How to block a whole company Facebook IP addresses

#12 How to block a whole company behind a website ?

Process is to get the company website name in browser address bar, then ping or similar network tool to get the IP address of the website. From the IP address we get the autonomous system number by using a RaDB query . The use this AS number to get a list of IP adresses to make a ipset . Then use this ipset to make a iptables rule to block a whole .

First, you will need to find the provider's autonomous system number (AS number).

Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly-defined routing policy. Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs).

Go to the RaDB Routing Assets Database whois like interface at https://www.radb.net/query?advanced_query=1&keywords=149.154.167.99&-T+option=&ip_lookup=1&ip_option=&-i+option=

https://www.radb.net/query

Go to the website which you want to block and copy the basename such as https://www.facebook.com/

Open a terminal window and get the IP address of the URL .

ping facebook.com

You will see the IP address such as 149.154.167.99 .

Use the IP address as advanced query such as :

/images/radb01.jpg
route:          149.154.160.0/20
descr:          Telegram Messenger LLP
origin:         AS62041
mnt-by:         MNT-TELEGRAM
created:        2014-03-21T05:14:59Z
last-modified:  2014-03-21T05:14:59Z
source:         RIPE

We need : origin: AS62041 this is the AS number. ( autonomous system number )

Install few packages we need iptables etc,

sudo apt install ipset iptables netfilter-persistent ipset-persistent iptables-persistent

Create an ipset

$ sudo ipset create fbblock nethash

Test the whois query

whois -h whois.radb.net '!gAS62041'

Add all IPs from the AS number to fbblock ipset

sudo for ip in `whois -h whois.radb.net '!gAS32934' | grep /`; do  ipset add fbblock $ip; done

Add lines to /etc/ufw/after.rules :

# block facebook
-I INPUT -m set --match-set fbblock src -j DROP

# block telegram
-I INPUT -m set --match-set telegramblock src -j DROP

maybe you need to restart networking, etc,

# systemctl restart networking
# iptables -L | ag block                                                                   │
DROP       all  --  anywhere             anywhere             match-set telegramblock src              │
DROP       all  --  anywhere             anywhere             match-set fbblock src                    │

#11 Vim NERDTree toggle shortcut

Useful shortcut for opening NERDTree

The NERDTree is a file system explorer for the Vim editor. Using this plugin, users can visually browse complex directory hierarchies, quickly open files for reading or editing, and perform basic file system operations.

NerdTree on github

Add these lines to your .vimrc :

Plugin 'preservim/nerdtree'
map <leader>nj :NERDTreeToggle<CR>

leader is a special key which you press indicate a next keystrokes will trigger a shortcut to a command in Vim.

I have my leader defined in .vimrc :

let mapleader = ","

"*<Leader>* *mapleader* To define a mapping which uses the "mapleader"
variable, the special string "<Leader>" can be used.
It is replaced with the string value of "mapleader"

& ' * ¦ \ ¢ : , @ © ¤ ↓ ° ÷ $ = ! ½ ¼ ⅛ ¾ ⅜ ⅝ ⅞ > ½ ― ‐ ¡ ¿ « ← { “ _ ( [ ‘ < µ ·   ¬ # Ω ª º ¶ % . + ± £ ? " » → } ” ® ) ] ’ § ; ­ / ♪ ¹ ² ³ × ™ ↑ | ¥

#10 list of my VIM plugins

My VIM plugins :

Plugin 'gmarik/Vundle.vim'
Plugin 'tmhedberg/SimpylFold'
Plugin 'Konfekt/FastFold'
Plugin 'vim-scripts/indentpython.vim'
Plugin 'tpope/vim-fugitive'
Plugin 'Lokaltog/vim-easymotion'
Plugin 'ctrlpvim/ctrlp.vim'
Plugin 'SirVer/ultisnips'
Plugin 'honza/vim-snippets'
Plugin 'jmcantrell/vim-virtualenv'
Plugin 'nvie/vim-flake8'
Plugin 'klen/python-mode'
Plugin 'davidhalter/jedi-vim'
Plugin 'preservim/nerdtree'
Plugin 'mattn/pastebin-vim'
Plugin 'vim-airline/vim-airline'
Plugin 'vim-airline/vim-airline-themes'
Plugin 'scrooloose/syntastic'
Plugin 'https://github.com/majutsushi/tagbar'
Plugin 'nathanaelkane/vim-indent-guides'
Plugin 'mattn/gist-vim'

#9 copy photos from USB PTP and rename with exiftool and compress

How to copy photos from USB PTP camera?

If the camera is connecting to computer by USB and has set as a USB device, then we can copy those photos by gphoto2 and gphotofs.

You might need to unmount from a file manager if automounted as we need to Make sure no other program (gvfs-gphoto2-volume-monitor) or kernel module (su ch as sdc2xx, stv680, spca50x) is using the device and you have read/write access to the device.

#sudo apt  install gphoto2 gphotofs

Look around

#gphoto2 --summary
#gphoto2 --auto-detect
#gphoto2 --list-ports
#gphoto2 --list-cameras
#gphoto2 --list-folders
#gphoto2 --abilities

There is 1 folder in folder '/'.
 - store_10000001
There is 1 folder in folder '/store_10000001'.
 - DCIM
There is 1 folder in folder '/store_10000001/DCIM'.
 - 129_FUJI
There are 0 folders in folder '/store_10000001/DCIM/129_FUJI'.

Make a directory for mounting USB PTP camera

#mkdir /home/kusanagi/usbptp/

Mount USB PTP to the directory

#gphotofs /home/kusanagi/usbptp/

Copy photos which was created today to current directory

#find ~/usbptp/store_10000001/DCIM/129_FUJI/ -daystart -mtime 0 -exec sh -c "cp {} ." \;

Rename photos with exiftool

Today is 20230402.

#sudo apt install libimage-exiftool-perl

#mkdir /media/kusanagi/toshiba-pc-l200-1/20230402{,-smallres}/

#exiftool '-FileName<${CreateDate}_${Exif:Model}_${filename}' -d %Y%m%d_%H%M%S -v1 *

Generate smaller resolution photos for sharing / backup

#find . -iname "*jpg" -exec sh -c  "mogrify -path /media/kusanagi/toshiba-pc-l200-1/20230402-smallres/ -quality 95  -resize 1440x1440  {} " \;

#find . -iname "*jpg" -exec sh -c  "mogrify -path /media/kusanagi/toshiba-pc-l200-1/20230402-smallres/ -quality 95  -resize 1440x1440  {} " \;

Done, unmount gphotofs

fusermount -u /home/bob/usbptp

#8 How to find which process is behind a linux windows

How to find which process is running behind a windows ?

/images/uni-legowelt-interlakenM.jpg

painting made by Legowelt

First get PID of the window with xprop - property displayer for X

`xprop _NET_WM_PID | sed 's/_NET_WM_PID(CARDINAL) = //'`

Then use this command as parameter of "ps -q" :

# ps eaux -q `xprop _NET_WM_PID | sed 's/_NET_WM_PID(CARDINAL) = //'`


USER         PID   %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
nafofella    4100  0.0  0.1 640560 61180 ?        Sl   09:17   0:07 xfce4-terminal LANGUAGE=en_US USER=nafofella LC_TIME=en_US.UTF-8

#6 Debian Testing Encrypted BTRFS Install

#6 Debian-testing + BTRFS + Encrypted Install

What is

What is BTRFS : https://btrfs.readthedocs.io/en/latest/Introduction.html

What is Debian : https://www.debian.org/intro/philosophy

What is LVM : https://www.redhat.com/sysadmin/lvm-vs-partitioning

Download Debian ISO

64-bit PC netinst ISO https://www.debian.org/distrib/

https://cdimage.debian.org/cdimage/release/12.4.0/amd64/iso-cd/

look for a name ___amd64-netinst.iso

Filename should be like debian-12.4.0-amd64-netinst.iso

Release Notes for Debian :

https://www.debian.org/releases/stable/amd64/release-notes.en.pdf

UPDATE 10 Jun 2023: As of Debian 12 (Bookworm), firmware is included in the normal Debian installer images. USERS NO LONGER NEED TO LOOK FOR SPECIAL VERSIONS

Burn Debian ISO to USB

On Windows : https://www.balena.io/etcher/

On Linux , first plugin USB drive and find which device path is allocated .

Best is running a GUI program "gnome-disks" . :

/images/6-debian-installation-01.jpg

Selecting the USB drive. At details you will see path such as /dev/sde

Then open a root shell and transfer the ISO to /dev/sde

# dd if=/home/kusanagi/Downloads/debian-11.6.0-amd64-netinst.iso of=/dev/sde status=progress

# sync

Boot machine

Then remove the USB drive and plugin into target machine , boot up and press F12 or F8 depend on BIOS, to select boot device. Select USB drive . Boot with UEFI mode , we need for having a EFI partition . Debian installer will start.

For testing installation is best to try on hypervisor ,which lets you run multiple operating systems as virtual machines.

Create a new virtual machine and select the downloaded Debian ISO .

Deselect "automatically power on virtual machine after powering on" .

Edit virtual machine settings -> Options -> Advanced tab -> Firmware type. Select UEFI.

Expert install

Choose advanced options -> choose Expert install

Choose language .

Configure keyboard .

Detect and mount installation media.

Load installer components from installation media.

We might need fdisk component for partitioning later.

Later guided partitioning will load Crypto-dm-modules and rescue-mode for making available cryptsetup command we will use for creating custom encrypted volumes.

Those modules are only needed if you will not Partition disks with a provided Debian installer.

Detect network hardware.

Auto configure network.

Choose hostname. Can left domain name empty.

Setup users and password: Enable shadow passwords. Not allow root login.

Create new user with secure password.

Configue clock: Setup NTP .

Detect disks.

Partion disks.

Guided - use entire disk and set up encrypted LVM

Select disk to partition

All files in one partition. Because you are a new user, do you?

Write the changes to disk and configure LVM. Yes

Now installer is erasing data on disk partition. If disk is totally new, just testing or previous usage does not contain sensitive data, then erasing can be skipped by Cancel

Choose passphrase for encrypt SCSI (0,0,0), partition #3 (sda). Choose "123", or anything, does not matter . We will recreate encrypted volume later.

Confirm Yes to use weak passphrase.

Name of volume group : debian-vg

Amount of volume group to use for guided partitioning: Choose what is provided ,which is all disk space.

You can see the overview of partitions .

We have one volume group debian-vg consume all disk space. In debian-vg are two logical volumes : root and swap_1 .

/images/debinstall-03.png

Finish partitioning and write changes to disk.

Now the installer is in a state where partitioning is saved as a finished step.

We will remove all of the partitioning , then customize and reach a same disk / partition setup what the installer achieved.

Then we can continue with Install the base system, the installer will not know what we did in the background.

Now switch to another virtual terminal by pressing CTRL-ALT-F2.

Check disk layout :

# cat /proc/partitions

The largest size disk usually /dev/sda is the hard drive we have in the machine.

Partition disk with fdisk

# fdisk /dev/sda

in fdisk , format the disk as GTP by command letter g

Create first partition in fdisk by letter n, size about 512M

Change partition type , letter t command . Type code : 1 .

Create second partition for /boot : size 512M

Create third partition for /root , rest of the space .

About Swapfile

swapfile only works if BTRFS have set no-COW (no copy on write). By default BTRFS have COW , that means we can't use swapfile on BTRFS. Setting BTRFS to not-COW would loose main benefit of BTRFS filesystem.

We will create a swap logical volume.

Backup , umount, remove volume group, remove encrypted volume

Turn off swap_1 :

swapoff /dev/mapper/debian--vg-swap_1

Backup /target directory :

cp -r /target /tmp/

Umount /target , efi and boot :

umount /target/boot/efi
umount /target/boot/
umount /target/

Remove logical volumes : root and swap_1

lvremove /dev/mapper/debian--vg-swap_1
lvremove /dev/mapper/debian--vg-root

Remove volume group and physical volumes :

vgremove debian-vg
pvremove /dev/mapper/sda3_crypt

Close encrypted volume :

cryptsetup close /dev/mapper/sda3_crypt

Create encrypted volume

# cryptsetup -y -v --label=LABEL --key-size 512 --hash sha512 luksFormat /dev/sda3

Note : You can benchmark to see keysize and hash is good for your taste , or you might want to go with defaults.

# cryptsetup benchmark --key-size 512 --hash sha512

# cryptsetup --help

End of the listing should show like

Default compiled-in device cipher parameters:
loop-AES: aes, Key 256 bits
plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
LUKS: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha256, RNG: /dev/urandom
LUKS: Default keysize with XTS mode (two internal keys) will be doubled.

Now open the encrypted volume. This will be under /dev/mapper/sda3_crypt

# cryptsetup open /dev/sda3 sda3_crypt

Create volume groups

lvcreate(8) - Linux man page

vgcreate(8) - Linux man page

vgcreate debian-vg /dev/mapper/sda3_crypt

vgs

lvcreate -n swap_1 -L 8G debian-vg

lvcreate -n root -l +100%FREE debian-vg

lvs

Create SWAP for swap_1 logical volume

mkswap /dev/mapper/debian--vg-swap_1

BTRFS partitioning and mounts

Format "root" logical volume (this will be our root partition) with BTRFS filesystem :

# mkfs.btrfs --label gekisroot /dev/mapper/debian--vg-root

Mount to /target :

# mount /dev/mapper/debian--vg-root /target

Create subvolumes :

#cd /target

# btrfs subvolume create @rootfs

#ls
@rootfs

# btrfs subvolume create @home

# btrfs subvolume create @snapshots

# btrfs subvolume list /target

# Make a note which ID match which subvolume.

# ls

@home @rootfs @snapshots

cd /

umount /target

subvolid must be the ID from btrfs subvolume list

#mount -o rw,noatime,space_cache=v2,compress=zstd:3,ssd,discard=async,subvolid=256 /dev/mapper/debian--vg-root /target

Omit **ssd** parameter if disk is not SSD

#mkdir /target/home

#mkdir /target/.snapshots

Create a target boot EFI dir.

#mkdir -p /target/boot/efi

#mount -o rw,noatime,space_cache=v2,compress=zstd:3,ssd,discard=async,subvolid=257 /dev/mapper/debian--vg-root /target/home

#mount -o rw,noatime,space_cache=v2,compress=zstd:3,ssd,discard=async,subvolid=258 /dev/mapper/debian--vg-root /target/.snapshots

Omit **ssd** parameter if disk is not SSD

We need to mount boot and EFI

#mount /dev/sda2 /target/boot

#mount /dev/sda1 /target/boot/efi

Copy back files, dirs from /tmp

cp -r /tmp/target/* /target

fstab

We don't have genfstab for debian. We have to manually edit fstab.:

#cd /target/etc/

#nano /target/etc/fstab

At /dev/mapper/debian--vg-root replace ext4 with btrfs.

Replace errors=remount-ro with this :

**rw,noatime,space_cache=v2,compress=zstd:3,ssd,discard=async,subvolid=257**

CTRL-K then CTRL-U twice to make three lines with same content . Change subvolid to 258, 259

On my system , subvolid 257 was root 258 was home 259 was .snapshots

You can list subvolid with :

#btrfs subvol list /target

Save and exit from nano : CTRL-O and CTRL-X

Check fstab content :

cat /target/etc/fstab

fstab should look like

# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/debian--vg-root /               btrfs   rw,noatime,space_cache=v2,ssd,discard=async,subvolid=257 0       0
/dev/mapper/debian--vg-root /home               btrfs   rw,noatime,space_cache=v2,ssd,discard=async,subvolid=258 0       0
/dev/mapper/debian--vg-root /.snapshots               btrfs   rw,noatime,space_cache=v2,ssd,discard=async,subvolid=259 0       0

# /boot/efi was on /dev/sda1 during installation

UUID=AF69-7740  /boot/efi       vfat    umask=0077      0       1

UUID="9315574b-3269-4d63-8d85-7a6ca0f4d5e9" /boot       ext4    rw,relatime     0       2

/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

/dev/mapper/debian--vg-swap_1     none    swap    sw      0       0

Done setting up fstab.

crypttab

At boot time Linux will need crypttab file for mounting our encrypted volumes. (root and swap)

blkid | grep sda3:>> /target/etc/crypttab

nano /target/etc/crypttab

You need to do a bit of inconvenient editing with nano, but CTRL-K (cut line) and CTRL-U (paste line) helps .

should look like this :

sda3_crypt UUID="2f78THIS-YOUR-UUID-876f-d64ff21f121f" none luks,discard

The first field, target, describes the mapped device name.

The second field, source device, describes either the block special device.

The third field, key file, describes the file to use as a key for decrypting the data of the source device.

The fourth field, options :

luks : use luks mode.

discard

Allow using of discards (TRIM) requests for device.

Starting with Debian 10 (Buster), this option is added per default to new dm-crypt devices by the Debian Installer. If you don't care about leaking access patterns (filesystem type, used space) and don't have hidden truecrypt volumes inside this volume, then it should be safe to enable this option. See the following warning for further information.

WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.

Check if crypttab is indeed have sda3 UUID

blkid

cat /target/etc/crypttab

Continue with base system install.

CTRL-ALT-F1 back to installer.

If graphical installer then the installer should be at CTRL-ALT-F5.

Continue with installation.

Go with selection of generic drivers.

We will install most of the stuff with debian testing .

Select network mirror. Choose fastest mirror for your region.

Select yes or no for non-free software. Yes or no for enable source repositories in APT .

Remove all selection at "Configure the package manager", since we will go with Debian testing .

Configure discover updates management.

Continue popularity-contest.

Software selection . Remove all selection except "standard system utilities".

Install grub.

Do not (???) force GRUB installation to the EFI removeable media path.

Finish .

Remove install media.

Reboot.

Login.

change font size

sudo dpkg-reconfigure console-setup

Choose UTF-8

Font for console : Terminus.

Choose font size.

install vim

apt install vim -y

Change apt source to TESTING

sudo vim /etc/apt/sources.list.

Remove bullseye and replace with testing.

#sudo apt update

nala replaces apt and very cool frontend for apt, it can run parallel .

#sudo apt install nala

#sudo nala upgrade

Select Restart services .

Install finished. Reboot.

#sudo reboot

TODO later reflector

swapfile

If filesystem is not BTRFS and no swap partition then we can have a swapfile

#sudo nala install zram-tools #sudo vim /etc/default/zramswap Uncomment ALGO and change to zstd. and set PERCENT=25

#sudo nala install task-cinnamon-desktop This takes a time...

Test timeshift

#sudo apt install timeshift

Reboot.

Login to xfce .

Start timeshift. Select BTRFS. Select snapshot location .

Select snapshot levels .

Include @home subvolume

Finish.

#5 Cooking - Rice pudding

Simple tasty rice-meal

/images/rice-pudding01.jpg

Ingredients

  • 15dKg rice

  • 1.5 dL water

  • 5 dKg butter

  • 4 dL milk

  • 1 pinch of salt

  • 1 pack (10gramm) vanilin sugar

  • 3 tablespoon sugar

Steps

  1. add 1.5dL water in pot

/images/rice-pudding10.jpg

  1. add washed clean 15dKg rice in pot and turn on the gas

/images/rice-pudding09.jpg

  1. Stirr and add 5dKg butter

/images/rice-pudding08.jpg

  1. Continue stirring and add 2dcL milk

/images/rice-pudding07.jpg

  1. Add 3 tablespoon sugar

/images/rice-pudding06.jpg

  1. Add pinch of salt

/images/rice-pudding05.jpg

  1. Add pack of vanilin sugar

  2. Add rest of the milk (2dcL) and stirr time to time until rice will be ready and soft.

images © mindmegette .

/images/rice-pudding11.jpg
https://dai.ly/k4tnEOqJuuqgXkySkbC

source : https://videa.hu/videok/mindmegette/gasztro/tejberizs-lYl2rK2cYKDYdOgB

#4 Book Early Release Kubernetes Patterns 2nd Edition

Book Early Release Kubernetes Patterns 2nd Edition

New book available for download at developers.redhat.com

https://developers.redhat.com/e-books/kubernetes-patterns-2nd-edition-early-release

For devs and architects, who want to learn how to solve common cloud native challenges with proven design patterns.

Topics :

  • Foundational patterns covering core principles and practices for building and running container-based cloud native applications

  • Behavioral patterns that delve into finer-grained concepts for managing various types of container and platform interactions

  • Structural patterns for organizing containers within a Pod to address specific use cases

  • Configuration patterns that provide insight into how to handle application configurations in Kubernetes

  • Security patterns for hardening access to cloud native applications running on Kubernetes

  • Advanced patterns that cover more complex topics such as operators and autoscaling

/images/book-KubernetesPatterns2ndEd.jpg

#3 Rehab PROhands trainer

Rehab PROhands training

Necessary training fingers after prolonged computer interface usage . PROhands helps by unique way by untilize each one of hand fingers. They have 4 level of different hands trainer , I got what was available here is the heavy level (black) trainer.

https://prohands.net/

Tip : put a small lube on a slider under each of spring . Ideally silicone lube which will not damage plastics .

/images/rehab-pro-hands-trainer.jpg
https://dai.ly/k2iZnJONkY29FTyRLb8