/r/linux_mentor

Photograph via snooOG

Wanna become a Unix System administrator? Wanna learn to use the commandline on OSX or Linux? Welcome to Linux System Administration Mentoring Group and Subreddit. Need a mentor?

/r/linux_mentor

5,777 Subscribers

7

The junior sysadmin course at r/LinuxUpskillChallenge restarting 3 July 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/06/28
01:15 UTC

1

How to create a NAT with tun/tap

I am trying to set up a NAT: a tun/tap interface tap0, with IP masquerading.

But i cannot reach the internet through tap0 when the default route is through it. Can you help me troubleshoot please?

These are the commands i have run, where 192.168.A.B is a placeholder for the address of tap0:

ip tuntap add mode tap tap0

ip addr add 192.168.A.B/24 dev tap0

ifconfig tap0 192.168.A.B up

ip route add default via 192.168.A.B

ip link set tap0 up

And these are my iptables rules, with some of them specific to another user named someuser, while i was root when i was doing my tests (so those with owner UID match someuser are not relevant) :

[root@localhost ~]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- anywhere localhost owner UID match someuser tcp dpt:krb524

ACCEPT udp -- anywhere localhost owner UID match someuser udp dpt:krb524

ACCEPT tcp -- anywhere localhost owner UID match someuser tcp dpt:upnotifyp

ACCEPT udp -- anywhere localhost owner UID match someuser udp dpt:upnotifyp

REJECT all -- anywhere anywhere owner UID match someuser reject-with icmp-port-unreachable

[root@localhost ~]# iptables -L -t nat

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all -- 192.168.A.0/24 anywhere

MASQUERADE all -- anywhere anywhere

At this point, when i ping imdb.com , the host is unreachable. Are the MASQUERADE iptables rules to blame?

This is the output of ip route, where eth0 is the real interface with address 192.168.X.Y and my gateway is 192.168.X.Z

[root@localhost ~]# ip route

default via 192.168.A.B dev tap0 linkdown

default via 192.168.X.Z dev eth0 proto dhcp src 192.168.X.Y metric 100

127.0.0.0/8 dev lo proto kernel scope link src 127.0.0.1 metric 30

192.168.X.0/24 dev eth0 proto kernel scope link src 192.168.X.Y metric 100

192.168.A.0/24 dev tap0 proto kernel scope link src 192.168.A.B metric 350 linkdown

Even though it says "linkdown", tap0 seems up:

[root@localhost ~]# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> ...

...

tap0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet 192.168.A.B netmask 255.255.255.0 broadcast 192.168.A.255

[root@localhost ~]# ip addr show

shows this for tap0

tap0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000

and this for eth0

<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000

Now, if i do the following, the ping works

[root@localhost ~]# ip route delete default via 192.168.A.B

Just to say that everything works through my real gateway directly.

Thank you in advance for any help

0 Comments
2023/06/27
17:51 UTC

7

The junior sysadmin course at r/LinuxUpskillChallenge restarting 5 June 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/05/24
01:15 UTC

1

Could really use a mentor

I’m about 2 years into my career as a sysadmin, looking to take a soc analyst 2 role. However, I’m currently dealing with a nightmare on my home network. Currently every machine has modified kernels not if my doing and upon boot in forensics mode I find bsd software as well as remote jmx and Jconsole terminals. This has been going on for a few months and right when I think I’ve cleared out the remote attackers leftovers more pop up. I wrote scripts to only allow one user, scripts that kick any non native users every minute, scripts that remove open jdk every minute; to no avail. I’ve tried cronjobs and caja events. Upon boot I can see that the remote attacker essentially has his own file system, and I cannot remove his vfs no matter what I’ve tried. Either that or I’ll get device is busy so not removing alert. Even after shutting down ssh (mostly tcp protocols) the tune time environment for java still persists, clever exploit for sure. My question is where do I begin in this mess? I’ve lost so much already trying to replace what is infected I even moved and got new isp hoping that would resolve the issue. I’m feeling hopeless and I’m not going to take this job as it’s remote; until I know my home network is secure.

I’ve tried port forwarding through several routers with lease expirations every 3 minutes but still I’ll get dos and the source address appeared to be from my isps dns server, diving deeper I found out about fiked and wrote a script to compile the lists and ran a traceroute to find the real source address. I need help on what to do from here, the attacker is using 9 proxy’s:vpn to port through so he must really not want to be caught. I also kept excellent logs on the network traffic to wire shark if anyone would like to take a peak.

All in all I’m out about 14k in phones, computers, and 9k in bitcoin. At this point I just want my life back so please if anyone can spare me any advice on how to prevent the jmx mbeans exploit or maybe even honeypot this annoyance I’m all in it’s been since novemember ffs.

Tl:dr I’m being exploited via mbeans jmx through artifacts, he is trying to change kernels using multi call; I’m out of ideas please help.

3 Comments
2023/04/30
06:46 UTC

10

The junior sysadmin course at r/LinuxUpskillChallenge restarting 1 May 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/04/26
01:15 UTC

9

The junior sysadmin course at r/LinuxUpskillChallenge restarting 3 April 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/03/29
01:15 UTC

8

The junior sysadmin course at r/LinuxUpskillChallenge restarting 6 March 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/03/01
01:15 UTC

0

what is an ISO file?

hey quick question, what is an ISO file? what does it do? why do people use it? what do people use it for?

thank you

3 Comments
2023/02/22
06:53 UTC

2

what are "native packages"

question, what are "native packages" in the context of Linux and what do they mean?

thank you

6 Comments
2023/02/17
02:23 UTC

1

Any suggestions for a low powered open source NAS Solution?

I'm looking to build a NAS solution with a raspberry PI.

Any suggestions on what distro and hardrive I could use?

I wanna store some movies, series and old stuff that I don't access often.

2 Comments
2023/02/09
07:25 UTC

9

The junior sysadmin course at r/LinuxUpskillChallenge restarting 6 February 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2023/01/25
01:15 UTC

9

The junior sysadmin course at r/LinuxUpskillChallenge restarting 2 January 2023

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/12/27
20:15 UTC

8

The junior sysadmin course at r/LinuxUpskillChallenge restarting 5 December 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

2 Comments
2022/11/29
20:15 UTC

9

The junior sysadmin course at r/LinuxUpskillChallenge restarting 7 November 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/10/25
20:15 UTC

10

The junior sysadmin course at r/LinuxUpskillChallenge restarting 3 October 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/09/27
20:15 UTC

1

What does this command do?

1 Comment
2022/09/08
00:27 UTC

14

The junior sysadmin course at r/LinuxUpskillChallenge restarting 5 September 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/08/23
20:15 UTC

13

The junior sysadmin course at r/LinuxUpskillChallenge restarting 1 August 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/07/26
20:15 UTC

12

The junior sysadmin course at r/LinuxUpskillChallenge restarting 4 July 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/06/28
20:15 UTC

6

Why there is gnome snap filling 100% of my /dev/loop

3 Comments
2022/06/21
10:59 UTC

8

Free Course: Linux for Blue Team

0 Comments
2022/05/30
15:32 UTC

12

The junior sysadmin course at r/LinuxUpskillChallenge restarting 6 June 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/05/24
20:15 UTC

1

CYBERSOC Information Technology Library Blog

0 Comments
2022/05/23
03:23 UTC

16

The junior sysadmin course at r/LinuxUpskillChallenge restarting 2 May 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/04/26
20:15 UTC

5

Docker Monitoring Stack with Grafana and Prometheus

I've setup this github repository as a barebones starter on grafana, prometheus, cadvisor, node-exporter and alertmanager and auto provisioning of node level metrics dashboard, as well as container level metrics dashboard:

https://github.com/ruanbekker/docker-monitoring-stack-gpnc

0 Comments
2022/04/06
21:03 UTC

10

The junior sysadmin course at r/LinuxUpskillChallenge restarting 4 April 2022

This free month-long course is re-starting again on the first Monday of next month.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

0 Comments
2022/03/29
20:15 UTC

Back To Top