From bc55732c55a0c854f6e3c3cc40efd603907ecdcb Mon Sep 17 00:00:00 2001 From: johannst Date: Tue, 15 Mar 2022 17:05:22 +0000 Subject: deploy: 33d74c3b33394769a2040ff451fbfdfd58e9bf92 --- print.html | 189 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 185 insertions(+), 4 deletions(-) (limited to 'print.html') diff --git a/print.html b/print.html index 9ce4124..074f644 100644 --- a/print.html +++ b/print.html @@ -83,7 +83,7 @@ @@ -1384,6 +1384,7 @@ delkey delete selected subkey

Export & Import Keys

gpg --export --armor --output <KEY.PUB> <KEY ID>
+gpg --export-secret-key --armor --output <KEY.PUB> <KEY ID>
 gpg --import <FILE>

Search & Send keys

@@ -2931,6 +2932,186 @@ def sum(a: int, b: int) -> int:

Micro benchmarking.

python -m timeit '[x.strip() for x in ["a ", " b"]]'
+

Linux

+ +

systemd

+

systemctl

+

Inspect units:

+
systemctl [opts] [cmd]
+[opts]
+    --user
+
+[cmd]
+    list-units <pattern>    List units in memory
+
+    status <unit>           Show runtime status of unit
+
+    start <unit>            Start a unit
+    stop <unit>             Stop a unit
+    restart <unit>          Restart a unit
+    reload <unit>           Reload a unit
+
+    enable <unit>           Enable a unit (persistent)
+    disable <unit>          Disable a unit
+
+    cat <unit>      Print unit file
+    show <unit>     Show properties of unit
+
+

Example: Trivial user unit

+
# Generate unit
+mkdir -p ~/.config/systemd/user
+echo '[Unit]
+Description=Test logger
+
+[Service]
+Type=oneshot
+ExecStart=logger "Hello from test unit"' > ~/.config/systemd/user/test.service
+
+# Run unit
+systemctl --user start test
+
+# See log message
+journalctl --user -u test -n 5
+
+

journalctl

+

Inspect journal logs:

+
journalctl [opts] [matches]
+    --user          Current user journal (system by default)
+    -u <unit>       Show logs for specified <unit>
+    -n <lines>      Show only last <lines>
+    -f              Follow journal
+    -g <pattern>    Grep for <pattern>
+
+

Cleanup:

+
journalctl [opts]
+    --disk-usage            Show current disk usage
+    --vacuum-size=<size>    Reduce journal log to <size> (K/M/G)
+
+

References

+ +

core(5)

+

There are multiple requirements that must be satisfied that coredumps are +being generated, a full list can be found in core(5).

+

An important one is to configure the soft resource limit RLMIT_CORE +(typically as unlimited during debugging). +In a typical bash/zsh this can be done as

+
ulimit -Sc unlimited
+
+

Naming of coredump files

+

There are two important kernel configs to control the naming:

+
/proc/sys/kernel/core_pattern
+    <pattern>    => Specifies a name pattern for the coredump file. This can
+                    include certain FORMAT specifier.
+    |<cmdline>   => Coredump is pipe through stdin to the user space process
+                    specified by the cmdline, this can also contain FORMAT specifier.
+
+  FORMAT specifier (full list, see core(5)):
+    %E      Pathname of the executable ('/' replaced by '!').
+    %p      PID of the dumping process in its pid namespace.
+    %P      PID of the dumping process in the initial pid namespace.
+    %u      Real UID of dumping process.
+    %s      Signal number causing the dump.
+
+
+/proc/sys/kernel/core_uses_pid
+    1  => Append ".<pid>" suffic to the coredump file name
+          (pid of the dumping process).
+    0  => Do not append the suffix.
+
+

Control which segments are dumped

+

Each process has a coredump filter defined in /proc/<pid>/coredump_filter +which specifies which memory segments are being dumped. +Filters are preseved across fork/exec calls and hence child processes inherit +the parents filters.

+

The filter is a bitmask where 1 indicates to dump the given type.

+
From core(5):
+  bit 0  Dump anonymous private mappings.
+  bit 1  Dump anonymous shared mappings.
+  bit 2  Dump file-backed private mappings.
+  bit 3  Dump file-backed shared mappings.
+  bit 4  Dump ELF headers.
+  bit 5  Dump private huge pages.
+  bit 6  Dump shared huge pages.
+  bit 7  Dump private DAX pages.
+  bit 8  Dump shared DAX pages.
+
+Default filter 0x33.
+
+

Some examples out there

+

coredumpctl (systemd)

+
# List available coredumps.
+coredumpctl list
+    TIME                             PID  UID  GID SIG     COREFILE EXE               SIZE
+    ...
+    Fri 2022-03-11 12:10:48 CET     6363 1000 1000 SIGSEGV present  /usr/bin/sleep   18.1K
+
+# Get detailed info on specific coredump.
+coredumpctl info 6363
+
+# Debug specific coredump.
+coredumpctl debug 6363
+
+# Dump specific coredump to file.
+coredumpctl dump 6363 -o <file>
+
+

apport (ubuntu)

+

Known crash report locations:

+ +

To get to the raw coredump, crash reports can be unpacked as:

+
apport-unpack <crash_repot> <dest_dir>
+
+

The coredump resides under <dest_dir>/CoreDump.

+

ptrace_scope

+

In case the kernel was compiled with the yama security module +(CONFIG_SECURITY_YAMA), tracing processes with ptrace(2) can be restricted.

+
/proc/sys/kernel/yama/ptrace_scope
+    0 => No restrictions.
+    1 => Restricted attach, only the following can attach
+            - A process in the parent hierarchy.
+            - A process with CAP_SYS_PTRACE.
+            - A process with the PID that the tracee allowed by via
+              PR_SET_PTRACER.
+    2 => Only processes with CAP_SYS_PTRACE in the user namespace of the tracee
+         can attach.
+    3 => No tracing allowed.
+
+

Further details in ptrace(2).

+

Network

+ +

tcpdump(1)

+

CLI

+
tcpdump [opts] -i <if> [<filter>]
+    -n              Don't covert host/port names.
+    -w <file|->     Write pcap trace to file or stdout (-).
+    -r <file>       Read & parse pcap file.
+
+

Some useful filters.

+
src <ip>                Filter for source IP.
+dst <ip>                Filter for destination IP.
+host <ip>               Filter for IP (src + dst).
+net <ip>/<range>        Filter traffic on subnet.
+[src/dst] port <port>   Filter for port (optionally src/dst).
+tcp/udp/icmp            Filter for protocol.
+
+
+

Use and/or/not and () to build filter expressions.

+
+

Examples

+

Capture packets from remote host

+
# -k: Start capturing immediately.
+ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
+

Arch