Copy One Hard Disk to Another with Ubuntu 6.06 LTS

1. With the machine off plug your target hard drive into a second channel on your computer.
2. Boot the machine, when you see the grub start menu hit ESC
3. Choose "Recovery Mode"
4. When it prompts, enter your root password
5. If you have IDE hard drives your drives will be /dev/hda for the source drive and /dev/hdb for the target. If they are SATA then they will be /dev/sda and /dev/sdb
6. Type fdisk /dev/sda
7. Type "p" to print a list of the partitions. Write these down, trust me it will make things easier in the future.
8. quit out of fdisk with a CTRL+C
9. Start FDISK again with /dev/sdb
10. Press "n" to start a new patition segment
11. Fill in the parameters you wrote down
    
12. Try to duplicate the partition tables the best you can, here's the time to make the partition layout larger if you wish.
13. Once you are done, type "w" to write the partition info to the disk
14. Now you can copy the data over to the target disk
15. mkdir /new in the root of the source disk
16. mount /dev/sdb1 /new
17. I have var on a separate partition on my system so I'm going to exclude it for this step and handle it later. However we still need to create a var mount point in what will be /
18. mkdir /new/var
19. mkdir /new/var/run
20. mkdir /new/var/lock
21. Now we do the copy:
22. cd into /
    

tar --exclude var --exclude new -cvf - . | (cd /new; tar xf -)

1. You will get error messages saying that the size has changed during copying, this is normal.
2. Once it's done copying, we will do the same for the var partition.
3. umount /new
4. mount /dev/sdb3 /new
5. cd into /var
   

tar -cvf - . | (cd /new; tar xf -)

1. That copy should be pretty quick, we are done with the copy process.
2. umount /new
3. poweroff the system
4. Next we need to reinstall grub on the new hard drive
5. Remove the source disk from the system
6. Power on the system, insert the ubuntu 6.06 installation CD and boot from it
7. Select the "Rescue a broken system" option.
8. This will look like it's installing the system again, just select all the appropriate options, enough to get you to the recovery screen.
9. At one point it will ask which partition you want to be your root file system, 99% of the time this is part1, select it.
10. It will then ask you what you want to do, select "re-install grub boot loader"
11. It will give big long thing to read asking you where do you want to install the boot loader; we want it on /dev/sda, so we type that in and hit enter.
12. It should install the boot loader, reboot the system and take the installer disc out of the drive.
13. Done, you should have a fully working system on a new drive.
    
14. 
    

Sorting IP Addresses with Linux/Unix "sort"

Recently I was doing a site survey of all active IPs on our network. I used nmap for this function and dumped all responding IP addresses to a text file. I don't have to worry about PC's not responding to the ping due to a personal firewall since our PC's here do not have one turned on; they are all protected by our corporate firewall. To find all responding IP's I ran the following command line for nmap:

/usr/bin/nmap -n -sP xxx.xxx.xxx.xxx-xxx xxx.xxx.xxx.xxx-xxx >> /home/myUserName/IPdb/site1IPsUp.txt

I did this for several times a day, several days a week for a couple weeks to make sure I had gotten the most complete picture possible, then I tried to sort them...

IP addresses are a strange animal, they aren't really "numbers" per se due to multiple decimal points and they aren't really words, they are a sort of hybrid. Because of this using sort without so pretty specific command line arguments won't give you what you want, which is numerically proper sorting.

Also, nmap outputs a bunch of junk text which I'm not interested in at all, I want this removed and just want the IP addresses themselves. Since I've done this survey over and over again I'm going to have dozens of the same IP address show up in the file, I only want to see it listed once. After all is said and done this is the command line I finished with to give me the output I was looking for:

cat site1IPsUp.txt | grep -v Nmap | grep -v Starting | awk '{ print $2 }' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4

From there I can do with it what I like. ;)

Renaming Interfaces in Ubuntu (eth1 to eth0, eth2->eth1)

If you've moved your hard disk to a new machine or swapped out the Ethernet cards you'll find that your interfaces are no longer named what you expect. Instead you will find that your eth0 no longer shows up and that you now have an eth1, eth2, eth3 and so on. To fix this you need to do a few little things:

First thing is to make sure that Ubuntu "sees" your ethernet adapters by listing PCI devices with lspci:

$ sudo lspci

This should give you a listing sorta like this:

0000:00:00.0 Host bridge: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface (rev 01)
0000:00:02.0 VGA compatible controller: Intel Corporation 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device (rev 01)
0000:00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01)
0000:00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 01)
0000:00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 01)
0000:00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 81)
0000:00:1f.0 ISA bridge: Intel Corporation 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge (rev 01)
0000:00:1f.1 IDE interface: Intel Corporation 82801DB (ICH4) IDE Controller (rev 01)
0000:00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 01)
0000:05:04.0 Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 30)
0000:05:08.0 Ethernet controller: Intel Corporation 82801DB PRO/100 VM (LOM) Ethernet Controller (rev 81)

...as you can see I have multiple Ethernet cards, I want the 3Com ethernet card to be eth1 and the Intel on-board NIC to be eth0. Now that I know Ubuntu knows that these cards are there I need to see what ifconfig sees them as:

$ sudo ifconfig -a

eth1 Link encap:Ethernet HWaddr 00:0B:CD:97:A1:13
inet addr:xxx.xxx.200.80 Bcast:xxx.xxx.200.127 Mask:255.255.255.0
inet6 addr: fe80::20b:cdff:fe97:a113/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2771 errors:0 dropped:0 overruns:0 frame:0
TX packets:356 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:282405 (275.7 KiB) TX bytes:49995 (48.8 KiB)

eth2 Link encap:Ethernet HWaddr 00:01:02:C1:46:5B
inet6 addr: fe80::201:2ff:fec1:465b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81395 errors:0 dropped:0 overruns:1 frame:0
TX packets:55 errors:0 dropped:0 overruns:0 carrier:49
collisions:0 txqueuelen:1000
RX bytes:5994745 (5.7 MiB) TX bytes:17226 (16.8 KiB)
Interrupt:177 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Okay it sees them both and has even reconfigured my network IPs on the wrong cards, we need to re-alias these cards so that they are detected properly and assigned the right names, this is done in the /etc/iftab (NOTE: if you do not seem to have an iftab file check below this section) file:

$ sudo vi /etc/iftab

# This file assigns persistent names to network interfaces.
# See iftab(5) for syntax.

eth0 mac 00:08:02:3a:da:bc arp 1

NOTE: If you don't have an /etc/iftab file then it's most likely you have anotehr file called /etc/udev/rules.d/70-persistent-net.rules. Inside it will look similar but more verbose. It will have your old network interfaces in place as well as your new ones with the eth2 and eth3 monikers. delete you old ones and replace the "eth2" and "eth3" with "eth0" and "eth1".


...ok, I see here that it has the MAC addres of my old ethernet card, so we are going to change it: Note in the previous step we listed the devices with ifconfig and it would show the "HWaddr" which is the MAC. We are going to add some new lines to /etc/iftab:

# This file assigns persistent names to network interfaces.
# See iftab(5) for syntax.

#eth0 mac 00:08:02:3a:da:bc arp 1
eth0 mac 00:0B:CD:97:A1:13 arp 1
eth1 mac 00:01:02:C1:46:5B arp 1

...now save the file. For good measure we are also going to add some aliases to the /etc/modprobe.d/aliases file, but first we need to know the module name that the kernel is using to access these ethernet cards:

$ sudo ethtool -i eth1

driver: e100
version: 3.4.14-k4-NAPI
firmware-version: N/A
bus-info: 0000:05:08.0

...note the driver name

$ sudo ethtool -i eth2

driver: 3c59x
version: LK1.1.19
firmware-version:
bus-info: 0000:05:04.0

...ok now that we know what the driver is, we are going to add the following lines to /etc/modprobe.d/aliases, these will be named based on what we expect the eth# to be once we reboot:

$ sudo vi /etc/modprob.d/aliases

alias eth0 e100
alias eth1 3c59x

That's done, next we need to modify the /etc/interfaces to add/modify the current, incorrect interfaces:

$ sudo vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet dhcp

... Save the file and then REBOOT. Yes, I said reboot. Yes, I know this is not windows, just reboot like I said.

Once it comes back up you should be able to log in andrun ifconfig again, this time it should show your interfaces in the correct order!

Random Linux Commands I Keep Forgetting

Enable root account in Ubuntu:

$ sudo passwd root

...then set a new password

Disable the root account in Ubuntu:

$ sudo passwd -l root

...which removes and locks the root account.

Manually set the eth0 IP, netmask and Gateway:

$ sudo ifconfig eth0 IPADDRESS netmask 255.255.255.0 broadcast BROADCASTIP
$ sudo route add default gw DEFAULTGATEWAYIP

To make changes permanent edit /etc/network/interfaces or put the above commands in /etc/init.d/rc.local

Manually set the Duplex and Speed of an Interface:

$ sudo ethtool -s eth0 speed 100 duplex full autoneg off

To make permanent put the command in /etc/init.d/rc.local.

Punch Through Your Corporate Firewall So You Can Do Your Damn Job!

I'm a network security administrator and this job requires that lock things down to a point where I can't even do my own job (damn I'm good, and yes I do know about exclusions). The idea is to be able to "backdoor" the network policies and protections to do your job, the purpose is not to "surf anywhere you want on the net without getting caught". Network policies are there for a reason, to protect network and computer resources from morons doing stupid crap and loading up their PC's with spyware. This is what you'll need:

• A Linux machine on the outside which has unrestricted access
• Broadband connection (you do not want to be surfing at 56k)
• SSH configured properly to support SOCKS proxy forwarding
• PuTTY client for Windows
• FireFox Web Browser (I'll tell you why this is important later)
  

This is the procedure on how it's done:

On your Linux Box:

1. Log into your machine
2. Change to root
3. Edit /etc/ssh/sshd_config
4. Add or uncomment a line that says "AllowTcpForwarding yes"
5. Near the top you may want to add another listen port in case you do something stupid and block yourself. That's done by adding single lines like this:

Port 22
Port 8022
Port 22222

Now it will listen on ports 22, 8022 and 22222, save your config file and restart the SSHd. If you ware running your Linux machine on a home network behind a router make sure you forward these ports to your machine on the inside.

On the Windows Side of things:

1. Download the PuTTY client
2. Run it
3. Type in the Internet address of your server.
4. Enter the port number you want to connect to (ie 22, 8022, 22222)
5. Make sure the SSH radio button is selected.
6. On the left, navigate down to Connection >> SSH >> Tunnels
7. In the "Source Port" box type in 10000
8. In the first set of radio Radio buttons select "Dynamic"
9. In the second set make sure "Auto" is selected
10. Click the "Add" button
11. Scroll all the way back up to "Session" and click it
12. Give the session something generic "my connection" is fine.
13. Click "Open" to start the session
14. Enter your username and password.

If you successfully logged in, your tunnel is now active and waiting for you to use it! Now we need to configure a web browser to use this connection. I'll use Firefox as the example because it does everything well and gives me s little protection from smacktards out there.

1. Download and install FireFox, if you can't install anything you should get the thumb drive version which doesn't require installation
2. Start Firefox
3. Go to "Tools" >> "Options"
4. Click the "Advanced" Tab
5. Where it says "Configure how firefox connects to..." click the "Settings..." button
6. Select the "Manual Proxy Configuration" radio button
7. In the "SOCKS Host" box type in "localhost"
8. In the port information for the SOCKS Host type in "10000"
9. Make sure "Socks v5" radio button is selected
10. Clear out the "localhost,127.0.0.1" entries in the "No Proxy for" box
11. OK your way back to firefox browser window

Now we need to tunnel DNS lookups as well to keep our own DNS server perstine; so we'll tell firefox to pump these DNS lookups through the SOCKS proxy:

1. In the address bar type "about:config" and hit enter, this will give you FireFox's configuration guts.
2. In the filter type in "dns", this will cut down the options so you don't have to go shuffling through a bunch of crap
3. Look for the option "network.proxy.socks_remote_dns"
4. Double click it so the value changes to "true"
5. Hit the home button to now you're loading your pages through the proxy.

Enjoy being able to do your damn job!

How to Change the Default Text Editor in Ubuntu

As the user you want to make the change for type:

# update-alternatives --config editor

A small text based dialog will open, choose the appropriate editor and that's it!










Source: http://www.debianadmin.com/howto-change-default-editor-in-debian-etch.html