Hálózati okosságok

Rsync

To create a new directory at the destination and back up your files there, add a trailing slash (/) at the end of the destination path. If you add the trailing slash to the source, then the source directory will not be created at the destination. Rsync only transfers its content in that case. Kulcs használat:

rsync e "ssh -i $HOME/.ssh/somekey"

Firewalld

Port tesztelés BASH-sel

/dev/tcp/host/port: (If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a TCP connection to the corresponding socket.)

/dev/udp/host/port: (If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a UDP connection to the corresponding socket.)

So you could use something like this:

xenon-lornix:~> cat < /dev/tcp/127.0.0.1/22
SSH-2.0-OpenSSH_6.2p2 Debian-6
^C pressed here

Szkriptbe:

(echo > /dev/tcp/localhost/1500) >/dev/null 2>&1 && echo "It's up" || echo "It's down"
while [[ -n $((echo > /dev/tcp/$TCPS/$TCPP) 2>&1 > /dev/null) ]]; do echo varunk; sleep 10; done

NFS okosságok

Portcheck (link)

SSH okosságok

SSH-n másolás köztes állomáson át

tar cvf - file1 file2 | ssh KoztesHoszt "ssh -o \"StrictHostKeyChecking no\" CelHoszt \"cd CelMappa && tar -xvf -\""

Kicsit kultúráltabban:

~/.ssh/config:

Host jumphost1
  User username1
Host jumphost2
  User username2
  ProxyCommand ssh -W %h:%p jumphost1
Host jumphost3
  User username3
  ProxyCommand ssh -W %h:%p jumphost2
Host server
  User username4
  ProxyCommand ssh -W %h:%p jumphost3

Majd

ssh/scp server ...

Több parancs futtatása SSH-n

ssh user@server "$( cat <<'EOT'
echo "These commands will be run on: $( uname -a )"
EOT
)"

Vagy csak simán az escape problémákra megoldás:

ssh root@server ps uax \| grep ba[c] \| \'{ print \$2 }\' \> /tmp/back.tmp

or you could double quote the single quotes instead of escaping them (in both cases, you need to escape the dollar sign)

ssh root@server ps uax \| grep ba[c] \| "'{ print \$2 }'" \> /tmp/back.tmp

Jelszavas sudo parancs futtatása SSH-n

#!/bin/bash
read -a Pass -s -p "Jelszavad? : "
expect -c "
      set timeout 5
      spawn ssh -tt -n $server \"echo -e \\"$Pass\\r\\" | sudo -S <parancs>\"
      expect "Are you sure" { send "yes\r"} timeout {}
      expect "?assword:"
      send \"$Pass\r\"
      expect eof"

Az ssh parancs ne hajtsa végre a hibás RC kódú parancs utáni többi parancsot: set -e

SFTP leírások

[[https://serverfault.com/questions/639042/does-openssh-sftp-server-use-umask-or-preserve-client-side-permissions-after-put|File permissions]]
[[https://www.techrepublic.com/article/how-to-set-up-an-sftp-server-on-linux/|How to set up SFTP server on Linux]]

Egyéb okosságok

Network socket darabszám mérő

netstat -an | awk '/^tcp/ {A[$(NF)]++} END {for (I in A) {printf "%5d %s\n", A[I], I}}'

Hálózati áteresztőképesség mérés

iperf-fel, 25-ös porton, Mb-ban kiírva, 45 mp-ig, 2 mp-enként kiírva az aktuális rátát, 3 szálon (bővebb tutorial):

[node2]# iperf -p 25 -s (server)
[node1]# iperf -f m -p 25 -c node2 -t 45 -i 2 -P 3 (client)

SSH-val (UNIX/Linux):

[node1]# cat /dev/zero | ssh node2 "cat > /dev/null"

FTP-vel (Unix/Linux):

[node1]# ftp node2
ftp> bin
ftp> put "| dd if=/dev/zero bs=32k count=10000 " /dev/null

Hálózat felderítés

nmap -sP hoszt/hálózat

Port scanning

nmap -sT hoszt

Ethernet és FC portok lekérdezése

#!/bin/bash
SEARCH=${1-.}
VLAN_SNIFF_TIME=10
#ETH
echo "Port#Address#Speed#State#VLANs#Slaves" | awk -F'#' '{printf "%-25s | %-17s | %10s | %-10s | %-13s | %-15s\n",$1,$2,$3,$4,$5,$6}'
echo "# Ethernet:"
for ETH in $(ip addr | awk -F': ' '/</{print $2}' | egrep -v '(@|lo|^$)' | grep "$SEARCH" | sort -k1); do
        STATE=$(ethtool $ETH 2>/dev/null | awk -F': ' '/Link detected/{print $2}' | sed -e 's/yes/Link UP/' -e 's/no/Link DOWN/')
        SPEED=$(ethtool $ETH 2>/dev/null | awk -F': ' '/Speed/{print $2}' | sed 's/^[0-9]*/& /')
        MAC=$(ip addr | grep -A1 "[^@]$ETH:"  | grep -o '\([0-9abcdef]\{2\}:\)\{5\}[0-9abcdef]\{2\}' | awk '{print $1}' | grep -v 'ff:ff:ff:ff:ff:ff')
        VLANS=$(timeout ${VLAN_SNIFF_TIME} tcpdump -c 1000 -nni $ETH -e vlan 2>/dev/null | grep -o 'vlan [0-9]*' | sort | uniq | awk '/vlan/{print $2}' | tr '\n' ' ')
        SLAVES=""
        for BOND in `ls /proc/net/bonding/* 2>/dev/null`; do
            if [[ $(grep -c "Slave.*$ETH" $BOND) -gt 0 ]]; then
                MAC=$(grep -A5 "Slave.*$ETH" $BOND | tail -n1 | grep -oP '(?<=addr: ).*$')
            fi
        done
        if [[ $ETH =~ ^bond ]]; then
                SLAVES=$(awk '/^Slave Interface/{print $3}' /proc/net/bonding/$ETH | tr '\n' ' ')
        fi
        echo "$ETH#$MAC#$SPEED#$STATE#$VLANS#$SLAVES" | awk -F'#' '{printf "%-25s | %-17s | %10s | %-10s | %-13s | %-15s\n",$1,$2,$3,$4,$5,$6}'
done
#FC
echo "# Fiber Channel:"
for PORT in $(ls -d /sys/class/fc_host/host*); do
        STATE=$(cat $PORT/port_state)
        SPEED=$(cat $PORT/speed)
        WWN=$(cat $PORT/port_name | sed 's/^0x//')
        echo "$PORT#$WWN#$SPEED#$STATE" | awk -F'#' '{printf "%-25s | %-17s | %10s | %-10s\n",$1,$2,$3,$4}'
done

Processz izolálása hálózaton

#!/bin/bash
[[ -e /var/run/netns/kalitka ]] || ip netns add kalitka
ip netns exec kalitka ip addr add 127.0.0.1/8 dev lo
ip netns exec kalitka ip link set dev lo up
ip netns exec kalitka $*

VLAN tag-ek az interfész csomagjain

tcpdump -c 1000 -nni bond0 -e vlan | grep -o 'vlan [0-9]*' | sed 's/^.*$/Found & tagged pockets/' | sort | uniq

http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html#MULTICAST

Subnet Mask Cheat Sheet