{ radak.org }        just another (tech) blog


Clone Linux with RSYNC over SSH

1. Download a Live Linux CD (I tested Ubuntu desktop installer)
2. Boot CD on the new machine and launch a terminal
3. Create filesystems (fdisk, mkfs)
4. Create a directory which will contain old system (mkdir /old_linux)
5. Mount created filesystem in this directory
mount /dev/sda1 /old_linux
6. Create directories what you want to exclude on copy
mkdir /old_linux/dev; /old_linux/sys; /old_linux/proc
7. If you are using separated dirs on old system (like /home, /opt, etc):
8. Create mountpoints (mkdir /old_linux/home)
9. Mount other partitions (mount /dev/sda2 /old_linux/home)
10. Enable Root login on old server (vi /etc/sshd/sshd_config)
11. Copy datas from old server to the new
rsync -aHxv root@OLD_SERVER_IP:/* /old_linux --exclude=/dev --exclude=/proc --exclude=/sys
12. Modify config files if needed
- /etc/fstab
- /etc/udev/rules.d/70-persistent-net.rules
- /etc/network/interfaces
13. Copy devices files to new system
cp -Rp /dev/* /old_linux/dev/
14. Chroot yourself to old_linux
chroot /old_linux /bin/bash
15. Install grub to the new device and generate new config
grub-install /dev/hda
16. Change IP on old machines if you want to use the same
17. Restart the new machine

Share Button

Knock-knock-knockin’ on heaven’s door.

How do secure your ssh server when it has to be open to the world? Here is a port knocking example with iptables only (recent module).

On server side:
/sbin/iptables -P INPUT DROP
/sbin/iptables -N SSH-PHASE1
/sbin/iptables -N SSH-PHASE2
/sbin/iptables -N SSH-PHASE3
/sbin/iptables -A SSH-PHASE1 -m recent --name PHASE0 --remove
/sbin/iptables -A SSH-PHASE1 -m recent --name PHASE1 --set
/sbin/iptables -A SSH-PHASE2 -m recent --name PHASE1 --remove
/sbin/iptables -A SSH-PHASE2 -m recent --name PHASE2 --set
/sbin/iptables -A SSH-PHASE3 -m recent --name PHASE2 --remove
/sbin/iptables -A SSH-PHASE3 -m recent --name PHASE3 --set
/sbin/iptables -A INPUT -m recent --update --name PHASE0
/sbin/iptables -A INPUT -p tcp --dport 1111 -m recent --set --name PHASE0
/sbin/iptables -A INPUT -p tcp --dport 2222 -m recent --rcheck --name PHASE0 -j SSH-PHASE1
/sbin/iptables -A INPUT -p tcp --dport 3333 -m recent --rcheck --name PHASE1 -j SSH-PHASE2
/sbin/iptables -A INPUT -p tcp --dport 4444 -m recent --rcheck --name PHASE2 -j SSH-PHASE3
/sbin/iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 5 --name PHASE3 -j ACCEPT

On client side (linux version):
echo "Connecting to '$1'"
echo "Knock 1/4"
/bin/nc -w 1 $1 1111 2> /dev/null
echo "Knock 2/4"
/bin/nc -w 1 $1 2222 2> /dev/null
echo "Knock 3/4"
/bin/nc -w 1 $1 3333 2> /dev/null
echo "Knock 4/4"
/bin/nc -w 1 $1 4444 2> /dev/null
echo "Starting ssh session"
ssh $@

On client side (mac os x version):
echo "Connecting to '$1'"
echo "Knock 1/4"
/usr/bin/nc -4 -w 1 -G 1 $1 1111
echo "Knock 2/4"
/usr/bin/nc -4 -w 1 -G 1 $1 2222
echo "Knock 3/4"
/usr/bin/nc -4 -w 1 -G 1 $1 3333
echo "Knock 4/4"
/usr/bin/nc -4 -w 1 -G 1 $1 4444
echo "Starting ssh session"
ssh $@

Share Button

Süni csoport 2013


Share Button

Bölcsis ballagás képek

Share Button

Bölcsis ballagás videó

Share Button

Előre, Illéri

Share Button

Vacsiztak a lányok


Share Button

Elmegyünk az állatkertbe

Share Button


Share Button

Riszálom úgyis-úgyis, riszálom úgyis-úgyis, riszálom úgyis-úgyis, riszálom úúúúgyis!

Share Button