Added **GNU tar cheat sheet** - new. Rearranged all cheat sheets into a separate folder for better usability and less scrolling

cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.adoc

@@ -0,0 +1,84 @@
+= Aruba and HP switches debug and diagnostics commands cheat sheet
+Yuri SLobodyanyuk, admin@yurisk.info
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk,  https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+[cols=2,options="header"]
+|===
+|Command
+|Description 
+
+| *show logging -r*
+| Show system logs and events in reverse chronological order, i.e. newest logs first.
+
+|*clear log*
+|Delete all logs on the switch.
+
+|*debug destination buffer*
+|Direct debug output to the log buffer, to be read later on CLI.
+
+|*debug <daemon name>*
+|Start runnig debug,e.g. to debug SNMP daemon: `debug snmp pdu`
+
+|*show debug buffer*
+|Show log buffer with the collected debug output.
+
+|*show debug*
+|Show what debug is currently active.
+
+|*show mac-address*
+|Show table of MAC addresses.
+
+|*show interface status*
+| Show list of all interfaces with info for each: state (Up/Down), Actual  Speed, Tagged or not, VLANs configured for the interface (single VLAN for Untagged, multiple for Tagged). NOTE: In Cisco world Tagged interface is called *trunk*.
+
+|*display interface*
+|Show detailed information of an interface: MAC address, state, speed, VLAN id if any. 
+
+|*show ip*
+| Show all configured IP addresses on a switch.
+
+|*show trunk*
+| Show trunk interfaces with their state and type. NOTE: In HP/Aruba world *trunk* means aggregated interfaces (LACP), what in Cisco world is called port/ether-channel.
+
+|*show trunk-statistics <trunk name>*
+| Show cumulative statistics for the trunk interface: packets passed, bytes received, drops if any.
+
+|*show lacp*
+|Show LACP state on the trunking interfaces.
+
+|*display stp root*
+| Show root switch for Spanning Tree Protocol.
+
+|*display stp brief*
+| Short information on STP state for VLANs.
+
+|*display lldp neighbor list*
+|Display LLDP neighbors.
+
+
+|*show ip ospf neighbor [detail]*
+|Display OSPF neighbors
+
+|*show ip route*
+| Show routing table for Layer 3 switch.
+
+|*show ip*
+| Show IP routing state: disabled/enabled. It is dsiabled by default, to enable: *(config)# ip routing*.
+
+
+|*display boot-loader*
+| Show what image will be loaded on the next boot.
+
+
+
+
+
+
+|===
+
+
+
+

cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.adoc

@@ -0,0 +1,378 @@
+= Checkpoint `cpstat` diagnostics and information tool cheat sheet
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+NOTE: The tool is to be run in Expert mode. It is available on both Management Server and Gateway. The available *flavor* options depend on the blades enabled and their subscription status, also on platform used. To know what options are available on your specific Checkpoint - run `#cpstat` without any switches.
+
+status: Work in Progress.
+
+<<blades>> +
+<<os>> +
+<<mg>> +
+<<fg>> +
+<<https_inspection>> +
+<<antimalware>> +
+<<dlp - DLP>> +
+<<ctnt - Content Awareness>> +
+
+
+
+== blades
+
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*fw*
+|Statistics: Packets accepted, packets dropped, Peak number of connections, current Number of connections, Top Rule Hits (shows rules with IDs with the most hits), 
+
+|===
+
+
+== os
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+| Product Name, SVN Foundation Version String, SVN Foundation Build Number, SVN Foundation Status (`OK`), OS Name (e.g. `Gaia`), OS Major Version (`3`), OS Minor Version (`10`), OS Build Number/SP Major/SP Minor/Version Level, Appliance SN (Serial Number), Appliance Name, Appliance Manufacturer.
+
+|*ifconfig*
+|Interface information: Name, IP Address, MTU, State, MAC address, RX Bytes (Received), TX Bytes (Transmitted), RX/TX Errors, RX/TX Drops, TX/RX Packets.
+
+|*routing*
+| Routing info - IPv4 routing table.
+
+|*routing6*
+|IPv6 routing table.
+
+|*memory*
+|Physical/virtual memory specs: Total/Active Virtual Memory, Total/Active/Free Real Memory, Memory Swaps/sec, Memory to Disk Transfers/sec.
+
+|*cpu*
+|CPU load stats (analog of Linux `top`): CPU User Time (%), CPU System Time (%), CPU Idle Time (%), CPU Usage (%), CPU Queue Length, CPU Interrupts/Sec, CPUs Number.
+
+|*disk*
+|Local hard disk stats: Disk Servicing Read\Write Requests Time, Disk Requests Queue, Disk Free Space (%), Disk Total Free Space (Bytes), Disk Available Free Space (Bytes), Disk Total Space (Bytes). 
+
+|*perf*
+|Combined output of flavors `memory`, `cpu`, and `disk` above.
+
+|*multi_cpu*
+| CPU load as in `cpu`, but per processor/core.
+
+|*multi_disk*
+|Disk partitioning info, analog of `df -h`: Partition Name, Size, Used (%/bytes), Free Total (%/bytes), Free Available.
+
+|*raidInfo*
+|RAID disks and volumes info: Volume id, Volume type, Number of disks, Max LBA, Volume state, Volume flags, Volume size (GB), Volume id, Disk id, Disk number, Disk vendor, Disk product id, Disk revision, Disk max LBA, Disk state, Disk flags, Disk sync state, Disk size (GB).
+
+
+|*sensors*
+|Shows appliance hardware sensors stats: Temperature Sensors, Fan Speed Sensors, Voltage Sensors. Not relevant for Open Servers. 
+
+|*power_supply*
+|Status of the power supply, appliances only.
+
+|*hw_info*
+| List appliance hardware info: Serial Number (SN), Appliance Model and name.
+
+|*average_cpu*
+| Average CPU load sharing (User, System, Idle), over unclear what period.
+
+|*average_cpu*
+|Average memory stats (time period unclear): Active Virtual Memory,  Active Real Memory, Free Real Memory, Memory Swaps/Sec, Memory To Disk Transfers/Sec.
+
+|*updates*
+|All applied and available updates to this Check Point: Deployment agent build, Deployment agent status, Cloud connection status, number of Available packages, number of Available recommended packages, list of Recommended packages, Available Packages, Installed packages.
+
+|*licensing*
+|All about licenses: applied licenses and their status, expiration date, and quota used. Also UserCenter Account ID, CK Signature, Container SKU, Support level, Support expiration date, Activation status.
+
+|*connectivity*
+|Connectivity to the User Center status.
+
+|*vsx*
+|For VSX systems: Device name/type/context ID.
+
+|*all*
+|Combination os some, but not all flavors above: cpu, memory, ifconfig, routing, disk.
+
+
+|===
+
+
+== cpsemd - logging into the SmartEvent GUI
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+| Status and stats of `cpsemd` service, responsible for  logging into the SmartEvent GUI: Process Status, number of New events handled/Updates handled, Current database size, Database capacity, Events in database, Available database disk space, Is database full, Total database disk space.
+
+|===
+
+== vsec - cloud Controller
+[cols=2,options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|Status of vSEC Controller (Check Point firewall for virtualized environments like  VMware ESXi, Microsoft Hyper-V and KVM): vSEC Controller Status (on/off), Number of disconnected Data Centers, Number of Data Centers, Number of imported Data Center objects, Number of gateways enforcing Data Center objects, for each Data Center: Controller, Type, Status, Imported Objects, Controller Updates. For Gateways Enforcing Data Center objects: Name, IP, Version, Update status.
+
+|===
+
+
+== cpsead - Correlation Unit
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|Stats of `cpsead` daemon responsible for Correlation Unit functionality: Process is alive, Connected to SEM, Logs Processed, No Free Disk Space. 
+
+|===
+
+
+== cvpn - Mobile Access
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*cvpnd*
+|Number of active sessions
+
+|*sysinfo*
+|OS name (Gaia), OS build, Product string.
+
+|*products*
+|IPS/SWS/ESOD versions.
+
+|*overall*
+| Overall status code/description.
+
+
+|===
+
+
+== fw - Firewall module
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|Installed Security Policy name, Total number of accepted/denied packets per interface, ISP links table (if any)
+
+|===
+
+== thresholds - Alert Thresholds
+NOTE: Thresholds and their actions are configured via `threshold_config` CLI tool. The tresholds are saved (by default) to `$FWDIR/conf/thresholds.conf`.
+
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+| Active Profile Name, State, Number of thresholds, Number of active thresholds, Number of events since startup.
+
+|*active_thresholds*
+|Active Thresholds name, Category, Severity, Subject, State.
+
+|*destinations*
+| Alert destinations: name (`Check Point log server`), Type (`Check Point Log Server`), State (`OK`), number of alerts.
+
+|*error*
+|Threshold errors: Threshold name, its OID, Error description, Time of error occurrence.
+
+
+
+|===
+
+
+
+== polsrv - Policy Server
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+| Policy server status - enabled/up, number of licensed/connected users.
+
+|*all*
+|Policy server status, versions major/minor, licensed/connected users.
+
+|===
+
+== svr - SmartReporter/SmartEvent 
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+| SmartEvent/SmartReporter server info: Product Name, SmartReporter Status, SmartReporter Version, SmartReporter Server State, Number of generations in queue, Enevtia Reporter Log Consolidator sessions (yes there is a typo in the tool "Enevtia" -> "Eventia"): Log Server, Customer, State, pid, Started since, Last startup, Database queue length, Memory occupied, Current log file name, Log records processed since startup, Log records stored, Log records ignored, Log records read per second, Is part of sequence, Currently open consolidated records, Consolidation rate (X100), Size allocated for database [KB], Current database size [KB], Database target table name, Temporary records loaded into database, Committed recors per second, Permanent records loaded into database, Records added into database, DNS items in cache, DNS cache size, DNS cache hits, DNS cache misses, DNS cache hit rate (X100), DNS open requests.
+
+|===
+
+
+
+== ha - ClusterXL
+[cols=2,options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+|Shows clusterXL version, Status (`OK`), Wokring Mode (Load SHaring/High Availability), State (Up/Down/Active), HA module state (`started`).
+
+|*all*
+|CLusterXL info includes: Product Name, Major/Minor ClusterXL versions, Status, HA protocol version (`2`), Working Mode, HA State, Monitored Interfaces table with their IPs and status, CLuster IPs table, Sync table listing Sync interface name and IP address.
+
+
+|===
+
+
+== mg
+[cols=2,options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+|Show management sessions info: administrator username currently connected, Windows domain name of the administrator PC or its IP address, and general Checkpoint Management server info like Product Name, Major/Minor versions, Build number, whether started or not, status (`OK`).
+
+|*log_server*
+|Log server stats and info: Log Receive Rate, Log Receive Rate Peak, Log Receive Rate Last 10 Minutes, Log Receive Rate Last Hour, Log Server Connected Gateways, their state (`connected`/`not connected`), Last Login Time, Log Receive Rate.
+
+|*indexer*
+|Log Indexer stats: Total Read Logs, Total Updates and Logs Indexed, Total Read Logs Errors, Total Updates and Logs Indexed Errors, Updates and Logs Indexed Rate, Read Logs Rate, Updates and Logs Indexed Rate (10min), Read Logs Rate (10min), Updates and Logs Indexed Rate (60min), Read Logs Rate (60min), Updates and Logs Indexed Rate Peak, Read Logs Rate Peak, Read Logs Delay.
+
+|===
+== fg
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*all*
+| QOS version, kernel build, QOS Policy name, QOS Policy install time, interface table with statistics for average Bps/conns/packets, per interface limits.
+
+|===
+
+
+== https_inspection
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|State of HTTPS Inspection: On/Off.
+
+|*hsm_status*
+|Status of Hardware Security Module (HSM): Enabled/Disabled, HSM partition access, status for outbound HTTPS Inspection: HSM on/HSM off/HSM error.
+
+|*all*
+| Combined output from `default` and `hsm_status` flavors.
+
+|===
+
+
+
+== antimalware
+[cols=2, options="header"]
+|===
+|Flavor
+|Description
+
+|*default*
+|Status of the antimalware blade (0 - disabled, 1 - enabled).
+
+|*subscription_status*
+| Subscription status for each Anti-Bot/Anti-Virus/Anti-Spam component. Info includes status, expiration date, description.
+
+|*update_status*
+|Antimalware blade updates status for Anti-Bot/Anti-Virus/Anti-Spam. The info includes status (`up to date`), Database version, package date, whether the next update is scheduled to run. 
+
+
+|*ab_prm_contracts*
+| Anti-Malware premium contracts information: contract state, update status, DB version.
+
+|*av_prm_contracts*
+| Anti-Virus premium contracts information: contract state, update status, DB version.
+
+|*scanned_hosts*
+|Statistics for number of Scanned Hosts for Hour/Day/Week. Stats for number of  Infected Hosts for Hour/Day/Week. 
+
+|*scanned_mails*
+| Number of scanned mails.
+
+|===
+
+
+== ci - Content Inspection (Anti-virus)
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|Shows stats about Content Inspection/AV blade work: AV State code, AV Engine name (`KSS` - Kaspersky (?)) table version/signature version/date, name and count of top ever viruses, URL Filtering top blocked sites and categories, top blocked sources by AV/UF/File-Type, total scanned.
+
+|===
+
+
+
+
+== dlp - DLP
+[cols=2, options="header"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|DLP status code.
+
+|*dlp*
+|Version, License status, LDAP Status, Traffic scans, DLP incidents, Scanned e-mails, E-mail incidents, Last E-mail scan, Quarantined messages, Size of quarantined messages, Sent e-mails, Expired e-mails, Discarded e-mails, Postfix queue length, Postfix errors, E-mails in queue older than 1 hour, Size of messages in queue, Free space in queue, Free space for quarantine, Quarantine status, HTTP scans, HTTP incidents, HTTP last scan, FTP scans, FTP incidents, FTP last scan, Bypass status, UserCheck clients, Last policy install status, Last scan time.
+
+
+|*fingerprint*
+|Fingerprint Current/Completed Tables DB info: Repository Id, Data Type Uid,Repository Root Path, Scan Id, Start Time, Repository Total Size, Repository Files, Repository Total Files Scanned, Duration,Status, Status Description, Repository Total Directories, Repository Unreach Total Directories, Fingerprinted Total Files, Total Skipped Files, Total Scanned Directories, Total Errors, Description, Data type name, Next Scheduled Scan Date.
+
+
+|*exchange_agents*
+|Status of Exchange agents: Name, Status, Total messages, Total scanned, Dropped, Uptime, Time since last message, Agent queue length, Exchange queue length, Avg. time per message, Avg. time per scanned message, Version, CPU usage, Memory usage, Policy timestamp.
+
+|===
+
+
+== ctnt - Content Awareness
+[cols=2, options="headers"]
+|===
+
+|Flavor
+|Description
+
+|*default*
+|Is Content Awareness blade active: True/False. Total files scanned, total data types detected.
+
+|===

cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc

@@ -0,0 +1,45 @@
+= Checkpoint Firewalls Debug Cheat Sheet
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+Status: Work in progress.
+
+== Cluster XL (ClusterXL) debug
+[cols=2,"options="header"]
+|===
+|command
+|Description
+
+|*cphaprob state*
+|Show status of the cluster  and its members, if down - show the descriptive reason and when the state change happened,type of clustering - HA/Load Sharing/VRRP, IP address of each member's sync interface, problematic _pnote_ that causes failover, number of failovers since last restart.
+
+|*cphaprob -ia list*
+|Show detailed information on the failed __pnote__/Critical Device of this member. List of  pnotes enabled by default (differs by version/model so not a reference): _Interface Active Check_, _Recovery Delay_ , _CoreXL Configuration_, _Fullsync_, _Policy/filter_, _routed_, _fwd_, _cphad_, _init_, _cvpnd_. 
+
+|*cphaprob -l list*
+|List ALL _pnotes_ of the member, including in _OK_ state.
+
+
+|*cphaprob -a if*
+|Show all the interfaces seen by the cluster on this member. _Monitored_ are interfaces monitored by the cluster and if failed would cause fail over. _Secured_ is/are interface(s) the cluster uses to synchronize members. In Checkpoint appliances it is usually named `Sync`. Also show cluster synchronization mode - broadcast/multicast, 
+
+|*cphaprob -m if*
+|Show the monitored interfaces but also add ClusterXL VLAN monitoring info - which VLANs on which interface are being monitored. 
+
+|*cphaprob syncstat*
+|Show detailed synchronization states and traffic statistics: sync traffic drops/sent/received/queue szie/delta interval. Good at showing network/communication problems between cluster members.
+
+|*cphaprob show_failover*
+|Show detailed history log of failover events with their dates and reasons. Checkpoint records last 20 failovers by default. 
+
+|*cphaprob mmagic*
+|Show the cluster magic number, relevant if multiple clusters are present in the same network.
+
+
+|*cphaprob show_bond*
+|Show bond interfaces.
+
+|*cpview -> Advanced -> ClusterXL*
+|Partial output of the above commands in TUI interface.
+
+|===

cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.adoc

@@ -0,0 +1,85 @@
+= Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
+Yuri Slobodyanyuk <admin@yurisk.info>
+v1.0, 2021-02-22
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+[cols=2,options="header"]
+|===
+|Command
+|Descritption
+
+|*show status*
+|General health info, first to run on unusual CPU/IO load. Shows uptime, CPU load, memory usage, CUCM/Unity version.
+
+|*utils ntp status*
+|Show NTP status - NTP source, synchronization, stratum. Note: this is not necessarily time source for the phones.
+
+|*utils network ping <dest> [count VALUE] [size VALUE]*
+| Ping to test network quality and connectivity. E.g. `utils network ping 8.8.8.8 count 10 size 1300` 
+
+|*utils network traceroute <IP address>*
+|Network trace.
+
+|*show tech network routes*
+|Show routing table.
+
+|*show network status [process nodns search [search term]]*
+|Show established connections with the process using the port. E.g. to show established connections to port 5060 (SIP phones and SIP trunks): `show network status process nodns search 5060`. 
+
+|*utils network arp list*
+
+*utils network arp delete*
+
+*utils network arp set*
+
+|Working with ARP table.
+
+|*show network ipprefs public*
+
+*show open ports*
+
+*show open ports all*
+
+*show open ports regexp*
+
+|Show open and accessible over the network ports with listening daemons.
+
+|*show network ip_conntrack*
+|Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on CUCM with 52 registered SIP phones this commands shows  301 connections.
+
+|*show process list*
+|Show list of running processes (Linux style).
+
+|*utils iostat*
+|Show I/O stats - writes/reads per second, averages
+
+|*show hardware*
+|Show the hardware server on which the CUCM is installed.
+
+|*utils service list*
+
+*utils service <stop/restart/start>*
+
+|List running CUCM/Unity services (not previously mentioned Linux ones) and then stop/restart any of them by their name. Copy & paste service name exactly as shown in the listing. 
+
+|*utils system restart*
+|Last resort - restart the whole CUCM/Unity. 
+
+ 
+|*show diskusage activelog*
+|Get the disk usage.
+
+|*show logins*
+|Show logged in admins
+
+|*show password expiry user list*
+|Show user password expiration, by default it is set to 99999 days, if not changed by the administrator.
+
+|*set password { age / complexity / expiry / inactivity / user }*
+|Changing password for yourself/another user . Be very careful with changing password of course.
+
+
+|===

cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.adoc

@@ -0,0 +1,38 @@
+= Cisco Nexus 9000 9k debug and diagnostic commands complete cheat sheet (work in progress)
+Yuri Slobodyanyuk <admin@yurisk.info>
+v1.0, 2020-09-01
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+Status: Work in progress.
+
+
+[cols=2,options="header"]
+|===
+|Command
+|Descritption
+
+|*show run interface <port-channel number> membership*
+|List physical interfaces included in the given Port-Channel, e.g. `show run int po1 membership`
+
+|*show port-channel usage*
+|Show port-channel numbers already in use.
+
+|*show port-channel summary*
+|Display list of all configured Port-Channels with their state, protocol (LACP or None), physical interface members.
+
+|*show vpc role*
+|Role of this peer in vPC, also vPC MAC address, vPC and system priority, local Nexus switch MAC.
+
+|*show vpc brief*
+|Gives verbose info about the vPC (vPC domain stats, vPC peer-link stats, port-channels with active VLANs etc.).
+
+|*show vpc peer-keepalive*
+| Display real-time stats on peering keepalives: last send/receive time, IP of the peer, port and protocol used, vrf for communicaiton.
+
+
+
+
+|===
+

cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.adoc

@@ -0,0 +1,111 @@
+= FAR manager cheat sheet of keyboard shortcuts
+Yuri Slobodyanyuk <admin@yurisk.info>
+v1.0, 2020-11-09
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+[cols=2, options="header"]
+|===
+|Shortcut
+|Description
+
+
+|*Ctrl + \*
+|Change working directory to the root folder, i.e. root of the drive.
+
+|*Ctrl + PgUp*
+|Move up to the parent directory.
+
+|*Alt + F1*
+|Set the working drive for the left panel.
+
+|*Alt + F2*
+|Set the working drive for the right panel.
+
+|*Ctrl + u*
+|Swap panels (left becomes right and vice versa).
+
+|*Ctrl + Left/Right Arrow*
+|Move the separating bar between panels left/right, changing the occupied space.
+
+|*Ctrl + Up/Down Arrow*
+|Move the bottom border of the panels up/down.
+
+
+|*Alt + F7*
+|Open File Search dialog box
+
+|*Alt + F12*
+|Open history of the visited folders.
+
+|*Alt + F8*
+|Open history of the viewed files.
+
+|*F9 + c + c* or *F11 + Advanced Compare*
+|Compare files/directories open in Panels. Standard compare (F9 + c + c) compares by name,size and time stamp. Advanced Compare allows to choose what to compare on. The files that differ are highlighted in blue.
+
+|*Ctrl + 1*  
+|Set panel view to 3-column layout showing just names.
+
+|*Ctrl + 2*
+|Return to the standard 2-column view of names only.
+
+|*Ctrl + 3*
+|Full panel view - shows name, size, date, time columns.
+
+|*Ctrl + 5*
+|Full screen view - name, size, allocated, write, created, accessed, attributes columns.
+
+2+|_Sort displayed items_
+
+|*Ctrl + F3*
+| Sort by file/folder name.
+
+|*Ctrl + F4*
+|Sort by extension.
+
+|*Ctrl + F5*
+|Sort by modified date.
+
+|*Ctrl + F6*
+|Sort by size.
+
+|*Ctrl + F8*
+|Sort by creation time
+
+|*Ctrl + F9*
+|Sort by access time
+
+|*Shift + move up/down*
+|Select single/multiple items. To deselect, hold Shift and move in the opposite direction.
+ 
+
+|COLORS fix later
+| Fix me
+
+|*F9 -> o -> l*
+|Open color selection dialog box.
+
+|*F11 + Temporary Panel*
+| Create and switch to a Temporary Panel. You can copy/drag files and folders from the visible Panel to it. This allows to work on multiple items from different locations at the same time. 
+
+
+2+|_Filter what is shown in the Panel_
+
+|*Ctrl + i*
+a|Open Filter dialog menu. It contains all file types/extensions seen in the current folder. By moving with _Arrow Up/Down_ you can select/deselect any single or combination of multiple extensions to include or exclude in the display. Highlight the extension in question and press:  
+
+- *<space>* or *+* or *i*: Include files with such extension in the display, exclude from display anything else. Pressing the same key again clears the selection.
+
+- *Shift + Backspace*: Clear all selections made so far.  
+
+- *x*: Exclude the selected extensions from showing, display what is left.
+
+- *Insert*: Open a dialog menu to create Custom filter. This allows to include/exclude files by their name/extension, size, attributes, and modification date. You can use relative operators `>=, <=`. All operands in a Custom filter are ANDed. Make sure to activate this Custom filter with Space or `+` in the filter list later.
+ 
+|*Enter* 
+|Activate the filter.
+
+|===

cheat-sheets/Fortianalyzer-SQL-tables-reference-cheat-sheet.adoc

@@ -0,0 +1,184 @@
+= Fortianalyzer SQL tables list
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+:homepage: https://yurisk.info
+
+
+Reference: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-log-message-reference/384955/traffic
+
+
+.Table columns for Traffic Log
+[cols=2, options="header"]
+|===
+|Column Name
+|Description
+
+|id
+|Numerical, 28 number, differ per row e.g. 1612273830   epoch time, the rest unclear
+
+|bid
+|Numerical, 9 numbers, same for the table for all rows
+
+|dvid
+| Numerical, 4 numbers, 
+
+|itime
+|Numerical, epoch time, e.g. 1612273830, stays the same for all rows (?)
+
+|dtime
+|Numerical, epoch, e.g. 1612281024, changes but not with each row, every few rows, probably end time 
+
+|euid
+|Numerical, 1 number
+
+|epid
+|Numerical, varies
+
+|dsteuid
+|Numerical, all = 0
+
+|dstepid
+| Numerical, the same for all rows
+
+|logflag
+|Numerical, differes but not each row, some rows are missing it
+
+|logver
+|Numerical, the same for all rows, e.g. 60
+
+|proto
+|Numerical, IP/TCP protocol number
+
+|vrf
+|Empty
+
+|logid
+|Numerical, log type, e.g.  0000000015, 000000013
+
+|type
+|String, e.g. traffic
+
+|subtype
+|String, e.g. forward
+
+|level
+|String, e.g. notice
+
+|action
+|String, e.g `deny`, `start`, `close`
+
+|policyid
+|Numerical, e.g. 2
+
+|sentbyte
+|Numerical, variable
+
+|rcvdbyte
+|Numerical
+
+|sessionid
+|Numerical
+
+|srcport
+|Numerical
+
+|dstport
+|Numerical
+
+|transport
+|EMpty
+
+|trandisp
+|String, `snat`
+
+|duration
+|Numerical
+
+|sentpkt
+|Numerical
+
+|rcvdpkt
+|Numerical
+
+|utmaction
+|String, `block`
+
+|slot
+|Empty
+
+|srcip
+|IP address
+
+|dstip
+|IP address
+
+|srcname
+|Empry
+
+|dstname
+|Empty
+
+|service
+|String, `HTTP`
+
+|user
+|empty
+
+|poluuid
+|Hex long number
+
+|app
+|String, `HTTP`, `HTTPS`, `DNS`, `TeamViewer`
+
+|appcat
+|String, `unknown`, `Remote.Access`
+
+|tranip
+|{}
+
+|unauthuser
+|{}
+
+|unauthusersource
+|{}
+
+|vpn
+|{}
+
+|srcintf
+|String, `bla_INT`
+
+|dstintf
+|String, `bla_EXT`
+
+|group
+|{}
+
+|custom_field1
+|{}
+
+|srcintfrole
+|`undefined`
+
+|dstintfrole
+|`undefined`
+
+|fctuid
+|{}
+
+|wanoptapptype
+|{}
+
+|wanin
+|Numerical, `3317`, `0`
+
+|wanout
+|Numerical, differs from _wanin_
+
+|lanin\
+|Numerical, `164`
+
+|lanout
+|Numerical, equals to _lanin_
+
+
+|===

cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc

@@ -0,0 +1,133 @@
+= Fortianalyzer diagnose and debug cheat sheet
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+:homepage: https://yurisk.info
+
+:toc: auto
+
+
+<<General Health>> +
+<<Communication debug>> +
+<<Logs from devices>> +
+<<Licensing>> +
+
+
+== General Health
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+
+|*get sys status*
+|Get general information: firmware version, serial number, ADOMs enabled or not, time and time zone, general license status (Valid or not).
+
+|*get sys performance*
+|Detailed performance statistics: CPU load, memory usage, hard disk/flash disk used space and input/output (`iostat`) statistics.
+
+|*exe top*
+|Display real time list of running processes with their CPU load.
+
+|*diag log device*
+|Shows how much space is used by each device  logging to the Fortianalyzer, including quotas.
+
+|*exe iotop -b -n 1*
+|Display and update every 1 second READ/WRITE statistics for all the processes.
+
+
+|*diagnose system print cpuinfo*
+|Display hardware CPU information - vendor, number of CPUs etc.
+
+|*diagnose hardware info*
+|Even more hardware-related info.
+
+|*diagnose system print df*
+|Show disk partitions and space used. Analog of the Linux `df`.
+
+|*exe lvm info*
+|Shows disks status and size
+
+|*diagnose system print  loadavg*
+|Show average system load, analog to the Linux `uptime` command.
+
+|*diagnose system print  netstat*
+|Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established.
+
+|*diagnose system print  route*
+|Show routing table of the Fortianalyzer.
+
+
+|===
+
+== Communication debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose test application oftpd 3*
+|List all devices sending logs to the Fortianalyzer with their IP addresses, serial numbers, _uptime_ meaning connection establishment uptime, not remote device uptime, and packets received (should be growing).
+
+
+
+|*diagnose debug application oftpd 8 <__Device name__>*
+
+*diagnose debug enable*
+|Real time debug of communicating with the __Device name__ device.
+
+|*diagnose sniffer packet any "host __IP of remote device__"*
+|Sniff packets from/to remote device, to make sure they are sending each other packets. The communication is encrypted.
+
+|*diagnose sniffer packet any "port 514"*
+|Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices.
+
+
+|===
+
+
+== Logs from devices
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose test application oftpd 50*
+|Show log types received and stored for each device.
+
+
+|*diag log device*
+|Shows how much space is used by each device  logging to the Fortianalyzer, including quotas.
+
+|*diagnose fortilogd lograte*
+|Show in one line last 5/30/60 seconds rate of receiving logs.
+
+|*diagnose fortilogd lograte-adom all*
+|Show as table log receiving rates for all ADOMs aggregated per device type (i.e. rate for all Fortigates will be as one data per ADOM).
+
+|*diagnose fortilogd lograte-device*
+|Show average logs receive  rate per device for the last hour, day, and week.
+
+|*diagnose fortilogd lograte-total*
+|Show summary log receive rate for all devices on this Fortianalyzer.
+
+
+
+|===
+
+== Licensing
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose dvm device list*
+|Look for the line _There are currently N devices/vdoms count for license_.
+
+|*diagnose debug vminfo*
+|Show report on Virtual Machine license: whether valid or not, type, licensed  storage volume, licensed log receive rate, licensed maximum device count.
+
+
+|===
+
+
+

cheat-sheets/Fortigate-SD-WAN-debug-diagnostics-and-verification-commands-cheat-sheet.adoc

@@ -0,0 +1,63 @@
+= Fortigate SD-WAN debug and verification commands cheat sheet
+:homepage: https://yurisk.info
+
+Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+== SD-WAN verification and debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose sys sdwan health-check* (6.4 and newer)
+
+*diagnose sys virtual-link  health-check* (5.6 up to 6.4)     
+
+| Show state of all the health checks/probes. Successful  probes are marked `alive`, failed probes are marked `dead`. Also displays `packet-loss, latency, jitter` for each probe. 
+
+|*diagnose sys sdwan member* (6.4 and newer)
+
+*diagnose sys virtual-wan-link member*
+
+|Show list of SD-WAN zone/interface members. Also gives each interface gateway IP (if was set, 0.0.0.0 if not), `priority`, and `weight` both by default equal `0`, used with some SLA Types. 
+
+|*diagnose sys sdwan service* (6.4 and newer)
+
+*diagnose sys virtual-wan-link service*
+
+|List configured SD-WAN rules (aka `services`), except the Implied one which is always present and cannot be disabled, but is editable for the default load balancing method used. Shows member interfaces and their status `alive` or `dead` for this rule. 
+
+
+
+|*diag sys sdwan  intf-sla-log <interface name>*  (6.4 and newer)
+
+*diag sys virtual-wan-link intf-sla-log <interface name>*
+
+|Print log of <interface name> real-time usage for the last 10 minutes. The statistics shown in bps: `inbandwidth`, `outbandwidth`, `bibandwidth`, `tx bytes`, `rx bytes`. 
+
+
+|*diag netlink interface clear <interface name>*
+
+|Clear traffic statistics on the given interface, this resets statistics of the SD-WAN Monitor GUI widget for this interface as well. Needed, if, for example, you changed SD-WAN rules, but not sure if it's already active. E.g. `diag netlink interface clear port1`. 
+
+
+|*diagnose firewall proute list*
+|List ALL Policy Based Routes (PBR). SD-WAN in Fortigate, after all, is implemented as a variation of PBR. This command lists manual (classic) PBR rules, along with the ones created via SD-WAN rules. *Important*: Manually created PBR rules (via `Network -> Policy Routes` or on CLI `config route policy`) always have preference over the SD-WAN rules, and this command will show them higher up.
+
+|*diagnose debug flow filter*
+
+*diagnose debug flow filter <filtering param>*
+
+*diagnose debug flow show function-name enable*
+
+*diagnose debug flow trace start [number]*
+
+*diagnose debug enable*
+
+|Use `diagnose debug flow` to see how the traffic is being routed via SD-WAN. Look for something like `Match policy routing id=2131951617: to 10.10.10.13 via ifindex-3` and `out port1 vwl_zone_id 2, state2 0x1,` here `id=2131951617` is the SD-WAN PBR rule id  as seen in `diagnose firewall proute list` and `vwl_zone_id 2` is the SD-WAN zone in the list of virtual-links.
+ 
+
+
+
+|===

cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc

@@ -0,0 +1,652 @@
+= Fortigate debug and diagnose commands complete cheat sheet
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+NOTE: To enable debug set by any of the commands below, you need to run *diagnose debug enable*. This is assumed and not reminded any further.
+
+NOTE: To disable and stop immediately any debug, run *dia deb res* which is short for *diagnose debug reset*.
+
+NOTE: All debug will run for 30 minutes by default, to increase use `diagnose debug duration <minutes>`, setting to 0 means unlimited by time. Reboot will reset this setting.
+
+
+<<Security rulebase debug (diagnose debug flow)>> +
+<<General Health, CPU, and Memory>> +
+<<Session stateful table>> +
+<<High Availability Clustering debug>> +
+<<IPSEC VPN debug>> +
+<<SSL VPN debug>> +
+<<Static Routing Debug>> +
+<<Interfaces>> +
+<<NTP debug>> +
+<<SNMP daemon debug>> +
+<<BGP>> +
+<<Admin sessions>> +
+<<Authentication>> +
+<<Fortianalyzer logging  debug>> +
+<<SD-WAN verification and debug>> +
+<<Virtual Fortigate License Status>> +
+<<DNS server and proxy debug>> +
+<<Administrator GUI access and API automation requests debug>> +
+
+
+
+
+
+== Security rulebase debug (diagnose debug flow)
+.Security rulebase diagnostics with `diagnose debug flow`
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose debug flow filter*
+|Show the active filter for the flow debug
+
+|*diagnose debug filter clear*
+|Remove any filtering of the debug output set
+
+|*diagnose debug flow filter <filtering param>*
+| Set filter for security rulebase processing packets output. You can set multiple filters - act as AND, by issuing this command multiple times. Parameters:
+
+`vd` - id number of the vdom. When entering the vdom with `edit vdom`, this number is shown first.
+
+`vd-name` - limit debug to specific VDOM by its name. Fortigate translates the name to VDOM ID (`vd`).
+
+`proto` - Protocol number.
+
+`addr` - IP address of the packet(s), be it a destination or/and a source.
+
+`saddr` - IP source address of the packet(s).
+
+`daddr` - IP destination address of the packet(s).
+
+`port` - Source or/and destination port in the packet(s).
+
+`sport` - Source port of the packet(s).
+
+`dport` - Destination port of the packet(s).
+
+`negate <parameter>` - negate the match, i.e. match if a packet does NOT contain  `<parameter`. Where `parameter` is one of the above: `vd`, `addr`, `saddr`, `port`, `sport`, `dport`
+
+|*diagnose debug filter6 <parameter>*
+| Same as `diagnose debug filter` but for IPv6 packets. The rest of matching and conditions remain of the same syntax.
+
+|*diagnose debug flow show function-name enable*
+|Show function names responsible for each step in processing.
+
+|*diagnose debug flow trace start [number]*
+|Actually start the debug with optional `number` to limit number of packets traced. 
+
+
+
+|===
+
+== General Health, CPU, and Memory
+.General Health, CPU, and Memory loads
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get sys stat*
+|Get statistics about the Fortigate device: FortiOS used, license status, Operation mode, VDOMs configured, last update dates for AntiVirus, IPS, Application Control databases.
+
+|*get sys performance stat*
+|Show real-time operational statistics: CPU load per CPU, memory usage, average network/session, uptime.
+
+|*diagnose debug crashlog read*
+| Display crash log. Records all daemons crashes and restarts. Some daemons are more critical than others.
+
+|*diagnose debug crashlog clear*
+| Clear the crash log.
+
+|*get hardware memory*
+| Show memory statistics: free, cached, swap, shared 
+
+|===
+
+
+== Session stateful table
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get system session status*
+|Show current number of sessions passing the Fortigate. Run inside the VDOM in multi-vdom environment to get number of connections/sessions for this specific VDOM. 
+
+
+
+|===
+
+
+== High Availability Clustering debug
+.HA Clustering related debug and verification
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get sys ha status*
+|Show general status and statistics of the clustering - health status, cluster uptime, last cluster state change, reason for selecting the current master, configuration status of each member (`in-sync/out-of-sync`), usage stats (average CPU, memory, session number), status (`up/down`, `duplex/speed`, `packets received/dropped`) for the heartbeat interface(s), HA cluster index (used to enter the secondary member CLI with `exe ha manage`).
+
+|*diagnose sys ha dump-by group*
+| Print detailed info per cluster group, shows actual uptime of each member in `start_time`, as well monitored links failures, status.
+
+
+|*diagnose sys ha checksum cluster*
+|Shows configuration checksum for each cluster member separated in individual VDOMs and _global_. In properly synchronized cluster all member checksums should be identical, look at `all` value. 
+
+|*diagnose sys ha checksum recalculate*
+|Force cluster member to recalculate checksums, often will solve the out of sync problem. No adverse effects. Run on each cluster member. 
+
+|*diagnose sys ha checksum show <__VDOM__/global>*
+|Print detailed synchronization status for each configuration part. Use after seeing `out-of-sync` in *diagnose sys ha checksum cluster* to know which part of configuration causes members to be out-of-sync. Need to run on each cluster member and compare, long output - use `diff`/`vimdiff/Notepad++ Compare plugin` to spot the differences.
+
+|*diagnose sys ha checksum show <__VDOM__/global> <settings part name>*
+|Show exact setting inside the settings tree that causes out-of-sync. Use output from *diagnose sys ha checksum show* (see above) for _settings part name_. E.g. if `diagnose sys ha checksum show root` indicates that _firewall.vip_ is out-of-sync, running `diagnose sys ha checksum show root firewall.vip` will give checksums of each VIP in the root domain to compare with those of secondary member.
+
+
+|*diagnose debug app hatalk -1*
+|Enable heartbeat communications debug. It shows in real time if members are talking over sync interfaces. 
+The output will look like `state/chg_time/now=2(work)/1610773657/1617606630`, where the desired `state` is _work_, _chg\_time_ is last cluster state/failover date in epoch, and _now_ is the last time communication occurred on heartbeat interface(s), also in epoch. 
+
+|*diag debug application hasync -1* 
+|Real time synchronization between members. As only things that changed get synchronized after 1st sync is established, may take time to produce output. See next.
+
+|*execute ha synchronize stop*
+
+*diag debug enable*
+
+*diag debug application hasync -1*
+
+*execute ha synchronize start*
+
+|Stop, enable debug, then start again HA synchronization process, will produce lots of output.
+
+
+|*exe ha manage ?*
+
+*exe ha manage <id>*
+
+|First show index of all Fortigate cluster members, then enter any secondary member CLI via its index.
+
+
+
+
+|===
+
+== IPSEC VPN debug
+
+.IPSEC VPN Debug
+[cols=2*,options="header"]
+|===
+|Command
+|Description
+
+| *diagnose vpn ike log-filter <parameter>* 
+a| Filter VPN debug messages using various parameters:  
+
+* `list`  Display the current filter.
+* `clear` Delete  the current filter.
+* `name` Phase1 name to filter by.
+* `src-addr4`/`src-addr6`   IPv4/IPv6 source address range to filter by.
+* `dst-addr4`/`dst-addr6`   IPv4/IPv6 destination address range to filter by.
+* `src-port` Source port range
+* `dst-port`  Destination port range
+* `vd`  Index of virtual domain. -1 matches all.
+* `interface` Interface that IKE connection is negotiated over.
+* `negate` Negate the specified filter parameter.
+
+
+|*diagnose debug application ike -1*
+| Enable IPSec VPN debug, shows phase 1 and phase 2 negotiations (for IKEv1) and everything for IKEv2. 
+"-1" sets the verbosity level to maximum, any other number will show less output.
+
+|*diagnose vpn ike gateway flush name <vpn_name>*
+|Flush (delete) all SAs of the given VPN peer only. Identify the peer by its Phase 1 name.
+
+|*diagnose vpn tunnel list [name <Phase1 name>]*
+| Show operational parameters for all or just specific tunnels: Type (dynamic dial up  or static), packets/bytes passed, NAT traversal state, Quick Mode selectors/Proxy Ids, mtu, algorithms used, whether NPU-offloaded or not, lifetime, DPD state. 
+
+|*diagnose vpn ike gateway list*
+| Show each tunnel details, including user for XAuth dial-up connection.
+
+|*get vpn ipsec tunnel details* 
+| Detailed info about the tunnels: Rx/Tx packets/bytes, IP addresses of the peers, algorithms used, detailed selectors info, lifetime, whether NAT Traversal is enabled or not.
+
+|*get vpn ipsec stats tunnel*
+| Short general statistics about tunnels: number, kind, number of selectors, state
+
+|*get vpn ipsec tunnel summary* 
+| Short statistics per each tunnel: number of selectors up/down, number of packets Rx/Tx.
+
+
+|*get vpn ipsec stats crypto*
+| Crypto stats per component (ASIC/software) of the Fortigate: encryption algorithm, hashing algorithm. Useful to see if unwanted situation of software encryption/decryption occurs. 
+
+
+
+
+
+|===
+
+
+== SSL VPN debug
+.SSL VPN client to site/Remote Access debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get vpn ssl monitor*
+|List logged in SSL VPN users with allocated IP address, username, connection duration.
+
+|*diagnose debug app sslvpn -1*
+|Debug SSL VPN connection. Shows only SSL protocol negotiation and set up. That is - ciphers used, algorithms and such, does NOT show user names, groups, or any client related info.
+
+
+|===
+
+== Static Routing Debug
+
+.Static and Policy Based Routing debug & diagnostics
+[cols=2,options="header"]
+|===
+|Command
+|Description
+
+|*get router info kernel*
+a|View the kernel routing table (FIB). This is the list of resolved routes actually being used by the FortiOS kernel.
+
+`tab` Table number, either 254 for unicast or 255 for multicast.
+
+`vf` Virtual domain index, if no VDOMs are enabled will be 0.
+
+`type` 0 - unspecific, 1 - unicast, 2 - local , 3 - broadcast, 4 - anycast , 5 - multicast, 6 - blackhole, 7 - unreachable , 8 - prohibited. 
+
+`proto` Type of installation, i.e. where did it come from: 0 - unspecific, 2 - kernel, 11 zebOS module, 14 - FortiOS, 15 - HA, 16 - authentication based, 17 - HA1
+
+`prio` priority of the route, lower is better.
+
+`pref` preferred next hop for this route.
+
+`Gwy` the address of the gateway this route will use
+
+`dev` outgoing interface index. If VDOMs enabled, VDOM will be included as well, if alias is set it will be shown.
+
+|*get router info routing-table all*
+|Show RIB - active routing table with installed and actively used routes. It will not show routes with worse priority, multiple routes to the same destination if unused.
+
+|*get router info routing database*
+|Show ALL routes, the Fortigate knows of - including not currently used.
+
+|*get router info routing-table details <route>*
+| Show verbose info about specific route, e.g. `get router info routing-table details 0.0.0.0/0`
+
+|*get firewall proute*
+| Get all configured Policy Based Routes on the Fortigate.
+
+
+
+
+|===
+
+== Interfaces
+
+.Interafces of all kinds diagnostics
+[cols=2,options="header"]
+|===
+|Command
+|Description
+
+|*get hardware nic <inerface name>*
+|Hardware info of the interface: MAC address, state (up/down), duplex (full, half), Rx/Tx packets, drops.
+
+|*diagnose hardware deviceinfo nic <nic name>*
+|Same as above.
+
+|*get hardware npu np6 port-list*
+|Show on which interfaces the NPU offloading is enabled.
+
+|*diagnose npu np6lite port-list*
+| Same as above but for NP6-lite.
+
+|*fnsysctl ifconfig <interface name>*
+|Gives the same info as Linux `ifconfig`. The only way to see the actual MTU of the interface.
+
+|*fnsysctl cat /proc/net/dev*
+|Similar to `netstat` shows errors on the interfaces, drops, packets sent/received. 
+
+|*diagnose ip address list*
+|Show IP addresses configured on all the Fortigate interfaces.
+
+|*diagnose sys gre list*
+| Show configured GRE tunnles and their state.
+
+
+|*diag debug application pppoed -1*
+
+*dia debug application pppoe -1*
+
+*dia debug applicaiton ppp -1*
+
+|Enable all ADSL/PPPoE-related debug.
+
+
+|*execute interface pppoe-reconnect*
+|Force ADSL re-connection.
+
+
+
+|===
+
+
+== NTP debug
+
+.NTP daemon diagnostics and debug
+[cols=2,options="header"]
+|===
+|Command
+|Description
+
+|*diag sys ntp status*
+|Current status of NTP time synchronization. Shows all NTP peers and their detailed info: reachability, stratum, clock offset, delay, NTP version.
+
+|*execute date*
+| Show current date as seen by Fortigate.
+
+|*exec time*
+| Show current time as seen by Fortigate.
+
+
+|===
+
+
+== SNMP daemon debug
+
+.SNMP daemon debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose  debug application snmpd -1*
+|ENable SNMP daemon messages debug.
+
+|*show system snmp community*
+|Show SNMP community and allowed hosts configuration
+
+
+|===
+
+
+== BGP
+
+.BGP debug
+[cols=2*,options="header"]
+|===
+|Command
+|Description
+
+
+|*diagnose ip router bgp level info*
+
+ *diagnose ip router bgp all enable*
+
+| Set BGP debug level to INFO (the default is ERROR which gives very little info) and enable the BGP debug.
+
+|*exec router clear bgp all*
+| Disconnect all BGP peering sessions and clear BGP routes in BGP table and RIB. Use with care, involves downtime.
+
+
+|*get router info bgp summary*
+| State of BGP peering sessions with peers, one per line.
+
+|*get router info bgp network <prefix>*
+| Detailed info about <prefix> from the BGP process table. Output includes all learned via BGP routes, even those not currently installed in RIB. E.g. `get router info bgp network 0.0.0.0/0`. The <prefix> is optional, if absent shows the whole BGP table.
+
+|*get router info routing-table bgp*
+| Show BGP routes actually installed in the RIB. 
+
+|*get router info bgp neighbors*
+| Detailed info on BGP peers: BGP version, state, supported capabilities, how many hops away, reason for the last reset.
+
+|*get router info bgp neighbors <IP of the neighbor> advertised-routes*
+| Show all routes advertised by us to the specific neighbor. 
+
+|*get router info bgp neighbors <IP of the neighbor> routes*
+| Show all routes learned from this BGP peer. It shows routes AFTER filtering on local peer, if any.
+
+|*get router info bgp neighbors <IP of the neighbor> received-routes*
+| Show all received routes from the neighbor BEFORE any local filtering is being applied. It only works if `set soft-reconfiguration enable` is set for this peer under `router bgp` configuration.
+
+|*diagnose sys tcpsock \| grep 179*
+| List all incoming/outgoing TCP port 179 sessions for BGP.
+
+
+
+
+
+
+|===
+
+
+== Admin sessions
+.Admin sessions management
+[cols=2,options="header"]
+|===
+|Command
+|Description
+
+|*get sys info admin status*
+|List logged in administrators showing `INDEX` value for each session
+
+|*execute disconnect-admin-session <INDEX>*
+|Disconnect logged in administrator by the session INDEX.
+
+
+|===
+
+
+ 
+== Authentication
+.Authentication in all kinds LDAP, Radius, FSSO
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+
+|*diagnose debug app fnbamd -1*
+|Enable debug for authentication daemon, valid for ANY remote authentication - RADIUS, LDAP, TACACS+.
+
+
+|*diagnose test authserver ldap <LDAP server name in FG> <username> <password>*
+| Test user authenticaiton on Fortigate CLI against Active Directory via LDAP. E.g. test user `Tara Addison` against LDAP server configured in Fortigate as `LDAP-full-tree` having password `secret`: `diagnose test authserver ldap LDAP-full-tree "Tara Addison" secret`.
+
+
+|*diagnose debug authd fsso list*
+|List logged in users the Fortigate learned via FSSO
+
+|*diagnose debug authd fsso server-status*
+| Show status of connections with FSSO servers. Note: it shows both, local and remote FSSO Agent(s). The local Agent is only relevant when using Direct DC Polling, without installing FSSO Agent on AD DC, so it is ok for it to be `waiting for retry ... 127.0.0.1` if you don't use it. The working state should be `connected`. 
+
+
+
+|===
+
+
+
+== Fortianalyzer logging  debug
+.Verify and debug sending logs from Fortigate to Fortianalyzer
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get log fortianalyzer setting*
+|Show active Fortianalyzer-related settings on Fortigate.
+
+|*config log fortianalyzer*
+|Complete Fortianalyzer configuration on CLI, as GUI configuring is usually not enough for it to work.
+
+|*get log fortianalyzer filter*
+|Verify if any log sending filtering is being done, look for values of `filter` and `filter-type`. If there are any filters, it means not all logs are sent to FAZ.
+
+|*exec log fortianalyzer test-connectivity*
+|Verify that Fortigate communicates with Fortianalyzer. Look at the statistics in `Log: Tx & Rx` line - it should report increasing numbers, and make sure the status is `Registration: registered`.
+
+|*exec telnet <IP of Fortianalyzer> 514*
+|Test connectivity to port 514 on the Fortianalyzer. If pings are allowed between them, you can also try pinging.
+
+|*diagnose sniffer packet any 'port 514' 4*
+|Run sniffer on Fortigate to see if devices exchange packets on port 514. Click in GUI on `Test Connectivity` to initiate connection.
+
+|===
+
+
+
+
+
+== SD-WAN verification and debug
+.SD-WAN verification and debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose sys sdwan health-check* (6.4 and newer)
+
+*diagnose sys virtual-link  health-check* (5.6 up to 6.4)     
+
+| Show state of all the health checks/probes. Successful  probes are marked `alive`, failed probes are marked `dead`. Also displays `packet-loss, latency, jitter` for each probe. 
+
+|*diagnose sys sdwan member*
+
+*diagnose sys virtual-wan-link member*
+
+|Show list of SD-WAN zone/interface members. Also gives each interface gateway IP (if was set, 0.0.0.0 if not), `priority`, and `weight` both by default equal `0`, used with some SLA Types. 
+
+|*diagnose sys sdwan service*
+
+*diagnose sys virtual-wan-link service*
+
+|List configured SD-WAN rules (aka `services`), except the Implied one which is always present and cannot be disabled, but is editable for the default load balancing method used. Shows member interfaces and their status `alive` or `dead` for this rule. 
+
+
+
+|*diag sys sdwan  intf-sla-log <interface name>*
+
+*diag sys virtual-wan-link intf-sla-log <interface name>*
+
+|Print log of <interface name> usage for the last 10 minutes. The statistics shown in bps: `inbandwidth`, `outbandwidth`, `bibandwidth`, `tx bytes`, `rx bytes`. 
+
+
+|*diag netlink interface clear <interface name>*
+
+|Clear traffic statistics on the interface, this resets statistics of the SD-WAN traffic passing over this interface. Needed, if, for example, you changed SD-WAN rules, but not sure if it's already active. E.g. `diag netlink interface clear port1`. 
+
+
+|*diagnose firewall proute list*
+|List ALL Policy Based Routes (PBR). SD-WAN in Fortigate, after all, is implemented as a variation of PBR. This command lists manual (classic) PBR rules, along with SD-WAN created via SD-WAN rules. *Important*: Manually created PBR rules (via `Network -> Policy Routes` or on CLI `config route policy` always have preference over the SD-WAN rules, and this command will show them higher up.
+
+
+
+
+
+|===
+
+
+== Virtual Fortigate License Status
+.Verify status of VM Fortigate License
+[cols=2, options='header"]
+|===
+|Command
+|Description
+
+|*get sys status \| grep -i lic*
+|Get status o fthe license (valid for Hardware Fortigate as well as VM). The corect status is `Valid`.
+
+|*diagnose debug vm-print-license*
+| Show detailed info on VM Fortigate license status: allowed CPUs and memory, date of license activation, license expiration date (if set), serial number.
+
+|*diagnose hardware sysinfo vm full*
+|Show license data as seen by FortiGuard: status (should be `valid=1`), last time it was checked (`recv`), answer code, should be `code: 200`, `code: 401` is for duplicate license found, `code: 502` is for VM cannot connect to FortiGuard, and `code: 400` is for invalid license. 
+
+
+|===
+
+
+== DNS server and proxy debug
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*get system dns*
+|Show configured DNS servers, DNS cache limit and TTL, source IP used, timeout and retry, whther NDS over TLS is enabled.
+
+|*diagnose test app dnsproxy 2*
+|Show the following statatistics: number of DNS process workers (if multiple), DNS latency against each server used, Secure DNS IP and latency - DNS server used for DNS filtering and Botnet detections, DNS cache usage, UDP vs TCP requests statistics, name of DNS Filter applied if any.
+
+|*diagnose test app dnsproxy 1*
+|Clear DNS responses cache
+
+|*diagnose test app dnsproxy 3*
+|Display detailed statistics for each DNS/SDNS server used and those that could be used.
+
+|*diagnose test app dnsproxy 7*
+|Show the responses cached entries.
+
+|*diagnose test app dnsproxy 6\|4\|5*
+| Work with FQDN resolved objects:
+
+`6` - Display currently resolved FQDN addresses
+
+`4,5` - Reload/Requery all FQDN addresses 
+
+|*diagnose test app dnsproxy 8*
+|Show DNS database of domain(s) configured on the Fortigate itself.
+
+|*diagnose test app dnsproxy 9*
+|Reload DNS database of domain(s) configured on the Fortigate itself.
+
+|*diagnose test app dnsproxy 10*
+|Show active SDNS, i.e. DNS Filter Policy used. Shows Categories as numbers, so not easily readable.
+
+|*diagnose test app dnsproxy 12*
+|Reload configuration of DNS Filter, in case the changes made do not take effect immediately.
+
+|*diagnose test app dnsproxy 15*
+|Show cached responses and their rating of the DNS Filter for each URL/domain scanned.
+
+|*diagnose test app dnsproxy 16*
+|Clear the DNS Filter responses and ratings cache.
+
+|*diagnose test app dnsproxy 99*
+|Restart the dns proxy service.
+
+
+
+
+|===
+
+
+== Administrator GUI access and API automation requests debug
+
+[cols=2, options="header"]
+|===
+|Command
+|Descritption
+
+|*diagnose debug httpsd -1*
+
+*diagnose debug application httpsd -1*
+
+|Enable diagnostics for administrator and remote REST API access via `api-user`. When debugging API automation, refrain from working in admin GUI as it will produce a lot of unrelated output.    
+
+|===

cheat-sheets/FreeBSD-cheat-sheet.adoc

@@ -0,0 +1,63 @@
+= FreeBSD cheat sheet
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+== Working with disks and partitions
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+
+|*camcontrol devlist*
+|Show list of attached storage devices
+
+|*geom <disk/label/part/raid> list*
+|Display detailed information for the given GEOM class `disk` - physical disk, `label` - device labels, `part` - partitions. Other classes are available, but not mentioned for irrelevance here.
+
+|*mount*
+|Show mounted in fact partitions and their properties (journaled or not, type).
+
+|*glabel list*
+|Show labels, same as `geom label list`.
+
+|*gpart show*
+|Show partitions, similar to `geom part list` minus labels information, so is shorter. Add `-r` to show GPT partition types, see for the complete list at https://en.wikipedia.org/wiki/GUID_Partition_Table .
+
+
+|*gpart recover <device name>*
+|Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: `gpart recover da0`. 
+
+|*swapoff <device name>*
+|Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: `swapoff /dev/da0p3`
+
+|*gpart delete -i <n> <device name>*
+|Delete partition number `n` (as shown by `gpart show`) on the device `device name`. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: `gpart delete -i 3 /dev/da0`.
+
+|*gpart create -s <partition scheme> <device name>*
+|Set type of partition to be added on device `device name`. E.g. to set up  device _da1_ for GPT partitioning: `gpart create -s gpt da1`.  
+
+|*sysctl kern.geom.debugflags=16*
+|Resizing a live partition may require turning off this protection.
+
+|*gpart resize -i <n> [ -s <new size K/M/G>] [-a <alignment size>] <device name>*
+|Resize existing partition number `n` to `new size`, optionally setting alighnment, on device `device name`. If `-s` size is not given, use up all available _free_ space. E.g. to increase the _2nd_ partition on device _da0_ to 47 Gigabyte with 4k alignment: `gpart resize -i 2 -s 47G -a 4k da0`.
+
+|*growfs <partition name>*
+|After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.`growfs /dev/da0p2`. 
+
+|*gpart add -t <partition type> [-a <alignment>] [-l <label name>] <dev name>*
+|Add a new partition to the disk `dev name`, setting its type and optionally alignment and label. E.g. to add _freebsd-ufs_ type partition to disk _da1_ aligned on 4k border setting the label to _data_: `gpart add -t freebsd-ufs -a 4k -l data da1` . After that, this partition will be available as  _/dev/gpt/data_   
+
+|*newfs [-U] [-j] <partition name/label>* 
+|Add filesystem to the named partition. Switches depend on the filesystem type, here `-U` is for *freebsd-ufs* with soft updates but without journaling, while `-j` adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled _/data_ of type GPT: `newfs -U /dev/gpt/data`.  
+
+
+
+
+
+
+|===

cheat-sheets/HIEW-hexadecimal-editor-cheat-sheet.adoc

@@ -0,0 +1,70 @@
+= HIEW hexadecimal editor and disassembler cheat sheet
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+[cols=2,options="header"]
+|===
+|Command
+|Description
+
+|*hiew8.ini*
+|Configuration file usually located in the same directory as the hiew32.exe binary itself.
+
+|*F1*
+|Conext-aware help.
+
+|*ESC*
+| Exit any window in any mode without saving the changes.
+
+|*F3*
+|Enter the Edit mode.
+
+|*ENTER*
+| In the Read mode, switch between Hex/Decode/Text modes in turn.
+
+|*F7*
+|Open a search window.
+
+|*Ctrl+Enter*
+|Continue searching.
+
+|*Alt+F1*
+|Change location addressing mode.
+
+|*F9*
+|Save the changes made so far.
+
+|*F6*
+|In Decode/Disassembled mode, find cross-references.
+
+|*
+| In Read mode, select block(s) of bytes.
+
+|*F8*
+|Show the file headers.
+
+|*F8 -> F6 -> F3*
+| In Hex/Decode modes, show then edit file header sections.
+
+|*Alt+F6*
+|Show all strings in a file.
+
+|*+/-*
+|Increase/decrease minimal string length.
+
+|*F5*
+| Go to offset.
+
+|*Alt+F7*
+| Change the search direction: top-down/down-top.
+
+
+
+
+
+
+
+
+
+
+|===

cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc

@@ -0,0 +1,94 @@
+= Linux and PF firewalls commands cheat sheet
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+== Firewalld daemon management (Red Hat based distributions)
+.firewall-cmd commands
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*firewall-cmd --state*
+|Show firewall daemon status
+
+|*firewall-cmd  --list-all*
+|List currently active rules
+
+|*firewall-cmd --reload*
+|Reload firewall keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
+
+|*firewall-cmd --get-default-zone*
+| Show the default zone for interfaces.
+
+|*firewall-cmd --get-zones*
+|List all available zones
+
+|*firewall-cmd --get-active-zones*
+| Show active zones, including to which zone each interface belongs.
+
+|*firewall-cmd --list-all-zones*
+|List all zones with their rules and associated interfaces.
+
+|*firewall-cmd -add-service <service name>*
+|Add predefined service by name to the default zone, with action ACCEPT, e.g. `firewall-cmd -add-service ftp` .
+
+
+|===
+
+
+== Ubuntu Uncomplicated Firewall (ufw)
+.ufw management commands
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*ufw status*
+|Show whether the firewall is on and if on, list the active rules.
+
+|*ufw enable*
+|Enable firewall.
+
+|*ufw disable*
+|Disable firewall
+
+|*ufw reload*
+|Reload firewall and rules.
+
+|*ufw allow <predefined service name>*
+| Allow some service in any direction from/to any IP address using so called `simple` rule syntax. The service names are as per `/etc/services`. E.g. to allow ssh from any: `ufw allow ssh`.
+
+|*/etc/ufw/before.rules*
+|Some rules are pre-allowed by default, to change them edit this file and reload the  firewall.
+
+|===
+
+
+== PF (Packet Filter) management for FreeBSD & OpenBSD
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*pfct -d*
+|Disable PF in place, does not survive reboot.
+
+|*pfctl -ef /etc/pf.conf*
+|Enable PF and load the rule set from file `/etc/pf.conf` in one go.
+
+|*pfctl -nf /etc/pf.conf*
+|Parse security rules stored in a file without installing them (dry run).
+
+|*pass in quick on egress from 62.13.77.141 to any*
+| 'Quick' rule (means allows this traffic on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface) to allow incoming ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`. 
+
+
+
+
+
+
+|===
+

cheat-sheets/Linux-ip-route-reference-by-examples.adoc

@@ -0,0 +1,226 @@
+= Linux ip route command reference by example
+
+NOTE: All the commands below take effect immediately after you hit Enter, and do NOT survive reboot. You may shorten the commands to the shortest but unique, e.g. `sh ip ad` instead of `show ip address`. All the commands come as part of the pre-installed package `iproute2`. 
+
+Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+<<ip address - Manage IP address(es) on interfaces>> +
+<<ip route - Manage routing table>> +
+<<ip link - Link Management>> +
+<<ip neighbor - Manage ARP and neighbors table>> +
+<<Reference>>
+
+
+
+== ip address - Manage IP address(es) on interfaces
+
+[cols=2, options="header"]
+|===
+
+|Command
+|Description
+
+|*ip address show / ip ad sh*	
+|Show all IP addresses of all interfaces, also their MTU, MAC addresses.
+
+|*ip address show ens36*
+|Show IPs of a given interface (ens36).
+
+|*ip address show up*	
+|Only show IPs of the interfaces that are configured as UP. 
+
+|*ip address show dynamic/permanent*	
+|Show only dynamic (DHCP) or static IPv4/IPv6 addresses.
+
+|*ip address add 192.0.2.1/27 dev ens36*	
+|Add a new IP address (192.0.2.1) to the named (ens36) interface.
+
+|*ip address add 192.0.2.1/27 dev ens36 label ens36:external*	
+|Add IP address to the interface, AND label it (external). The label is any string. The label will show in show ip address as: inet 192.0.2.1/27 scope global ens33:external
+
+|*ip address delete 192.0.2.1/27 dev ens36*
+|Delete the specified IP address from the interface
+
+|*ip address flush dev ens36*	
+|Delete ALL IP addresses from the given interface.
+
+|===
+
+
+== ip route - Manage routing table
+
+[cols=2, options="header"]
+|===
+
+|Command
+|Description
+
+|*ip route [show]* / *ip ro* +
+*ip -6 route* +
+*ip -4 route*	
+|Show the routing table for both – IPv4 and IPv6. +
+Show the routing table for IPv6 only. +
+Show the routing table for IPv4 only.
+
+|*ip route show table all*
+|Show ALL routing tables of the server, helpful when there is Policy Based Routing (PBR) in place.
+
+|*ip route add default via 10.10.10.1* +
+*ip route add default dev ens36* +
+*ip route add 0.0.0.0/0 dev ens36* +
+*ip -6 route add default dev ens36* 
+|Add default route/default gateway via next hop +
+… via outgoing interface (ens36) +
+… via outgoing interface using 0.0.0.0/0 notation +
+Add default IPv6 route.
+
+
+|*ip route delete default dev ens36*
+|Delete default route via given interface
+
+|*ip route show root 192.0.2.0/24*	
+|Show routes not shorter than the given. Here, 192.0.2.0/29 will match, but 192.0.2.0/23 will not.
+
+
+|*ip route show match 192.0.2.0/29*
+|Show routes not longer than the given network/mask. Here, 192.0.2.0/30 will match, but 192.0.2.0/27 will not. 
+
+|*ip route show exact 192.0.2.0/29*
+|Show route(s) matching EXACTLY inside the network and its given mask. Here, 192.0.2.7 will match, but 192.0.2.8 will not. 
+
+|*ip route get 192.123.123.1/24*
+|Simulate resolving of a route in real time by kernel.
+
+
+|*ip route add 192.192.13.0/24 via 10.13.77.1* + 
+*ip route add 192.192.13.0/24 dev ens36*
+|Add new route to 192.192.13.1/24 via nexthop. +
+Add new route to 192.192.13.1/24 via interface.
+
+
+|*ip route delete 192.192.13.0/24 via 10.13.77.1* + 
+*ip route delete 192.192.13.0/24*
+|Delete specific route
+
+
+|*ip route change 192.192.13.0/24 dev ens32*
+|Change some parameter of the existing route.
+
+
+|*ip route replace 192.192.13.0/24 dev ens36*
+|Replace a route  if exists add if not.
+
+|*ip route add blackhole 192.1.1.0/24*
+|Black hole some route. The traffic sent to this route will be dropped without any feedback.
+
+
+|*ip route add unreachable 192.1.1.0/24*
+|Block destination route, replies to sender “Host unreachable”.
+
+
+|*ip route add prohibit 192.1.1.0/24*
+|Block destination route, replies to sender with  ICMP “Administratively prohibited”.
+
+|*ip route add throw 192.1.1.0/24*
+|Block destination route, sends in reply ICMP “net unreachable”.
+
+|*ip route add 10.10.10.0/24 via 10.1.1.1 metric 5*
+|Add a route with a custom metric.
+
+|*ip route add default nexthop via 10.10.10.1 weight 1 nexthop dev ens33 weight 10*
+|Add 2 (default) routes with different weights (higher weight is preferred) – first with the weight of 1, second with the weight of 10.
+
+
+
+|===
+
+
+== ip link - Link Management
+[cols=2, options="header"]
+|===
+
+|Command
+|Description
+
+|*ip link show / ip link / ip link list* +
+*ip link show ens36*
+|Show info on all available interfaces. +
+Show info on a specific interface.
+
+|*ip link set dev eth36 down* +
+*ip link set dev ens36 up*
+|Set interface state to down. +
+Set interface state to up.
+
+|*ip link set ens33 name eth33*
+|Rename interface, here from ens33 to eth33. First, you have to set interface to down state. This adds this name as an alternative name, keeping the old name as well. Use with care – some distributions (RHEL/CentOS) expect certain names for each interface type.
+
+|*ip link set dev eth0 address 02:42:c2:7c:39:b3*
+|Change MAC address of the interface.
+
+|*ip link set dev tun0 mtu 1480* 
+|Set MTU size for the interface.
+
+|*ip link delete <dev>* 	
+|Delete interface, relevant for virtual interfaces only (VLAN, bridge, VXLAN, etc.).
+
+|*ip link set dev ens36 arp off/on*	
+|Turn ARP resolution protocol on the interface ens36 on/off. NOTE: disabling ARP will clear the current ARP table and will prevent this interface from learning MAC addresses, and so will disconnect any remote sessions to the host.
+
+|*ip link set dev ens36 multicast off/on*	
+|Turn multicast on the interface ens36 on or off.
+
+|*ip link add name eth0.110 link eth0 type vlan id 110*
+|Add VLAN 110 on the fly to the interface eth0, naming it eth1.110. 
+
+
+|*ip link add name eth0.120 link eth0 type vlan proto 802.1ad id 120* +
+*ip link add name eth0.120.200 link eth0.120 type vlan proto 802.1q id 200* 	
+|*QinQ (kernel >= 3.10)*. Add VLAN 120 as external VLAN on interface eth0 naming it eth0.120, setting protocol to 802.1ad.
+Add internal VLAN 200 to the eth0.120, naming it eth0.120.200 and setting protocol to the 802.1Q. 
+
+|*ip link add dummy0 type dummy* +
+*ip addr add 172.17.1.1/24 dev dummy0* +
+*ip link set dummy0 up*	
+|Create virtual software interface of type dummy, assign it IP address, and bring it up. Useful for testing. 
+
+
+|*ip link add vx0 type vxlan id 100 local 172.16.13.1 remote 192.168.12.12 dev eth0 dstport 4789*
+|Create VXLAN tunnel with id of 100 and local and remote addresses of 172.16.13.1/192.168.12.12 using destination port of 4789 UDP.
+
+|*ip link add bond13-14 type bond mode active-backup* +
+*ip link set eth13 master bond13-14* +
+*ip link set eth14 master bond13-14*	
+|Create logical interface bond13-14 of type bond in active-backup mode for failover (only 1 physical interface is active at any time).
+Add 2 physical interfaces to this bond (eth13 & eth14). All further configurations are to be done on the bond13-14 interface.
+
+|===
+
+== ip neighbor - Manage ARP and neighbors table
+[cols=2, options="header"]
+|===
+
+|Command
+|Description
+
+|*ip neighbor show* +
+*ip neighbor show dev eth0*
+
+*ip -6 neighbor show*	
+|Show all MAC addresses of the IPv4 neighbors. +
+Show MAC addresses of the neighbors on ens36 interface only. +
+Show IPv6 neighbors.
+
+|*ip neighbor flush dev eth0*	
+|Delete all cached dynamically learned MAC addresses on the interface eth0.
+
+|*ip neighbor add 192.1.1.1 lladdr 01:22:33:44:55:f1 dev eth0*	
+|Add static IP address to MAC address mapping for a neighbor on the interface eth0.
+
+|*ip neighbor delete 192.1.1.1 lladdr 01:33:44:55:ff:11 dev eth0*
+|Delete a static mapping of IP address to the MAC address on the interface.
+
+|===
+
+== Reference
+* https://manpages.debian.org/jessie/iproute2/ip-route.8.en.html

cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.adoc

@@ -0,0 +1,103 @@
+= MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+*MRV Communications* (acquired in 2017 by ADVA Optical Networking) is an Israeli company known for their optical network equipment, most notably their Optiswitch Carrier Ethernet Switch series. The switches (OS904, OS906G, OS912) are not available for purchase from them anymore, but if you work for a telco company, you surely still have these boxes around doing their work.
+
+Unfortunately, with the merger and the end of sale, all the documentation disappeared as well. To help you a bit I bring below some debug and diagnostic commands to be run on the CLI. You can still find the datasheet here https://www.cornet-solutions.co.jp/pdf/mrv_os_900_sdb_a4_hi.pdf
+
+You can see how output of the commands below looks like when run on the real MRV in my blog post: https://yurisk.info/2020/01/13/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands/.
+
+
+[cols=2*,options="header"]
+|===
+|Command
+|Description
+
+|*no cli-paging/cli-paging*
+|Enable/disable paging the output.
+
+|*show <smth> \| <include/begin/end/exclude> <search term>*
+|Pipe output of some `show` command, e.g. find specific MAC address: `show lt \| include B1:12` (search terms are case sensitive). Also can pipe to few Linux commands, e.g. count number of learned/dynamic MACs: `show lt \| grep -c "DYNAMIC"` 
+
+
+|*show run*
+|Show the running configuration
+
+
+|*show port*
+| Show port summary: state (on/off), speed, media (copper/sfp), duplex state
+
+|*show interface*
+|List of logical/vlan interfaces, MAC addresses, IP address (if any)
+
+|*show port detail _n_*
+| Show details of the port number _n_: media type, speed/duplex configured and actual, state, shaping applied.
+
+|*show port statistics _n_*
+|Show real-time statistics: packets/bytes received/sent, CRC and other error count
+
+|*show l2cntrl-protocol-counters*
+|Show counters of received/transmitted Layer 2 control protocols - LACP, MSTP, RSTP, OAM.
+
+|*show run ports*
+| Show running configuration for all ports
+
+|*show port tag*
+|Show tagging/vlans configured on each port
+
+|*show port sfp-diag _n_*
+| Show real-time diagnostic data for the interface: TX/RX power in dBm, voltage, temperature
+
+|*show port sfp-params*
+|Physical parameters of the SFP interface
+
+|*show port rate _portnumber_ time _seconds_*
+|Show the rate of the traffic passing the interface real-time
+
+|*monitor port statistics _portnumber_*
+|Show the same data as `show port statistics` but refresh every other second
+
+|*(config)# port state disable/enable <n>*
+|Disable/enable MRV port number `n` (shut/no shut in Cisco terminology). Make sure you don't disable th eport you are connected through.
+
+|*(config)# port media-select <sfp/sfp100/copper/auto/sgmii>*
+| Set manually type of physical interface installed in MRV.
+
+|*(config)# port speed <10/100/1000/auto> <n/all>*
+|Force specific speed settting for a port.   
+
+|*show lt [port <port number> all]*
+|Show MAC address table -  static and learned dynamic. Output also gives timestamp when MAC address displayed was last changed. Optionally, specify port to show only MACs on this port. 
+
+|*(config)# clear lt*
+|Delete  all learned MAC addresses from Learning Table.
+
+|*show syslog <all/debug/info/warning/error/fatal> [start-date] [end-date]*
+|Show logs per their severity. Optional start/end dates are in format `mm-dd-ff:mm:ss` . If remote syslog is configured in the MRV, there will be NO local logs, to verify - look in configuration `show run \| i rsyslog`. 
+
+|*clear syslog*
+|Delete all local log entries.
+
+
+|*show ver*
+| Show the device model, hardware, fan status, OS installed, MAC address, serial number and uptime. 
+
+|*show time*
+|Show system time. Important for checking alarms and logs
+
+|*show cpu*
+|CPU properties
+
+
+
+
+
+
+
+|===
+
+
+Additionally see https://github.com/yuriskinfo/cheat-sheets/blob/master/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc
+
+ 

cheat-sheets/PF-firewall-configuration-and-debug-cheat-sheet.adoc

@@ -0,0 +1,49 @@
+= PF firewall (FreeBSD, OpenBSD) configuration and debug commands cheat sheet
+:homepage: https://yurisk.info
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+== PF (Packet Filter) management for FreeBSD & OpenBSD
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*pfct -d*
+|Disable PF in place, does not survive reboot.
+
+|*pfctl -ef /etc/pf.conf*
+|Enable PF and load the rule set from file `/etc/pf.conf` in one go.
+
+|*pfctl -nf /etc/pf.conf*
+|Parse security rules stored in a file without installing them (dry run).
+
+|*pfctl -F <all/rules/nat/states>*
+
+
+a|  Flush, accordingly:  
+
+- `all` Everything (filter rules, nat, but NOT sateful table - those already connected will stay so). Blank/flushed rules mean "permit any any".
+- `rules` Rules only (stateful table of existing connections stay intact)
+- `nat` NAT rules only
+- `states` Stateful table (but again - active connections stay alive)
+
+|*pfct -k <source IP of connection to clear> [-k <destination>]*
+|Kill an active connection from the state table. You can specify IP address as the 1st selector to the 1st `-k` and optionally, destination selector with another `-k` key. `0.0.0.0/0` as a wildcard can be used. E.g. to clear all connections from any to 10.10.10.13/32 `pfctl -k 0.0.0.0/0 10.10.10.13/32`. To add selectors, look at available ones via *pfctl -s state*.   
+
+
+|*pfctl -z*
+|Clear all per rule statistics/counters
+
+
+|*pass in quick on egress from 62.13.77.141 to any*
+| 'Quick' rule, means allow this traffic to pass through on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface, to allow destined to ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`. 
+
+
+
+
+
+
+|===

cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc

@@ -0,0 +1,67 @@
+= RAD ETX 203, 205, 220 debug and information commands
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+Carrier Ethernet Devices by RAD (ETX-203AX, ETX-203AM, ETX-203AX-T, ETX-205A, ETX-220A) are quite popular with telco companies around the world for connecting end clients to the backbone at layer 2. And while reference documentation is available, I couldn't find the debug/information commands digest on the Internet at all. This post, I hope, comes to fill the gap.
+
+The commands below are meant to be run on the device CLI itself, not on provisioning system like RADview. You can see how output looks like when run on the real ETX on my blog post https://yurisk.info/2020/03/21/rad-etx-203-203-220-debug-and-information-commands-examples/.
+
+
+[cols=2*,options="header"]
+|===
+|Command
+|Description
+
+
+|*show configure port summary*
+| Show port summary: state (up/down), speed
+
+|*show config port _name_ status*
+| Show port status: administrative and operational states, speed/duplex, connector type, MAC address, and most important (for fiber) - RX/TX signal power (dBm)
+
+|*show config port _name_ statistics*
+| Statistics of the port: total bits/frames passed,maximum/minimum bits/sec seen, and most interesting - CRC errors, error frames, oversize frames, discards.
+
+|*show config port _name_ statistics*
+| Statistics of the port: total bits/frames passed,maximum/minimum bits/sec seen, and most interesting - CRC errors, error frames, oversize frames, discards.
+
+|*config port name*  
+
+*rate-measure interval _seconds_*  
+
+*show rate*
+| Show port utilization in bits/sec in real-time
+
+
+|_Responder:_
+
+*config flow*  
+
+*service-ping-response local-ip 13.13.13.2/30 next-hop 13.13.13.1 egress-port ethernet 4/2 vlan 777*
+
+_Ping sender:_
+
+*config flow*
+
+service-ping local-ip 13.13.13.1/30 dst-ip 13.13.13.2 next-hop 13.13.13.2 egress-port ethernet 4/1 vlan 777 number-of-packets 10 payload-size 1450
+
+|Send ping over the client vlan (here 777) from ETX to ETX to measure latency and packet loss. You configure one ETX as responder and another one as sender.
+
+|*show configure flows summary brief*
+|List all flows configured on this ETX briefly
+
+|*show configure flows summary details*
+|List all flows configured on this ETX with details
+
+|*show config system system-date*
+| Show system time of the appliance, important for logs/alarms correlation.
+
+|*show config reporting brief-alarm-log*
+|Show alarms log, their severity/state/last raised time
+
+
+
+
+
+
+|===

cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.adoc

@@ -0,0 +1,59 @@
+= Ruckus ICX switches  7150, 7250, 7450, 7650, 7750, 7850 diagnostics commands
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ 
+:homepage: https://yurisk.info
+
+
+
+NOTE: When in doubt, use Cisco IOS-like commands, as most are equivalent. 
+
+.Ruckus ICX switch (former Brocade) diagnostics commands
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*show version*
+|Show the switch hardware version, whether stack or not, uptime, serial number, firmware version. 
+
+|*show flash*
+|Show boot images stored in the flash - primary and secondary boot images and thier versions, flash free space. 
+
+|*show dir* OR *show files*
+|List contents of the flash - in addition to boot images, also startup configuration file and anything else stored in the flash.
+
+|*show boot*
+|Show in what sequence boot images will be tried on reload, usually Primary then Secondary.
+
+|*show cpu tasks*
+|Show last 1 second CPU load per task in percents. 
+
+|*show cpu histogram waittime*  AND *show cpu histogram holdtime*
+|Shows the task CPU usage in each bucket. This includes how many times a task run time or hold time falls in each bucket, and the maximum run time and total run time for each bucket. Hold time - The time that the task is holding the CPU without yield. Wait time - The time that the task is waiting for execution.
+
+|*show fdp neighbor* AND *show fdp neighbor detail*
+| Show CDP or/and LLDP neighbors, provided any of these protocols are enabled on the switch.
+
+|*show run*
+|Show the running configuration.
+
+|*show statistics brief*
+|Show stats for all interfaces - cumulative packets in/out, error in/outs.
+
+|*show statistics ethernet <port number>*
+|Show detailed statistics for the interface _<port number>_ - packets/bytes in/out, bad packets/frames, CRC count, Collisions, Interface bandwidth utilization in percents, current interface utilization in bits/sec.
+
+|*show spanvlan <vlan number>*
+|Show spanning tree status (optionally) for a given VLAN - who is root, interface cost, state (forwarding, disabled) of each interface. 
+
+|*show vlan <vlan number>*
+|Show VLAN information - spanning tree status (on/off), SPT priority, which ports are tagged and which are not, Uplink ports if any.
+
+|*show inline power*
+|Show power over the Ethernet status for each interface, if enabled/supported.
+
+|*show int <interface name>*
+|Detailed interface statistics like `show int` in Cisco equipment - port uptime, MAC address, configured vs actual speed/duplex, MDI mode, STP state, input/output rate in bits/sec, 
+
+|===
+

cheat-sheets/Ubuntu-ufw-firewall-cookbook.adoc

@@ -0,0 +1,85 @@
+= Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+<<Disable/unload the firewall>> +
+<<Verify status of the ufw firewall>> +
+<<Enable ufw firewall>> +
+<<Allow SSH access to this server from Any IP source>> +
+<<Delete a rule by its number>> +
+
+
+== Disable/unload the firewall
+Beware: after running this command all access restrictions imposed by ufw rules will be gone.
+
+
+`*ufw  disable*`
+
+
+== Verify status of the ufw firewall
+
+`*# ufw status*` - Show short status. +
+....
+Status: active
+
+To                         Action      From
+--                         ------      ----
+22                         ALLOW       Anywhere                  
+Anywhere                   ALLOW       10.10.10.0/24             
+22 (v6)                    ALLOW       Anywhere (v6)             
+....
+
+
+`*ufw status  verbose*`- Show  all rules, including the default ones, and logging level.
+----
+Status: active
+Logging: on (low)
+Default: deny (incoming), allow (outgoing), allow (routed)
+New profiles: skip
+
+To                         Action      From
+--                         ------      ----
+22                         ALLOW IN    Anywhere                  
+Anywhere                   ALLOW IN    10.10.10.0/24             
+22 (v6)                    ALLOW IN    Anywhere (v6)             
+----
+
+
+`*ufw status numbered*` - Show rules with their sequence numbers, that we can later use to delete some specific rule.
+
+----
+Status: active
+     To                         Action      From
+     --                         ------      ----
+[ 1] 22                         ALLOW IN    Anywhere                  
+[ 2] Anywhere                   ALLOW IN    10.10.10.0/24             
+[ 3] 22 (v6)                    ALLOW IN    Anywhere (v6)           
+----
+
+
+== Enable ufw firewall
+*ufw enable* - Enable _ufw_ firewall and load the default rules, as well as user created if any in the `/etc/ufw/user.rules`. 
+
+
+== Allow SSH access to this server from Any IP source
+`*ufw allow 22*` - Add port 22 to the `filter` table with action of `allow`. The rule will be added to the `/etc/ufw/user.rules` file and will survive reboot.
+
+
+
+== Delete a rule by its number
+`*ufw delete <rule number>*` +
+First, see the rule numbers with `*ufw status numbered*`. Let's say I want to delete rule number 2:
+
+----
+# ufw delete 2
+Deleting:
+ allow from 10.10.10.0/24
+Proceed with operation (y|n)? y
+Rule deleted
+----
+
+On deleting a rule, the ufw moves rules up, taking place of the removed rule in sequencing. That is, the rule that was numbered 3 before the deletion of rule 2, will become new rule number 2.
+
+
+
+

cheat-sheets/custom-theme.yml

@@ -0,0 +1,6 @@
+extends: default
+footer:
+  verso:
+    center:
+      content: ' https://www.linkedin.com/in/yurislobodyanyuk/[Yuri Slobodyanyuk] {doctitle}'
+footer_recto_right_content: '{page-number} out of {page-count}'

cheat-sheets/ed-text-editor-cheat-sheet.adoc

@@ -0,0 +1,104 @@
+= Ed text editor cheat sheet
+:author: Yuri Slobodyanyuk 
+
+Author: Yuri Slobodyanyuk, https://linkedin.com/in/yurislobodyanyuk/ .
+
+STATUS: Work in progress.
+
+NOTE: The cheat sheet is for GNU version of `ed`. All values in [] are optional. `ed` fully supports Unicode.
+
+.Command mode
+[cols=2,options="header"]
+|===
+
+|Command
+|Description
+
+|*[_n_]a*
+| Append - append a new line after the current , or, if _n_ is given, after the _nth_ line, then enter input mode. Use 0 (zero) for _n_ to append at the top of the buffer. 
+
+|*[_n_]i*
+|Insert - insert a new line before the current or the _nth_ line, if given, then enter the input mode. Use 0 as _n_ to insert at the top of the buffer
+
+|*[_n_]c*
+|Change - change the current, or the _nth_ line if given, then enter the input mode. The current (or specified) line gets deleted before you start typing a new one.
+
+|*[_start,end_]m[_dest_]*
+|Move lines, including, from _start_ up to the _end_ after the _dest_ destination line. 
+
+|*[_start,end_]t[_dest_]*
+| Transfer - copy lines _start_ through _end_ after the _dest_ line. If no line numbers are given, copies the current line and pastes underneath. 
+
+|*e [_filename_]*
+|Edit a file - _filename_ if given, default if not. 
+WARNING: Current buffer and all of its changes is discarded.
+
+|*[_start,end_]w [_filename_]*
+| Write the current buffer (whole or just lines between _start_ and _end_) to a _filename_ if given or the currently set with the `file` command. The contents of the _filename_ is overwritten! Ed reports number of characters written on success.
+
+|*[_start, end_]W [_filename_]*
+|Write by appending the buffer to the file _filename_, the current contents of the _filename_ are not overwritten. Ed reports number of characters written on success.
+
+|*[.]=*
+| Show number of lines in the buffer, or, if `.` (dot) is given `.=`, show the line number of the current line.
+
+|*P*
+|Show/hide prompt, * (asterisk) is the default. 
+
+|*H*
+|Turn on/off verbose error indication mode. With this mode off, `ed` only outputs `?` for any error without additional info.
+
+|*! _shell command(s)_*
+| Run the given _shell command(s)_ displaying their output without leaving the `ed`. Hitting <Enter> returns to the `ed` buffer. The shell's output is not kept or redirected to the buffer in any way.
+
+|*r*
+|Read
+
+|*r !_shell command(s)_*
+|Run the shell command 
+
+|*[_start_,_end_]p*
+| Print lines from _start_ to _end_ or current if not set. Sets current line to the last line printed. 
+
+|*q*
+|Quit the `ed`, warns if there are unsaved changes, if repeated 2nd time, quits discarding any unsaved changes.
+
+|*Q*
+|Quit `ed` unconditionally, discarding any unsaved changes.
+
+|*u*
+|Undo the last change. `ed` has only one level of uno, entering `u` the second time redoes the change undone before.
+
+|*_n_*
+|Go to the line _n_.
+
+|*[_starting_address_]z[_lines-to-scroll_]*
+| Scroll default 24 lines down, if _lines-to-scroll_ is not given. Optionally, start scrolling not from the current line (default), but from the line number  _starting_address_. Resets current line to the last line after scrolling position.
+
+
+|*[_start_,_end_]n*
+|Print _start_,_end_ lines prefixed by their line number, analog of *p* but prints line numbers as well. Use `,n` to print the whole buffer with line numbers.
+
+|*[_start_, _end_]s/_regex_/_replacement_/[g]*
+|Substitute - on lines _start_ to _end_, find 1st occurrence of _regex_ from the left (or all the occurrences if `g` for Global prefix is added) and replace with the _replacement_.
+
+|===
+
+.Input mode
+[cols=2, options="header"]
+|===
+
+|Command
+|Description
+
+|*.* (dot on a line by itself)
+|Switch from input to the command mode. The . (dot) should be entered on a new line by itself, then <Enter>. 
+
+
+|*CTRL + C*
+|Discard the changes done in the current input mode sequence, and return to the command mode. Only changes since entering last input mode are discarded, not the whole session.
+
+
+
+
+|===

cheat-sheets/git-and-github-cheat-sheet.adoc

@@ -0,0 +1,53 @@
+= Git and github.com cheat sheet
+:author: Yuri Slobodyanyuk
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+[cols=2,options="header"]
+|===
+|command
+|Description
+
+|*git clone <URL of the remote repository> [local repo name]*
+| Clone remote repository, optionally renaming the local copy of it.
+
+|*git config --system <params>*
+|Set configuration parameters for all users at the local host, requires root permissions, saves <params> in the `/etc/gitconfig`. Some params (when setting on the terminal, separate paramater value from name with whitespace):
+
+- `core.editor`  Editor to use to enter comments when committing. E.g. `git config --system core.editor vim`.
+
+- `diff.tool` Diff tool to use, e.g. `vimdiff`,`vimdiff2`,`xxdiff`,`gvimdiff`  
+
+- `user.email` Email to be incldued in each commit.
+
+- `user.name` Full name to be included in each commit.
+
+
+
+|*git config --global <params>*
+|Set <params> for ALL repositories of a user on the local host, saves <params> in the `~/.gitconfig` or `~/.config/git/config`.
+
+|*git config --local <params>*
+|(default) Set <params> for a specific repository only, should be run when inside this repository, saves <params> in the `.git/config` inside the repository. 
+
+|*git config --list --show-origin*
+|View all the settings with their origins.
+
+
+|*Contribute to a project (pull request/PR) on Github.com*
+a| Steps to contribute to some project on the github:
+
+. Fork the project you want to contribute to.
+
+. Clone the fork to your local system.
+
+. Make a new custom (non-master) branch inside it.
+
+. Make your changes.
+
+. Push this branch to your Github account.
+
+. Open a Pull Request on the Github.com for the project owner to review & merge.
+
+
+|===

cheat-sheets/gnu-screen-cheat-sheet.adoc

@@ -0,0 +1,139 @@
+= GNU screen terminal commands cheat sheet
+:author: Yuri Slobodyanyuk 
+
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+NOTE: `C-a` below stands for `Ctrl + a` keyboard sequence.
+
+[cols=2,options="header"]
+|===
+
+|Command
+|Description
+
+|*~/.screenrc* & */etc/screenrc*
+| Commands that the `screen` runs on start up.
+
+|*screen -ls*
+|List active screen sessions
+
+|*screen -Q windows*
+|List windows' names inside screen session
+
+|*screen -S <session name>*
+|Create a new screen session with the name <session name>
+
+|*screen -x*
+
+*screen -r <session name>*
+
+|Attach to the running session, also by its name
+
+|*screen -dRR*
+|Attach to the screen session, detach on other display if attached. If no session exists, will create a new one.
+
+|*C-a d*
+| Detach from the session, session keeps running. Here, and further *C* means Ctrl.
+
+|*C-a c*
+|Create new window in the session.
+
+|*C-a C-a*
+|Switch to the previous window.
+
+|*C-a "*
+|List all windows with option to navigate and enter any of them.
+
+|*C-w*
+|Show a list of active windows with their numbers.
+
+|*C-a <number>*
+|Switch to the window number _number_.
+
+|*C-a '*
+|Switch to the window by its name.
+
+|*C-a n*
+|Switch to the next window.
+
+|*C-a p*
+|Switch to the previous window.
+
+
+|*exit*
+|Exit and close current window. If it was the last window in a session, exits `screen` terminating the session.
+
+|*C-a k*
+|Kill the current window forcefully (not recommended).
+
+|*C-a : quit*
+| Quit screen session completely terminating it. Alternatively - exit all screen windows.
+
+|*C-a A*
+|Rename current window.
+
+|*C-a S*
+|Split windows display horizontally. Use *C-a c* to create a new window inside the new split or *C-X* to close this part of split.
+
+|*C-a \|*
+|Split windows display vertically. Available starting screen 4.01, i.e. not available on Mac 2020 which still uses screen 4.00.
+
+|*C-a tab*
+|Jump to the next region in a split window display.
+
+|*C-a Q*
+| Unsplit the window, leaving the current window active.
+
+|*C-a [* or *C-a <esc>*
+|Enter buffer navigation mode to scroll output buffer, copy, edit and paste later. Navigation commands as per `vim` if Vim is set as editor.*<esc>* to leave the buffer mode.
+
+|*<space>*
+|Start/stop selection while in the buffer mode to select the text. Press `<space>` or `<Enter>` to copy the selected text. E.g. to select/copy the whole buffer: `C-a [ gg <space> G <space> <esc>`
+
+|*C-a ]*
+|Paste the selected text at the cursor of the terminal, or create a new window and say start Vim there and paste into it while in Insert mode.
+
+|*C-a h*
+|Dump the contents of the currently visible terminal to `hardcopy.<n>` file, where _n_ is auto-incrementing number of your window.
+
+|*C-a H*
+|Start/end logging all output of the curent window into a file `screenlog.N` where `N` is the window number. The data is appended, not overwritten if the file exists. Output printed before that is not logged. 
+
+|*C-a a*
+| Send `Ctrl-a` sequence to the shell in the window, useful to jump to the beginning of the line.
+
+|*C-a M*
+|Monitor window for activity. When enabled, will notify you of any acitvity while you work in other window.
+
+|*C-a _*
+| Monitor window for 30 seconds of silence, will notify you in any other window as `Window 0: silence for 30 seconds`
+
+|*C-a ?*
+|Show all key bindings help.
+
+
+|*Save session state*
+|This is not possible. If you use the same layout each session, you can put start up commands to re-create it in `.screenrc` file in your home directory, but still - you cannot save the current session state, i.e. contents of the windows and their layout.
+
+2+|*Sharing session (e.g. for pair programming/tutoring)*
+
+
+a|Original session (say _user1_):
+
+. Set suid root bit on `screen` binary: `sudo chmod +s /usr/bin/screen` 
+. Inside session you want to share: `C-a :` then `multiuser on` to enable sharing session.
+. Add usernames to share the session with: `C-a :` `acladd <username>`
+
+Connecting user (say _user2_):
+
+. Run in shell: `screen  -x  <sharing username>/`, in our example `screen -x user1/`
+
+|Sets up sharing the session. Another user connecting to the session views real-time its output, can enter and run commands himself. Also see *aclchg*, *acldel*, *aclgrp* for controlling what the connecting user can and cannot do. E.g. to remove _write_ permissions from all users on all windows: `:aclchg * -w #` 
+
+|*C-a **
+| See who is connected to your shared screen session.
+
+
+|===
+
+Follow me on https://linkedin.com/in/yurislobodyanyuk/ for updates.

cheat-sheets/gnu-tar-example-reference.adoc

@@ -0,0 +1,321 @@
+= GNU tar archive tool reference by example
+Yuri Slobodyanyuk <yuri@yurisk.info>
+:toc: auto
+:source-highlighter: rouge
+
+by Yuri Slobodyanyuk https://www.linkedin.com/in/yurislobodyanyuk/
+
+NOTE: All the examples below are for the Linux GNU tar, not for Solaris, FreeBSD, or Mac OS operating systems native versions of tar.
+
+
+
+
+== Archive and gzip-compress the current folder with tar
+
+
+
+----
+tar -czf gzipped-folder.tar.gz  .
+----
+
+Here: 
+
+* `c` For _create_
+* `z` For _gzip_ compress
+* `f` Filename of the archive to create
+* `.` (dot) for the current folder
+
+The file `gzipped-folder.tar.gz` will contain  all the files (including dot files) and subfolders of the current folder.
+
+
+== Archive and gzip-compress the current folder using maximal compression possible
+There are few ways to do it. The older versions of `tar` do not accept compression level for the `gzip`, so we have to hint to the `gzip` in other way.
+
+=== Set compression level as the `GZIP` environmental variable for `gzip`
+Let's set the maximum compression level of 9: 
+
+----
+GZIP=-9 tar -cvzf maxcompression.tar.gz .
+----
+
+NOTE: Disadvantage of this method is that it depends on the shell you are using. It works for Bash, but may fail to work in other shells.
+
+=== Set compression level by piping `tar` output to the `gzip`
+Most starightforward way to do it: 
+
+----
+tar -cvf  -  . | gzip -9 - > maxcompression.tar.gz
+----
+
+
+Variation of the above:  
+
+----
+tar -cvf maxcompression.tar ; gzip -9 maxcompression.tar
+----
+
+=== Use `-I` option for modern versions of tar
+This option `I` or `--use-compress-program` appeared somewhere in version 1.22 or earlier, year of 2009. So, if your tar is newer than that (most probably is), you can change compression level: 
+
+----
+ tar -I 'gzip -9' -cvf maxcompression.tar.gz .
+----
+
+`I` sends its arguments in quotes as options to the compression program of choice as is. 
+
+
+== Archive and bzip2-compress the current folder with tar
+Same as the above, but use `bzip2` compression instead of the `gzip`. In the past the bzip2 compression produced smaller size archives compared to the gzip, but today they perform pretty much the same. 
+
+----
+tar -cjf gzipped-folder.tar.bz2  .
+----
+
+Here: 
+
+* `c` For _create_
+* `j` For _bzip2_ compress
+* `f` Filename of the archive to create
+
+The file `gzipped-folder.tar.bz2` will contain  all the files (including dot files) and subfolders of the current folder.
+
+
+== Archive the current folder but exlude specific file and/or subfolder
+
+WARNING: Even though not explicitly mentioned in the tar's man - except for the newest versions, you HAVE to put the folder/path to work on as the LAST argument  on the line, or `--exclude` will be ignored.
+
+E.g. create an archive named `tared-folder.tar` to include all files/subfolders of the current folder except the file named `cookbook.gzip` and subfolder and its contents named `.git`: 
+
+----
+tar -cvf tared-folder.tar  --exclude=cookbook.gzip --exclude=.git  .
+----
+
+`v` is for verbose output during the operation.
+
+
+
+== List contents of a tar archive (gzipped or not) without actually extracting it
+Use `-t` option before the `f`: 
+
+----
+tar -tf  gzipped-folder.tar.gz
+----
+
+
+== Create a tar archive embedding the current day, month, and year in the name
+
+When running tar as scheduled/cron-ed job, it is benefitial to include date of the archive creation in the name.
+
+E.g.: create a tar archive named _backup-<current date>.tar_ from files in the current folder ending in `*.md`: 
+
+----
+tar -cf backup-`date +%d-%m-%Y`.tar   *.md
+----
+
+Result:  
+
+----
+ls *.tar
+backup-13-07-2021.tar
+----
+
+NOTE: Look at the `man date` for more options, like hour, second etc.
+
+
+== Append file(s) to the existing archive
+The file(s) will be appended at the end of the archive, just so you know.
+
+E.g. let's append to the existing _backup-13-07-2021.tar_ archive the file named _missfont.log_:  
+
+----
+tar -rf backup-13-07-2021.tar missfont.log
+----
+
+== Move the current directory and all of its contents as a whole, keeping file permissions
+An old trick to compensate for various deficiencies of `cp` and `mv`.
+
+----
+tar -cf - . | (cd new-location; tar xvpf -)
+----
+
+
+
+
+== Encrypt/Decrypt the resulting archive with OpenSSL and password 
+We just pipe the tar output to the OpenSSL, provided it is already installed. The password is given interactively in the CLI, so this is not very secure way to do so.
+
+E.g. tar the current folder into tar archive and the encrypt it:  
+
+----
+tar -cvf - * | openssl  enc -e -aes256 -out encrypted-dolder.tar.enc
+enter aes-256-cbc encryption password:
+Verifying - enter aes-256-cbc encryption password:
+*** WARNING : deprecated key derivation used.
+Using -iter or -pbkdf2 would be better.
+----
+
+Now, decrypt it: 
+
+----
+openssl enc -d -aes256 -in  encrypted-folder.tar.enc | tar -xf  - 
+enter aes-256-cbc decryption password:
+
+----
+
+
+== Extract only specific file(s) from the tar archive
+
+We may specify a specific filename to extrtact or use shell globbing patterns for file name matching.
+
+E.g.: extract only file named _README.md_ from the archive tar _cookbooks.tar.bz2_:  
+
+----
+tar -xjvf cookbooks.tar.bz2 ./README.md
+----
+
+E.g.: extract all Markdown files from the archive:  
+
+----
+tar -xjvf cookbooks.tar.bz2 ./*.md
+----
+
+NOTE: `-j` is to extract from bzip2-compressed archive, if extracting from plain tar archive just remove -j
+
+
+== Archive directory on the remote server and download to the local host via SSH in one command
+
+Task: add to tar archive and compress contents of the directory _ASM_ on the remote server 19.23.55.158 and download it to the local host as file _ASM.tar.gz_
+
+----
+ssh root@19.23.55.158 'cd ASM && tar -czf - *' > ASM.tar.gz
+root@19.23.55.158's password: 
+----
+
+Result: 
+----
+ls -l
+-rw-r--r-- 1 root root      505 Jul 14 08:39 ASM.tar.gz
+----
+
+Here:  
+
+* `ASM` - relative path of the directory on the remote server, using absolute path is recommended.
+* `tar -czf -` - creates gzip-compressed tar archive with stdout being the output device so we can redirect output on local server to the file _ASM.tar.gz_
+
+
+
+== Remove / do not preserve / anonymize username and group name of the files owner when adding files to tar archive
+
+By default tar will add files/directories to the archive along with their owner user/group. The only reliable way to prevent this is to replace actual data with fake user/group when adding to the archive.
+
+E.g. Add file _README.md_ to the archive, but change the owner's username/group to the fictitious _Doe_ with numeric id of _1002_. If we supply just username/group name, then depending on version/implementation, the tar may change them as asked but leave the real numeric IDs. To force tar not to do it, specify both - alphanumeric name and numeric ID or add beyond numeric IDs the option `--numeric-owner`, which forces tar to keep only numeric IDs. 
+
+NOTE: tar does not check if the given user and group name actually exist on the system.
+
+----
+
+tar -cvf perms.tar README.md --owner=Doe:1002 --group=Doe:1002
+----
+
+Verify:  
+
+----
+tar -vtf perms.tar 
+-rw-r--r-- Doe/Doe         542 2020-08-22 09:50 README.md
+----
+
+== Delete only specific file(s) or folder(s) from the archive
+Not really possible. There is `--delete` option that seemingly does this, but under the surface this option just combines extracting the whole archive to the temporary directory, deleting the file(s) in question, and creating the archive again from scratch into one command.
+
+
+== How can I run tar in parallel on multi-core CPU when creating an archive?
+The short answer - you can't. The extended answer - you can't archive in parallel to the same archive (it was never the goal of `tar`, which originally wrote archives to the physical tapes that could not be accessed in parallel), but you have options (if you need at all) to parallelize compression of the archive. The options for parallel execution depend on the compressing utility used. There are `xz`, `7zip`, and `pigz` tools which can compress an archive in parallel, given the correct options. But they cannot decompress in parallel way though, only to compress.
+
+
+== Find all tar archives even those NOT having .tar extension
+
+In situation where you are presented with a bunch of files with random names, finding which ones are proper tar archive can be done in few ways. The idea behind all of them is to look for the tar's *magic number* inside the file. On systems with `file` utility installed, it is really easy: 
+
+----
+# file * | awk -F: '/POSIX tar archive/ {print $1}'
+
+damaged.tar
+deleteme-13-07-2021.tar
+maxwithI.tar.gz
+perms.tar
+permstar
+permstar2
+----
+
+As you can see, it found tar archives without any extension _permstar_ and _permstar2_. 
+
+When the `file` tool is not available (highly unprobable), we can go more old school way looking at the magic number: 
+
+----
+find .  -type f    -exec  xxd  -g 6  -s 257 -l 6 \{\} \; -print | sed -n '/757374617220/{n;p}'
+./perms.tar
+./maxwithI.tar.gz
+./damaged.tar
+./deleteme-13-07-2021.tar
+./test/deleteme-13-07-2021.tar
+./permstar2
+./permstar
+----
+
+Here:  
+
+*  757374617220 is the magic number for the tar filetype
+* `xxd` is hex dumper to show contents of a file in hexadecimal
+* `-g 6` tells xxd to group the found bytes into a group of 6 bytes (size of the magic number) when printing
+* `-l 6` limits output to just 6 bytes
+* `-s 257` skips first 256 bytes to start printing from byte 257 forward
+
+
+== tar archives symlinks instead of the objects they point to, how to fix?
+
+Use `-h` switch to tell tar to dereference symlinks and add to archive objects (directories/files) that those symlinks point to.
+
+----
+tar -hcf .
+----
+
+This will dereference all symlinks found in the current directory.
+
+
+== Archive only those objects modified last 24 hours
+
+Tar itself does not have option to search by timestamps, but `find` does.
+
+----
+find .  -mtime 0 -print0 | tar -cvf modified.tar --null -T -
+----
+
+Here:  
+
+* `-mtime` tells `find` what modification timestamps of the objects we are looking for, in days. The `0` means "0 days ago", i.e. last 24 hours. This option accepts relative values as well. E.g. `-2` means modified less than 2 days ago. And `-mtime +2` will find objects modified earlier than 2 days ago. See below for another example.  
+
+=== Archive only those objects modified between 24 and 48 hours ago 
+
+The extension of the above. In general, `find` is such an essential tool, that you can't do much without it in any Linux/BSD/Unix system.
+
+
+----
+find . -mtime 1 -print0 | tar -cvf modified.tar --null -T -
+----
+
+NOTE: To search for modified times in minute resolution, use `-mmin` instead of `-mtime`.
+
+== Verify tar archive integrity in a Bash script, i.e. non interactively
+Tar itself does not calculate/save checksum in the archive it creates. The rudimentary "integrity" check can be done 
+with `-t` switch, which produces an error and exits if the archive is severely damaged - cannot be read, headers are mangled and such. The change in the **contents** of a file this `-t` check will NOT notice. When gzip-ing tar archive, though, the CRC checksum is autosaved, but of the final tar archive, not individual files inside this archive. This way, if there is a CRC checksum mismatch on unzipping tar archive, the `gzip` will issue an error on the standard output. 
+
+So, to try and read the archive, verifying that it is readable: 
+
+----
+#!/bin/bash
+if ! tar tf /path/to/archive.tar &> /dev/null; then # Here we check the EXIT status of reading a tar archive, also redirecting stdout to the /dev/null, as no need to see the contents of archive
+    do_something_if_exit_status_is_error
+fi
+
+----
+

cheat-sheets/ncftp-commands-reference-by-example-cookbook.adoc

@@ -0,0 +1,36 @@
+= ncftp Ftp Client Commands example cookbook
+:source-highlighter: rouge
+:date: 2022-02-09 07:55:25+00:00
+:toc: auto
+
+
+
+
+
+== Connect to remote FTP server specifying username and password on the command line
+WARNING: This means that username/password can be seen by other users logged in on the machine (if any)
+
+[source,bash]
+----
+ncftp -u ftpuser -p qwe123 ftp.slackware.com
+----
+
+.Here:
+* -u _user_: specify username on the FTP server
+* -p _password_: specify password of FTP user
+* ftp.slackware.com: FTP server domain name or IP address to connect to.
+
+After connecting we can issue FTP client commands on the prompt.
+
+
+== Upload a file renaming it at the destination
+`ncftp` will not upload a file if a file with the same name exists in the destination server. To still upload such file, we can rename it using `-z` option.
+Upload file named _manifesto-1.pdf_ to the FTP server renaming it to _manifesto-2.pdf_
+
+[source,bash]
+----
+ncftp / > put -z manifesto-1.pdf manifesto-2.pdf
+manifesto-1.pdf:                                        11.40 kB    2.49 MB/s 
+----
+
+