linux

Start privilege Linux daemon when windows boot

Windows 10 WSL

With WSL, you can install many Linux distros in Windows, e.g. officially Ubuntu, Ubuntu1804, Debian, … and unofficial like Archlinux.  To start a backgroud linux daemon when Windows start, you need

  1. Recent version of  Windows 10 (e.g. 1803, or maybe 1709 but not tested)
  2. Enable Windows subsystem for Linux
  3. Install a linux distro from Windows store (e.g. Ubuntu1804)

To test, create a simple script in your home folder, e.g. /home/user/testscript.sh


#! /bin/bash
while [ 1 ]
do
 echo `date` >> /mnt/c/tmp/test.txt
 sleep 10
done

Now at Windows schedule task, crate a new task, with

command=bash

argument = -c /home/username/testscript.sh

Modify this task to “Run whether user is logged on or not”.

wsl-roottask_wintask1

wsl-roottask_wintask2

Here is the output

wsl-roottask

Reboot you windows machine to see if the task is started or not.

Run Linux system daemon in Windows

Warning: You should understand completely before doing the following because it allows normal user to run as root.

You can start any task, even “cron” can be started without problem.  But if you want to start cron, you need a special trick, setuid.  This is because normal user cannot start privilege daemon like /usr/sbin/cron.

The command to start ‘cron’ in Windows task scheduler is similar,


bash -c /etc/init.d/cron start

But before you do it, you must setuid of the task, /usr/sbin/cron (login as root, chmod u+s /usr/sbin/cron).  You may ask some Linux guys on how to limit which user(s) can run the ‘cron’ daemon.

Alternatively, you can modify the sudo configuration, e.g. /etc/sudoers.d and add the default user there so that the default user don’t need password to sudo the cron daemon.

I create the following cron task


* * * * * /bin/bash -c "echo hello from cron" >> /mnt/c/tmp/test.txt

You already notice the tail output screen above consists of this cron task.

Advertisements

noob iptables cheat sheet

Notes:

  1. All rules are processed from top to down.  Once a rule is matched (with jump), the rest will be ignored.
  2. Never run iptables -F if the default rules are DROP or your system will be inaccessible.  If possible, set the default rule to ACCEPT and add iptables -A INPUT -j DROP at the end.

List all rules

iptables -L -n -v –line-numbers

Flush all chains (-F) and delete all user-defined chains chains (-X)

Note: Please ensure the default policy is ACCEPT or leave a ssh terminal before issuing

iptables -F

iptables -X

Set default policy (use with care)

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT DROP

Block incoming ip address

iptables -A INPUT -s aa.bb.cc.dd -j DROP

Block outgoing sites

iptables -A OUTPUT -p tcp -d  www.microsoft.co.uk -j DROP

Allow ping from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p icmpicmp-type echo-request -j ACCEPT

iptables -A INPUT -p icmpicmp-type echo-request -j DROP

Allow ssh from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j DROP

Block incoming web access

iptables -A input -p tcp —dport 80 -j DROP

Port forward

Forward incoming connection to another internal host (aa.bb.cc.dd:22)

iptables -t nat -A PREROUTING -I eth0 -p tcp —dport 1022 -j DNAT –to aa.bb.cc.dd:22

iptables -A FORWARD -p tcp -d aa.bb.cc.dd dport 22 -m state –state NEW,ESTABLISH -j ACCEPT

Delete a rule

iptables -L -n -v –line-numbers

iptables -D input {line-number}

 Download PDF

iptables-cheat-sheet

Snappy Ubuntu Core on Hyper-V

Do you want to test drive the Snappy ubuntu core on hyper-v? Here are some simple steps.

1. Download the ova file from the official ubuntu website

https://developer.ubuntu.com/en/snappy/start/#ova
http://cloud-images.ubuntu.com/ubuntu-core/15.04/core/stable/current/core-stable-amd64-cloud.ova

2. Use 7-zip (Windows) or tar (Linux) to untar the ova file
3. Use a image file converter (like virtualbox) to convert the vmdk file to vhd file.

e.g. VBoxManage.exe clonemedium core-stable-amd64-cloud-disk1.vmdk core-stable-amd64-cloud-disk1.vhd –format VHD

4. You can use standard cloud-init way to setup the system (not discuss here) or;

5. mount the VHD file in any linux machine, modify the /etc/shadow (in partition 3) to clear the root password;

6. Create a ubuntu-core machine in hyper-v and mount the vhd image.

7. Start the machine and enjoy.

Openwrt sysupgrade on x86 (barrier breaker)

WARNING: Before upgrading, you should backup the system first!!!

Disclaimer: This is just my experience.  It is not guarantee the steps listed will work on your system.

 

Openwrt upgrade on x86 can be very tricky in the old days.  However, it becomes an easy task starting from attitude adjustment (12.09) and onward.

The following lists the steps to upgrade to the latest snapshot (barrier breaker).  You should change the image to be downloaded in step 4 for the desired version.

  1. Do a full system backup to avoid any lost.  This is very import!!!
  2. login the system as root
  3. cd /tmp
  4. wget http://downloads.openwrt.org/snapshots/trunk/x86/openwrt-x86-generic-combined-ext4.img.gz
  5. sysupgrade -v /tmp/openwrt-x86-generic-combined-ext4.img.gz

Image