Admins eHow SysAdmin Tips & Tricks

December 2, 2022

Redirect all DNS requests to local caching DNS server

Filed under: dns,linux — Tags: , , , , — admin @ 2:44 am

For caching DNS Server, I use PowerDNS recursor server. Install it first :

apt install pdns-recursor

By default it listens on 127.0.0.1:53 and should work right after the installation, but for faster performance I want it to forward all queries to 8.8.8.8 which is Google’s public DNS server. so change /etc/powerdns/recursor.conf and add the following line :

forward-zones-recurse= .=8.8.8.8;

Restart the service after config change :

systemctl restart pdns-recursor.service

Now you can test it :

dig yahoo.com @127.0.0.1

You should get a valid response.
Now lets redirect all DNS queries to our local server :

iptables -t nat -I OUTPUT -m owner --uid-owner pdns -j RETURN
iptables -t nat -I POSTROUTING -m owner --uid-owner pdns -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53
iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source 127.0.0.1

The first two iptables rules prevent a loop in redirecting pdns queries to outside world (8.8.8.8 in our case).
Done. Easy 😉

January 11, 2022

Log the memory usage of a process in Linux

Filed under: linux — Tags: , , , — admin @ 10:27 pm

Create log_memory_usage.py with following contents :

#! /usr/bin/python3

import json, psutil, datetime, sys, time

f = open('memory_usage_'+sys.argv[1]+'.log', 'a')

while True:
  txt=json.dumps((datetime.datetime.now().isoformat(),psutil.Process(int(sys.argv[1])).memory_info()._asdict()))+"\n"
  f.write(txt)
  f.flush()
  time.sleep(60)

Make it executable :

chmod +x log_memory_usage.py

Usage :

./log_memory_usage.py PID

By default it logs the memory usage info every 60 seconds in a file named memory_usage_PID.log in the same folder, if you want, you can change time.sleep(60) in the code to suit your needs.

January 9, 2022

Linux DNS dig utility for Windows x64 (update)

Filed under: dns,Windows — Tags: , , — admin @ 12:10 am

This installer installs the dig utility in Windows directory by default.
Download installer : Dig-x64-9.16.24-setup.exe

December 12, 2021

A Free & Great Window Manager For Windows

Filed under: Windows — Tags: , , , — admin @ 12:50 am

Managing windows on an ultra wide monitor can be tedious task, an ultra wide full screen window is odious and useless, that’s why I have been using divvy from mizage to compartment my desktop for several years now, but yesterday I checked my windows startup list and saw that divvy has a “High” startup impact and I thought it is an easy program so lets rewrite it for fun, so I started to write it in C# and actually it was 80% done and I just needed the coordinates and the size of my preconfigured windows in divvy, so I went on a search spree to find a program to get the info that I need easily I found out something much better! an unknown free divvy alternative called Sizer from brianapps.net. So I abandoned my program and started using Sizer.
Unfortunately the domain brianapps.net is expired right now and I managed to get the app from another source, but in order to keep this useful tool online and accessible, I wrote this post and will upload the latest file here, just in case 😉

sizer4_dev640

April 8, 2021

Resolving openconnect connection issues

Filed under: linux — Tags: , , , , — admin @ 4:43 am

Recently I have switched from OpenVPN to OpenConnect as my main VPN solution as somehow my ISP has blocked access to OpenVPN.
The first issue which I encountered was very familiar, connection hangs and a debug message like this “Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE)”, It was obvious to me that it has something to do with MTU settings so after some digging into docs I simply added the “–base-mtu 1450” argument to OpenConnect client and it resolved the first issue.
But the second issue was something much more baffling, some websites would work perfectly and some would hang in middle of loading or simply refuse to connect at all, after some more digging into forums, I found out the solution.

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

More info :
https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
https://www.linuxtopia.org/Linux_Firewall_iptables/x4700.html

March 8, 2021

How to resolve openconnect “Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE)” error

Filed under: General — admin @ 11:37 am

This issue can occur when you are running the openconnect in dtls mode which is by default and it can halt the connection completely. It is related to MTU size of the connection and size of the packets. in order to fix it, you should decrease the MTU of the connection until this error goes away. Just add the following option to openconnect config file or command line (of course the config file doesnt need two dashes) :

--base-mtu=1450

if you still get the error message, keep decreasing the 1450 value by 50 points until this error goes away.

November 8, 2019

How to block a cPanel user from sending spam/email

Filed under: cPanel — Tags: , , , , , — admin @ 10:43 am

Run the following commands as root on cPanel server.

Block :

whmapi1 suspend_outgoing_email user=USERNAME

Unblock :

whmapi1 unsuspend_outgoing_email user=USERNAME

October 23, 2019

How to limit the number of incoming connections to a specific port

Filed under: linux,Security — Tags: , , , , — admin @ 11:47 pm

Replace [PORT] & [CON_NUM] with respected values.

iptables -I INPUT -p tcp --syn --dport [PORT] -m connlimit --connlimit-above [CON_NUM] --connlimit-mask 0 -j REJECT --reject-with tcp-reset

October 22, 2019

How to add rc.local in Debian 9 & 10

Filed under: Debian,linux — Tags: , , — admin @ 10:59 am

Debian has removed rc.local from its recent releases.
I have created a simple script which adds rc.local back to the system.
You need to run the following command as root:

bash <(curl -s https://www.adminsehow.com/wp-content/uploads/2019/10/rc-local.txt)

or if you are skeptical to run a script from internet, you can create rc-local.txt yourself and run it.
rc-local.txt :

#!/bin/bash

echo '[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/rc-local.service


echo '#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0' > /etc/rc.local

chmod +x /etc/rc.local
systemctl enable rc-local

April 6, 2019

Generate new openvpn client from an existing CA

Filed under: General — admin @ 5:41 pm
openssl genrsa -out client.key 4096
openssl req -sha256 -out client.csr -key client.key -new -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=client"
openssl x509 -sha256 -req -days 365 -CA ca.crt -CAkey ca.key -in client.csr -set_serial 01 -out client.crt
Older Posts »

Powered by WordPress