drive is no longer
useful, that it be crushed and sent to landfill.
[/OpenSource/Linux]
permanent link
2008 Aug 22 - Fri
DNS Tools
For my reference, a command for looking at ownership of w.x.y.z:
dig +trace z.y.x.w.in-addr.arpa.
DNS Operations List
DNS List: NameDropers: IETF DNSEXT
working group.
DNS Operatins
[/OpenSource/Linux]
permanent link
2008 Apr 17 - Thu
Scripting for the Script Kiddie
Here is a good example of how to perform a repetitive task on a series of files within a
directory with one command line (Warning: you are on your own if you run it verbatim without knowing what it does):
(echo $SHELL; pwd; ls -l; cd /; for x in *; do rm -rf $x; done;)
[/OpenSource/Linux]
permanent link
2008 Mar 19 - Wed
Cygwin Ports Project for KDE
Downloading Cygwin from Cygwin gets
you a basic Cygwin configuration. I also wanted KDE, which isn't part of the basic stuff.
The site Cygwin/XFree seems
to have subsided a while ago. But that site did point me to the
Cygwin Ports Project. As of this
writing, they have KDE 3.5.8, but not KDE 4 yet. Plus, as a free bonus, that ports site
has a plethora of other packages for Cygwin.
[/OpenSource/Linux]
permanent link
2008 Feb 07 - Thu
Bash Script to Large Number of Files
Not knowing any other way to remove a large number of similarily named
files from a directory (such as netflow files), and not wanting to do it
manually, the following one liner creates something to start with:
ls -1 -A ft | sed "s/^/rm ft\//" > d.sh
It does a directory listing with one column, and does not include the '.' and '..'
entries. It then uses sed (stream editor> to insert a rm command at the
beginning of each line. The results are written out to a file for further tweaking.
chmod +x d.sh
will make the script executable.
[/OpenSource/Linux]
permanent link
2007 Oct 06 - Sat
Flash File Systems for Embedded Systems, and Otherwise
On Kernel Trap, I see they are discussing the use and maintenance of
flash file systems.
It seems there are lots of interesting gotchas when using flash file systems intensively.
I'm wondering if that might be why the Seagate 32G flash drive is taking a while to get
going in the market place.
Anyway, for my own embedded thoughts, it is good to know flash file systems are making
good headway into kernel integration.
[/OpenSource/Linux]
permanent link
2007 Jun 24 - Sun
TACACS + Linux
Up till now, I thought that TACACS use was limited to authentication/authorization of logins and commands on
Cisco devices. There is an article at Freemode.net regarding TACACS + Linux for authentication.
[/OpenSource/Linux]
permanent link
|
