Securely wipe a disk and all its data.

We all come across a time where we need to get rid of a computer that has a hard drive or just a hard drive itself with your data on it.  So what do you do with the data in it?  If you delete from the OS, there's still possible ways to recover the data from the next person that the hard disk goes to especially if you just do a quick format of the disk.  Doing a quick format essentially removes the pointers to the data.   You might not be able to see it from the OS, but the data is still on the disk.  And with the proper recovery software, the data can be recovered.  To be safe, its best to write the disk with random data.  When doing so, it's nearly impossible to recover data that was written over.  Killdisk, which I've used before is simple and effective.  The free version however, is limited to how many disk/partitions you can wipe at once.  If you've got a Linux machine, you can use the 'dd' command and fill the disk with data from /dev/urandom.  Wiping a disk with random data can take a long time but its the safest way to protect your data from being recovered by someone else.

    https://www.killdisk.com/eraser.html

    dd if=/dev/urandom of=/dev/sdX (X is the letter of the drive)

Laptop's uptime.

 Just noticed that I haven't rebooted my laptop in a while.  A while as in 150 days.

Test your hard disk drive performance in Linux

Below are some usage of the hdparm tool in Linux.  Replace sda with your device name.

• Get Hard Disk information
• sudo hdparm -I /dev/sda

• Read Performance Test
• sudo hdparm -t /dev/sda

• Enable Read-Ahead
• sudo hdparm -A 1 /dev/sda

• Turn on DMA
• sudo hdparm -d1 /dev/sda

• Retain hdparm settings after reset
• sudo hdparm -K 1 /dev/sda

Find a file in linux

To find a file in linux called "myfile", use the command below.

    [root@testbox /]# find / -name "myfile"

Setting up iSCSI initiator to connect to iSCSI target in Linux.

1. Install open-iscsi
   • # sudo apt-get install open-iscsi
   • # sudo apt-get install open-iscsi-utils
2. Configure the iscsid.conf file with your login credentials.
   • vi /etc/iscsi/iscsid.conf

3. • edit the line 'node.session.auth.username='
   • edit the line 'node.session.auth.password='
   • enable CHAP authentication
   • uncomment the line 'node.session.auth.authmethod = CHAP'
4. Restart open-iscsi service
   • /etc/init.d/open-iscsi restart
5. Discover your iSCSI targets
   • # iscsiadm -m discovery -t sendtargets -p <ip address of the iscsi target>:3260
6. List your iSCSI nodes
   • # iscsiadmin -m node
7. Restart open-iscsi service
   • /etc/init.d/open-iscsi restart
8. Find the disk
   • # dmesg | tail
9. Mount the disk

• # mount /dev/sdb1 /mnt/iscsi

Setting up Redhat Enterprise Virtualization Manager (RHEVM)

Steps to set up Redhat Enterprise Virtualization Manager.

1.  Install Redhat Enterprise Linux 

2.  Register to the Redhat Network

          #>Subscription-manager register

                    Type in your rhn account info.

3.  Attach all the subscriptions available to the version of Redhat Linux you're running.

          #>Subscription-manager attach --auto

4.  Install yum-config-manager utility

          #>yum install yum-utils

5.  Run yum-config-manager to add Redhat Enterprise Virtualization Manager package to the subscription.

          #>yum-config-manager --enable rhel-6-server-rhevm-3.4-rpms

6.  Run yum-config-manager to add JBoss package to the subscription.

          #>yum-config-manager --enable jb-eap-6-for-rhel-6-server-rpms

7.  Install JBoss

          #>yum install jbossas-standalone

8.  Downgrade sos package (not sure why this is required but it was complaining about the sos version is too new)

          #>yum remove sos-3.2-28.el6.noarch

          #>yum install sos-2.2-68.el6.noarch

9.  Install rhevm

          #>yum install rhevm

10. Install rhevm reporting

          #>yum install rhevm-reports

11. Run the setup wizard.

          #>engine-setup

12. Create ISO domain (Use to store .iso files so you can build the vm)

13. Upload to the ISO domain

          #>rhevm-iso-uploader --iso-domain=<ISO domain name> upload myfile.iso --insecure

14.  To be able to mount the windows drivers in the vm, run the following.

          #>yum install virtio-win

          #>yum install libvirt-devel

          #>yum install libvirt

          #>yum install virt-install

Mount CIFS share in Linux

mount -t cifs //netbiosname/sharename /media/sharename -o username=username,password=password,uid=linuxusername,iocharset=utf8,umask=664,rw

Tarball an entire Linux system

#!/bin/bash

#Version: 1.0

#Description:  Checks for a destination mount directory.  Mounts it if it does not exist, the backs up the server to the mount directory.

mountdir="<mount directory>"

servername="<servername>"

exclusions="--exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/tmp --exclude=/media --exclude=/sys --exclude=/dev --exclude=/run --exclude=/var/cache"

if [ -d $mountdir ]; then

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

else

     sudo mount -t cifs -o username=moatisuser,password=moatisuser,rw \\\\fw24\\ata_1 /mnt/fw24

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

fi

Set up Gnome in Arch Linux

1.  check what type of video card

         lspci | grep VGA

2.  install video driver

         pacman -Syu xf86-video-intel (for intel graphics card), xf86-video-ati (for ati), xf86-video-nv (for nvidia)

3.  install touchpad driver

         pacman -Syu xf86-input-synaptics

4.  install xorg

         pacman -Syu xorg-server

5.  install xorg-xinit

         pacman -Syu xorg-xinit

6.  install gnome and gdm

         pacman -Syu gnome

         pacman -Syu gdm

7.  enable gdm on startup

         systemctl enable gdm

         pacman -Syu gnome-panel

         pacman -Syu gnome-tweak-tool

         pacman -Syu gnome-themes-extras

Setup iptables in Linux

Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.

Add iptable rules.

Block Null Packets

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Reject Syn-Flood Attack

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Reject XMAS/recon packets

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow custom ports

<here>

Accept Established Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Use iptables-save to save it to a file.

iptables-save > /etc/iptables.rules

Edit rc.local to import iptables rules during boot up.

iptables-restore < /etc/iptables.rules

Base server build with Arch Linux

From usb stick(sdb) to hard drive(sda)

1. boot from usb stick.

2. run cfdisk to partition hard drive (sda)

        a. cfdisk /dev/sda

b. create a root (/) partition - sda1

c. create a swap (swap) partition - sda2

3. format disk to ext4

a. mkfs.ext4 /dev/sda1

b. mkfs.ext4 /dev/sda2

4. make swap

a. mkswap /dev/sda2

5. turn swap on

a. swapon /dev/sda2

6. mount the hard disk.

a. mount /dev/sda1 /mnt

7. install arch linux base

a. pacstrap -i /mnt base

8. generate fstab

a. genfstab -U -p /mnt >> /mnt/etc/fstab

9. chroot into /mnt

a. arch-chroot /mnt

10. set location

a. vi /etc/locale.gen

b. uncomment en_US.UTF-8 UTF-8

11. set hostname

a. echo myservername > /etc/hostname

12. set up network

a. cp /etc/network.d/examples/ethernet-static to /etc/network.d

b. ls /sys/class/net to get the list of interfaces.

c. vi ethernet-static and edit ip/gw info. Change the interface to the correct interface.

d. vi /etc/conf.d/netcfg and point NETWORKS=(ethernet-static)

For DHCP:

a. systemctl enable dhcpcd@eth0

b. systemctl start dhcpcd@eth0

13. enable netcfg service

a. systemctl enable netcfg.service

14. change password

a. passwd

15. Install grub bootloader

a. pacman -S syslinux

b. syslinux-install_update -i -a -m

c. vi /boot/syslinux/syslinux.cfg and change APPEND root-/dev/sda3 ro to the correct boot partition.

d. pacman -S grub-bios

e. grub-install --recheck /dev/sda1

16. exit chroot

17. unmount /mnt

18. reboot and remove the usb stick.

Tarball an entire Linux system

#!/bin/bash

#Version: 1.0

#Description:  Checks for a destination mount directory.  Mounts it if it does not exist, the backs up the server to the mount directory.

mountdir="<mount directory>"

servername="<servername>"

exclusions="--exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/tmp --exclude=/media --exclude=/sys --exclude=/dev --exclude=/run --exclude=/var/cache"

if [ -d $mountdir ]; then

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

else

     sudo mount -t cifs -o username=moatisuser,password=moatisuser,rw \\\\fw24\\ata_1 /mnt/fw24

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

fi

Setup iptables in Linux

Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.

Add iptable rules.

Block Null Packets

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Reject Syn-Flood Attack

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Reject XMAS/recon packets

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow custom ports

<here>

Accept Established Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Use iptables-save to save it to a file.

iptables-save > /etc/iptables.rules

Edit rc.local to import iptables rules during boot up.

iptables-restore < /etc/iptables.rules

Tarball an entire Linux system

#!/bin/bash

#Version: 1.0

#Description:  Checks for a destination mount directory.  Mounts it if it does not exist, the backs up the server to the mount directory.

mountdir="<mount directory>"

servername="<servername>"

exclusions="--exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/tmp --exclude=/media --exclude=/sys --exclude=/dev --exclude=/run --exclude=/var/cache"

if [ -d $mountdir ]; then

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

else

     sudo mount -t cifs -o username=moatisuser,password=moatisuser,rw \\\\fw24\\ata_1 /mnt/fw24

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

fi

Setup iptables in Linux

Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.

Add iptable rules.

Block Null Packets

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Reject Syn-Flood Attack

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Reject XMAS/recon packets

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow custom ports

<here>

Accept Established Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Use iptables-save to save it to a file.

iptables-save > /etc/iptables.rules

Edit rc.local to import iptables rules during boot up.

iptables-restore < /etc/iptables.rules

Tarball an entire Linux system

#!/bin/bash

#Version: 1.0

#Description:  Checks for a destination mount directory.  Mounts it if it does not exist, the backs up the server to the mount directory.

mountdir="<mount directory>"

servername="<servername>"

exclusions="--exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/tmp --exclude=/media --exclude=/sys --exclude=/dev --exclude=/run --exclude=/var/cache"

if [ -d $mountdir ]; then

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

else

     sudo mount -t cifs -o username=moatisuser,password=moatisuser,rw \\\\fw24\\ata_1 /mnt/fw24

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

fi

Setup iptables in Linux

Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.

Add iptable rules.

Block Null Packets

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Reject Syn-Flood Attack

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Reject XMAS/recon packets

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow custom ports

<here>

Accept Established Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Use iptables-save to save it to a file.

iptables-save > /etc/iptables.rules

Edit rc.local to import iptables rules during boot up.

iptables-restore < /etc/iptables.rules

Setup iptables in Linux

Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.

Add iptable rules.

Block Null Packets

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Reject Syn-Flood Attack

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Reject XMAS/recon packets

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow custom ports

<here>

Accept Established Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Use iptables-save to save it to a file.

iptables-save > /etc/iptables.rules

Edit rc.local to import iptables rules during boot up.

iptables-restore < /etc/iptables.rules

Tarball an entire Linux system

#!/bin/bash

#Version: 1.0

#Description:  Checks for a destination mount directory.  Mounts it if it does not exist, the backs up the server to the mount directory.

mountdir="<mount directory>"

servername="<servername>"

exclusions="--exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/tmp --exclude=/media --exclude=/sys --exclude=/dev --exclude=/run --exclude=/var/cache"

if [ -d $mountdir ]; then

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

else

     sudo mount -t cifs -o username=moatisuser,password=moatisuser,rw \\\\fw24\\ata_1 /mnt/fw24

     cd $mountdir

     tar -zcpf $servername-full-backup-`date '+%d-%B-%Y'`.tar.gz / $exclusions

fi