mirrors/cheat-sheets
1
0
Fork 0
mirror of https://github.com/yuriskinfo/cheat-sheets.git synced 2025-12-21 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

ongoing additions, changes, and fixes

Browse Source
This commit is contained in:
yuriskinfo
2023-12-14 12:29:57 +02:00
parent 9c26f3077a
commit 657fdb2ac1
30 changed files with 4145 additions and 4141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
#VS Code stuff
.vscode/*
*.code-workspace

10
CONTRIBUTING.md
View File

@@ -1,5 +1,5 @@
# Contributions # Contributions
Contributions are welcome, of course. Any way will do: Contributions are welcome, of course. Any way will do:
* Open PR on any page you found bug/missing info * Open PR on any page you found bug/missing info
* Send me an email yuri@yurisk.info * Send me an email yuri@yurisk.info
* If we are connected, send me a message on LinkedIn https://www.linkedin.com/in/yurislobodyanyuk/ * If we are connected, send me a message on LinkedIn https://www.linkedin.com/in/yurislobodyanyuk/

42
LICENSE
View File

@@ -1,21 +1,21 @@
MIT License MIT License
Copyright (c) 2021 Yuri Slobodyanyuk Copyright (c) 2021 Yuri Slobodyanyuk
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions: furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software. copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE. SOFTWARE.

152
README.md
View File

@@ -1,76 +1,76 @@
# Configuration, Debug and Diagnostics cheat sheets for Network and Linux based equipment # Configuration, Debug and Diagnostics cheat sheets for Network and Linux based equipment
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
Collection of cheat sheets to help you with hands-on tasks of troubleshooting and configuring the production equipment. Collection of cheat sheets to help you with hands-on tasks of troubleshooting and configuring the production equipment.
Make sure to __watch__ this repository to get notified on updates (usually updated once per week). Your stars on the repository as a sign that you found it useful are appreciated, thanks. I also blog at https://yurisk.info about these topics as well. Make sure to __watch__ this repository to get notified on updates (usually updated once per week). Your stars on the repository as a sign that you found it useful are appreciated, thanks. I also blog at https://yurisk.info about these topics as well.
## Network and Security vendors (Fortinet, Cisco, Checkpoint, Rad, MRV, HP/Aruba) ## Network and Security vendors (Fortinet, Cisco, Checkpoint, Rad, MRV, HP/Aruba)
[Fortigate debug and diagnose commands complete cheat sheet](cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc) | [PDF](cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.pdf) [Fortigate debug and diagnose commands complete cheat sheet](cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc) | [PDF](cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.pdf)
[**Fortigate SSL VPN Hardening Guide**](cheat-sheets/fortigate-ssl-vpn-hardening-guide.adoc) [RU](https://habr.com/ru/articles/734044/) | [PDF](cheat-sheets/fortigate-ssl-vpn-hardening-guide.pdf) [**Fortigate SSL VPN Hardening Guide**](cheat-sheets/fortigate-ssl-vpn-hardening-guide.adoc) [RU](https://habr.com/ru/articles/734044/) | [PDF](cheat-sheets/fortigate-ssl-vpn-hardening-guide.pdf)
[Fortianalyzer diagnose and debug cheat sheet](cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc) | [PDF](cheat-sheets/Fortianalyzer-debug-cheat-sheet.pdf) [Fortianalyzer diagnose and debug cheat sheet](cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc) | [PDF](cheat-sheets/Fortianalyzer-debug-cheat-sheet.pdf)
[Checkpoint cpstat tool complete cheat sheet](cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.adoc) | [PDF](cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.pdf) [Checkpoint cpstat tool complete cheat sheet](cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.adoc) | [PDF](cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.pdf)
[Checkpoint Firewalls Debug Cheat Sheet](/cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc)| [PDF](/cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.pdf) [Checkpoint Firewalls Debug Cheat Sheet](/cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc)| [PDF](/cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.pdf)
[Cisco Nexus 9000 9k debug and diagnostic commands cheat sheet](cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.pdf) [Cisco Nexus 9000 9k debug and diagnostic commands cheat sheet](cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.pdf)
[Cisco CUCM/Unity/Presence useful CLI commands cheat sheets](cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.pdf) [Cisco CUCM/Unity/Presence useful CLI commands cheat sheets](cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.pdf)
[RAD ETX 203, 205, 220 debug and information commands](cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.pdf) [RAD ETX 203, 205, 220 debug and information commands](cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.pdf)
[MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands](cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.adoc) | [PDF](cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.pdf) [MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands](cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.adoc) | [PDF](cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.pdf)
[Aruba and HP switches debug and diagnostics commands](cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.pdf) [Aruba and HP switches debug and diagnostics commands](cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.pdf)
[Aruba HP switches configuration examples cookbook](/cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.adoc) | [PDF](/cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.pdf) [Aruba HP switches configuration examples cookbook](/cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.adoc) | [PDF](/cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.pdf)
[Ruckus ICX switches 7150, 7250, 7450, 7650, 7750, 7850 diagnostics commands](cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.pdf) [Ruckus ICX switches 7150, 7250, 7450, 7650, 7750, 7850 diagnostics commands](cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.adoc) | [PDF](cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.pdf)
## Linux, FreeBSD, OpenBSD, and Open Source Tools ## Linux, FreeBSD, OpenBSD, and Open Source Tools
[Linux ip route reference by example](cheat-sheets/Linux-ip-route-reference-by-examples.adoc) | [PDF](cheat-sheets/Linux-ip-route-reference-by-examples.pdf) [Linux ip route reference by example](cheat-sheets/Linux-ip-route-reference-by-examples.adoc) | [PDF](cheat-sheets/Linux-ip-route-reference-by-examples.pdf)
[GNU tar archive manager cookbook of examples](cheat-sheets/gnu-tar-example-reference.adoc) | [PDF](cheat-sheets/gnu-tar-example-reference.pdf) [GNU tar archive manager cookbook of examples](cheat-sheets/gnu-tar-example-reference.adoc) | [PDF](cheat-sheets/gnu-tar-example-reference.pdf)
[Linux and PF BSD firewalls cheat sheet](cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc) | [PDF](cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.pdf) [Linux and PF BSD firewalls cheat sheet](cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc) | [PDF](cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.pdf)
[Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples](/cheat-sheets/Ubuntu-ufw-firewall-cookbook.adoc) | [PDF](/cheat-sheets/Ubuntu-ufw-firewall-cookbook.pdf) [Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples](/cheat-sheets/Ubuntu-ufw-firewall-cookbook.adoc) | [PDF](/cheat-sheets/Ubuntu-ufw-firewall-cookbook.pdf)
[FreeBSD cheat sheet](/cheat-sheets/FreeBSD-cheat-sheet.adoc) | [PDF](/cheat-sheets/FreeBSD-cheat-sheet.pdf) [FreeBSD cheat sheet](/cheat-sheets/FreeBSD-cheat-sheet.adoc) | [PDF](/cheat-sheets/FreeBSD-cheat-sheet.pdf)
[Git and github.com commands cheat sheet](cheat-sheets/git-and-github-cheat-sheet.adoc) | [PDF](cheat-sheets/git-and-github-cheat-sheet.pdf) [Git and github.com commands cheat sheet](cheat-sheets/git-and-github-cheat-sheet.adoc) | [PDF](cheat-sheets/git-and-github-cheat-sheet.pdf)
[GNU screen terminal multiplexor cheat sheet](cheat-sheets/gnu-screen-cheat-sheet.adoc) | [PDF](cheat-sheets/gnu-screen-cheat-sheet.pdf) [GNU screen terminal multiplexor cheat sheet](cheat-sheets/gnu-screen-cheat-sheet.adoc) | [PDF](cheat-sheets/gnu-screen-cheat-sheet.pdf)
[Links text browser cheat sheet](cheat-sheets/links-text-browser-cheat-sheet.adoc) | [PDF](cheat-sheets/links-text-browser-cheat-sheet.pdf) [Links text browser cheat sheet](cheat-sheets/links-text-browser-cheat-sheet.adoc) | [PDF](cheat-sheets/links-text-browser-cheat-sheet.pdf)
[Ed text editor complete cheat sheet](cheat-sheets/ed-text-editor-cheat-sheet.adoc) | [PDF](cheat-sheets/ed-text-editor-cheat-sheet.pdf) [Ed text editor complete cheat sheet](cheat-sheets/ed-text-editor-cheat-sheet.adoc) | [PDF](cheat-sheets/ed-text-editor-cheat-sheet.pdf)
[ncftp Ftp Client Commands example cookbook](cheat-sheets/ncftp-commands-reference-by-example-cookbook.adoc) | [PDF](cheat-sheets/ncftp-commands-reference-by-example-cookbook.pdf) [ncftp Ftp Client Commands example cookbook](cheat-sheets/ncftp-commands-reference-by-example-cookbook.adoc) | [PDF](cheat-sheets/ncftp-commands-reference-by-example-cookbook.pdf)
[curl cookbook of examples](cheat-sheets/curl-cookbook-of-examples.adoc) | [PDF](cheat-sheets/curl-cookbook-of-examples.pdf) [curl cookbook of examples](cheat-sheets/curl-cookbook-of-examples.adoc) | [PDF](cheat-sheets/curl-cookbook-of-examples.pdf)
## Apple macOS tools ## Apple macOS tools
[mdfind examples cheat sheet](cheat-sheets/macos-mdfind-examples-cheat-sheet.adoc) | [PDF](cheat-sheets/macos-mdfind-examples-cheat-sheet.pdf) [mdfind examples cheat sheet](cheat-sheets/macos-mdfind-examples-cheat-sheet.adoc) | [PDF](cheat-sheets/macos-mdfind-examples-cheat-sheet.pdf)
## Windows software and utilities ## Windows software and utilities
[FAR file manager cheat sheet of keyboard shortcuts](cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.adoc) | [PDF](cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.pdf) [FAR file manager cheat sheet of keyboard shortcuts](cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.adoc) | [PDF](cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.pdf)
[Windows cmd.exe shell batch scripting cheat sheet](cheat-sheets/Windows-cmd-shell-batch-scripting-cheat-sheet.adoc) | [PDF](Windows-cmd-shell-batch-scripting-cheat-sheet.pdf) [Windows cmd.exe shell batch scripting cheat sheet](cheat-sheets/Windows-cmd-shell-batch-scripting-cheat-sheet.adoc) | [PDF](Windows-cmd-shell-batch-scripting-cheat-sheet.pdf)
## Amazon AWS CLI v2.x ## Amazon AWS CLI v2.x
[Route53 cheat sheet of examples](cheat-sheets/Route53-AWS-CLI-examples.adoc) | [PDF](cheat-sheets/Route53-AWS-CLI-examples.pdf) [Route53 cheat sheet of examples](cheat-sheets/Route53-AWS-CLI-examples.adoc) | [PDF](cheat-sheets/Route53-AWS-CLI-examples.pdf)

50
cheat-sheets/7zip-command-line-cookbook-of-examples.adoc
View File

@@ -1,25 +1,25 @@
= 7z Linux Command Line Cookbook of Examples = 7z Linux Command Line Cookbook of Examples
:homepage: https://github.com/yuriskinfo/cheat-sheets :homepage: https://github.com/yuriskinfo/cheat-sheets
:toc: :toc:
Author: https://www.linkedin.com/in/yurislobodyanyuk/ Author: https://www.linkedin.com/in/yurislobodyanyuk/
== Important facts about 7-zip == Important facts about 7-zip
* 7-zip does NOT store the owner/group of the files/folders being archived, which is good for privacy, but may not suite your specifc use case, especially as a back up tool. * 7-zip does NOT store the owner/group of the files/folders being archived, which is good for privacy, but may not suite your specifc use case, especially as a back up tool.
* 7-zip is a name of the compression tool created by Igor Pavlov. * 7-zip is a name of the compression tool created by Igor Pavlov.
* While Igor Pavlov provides Linux/macOS versions as well, another implementation by independent developer (Mohammed Adnene Trojette) has become wide used in the Linux realm - `p7zip`. This cookbook relates to this, independent version, so options and switches may differ a bit from 7-zip Windows canonical version. * While Igor Pavlov provides Linux/macOS versions as well, another implementation by independent developer (Mohammed Adnene Trojette) has become wide used in the Linux realm - `p7zip`. This cookbook relates to this, independent version, so options and switches may differ a bit from 7-zip Windows canonical version.
== Install p7zip package on Linux == Install p7zip package on Linux
This tool is already in all the major repositories, so you should have no problems installing it. This tool is already in all the major repositories, so you should have no problems installing it.
`Ubuntu`: `sudo apt install p7zip-full` `Ubuntu`: `sudo apt install p7zip-full`
`CentOS/Fedora`: `sudo yum install p7zip p7zip-plugins` `CentOS/Fedora`: `sudo yum install p7zip p7zip-plugins`
== Create an archive adding all the files in the current folder == Create an archive adding all the files in the current folder
We first indicate to `7-zip` that we want to _add_ to an archive with `a` command, then we specify the archive name, and finally, we use `*` as wildcard to include all files in the current folder. We first indicate to `7-zip` that we want to _add_ to an archive with `a` command, then we specify the archive name, and finally, we use `*` as wildcard to include all files in the current folder.
`7z a folder.7z *` `7z a folder.7z *`
The result - _folder.7z_ will be placed in the same folder where it run. The result - _folder.7z_ will be placed in the same folder where it run.

94
cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.adoc
View File

@@ -1,47 +1,47 @@
= Aruba HP switches configuration examples cookbook = Aruba HP switches configuration examples cookbook
Yuri SLobodyanyuk, admin@yurisk.info Yuri SLobodyanyuk, admin@yurisk.info
:homepage: https://yurisk.info :homepage: https://yurisk.info
:toc: :toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Reset/wipe switch configuration to the factory defaults == Reset/wipe switch configuration to the factory defaults
WARNING: This will erase all the configuration and cannot be undone. WARNING: This will erase all the configuration and cannot be undone.
If you don't have priveleged EXEC access to the switch: If you don't have priveleged EXEC access to the switch:
. Push and hold the _Reset_ button with sharp object like pen/pencil. . Push and hold the _Reset_ button with sharp object like pen/pencil.
. Now also push and hold _Clear_ button with another sharp object. . Now also push and hold _Clear_ button with another sharp object.
. When LEDs are turned on - release _Reset_ button, while holding the _Clear_. . When LEDs are turned on - release _Reset_ button, while holding the _Clear_.
. When LEDs start to blink, release the _Clear_ button as well. . When LEDs start to blink, release the _Clear_ button as well.
If you have privileged EXEC access to the switch, just run *(config)# erase startup* and reboot. If you have privileged EXEC access to the switch, just run *(config)# erase startup* and reboot.
== Restrict management access to specific IP addresses == Restrict management access to specific IP addresses
To limit access to the switch, use *ip authorized-managers* command. Example - limit access to a single IP of 192.168.13.127: To limit access to the switch, use *ip authorized-managers* command. Example - limit access to a single IP of 192.168.13.127:
---- ----
ip authorized-managers 192.168.13.127 255.255.255.255 access operator ip authorized-managers 192.168.13.127 255.255.255.255 access operator
ip authorized-managers 192.168.13.127 255.255.255.255 access manager ip authorized-managers 192.168.13.127 255.255.255.255 access manager
---- ----
== Add default gateway on Layer 2 switch for management == Add default gateway on Layer 2 switch for management
We have to set default gateway on a switch for the management VLAN we choose to be reachable and managed remotely. The command does not mention explicitly the VLAN number, just make sure the network is the network configured on the management VLAN. We have to set default gateway on a switch for the management VLAN we choose to be reachable and managed remotely. The command does not mention explicitly the VLAN number, just make sure the network is the network configured on the management VLAN.
---- ----
ip default-gateway 10.13.13.127 ip default-gateway 10.13.13.127
---- ----
It is, for example, when VLAN 200 is configured as management VLAN: It is, for example, when VLAN 200 is configured as management VLAN:
---- ----
vlan 200 vlan 200
name "MgmtVlan" name "MgmtVlan"
tagged Trk1 tagged Trk1
ip address 10.13.13.250 255.255.255.0 ip address 10.13.13.250 255.255.255.0
exit exit
---- ----

1034
cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.adoc
View File

File diff suppressed because it is too large Load Diff

90
cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc
View File

@@ -1,45 +1,45 @@
= Checkpoint Firewalls Debug Cheat Sheet = Checkpoint Firewalls Debug Cheat Sheet
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Status: Work in progress. Status: Work in progress.
== Cluster XL (ClusterXL) debug == Cluster XL (ClusterXL) debug
[cols=2,"options="header"] [cols=2,"options="header"]
|=== |===
|command |command
|Description |Description
|*cphaprob state* |*cphaprob state*
|Show status of the cluster and its members, if down - show the descriptive reason and when the state change happened,type of clustering - HA/Load Sharing/VRRP, IP address of each member's sync interface, problematic _pnote_ that causes failover, number of failovers since last restart. |Show status of the cluster and its members, if down - show the descriptive reason and when the state change happened,type of clustering - HA/Load Sharing/VRRP, IP address of each member's sync interface, problematic _pnote_ that causes failover, number of failovers since last restart.
|*cphaprob -ia list* |*cphaprob -ia list*
|Show detailed information on the failed __pnote__/Critical Device of this member. List of pnotes enabled by default (differs by version/model so not a reference): _Interface Active Check_, _Recovery Delay_ , _CoreXL Configuration_, _Fullsync_, _Policy/filter_, _routed_, _fwd_, _cphad_, _init_, _cvpnd_. |Show detailed information on the failed __pnote__/Critical Device of this member. List of pnotes enabled by default (differs by version/model so not a reference): _Interface Active Check_, _Recovery Delay_ , _CoreXL Configuration_, _Fullsync_, _Policy/filter_, _routed_, _fwd_, _cphad_, _init_, _cvpnd_.
|*cphaprob -l list* |*cphaprob -l list*
|List ALL _pnotes_ of the member, including in _OK_ state. |List ALL _pnotes_ of the member, including in _OK_ state.
|*cphaprob -a if* |*cphaprob -a if*
|Show all the interfaces seen by the cluster on this member. _Monitored_ are interfaces monitored by the cluster and if failed would cause fail over. _Secured_ is/are interface(s) the cluster uses to synchronize members. In Checkpoint appliances it is usually named `Sync`. Also show cluster synchronization mode - broadcast/multicast, |Show all the interfaces seen by the cluster on this member. _Monitored_ are interfaces monitored by the cluster and if failed would cause fail over. _Secured_ is/are interface(s) the cluster uses to synchronize members. In Checkpoint appliances it is usually named `Sync`. Also show cluster synchronization mode - broadcast/multicast,
|*cphaprob -m if* |*cphaprob -m if*
|Show the monitored interfaces but also add ClusterXL VLAN monitoring info - which VLANs on which interface are being monitored. |Show the monitored interfaces but also add ClusterXL VLAN monitoring info - which VLANs on which interface are being monitored.
|*cphaprob syncstat* |*cphaprob syncstat*
|Show detailed synchronization states and traffic statistics: sync traffic drops/sent/received/queue szie/delta interval. Good at showing network/communication problems between cluster members. |Show detailed synchronization states and traffic statistics: sync traffic drops/sent/received/queue szie/delta interval. Good at showing network/communication problems between cluster members.
|*cphaprob show_failover* |*cphaprob show_failover*
|Show detailed history log of failover events with their dates and reasons. Checkpoint records last 20 failovers by default. |Show detailed history log of failover events with their dates and reasons. Checkpoint records last 20 failovers by default.
|*cphaprob mmagic* |*cphaprob mmagic*
|Show the cluster magic number, relevant if multiple clusters are present in the same network. |Show the cluster magic number, relevant if multiple clusters are present in the same network.
|*cphaprob show_bond* |*cphaprob show_bond*
|Show bond interfaces. |Show bond interfaces.
|*cpview -> Advanced -> ClusterXL* |*cpview -> Advanced -> ClusterXL*
|Partial output of the above commands in TUI interface. |Partial output of the above commands in TUI interface.
|=== |===

170
cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.adoc
View File

@@ -1,85 +1,85 @@
= Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence = Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
Yuri Slobodyanyuk <admin@yurisk.info> Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2021-02-22 v1.0, 2021-02-22
:homepage: https://yurisk.info :homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"] [cols=2,options="header"]
|=== |===
|Command |Command
|Descritption |Descritption
|*show status* |*show status*
|General health info, first to run on unusual CPU/IO load. Shows uptime, CPU load, memory usage, CUCM/Unity version. |General health info, first to run on unusual CPU/IO load. Shows uptime, CPU load, memory usage, CUCM/Unity version.
|*utils ntp status* |*utils ntp status*
|Show NTP status - NTP source, synchronization, stratum. Note: this is not necessarily time source for the phones. |Show NTP status - NTP source, synchronization, stratum. Note: this is not necessarily time source for the phones.
|*utils network ping <dest> [count VALUE] [size VALUE]* |*utils network ping <dest> [count VALUE] [size VALUE]*
| Ping to test network quality and connectivity. E.g. `utils network ping 8.8.8.8 count 10 size 1300` | Ping to test network quality and connectivity. E.g. `utils network ping 8.8.8.8 count 10 size 1300`
|*utils network traceroute <IP address>* |*utils network traceroute <IP address>*
|Network trace. |Network trace.
|*show tech network routes* |*show tech network routes*
|Show routing table. |Show routing table.
|*show network status [process nodns search [search term]]* |*show network status [process nodns search [search term]]*
|Show established connections with the process using the port. E.g. to show established connections to port 5060 (SIP phones and SIP trunks): `show network status process nodns search 5060`. |Show established connections with the process using the port. E.g. to show established connections to port 5060 (SIP phones and SIP trunks): `show network status process nodns search 5060`.
|*utils network arp list* |*utils network arp list*
*utils network arp delete* *utils network arp delete*
*utils network arp set* *utils network arp set*
|Working with ARP table. |Working with ARP table.
|*show network ipprefs public* |*show network ipprefs public*
*show open ports* *show open ports*
*show open ports all* *show open ports all*
*show open ports regexp* *show open ports regexp*
|Show open and accessible over the network ports with listening daemons. |Show open and accessible over the network ports with listening daemons.
|*show network ip_conntrack* |*show network ip_conntrack*
|Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on CUCM with 52 registered SIP phones this commands shows 301 connections. |Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on CUCM with 52 registered SIP phones this commands shows 301 connections.
|*show process list* |*show process list*
|Show list of running processes (Linux style). |Show list of running processes (Linux style).
|*utils iostat* |*utils iostat*
|Show I/O stats - writes/reads per second, averages |Show I/O stats - writes/reads per second, averages
|*show hardware* |*show hardware*
|Show the hardware server on which the CUCM is installed. |Show the hardware server on which the CUCM is installed.
|*utils service list* |*utils service list*
*utils service <stop/restart/start>* *utils service <stop/restart/start>*
|List running CUCM/Unity services (not previously mentioned Linux ones) and then stop/restart any of them by their name. Copy & paste service name exactly as shown in the listing. |List running CUCM/Unity services (not previously mentioned Linux ones) and then stop/restart any of them by their name. Copy & paste service name exactly as shown in the listing.
|*utils system restart* |*utils system restart*
|Last resort - restart the whole CUCM/Unity. |Last resort - restart the whole CUCM/Unity.
|*show diskusage activelog* |*show diskusage activelog*
|Get the disk usage. |Get the disk usage.
|*show logins* |*show logins*
|Show logged in admins |Show logged in admins
|*show password expiry user list* |*show password expiry user list*
|Show user password expiration, by default it is set to 99999 days, if not changed by the administrator. |Show user password expiration, by default it is set to 99999 days, if not changed by the administrator.
|*set password { age / complexity / expiry / inactivity / user }* |*set password { age / complexity / expiry / inactivity / user }*
|Changing password for yourself/another user . Be very careful with changing password of course. |Changing password for yourself/another user . Be very careful with changing password of course.
|=== |===

120
cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.adoc
View File

@@ -1,60 +1,60 @@
= Cisco Nexus 9000 9k debug and diagnostic commands complete cheat sheet (work in progress) = Cisco Nexus 9000 9k debug and diagnostic commands complete cheat sheet (work in progress)
Yuri Slobodyanyuk <admin@yurisk.info> Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-09-01 v1.0, 2020-09-01
:homepage: https://yurisk.info :homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Status: Work in progress. Status: Work in progress.
[cols=2,options="header"] [cols=2,options="header"]
|=== |===
|Command |Command
|Descritption |Descritption
|*show run interface <port-channel number> membership* |*show run interface <port-channel number> membership*
|List physical interfaces included in the given Port-Channel, e.g. `show run int po1 membership` |List physical interfaces included in the given Port-Channel, e.g. `show run int po1 membership`
|*show port-channel usage* |*show port-channel usage*
|Show port-channel numbers already in use. |Show port-channel numbers already in use.
|*show port-channel summary* |*show port-channel summary*
|Display list of all configured Port-Channels with their state, protocol (LACP or None), physical interface members. |Display list of all configured Port-Channels with their state, protocol (LACP or None), physical interface members.
|*show vpc role* |*show vpc role*
|Role of this peer in vPC, also vPC MAC address, vPC and system priority, local Nexus switch MAC. |Role of this peer in vPC, also vPC MAC address, vPC and system priority, local Nexus switch MAC.
|*show vpc brief* |*show vpc brief*
|Gives verbose info about the vPC (vPC domain stats, vPC peer-link stats, port-channels with active VLANs etc.). |Gives verbose info about the vPC (vPC domain stats, vPC peer-link stats, port-channels with active VLANs etc.).
|*show vpc peer-keepalive* |*show vpc peer-keepalive*
| Display real-time stats on peering keepalives: last send/receive time, IP of the peer, port and protocol used, vrf for communicaiton. | Display real-time stats on peering keepalives: last send/receive time, IP of the peer, port and protocol used, vrf for communicaiton.
|*show feature* |*show feature*
|Show enabled features, make sure FEX is on. |Show enabled features, make sure FEX is on.
|*show fex [_fex-num_] [detail]* |*show fex [_fex-num_] [detail]*
| Show FEX, optionally with details - FEX associated number, state | Show FEX, optionally with details - FEX associated number, state
(Online/Offline/Connecting), model, serial number (of the module). If _detail_, (Online/Offline/Connecting), model, serial number (of the module). If _detail_,
then also show log of the last registration/offline/online of the FEX. then also show log of the last registration/offline/online of the FEX.
|*show interface fex* |*show interface fex*
| In addition to above, show physical interface names (uplinks) where FEX is connected on | In addition to above, show physical interface names (uplinks) where FEX is connected on
Nexus and its state. Nexus and its state.
|*reload fex _fex-num_* |*reload fex _fex-num_*
| Reload the specified FEX (it should be online for this). | Reload the specified FEX (it should be online for this).
|*show inventory fex _fex-num_* |*show inventory fex _fex-num_*
|Show hardware info and serial numbers of the FEX chassis, network module, fans, |Show hardware info and serial numbers of the FEX chassis, network module, fans,
power supplies. power supplies.
|*show environment fex _fex-num_/all* |*show environment fex _fex-num_/all*
|Show power consumed, temperature. |Show power consumed, temperature.
|*show int port-channel _n_ fex* |*show int port-channel _n_ fex*
|Show physical interfaces pinned to a given port-channel. |Show physical interfaces pinned to a given port-channel.
|=== |===

234
cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.adoc
View File

@@ -1,117 +1,117 @@
= FAR manager cheat sheet of keyboard shortcuts = FAR manager cheat sheet of keyboard shortcuts
Yuri Slobodyanyuk <admin@yurisk.info> Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-11-09 v1.0, 2020-11-09
:homepage: https://yurisk.info :homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Shortcut |Shortcut
|Description |Description
|*Ctrl + \* |*Ctrl + \*
|Change working directory to the root folder, i.e. root of the drive. |Change working directory to the root folder, i.e. root of the drive.
|*Ctrl + PgUp* |*Ctrl + PgUp*
|Move up to the parent directory. |Move up to the parent directory.
|*Alt + F1* |*Alt + F1*
|Set the working drive for the left panel. |Set the working drive for the left panel.
|*Alt + F2* |*Alt + F2*
|Set the working drive for the right panel. |Set the working drive for the right panel.
|*Ctrl + u* |*Ctrl + u*
|Swap panels (left becomes right and vice versa). |Swap panels (left becomes right and vice versa).
|*Ctrl + Left/Right Arrow* |*Ctrl + Left/Right Arrow*
|Move the separating bar between panels left/right, changing the occupied space. |Move the separating bar between panels left/right, changing the occupied space.
|*Ctrl + Up/Down Arrow* |*Ctrl + Up/Down Arrow*
|Move the bottom border of the panels up/down. |Move the bottom border of the panels up/down.
|*Alt + F7* |*Alt + F7*
|Open File Search dialog box |Open File Search dialog box
|*Alt + F12* |*Alt + F12*
|Open history of the visited folders. |Open history of the visited folders.
|*Alt + F8* |*Alt + F8*
|Open history of the viewed files. |Open history of the viewed files.
|*F9 + c + c* or *F11 + Advanced Compare* |*F9 + c + c* or *F11 + Advanced Compare*
|Compare files/directories open in Panels. Standard compare (F9 + c + c) compares by name,size and time stamp. Advanced Compare allows to choose what to compare on. The files that differ are highlighted in blue. |Compare files/directories open in Panels. Standard compare (F9 + c + c) compares by name,size and time stamp. Advanced Compare allows to choose what to compare on. The files that differ are highlighted in blue.
|*Ctrl + 1* |*Ctrl + 1*
|Set panel view to 3-column layout showing just names. |Set panel view to 3-column layout showing just names.
|*Ctrl + 2* |*Ctrl + 2*
|Return to the standard 2-column view of names only. |Return to the standard 2-column view of names only.
|*Ctrl + 3* |*Ctrl + 3*
|Full panel view - shows name, size, date, time columns. |Full panel view - shows name, size, date, time columns.
|*Ctrl + 5* |*Ctrl + 5*
|Full screen view - name, size, allocated, write, created, accessed, attributes columns. |Full screen view - name, size, allocated, write, created, accessed, attributes columns.
2+|_Sort displayed items_ 2+|_Sort displayed items_
|*Ctrl + F3* |*Ctrl + F3*
| Sort by file/folder name. | Sort by file/folder name.
|*Ctrl + F4* |*Ctrl + F4*
|Sort by extension. |Sort by extension.
|*Ctrl + F5* |*Ctrl + F5*
|Sort by modified date. |Sort by modified date.
|*Ctrl + F6* |*Ctrl + F6*
|Sort by size. |Sort by size.
|*Ctrl + F8* |*Ctrl + F8*
|Sort by creation time |Sort by creation time
|*Ctrl + F9* |*Ctrl + F9*
|Sort by access time |Sort by access time
2+|_Selecting files and folders_ 2+|_Selecting files and folders_
|*Insert* |*Insert*
|Select the item under the cursor. Press again to deselect. |Select the item under the cursor. Press again to deselect.
|*Shift + move up/down* |*Shift + move up/down*
|Select single/multiple items. To deselect, hold Shift and move in the opposite direction. |Select single/multiple items. To deselect, hold Shift and move in the opposite direction.
|* (asterisk) |* (asterisk)
|Select all files/folders in the panel. Press again to invert the selection. |Select all files/folders in the panel. Press again to invert the selection.
|COLORS fix later |COLORS fix later
| Fix me | Fix me
|*F9 -> o -> l* |*F9 -> o -> l*
|Open color selection dialog box. |Open color selection dialog box.
|*F11 + Temporary Panel* |*F11 + Temporary Panel*
| Create and switch to a Temporary Panel. You can copy/drag files and folders from the visible Panel to it. This allows to work on multiple items from different locations at the same time. | Create and switch to a Temporary Panel. You can copy/drag files and folders from the visible Panel to it. This allows to work on multiple items from different locations at the same time.
2+|_Filter what is shown in the Panel_ 2+|_Filter what is shown in the Panel_
|*Ctrl + i* |*Ctrl + i*
a|Open Filter dialog menu. It contains all file types/extensions seen in the current folder. By moving with _Arrow Up/Down_ you can select/deselect any single or combination of multiple extensions to include or exclude in the display. Highlight the extension in question and press: a|Open Filter dialog menu. It contains all file types/extensions seen in the current folder. By moving with _Arrow Up/Down_ you can select/deselect any single or combination of multiple extensions to include or exclude in the display. Highlight the extension in question and press:
- *<space>* or *+* or *i*: Include files with such extension in the display, exclude from display anything else. Pressing the same key again clears the selection. - *<space>* or *+* or *i*: Include files with such extension in the display, exclude from display anything else. Pressing the same key again clears the selection.
- *Shift + Backspace*: Clear all selections made so far. - *Shift + Backspace*: Clear all selections made so far.
- *x*: Exclude the selected extensions from showing, display what is left. - *x*: Exclude the selected extensions from showing, display what is left.
- *Insert*: Open a dialog menu to create Custom filter. This allows to include/exclude files by their name/extension, size, attributes, and modification date. You can use relative operators `>=, <=`. All operands in a Custom filter are ANDed. Make sure to activate this Custom filter with Space or `+` in the filter list later. - *Insert*: Open a dialog menu to create Custom filter. This allows to include/exclude files by their name/extension, size, attributes, and modification date. You can use relative operators `>=, <=`. All operands in a Custom filter are ANDed. Make sure to activate this Custom filter with Space or `+` in the filter list later.
|*Enter* |*Enter*
|Activate the filter. |Activate the filter.
|=== |===

2138
cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
View File

File diff suppressed because it is too large Load Diff

126
cheat-sheets/FreeBSD-cheat-sheet.adoc
View File

@@ -1,63 +1,63 @@
= FreeBSD cheat sheet = FreeBSD cheat sheet
:homepage: https://yurisk.info :homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Working with disks and partitions == Working with disks and partitions
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*camcontrol devlist* |*camcontrol devlist*
|Show list of attached storage devices |Show list of attached storage devices
|*geom <disk/label/part/raid> list* |*geom <disk/label/part/raid> list*
|Display detailed information for the given GEOM class `disk` - physical disk, `label` - device labels, `part` - partitions. Other classes are available, but not mentioned for irrelevance here. |Display detailed information for the given GEOM class `disk` - physical disk, `label` - device labels, `part` - partitions. Other classes are available, but not mentioned for irrelevance here.
|*mount* |*mount*
|Show mounted in fact partitions and their properties (journaled or not, type). |Show mounted in fact partitions and their properties (journaled or not, type).
|*glabel list* |*glabel list*
|Show labels, same as `geom label list`. |Show labels, same as `geom label list`.
|*gpart show* |*gpart show*
|Show partitions, similar to `geom part list` minus labels information, so is shorter. Add `-r` to show GPT partition types, see for the complete list at https://en.wikipedia.org/wiki/GUID_Partition_Table . |Show partitions, similar to `geom part list` minus labels information, so is shorter. Add `-r` to show GPT partition types, see for the complete list at https://en.wikipedia.org/wiki/GUID_Partition_Table .
|*gpart recover <device name>* |*gpart recover <device name>*
|Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: `gpart recover da0`. |Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: `gpart recover da0`.
|*swapoff <device name>* |*swapoff <device name>*
|Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: `swapoff /dev/da0p3` |Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: `swapoff /dev/da0p3`
|*gpart delete -i <n> <device name>* |*gpart delete -i <n> <device name>*
|Delete partition number `n` (as shown by `gpart show`) on the device `device name`. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: `gpart delete -i 3 /dev/da0`. |Delete partition number `n` (as shown by `gpart show`) on the device `device name`. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: `gpart delete -i 3 /dev/da0`.
|*gpart create -s <partition scheme> <device name>* |*gpart create -s <partition scheme> <device name>*
|Set type of partition to be added on device `device name`. E.g. to set up device _da1_ for GPT partitioning: `gpart create -s gpt da1`. |Set type of partition to be added on device `device name`. E.g. to set up device _da1_ for GPT partitioning: `gpart create -s gpt da1`.
|*sysctl kern.geom.debugflags=16* |*sysctl kern.geom.debugflags=16*
|Resizing a live partition may require turning off this protection. |Resizing a live partition may require turning off this protection.
|*gpart resize -i <n> [ -s <new size K/M/G>] [-a <alignment size>] <device name>* |*gpart resize -i <n> [ -s <new size K/M/G>] [-a <alignment size>] <device name>*
|Resize existing partition number `n` to `new size`, optionally setting alighnment, on device `device name`. If `-s` size is not given, use up all available _free_ space. E.g. to increase the _2nd_ partition on device _da0_ to 47 Gigabyte with 4k alignment: `gpart resize -i 2 -s 47G -a 4k da0`. |Resize existing partition number `n` to `new size`, optionally setting alighnment, on device `device name`. If `-s` size is not given, use up all available _free_ space. E.g. to increase the _2nd_ partition on device _da0_ to 47 Gigabyte with 4k alignment: `gpart resize -i 2 -s 47G -a 4k da0`.
|*growfs <partition name>* |*growfs <partition name>*
|After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.`growfs /dev/da0p2`. |After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.`growfs /dev/da0p2`.
|*gpart add -t <partition type> [-a <alignment>] [-l <label name>] <dev name>* |*gpart add -t <partition type> [-a <alignment>] [-l <label name>] <dev name>*
|Add a new partition to the disk `dev name`, setting its type and optionally alignment and label. E.g. to add _freebsd-ufs_ type partition to disk _da1_ aligned on 4k border setting the label to _data_: `gpart add -t freebsd-ufs -a 4k -l data da1` . After that, this partition will be available as _/dev/gpt/data_ |Add a new partition to the disk `dev name`, setting its type and optionally alignment and label. E.g. to add _freebsd-ufs_ type partition to disk _da1_ aligned on 4k border setting the label to _data_: `gpart add -t freebsd-ufs -a 4k -l data da1` . After that, this partition will be available as _/dev/gpt/data_
|*newfs [-U] [-j] <partition name/label>* |*newfs [-U] [-j] <partition name/label>*
|Add filesystem to the named partition. Switches depend on the filesystem type, here `-U` is for *freebsd-ufs* with soft updates but without journaling, while `-j` adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled _/data_ of type GPT: `newfs -U /dev/gpt/data`. |Add filesystem to the named partition. Switches depend on the filesystem type, here `-U` is for *freebsd-ufs* with soft updates but without journaling, while `-j` adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled _/data_ of type GPT: `newfs -U /dev/gpt/data`.
|=== |===

212
cheat-sheets/FreeBSD-cheat-sheet.html
View File

@@ -1,107 +1,107 @@
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.18"> <meta name="generator" content="Asciidoctor 2.0.18">
<title>FreeBSD cheat sheet</title> <title>FreeBSD cheat sheet</title>
<style> <style>
</style> </style>
</head> </head>
<body class="article"> <body class="article">
<div id="header"> <div id="header">
<h1>FreeBSD cheat sheet</h1> <h1>FreeBSD cheat sheet</h1>
</div> </div>
<div id="content"> <div id="content">
<div id="preamble"> <div id="preamble">
<div class="sectionbody"> <div class="sectionbody">
<div class="paragraph"> <div class="paragraph">
<p>Author: Yuri Slobodyanyuk, <a href="https://www.linkedin.com/in/yurislobodyanyuk/" class="bare">https://www.linkedin.com/in/yurislobodyanyuk/</a></p> <p>Author: Yuri Slobodyanyuk, <a href="https://www.linkedin.com/in/yurislobodyanyuk/" class="bare">https://www.linkedin.com/in/yurislobodyanyuk/</a></p>
</div> </div>
</div> </div>
</div> </div>
<div class="sect1"> <div class="sect1">
<h2 id="_working_with_disks_and_partitions">Working with disks and partitions</h2> <h2 id="_working_with_disks_and_partitions">Working with disks and partitions</h2>
<div class="sectionbody"> <div class="sectionbody">
<table class="tableblock frame-all grid-all stretch"> <table class="tableblock frame-all grid-all stretch">
<colgroup> <colgroup>
<col style="width: 50%;"> <col style="width: 50%;">
<col style="width: 50%;"> <col style="width: 50%;">
</colgroup> </colgroup>
<thead> <thead>
<tr> <tr>
<th class="tableblock halign-left valign-top">Command</th> <th class="tableblock halign-left valign-top">Command</th>
<th class="tableblock halign-left valign-top">Description</th> <th class="tableblock halign-left valign-top">Description</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>camcontrol devlist</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>camcontrol devlist</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show list of attached storage devices</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Show list of attached storage devices</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>geom &lt;disk/label/part/raid&gt; list</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>geom &lt;disk/label/part/raid&gt; list</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Display detailed information for the given GEOM class <code>disk</code> - physical disk, <code>label</code> - device labels, <code>part</code> - partitions. Other classes are available, but not mentioned for irrelevance here.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Display detailed information for the given GEOM class <code>disk</code> - physical disk, <code>label</code> - device labels, <code>part</code> - partitions. Other classes are available, but not mentioned for irrelevance here.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>mount</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>mount</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show mounted in fact partitions and their properties (journaled or not, type).</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Show mounted in fact partitions and their properties (journaled or not, type).</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>glabel list</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>glabel list</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show labels, same as <code>geom label list</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Show labels, same as <code>geom label list</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart show</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart show</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show partitions, similar to <code>geom part list</code> minus labels information, so is shorter. Add <code>-r</code> to show GPT partition types, see for the complete list at <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table" class="bare">https://en.wikipedia.org/wiki/GUID_Partition_Table</a> .</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Show partitions, similar to <code>geom part list</code> minus labels information, so is shorter. Add <code>-r</code> to show GPT partition types, see for the complete list at <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table" class="bare">https://en.wikipedia.org/wiki/GUID_Partition_Table</a> .</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart recover &lt;device name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart recover &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: <code>gpart recover da0</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: <code>gpart recover da0</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>swapoff &lt;device name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>swapoff &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: <code>swapoff /dev/da0p3</code></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: <code>swapoff /dev/da0p3</code></p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart delete -i &lt;n&gt; &lt;device name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart delete -i &lt;n&gt; &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Delete partition number <code>n</code> (as shown by <code>gpart show</code>) on the device <code>device name</code>. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: <code>gpart delete -i 3 /dev/da0</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Delete partition number <code>n</code> (as shown by <code>gpart show</code>) on the device <code>device name</code>. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: <code>gpart delete -i 3 /dev/da0</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart create -s &lt;partition scheme&gt; &lt;device name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart create -s &lt;partition scheme&gt; &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set type of partition to be added on device <code>device name</code>. E.g. to set up device <em>da1</em> for GPT partitioning: <code>gpart create -s gpt da1</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Set type of partition to be added on device <code>device name</code>. E.g. to set up device <em>da1</em> for GPT partitioning: <code>gpart create -s gpt da1</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>sysctl kern.geom.debugflags=16</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>sysctl kern.geom.debugflags=16</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Resizing a live partition may require turning off this protection.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Resizing a live partition may require turning off this protection.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart resize -i &lt;n&gt; [ -s &lt;new size K/M/G&gt;] [-a &lt;alignment size&gt;] &lt;device name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart resize -i &lt;n&gt; [ -s &lt;new size K/M/G&gt;] [-a &lt;alignment size&gt;] &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Resize existing partition number <code>n</code> to <code>new size</code>, optionally setting alighnment, on device <code>device name</code>. If <code>-s</code> size is not given, use up all available <em>free</em> space. E.g. to increase the <em>2nd</em> partition on device <em>da0</em> to 47 Gigabyte with 4k alignment: <code>gpart resize -i 2 -s 47G -a 4k da0</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Resize existing partition number <code>n</code> to <code>new size</code>, optionally setting alighnment, on device <code>device name</code>. If <code>-s</code> size is not given, use up all available <em>free</em> space. E.g. to increase the <em>2nd</em> partition on device <em>da0</em> to 47 Gigabyte with 4k alignment: <code>gpart resize -i 2 -s 47G -a 4k da0</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>growfs &lt;partition name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>growfs &lt;partition name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.<code>growfs /dev/da0p2</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.<code>growfs /dev/da0p2</code>.</p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart add -t &lt;partition type&gt; [-a &lt;alignment&gt;] [-l &lt;label name&gt;] &lt;dev name&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart add -t &lt;partition type&gt; [-a &lt;alignment&gt;] [-l &lt;label name&gt;] &lt;dev name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Add a new partition to the disk <code>dev name</code>, setting its type and optionally alignment and label. E.g. to add <em>freebsd-ufs</em> type partition to disk <em>da1</em> aligned on 4k border setting the label to <em>data</em>: <code>gpart add -t freebsd-ufs -a 4k -l data da1</code> . After that, this partition will be available as <em>/dev/gpt/data</em></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Add a new partition to the disk <code>dev name</code>, setting its type and optionally alignment and label. E.g. to add <em>freebsd-ufs</em> type partition to disk <em>da1</em> aligned on 4k border setting the label to <em>data</em>: <code>gpart add -t freebsd-ufs -a 4k -l data da1</code> . After that, this partition will be available as <em>/dev/gpt/data</em></p></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>newfs [-U] [-j] &lt;partition name/label&gt;</strong></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>newfs [-U] [-j] &lt;partition name/label&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Add filesystem to the named partition. Switches depend on the filesystem type, here <code>-U</code> is for <strong>freebsd-ufs</strong> with soft updates but without journaling, while <code>-j</code> adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled <em>/data</em> of type GPT: <code>newfs -U /dev/gpt/data</code>.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Add filesystem to the named partition. Switches depend on the filesystem type, here <code>-U</code> is for <strong>freebsd-ufs</strong> with soft updates but without journaling, while <code>-j</code> adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled <em>/data</em> of type GPT: <code>newfs -U /dev/gpt/data</code>.</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
</div> </div>
</div> </div>
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2021-12-03 08:42:05 +0200 Last updated 2021-12-03 08:42:05 +0200
</div> </div>
</div> </div>
</body> </body>
</html> </html>

140
cheat-sheets/HIEW-hexadecimal-editor-cheat-sheet.adoc
View File

@@ -1,70 +1,70 @@
= HIEW hexadecimal editor and disassembler cheat sheet = HIEW hexadecimal editor and disassembler cheat sheet
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"] [cols=2,options="header"]
|=== |===
|Command |Command
|Description |Description
|*hiew8.ini* |*hiew8.ini*
|Configuration file usually located in the same directory as the hiew32.exe binary itself. |Configuration file usually located in the same directory as the hiew32.exe binary itself.
|*F1* |*F1*
|Conext-aware help. |Conext-aware help.
|*ESC* |*ESC*
| Exit any window in any mode without saving the changes. | Exit any window in any mode without saving the changes.
|*F3* |*F3*
|Enter the Edit mode. |Enter the Edit mode.
|*ENTER* |*ENTER*
| In the Read mode, switch between Hex/Decode/Text modes in turn. | In the Read mode, switch between Hex/Decode/Text modes in turn.
|*F7* |*F7*
|Open a search window. |Open a search window.
|*Ctrl+Enter* |*Ctrl+Enter*
|Continue searching. |Continue searching.
|*Alt+F1* |*Alt+F1*
|Change location addressing mode. |Change location addressing mode.
|*F9* |*F9*
|Save the changes made so far. |Save the changes made so far.
|*F6* |*F6*
|In Decode/Disassembled mode, find cross-references. |In Decode/Disassembled mode, find cross-references.
|* |*
| In Read mode, select block(s) of bytes. | In Read mode, select block(s) of bytes.
|*F8* |*F8*
|Show the file headers. |Show the file headers.
|*F8 -> F6 -> F3* |*F8 -> F6 -> F3*
| In Hex/Decode modes, show then edit file header sections. | In Hex/Decode modes, show then edit file header sections.
|*Alt+F6* |*Alt+F6*
|Show all strings in a file. |Show all strings in a file.
|*+/-* |*+/-*
|Increase/decrease minimal string length. |Increase/decrease minimal string length.
|*F5* |*F5*
| Go to offset. | Go to offset.
|*Alt+F7* |*Alt+F7*
| Change the search direction: top-down/down-top. | Change the search direction: top-down/down-top.
|=== |===

48
cheat-sheets/ImageMagick-command-line-examples.adoc
View File

@@ -1,24 +1,24 @@
= ImageMagick Command Line Examples = ImageMagick Command Line Examples
:toc: :toc:
== Rotate images 90 degrees == Rotate images 90 degrees
Use `convert` tools in a bash script to rotate all .jpg images in the current folder, naming the rotated images as _current-name_-rotated.jpg Use `convert` tools in a bash script to rotate all .jpg images in the current folder, naming the rotated images as _current-name_-rotated.jpg
[source,bash] [source,bash]
---- ----
for ii in *.jpg for ii in *.jpg
do do
convert ${ii} -rotate 90 ${ii}-rotated.jpg convert ${ii} -rotate 90 ${ii}-rotated.jpg
done done
---- ----
== Combine images in the current folder into a PDF file == Combine images in the current folder into a PDF file
Let's combine images with extension .jpg (using shell wildcards) into one Let's combine images with extension .jpg (using shell wildcards) into one
PDF file. PDF file.
---- ----
magick *.jpg pics-2022-1.pdf magick *.jpg pics-2022-1.pdf
---- ----

282
cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc
View File

@@ -1,141 +1,141 @@
= Linux and PF firewalls commands cheat sheet = Linux and PF firewalls commands cheat sheet
:homepage: https://yurisk.info :homepage: https://yurisk.info
:toc: :toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Firewalld daemon management (Red Hat based distributions) == Firewalld daemon management (Red Hat based distributions)
=== Enable, disable, reload the daemon === Enable, disable, reload the daemon
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*systemctl disable/enable firewalld* |*systemctl disable/enable firewalld*
|Disable/enable firewalld, survives reboot. |Disable/enable firewalld, survives reboot.
|*systemctl stop firewalld* |*systemctl stop firewalld*
|Stop firewalld until started manually or reboot. |Stop firewalld until started manually or reboot.
|*firewall-cmd --reload* |*firewall-cmd --reload*
|Reload firewall rules to make your changes active, keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`. |Reload firewall rules to make your changes active, keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
|*systemctl restart firewalld* |*systemctl restart firewalld*
|Restart the daemon, without resetting the active connections. Use in case of |Restart the daemon, without resetting the active connections. Use in case of
problems with the daemon. problems with the daemon.
|*firewall-cmd --complete-reload* |*firewall-cmd --complete-reload*
|Reload firewall completely, disconnecting the active connections. When nothing |Reload firewall completely, disconnecting the active connections. When nothing
else helps. else helps.
|=== |===
=== List rules, status, additional info === List rules, status, additional info
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*firewall-cmd --state* |*firewall-cmd --state*
|Show firewall daemon status |Show firewall daemon status
|*firewall-cmd --list-all* |*firewall-cmd --list-all*
|List currently active rules |List currently active rules
|*firewall-cmd --get-default-zone* |*firewall-cmd --get-default-zone*
| Show the default zone for interfaces. | Show the default zone for interfaces.
|*firewall-cmd --get-zones* |*firewall-cmd --get-zones*
|List all available zones |List all available zones
|*firewall-cmd --get-active-zones* |*firewall-cmd --get-active-zones*
| Show active zones, including to which zone each interface belongs. | Show active zones, including to which zone each interface belongs.
|*firewall-cmd --list-all-zones* |*firewall-cmd --list-all-zones*
|List all zones with their rules and associated interfaces. |List all zones with their rules and associated interfaces.
|*firewall-cmd --add-service <service name>* |*firewall-cmd --add-service <service name>*
|Add predefined service by name to the default zone, with action ACCEPT, e.g. `firewall-cmd -add-service ftp` . |Add predefined service by name to the default zone, with action ACCEPT, e.g. `firewall-cmd -add-service ftp` .
|=== |===
=== Open, close ports === Open, close ports
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*firewall-cmd --add-port=_port-number_/_protocol_* |*firewall-cmd --add-port=_port-number_/_protocol_*
|Open in incoming _port-number_ of the _protocol_. E.g. open incoming to TCP port |Open in incoming _port-number_ of the _protocol_. E.g. open incoming to TCP port
5900 from any: `firewall-cmd --add-port=5900/tcp` 5900 from any: `firewall-cmd --add-port=5900/tcp`
|*firewall-cmd --remove-port=_port-number_/_protocol_* |*firewall-cmd --remove-port=_port-number_/_protocol_*
|Close the open _port-number_. E.g. close the open port 5900/tcp: `firewall-cmd --remove-port=5900/tcp` |Close the open _port-number_. E.g. close the open port 5900/tcp: `firewall-cmd --remove-port=5900/tcp`
|*firewall-cmd --runtime-to-permanent* |*firewall-cmd --runtime-to-permanent*
|Make the changed rules permanent to survive reboot. |Make the changed rules permanent to survive reboot.
|=== |===
== Ubuntu Uncomplicated Firewall (ufw) == Ubuntu Uncomplicated Firewall (ufw)
.ufw management commands .ufw management commands
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ufw status* |*ufw status*
|Show whether the firewall is on and if on, list the active rules. |Show whether the firewall is on and if on, list the active rules.
|*ufw enable* |*ufw enable*
|Enable firewall. |Enable firewall.
|*ufw disable* |*ufw disable*
|Disable firewall |Disable firewall
|*ufw reload* |*ufw reload*
|Reload firewall and rules. |Reload firewall and rules.
|*ufw allow <predefined service name>* |*ufw allow <predefined service name>*
| Allow some service in any direction from/to any IP address using so called `simple` rule syntax. The service names are as per `/etc/services`. E.g. to allow ssh from any: `ufw allow ssh`. | Allow some service in any direction from/to any IP address using so called `simple` rule syntax. The service names are as per `/etc/services`. E.g. to allow ssh from any: `ufw allow ssh`.
|*/etc/ufw/before.rules* |*/etc/ufw/before.rules*
|Some rules are pre-allowed by default, to change them edit this file and reload the firewall. |Some rules are pre-allowed by default, to change them edit this file and reload the firewall.
|=== |===
== PF (Packet Filter) management for FreeBSD & OpenBSD == PF (Packet Filter) management for FreeBSD & OpenBSD
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*pfct -d* |*pfct -d*
|Disable PF in place, does not survive reboot. |Disable PF in place, does not survive reboot.
|*pfctl -ef /etc/pf.conf* |*pfctl -ef /etc/pf.conf*
|Enable PF and load the rule set from file `/etc/pf.conf` in one go. |Enable PF and load the rule set from file `/etc/pf.conf` in one go.
|*pfctl -nf /etc/pf.conf* |*pfctl -nf /etc/pf.conf*
|Parse security rules stored in a file without installing them (dry run). |Parse security rules stored in a file without installing them (dry run).
|*pass in quick on egress from 62.13.77.141 to any* |*pass in quick on egress from 62.13.77.141 to any*
| 'Quick' rule (means allows this traffic on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface) to allow incoming ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`. | 'Quick' rule (means allows this traffic on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface) to allow incoming ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`.
|=== |===

570
cheat-sheets/Linux-ip-route-reference-by-examples.adoc
View File

@@ -1,285 +1,285 @@
= Linux ip route command reference by example = Linux ip route command reference by example
NOTE: All the commands below take effect immediately after you hit Enter, and do NOT survive reboot. You may shorten the commands to the shortest but unique, e.g. `sh ip ad` instead of `show ip address`. All the commands come as part of the pre-installed package `iproute2`. NOTE: All the commands below take effect immediately after you hit Enter, and do NOT survive reboot. You may shorten the commands to the shortest but unique, e.g. `sh ip ad` instead of `show ip address`. All the commands come as part of the pre-installed package `iproute2`.
Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
<<ip address - Manage IP address(es) on interfaces>> + <<ip address - Manage IP address(es) on interfaces>> +
<<ip route - Manage routing table>> + <<ip route - Manage routing table>> +
<<ip link - Link Management>> + <<ip link - Link Management>> +
<<ip neighbor - Manage ARP and neighbors table>> + <<ip neighbor - Manage ARP and neighbors table>> +
<<Network bridge with ip route2 - manage a network bridge using the ip command>> + <<Network bridge with ip route2 - manage a network bridge using the ip command>> +
<<Reference>> <<Reference>>
== ip address - Manage IP address(es) on interfaces == ip address - Manage IP address(es) on interfaces
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ip address show / ip ad sh* |*ip address show / ip ad sh*
|Show all IP addresses of all interfaces, also their MTU, MAC addresses. |Show all IP addresses of all interfaces, also their MTU, MAC addresses.
|*ip address show ens36* |*ip address show ens36*
|Show IPs of a given interface (ens36). |Show IPs of a given interface (ens36).
|*ip address show up* |*ip address show up*
|Only show IPs of the interfaces that are configured as UP. |Only show IPs of the interfaces that are configured as UP.
|*ip address show dynamic/permanent* |*ip address show dynamic/permanent*
|Show only dynamic (DHCP) or static IPv4/IPv6 addresses. |Show only dynamic (DHCP) or static IPv4/IPv6 addresses.
|*ip address add 192.0.2.1/27 dev ens36* |*ip address add 192.0.2.1/27 dev ens36*
|Add a new IP address (192.0.2.1) to the named (ens36) interface. |Add a new IP address (192.0.2.1) to the named (ens36) interface.
|*ip address add 192.0.2.1/27 dev ens36 label ens36:external* |*ip address add 192.0.2.1/27 dev ens36 label ens36:external*
|Add IP address to the interface, AND label it (external). The label is any string. The label will show in show ip address as: inet 192.0.2.1/27 scope global ens33:external |Add IP address to the interface, AND label it (external). The label is any string. The label will show in show ip address as: inet 192.0.2.1/27 scope global ens33:external
|*ip address delete 192.0.2.1/27 dev ens36* |*ip address delete 192.0.2.1/27 dev ens36*
|Delete the specified IP address from the interface |Delete the specified IP address from the interface
|*ip address flush dev ens36* |*ip address flush dev ens36*
|Delete ALL IP addresses from the given interface. |Delete ALL IP addresses from the given interface.
|=== |===
== ip route - Manage routing table == ip route - Manage routing table
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ip route [show]* / *ip ro* + |*ip route [show]* / *ip ro* +
*ip -6 route* + *ip -6 route* +
*ip -4 route* *ip -4 route*
|Show the routing table for both IPv4 and IPv6. + |Show the routing table for both IPv4 and IPv6. +
Show the routing table for IPv6 only. + Show the routing table for IPv6 only. +
Show the routing table for IPv4 only. Show the routing table for IPv4 only.
|*ip route show table all* |*ip route show table all*
|Show ALL routing tables of the server, helpful when there is Policy Based Routing (PBR) in place. |Show ALL routing tables of the server, helpful when there is Policy Based Routing (PBR) in place.
|*ip route add default via 10.10.10.1* + |*ip route add default via 10.10.10.1* +
*ip route add default dev ens36* + *ip route add default dev ens36* +
*ip route add 0.0.0.0/0 dev ens36* + *ip route add 0.0.0.0/0 dev ens36* +
*ip -6 route add default dev ens36* *ip -6 route add default dev ens36*
|Add default route/default gateway via next hop + |Add default route/default gateway via next hop +
… via outgoing interface (ens36) + … via outgoing interface (ens36) +
… via outgoing interface using 0.0.0.0/0 notation + … via outgoing interface using 0.0.0.0/0 notation +
Add default IPv6 route. Add default IPv6 route.
|*ip route delete default dev ens36* |*ip route delete default dev ens36*
|Delete default route via given interface |Delete default route via given interface
|*ip route show root 192.0.2.0/24* |*ip route show root 192.0.2.0/24*
|Show routes not shorter than the given. Here, 192.0.2.0/29 will match, but 192.0.2.0/23 will not. |Show routes not shorter than the given. Here, 192.0.2.0/29 will match, but 192.0.2.0/23 will not.
|*ip route show match 192.0.2.0/29* |*ip route show match 192.0.2.0/29*
|Show routes not longer than the given network/mask. Here, 192.0.2.0/30 will match, but 192.0.2.0/27 will not. |Show routes not longer than the given network/mask. Here, 192.0.2.0/30 will match, but 192.0.2.0/27 will not.
|*ip route show exact 192.0.2.0/29* |*ip route show exact 192.0.2.0/29*
|Show route(s) matching EXACTLY inside the network and its given mask. Here, 192.0.2.7 will match, but 192.0.2.8 will not. |Show route(s) matching EXACTLY inside the network and its given mask. Here, 192.0.2.7 will match, but 192.0.2.8 will not.
|*ip route get 192.123.123.1/24* |*ip route get 192.123.123.1/24*
|Simulate resolving of a route in real time by kernel. |Simulate resolving of a route in real time by kernel.
|*ip route add 192.192.13.0/24 via 10.13.77.1* + |*ip route add 192.192.13.0/24 via 10.13.77.1* +
*ip route add 192.192.13.0/24 dev ens36* *ip route add 192.192.13.0/24 dev ens36*
|Add new route to 192.192.13.1/24 via nexthop. + |Add new route to 192.192.13.1/24 via nexthop. +
Add new route to 192.192.13.1/24 via interface. Add new route to 192.192.13.1/24 via interface.
|*ip route delete 192.192.13.0/24 via 10.13.77.1* + |*ip route delete 192.192.13.0/24 via 10.13.77.1* +
*ip route delete 192.192.13.0/24* *ip route delete 192.192.13.0/24*
|Delete specific route |Delete specific route
|*ip route change 192.192.13.0/24 dev ens32* |*ip route change 192.192.13.0/24 dev ens32*
|Change some parameter of the existing route. |Change some parameter of the existing route.
|*ip route replace 192.192.13.0/24 dev ens36* |*ip route replace 192.192.13.0/24 dev ens36*
|Replace a route if exists add if not. |Replace a route if exists add if not.
|*ip route add blackhole 192.1.1.0/24* |*ip route add blackhole 192.1.1.0/24*
|Black hole some route. The traffic sent to this route will be dropped without any feedback. |Black hole some route. The traffic sent to this route will be dropped without any feedback.
|*ip route add unreachable 192.1.1.0/24* |*ip route add unreachable 192.1.1.0/24*
|Block destination route, replies to sender “Host unreachable”. |Block destination route, replies to sender “Host unreachable”.
|*ip route add prohibit 192.1.1.0/24* |*ip route add prohibit 192.1.1.0/24*
|Block destination route, replies to sender with ICMP “Administratively prohibited”. |Block destination route, replies to sender with ICMP “Administratively prohibited”.
|*ip route add throw 192.1.1.0/24* |*ip route add throw 192.1.1.0/24*
|Block destination route, sends in reply ICMP “net unreachable”. |Block destination route, sends in reply ICMP “net unreachable”.
|*ip route add 10.10.10.0/24 via 10.1.1.1 metric 5* |*ip route add 10.10.10.0/24 via 10.1.1.1 metric 5*
|Add a route with a custom metric. |Add a route with a custom metric.
|*ip route add default nexthop via 10.10.10.1 weight 1 nexthop dev ens33 weight 10* |*ip route add default nexthop via 10.10.10.1 weight 1 nexthop dev ens33 weight 10*
|Add 2 (default) routes with different weights (higher weight is preferred) first with the weight of 1, second with the weight of 10. |Add 2 (default) routes with different weights (higher weight is preferred) first with the weight of 1, second with the weight of 10.
|=== |===
== ip link - Link Management == ip link - Link Management
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ip link show / ip link / ip link list* + |*ip link show / ip link / ip link list* +
*ip link show ens36* *ip link show ens36*
|Show info on all available interfaces. + |Show info on all available interfaces. +
Show info on a specific interface. Show info on a specific interface.
|*ip link set dev eth36 down* + |*ip link set dev eth36 down* +
*ip link set dev ens36 up* *ip link set dev ens36 up*
|Set interface state to down. + |Set interface state to down. +
Set interface state to up. Set interface state to up.
|*ip link set ens33 name eth33* |*ip link set ens33 name eth33*
|Rename interface, here from ens33 to eth33. First, you have to set interface to down state. This adds this name as an alternative name, keeping the old name as well. Use with care some distributions (RHEL/CentOS) expect certain names for each interface type. |Rename interface, here from ens33 to eth33. First, you have to set interface to down state. This adds this name as an alternative name, keeping the old name as well. Use with care some distributions (RHEL/CentOS) expect certain names for each interface type.
|*ip link set dev eth0 address 02:42:c2:7c:39:b3* |*ip link set dev eth0 address 02:42:c2:7c:39:b3*
|Change MAC address of the interface. |Change MAC address of the interface.
|*ip link set dev tun0 mtu 1480* |*ip link set dev tun0 mtu 1480*
|Set MTU size for the interface. |Set MTU size for the interface.
|*ip link delete <dev>* |*ip link delete <dev>*
|Delete interface, relevant for virtual interfaces only (VLAN, bridge, VXLAN, etc.). |Delete interface, relevant for virtual interfaces only (VLAN, bridge, VXLAN, etc.).
|*ip link set dev ens36 arp off/on* |*ip link set dev ens36 arp off/on*
|Turn ARP resolution protocol on the interface ens36 on/off. NOTE: disabling ARP will clear the current ARP table and will prevent this interface from learning MAC addresses, and so will disconnect any remote sessions to the host. |Turn ARP resolution protocol on the interface ens36 on/off. NOTE: disabling ARP will clear the current ARP table and will prevent this interface from learning MAC addresses, and so will disconnect any remote sessions to the host.
|*ip link set dev ens36 multicast off/on* |*ip link set dev ens36 multicast off/on*
|Turn multicast on the interface ens36 on or off. |Turn multicast on the interface ens36 on or off.
|*ip link add name eth0.110 link eth0 type vlan id 110* |*ip link add name eth0.110 link eth0 type vlan id 110*
|Add VLAN 110 on the fly to the interface eth0, naming it eth1.110. |Add VLAN 110 on the fly to the interface eth0, naming it eth1.110.
|*ip link add name eth0.120 link eth0 type vlan proto 802.1ad id 120* + |*ip link add name eth0.120 link eth0 type vlan proto 802.1ad id 120* +
*ip link add name eth0.120.200 link eth0.120 type vlan proto 802.1q id 200* *ip link add name eth0.120.200 link eth0.120 type vlan proto 802.1q id 200*
|*QinQ (kernel >= 3.10)*. Add VLAN 120 as external VLAN on interface eth0 naming it eth0.120, setting protocol to 802.1ad. |*QinQ (kernel >= 3.10)*. Add VLAN 120 as external VLAN on interface eth0 naming it eth0.120, setting protocol to 802.1ad.
Add internal VLAN 200 to the eth0.120, naming it eth0.120.200 and setting protocol to the 802.1Q. Add internal VLAN 200 to the eth0.120, naming it eth0.120.200 and setting protocol to the 802.1Q.
|*ip link add dummy0 type dummy* + |*ip link add dummy0 type dummy* +
*ip addr add 172.17.1.1/24 dev dummy0* + *ip addr add 172.17.1.1/24 dev dummy0* +
*ip link set dummy0 up* *ip link set dummy0 up*
|Create virtual software interface of type dummy, assign it IP address, and bring it up. Useful for testing. |Create virtual software interface of type dummy, assign it IP address, and bring it up. Useful for testing.
|*ip link add vx0 type vxlan id 100 local 172.16.13.1 remote 192.168.12.12 dev eth0 dstport 4789* |*ip link add vx0 type vxlan id 100 local 172.16.13.1 remote 192.168.12.12 dev eth0 dstport 4789*
|Create VXLAN tunnel with id of 100 and local and remote addresses of 172.16.13.1/192.168.12.12 using destination port of 4789 UDP. |Create VXLAN tunnel with id of 100 and local and remote addresses of 172.16.13.1/192.168.12.12 using destination port of 4789 UDP.
|*ip link add bond13-14 type bond mode active-backup* + |*ip link add bond13-14 type bond mode active-backup* +
*ip link set eth13 master bond13-14* + *ip link set eth13 master bond13-14* +
*ip link set eth14 master bond13-14* *ip link set eth14 master bond13-14*
|Create logical interface bond13-14 of type bond in active-backup mode for failover (only 1 physical interface is active at any time). |Create logical interface bond13-14 of type bond in active-backup mode for failover (only 1 physical interface is active at any time).
Add 2 physical interfaces to this bond (eth13 & eth14). All further configurations are to be done on the bond13-14 interface. Add 2 physical interfaces to this bond (eth13 & eth14). All further configurations are to be done on the bond13-14 interface.
|=== |===
== ip neighbor - Manage ARP and neighbors table == ip neighbor - Manage ARP and neighbors table
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ip neighbor show* + |*ip neighbor show* +
*ip neighbor show dev eth0* *ip neighbor show dev eth0*
*ip -6 neighbor show* *ip -6 neighbor show*
|Show all MAC addresses of the IPv4 neighbors. + |Show all MAC addresses of the IPv4 neighbors. +
Show MAC addresses of the neighbors on ens36 interface only. + Show MAC addresses of the neighbors on ens36 interface only. +
Show IPv6 neighbors. Show IPv6 neighbors.
|*ip neighbor flush dev eth0* |*ip neighbor flush dev eth0*
|Delete all cached dynamically learned MAC addresses on the interface eth0. |Delete all cached dynamically learned MAC addresses on the interface eth0.
|*ip neighbor add 192.1.1.1 lladdr 01:22:33:44:55:f1 dev eth0* |*ip neighbor add 192.1.1.1 lladdr 01:22:33:44:55:f1 dev eth0*
|Add static IP address to MAC address mapping for a neighbor on the interface eth0. |Add static IP address to MAC address mapping for a neighbor on the interface eth0.
|*ip neighbor delete 192.1.1.1 lladdr 01:33:44:55:ff:11 dev eth0* |*ip neighbor delete 192.1.1.1 lladdr 01:33:44:55:ff:11 dev eth0*
|Delete a static mapping of IP address to the MAC address on the interface. |Delete a static mapping of IP address to the MAC address on the interface.
|=== |===
== Network bridge with ip route2 - manage a network bridge using the ip command == Network bridge with ip route2 - manage a network bridge using the ip command
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*ip link add name bridge_name type bridge* + |*ip link add name bridge_name type bridge* +
*ip link set bridge_name up* *ip link set bridge_name up*
|Create a new bridge and change its state to up. |Create a new bridge and change its state to up.
|*ip link set eth0 up* |*ip link set eth0 up*
|To add an interface (e.g. eth0) into the bridge, its state must be up |To add an interface (e.g. eth0) into the bridge, its state must be up
|*ip link set eth0 master bridge_name* |*ip link set eth0 master bridge_name*
|Adding the interface into the bridge |Adding the interface into the bridge
|*bridge link* |*bridge link*
|To show the existing bridges and associated interfaces, use the bridge command |To show the existing bridges and associated interfaces, use the bridge command
|*ip link set eth0 nomaster* |*ip link set eth0 nomaster*
|to remove an interface from a bridge |to remove an interface from a bridge
|*ip link delete bridge_name type bridge* |*ip link delete bridge_name type bridge*
|To delete a bridge |To delete a bridge
|*bridge fdb show* |*bridge fdb show*
|Shows a list of MACs in FDB(Forwarding Database entry) |Shows a list of MACs in FDB(Forwarding Database entry)
|*bridge fdb add 00:01:02:03:04:05 dev eth0 master* |*bridge fdb add 00:01:02:03:04:05 dev eth0 master*
|add a new fdb entry |add a new fdb entry
|*bridge fdb append to 00:00:00:00:00:00 dst 10.0.0.2 dev vxlan0* |*bridge fdb append to 00:00:00:00:00:00 dst 10.0.0.2 dev vxlan0*
|append a forwarding database entry |append a forwarding database entry
|*bridge fdb del 00:01:02:03:04:05 dev eth0 master* |*bridge fdb del 00:01:02:03:04:05 dev eth0 master*
|Deletes FDB entry |Deletes FDB entry
|*bridge vlan add dev bond0 vid 2 master* |*bridge vlan add dev bond0 vid 2 master*
|Create a new vlan |Create a new vlan
|*bridge vlan delete dev eth0 vid 2* |*bridge vlan delete dev eth0 vid 2*
|Delete a vlan |Delete a vlan
|*bridge vlan show* |*bridge vlan show*
|List all vlans |List all vlans
|*bridge link set dev eth0 guard on* |*bridge link set dev eth0 guard on*
|Disable/Enable BPDU proccessing on specific port |Disable/Enable BPDU proccessing on specific port
|*bridge link set dev eth1 cost 4* |*bridge link set dev eth1 cost 4*
|Setting STP Cost to a port |Setting STP Cost to a port
|*bridge link set dev eth1 root_block on* |*bridge link set dev eth1 root_block on*
|To set root guard on eth1 |To set root guard on eth1
|=== |===
== Reference == Reference
* https://manpages.debian.org/jessie/iproute2/ip-route.8.en.html * https://manpages.debian.org/jessie/iproute2/ip-route.8.en.html

206
cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.adoc
View File

@@ -1,103 +1,103 @@
= MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands = MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
*MRV Communications* (acquired in 2017 by ADVA Optical Networking) is an Israeli company known for their optical network equipment, most notably their Optiswitch Carrier Ethernet Switch series. The switches (OS904, OS906G, OS912) are not available for purchase from them anymore, but if you work for a telco company, you surely still have these boxes around doing their work. *MRV Communications* (acquired in 2017 by ADVA Optical Networking) is an Israeli company known for their optical network equipment, most notably their Optiswitch Carrier Ethernet Switch series. The switches (OS904, OS906G, OS912) are not available for purchase from them anymore, but if you work for a telco company, you surely still have these boxes around doing their work.
Unfortunately, with the merger and the end of sale, all the documentation disappeared as well. To help you a bit I bring below some debug and diagnostic commands to be run on the CLI. You can still find the datasheet here https://www.cornet-solutions.co.jp/pdf/mrv_os_900_sdb_a4_hi.pdf Unfortunately, with the merger and the end of sale, all the documentation disappeared as well. To help you a bit I bring below some debug and diagnostic commands to be run on the CLI. You can still find the datasheet here https://www.cornet-solutions.co.jp/pdf/mrv_os_900_sdb_a4_hi.pdf
You can see how output of the commands below looks like when run on the real MRV in my blog post: https://yurisk.info/2020/01/13/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands/. You can see how output of the commands below looks like when run on the real MRV in my blog post: https://yurisk.info/2020/01/13/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands/.
[cols=2*,options="header"] [cols=2*,options="header"]
|=== |===
|Command |Command
|Description |Description
|*no cli-paging/cli-paging* |*no cli-paging/cli-paging*
|Enable/disable paging the output. |Enable/disable paging the output.
|*show <smth> \| <include/begin/end/exclude> <search term>* |*show <smth> \| <include/begin/end/exclude> <search term>*
|Pipe output of some `show` command, e.g. find specific MAC address: `show lt \| include B1:12` (search terms are case sensitive). Also can pipe to few Linux commands, e.g. count number of learned/dynamic MACs: `show lt \| grep -c "DYNAMIC"` |Pipe output of some `show` command, e.g. find specific MAC address: `show lt \| include B1:12` (search terms are case sensitive). Also can pipe to few Linux commands, e.g. count number of learned/dynamic MACs: `show lt \| grep -c "DYNAMIC"`
|*show run* |*show run*
|Show the running configuration |Show the running configuration
|*show port* |*show port*
| Show port summary: state (on/off), speed, media (copper/sfp), duplex state | Show port summary: state (on/off), speed, media (copper/sfp), duplex state
|*show interface* |*show interface*
|List of logical/vlan interfaces, MAC addresses, IP address (if any) |List of logical/vlan interfaces, MAC addresses, IP address (if any)
|*show port detail _n_* |*show port detail _n_*
| Show details of the port number _n_: media type, speed/duplex configured and actual, state, shaping applied. | Show details of the port number _n_: media type, speed/duplex configured and actual, state, shaping applied.
|*show port statistics _n_* |*show port statistics _n_*
|Show real-time statistics: packets/bytes received/sent, CRC and other error count |Show real-time statistics: packets/bytes received/sent, CRC and other error count
|*show l2cntrl-protocol-counters* |*show l2cntrl-protocol-counters*
|Show counters of received/transmitted Layer 2 control protocols - LACP, MSTP, RSTP, OAM. |Show counters of received/transmitted Layer 2 control protocols - LACP, MSTP, RSTP, OAM.
|*show run ports* |*show run ports*
| Show running configuration for all ports | Show running configuration for all ports
|*show port tag* |*show port tag*
|Show tagging/vlans configured on each port |Show tagging/vlans configured on each port
|*show port sfp-diag _n_* |*show port sfp-diag _n_*
| Show real-time diagnostic data for the interface: TX/RX power in dBm, voltage, temperature | Show real-time diagnostic data for the interface: TX/RX power in dBm, voltage, temperature
|*show port sfp-params* |*show port sfp-params*
|Physical parameters of the SFP interface |Physical parameters of the SFP interface
|*show port rate _portnumber_ time _seconds_* |*show port rate _portnumber_ time _seconds_*
|Show the rate of the traffic passing the interface real-time |Show the rate of the traffic passing the interface real-time
|*monitor port statistics _portnumber_* |*monitor port statistics _portnumber_*
|Show the same data as `show port statistics` but refresh every other second |Show the same data as `show port statistics` but refresh every other second
|*(config)# port state disable/enable <n>* |*(config)# port state disable/enable <n>*
|Disable/enable MRV port number `n` (shut/no shut in Cisco terminology). Make sure you don't disable th eport you are connected through. |Disable/enable MRV port number `n` (shut/no shut in Cisco terminology). Make sure you don't disable th eport you are connected through.
|*(config)# port media-select <sfp/sfp100/copper/auto/sgmii>* |*(config)# port media-select <sfp/sfp100/copper/auto/sgmii>*
| Set manually type of physical interface installed in MRV. | Set manually type of physical interface installed in MRV.
|*(config)# port speed <10/100/1000/auto> <n/all>* |*(config)# port speed <10/100/1000/auto> <n/all>*
|Force specific speed settting for a port. |Force specific speed settting for a port.
|*show lt [port <port number> all]* |*show lt [port <port number> all]*
|Show MAC address table - static and learned dynamic. Output also gives timestamp when MAC address displayed was last changed. Optionally, specify port to show only MACs on this port. |Show MAC address table - static and learned dynamic. Output also gives timestamp when MAC address displayed was last changed. Optionally, specify port to show only MACs on this port.
|*(config)# clear lt* |*(config)# clear lt*
|Delete all learned MAC addresses from Learning Table. |Delete all learned MAC addresses from Learning Table.
|*show syslog <all/debug/info/warning/error/fatal> [start-date] [end-date]* |*show syslog <all/debug/info/warning/error/fatal> [start-date] [end-date]*
|Show logs per their severity. Optional start/end dates are in format `mm-dd-ff:mm:ss` . If remote syslog is configured in the MRV, there will be NO local logs, to verify - look in configuration `show run \| i rsyslog`. |Show logs per their severity. Optional start/end dates are in format `mm-dd-ff:mm:ss` . If remote syslog is configured in the MRV, there will be NO local logs, to verify - look in configuration `show run \| i rsyslog`.
|*clear syslog* |*clear syslog*
|Delete all local log entries. |Delete all local log entries.
|*show ver* |*show ver*
| Show the device model, hardware, fan status, OS installed, MAC address, serial number and uptime. | Show the device model, hardware, fan status, OS installed, MAC address, serial number and uptime.
|*show time* |*show time*
|Show system time. Important for checking alarms and logs |Show system time. Important for checking alarms and logs
|*show cpu* |*show cpu*
|CPU properties |CPU properties
|=== |===
Additionally see https://github.com/yuriskinfo/cheat-sheets/blob/master/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc Additionally see https://github.com/yuriskinfo/cheat-sheets/blob/master/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc

222
cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc
View File

@@ -1,111 +1,111 @@
= RAD ETX 203, 205, 220 debug and information commands = RAD ETX 203, 205, 220 debug and information commands
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Carrier Ethernet Devices by RAD (ETX-203AX, ETX-203AM, ETX-203AX-T, ETX-205A, ETX-220A) are quite popular with telco companies around the world for connecting end clients to the backbone at layer 2. And while reference documentation is available, I couldn't find the debug/information commands digest on the Internet at all. This post, I hope, comes to fill the gap. Carrier Ethernet Devices by RAD (ETX-203AX, ETX-203AM, ETX-203AX-T, ETX-205A, ETX-220A) are quite popular with telco companies around the world for connecting end clients to the backbone at layer 2. And while reference documentation is available, I couldn't find the debug/information commands digest on the Internet at all. This post, I hope, comes to fill the gap.
The commands below are meant to be run on the device CLI itself, not on provisioning system like RADview. You can see how output looks like when run on the real ETX on my blog post https://yurisk.info/2020/03/21/rad-etx-203-203-220-debug-and-information-commands-examples/. The commands below are meant to be run on the device CLI itself, not on provisioning system like RADview. You can see how output looks like when run on the real ETX on my blog post https://yurisk.info/2020/03/21/rad-etx-203-203-220-debug-and-information-commands-examples/.
[cols=2*,options="header"] [cols=2*,options="header"]
|=== |===
|Command |Command
|Description |Description
|*show configure port summary* |*show configure port summary*
| Show port summary: state (up/down), speed | Show port summary: state (up/down), speed
|*show config port _name_ status* |*show config port _name_ status*
| Show port status: administrative and operational states, speed/duplex, connector type, MAC address, and most important (for fiber) - RX/TX signal power (dBm) | Show port status: administrative and operational states, speed/duplex, connector type, MAC address, and most important (for fiber) - RX/TX signal power (dBm)
|*show config port _name_ statistics* |*show config port _name_ statistics*
| Statistics of the port: total bits/frames passed, maximum/minimum bits/sec seen, and most | Statistics of the port: total bits/frames passed, maximum/minimum bits/sec seen, and most
interesting - CRC errors, error frames, oversize frames, discards, CV/ES/SES/FC stats for interesting - CRC errors, error frames, oversize frames, discards, CV/ES/SES/FC stats for
E1 lines. E1 lines.
|*config port ethernet _number_* |*config port ethernet _number_*
*clear-statistics* *clear-statistics*
|Clear all statistics/counters for this port. |Clear all statistics/counters for this port.
|*config flow* |*config flow*
*flow _flow-name_* *flow _flow-name_*
*show statistics running* *show statistics running*
|Show detailed counters for the given flow, will include `bps`, max/min `bps` seen after reboot, `drops` if any. |Show detailed counters for the given flow, will include `bps`, max/min `bps` seen after reboot, `drops` if any.
|*config port _name_* |*config port _name_*
*rate-measure interval _seconds_* *rate-measure interval _seconds_*
*show rate* *show rate*
| Show port utilization in bits/sec in real-time | Show port utilization in bits/sec in real-time
|_Responder:_ |_Responder:_
*config flow* *config flow*
*service-ping-response local-ip 13.13.13.2/30 next-hop 13.13.13.1 egress-port ethernet 4/2 vlan 777* *service-ping-response local-ip 13.13.13.2/30 next-hop 13.13.13.1 egress-port ethernet 4/2 vlan 777*
_Ping sender:_ _Ping sender:_
*config flow* *config flow*
service-ping local-ip 13.13.13.1/30 dst-ip 13.13.13.2 next-hop 13.13.13.2 egress-port ethernet 4/1 vlan 777 number-of-packets 10 payload-size 1450 service-ping local-ip 13.13.13.1/30 dst-ip 13.13.13.2 next-hop 13.13.13.2 egress-port ethernet 4/1 vlan 777 number-of-packets 10 payload-size 1450
|Send ping over the client vlan in Service Provider network (here 777) from ETX |Send ping over the client vlan in Service Provider network (here 777) from ETX
to ETX to measure latency and packet loss. You configure one ETX as a responder to ETX to measure latency and packet loss. You configure one ETX as a responder
and another one as a sender. and another one as a sender.
|*show configure flows summary brief* |*show configure flows summary brief*
|List all flows configured on this ETX briefly |List all flows configured on this ETX briefly
|*show configure flows summary details* |*show configure flows summary details*
|List all flows configured on this ETX with details |List all flows configured on this ETX with details
|*config flow _name_* |*config flow _name_*
*mac-learning* *mac-learning*
*show mac-table* *show mac-table*
*no mac-learning* *no mac-learning*
|Enable MAC address learning inside a flow and show the MAC table. The _flow_ should be the one where |Enable MAC address learning inside a flow and show the MAC table. The _flow_ should be the one where
those MAC addresses are supposed to be learned, and in the appropriate those MAC addresses are supposed to be learned, and in the appropriate
direction. E.g. if the equipment of the end client is connected to ETX port direction. E.g. if the equipment of the end client is connected to ETX port
`ethernet 0/10`, then you should run this command under the flow that has `ethernet 0/10`, then you should run this command under the flow that has
`ingress port 0/10`, to see if the ETX can see client's equipment. WARNING: `ingress port 0/10`, to see if the ETX can see client's equipment. WARNING:
after showing the results, make sure to disable the MAC learning, as it may after showing the results, make sure to disable the MAC learning, as it may
interfere with the client's traffic. interfere with the client's traffic.
|*show config system system-date* |*show config system system-date*
| Show system time of the appliance, important for logs/alarms correlation. | Show system time of the appliance, important for logs/alarms correlation.
|*show config reporting brief-alarm-log* |*show config reporting brief-alarm-log*
|Show alarms log, their severity/state/last raised time |Show alarms log, their severity/state/last raised time
|*exit all* |*exit all*
|Exit all sub-configuration modes to the top level. |Exit all sub-configuration modes to the top level.
|*show file startup* |*show file startup*
|Show startup configuration. |Show startup configuration.
|*save* |*save*
|Save the configuration. |Save the configuration.
|*clear-statistics* |*clear-statistics*
|Clear all statistics (at the highest config level) - errors on interfaces, bytes sent/received, etc. |Clear all statistics (at the highest config level) - errors on interfaces, bytes sent/received, etc.
|*admin* |*admin*
*reboot* *reboot*
|Reboot the device. |Reboot the device.
|=== |===

286
cheat-sheets/Route53-AWS-CLI-examples.adoc
View File

@@ -1,143 +1,143 @@
= Route53 AWS CLI examples cookbook = Route53 AWS CLI examples cookbook
:homepage: https://yurisk.info :homepage: https://yurisk.info
:toc: :toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Short Introduction == Short Introduction
* AWS Route53 is the only service with 100% SLA. * AWS Route53 is the only service with 100% SLA.
* Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the * Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the
rest are registered via _Gandi SAS_ rest are registered via _Gandi SAS_
== List all hosted zones (private and public) == List all hosted zones (private and public)
[source, bash] [source, bash]
---- ----
aws route53 list-hosted-zones aws route53 list-hosted-zones
---- ----
If you are using configuration profiles: If you are using configuration profiles:
[source, bash] [source, bash]
---- ----
aws route53 list-hosted-zones --profile <profile-name> aws route53 list-hosted-zones --profile <profile-name>
---- ----
This command returns _zone-id_ you will need in future queries. This command returns _zone-id_ you will need in future queries.
== Show all records of a zone == Show all records of a zone
[source, bash] [source, bash]
---- ----
aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT
---- ----
=== Filter output for specific records === Filter output for specific records
Show all and only A records from a zone: Show all and only A records from a zone:
---- ----
aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \ aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \
--query "ResourceRecordSets[?Type == 'A'] " --query "ResourceRecordSets[?Type == 'A'] "
---- ----
Show only records matching the given record value (here _www.yurisk.info_): Show only records matching the given record value (here _www.yurisk.info_):
---- ----
aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \ aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \
--query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] "
---- ----
NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken` NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken`
if you expect to get more results. if you expect to get more results.
== Create a new public zone == Create a new public zone
Create a new public zone named _example334455.com_: Create a new public zone named _example334455.com_:
---- ----
aws route53 create-hosted-zone --name example334455.com \ aws route53 create-hosted-zone --name example334455.com \
--caller-reference some-text-for-me-for-reference --caller-reference some-text-for-me-for-reference
---- ----
On success returns zone's ID, request status (e.g. `Pending`), allocated name On success returns zone's ID, request status (e.g. `Pending`), allocated name
servers. The `caller-reference` you set is used for identifying this request in servers. The `caller-reference` you set is used for identifying this request in
logs etc. and can be arbitrary string. logs etc. and can be arbitrary string.
== Add A record to a zone == Add A record to a zone
While mainly expected to store the record in JSON format in a local file, we While mainly expected to store the record in JSON format in a local file, we
can specify the record(s) to add explicitly with `--change-batch`. Let's add A can specify the record(s) to add explicitly with `--change-batch`. Let's add A
record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_: record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_:
---- ----
aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \ aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
--change-batch ' --change-batch '
{ {
"Comment": "Adding A record", "Comment": "Adding A record",
"Changes": [ "Changes": [
{ {
"Action": "CREATE", "Action": "CREATE",
"ResourceRecordSet": { "ResourceRecordSet": {
"Name": "www.example334455.com", "Name": "www.example334455.com",
"Type": "A", "Type": "A",
"TTL": 600, "TTL": 600,
"ResourceRecords": [ "ResourceRecords": [
{ {
"Value": "1.2.3.4" "Value": "1.2.3.4"
} }
] ]
} }
} }
] ]
} }
' '
---- ----
== Delete a record from a zone == Delete a record from a zone
Let's delete the A record just created _www.example334455.com_ (we use Let's delete the A record just created _www.example334455.com_ (we use
`Action:DELETE`): `Action:DELETE`):
---- ----
aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \ aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
--change-batch ' --change-batch '
{ {
"Comment": "Adding A record", "Comment": "Adding A record",
"Changes": [ "Changes": [
{ {
"Action": "DELETE", "Action": "DELETE",
"ResourceRecordSet": { "ResourceRecordSet": {
"Name": "www.example334455.com", "Name": "www.example334455.com",
"Type": "A", "Type": "A",
"TTL": 600, "TTL": 600,
"ResourceRecords": [ "ResourceRecords": [
{ {
"Value": "1.2.3.4" "Value": "1.2.3.4"
} }
] ]
} }
} }
] ]
} }
' '
---- ----
== Delete a zone completely == Delete a zone completely
NOTE: You cannot delete a non-empty zone, have to 1st delete all records except NOTE: You cannot delete a non-empty zone, have to 1st delete all records except
NS. NS.
Trying to delete a zone with other than NS records gives this error: Trying to delete a zone with other than NS records gives this error:
---- ----
An error occurred (HostedZoneNotEmpty) when calling the DeleteHostedZone An error occurred (HostedZoneNotEmpty) when calling the DeleteHostedZone
operation: The specified hosted zone contains non-required resource record operation: The specified hosted zone contains non-required resource record
sets and so cannot be deleted sets and so cannot be deleted
---- ----
We delete the empty zone _example334455.com_: We delete the empty zone _example334455.com_:
---- ----
aws route53 delete-hosted-zone --id Z0967968IADGHN5TI3WW aws route53 delete-hosted-zone --id Z0967968IADGHN5TI3WW
---- ----

126
cheat-sheets/Windows-cmd-shell-batch-scripting-cheat-sheet.adoc
View File

@@ -1,63 +1,63 @@
= Windows cmd shell batch scripting cheat sheet = Windows cmd shell batch scripting cheat sheet
Yuri Slobodyanyuk <admin@yurisk.info> Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2022-08-31 v1.0, 2022-08-31
:homepage: https://yurisk.info :homepage: https://yurisk.info
:toc: :toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Controlling scripts themselves == Controlling scripts themselves
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*rem* |*rem*
|Start a comment, till the end of line. It can be used to comment out a whole line or part of it. |Start a comment, till the end of line. It can be used to comment out a whole line or part of it.
|*cls* |*cls*
|Clear the screen buffer. |Clear the screen buffer.
|*echo _text to display_* |*echo _text to display_*
*echo off/on* *echo off/on*
*echo.* *echo.*
|Print text on line, or, with `off/on` switch without text, turn off/on echoing the commands being run. |Print text on line, or, with `off/on` switch without text, turn off/on echoing the commands being run.
Usually, you set `echo off` as the 1st line in a batch script, and the `echo on` as the last line. Turning Usually, you set `echo off` as the 1st line in a batch script, and the `echo on` as the last line. Turning
echoing off does not hide _output_ of the commands run, just the commands themselves. The 3rd option is `echo` followed immediately echoing off does not hide _output_ of the commands run, just the commands themselves. The 3rd option is `echo` followed immediately
by _dot_ and it causes echo to print a blank line (an dthis is the only way to do so). by _dot_ and it causes echo to print a blank line (an dthis is the only way to do so).
|*@* |*@*
|Turn off echoing only for the command preceded by this @. E.g. `@echo off` to prevent the _echo off_ |Turn off echoing only for the command preceded by this @. E.g. `@echo off` to prevent the _echo off_
being printed itself. being printed itself.
|*title _Title bar text_* |*title _Title bar text_*
|Change the title of the cmd.exe window for this session. As a rule of a good style, change _title_ on each stage of the |Change the title of the cmd.exe window for this session. As a rule of a good style, change _title_ on each stage of the
script, to let users know what the script is doing. script, to let users know what the script is doing.
|=== |===
== Script arguments == Script arguments
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|%_n_ |%_n_
|Positional argument to the script from the command line. _n_ can be from 0 to 9. |Positional argument to the script from the command line. _n_ can be from 0 to 9.
|%0 |%0
|The script name. The actual arguments to the script start with %1. |The script name. The actual arguments to the script start with %1.
E.g. `echo The script was called as %0, with the %1 as the first argument` E.g. `echo The script was called as %0, with the %1 as the first argument`
|%* |%*
|The rest of the positional arguments after the 9th altogether. The individual args are not accessible directly, use `SHIFT`-ing. |The rest of the positional arguments after the 9th altogether. The individual args are not accessible directly, use `SHIFT`-ing.
|*shift [/_n_]* |*shift [/_n_]*
|Shift positional arguments by one. If `/n` is given, will shift starting with n+1. E.g. `shift /4` will shift 5th to become 4th, |Shift positional arguments by one. If `/n` is given, will shift starting with n+1. E.g. `shift /4` will shift 5th to become 4th,
6th will become 5th, and so on, while arguments before 4 will stay untouched. 6th will become 5th, and so on, while arguments before 4 will stay untouched.
|=== |===

136
cheat-sheets/Windows-cmd-shell-tips.adoc
View File

@@ -1,68 +1,68 @@
= Windows cmd.exe shell tips for productivity = Windows cmd.exe shell tips for productivity
Yuri Slobodyanyuk <admin@yurisk.info> Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2023-03-07 v1.0, 2023-03-07
:homepage: https://yurisk.info :homepage: https://yurisk.info
:toc: :toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== doskey == doskey
[cols=2, options="headers"] [cols=2, options="headers"]
|=== |===
|Command |Command
|Description |Description
|Up Arrow |Up Arrow
|Recall previous command. |Recall previous command.
|Down Arrow |Down Arrow
|Recall next command |Recall next command
|Page Up |Page Up
|Recall the 1st/oldest command in the current session. |Recall the 1st/oldest command in the current session.
|Page Down |Page Down
|Recall the most recent command in this session. |Recall the most recent command in this session.
|Ctrl + Left Arrow |Ctrl + Left Arrow
|Move cursor back one word. |Move cursor back one word.
|Ctrl + Right Arrow |Ctrl + Right Arrow
|Move cursor right one word. |Move cursor right one word.
|Home |Home
|Move cursor to the beginning of the line. |Move cursor to the beginning of the line.
|End |End
|Move cursor to the end of the line. |Move cursor to the end of the line.
|Esc |Esc
|Clear the command from the display. |Clear the command from the display.
|Right Click on title -> Properties -> Options -> Buffer size |Right Click on title -> Properties -> Options -> Buffer size
|Increase/decrease the commands history buffer size. Note: `doskey |Increase/decrease the commands history buffer size. Note: `doskey
/listsize=<n>` stopped working on Windows 10 somewhere in 2021. /listsize=<n>` stopped working on Windows 10 somewhere in 2021.
|*doskey /history* |*doskey /history*
|Show all commands in the buffer. |Show all commands in the buffer.
|*doskey _macroName_ = _command to run_* |*doskey _macroName_ = _command to run_*
|Record a macro for this session. E.g. to save some typing: |Record a macro for this session. E.g. to save some typing:
`doskey ro = route print`, now we can use `ro` to run `route print`. `doskey ro = route print`, now we can use `ro` to run `route print`.
The macros are not saved, and disappear after closing the cmd.exe, The macros are not saved, and disappear after closing the cmd.exe,
unless saved in a batch file. unless saved in a batch file.
|*doskey /macros* |*doskey /macros*
|Show all macros defined for this session. |Show all macros defined for this session.
|=== |===
== References == References
* https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/doskey * https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/doskey

10
cheat-sheets/custom-theme.yml
View File

@@ -1,5 +1,5 @@
extends: default extends: default
footer: footer:
verso: verso:
center: center:
content: ' https://www.linkedin.com/in/yurislobodyanyuk/ {doctitle}' content: ' https://www.linkedin.com/in/yurislobodyanyuk/ {doctitle}'

754
cheat-sheets/fortigate-ssl-vpn-hardening-guide.adoc
View File

@@ -1,377 +1,377 @@
= Fortigate VPN SSL Hardening Guide = Fortigate VPN SSL Hardening Guide
:source-highlighter: rouge :source-highlighter: rouge
:title: Fortigate VPN SSL Hardening Guide :title: Fortigate VPN SSL Hardening Guide
:date: 2023-03-15 09:55:25+00:00 :date: 2023-03-15 09:55:25+00:00
:toc: :toc:
Last updated: 19.03.2023 Last updated: 19.03.2023
== Introduction == Introduction
This guide is the result of closely following Fortigate VPN SSL vulnerabilities This guide is the result of closely following Fortigate VPN SSL vulnerabilities
over the years, actual cases of compromised firewalls, operational manuals and over the years, actual cases of compromised firewalls, operational manuals and
reports of multiple gangs (e.g. _Conti manuals_) and my experience with Fortigates reports of multiple gangs (e.g. _Conti manuals_) and my experience with Fortigates
of 15+ years and counting. By implementing all/some of the measures below you of 15+ years and counting. By implementing all/some of the measures below you
will make your SSL VPN on Fortigate substantially harder to break in and thus less will make your SSL VPN on Fortigate substantially harder to break in and thus less
attractive to the attackers. attractive to the attackers.
== Change the default SSL VPN port 10443/443 to anything else == Change the default SSL VPN port 10443/443 to anything else
This security by obscurity actually works. In most cases, the attackers do This security by obscurity actually works. In most cases, the attackers do
not target specific companies, but are looking for low hanging fruit. And the not target specific companies, but are looking for low hanging fruit. And the
easiest way to do so is to scan for known ports/services. And both, 443 and 10443, are easiest way to do so is to scan for known ports/services. And both, 443 and 10443, are
well known Fortigate listening ports. It is even easier - just search well known Fortigate listening ports. It is even easier - just search
Shodan/Censys for "Fortigate" and currently Shodan has 185K results for port Shodan/Censys for "Fortigate" and currently Shodan has 185K results for port
10443, and Censys 317K. That was what happened with a large VPN 10443, and Censys 317K. That was what happened with a large VPN
credentials leak 2 years ago credentials leak 2 years ago
https://www.linkedin.com/pulse/50000-vpn-usernames-passwords-from-fortigates-around-we-slobodyanyuk/ https://www.linkedin.com/pulse/50000-vpn-usernames-passwords-from-fortigates-around-we-slobodyanyuk/
- all of the affected Fortigates were listening on either 443 or 10443 ports. - all of the affected Fortigates were listening on either 443 or 10443 ports.
The possible downside can be that VPN users connecting via WiFi in hotels/caffe The possible downside can be that VPN users connecting via WiFi in hotels/caffe
may have outgoing ports blocked except 443, but with cellular packages being so may have outgoing ports blocked except 443, but with cellular packages being so
cheap today, it is viable for them to use their phone as hotspot for VPN cheap today, it is viable for them to use their phone as hotspot for VPN
connectionis and avoid using public WiFi altogether. connectionis and avoid using public WiFi altogether.
image::x-fortigate-ssl-vpn-change-port.png[] image::x-fortigate-ssl-vpn-change-port.png[]
On the CLI: On the CLI:
---- ----
config vpn ssl settings config vpn ssl settings
set port 13123 set port 13123
---- ----
== Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA == Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA
In general, keeping all the security info in one box (Fortigate here) is a bad In general, keeping all the security info in one box (Fortigate here) is a bad
practice. The mentioned vulnerability CVE-2018-13379 affected only Fortigates practice. The mentioned vulnerability CVE-2018-13379 affected only Fortigates
with local VPN users having local authentication. Additionally, you give up with local VPN users having local authentication. Additionally, you give up
password policies, centralized system to expire/change passwords, password policies, centralized system to expire/change passwords,
non-repeatability of the passwords etc. with such locally authenticated on the non-repeatability of the passwords etc. with such locally authenticated on the
Fortigate users. Integrating user authentication with existing user database Fortigate users. Integrating user authentication with existing user database
(LDAP/Active Directory/Cloud AD) is a breeze in Fortigate. (LDAP/Active Directory/Cloud AD) is a breeze in Fortigate.
== Enable Multi-Factor Authentication for VPN users == Enable Multi-Factor Authentication for VPN users
ANY form of MFA will be better than none. Hardware Fortigate come with 2 mobile ANY form of MFA will be better than none. Hardware Fortigate come with 2 mobile
application FortiTokens for free. Additionally, you can use SMS as MFA, but will application FortiTokens for free. Additionally, you can use SMS as MFA, but will
cost you money, or email that is completely free. cost you money, or email that is completely free.
The email as MFA is not visible nor enabled by default, so I wrote a short guide The email as MFA is not visible nor enabled by default, so I wrote a short guide
how to use it how to use it
https://yurisk.info/2020/03/01/fortigate-enable-e-mail-as-mfa-and-increase-token-validity-time/[enable e-mail as a two-factor authentication for a user and increase token timeout] https://yurisk.info/2020/03/01/fortigate-enable-e-mail-as-mfa-and-increase-token-validity-time/[enable e-mail as a two-factor authentication for a user and increase token timeout]
And of course, any 3rd party providing MFA can be used via RADIUS protocol And of course, any 3rd party providing MFA can be used via RADIUS protocol
(Okta/Azure/Duo/etc.) (Okta/Azure/Duo/etc.)
There is also option of _client_ PKI certificates as MFA, which is quite secure, There is also option of _client_ PKI certificates as MFA, which is quite secure,
but also is most complex in setting up of all. Client certificates do not work but also is most complex in setting up of all. Client certificates do not work
together with SAML authentication (Azure/etc.), which is also a disadvantage. together with SAML authentication (Azure/etc.), which is also a disadvantage.
== Limit access to VPN SSL portal to specific IP addresses == Limit access to VPN SSL portal to specific IP addresses
If your users happen to have static IP addresses assigned by their ISP, it is an excellent way to If your users happen to have static IP addresses assigned by their ISP, it is an excellent way to
limit exposure of VPN SSL portal. limit exposure of VPN SSL portal.
image::x-fortigate-vpn-ssl-allow-specific-ips.png[] image::x-fortigate-vpn-ssl-allow-specific-ips.png[]
== Move VPN SSL listening interface to a Loopback interface == Move VPN SSL listening interface to a Loopback interface
This step will give an additional security control - Security Rule. This step will give an additional security control - Security Rule.
The benefits of which are: The benefits of which are:
* The rule is highly visible, not hidden in CLI as Local-in Policy. * The rule is highly visible, not hidden in CLI as Local-in Policy.
* It will have detailed traffic & security logs. * It will have detailed traffic & security logs.
* It enables to turn SSL VPN access on and off on a time schedule. * It enables to turn SSL VPN access on and off on a time schedule.
* Allows us to disable SSL VPN access in one click (just disable this security * Allows us to disable SSL VPN access in one click (just disable this security
rule) without deleting anything. rule) without deleting anything.
* Makes possible to use ISDB address objects (See below on blocking Tor Exit * Makes possible to use ISDB address objects (See below on blocking Tor Exit
Nodes). Nodes).
* And finally, as SSL VPN is NOT hardware-accelerated on any Fortigate, no matter where it * And finally, as SSL VPN is NOT hardware-accelerated on any Fortigate, no matter where it
is set, on physical or Loopback interface, no reason to avoid Loopback here. is set, on physical or Loopback interface, no reason to avoid Loopback here.
To set it up: To set it up:
* Create a Loopback interface (here _Loop33_ with IP of _13.13.13.13_, not shown) * Create a Loopback interface (here _Loop33_ with IP of _13.13.13.13_, not shown)
* Enable VPN SSL on this Loopback in VPN SSL Settings: * Enable VPN SSL on this Loopback in VPN SSL Settings:
image::x-fortigate-ssl-vpn-loopback-vpn-setings.png[] image::x-fortigate-ssl-vpn-loopback-vpn-setings.png[]
* Allow access to the Loopback on the listening port from the Internet. I use _all_ as a * Allow access to the Loopback on the listening port from the Internet. I use _all_ as a
source (rule id _2_) source (rule id _2_)
here, but see other recommendations on limiting source IP for finer control: here, but see other recommendations on limiting source IP for finer control:
image::x-fortigate-ssl-vpn-loopback-security-rule.png[] image::x-fortigate-ssl-vpn-loopback-security-rule.png[]
== (Less preferred than above) Limit access to SSL VPN portal in Local-in Policy == (Less preferred than above) Limit access to SSL VPN portal in Local-in Policy
The idea here is that unlike limits in the VPN SSL Settings, limits in the The idea here is that unlike limits in the VPN SSL Settings, limits in the
Local-in Policy come before any traffic reaches VPN SSL daemon. Starting with Local-in Policy come before any traffic reaches VPN SSL daemon. Starting with
FortiOS 7.2 we can also use in Local-in Policies GeoIP objects, external feeds (I FortiOS 7.2 we can also use in Local-in Policies GeoIP objects, external feeds (I
haven't seen much benefit in them though). As I mentioned above, due to CLI-only haven't seen much benefit in them though). As I mentioned above, due to CLI-only
nature of the Local-in Policy, it is more manageable to use rather Loopback for nature of the Local-in Policy, it is more manageable to use rather Loopback for
SSL VPN connections. But Local-in policy can do the job as well, see some SSL VPN connections. But Local-in policy can do the job as well, see some
examples of using it here examples of using it here
https://yurisk.info/2022/07/04/fortigate-local-in-policy-configuration-examples-for-vpn-ipsec-vpn-ssl-bgp-and-more/[Fortigate Local-in policy configuration examples for VPN IPSec, VPN SSL, BGP and more] and https://yurisk.info/2020/06/07/fortigate-local-in-policy/[Fortigate Local in Policy what it does and how to change/configure it] https://yurisk.info/2022/07/04/fortigate-local-in-policy-configuration-examples-for-vpn-ipsec-vpn-ssl-bgp-and-more/[Fortigate Local-in policy configuration examples for VPN IPSec, VPN SSL, BGP and more] and https://yurisk.info/2020/06/07/fortigate-local-in-policy/[Fortigate Local in Policy what it does and how to change/configure it]
== Limit access to portal by GeoIP location == Limit access to portal by GeoIP location
When your users are located in a specific country(s), it is advisable to at When your users are located in a specific country(s), it is advisable to at
least limit access to the VPN to those countries. E.g. for users coming from least limit access to the VPN to those countries. E.g. for users coming from
Israel: Israel:
* Create an address of type _Geography_: * Create an address of type _Geography_:
image::x-fortigate-ssl-vpn-geography.png[] image::x-fortigate-ssl-vpn-geography.png[]
* Use it in VPN SSL Settings: * Use it in VPN SSL Settings:
image::x-fortigate-ssl-vpn-geoip-vpn-settings.png[] image::x-fortigate-ssl-vpn-geoip-vpn-settings.png[]
The option to use Geo objects appeared in newer FortiOS, so if you have an older The option to use Geo objects appeared in newer FortiOS, so if you have an older
version, moving SSL VPN to loopback interface will give you this option. version, moving SSL VPN to loopback interface will give you this option.
== Block access to/from Tor Exit Nodes and Relays to anything == Block access to/from Tor Exit Nodes and Relays to anything
Attackers using Tor are pretty much untraceable, so this motivates them to Attackers using Tor are pretty much untraceable, so this motivates them to
brute-force from Tor network a lot. Again, it is possible to implement only when your SSL VPN is listening on the Loopback brute-force from Tor network a lot. Again, it is possible to implement only when your SSL VPN is listening on the Loopback
interface - neither VPN Settings, nor Local-in Policy accept ISDB addresses so interface - neither VPN Settings, nor Local-in Policy accept ISDB addresses so
far. Just use the ISDB objects for Tor Exit Nodes and Relays, and VPN far. Just use the ISDB objects for Tor Exit Nodes and Relays, and VPN
Anonymizers in the Anonymizers in the
security rule that is above the VPN SSL rule to block them. security rule that is above the VPN SSL rule to block them.
image::x-fortigate-ssl-vpn-tor-exit-nodes.png[] image::x-fortigate-ssl-vpn-tor-exit-nodes.png[]
Security Rule to block access from Tor to the Loopback interface where SSL VPN Security Rule to block access from Tor to the Loopback interface where SSL VPN
is listening: is listening:
image::x-fortigate-ssl-vpn-block-tor-to-loopback.png[] image::x-fortigate-ssl-vpn-block-tor-to-loopback.png[]
== Install trusted CA-issued certificate, but don't issue Let's Encrypt certificates directly on the Fortigate == Install trusted CA-issued certificate, but don't issue Let's Encrypt certificates directly on the Fortigate
Users, and people in general, are suspicious of anything strange/new/unknown. If Users, and people in general, are suspicious of anything strange/new/unknown. If
they get used to a valid TLS certificate from a trusted CA Authority on each they get used to a valid TLS certificate from a trusted CA Authority on each
login into VPN SSL, they will immediately catch the browser error when being login into VPN SSL, they will immediately catch the browser error when being
exposed to Man-in-the-middle attack. Users are your friends, just teach them exposed to Man-in-the-middle attack. Users are your friends, just teach them
good habits and they will be your allies. good habits and they will be your allies.
_Let's encrypt_ certificates - yes, they are free and trusted. But, issuing them _Let's encrypt_ certificates - yes, they are free and trusted. But, issuing them
directly on the Fortigate has 2 disadvantages: directly on the Fortigate has 2 disadvantages:
. It enables _Acme_ protocol daemon to listen on port 80, and it HAS to be open . It enables _Acme_ protocol daemon to listen on port 80, and it HAS to be open
from ANY for auto-renewal to work, and exposing any additional daemon to the from ANY for auto-renewal to work, and exposing any additional daemon to the
Internet is a bad idea. To be exact - you need to have port 80 open only for the Internet is a bad idea. To be exact - you need to have port 80 open only for the
period of issuing/renewing the certificate. So, you may, if you want to, enable period of issuing/renewing the certificate. So, you may, if you want to, enable
incoming port 80 from any when requesting certificate, then close the port until incoming port 80 from any when requesting certificate, then close the port until
time comes to renew it. But then it is no different from manually requesting and time comes to renew it. But then it is no different from manually requesting and
importing. importing.
. It does not support requesting _wildcard_ certificates, only a specific . It does not support requesting _wildcard_ certificates, only a specific
subdomain one. And this has additional downside - your VPN subdomain gets logged subdomain one. And this has additional downside - your VPN subdomain gets logged
on the Internet for everyone to see. Just search here on the Internet for everyone to see. Just search here
https://crt.sh/?q=yurisk.com https://crt.sh/?q=yurisk.com
I do use Let's Encrypt certificates, but on a separate I do use Let's Encrypt certificates, but on a separate
Linux server from which I export then import the certificates to the Fortigate Linux server from which I export then import the certificates to the Fortigate
manually. manually.
== Configure email alert on each successful VPN SSL connection == Configure email alert on each successful VPN SSL connection
Why on successful and not failed? The real-life experience proves that Why on successful and not failed? The real-life experience proves that
after _nth_ alert on failed login in a day, people stop looking at them after _nth_ alert on failed login in a day, people stop looking at them
at all. And in my opinion, the successful log in is more important than the at all. And in my opinion, the successful log in is more important than the
failed one. failed one.
I am working on a collection of automation stitches that will include also this I am working on a collection of automation stitches that will include also this
email alert, follow me for updates on this. email alert, follow me for updates on this.
== Prevent re-using the same user account to connect in parallel == Prevent re-using the same user account to connect in parallel
You can, by default, connect with the same VPN user from different locations at You can, by default, connect with the same VPN user from different locations at
the same time. To somewhat improve on this, disable simultaneous logins for the same time. To somewhat improve on this, disable simultaneous logins for
users. This way, the connected user will be disconnected when someone else logs users. This way, the connected user will be disconnected when someone else logs
in with his/her credentials - this would alert the user that something fishy is in with his/her credentials - this would alert the user that something fishy is
going on. You set this feature per Portal. going on. You set this feature per Portal.
image::x-fortigate-ssl-vpn-limit-logins-per-user.png[] image::x-fortigate-ssl-vpn-limit-logins-per-user.png[]
On CLI: On CLI:
---- ----
config vpn ssl web portal config vpn ssl web portal
edit "full-access" edit "full-access"
set limit-user-logins enable set limit-user-logins enable
end end
---- ----
== In security rules, allow access only to specific destinations and services, not _all_ == In security rules, allow access only to specific destinations and services, not _all_
I see it many times - to save few clicks, admins put in the _Destination_ column I see it many times - to save few clicks, admins put in the _Destination_ column
of the SSL VPN security rule _all_/whole LAN, instead of specific host(s) with of the SSL VPN security rule _all_/whole LAN, instead of specific host(s) with
specific services. If attackers get hold of VPN connection to the Fortigate, specific services. If attackers get hold of VPN connection to the Fortigate,
they will mass scan internal LAN for AD Domain Controllers, SMB shares, they will mass scan internal LAN for AD Domain Controllers, SMB shares,
enumerate all hosts and none of this will happen if you harden the VPN Remote enumerate all hosts and none of this will happen if you harden the VPN Remote
Access rules to specific services and hosts. Access rules to specific services and hosts.
image::x-fortigate-ssl-rule-to-specific-services.png[] image::x-fortigate-ssl-rule-to-specific-services.png[]
== If not using VPN SSL, disable it, or assign to a dummy interface == If not using VPN SSL, disable it, or assign to a dummy interface
The VPN SSL setting is *on* by default, which is ok - as long as there is no The VPN SSL setting is *on* by default, which is ok - as long as there is no
listening interface assigned to it and no security rules using `ssl.root` listening interface assigned to it and no security rules using `ssl.root`
exist, the service will NOT listen actually. On some FortiOS versions you have exist, the service will NOT listen actually. On some FortiOS versions you have
to do it on CLI. If you want to disable temporarily SSL VPN without deleting to do it on CLI. If you want to disable temporarily SSL VPN without deleting
anything, you could, besides clicking on _Disable_, assign it a Loopback anything, you could, besides clicking on _Disable_, assign it a Loopback
interface which you also put in a _Down_ state. interface which you also put in a _Down_ state.
image::x-fortigate-ssl-vpn-assign-loopback-which-is-disabled.png[] image::x-fortigate-ssl-vpn-assign-loopback-which-is-disabled.png[]
On CLI: On CLI:
---- ----
config vpn ssl settings config vpn ssl settings
set status disable set status disable
set source-interface Loop1 set source-interface Loop1
end end
---- ----
== Create a no-access portal and set it as default in the VPN settings == Create a no-access portal and set it as default in the VPN settings
Once you have VPN SSL enabled, you *have* to specify the default portal Once you have VPN SSL enabled, you *have* to specify the default portal
to which all unmapped to portals users will be assigned. To prevent unintended to which all unmapped to portals users will be assigned. To prevent unintended
users/groups connecting via this default portal, create the one disabling all users/groups connecting via this default portal, create the one disabling all
the access inside it and then set it as the default. the access inside it and then set it as the default.
* Create a portal with no factual access: * Create a portal with no factual access:
---- ----
config vpn ssl web portal config vpn ssl web portal
edit DefaultNoAccess edit DefaultNoAccess
set tunnel-mode disable set tunnel-mode disable
set web-mode disable set web-mode disable
set ipv6-tunnel-mode disable set ipv6-tunnel-mode disable
next next
end end
---- ----
* Make it the default portal: * Make it the default portal:
---- ----
config vpn ssl setting config vpn ssl setting
set default-portal DefaultNoAccess set default-portal DefaultNoAccess
end end
---- ----
IMPORTANT: Make sure you have the relevant users/groups mapped to other, working portals, before doing this. IMPORTANT: Make sure you have the relevant users/groups mapped to other, working portals, before doing this.
== Block offending IP after _n_ failed attempts == Block offending IP after _n_ failed attempts
This slows down brute-force and scanning attacks on VPN SSL. This feature is on This slows down brute-force and scanning attacks on VPN SSL. This feature is on
by default, but the block duration is just 60 seconds. You will want to by default, but the block duration is just 60 seconds. You will want to
tune it to your environment and users. I usually set number of failed login tune it to your environment and users. I usually set number of failed login
attempts to 3, then block the offender for 10 minutes. In many cases it was attempts to 3, then block the offender for 10 minutes. In many cases it was
enough for accidental attackers to give up and move to another target. enough for accidental attackers to give up and move to another target.
This can be configured in CLI: This can be configured in CLI:
---- ----
config vpn ssl settings config vpn ssl settings
set login-attempt-limit 3 set login-attempt-limit 3
set login-block-time 600 set login-block-time 600
end end
---- ----
Here I block the IP for 10 minutes after 3 unsuccessful authentication attempts. Here I block the IP for 10 minutes after 3 unsuccessful authentication attempts.
The maximum duration of blocking is 86400 seconds, or 24 hours. The maximum duration of blocking is 86400 seconds, or 24 hours.
== Disable weak and outdated TLS protocols for SSL VPN == Disable weak and outdated TLS protocols for SSL VPN
Even with newer FortiOS versions VPN SSL by default supports TLS 1.1, and TLS Even with newer FortiOS versions VPN SSL by default supports TLS 1.1, and TLS
1.2 versions that are outdated and recommended against usage everywhere. You can 1.2 versions that are outdated and recommended against usage everywhere. You can
set SSL VPN to use only TLS 1.2 & 1.3 (on CLI only) with this command ( I set SSL VPN to use only TLS 1.2 & 1.3 (on CLI only) with this command ( I
thought of recommending to leave just TLS 1.3, but Forticlient is currently having thought of recommending to leave just TLS 1.3, but Forticlient is currently having
problems with using it on Windows 10 & 11, so not for now): problems with using it on Windows 10 & 11, so not for now):
---- ----
config vpn ssl settings config vpn ssl settings
set ssl-min-proto-ver tls1-2 set ssl-min-proto-ver tls1-2
end end
---- ----
And make sure it worked: And make sure it worked:
---- ----
curl -v https://vpn.yurisk.com:13123 --tlsv1.1 -o /dev/null curl -v https://vpn.yurisk.com:13123 --tlsv1.1 -o /dev/null
* Connected to vpn.yurisk.com (52.58.153.81) port 13123 (#0) * Connected to vpn.yurisk.com (52.58.153.81) port 13123 (#0)
* ALPN, offering h2 * ALPN, offering h2
* ALPN, offering http/1.1 * ALPN, offering http/1.1
* successfully set certificate verify locations: * successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt * CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs CApath: /etc/ssl/certs
} [5 bytes data] } [5 bytes data]
* TLSv1.1 (OUT), TLS handshake, Client hello (1): * TLSv1.1 (OUT), TLS handshake, Client hello (1):
} [140 bytes data] } [140 bytes data]
* TLSv1.1 (IN), TLS alert, Server hello (2): * TLSv1.1 (IN), TLS alert, Server hello (2):
{ [2 bytes data] { [2 bytes data]
* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version * error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
* stopped the pause stream! * stopped the pause stream!
* Closing connection 0 * Closing connection 0
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol
version version
---- ----
NOTE: This will prevent older browsers/Forticlients from connecting, but we talk NOTE: This will prevent older browsers/Forticlients from connecting, but we talk
about _very_ old versions, like Internet Explorer 11, or Chrome version 50 about _very_ old versions, like Internet Explorer 11, or Chrome version 50
(current one is 110). So it should not be a problem. (current one is 110). So it should not be a problem.
== Consider switching from VPN SSL to VPN IPSec for clients == Consider switching from VPN SSL to VPN IPSec for clients
A bit drastic, but in all those years of VPN SSL vulnerabilities happening, I A bit drastic, but in all those years of VPN SSL vulnerabilities happening, I
remember of no single critical CVE for the IPSec daemon in Fortigate. Yes, it is more remember of no single critical CVE for the IPSec daemon in Fortigate. Yes, it is more
involved in configuring it, but it may well be worth the effort. You use on the involved in configuring it, but it may well be worth the effort. You use on the
client side the same Forticlient. client side the same Forticlient.
== Consider moving VPN SSL into its own VDOM == Consider moving VPN SSL into its own VDOM
This is a measure against the worst case scenario - remotely executable 0-day This is a measure against the worst case scenario - remotely executable 0-day
happens in the SSL VPN daemon, and attackers break into your Fortigate. In this happens in the SSL VPN daemon, and attackers break into your Fortigate. In this
scenario the attackers will most probably create their own admin users for scenario the attackers will most probably create their own admin users for
persistence, set up VPN for remote access with rules permitting _Any_ to the persistence, set up VPN for remote access with rules permitting _Any_ to the
internal LAN, and if not trying to hide - will delete/remove your admin user to internal LAN, and if not trying to hide - will delete/remove your admin user to
block you access to the Fortigate. If this happens with the Fortigate that all block you access to the Fortigate. If this happens with the Fortigate that all
your DMZ/LAN/Storage/Backup networks are connected to, the game is over. But if your DMZ/LAN/Storage/Backup networks are connected to, the game is over. But if
the same happens to the Internet-facing VDOM that has only SSL VPN configs and the same happens to the Internet-facing VDOM that has only SSL VPN configs and
rules, well, maximum they will have access to is anything you explicitly allowed rules, well, maximum they will have access to is anything you explicitly allowed
in rules between VDOMs. And if you implemented specific rules to allow specific in rules between VDOMs. And if you implemented specific rules to allow specific
protocols to specific hosts, that would be not much of a gain to the attackers. protocols to specific hosts, that would be not much of a gain to the attackers.
And all Fortigate models except the smallest ones, have hardware acceleration on And all Fortigate models except the smallest ones, have hardware acceleration on
their inter-VDOM links, so perfomance-wise you lose nothing as well. their inter-VDOM links, so perfomance-wise you lose nothing as well.
And price-wise, every Fortigate (even the smallest 40F) includes 10 VDOMs for free. And price-wise, every Fortigate (even the smallest 40F) includes 10 VDOMs for free.
== Additional Resources to follow == Additional Resources to follow
* https://www.fortiguard.com/psirt Fortinet announcements on new vulnerabilities. * https://www.fortiguard.com/psirt Fortinet announcements on new vulnerabilities.
* https://yurisk.info/category/fortigate.html My blog's Fortigate category, has RSS feed * https://yurisk.info/category/fortigate.html My blog's Fortigate category, has RSS feed
* https://t.me/fortichat Fortinet-related Telegram group with experts (Russian language) * https://t.me/fortichat Fortinet-related Telegram group with experts (Russian language)
* https://community.fortinet.com/ Fortinet Community Forum, a lot of Fortinet TAC folks hang out there. * https://community.fortinet.com/ Fortinet Community Forum, a lot of Fortinet TAC folks hang out there.
* https://www.reddit.com/r/fortinet/ Well, Reddit is Reddit. * https://www.reddit.com/r/fortinet/ Well, Reddit is Reddit.

106
cheat-sheets/git-and-github-cheat-sheet.adoc
View File

@@ -1,53 +1,53 @@
= Git and github.com cheat sheet = Git and github.com cheat sheet
:author: Yuri Slobodyanyuk :author: Yuri Slobodyanyuk
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"] [cols=2,options="header"]
|=== |===
|command |command
|Description |Description
|*git clone <URL of the remote repository> [local repo name]* |*git clone <URL of the remote repository> [local repo name]*
| Clone remote repository, optionally renaming the local copy of it. | Clone remote repository, optionally renaming the local copy of it.
|*git config --system <params>* |*git config --system <params>*
|Set configuration parameters for all users at the local host, requires root permissions, saves <params> in the `/etc/gitconfig`. Some params (when setting on the terminal, separate paramater value from name with whitespace): |Set configuration parameters for all users at the local host, requires root permissions, saves <params> in the `/etc/gitconfig`. Some params (when setting on the terminal, separate paramater value from name with whitespace):
- `core.editor` Editor to use to enter comments when committing. E.g. `git config --system core.editor vim`. - `core.editor` Editor to use to enter comments when committing. E.g. `git config --system core.editor vim`.
- `diff.tool` Diff tool to use, e.g. `vimdiff`,`vimdiff2`,`xxdiff`,`gvimdiff` - `diff.tool` Diff tool to use, e.g. `vimdiff`,`vimdiff2`,`xxdiff`,`gvimdiff`
- `user.email` Email to be incldued in each commit. - `user.email` Email to be incldued in each commit.
- `user.name` Full name to be included in each commit. - `user.name` Full name to be included in each commit.
|*git config --global <params>* |*git config --global <params>*
|Set <params> for ALL repositories of a user on the local host, saves <params> in the `~/.gitconfig` or `~/.config/git/config`. |Set <params> for ALL repositories of a user on the local host, saves <params> in the `~/.gitconfig` or `~/.config/git/config`.
|*git config --local <params>* |*git config --local <params>*
|(default) Set <params> for a specific repository only, should be run when inside this repository, saves <params> in the `.git/config` inside the repository. |(default) Set <params> for a specific repository only, should be run when inside this repository, saves <params> in the `.git/config` inside the repository.
|*git config --list --show-origin* |*git config --list --show-origin*
|View all the settings with their origins. |View all the settings with their origins.
|*Contribute to a project (pull request/PR) on Github.com* |*Contribute to a project (pull request/PR) on Github.com*
a| Steps to contribute to some project on the github: a| Steps to contribute to some project on the github:
. Fork the project you want to contribute to. . Fork the project you want to contribute to.
. Clone the fork to your local system. . Clone the fork to your local system.
. Make a new custom (non-master) branch inside it. . Make a new custom (non-master) branch inside it.
. Make your changes. . Make your changes.
. Push this branch to your Github account. . Push this branch to your Github account.
. Open a Pull Request on the Github.com for the project owner to review & merge. . Open a Pull Request on the Github.com for the project owner to review & merge.
|=== |===

278
cheat-sheets/gnu-screen-cheat-sheet.adoc
View File

@@ -1,139 +1,139 @@
= GNU screen terminal commands cheat sheet = GNU screen terminal commands cheat sheet
:author: Yuri Slobodyanyuk :author: Yuri Slobodyanyuk
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
NOTE: `C-a` below stands for `Ctrl + a` keyboard sequence. NOTE: `C-a` below stands for `Ctrl + a` keyboard sequence.
[cols=2,options="header"] [cols=2,options="header"]
|=== |===
|Command |Command
|Description |Description
|*~/.screenrc* & */etc/screenrc* |*~/.screenrc* & */etc/screenrc*
| Commands that the `screen` runs on start up. | Commands that the `screen` runs on start up.
|*screen -ls* |*screen -ls*
|List active screen sessions |List active screen sessions
|*screen -Q windows* |*screen -Q windows*
|List windows' names inside screen session |List windows' names inside screen session
|*screen -S <session name>* |*screen -S <session name>*
|Create a new screen session with the name <session name> |Create a new screen session with the name <session name>
|*screen -x* |*screen -x*
*screen -r <session name>* *screen -r <session name>*
|Attach to the running session, also by its name |Attach to the running session, also by its name
|*screen -dRR* |*screen -dRR*
|Attach to the screen session, detach on other display if attached. If no session exists, will create a new one. |Attach to the screen session, detach on other display if attached. If no session exists, will create a new one.
|*C-a d* |*C-a d*
| Detach from the session, session keeps running. Here, and further *C* means Ctrl. | Detach from the session, session keeps running. Here, and further *C* means Ctrl.
|*C-a c* |*C-a c*
|Create new window in the session. |Create new window in the session.
|*C-a C-a* |*C-a C-a*
|Switch to the previous window. |Switch to the previous window.
|*C-a "* |*C-a "*
|List all windows with option to navigate and enter any of them. |List all windows with option to navigate and enter any of them.
|*C-w* |*C-w*
|Show a list of active windows with their numbers. |Show a list of active windows with their numbers.
|*C-a <number>* |*C-a <number>*
|Switch to the window number _number_. |Switch to the window number _number_.
|*C-a '* |*C-a '*
|Switch to the window by its name. |Switch to the window by its name.
|*C-a n* |*C-a n*
|Switch to the next window. |Switch to the next window.
|*C-a p* |*C-a p*
|Switch to the previous window. |Switch to the previous window.
|*exit* |*exit*
|Exit and close current window. If it was the last window in a session, exits `screen` terminating the session. |Exit and close current window. If it was the last window in a session, exits `screen` terminating the session.
|*C-a k* |*C-a k*
|Kill the current window forcefully (not recommended). |Kill the current window forcefully (not recommended).
|*C-a : quit* |*C-a : quit*
| Quit screen session completely terminating it. Alternatively - exit all screen windows. | Quit screen session completely terminating it. Alternatively - exit all screen windows.
|*C-a A* |*C-a A*
|Rename current window. |Rename current window.
|*C-a S* |*C-a S*
|Split windows display horizontally. Use *C-a c* to create a new window inside the new split or *C-X* to close this part of split. |Split windows display horizontally. Use *C-a c* to create a new window inside the new split or *C-X* to close this part of split.
|*C-a \|* |*C-a \|*
|Split windows display vertically. Available starting screen 4.01, i.e. not available on Mac 2020 which still uses screen 4.00. |Split windows display vertically. Available starting screen 4.01, i.e. not available on Mac 2020 which still uses screen 4.00.
|*C-a tab* |*C-a tab*
|Jump to the next region in a split window display. |Jump to the next region in a split window display.
|*C-a Q* |*C-a Q*
| Unsplit the window, leaving the current window active. | Unsplit the window, leaving the current window active.
|*C-a [* or *C-a <esc>* |*C-a [* or *C-a <esc>*
|Enter buffer navigation mode to scroll output buffer, copy, edit and paste later. Navigation commands as per `vim` if Vim is set as editor.*<esc>* to leave the buffer mode. |Enter buffer navigation mode to scroll output buffer, copy, edit and paste later. Navigation commands as per `vim` if Vim is set as editor.*<esc>* to leave the buffer mode.
|*<space>* |*<space>*
|Start/stop selection while in the buffer mode to select the text. Press `<space>` or `<Enter>` to copy the selected text. E.g. to select/copy the whole buffer: `C-a [ gg <space> G <space> <esc>` |Start/stop selection while in the buffer mode to select the text. Press `<space>` or `<Enter>` to copy the selected text. E.g. to select/copy the whole buffer: `C-a [ gg <space> G <space> <esc>`
|*C-a ]* |*C-a ]*
|Paste the selected text at the cursor of the terminal, or create a new window and say start Vim there and paste into it while in Insert mode. |Paste the selected text at the cursor of the terminal, or create a new window and say start Vim there and paste into it while in Insert mode.
|*C-a h* |*C-a h*
|Dump the contents of the currently visible terminal to `hardcopy.<n>` file, where _n_ is auto-incrementing number of your window. |Dump the contents of the currently visible terminal to `hardcopy.<n>` file, where _n_ is auto-incrementing number of your window.
|*C-a H* |*C-a H*
|Start/end logging all output of the curent window into a file `screenlog.N` where `N` is the window number. The data is appended, not overwritten if the file exists. Output printed before that is not logged. |Start/end logging all output of the curent window into a file `screenlog.N` where `N` is the window number. The data is appended, not overwritten if the file exists. Output printed before that is not logged.
|*C-a a* |*C-a a*
| Send `Ctrl-a` sequence to the shell in the window, useful to jump to the beginning of the line. | Send `Ctrl-a` sequence to the shell in the window, useful to jump to the beginning of the line.
|*C-a M* |*C-a M*
|Monitor window for activity. When enabled, will notify you of any acitvity while you work in other window. |Monitor window for activity. When enabled, will notify you of any acitvity while you work in other window.
|*C-a _* |*C-a _*
| Monitor window for 30 seconds of silence, will notify you in any other window as `Window 0: silence for 30 seconds` | Monitor window for 30 seconds of silence, will notify you in any other window as `Window 0: silence for 30 seconds`
|*C-a ?* |*C-a ?*
|Show all key bindings help. |Show all key bindings help.
|*Save session state* |*Save session state*
|This is not possible. If you use the same layout each session, you can put start up commands to re-create it in `.screenrc` file in your home directory, but still - you cannot save the current session state, i.e. contents of the windows and their layout. |This is not possible. If you use the same layout each session, you can put start up commands to re-create it in `.screenrc` file in your home directory, but still - you cannot save the current session state, i.e. contents of the windows and their layout.
2+|*Sharing session (e.g. for pair programming/tutoring)* 2+|*Sharing session (e.g. for pair programming/tutoring)*
a|Original session (say _user1_): a|Original session (say _user1_):
. Set suid root bit on `screen` binary: `sudo chmod +s /usr/bin/screen` . Set suid root bit on `screen` binary: `sudo chmod +s /usr/bin/screen`
. Inside session you want to share: `C-a :` then `multiuser on` to enable sharing session. . Inside session you want to share: `C-a :` then `multiuser on` to enable sharing session.
. Add usernames to share the session with: `C-a :` `acladd <username>` . Add usernames to share the session with: `C-a :` `acladd <username>`
Connecting user (say _user2_): Connecting user (say _user2_):
. Run in shell: `screen -x <sharing username>/`, in our example `screen -x user1/` . Run in shell: `screen -x <sharing username>/`, in our example `screen -x user1/`
|Sets up sharing the session. Another user connecting to the session views real-time its output, can enter and run commands himself. Also see *aclchg*, *acldel*, *aclgrp* for controlling what the connecting user can and cannot do. E.g. to remove _write_ permissions from all users on all windows: `:aclchg * -w #` |Sets up sharing the session. Another user connecting to the session views real-time its output, can enter and run commands himself. Also see *aclchg*, *acldel*, *aclgrp* for controlling what the connecting user can and cannot do. E.g. to remove _write_ permissions from all users on all windows: `:aclchg * -w #`
|*C-a ** |*C-a **
| See who is connected to your shared screen session. | See who is connected to your shared screen session.
|=== |===
Follow me on https://linkedin.com/in/yurislobodyanyuk/ for updates. Follow me on https://linkedin.com/in/yurislobodyanyuk/ for updates.

130
cheat-sheets/links-text-browser-cheat-sheet.adoc
View File

@@ -1,65 +1,65 @@
= Links Text and Graphical Browser Cheat Sheet = Links Text and Graphical Browser Cheat Sheet
:homepage: https://github.com/yuriskinfo/cheat-sheets :homepage: https://github.com/yuriskinfo/cheat-sheets
:toc: :toc:
NOTE: All the below relates to the Text Mode browsing. The keyboard shortcuts NOTE: All the below relates to the Text Mode browsing. The keyboard shortcuts
work in GUI Mode as well, but no mention of it is attempted. The keyboard work in GUI Mode as well, but no mention of it is attempted. The keyboard
shortcuts work when the Main Menu is not visible. shortcuts work when the Main Menu is not visible.
== Keyboard Shortcuts and Menus == Keyboard Shortcuts and Menus
[cols=2, options="header"] [cols=2, options="header"]
|=== |===
|Command |Command
|Description |Description
|*g* |*g*
|Brings up dialog window to enter URL to jump to. The default protocol is HTTP, |Brings up dialog window to enter URL to jump to. The default protocol is HTTP,
specify explicitly any other one, e.g. `ftp://ftp.hp.com`. specify explicitly any other one, e.g. `ftp://ftp.hp.com`.
|*ESC* |*ESC*
|Show Main menu, press again to hide. The Main menu contains submenus with |Show Main menu, press again to hide. The Main menu contains submenus with
access to all the browser functionality: _File_, _View_, _Download_, _Setup_, etc. access to all the browser functionality: _File_, _View_, _Download_, _Setup_, etc.
|*<-*, *z* |*<-*, *z*
| Go back to the previous page. | Go back to the previous page.
|*->*, *x* |*->*, *x*
|Go forward one page. |Go forward one page.
|*q* |*q*
|Quit browser with confirmation. Use *Q* to quit immediately. |Quit browser with confirmation. Use *Q* to quit immediately.
|*l*, *CTRL + N* |*l*, *CTRL + N*
|Scroll page down. |Scroll page down.
|*p*, *CTRL + P* |*p*, *CTRL + P*
|Scroll page up. |Scroll page up.
|*CTRL + R* |*CTRL + R*
|Refresh/reload the current page. |Refresh/reload the current page.
|*/* |*/*
|Search forward for text on the current page starting at the top and finishing at the |Search forward for text on the current page starting at the top and finishing at the
bottom of the page. The searched text will be background-highlighted. The search bottom of the page. The searched text will be background-highlighted. The search
is case insensitive. is case insensitive.
|*?* |*?*
|Search text backward - from the bottom to the top. |Search text backward - from the bottom to the top.
|*s* |*s*
|Show Bookmarks dialog menu with options to Add, Delete, Create Folder, Edit, |Show Bookmarks dialog menu with options to Add, Delete, Create Folder, Edit,
and Move bookmarks. and Move bookmarks.
|=== |===
== References == References
* http://links.twibright.com[Browser Homepage - http://links.twibright.com] * http://links.twibright.com[Browser Homepage - http://links.twibright.com]

444
cheat-sheets/macos-mdfind-examples-cheat-sheet.adoc
View File

@@ -1,222 +1,222 @@
= macOS `mdfind` examples cheat sheet = macOS `mdfind` examples cheat sheet
:source-highlighter: rouge :source-highlighter: rouge
:date: 2023-03-28 09:55:25+00:00 :date: 2023-03-28 09:55:25+00:00
:slug: mdfind-macos-examples-cheat-sheet :slug: mdfind-macos-examples-cheat-sheet
:category: macOS :category: macOS
:tags: macOS, Apple :tags: macOS, Apple
:toc: :toc:
== Introduction == Introduction
`mdfind` is a command-line interface to the SpotLight search tool on every `mdfind` is a command-line interface to the SpotLight search tool on every
Apple macOS system. Being a CLI tool, it saves time when searching for stuff in Apple macOS system. Being a CLI tool, it saves time when searching for stuff in
your Mac. Unfortunately, there is a lot of documentation on the topic which is your Mac. Unfortunately, there is a lot of documentation on the topic which is
out of date - the examples either do not work or give an error. Otherwise, the out of date - the examples either do not work or give an error. Otherwise, the
tool is not well-documented. Below are few examples for every day usage, tested tool is not well-documented. Below are few examples for every day usage, tested
on the newest versions - Catalina, Big Sur, Monterrey, Ventura. on the newest versions - Catalina, Big Sur, Monterrey, Ventura.
== Find files with a given word in it == Find files with a given word in it
Just give the `mdfind` a word to search for, and it will find it in Just give the `mdfind` a word to search for, and it will find it in
file/media/applications file/media/applications
names, as well as in their contents. names, as well as in their contents.
---- ----
mdfind mysearchword mdfind mysearchword
---- ----
== Search for a word in file names only, not their contents == Search for a word in file names only, not their contents
Add `-name` qualifier before the search word. Add `-name` qualifier before the search word.
---- ----
mdfind -name October mdfind -name October
---- ----
Will find files named: _OctoberFest.pdf_, _inoctober.txt_, _Red October.mp4_ Will find files named: _OctoberFest.pdf_, _inoctober.txt_, _Red October.mp4_
== Find a file with multiple keywords in its name == Find a file with multiple keywords in its name
We can specify more than 1 word to look for in the file/app name - the `mdfind` We can specify more than 1 word to look for in the file/app name - the `mdfind`
uses logical AND by default for multiple keywords. uses logical AND by default for multiple keywords.
---- ----
mdfind -name red october mdfind -name red october
---- ----
Will find: _Red October.mp4_, _red octoberfest.jpg_, but NOT _red.pdf_ or Will find: _Red October.mp4_, _red octoberfest.jpg_, but NOT _red.pdf_ or
_October.mp4_. _October.mp4_.
== Limit search to specific file format(s) == Limit search to specific file format(s)
You can use ``kind:``__file-format__ to additionally limit results to this file You can use ``kind:``__file-format__ to additionally limit results to this file
format. Be aware that _kind_ is not always the file extension though. I list the format. Be aware that _kind_ is not always the file extension though. I list the
most popular file formats below. most popular file formats below.
Find file with the _red_ in its name, but only in _mp4_, _.mov_ etc. files: Find file with the _red_ in its name, but only in _mp4_, _.mov_ etc. files:
---- ----
mdfind -name red kind:movie mdfind -name red kind:movie
---- ----
|=== |===
|*File format* |*kind term* |*File format* |*kind term* |*File format* |*kind term* |*File format* |*kind term*
|jpeg/jpg, png, gif, tiff |jpeg/jpg, png, gif, tiff
|image |image
|Application |Application
|app |app
|mp3, ogg |mp3, ogg
|music |music
|mp4, mov, mpeg |mp4, mov, mpeg
|movie |movie
|Bookmarks |Bookmarks
|bookmark |bookmark
|Email messages |Email messages
|email |email
|Folders |Folders
|folder |folder
|MS Word docs (docx, dot) |MS Word docs (docx, dot)
|word |word
|=== |===
The other way to look for file extensions is with the _kMDItemFSName_ metadata The other way to look for file extensions is with the _kMDItemFSName_ metadata
value and listing the desired extension after the asterisk. value and listing the desired extension after the asterisk.
---- ----
mdfind "kMDItemFSName == '*.pdf'" mdfind "kMDItemFSName == '*.pdf'"
---- ----
But if you want to look for a specific file name as well, you will have to pipe the But if you want to look for a specific file name as well, you will have to pipe the
command above to _grep_ or alike. command above to _grep_ or alike.
== Look up folder names == Look up folder names
Using (see table above) `kind:folder` we can search in folder names only. Using (see table above) `kind:folder` we can search in folder names only.
Find all folders with the name _document_ in them: Find all folders with the name _document_ in them:
`mdfind -name documents kind:folder` `mdfind -name documents kind:folder`
== Search for an exact match == Search for an exact match
We can do it in 2 ways. We can do it in 2 ways.
First, wrapping search terms in double and then single quotes: First, wrapping search terms in double and then single quotes:
---- ----
mdfind -name '"red carpet"' mdfind -name '"red carpet"'
---- ----
This will match _red carpet.txt_, but not _red 2 carpet.txt_. This will match _red carpet.txt_, but not _red 2 carpet.txt_.
The other way to look for an exact match is with the `-literal` qualifier, which prohibits any other qualifier though. The other way to look for an exact match is with the `-literal` qualifier, which prohibits any other qualifier though.
Find everything having _Hat, Red_ in the name: Find everything having _Hat, Red_ in the name:
`mdfind -literal "kMDItemDisplayName == 'Hat, Red'"` `mdfind -literal "kMDItemDisplayName == 'Hat, Red'"`
Here, *kMDItemDisplayName* is a metadata field holding the item name for files/folders/etc. Any additional options will be ignored. Here, *kMDItemDisplayName* is a metadata field holding the item name for files/folders/etc. Any additional options will be ignored.
== Search in specific folder(s) only == Search in specific folder(s) only
We can use *-onlyin* option to limit the search: We can use *-onlyin* option to limit the search:
`mdfind -name red.txt -onlyin ~/Documents` `mdfind -name red.txt -onlyin ~/Documents`
This will only search in the folder _Documents_ and its subfoldes. This will only search in the folder _Documents_ and its subfoldes.
== Search by created, modified dates == Search by created, modified dates
IMPORTANT: The date format is your current locale. So, I put dates in the IMPORTANT: The date format is your current locale. So, I put dates in the
_19/1/2023_ format, but if your Mac is set to use _1/19/2023_, do so. _19/1/2023_ format, but if your Mac is set to use _1/19/2023_, do so.
Find file named _red_ and created on 19th of January 2023: Find file named _red_ and created on 19th of January 2023:
`mdfind -name red AND created:19/1/2023` `mdfind -name red AND created:19/1/2023`
NOTE: The _AND_ is not explicitly needed here, but I put it for reminder yet. NOTE: The _AND_ is not explicitly needed here, but I put it for reminder yet.
Find file named _red_ modified on 19th of January 2023: Find file named _red_ modified on 19th of January 2023:
`mdfind -name red AND modified:19/1/2023` `mdfind -name red AND modified:19/1/2023`
The date-related searches also understand ranges. The date-related searches also understand ranges.
Find files with _red_ in their name modified in the period from the 1st of January Find files with _red_ in their name modified in the period from the 1st of January
2023, and up to (including) 19th of January 2023: 2023, and up to (including) 19th of January 2023:
`mdfind -name red modified:01/01/2023-19/1/2023` `mdfind -name red modified:01/01/2023-19/1/2023`
Same, but _created_ in that period: Same, but _created_ in that period:
`mdfind -name red created:01/01/2023-19/1/2023` `mdfind -name red created:01/01/2023-19/1/2023`
== Find file by their size == Find file by their size
We can specify file size as additional search term. We can specify file size as additional search term.
This will find files with the _red_ in their names AND of size 0 bytes. This will find files with the _red_ in their names AND of size 0 bytes.
`mdfind name:red AND size:0` `mdfind name:red AND size:0`
`mdfind name:red AND NOT size:0` will find files named _red_ that are NOT 0 `mdfind name:red AND NOT size:0` will find files named _red_ that are NOT 0
bytes in size. bytes in size.
We can provide ranges for sizes as well. To find files named _red_ of size We can provide ranges for sizes as well. To find files named _red_ of size
between 10 and 25 bytes: between 10 and 25 bytes:
`mdfind -interpret name:red AND size:\<25 AND size:\>10` `mdfind -interpret name:red AND size:\<25 AND size:\>10`
NOTE: The '\' escapes '<' and '>' from the shell interpretation. NOTE: The '\' escapes '<' and '>' from the shell interpretation.
== Disable Spotlight/mdfind indexing for a specific volume == Disable Spotlight/mdfind indexing for a specific volume
* Spotlight (and thus mdfind) stores its index for each hard drive in a hidden * Spotlight (and thus mdfind) stores its index for each hard drive in a hidden
directory named `.Spotlight-V100` located at the root of each disk. You can list this directory contents with directory named `.Spotlight-V100` located at the root of each disk. You can list this directory contents with
sudo mdutil -L _path-to-the-disk_* , e.g. sudo mdutil -L _path-to-the-disk_* , e.g.
---- ----
sudo mdutil -L /Volumes/exFAT1Tb sudo mdutil -L /Volumes/exFAT1Tb
/Volumes/exFAT1Tb/.Spotlight-V100: /Volumes/exFAT1Tb/.Spotlight-V100:
drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 Store-V2 drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 Store-V2
-rwxrwxrwx 1 99 99 4246 Jun 13 2022 11:09 -rwxrwxrwx 1 99 99 4246 Jun 13 2022 11:09
VolumeConfiguration.plist VolumeConfiguration.plist
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2:
drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 B332121F-C8CA-4FF1-924A-67FC321C3FFCC/ drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 B332121F-C8CA-4FF1-924A-67FC321C3FFCC/
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_post: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_post:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_pre: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_pre:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.corespotlight: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.corespotlight:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.health_check: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.health_check:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_priority: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_priority:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_system: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_system:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_user: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_user:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration_secondchance: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration_secondchance:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.repair: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.repair:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.scan: /Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.scan:
---- ----
* For space savings or privacy concerns, you can turn off indexing of a given volume by running * For space savings or privacy concerns, you can turn off indexing of a given volume by running
*sudo mdutil -i off /Volumes/__volume-name__*, and even *sudo mdutil -i off /Volumes/__volume-name__*, and even
erase the existing index with *sudo mdutil -E /Volumes/__volume-name__*. erase the existing index with *sudo mdutil -E /Volumes/__volume-name__*.
== Resources == Resources
* For additional cheat sheets, see Github: https://github.com/yuriskinfo/cheat-sheets * For additional cheat sheets, see Github: https://github.com/yuriskinfo/cheat-sheets
_Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I _Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I
publish on Linkedin, Github, blog, and more._ publish on Linkedin, Github, blog, and more._

72
cheat-sheets/ncftp-commands-reference-by-example-cookbook.adoc
View File

@@ -1,36 +1,36 @@
= ncftp Ftp Client Commands example cookbook = ncftp Ftp Client Commands example cookbook
:source-highlighter: rouge :source-highlighter: rouge
:date: 2022-02-09 07:55:25+00:00 :date: 2022-02-09 07:55:25+00:00
:toc: auto :toc: auto
== Connect to remote FTP server specifying username and password on the command line == Connect to remote FTP server specifying username and password on the command line
WARNING: This means that username/password can be seen by other users logged in on the machine (if any) WARNING: This means that username/password can be seen by other users logged in on the machine (if any)
[source,bash] [source,bash]
---- ----
ncftp -u ftpuser -p qwe123 ftp.slackware.com ncftp -u ftpuser -p qwe123 ftp.slackware.com
---- ----
.Here: .Here:
* -u _user_: specify username on the FTP server * -u _user_: specify username on the FTP server
* -p _password_: specify password of FTP user * -p _password_: specify password of FTP user
* ftp.slackware.com: FTP server domain name or IP address to connect to. * ftp.slackware.com: FTP server domain name or IP address to connect to.
After connecting we can issue FTP client commands on the prompt. After connecting we can issue FTP client commands on the prompt.
== Upload a file renaming it at the destination == Upload a file renaming it at the destination
`ncftp` will not upload a file if a file with the same name exists in the destination server. To still upload such file, we can rename it using `-z` option. `ncftp` will not upload a file if a file with the same name exists in the destination server. To still upload such file, we can rename it using `-z` option.
Upload file named _manifesto-1.pdf_ to the FTP server renaming it to _manifesto-2.pdf_ Upload file named _manifesto-1.pdf_ to the FTP server renaming it to _manifesto-2.pdf_
[source,bash] [source,bash]
---- ----
ncftp / > put -z manifesto-1.pdf manifesto-2.pdf ncftp / > put -z manifesto-1.pdf manifesto-2.pdf
manifesto-1.pdf: 11.40 kB 2.49 MB/s manifesto-1.pdf: 11.40 kB 2.49 MB/s
---- ----