man8

• 1: Linux cli command systemd-udevd.service
• 2: Linux cli command tdbdump
• 3: Linux cli command update-passwd
• 4: Linux cli command vfs_aio_pthread
• 5: Linux cli command systemd-pcrlock-secureboot-authority.service
• 6: Linux cli command zdump
• 7: Linux cli command systemd-pstore.service
• 8: Linux cli command tc-fq_codel
• 9: Linux cli command update-dictcommon-aspell
• 10: Linux cli command tc-fq
• 11: Linux cli command vfs_shadow_copy2
• 12: Linux cli command systemd-rfkill.service
• 13: Linux cli command tc-mpls
• 14: Linux cli command wdctl
• 15: Linux cli command tc-sfq
• 16: Linux cli command vfs_btrfs
• 17: Linux cli command veritysetup
• 18: Linux cli command upowerd
• 19: Linux cli command systemd-rfkill
• 20: Linux cli command systemd-udevd
• 21: Linux cli command update-language-lua
• 22: Linux cli command systemd-sysctl.service
• 23: Linux cli command systemd-sysusers.service
• 24: Linux cli command udevadm
• 25: Linux cli command systemd-tpm2-setup.service
• 26: Linux cli command vfs_nfs4acl_xattr
• 27: Linux cli command unafs
• 28: Linux cli command vfs_audit
• 29: Linux cli command tc-htb
• 30: Linux cli command systemd-update-done.service
• 31: Linux cli command systemd-run-generator
• 32: Linux cli command xtables-nft-multi
• 33: Linux cli command systemd-sleep
• 34: Linux cli command systemd-update-utmp
• 35: Linux cli command systemd-rfkill.socket
• 36: Linux cli command tc-red
• 37: Linux cli command tc-connmark
• 38: Linux cli command vfs_aio_fork
• 39: Linux cli command update-language
• 40: Linux cli command systemd-tpm2-setup-early.service
• 41: Linux cli command tc-pfifo_fast
• 42: Linux cli command update-exim4.conf
• 43: Linux cli command tc-mirred
• 44: Linux cli command systemd-update-utmp.service
• 45: Linux cli command vigr
• 46: Linux cli command [email protected]
• 47: Linux cli command vfs_readahead
• 48: Linux cli command tc-ets
• 49: Linux cli command vfs_fake_perms
• 50: Linux cli command tdbbackup
• 51: Linux cli command systemd-socket-proxyd
• 52: Linux cli command updatedb
• 53: Linux cli command vcstime
• 54: Linux cli command tc-prio
• 55: Linux cli command tc-pfifo
• 56: Linux cli command unix_chkpwd
• 57: Linux cli command vfs_io_uring
• 58: Linux cli command xtables-nft
• 59: Linux cli command tc-pedit
• 60: Linux cli command tc-tbf
• 61: Linux cli command systemd-veritysetup
• 62: Linux cli command tc
• 63: Linux cli command systemd-remount-fs
• 64: Linux cli command systemd-tpm2-setup
• 65: Linux cli command systemd-poweroff.service
• 66: Linux cli command tc-cgroup
• 67: Linux cli command usbhid-dump
• 68: Linux cli command update-language-def
• 69: Linux cli command tipc-media
• 70: Linux cli command vfs_shell_snap
• 71: Linux cli command tc-gact
• 72: Linux cli command vmstat
• 73: Linux cli command webspy
• 74: Linux cli command vfs_linux_xfs_sgid
• 75: Linux cli command wipefs
• 76: Linux cli command unique
• 77: Linux cli command update-rc.d
• 78: Linux cli command vfs_default_quota
• 79: Linux cli command update-java-alternatives
• 80: Linux cli command vconfig
• 81: Linux cli command systemd-pcrmachine.service
• 82: Linux cli command systemd-storagetm.service
• 83: Linux cli command update-default-ispell
• 84: Linux cli command tc-route
• 85: Linux cli command xtables-legacy
• 86: Linux cli command systemd-timedated
• 87: Linux cli command vfs_glusterfs
• 88: Linux cli command yersinia
• 89: Linux cli command tc-etf
• 90: Linux cli command tdbrestore
• 91: Linux cli command tc-hfsc
• 92: Linux cli command systemd-pcrlock
• 93: Linux cli command update-smart-drivedb
• 94: Linux cli command vdpa-mgmtdev
• 95: Linux cli command tc-fq_pie
• 96: Linux cli command x86_64
• 97: Linux cli command update-xmlcatalog
• 98: Linux cli command update-fonts-scale
• 99: Linux cli command update-inetd
• 100: Linux cli command systemd-random-seed
• 101: Linux cli command vfs_commit
• 102: Linux cli command trafgen
• 103: Linux cli command vfs_recycle
• 104: Linux cli command systemd-pcrphase.service
• 105: Linux cli command systemd-user-sessions.service
• 106: Linux cli command update-exim4.conf.template
• 107: Linux cli command tcpick
• 108: Linux cli command vpddecode
• 109: Linux cli command update-mime
• 110: Linux cli command vfs_fileid
• 111: Linux cli command wesside-ng
• 112: Linux cli command tc-sfb
• 113: Linux cli command tc-gate
• 114: Linux cli command tc-netem
• 115: Linux cli command tcpkill
• 116: Linux cli command update-command-not-found
• 117: Linux cli command update-fonts-dir
• 118: Linux cli command vfs_extd_audit
• 119: Linux cli command vdpa-dev
• 120: Linux cli command systemd-sysv-generator
• 121: Linux cli command xtables-translate
• 122: Linux cli command vfs_dirsort
• 123: Linux cli command wpa_cli
• 124: Linux cli command update-catalog
• 125: Linux cli command systemd-rc-local-generator
• 126: Linux cli command systemd-soft-reboot.service
• 127: Linux cli command tcpnice
• 128: Linux cli command vfs_worm
• 129: Linux cli command tc-flow
• 130: Linux cli command tc-pie
• 131: Linux cli command tasksel
• 132: Linux cli command vfs_unityed_media
• 133: Linux cli command tc-taprio
• 134: Linux cli command umount.nfs
• 135: Linux cli command systemd-pcrphase-sysinit.service
• 136: Linux cli command usbmuxd
• 137: Linux cli command vfs_time_audit
• 138: Linux cli command systemd-suspend.service
• 139: Linux cli command systemd-udev-settle.service
• 140: Linux cli command vpnc-disconnect
• 141: Linux cli command vfs_offline
• 142: Linux cli command tc-cake
• 143: Linux cli command systemd-udevd-kernel.socket
• 144: Linux cli command tc-ctinfo
• 145: Linux cli command tc-flower
• 146: Linux cli command usermod
• 147: Linux cli command vfs_media_harmony
• 148: Linux cli command tc-drr
• 149: Linux cli command update-default-aspell
• 150: Linux cli command systemd-tmpfiles-clean.service
• 151: Linux cli command systemd-udevd-control.socket
• 152: Linux cli command systemd-quotacheck.service
• 153: Linux cli command tc-choke
• 154: Linux cli command testdisk
• 155: Linux cli command umount
• 156: Linux cli command vfs_readonly
• 157: Linux cli command vfs_virusfilter
• 158: Linux cli command tipc-node
• 159: Linux cli command systemd-xdg-autostart-generator
• 160: Linux cli command tcpdump
• 161: Linux cli command vpnc-connect
• 162: Linux cli command tc-ct
• 163: Linux cli command vfs_snapper
• 164: Linux cli command tc-u32
• 165: Linux cli command vfs_acl_tdb
• 166: Linux cli command vfs_crossrename
• 167: Linux cli command vfs_glusterfs_fuse
• 168: Linux cli command tc-codel
• 169: Linux cli command systemd-sysusers
• 170: Linux cli command webmitm
• 171: Linux cli command tdbtool
• 172: Linux cli command systemd-tmpfiles-clean.timer
• 173: Linux cli command tcptraceroute
• 174: Linux cli command vdpa
• 175: Linux cli command systemd-pstore
• 176: Linux cli command systemd-time-wait-sync
• 177: Linux cli command vfs_streams_depot
• 178: Linux cli command systemd-sysctl
• 179: Linux cli command vipw
• 180: Linux cli command update-dictcommon-hunspell
• 181: Linux cli command tc-bfifo
• 182: Linux cli command vfs_fruit
• 183: Linux cli command wpa_action
• 184: Linux cli command update-initramfs
• 185: Linux cli command systemd-tmpfiles-setup.service
• 186: Linux cli command xtables-monitor
• 187: Linux cli command systemd-sysext
• 188: Linux cli command vfs_catia
• 189: Linux cli command tc-nat
• 190: Linux cli command vfs_full_audit
• 191: Linux cli command systemd-shutdown
• 192: Linux cli command tipc-socket
• 193: Linux cli command vfs_expand_msdfs
• 194: Linux cli command wpa_background
• 195: Linux cli command telinit
• 196: Linux cli command tc-matchall
• 197: Linux cli command tc-fw
• 198: Linux cli command systemd-pcrphase-initrd.service
• 199: Linux cli command update-fonts-alias
• 200: Linux cli command tc-simple
• 201: Linux cli command tipc-bearer
• 202: Linux cli command systemd-tmpfiles-setup-dev.service
• 203: Linux cli command tc-mqprio
• 204: Linux cli command vfs_widelinks
• 205: Linux cli command update-language-dat
• 206: Linux cli command tc-sample
• 207: Linux cli command tipc-nametable
• 208: Linux cli command systemd-remount-fs.service
• 209: Linux cli command tc-bpf
• 210: Linux cli command unmkinitramfs
• 211: Linux cli command systemd-suspend-then-hibernate.service
• 212: Linux cli command update-updmap
• 213: Linux cli command update-tl-stacked-conffile
• 214: Linux cli command updatedb.plocate
• 215: Linux cli command update-ieee-data
• 216: Linux cli command tdbbackup.tdbtools
• 217: Linux cli command systemd-reboot.service
• 218: Linux cli command vfs_xattr_tdb
• 219: Linux cli command vfs_acl_xattr
• 220: Linux cli command systemd-user-sessions
• 221: Linux cli command tc-vlan
• 222: Linux cli command vfs_streams_xattr
• 223: Linux cli command vfs_preopen
• 224: Linux cli command tune2fs
• 225: Linux cli command urlsnarf
• 226: Linux cli command ubinize
• 227: Linux cli command tc-ematch
• 228: Linux cli command systemd-tpm2-generator
• 229: Linux cli command systemd-tmpfiles
• 230: Linux cli command tc-stab
• 231: Linux cli command vfs_cap
• 232: Linux cli command tcptraceroute.db
• 233: Linux cli command tc-skbprio
• 234: Linux cli command update-shells
• 235: Linux cli command vfs_gpfs
• 236: Linux cli command wafw00f
• 237: Linux cli command systemd-update-utmp-runlevel.service
• 238: Linux cli command thc-ipv6
• 239: Linux cli command tipc-link
• 240: Linux cli command systemd-volatile-root
• 241: Linux cli command useradd
• 242: Linux cli command update-default-wordlist
• 243: Linux cli command update-texmf-config
• 244: Linux cli command systemd-quotacheck
• 245: Linux cli command systemd-storagetm
• 246: Linux cli command systemd-timedated.service
• 247: Linux cli command tc-actions
• 248: Linux cli command xtables-legacy-multi
• 249: Linux cli command tc-police
• 250: Linux cli command vfs_ceph_snapshots
• 251: Linux cli command vfs_syncops
• 252: Linux cli command systemd-system-update-generator
• 253: Linux cli command update-texmf
• 254: Linux cli command tc-tunnel_key
• 255: Linux cli command tc-skbedit
• 256: Linux cli command tc-cbs
• 257: Linux cli command tc-basic
• 258: Linux cli command systemd-veritysetup-generator
• 259: Linux cli command systemd-random-seed.service
• 260: Linux cli command systemd-ssh-generator
• 261: Linux cli command systemd-time-wait-sync.service
• 262: Linux cli command unix_update
• 263: Linux cli command tc-ife
• 264: Linux cli command zerofree
• 265: Linux cli command t50
• 266: Linux cli command update-ca-certificates
• 267: Linux cli command systemd-pcrlock-secureboot-policy.service
• 268: Linux cli command systemd-tmpfiles-setup-dev-early.service
• 269: Linux cli command wpa_supplicant
• 270: Linux cli command update-fmtutil
• 271: Linux cli command zramctl
• 272: Linux cli command unshadow
• 273: Linux cli command systemd-volatile-root.service
• 274: Linux cli command wpa_passphrase
• 275: Linux cli command systemd-pcrlock-make-policy.service
• 276: Linux cli command tc-skbmod
• 277: Linux cli command tipc-peer
• 278: Linux cli command userdel
• 279: Linux cli command tc-csum
• 280: Linux cli command vpnc
• 281: Linux cli command vfs_ceph
• 282: Linux cli command tkiptun-ng
• 283: Linux cli command systemd-update-done
• 284: Linux cli command visudo
• 285: Linux cli command systemd-sysext.service
• 286: Linux cli command vfs_shadow_copy
• 287: Linux cli command tipc

1 - Linux cli command systemd-udevd.service

NAME 🖥️ systemd-udevd.service 🖥️

udevd.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket, systemd-udevd - Device event managing daemon

SYNOPSIS

systemd-udevd.service

systemd-udevd-control.socket

systemd-udevd-kernel.socket

/usr/lib/systemd/systemd-udevd [–daemon] [–debug] [–children-max=] [–exec-delay=] [–event-timeout=] [–resolve-names=early|late|never] [–version] [–help]

DESCRIPTION

systemd-udevd listens to kernel uevents. For every event, systemd-udevd executes matching instructions specified in udev rules. See udev(7).

The behavior of the daemon can be configured using udev.conf(5), its command line options, environment variables, and on the kernel command line, or changed dynamically with udevadm control.

OPTIONS

-d, –daemon

Detach and run in the background.

Added in version 186.

-D, –debug

Print debug messages to standard error.

Added in version 186.

-c, –children-max=

Limit the number of events executed in parallel.

Added in version 186.

-e, –exec-delay=

Delay the execution of each RUN{program} parameter by the given number of seconds. This option might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules.

Added in version 186.

-t, –event-timeout=

Set the number of seconds to wait for events to finish. After this time, the event will be terminated. The default is 180 seconds.

Added in version 216.

-s, –timeout-signal=

Set the signal which systemd-udevd will send to forked off processes after reaching event timeout. The setting can be overridden at boot time with the kernel command line option udev.timeout_signal=. Setting to SIGABRT may be helpful in order to debug worker timeouts. Defaults to SIGKILL. Note that setting the option on the command line overrides the setting from the configuration file.

Added in version 246.

-N, –resolve-names=

Specify when systemd-udevd should resolve names of users and groups. When set to early (the default), names will be resolved when the rules are parsed. When set to late, names will be resolved for every event. When set to never, names will never be resolved and all devices will be owned by root.

Added in version 186.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

KERNEL COMMAND LINE

Parameters prefixed with “rd.” will be read when systemd-udevd is used in an initrd, those without will be processed both in the initrd and on the host.

udev.log_level=, rd.udev.log_level=

Set the log level.

Added in version 247.

udev.children_max=, rd.udev.children_max=

Limit the number of events executed in parallel.

Added in version 186.

udev.exec_delay=, rd.udev.exec_delay=

Delay the execution of each RUN{program} parameter by the given number of seconds. This option might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules.

Added in version 186.

udev.event_timeout=, rd.udev.event_timeout=

Wait for events to finish up to the given number of seconds. This option might be useful if events are terminated due to kernel drivers taking too long to initialize.

Added in version 216.

udev.timeout_signal=, rd.udev.timeout_signal=

Specifies a signal that systemd-udevd will send to workers on timeout. Note that kernel command line option overrides both the setting in the configuration file and the one on the program command line.

Added in version 246.

udev.blockdev_read_only, rd.udev.blockdev_read_only

If specified, mark all physical block devices read-only as they appear. Synthetic block devices (such as loopback block devices or device mapper devices) are left as they are. This is useful to guarantee that the contents of physical block devices remains unmodified during runtime, for example to implement fully stateless systems, for testing or for recovery situations where corrupted file systems shall not be corrupted further through accidental modification.

A block device may be marked writable again by issuing the blockdev –setrw command, see blockdev(8) for details.

Added in version 246.

net.ifnames=

Network interfaces are renamed to give them predictable names when possible. It is enabled by default; specifying 0 disables it.

Added in version 199.

net.naming_scheme=

Network interfaces are renamed to give them predictable names when possible (unless net.ifnames=0 is specified, see above). With this kernel command line option it is possible to pick a specific version of this algorithm and override the default chosen at compilation time. Expects one of the naming scheme identifiers listed in systemd.net-naming-scheme(7), or “latest” to select the latest scheme known (to this particular version of systemd-udevd.service).

Note that selecting a specific scheme is not sufficient to fully stabilize interface naming: the naming is generally derived from driver attributes exposed by the kernel. As the kernel is updated, previously missing attributes systemd-udevd.service is checking might appear, which affects older name derivation algorithms, too.

Added in version 240.

net.ifname_policy=policy1[,policy2,…][,MAC]

Specifies naming policies applied when renaming network interfaces. Takes a list of policies and an optional MAC address separated with comma. Each policy value must be one of the policies understood by the NamePolicy= setting in .link files, e.g. “onboard” or “path”. See systemd.link(5) for more details. When the MAC address is specified, the policies are applied to the interface which has the address. When no MAC address is specified, the policies are applied to all interfaces. This kernel command line argument can be specified multiple times.

This argument is not directly read by systemd-udevd, but is instead converted to a .link file by systemd-network-generator.service(8). For this argument to take effect, systemd-network-generator.service must be enabled.

Example:

net.ifname_policy=keep,kernel,path,slot,onboard,01:23:45:67:89:ab net.ifname_policy=keep,kernel,path,slot,onboard,mac

This is mostly equivalent to creating the following .link files:

91-name-policy-with-mac.link

[Match]
MACAddress=01:23:45:67:89:ab

[Link]
NamePolicy=keep kernel path slot onboard
AlternativeNamePolicy=path slot onboard

and

92-name-policy-for-all.link

[Match]
OriginalName=*

[Link]
NamePolicy=keep kernel path slot onboard mac
AlternativeNamePolicy=path slot onboard mac

Added in version 250.

SEE ALSO

udev.conf(5), udev(7), udevadm(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

2 - Linux cli command tdbdump

NAME 🖥️ tdbdump 🖥️

tool for printing the contents of a TDB file

SYNOPSIS

tdbdump [-k keyname] [-e] [-h] {filename}

DESCRIPTION

This tool is part of the samba(1) suite.

tdbdump is a very simple utility that dumps the contents of a TDB (Trivial DataBase) file to standard output in a human-readable format.

This tool can be used when debugging problems with TDB files. It is intended for those who are somewhat familiar with Samba internals.

OPTIONS

-h

Get help information.

-k keyname

The -k option restricts dumping to a single key, if found.

-e

The -e tries to dump out from a corrupt database. Naturally, such a dump is unreliable, at best.

VERSION

This man page is correct for version 3 of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The tdbdump man page was written by Jelmer Vernooij.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

3 - Linux cli command update-passwd

NAME 🖥️ update-passwd 🖥️

passwd - safely update /etc/passwd, /etc/shadow and /etc/group

SYNOPSIS

update-passwd [options]

DESCRIPTION

update-passwd handles updates of /etc/passwd, /etc/shadow and /etc/group on running Debian systems. It compares the current files to master copies, distributed in the base-passwd package, and updates all entries in the global system range (that is, 0–99). It leaves backup copies of the previous versions of modified files with the extension ‘.org’ (for “original”).

OPTIONS

update-passwd follows the usual GNU command line syntax, with long options starting with two dashes (‘-’).

-p, –passwd-master=FILE
Use FILE as the master copy of the passwd database. The default value is /usr/share/base-passwd/passwd.master.

-g, –group-master=FILE
Use FILE as the master copy of the group database. The default value is /usr/share/base-passwd/group.master.

-P, –passwd=FILE
Use FILE as the system passwd database. The default value is /etc/passwd.

-S, –shadow=FILE
Use FILE as the system shadow database. The default value is /etc/shadow.

-G, –group=FILE
Use FILE as the system group database. The default value is /etc/group.

-s, –sanity-check
Only perform sanity-checks but don’t do anything.

-v, –verbose
Give detailed information about what we are doing. A second -v gives additional detail.

-n, –dry-run
Don’t do anything but only show what we would do.

-L, –no-locking
Don’t attempt to lock the account database. This should only be used for debugging purposes. I repeat: do not do this unless you are really sure you need this!

-h, –help
Show a summary of how to use update-passwd.

-V, –version
Show the version number

ENVIRONMENT

DEBIAN_HAS_FRONTEND
If this environment variable is set and the –dry-run flag was not given, update-passwd uses debconf to prompt for whether to make changes. Each proposed change will produce a separate prompt. User or group removals, UID or GID changes, and home directory changes will be asked with high priority. User or group additions and shell changes will be asked with medium priority. Questions about whether to move entries above the NIS compat inclusion entry or whether to change the GECOS of a user are asked at low priority.

BUGS

At this moment update-passwd does not verify the shadow-file. It should check if the entries in the passwd are also in shadow and vice versa, and that passwords are not present in both files.

AUTHOR

Wichert Akkerman <[email protected]>

This program was written for the Debian project, and is copyright 1999–2002 Wichert Akkerman and copyright 2002, 2003 Colin Watson. It is distributed under version 2 of the GNU General Public License.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

4 - Linux cli command vfs_aio_pthread

NAME 🖥️ vfs_aio_pthread 🖥️

implement async open in Samba vfs using a pthread pool

SYNOPSIS

vfs objects = aio_pthread

DESCRIPTION

This VFS module is part of the samba(7) suite.

The aio_pthread VFS module enables asynchronous opens (for new files) with aio_pthread:aio open = yes on platforms which have the pthreads API available, support the openat() syscall and support per thread credentials (modern Linux kernels).

The module makes use of the global thread pool which uses the aio max threads option.

This module MUST be listed last in any module stack as the Samba VFS open interface is not thread-safe. This module makes direct openat() system calls and does NOT call the Samba VFS open interfaces.

EXAMPLES

Straight forward use:

    [cooldata]
	path = /data/ice
	vfs objects = aio_pthread
	aio_pthread:aio open = yes

OPTIONS

aio_pthread:aio open = BOOL

Try async opens for creating new files.

The default is no.

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

5 - Linux cli command systemd-pcrlock-secureboot-authority.service

NAME 🖥️ systemd-pcrlock-secureboot-authority.service 🖥️

pcrlock, systemd-pcrlock-file-system.service, systemd-pcrlock-firmware-code.service, systemd-pcrlock-firmware-config.service, systemd-pcrlock-machine-id.service, systemd-pcrlock-make-policy.service, systemd-pcrlock-secureboot-authority.service, systemd-pcrlock-secureboot-policy.service - Analyze and predict TPM2 PCR states and generate an access policy from the prediction

SYNOPSIS

/usr/lib/systemd/systemd-pcrlock [OPTIONS…]

DESCRIPTION

Note: this command is experimental for now. While it is likely to become a regular component of systemd, it might still change in behaviour and interface.

systemd-pcrlock is a tool that may be used to analyze and predict TPM2 PCR measurements, and generate TPM2 access policies from the prediction which it stores in a TPM2 NV index (i.e. in the TPM2 non-volatile memory). This may then be used to restrict access to TPM2 objects (such as disk encryption keys) to system boot-ups in which only specific, trusted components are used.

systemd-pcrlock uses as input for its analysis and prediction:

·

The UEFI firmware TPM2 event log (i.e. /sys/kernel/security/tpm0/binary_bios_measurements) of the current boot.

·

The userspace TPM2 event log (i.e. /run/log/systemd/tpm2-measure.log) of the current boot.

·

The current PCR state of the TPM2 chip.

·

Boot component definition files (*.pcrlock and *.pcrlock.d/*.pcrlock, see systemd.pcrlock(5)) that each define expected measurements for one component of the boot process, permitting alternative variants for each. (Variants may be used to bless multiple kernel versions or boot loader versions at the same time.)

It uses these inputs to generate a combined event log, validating it against the PCR states. It then attempts to recognize event log records and matches them against the defined components. For each PCR where this can be done comprehensively (i.e. where all listed records and all defined components have been matched) this may then be used to predict future PCR measurements, taking the alternative variants defined for each component into account. This prediction may then be converted into a TPM2 access policy (consisting of TPM2 PolicyPCR and PolicyOR items), which is then stored in an NV index in the TPM2. This may be used to then lock secrets (such as disk encryption keys) to these policies (via a TPM2 PolicyAuthorizeNV policy).

Use tools such as systemd-cryptenroll(1) or systemd-repart(8) to bind disk encryption to such a systemd-pcrlock TPM2 policy. Specifically, see the –tpm2-pcrlock= switches of these tools.

The access policy logic requires a TPM2 device that implements the “PolicyAuthorizeNV” command, i.e. implements TPM 2.0 version 1.38 or newer.

COMMANDS

The following commands are understood:

log

This reads the combined TPM2 event log, validates it, matches it against the current PCR values, and outputs both in tabular form. Combine with –json= to generate output in JSON format.

Added in version 255.

cel

This reads the combined TPM2 event log and writes it to STDOUT in TCG Canonical Event Log Format (CEL-JSON)[1] format.

Added in version 255.

list-components

Shows a list of component definitions and their variants, i.e. the *.pcrlock files discovered in /var/lib/pcrlock.d/, /usr/lib/pcrlock.d/, and the other supported directories. See systemd.pcrlock(5) for details on these files and the full list of directories searched.

Added in version 255.

predict

Predicts the PCR state on future boots. This will analyze the TPM2 event log as described above, recognize components, and then generate all possible resulting PCR values for all combinations of component variants. Note that no prediction is made for PCRs whose value does not match the event log records, for which unrecognized measurements are discovered or for which components are defined that cannot be found in the event log. This is a safety measure to ensure that any generated access policy can be fulfilled correctly on current and future boots.

Added in version 255.

make-policy

This predicts the PCR state for future boots, much like the predict command above. It then uses this data to generate a TPM2 access policy which it stores in a TPM2 NV index. The prediction and information about the used TPM2 and its NV index are written to /var/lib/systemd/pcrlock.json.

The NV index is allocated on first invocation, and updated on subsequent invocations.

The NV index contents may be changed (and thus the policy stored in it updated) by providing an access PIN. This PIN is normally generated automatically and stored in encrypted form (with an access policy binding it to the NV index itself) in the aforementioned JSON policy file. This PIN may be chosen by the user, via the –recovery-pin= switch. If specified it may be used as alternative path of access to update the policy.

If the new prediction matches the old this command terminates quickly and executes no further operation. (Unless –force is specified, see below.)

Starting with v256, a copy of the /var/lib/systemd/pcrlock.json policy file is encoded in a credential (see systemd-creds(1) for details) and written to the EFI System Partition or XBOOTLDR partition, in the /loader/credentials/ subdirectory. There it is picked up at boot by systemd-stub(7) and passed to the invoked initrd, where it can be used to unlock the root file system (which typically contains /var/, which is where the primary copy of the policy is located, which hence cannot be used to unlock the root file system). The credential file is named after the boot entry token of the installation (see bootctl(1)), which is configurable via the –entry-token= switch, see below.

Added in version 255.

remove-policy

Removes a previously generated policy. Deletes the /var/lib/systemd/pcrlock.json file, and deallocates the NV index.

Added in version 255.

lock-firmware-code, unlock-firmware-code

Generates/removes .pcrlock files based on the TPM2 event log of the current boot covering all records for PCRs 0 (“platform-code”) and 2 (“external-code”).

This operation allows locking the boot process to the current version of the firmware of the system and its extension cards. This operation should only be used if the system vendor does not provide suitable pcrlock data ahead of time.

Note that this data only matches the current version of the firmware. If a firmware update is applied this data will be out-of-date and any access policy generated from it will no longer pass. It is thus recommended to invoke unlock-firmware-code before doing a firmware update, followed by make-policy to refresh the policy.

systemd-pcrlock lock-firmware-code is invoked automatically at boot via the systemd-pcrlock-firmware-code.service unit, if enabled. This ensures that an access policy managed by systemd-pcrlock is automatically locked to the new firmware version whenever the policy has been relaxed temporarily, in order to cover for firmware updates, as described above.

The files are only generated from the event log if the event log matches the current TPM2 PCR state.

This writes/removes the files /var/lib/pcrlock.d/250-firmware-code-early.pcrlock.d/generated.pcrlock and /var/lib/pcrlock.d/550-firmware-code-late.pcrlock.d/generated.pcrlock.

Added in version 255.

lock-firmware-config, unlock-firmware-config

This is similar to lock-firmware-code/unlock-firmware-code but locks down the firmware configuration, i.e. PCRs 1 (“platform-config”) and 3 (“external-config”).

This functionality should be used with care as in most scenarios a minor firmware configuration change should not invalidate access policies to TPM2 objects. Also note that some systems measure unstable and unpredictable information (e.g. current CPU voltages, temperatures, as part of SMBIOS data) to these PCRs, which means this form of lockdown cannot be used reliably on such systems. Use this functionality only if the system and hardware is well known and does not suffer by these limitations, for example in virtualized environments.

Use unlock-firmware-config before making firmware configuration changes. If the systemd-pcrlock-firmware-config.service unit is enabled it will automatically generate a pcrlock file from the new measurements.

This writes/removes the files /var/lib/pcrlock.d/250-firmware-config-early.pcrlock.d/generated.pcrlock and /var/lib/pcrlock.d/550-firmware-config-late.pcrlock.d/generated.pcrlock.

Added in version 255.

lock-secureboot-policy, unlock-secureboot-policy

Generates/removes a .pcrlock file based on the SecureBoot policy currently enforced. This looks at the SecureBoot, PK, KEK, db, dbx, dbt, dbr EFI variables and predicts their measurements to PCR 7 (“secure-boot-policy”) on the next boot.

Use unlock-firmware-config before applying SecureBoot policy updates. If the systemd-pcrlock-secureboot-policy.service unit is enabled it will automatically generate a pcrlock file from the policy discovered.

This writes/removes the file /var/lib/pcrlock.d/230-secureboot-policy.pcrlock.d/generated.pcrlock.

Added in version 255.

lock-secureboot-authority, unlock-secureboot-authority

Generates/removes a .pcrlock file based on the SecureBoot authorities used to validate the boot path. SecureBoot authorities are the specific SecureBoot database entries that where used to validate the UEFI PE binaries executed at boot. This looks at the event log of the current boot, and uses relevant measurements on PCR 7 (“secure-boot-policy”).

This writes/removes the file /var/lib/pcrlock.d/620-secureboot-authority.pcrlock.d/generated.pcrlock.

Added in version 255.

lock-gpt [DEVICE], unlock-gpt

Generates/removes a .pcrlock file based on the GPT partition table of the specified disk. If no disk is specified automatically determines the block device backing the root file system. This locks the state of the disk partitioning of the booted medium, which firmware measures to PCR 5 (“boot-loader-config”).

This writes/removes the file /var/lib/pcrlock.d/600-gpt.pcrlock.d/generated.pcrlock.

Added in version 255.

lock-pe [BINARY], unlock-pe

Generates/removes a .pcrlock file based on the specified PE binary. This is useful for predicting measurements the firmware makes to PCR 4 (“boot-loader-code”) if the specified binary is part of the UEFI boot process. Use this on boot loader binaries and suchlike. Use lock-uki (see below) for PE binaries that are unified kernel images (UKIs).

Expects a path to the PE binary as argument. If not specified, reads the binary from STDIN instead.

The pcrlock file to write must be specified via the –pcrlock= switch.

Added in version 255.

lock-uki [UKI], unlock-uki

Generates/removes a .pcrlock file based on the specified UKI PE binary. This is useful for predicting measurements the firmware makes to PCR 4 (“boot-loader-code”), and systemd-stub(7) makes to PCR 11 (“kernel-boot”), if the specified UKI is booted. This is a superset of lock-pe.

Expects a path to the UKI PE binary as argument. If not specified, reads the binary from STDIN instead.

The pcrlock file to write must be specified via the –pcrlock= switch.

Added in version 255.

lock-machine-id, unlock-machine-id

Generates/removes a .pcrlock file based on /etc/machine-id. This is useful for predicting measurements systemd-pcrmachine.service(8) makes to PCR 15 (“system-identity”).

This writes/removes the file /var/lib/pcrlock.d/820-machine-id.pcrlock.

Added in version 255.

lock-file-system [PATH], unlock-file-system [PATH]

Generates/removes a .pcrlock file based on file system identity. This is useful for predicting measurements [email protected](8) makes to PCR 15 (“system-identity”) for the root and /var/ file systems.

This writes/removes the files /var/lib/pcrlock.d/830-root-file-system.pcrlock and /var/lib/pcrlock.d/840-file-system-path.pcrlock.

Added in version 255.

lock-kernel-cmdline [FILE], unlock-kernel-cmdline

Generates/removes a .pcrlock file based on /proc/cmdline (or the specified file if given). This is useful for predicting measurements the Linux kernel makes to PCR 9 (“kernel-initrd”).

This writes/removes the file /var/lib/pcrlock.d/710-kernel-cmdline.pcrlock/generated.pcrlock.

Added in version 255.

lock-kernel-initrd FILE, unlock-kernel-initrd

Generates/removes a .pcrlock file based on a kernel initrd cpio archive. This is useful for predicting measurements the Linux kernel makes to PCR 9 (“kernel-initrd”). Do not use for systemd-stub UKIs, as the initrd is combined dynamically from various sources and hence does not take a single input, like this command.

This writes/removes the file /var/lib/pcrlock.d/720-kernel-initrd.pcrlock/generated.pcrlock.

Added in version 255.

lock-raw [FILE], unlock-raw

Generates/removes a .pcrlock file based on raw binary data. The data is either read from the specified file or from STDIN (if none is specified). This requires that –pcrs= is specified. The generated .pcrlock file is written to the file specified via –pcrlock= or to STDOUT (if none is specified).

Added in version 255.

OPTIONS

The following options are understood:

–raw-description

When displaying the TPM2 event log do not attempt to decode the records to provide a friendly event log description string. Instead, show the binary payload data in escaped form.

Added in version 255.

–pcr=

Specifies the PCR number to use. May be specified more than once to select multiple PCRs.

This is used by lock-raw and lock-pe to select the PCR to lock against.

If used with predict and make-policy this will override which PCRs to include in the prediction and policy. If unspecified this defaults to PCRs 0-5, 7, 11-15. Note that these commands will not include any PCRs in the prediction/policy (even if specified explicitly) if there are measurements in the event log that do not match the current PCR value, or there are unrecognized measurements in the event log, or components define measurements not seen in the event log.

Added in version 255.

–nv-index=

Specifies the NV index to store the policy in. Honoured by make-policy. If not specified the command will automatically pick a free NV index.

Added in version 255.

–components=

Takes a path to read *.pcrlock and *.pcrlock.d/*.pcrlock files from. May be used more than once to specify multiple such directories. If not specified defaults to /etc/pcrlock.d/, /run/pcrlock.d/, /var/lib/pcrlock.d/, /usr/local/pcrlock.d/, /usr/lib/pcrlock.d/.

Added in version 255.

–location=

Takes either a string or a colon-separated pair of strings. Configures up to which point in the sorted list of defined components to analyze/predict PCRs to. Typically, the systemd-pcrlock tool is invoked from a fully booted system after boot-up and before shutdown. This means various components that are defined for shutdown have not been measured yet, and should not be searched for. This option allows one to restrict which components are considered for analysis (taking only components before some point into account, ignoring components after them). The expected string is ordered against the filenames of the components defined. Any components with a lexicographically later name are ignored. This logic applies to the log, predict, and make-policy verbs. If a colon-separated pair of strings are specified then they select which phases of the boot to include in the prediction/policy. The first string defines where the first prediction shall be made, and the second string defines where the last prediction shall be made. All such predictions are then combined into one set.

If used with list-components the selected location range will be highlighted in the component list.

Defaults to “760-:940-”, which means the policies generated by default will basically cover the whole runtime of the OS userspace, from the initrd (as “760-” closely follows 750-enter-initrd.pcrlock) until (and including) the main runtime of the system (as “940-” is closely followed by 950-shutdown.pcrlock). See systemd.pcrlock(5) for a full list of well-known components, that illustrate where this range is placed by default.

Added in version 255.

–recovery-pin=

Takes one of “hide”, “show” or “query”. Defaults to “hide”. Honoured by make-policy. If “query”, will query the user for a PIN to unlock the TPM2 NV index with. If no policy was created before, this PIN is used to protect the newly allocated NV index. If a policy has been created before, the PIN is used to unlock write access to the NV index. If either “hide” or “show” is used, a PIN is automatically generated, and — only in case of “show” — displayed on screen. Regardless if user supplied or automatically generated, it is stored in encrypted form in the policy metadata file. The recovery PIN may be used to regain write access to an NV index in case the access policy became out of date.

Added in version 255.

–pcrlock=

Takes a file system path as argument. If specified overrides where to write the generated pcrlock data to. Honoured by the various lock-* commands. If not specified, a default path is generally used, as documented above.

Added in version 255.

–policy=

Takes a file system path as argument. If specified overrides where to write pcrlock policy metadata to. If not specified defaults to /var/lib/systemd/pcrlock.json.

Added in version 255.

–force

If specified with make-policy, the predicted policy will be written to the NV index even if it is detected to be the same as the previously stored one.

Added in version 255.

–entry-token=

Sets the boot entry token to use for the file name for the pcrlock policy credential in the EFI System Partition or XBOOTLDR partition. See the bootctl(1) option of the same regarding expected values. This switch has an effect on the make-policy command only.

Added in version 256.

**–json=**MODE

Shows output formatted as JSON. Expects one of “short” (for the shortest possible output without any redundant whitespace or line breaks), “pretty” (for a pretty version of the same, with indentation and line breaks) or “off” (to turn off JSON output, the default).

–no-pager

Do not pipe output into a pager.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

EXIT STATUS

On success, 0 is returned, a non-zero failure code otherwise.

SEE ALSO

systemd(1), systemd.pcrlock(5), systemd-cryptenroll(1), [email protected](8), systemd-repart(8), systemd-pcrmachine.service(8), systemd-creds(1), systemd-stub(7), bootctl(1)

NOTES

TCG Canonical Event Log Format (CEL-JSON)

https://trustedcomputinggroup.org/resource/canonical-event-log-format/

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

6 - Linux cli command zdump

NAME 🖥️ zdump 🖥️

timezone dumper

SYNOPSIS

zdump [ option … ] [ timezone … ]

DESCRIPTION

The zdump program prints the current time in each timezone named on the command line.

OPTIONS

version
Output version information and exit.

help
Output short usage message and exit.

i
Output a description of time intervals. For each timezone on the command line, output an interval-format description of the timezone. See “INTERVAL FORMAT” below.

v
Output a verbose description of time intervals. For each timezone on the command line, print the times at the two extreme time values, the times (if present) at and just beyond the boundaries of years that localtime(3) and gmtime(3) can represent, and the times both one second before and exactly at each detected time discontinuity. Each line is followed by **isdst=**D where D is positive, zero, or negative depending on whether the given time is daylight saving time, standard time, or an unknown time type, respectively. Each line is also followed by **gmtoff=**N if the given local time is known to be N seconds east of Greenwich.

V
Like v, except omit output concerning extreme time and year values. This generates output that is easier to compare to that of implementations with different time representations.

c [loyear,]hiyear
Cut off interval output at the given year(s). Cutoff times are computed using the proleptic Gregorian calendar with year 0 and with Universal Time (UT) ignoring leap seconds. Cutoffs are at the start of each year, where the lower-bound timestamp is inclusive and the upper is exclusive; for example, c 1970,2070 selects transitions on or after 1970-01-01 00:00:00 UTC and before 2070-01-01 00:00:00 UTC. The default cutoff is 500,2500.

t [lotime,]hitime
Cut off interval output at the given time(s), given in decimal seconds since 1970-01-01 00:00:00 Coordinated Universal Time (UTC). The timezone determines whether the count includes leap seconds. As with c, the cutoff’s lower bound is inclusive and its upper bound is exclusive.

INTERVAL FORMAT

The interval format is a compact text representation that is intended to be both human- and machine-readable. It consists of an empty line, then a line “TZ=string” where string is a double-quoted string giving the timezone, a second line “ interval” describing the time interval before the first transition if any, and zero or more following lines “date time interval”, one line for each transition time and following interval. Fields are separated by single tabs.

Dates are in yyyy-mm-dd format and times are in 24-hour hh:mm:ss format where hh<24. Times are in local time immediately after the transition. A time interval description consists of a UT offset in signed ±hhmmss format, a time zone abbreviation, and an isdst flag. An abbreviation that equals the UT offset is omitted; other abbreviations are double-quoted strings unless they consist of one or more alphabetic characters. An isdst flag is omitted for standard time, and otherwise is a decimal integer that is unsigned and positive (typically 1) for daylight saving time and negative for unknown.

In times and in UT offsets with absolute value less than 100 hours, the seconds are omitted if they are zero, and the minutes are also omitted if they are also zero. Positive UT offsets are east of Greenwich. The UT offset 00 denotes a UT placeholder in areas where the actual offset is unspecified; by convention, this occurs when the UT offset is zero and the time zone abbreviation begins with “” or is “zzz”.

In double-quoted strings, escape sequences represent unusual characters. The escape sequences are \s for space, and , , , , , , and  with their usual meaning in the C programming language. E.g., the double-quoted string ““CET\s\"” represents the character sequence “CET “.

Here is an example of the output, with the leading empty line omitted. (This example is shown with tab stops set far enough apart so that the tabbed columns line up.)

TZ="Pacific/Honolulu"
-	-	-103126	LMT
1896-01-13	12:01:26	-1030	HST
1933-04-30	03	-0930	HDT	1
1933-05-21	11	-1030	HST
1942-02-09	03	-0930	HWT	1
1945-08-14	13:30	-0930	HPT	1
1945-09-30	01	-1030	HST
1947-06-08	02:30	-10	HST

Here, local time begins 10 hours, 31 minutes and 26 seconds west of UT, and is a standard time abbreviated LMT. Immediately after the first transition, the date is 1896-01-13 and the time is 12:01:26, and the following time interval is 10.5 hours west of UT, a standard time abbreviated HST. Immediately after the second transition, the date is 1933-04-30 and the time is 03:00:00 and the following time interval is 9.5 hours west of UT, is abbreviated HDT, and is daylight saving time. Immediately after the last transition the date is 1947-06-08 and the time is 02:30:00, and the following time interval is 10 hours west of UT, a standard time abbreviated HST.

Here are excerpts from another example:

TZ="Europe/Astrakhan"
-	-	+031212	LMT
1924-04-30	23:47:48	+03
1930-06-21	01	+04
1981-04-01	01	+05		1
1981-09-30	23	+04
...
2014-10-26	01	+03
2016-03-27	03	+04

This time zone is east of UT, so its UT offsets are positive. Also, many of its time zone abbreviations are omitted since they duplicate the text of the UT offset.

LIMITATIONS

Time discontinuities are found by sampling the results returned by localtime(3) at twelve-hour intervals. This works in all real-world cases; one can construct artificial time zones for which this fails.

In the v and V output, “UT” denotes the value returned by gmtime(3), which uses UTC for modern timestamps and some other UT flavor for timestamps that predate the introduction of UTC. No attempt is currently made to have the output use “UTC” for newer and “UT” for older timestamps, partly because the exact date of the introduction of UTC is problematic.

SEE ALSO

tzfile(5), zic(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

7 - Linux cli command systemd-pstore.service

NAME 🖥️ systemd-pstore.service 🖥️

pstore.service, systemd-pstore - A service to archive contents of pstore

SYNOPSIS

/usr/lib/systemd/systemd-pstore

systemd-pstore.service

DESCRIPTION

systemd-pstore.service is a system service that archives the contents of the Linux persistent storage filesystem, pstore, to other storage, thus preserving the existing information contained in the pstore, and clearing pstore storage for future error events.

Linux provides a persistent storage file system, pstore, that can store error records when the kernel dies (or reboots or powers-off). These records in turn can be referenced to debug kernel problems (currently the kernel stores the tail of the kernel log, which also contains a stack backtrace, into pstore).

The pstore file system supports a variety of backends that map onto persistent storage, such as the ACPI ERST and UEFI variables. The pstore backends typically offer a relatively small amount of persistent storage, e.g. 64KiB, which can quickly fill up and thus prevent subsequent kernel crashes from recording errors. Thus there is a need to monitor and extract the pstore contents so that future kernel problems can also record information in the pstore.

The pstore service is independent of the kdump service. In cloud environments specifically, host and guest filesystems are on remote filesystems (e.g. iSCSI or NFS), thus kdump relies (implicitly and/or explicitly) upon proper operation of networking software *and* hardware *and* infrastructure. Thus it may not be possible to capture a kernel coredump to a file since writes over the network may not be possible.

The pstore backend, on the other hand, is completely local and provides a path to store error records which will survive a reboot and aid in post-mortem debugging.

The systemd-pstore executable does the actual work. Upon starting, the pstore.conf file is read and the /sys/fs/pstore/ directory contents are processed according to the options. Pstore files are written to the journal, and optionally saved into /var/lib/systemd/pstore/.

CONFIGURATION

The behavior of systemd-pstore is configured through the configuration file /etc/systemd/pstore.conf and corresponding snippets /etc/systemd/pstore.conf.d/*.conf, see pstore.conf(5).

Disabling pstore processing

To disable pstore processing by systemd-pstore, set

Storage=none

in pstore.conf(5).

Kernel parameters

The kernel has two parameters, /sys/module/kernel/parameters/crash_kexec_post_notifiers and /sys/module/printk/parameters/always_kmsg_dump, that control writes into pstore. The first enables storing of the kernel log (including stack trace) into pstore upon a panic or crash, and the second enables storing of the kernel log upon a normal shutdown (shutdown, reboot, halt). These parameters can be managed via the tmpfiles.d(5) mechanism, specifically the file /usr/lib/tmpfiles/systemd-pstore.conf.

USAGE

Data stored in the journal can be viewed with journalctl(1) as usual.

SEE ALSO

pstore.conf(5)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

8 - Linux cli command tc-fq_codel

NAME 🖥️ tc-fq_codel 🖥️

Fair Queuing (FQ) with Controlled Delay (CoDel)

SYNOPSIS

tc qdisc … fq_codel [ limit PACKETS ] [ flows NUMBER ] [ target TIME ] [ interval TIME ] [ quantum BYTES ] [ ecn | noecn ] [ ce_threshold TIME ] [ ce_threshold_selector VALUE/MASK ] [ memory_limit BYTES ]

DESCRIPTION

FQ_Codel (Fair Queuing Controlled Delay) is queuing discipline that combines Fair Queuing with the CoDel AQM scheme. FQ_Codel uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each such flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue.

PARAMETERS

limit

has the same semantics as codel and is the hard limit on the real queue size. When this limit is reached, incoming packets are dropped. Default is 10240 packets.

memory_limit

sets a limit on the total number of bytes that can be queued in this FQ-CoDel instance. The lower of the packet limit of the limit parameter and the memory limit will be enforced. Default is 32 MB.

flows

is the number of flows into which the incoming packets are classified. Due to the stochastic nature of hashing, multiple flows may end up being hashed into the same slot. Newer flows have priority over older ones. This parameter can be set only at load time since memory has to be allocated for the hash table. Default value is 1024.

target

has the same semantics as codel and is the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience. Default value is 5ms.

interval

has the same semantics as codel and is used to ensure that the measured minimum delay does not become too stale. The minimum delay must be experienced in the last epoch of length interval. It should be set on the order of the worst-case RTT through the bottleneck to give endpoints sufficient time to react. Default value is 100ms.

quantum

is the number of bytes used as ‘deficit’ in the fair queuing algorithm. Default is set to 1514 bytes which corresponds to the Ethernet MTU plus the hardware header length of 14 bytes.

ecn | noecn

has the same semantics as codel and can be used to mark packets instead of dropping them. If ecn has been enabled, noecn can be used to turn it off and vice-a-versa. Unlike codel, ecn is turned on by default.

ce_threshold

sets a threshold above which all packets are marked with ECN Congestion Experienced. This is useful for DCTCP-style congestion control algorithms that require marking at very shallow queueing thresholds.

ce_threshold_selector

sets a filter so that the ce_threshold feature is applied to only a subset of the traffic seen by the qdisc. If set, the MASK value will be applied as a bitwise AND to the diffserv/ECN byte of the IP header, and only if the result of this masking equals VALUE, will the ce_threshold logic be applied to the packet.

drop_batch

sets the maximum number of packets to drop when limit or memory_limit is exceeded. Default value is 64.

EXAMPLES

#tc qdisc add dev eth0 root fq_codel
#tc -s qdisc show
qdisc fq_codel 8002: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 428514 bytes 2269 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0

#tc qdisc add dev eth0 root fq_codel limit 2000 target 3ms interval 40ms noecn
#tc -s qdisc show
qdisc fq_codel 8003: dev eth0 root refcnt 2 limit 2000p flows 1024 quantum 1514 target 3.0ms interval 40.0ms Sent 2588985006 bytes 1783629 pkt (dropped 0, overlimits 0 requeues 34869) backlog 0b 0p requeues 34869 maxpacket 65226 drop_overlimit 0 new_flow_count 73 ecn_mark 0 new_flows_len 1 old_flows_len 3

SEE ALSO

tc(8), tc-codel(8), tc-red(8)

AUTHORS

FQ_CoDel was implemented by Eric Dumazet. This manpage was written by Vijay Subramanian. Please report corrections to the Linux Networking mailing list <[email protected]>.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

9 - Linux cli command update-dictcommon-aspell

NAME 🖥️ update-dictcommon-aspell 🖥️

dictcommon-aspell - rebuild aspell database and emacsen stuff

SYNOPSIS

update-dictcommon-aspell

DESCRIPTION

WARNING: Not to be used from the command line unless you know very well what you are doing.

This script, when called from aspell dict package postinst or postrm will rebuild aspell database as well as squirrelmail, jed and emacsen stuff.

SEE ALSO

The dictionaries-common policy

AUTHORS

Rafael Laboissiere, Agustin Martin

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

10 - Linux cli command tc-fq

NAME 🖥️ tc-fq 🖥️

Fair Queue traffic policing

SYNOPSIS

tc qdisc … fq [ limit PACKETS ] [ flow_limit PACKETS ] [ quantum BYTES ] [ initial_quantum BYTES ] [ maxrate RATE ] [ buckets NUMBER ] [ orphan_mask NUMBER ] [ pacing | nopacing ] [ ce_threshold TIME ]

DESCRIPTION

FQ (Fair Queue) is a classless packet scheduler meant to be mostly used for locally generated traffic. It is designed to achieve per flow pacing. FQ does flow separation, and is able to respect pacing requirements set by TCP stack. All packets belonging to a socket are considered as a ‘flow’. For non local packets (router workload), packet hash is used as fallback.

An application can specify a maximum pacing rate using the SO_MAX_PACING_RATE setsockopt call. This packet scheduler adds delay between packets to respect rate limitation set on each socket. Note that after linux-4.20, linux adopted EDT (Earliest Departure Time) and TCP directly sets the appropriate Departure Time for each skb.

Dequeueing happens in a round-robin fashion. A special FIFO queue is reserved for high priority packets ( TC_PRIO_CONTROL priority), such packets are always dequeued first.

FQ is non-work-conserving.

TCP pacing is good for flows having idle times, as the congestion window permits TCP stack to queue a possibly large number of packets. This removes the ‘slow start after idle’ choice, badly hitting large BDP flows and applications delivering chunks of data such as video streams.

PARAMETERS

limit

Hard limit on the real queue size. When this limit is reached, new packets are dropped. If the value is lowered, packets are dropped so that the new limit is met. Default is 10000 packets.

flow_limit

Hard limit on the maximum number of packets queued per flow. Default value is 100.

quantum

The credit per dequeue RR round, i.e. the amount of bytes a flow is allowed to dequeue at once. A larger value means a longer time period before the next flow will be served. Default is 2 * interface MTU bytes.

initial_quantum

The initial sending rate credit, i.e. the amount of bytes a new flow is allowed to dequeue initially. This is specifically meant to allow using IW10 without added delay. Default is 10 * interface MTU, i.e. 15140 for ‘standard’ ethernet.

maxrate

Maximum sending rate of a flow. Default is unlimited. Application specific setting via SO_MAX_PACING_RATE is ignored only if it is larger than this value.

buckets

The size of the hash table used for flow lookups. Each bucket is assigned a red-black tree for efficient collision sorting. Default: 1024.

orphan_mask

For packets not owned by a socket, fq is able to mask a part of skb->hash and reduce number of buckets associated with the traffic. This is a DDOS prevention mechanism, and the default is 1023 (meaning no more than 1024 flows are allocated for these packets)

[no]pacing

Enable or disable flow pacing. Default is enabled.

ce_threshold

sets a threshold above which all packets are marked with ECN Congestion Experienced. This is useful for DCTCP-style congestion control algorithms that require marking at very shallow queueing thresholds.

EXAMPLES

#tc qdisc add dev eth0 root fq ce_threshold 4ms
#tc -s -d qdisc show dev eth0
qdisc fq 8001: dev eth0 root refcnt 2 limit 10000p flow_limit 100p buckets 1024 orphan_mask 1023 quantum 3028b initial_quantum 15140b low_rate_threshold 550Kbit refill_delay 40.0ms ce_threshold 4.0ms Sent 72149092 bytes 48062 pkt (dropped 2176, overlimits 0 requeues 0) backlog 1937920b 1280p requeues 0 flows 34 (inactive 17 throttled 0) gc 0 highprio 0 throttled 0 ce_mark 47622 flows_plimit 2176

SEE ALSO

tc(8), socket(7)

AUTHORS

FQ was written by Eric Dumazet.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

11 - Linux cli command vfs_shadow_copy2

NAME 🖥️ vfs_shadow_copy2 🖥️

Expose snapshots to Windows clients as shadow copies.

SYNOPSIS

vfs objects = shadow_copy2

DESCRIPTION

This VFS module is part of the samba(7) suite.

The vfs_shadow_copy2 VFS module offers a functionality similar to Microsoft Shadow Copy services. When set up properly, this module allows Microsoft Shadow Copy clients to browse through file system snapshots as “shadow copies” on Samba shares.

This is a second implementation of a shadow copy module which has the following additional features (compared to the original shadow_copy(8) module):

1.

There is no need any more to populate your shares root directory with symlinks to the snapshots if the file system stores the snapshots elsewhere. Instead, you can flexibly configure the module where to look for the file system snapshots. This can be very important when you have thousands of shares, or use [homes].

2.

Snapshot directories need not be in one fixed central place but can be located anywhere in the directory tree. This mode helps to support file systems that offer snapshotting of particular subtrees, for example the GPFS independent file sets.

3.

Vanity naming for snapshots: snapshots can be named in any format compatible with str[fp]time conversions.

4.

Timestamps can be represented in localtime rather than UTC.

5.

The inode number of the files can optionally be altered to be different from the original. This fixes the restore button in the Windows GUI to work without a sharing violation when serving from file systems, like GPFS, that return the same device and inode number for the snapshot file and the original.

6.

Shadow copy results are by default sorted before being sent to the client. This is beneficial for filesystems that dont read directories alphabetically (the default unix). Sort ordering can be configured and sorting can be turned off completely if the file system sorts its directory listing.

This module is stackable.

CONFIGURATION

vfs_shadow_copy2 relies on a filesystem snapshot implementation. Many common filesystems have native support for this.

Filesystem snapshots must be available under specially named directories in order to be recognized by vfs_shadow_copy2. These snapshot directory is typically a direct subdirectory of the share roots mountpoint but there are other modes that can be configured with the parameters described in detail below.

The snapshot at a given point in time is expected in a subdirectory of the snapshot directory where the snapshots directory is expected to be a formatted version of the snapshot time. The default format which can be changed with the shadow:format option is @GMT-YYYY.MM.DD-hh.mm.ss, where:

·

YYYY is the 4 digit year

·

MM is the 2 digit month

·

DD is the 2 digit day

·

hh is the 2 digit hour

·

mm is the 2 digit minute

·

ss is the 2 digit second.

The vfs_shadow_copy2 snapshot naming convention can be produced with the following date(1) command:

TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S

OPTIONS

shadow:mountpoint = MOUNTPOINT

With this parameter, one can specify the mount point of the filesystem that contains the share path. Usually this mount point is automatically detected. But for some constellations, in particular tests, it can be convenient to be able to specify it.

Example: shadow:mountpoint = /path/to/filesystem

Default: shadow:mountpoint = NOT SPECIFIED

shadow:snapdir = SNAPDIR

Path to the directory where the file system of the share keeps its snapshots. If an absolute path is specified, it is used as-is. If a relative path is specified, then it is taken relative to the mount point of the filesystem of the share root. (See shadow:mountpoint.)

Note that shadow:snapdirseverywhere depends on this parameter and needs a relative path. Setting an absolute path disables shadow:snapdirseverywhere.

Note that the shadow:crossmountpoints option also requires a relative snapdir. Setting an absolute path disables shadow:crossmountpoints.

Example: shadow:snapdir = /some/absolute/path

Default: shadow:snapdir = .snapshots

shadow:basedir = BASEDIR

The basedir option allows one to specify a directory between the shares mount point and the share root, relative to which the file systems snapshots are taken.

For example, if

·

basedir = mountpoint/rel_basedir

·

share_root = basedir/rel_share_root

·

snapshot_path = mountpoint/snapdir

or snapshot_path = snapdir if snapdir is absolute

then the snapshot of a file = mountpoint/rel_basedir/rel_share_root/rel_file at a time TIME will be found under snapshot_path/FS_GMT_TOKEN(TIME)/rel_share_root/rel_file, where FS_GMT_TOKEN(TIME) is the timestamp string belonging to TIME in the format required by the file system. (See shadow:format.)

The default for the basedir is the mount point of the file system of the share root (see shadow:mountpoint).

Note that the shadow:snapdirseverywhere and shadow:crossmountpoints options are incompatible with shadow:basedir and disable the basedir setting.

shadow:snapsharepath = SNAPSHAREPATH

With this parameter, one can specify the path of the shares root directory in snapshots, relative to the snapshots root directory. It is an alternative method to shadow:basedir, allowing greater control.

For example, if within each snapshot the files of the share have a path/to/share/ prefix, then shadow:snapsharepath can be set to path/to/share.

With this parameter, it is no longer assumed that a snapshot represents an image of the original file system or a portion of it. For example, a system could perform backups of only files contained in shares, and then expose the backup files in a logical structure:

·

share1/

·

share2/

·

…/

Note that the shadow:snapdirseverywhere and the shadow:basedir options are incompatible with shadow:snapsharepath and disable shadow:snapsharepath setting.

Example: shadow:snapsharepath = path/to/share

Default: shadow:snapsharepath = NOT SPECIFIED

shadow:sort = asc/desc

By default, this module sorts the shadow copy data alphabetically before sending it to the client. With this parameter, one can specify the sort order. Possible known values are desc (descending, the default) and asc (ascending). If the file system lists directories alphabetically sorted, one can turn off sorting in this module by specifying any other value.

Example: shadow:sort = asc

Example: shadow:sort = none

Default: shadow:sort = desc

shadow:localtime = yes/no

This is an optional parameter that indicates whether the snapshot names are in UTC/GMT or in local time. If it is disabled then UTC/GMT is expected.

shadow:localtime = no

shadow:format = format specification for snapshot names

This is an optional parameter that specifies the format specification for the naming of snapshots in the file system. The format must be compatible with the conversion specifications recognized by str[fp]time.

Default: shadow:format = “@GMT-%Y.%m.%d-%H.%M.%S”

shadow:sscanf = yes/no

This parameter can be used to specify that the time in format string is given as an unsigned long integer (%lu) rather than a time strptime() can parse. The result must be a unix time_t time.

Default: shadow:sscanf = no

shadow:fixinodes = yes/no

If you enable shadow:fixinodes then this module will modify the apparent inode number of files in the snapshot directories using a hash of the files path. This is needed for snapshot systems where the snapshots have the same device:inode number as the original files (such as happens with GPFS snapshots). If you dont set this option then the restore button in the shadow copy UI will fail with a sharing violation.

Default: shadow:fixinodes = no

shadow:snapdirseverywhere = yes/no

If you enable shadow:snapdirseverywhere then this module will look out for snapshot directories in the current working directory and all parent directories, stopping at the mount point by default. But see shadow:crossmountpoints how to change that behaviour.

An example where this is needed are independent filesets in IBMs GPFS, but other filesystems might support snapshotting only particular subtrees of the filesystem as well.

Note that shadow:snapdirseverywhere depends on shadow:snapdir and needs it to be a relative path. Setting an absolute snapdir path disables shadow:snapdirseverywhere.

Note that this option is incompatible with the shadow:basedir option and removes the shadow:basedir setting by itself.

Example: shadow:snapdirseverywhere = yes

Default: shadow:snapdirseverywhere = no

shadow:crossmountpoints = yes/no

This option is effective in the case of shadow:snapdirseverywhere = yes. Setting this option makes the module not stop at the first mount point encountered when looking for snapdirs, but lets it search potentially all through the path instead.

An example where this is needed are independent filesets in IBMs GPFS, but other filesystems might support snapshotting only particular subtrees of the filesystem as well.

Note that shadow:crossmountpoints depends on shadow:snapdir and needs it to be a relative path. Setting an absolute snapdir path disables shadow:crossmountpoints.

Note that this option is incompatible with the shadow:basedir option and removes the shadow:basedir setting by itself.

Example: shadow:crossmountpoints = yes

Default: shadow:crossmountpoints = no

shadow:snapprefix

With growing number of snapshots file-systems need some mechanism to differentiate one set of snapshots from other, e.g. monthly, weekly, manual, special events, etc. Therefore these file-systems provide different ways to tag snapshots, e.g. provide a configurable way to name snapshots, which is not just based on time. With only shadow:format it is very difficult to filter these snapshots. With this optional parameter, one can specify a variable prefix component for names of the snapshot directories in the file-system. If this parameter is set, together with the shadow:format and shadow:delimiter parameters it determines the possible names of snapshot directories in the file-system. The option only supports Basic Regular Expression (BRE).

shadow:delimiter

This optional parameter is used as a delimiter between shadow:snapprefix and shadow:format. This parameter is used only when shadow:snapprefix is set.

Default: shadow:delimiter = “_GMT”

EXAMPLES

Add shadow copy support to user home directories:

    [homes]
	vfs objects = shadow_copy2
	shadow:snapdir = /data/snapshots
	shadow:basedir = /data/home
	shadow:sort = desc

CAVEATS

This is not a backup, archival, or version control solution.

With Samba or Windows servers, vfs_shadow_copy2 is designed to be an end-user tool only. It does not replace or enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you need version control, implement a version control system.

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

12 - Linux cli command systemd-rfkill.service

NAME 🖥️ systemd-rfkill.service 🖥️

rfkill.service, systemd-rfkill.socket, systemd-rfkill - Load and save the RF kill switch state at boot and change

SYNOPSIS

systemd-rfkill.service

systemd-rfkill.socket

/usr/lib/systemd/systemd-rfkill

DESCRIPTION

systemd-rfkill.service is a service that restores the RF kill switch state at early boot and saves it on each change. On disk, the RF kill switch state is stored in /var/lib/systemd/rfkill/.

KERNEL COMMAND LINE

systemd-rfkill understands the following kernel command line parameter:

systemd.restore_state=

Takes a boolean argument. Defaults to “1”. If “0”, does not restore the rfkill settings on boot. However, settings will still be stored on shutdown.

Added in version 227.

SEE ALSO

systemd(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

13 - Linux cli command tc-mpls

NAME 🖥️ tc-mpls 🖥️

mpls manipulation module

SYNOPSIS

tc … action mpls { POP | PUSH | MODIFY | dec_ttl } [ CONTROL ]

POP := pop protocol MPLS_PROTO

PUSH := { push | mac_push } [ protocol MPLS_PROTO ] [ tc MPLS_TC ] [ ttl MPLS_TTL ] [ bos MPLS_BOS ] label* MPLS_LABEL*

MODIFY := modify [ label MPLS_LABEL ] [ tc MPLS_TC ] [ ttl MPLS_TTL ]

CONTROL := { reclassify | pipe | drop | continue | pass | goto chain CHAIN_INDEX }

DESCRIPTION

The mpls action performs mpls encapsulation or decapsulation on a packet, reflected by the operation modes POP, PUSH, MODIFY and DEC_TTL. The POP mode requires the ethertype of the header that follows the MPLS header (e.g. IPv4 or another MPLS). It will remove the outer MPLS header and replace the ethertype in the MAC header with that passed. The PUSH and MODIFY modes update the current MPLS header information or add a new header. PUSH requires at least an MPLS_LABEL. DEC_TTL requires no arguments and simply subtracts 1 from the MPLS header TTL field.

OPTIONS

pop
Decapsulation mode. Requires the protocol of the next header.

push
Encapsulation mode. Adds the MPLS header between the MAC and the network headers. Requires at least the label option.

mac_push
Encapsulation mode. Adds the MPLS header before the MAC header. Requires at least the label option.

modify
Replace mode. Existing MPLS tag is replaced. label, tc, and ttl are all optional.

dec_ttl
Decrement the TTL field on the outer most MPLS header.

label* MPLS_LABEL*
Specify the MPLS LABEL for the outer MPLS header. MPLS_LABEL is an unsigned 20bit integer, the format is detected automatically (e.g. prefix with ‘0x’ for hexadecimal interpretation, etc.).

protocol* MPLS_PROTO*
Choose the protocol to use. For push actions this must be mpls_uc or mpls_mc (mpls_uc is the default). For pop actions it should be the protocol of the next header. This option cannot be used with modify.

tc* MPLS_TC*
Choose the TC value for the outer MPLS header. Decimal number in range of 0-7. Defaults to 0.

ttl* MPLS_TTL*
Choose the TTL value for the outer MPLS header. Number in range of 0-255. A non-zero default value will be selected if this is not explicitly set.

bos* MPLS_BOS*
Manually configure the bottom of stack bit for an MPLS header push. The default is for TC to automatically set (or unset) the bit based on the next header of the packet.

CONTROL
How to continue after executing this action.

reclassify
Restarts classification by jumping back to the first filter attached to this action’s parent.

pipe
Continue with the next action, this is the default.

drop
Packet will be dropped without running further actions.

continue
Continue classification with next filter in line.

pass
Return to calling qdisc for packet processing. This ends the classification process.

EXAMPLES

The following example encapsulates incoming IP packets on eth0 into MPLS with a label 123 and sends them out eth1:

#tc qdisc add dev eth0 handle ffff: ingress #tc filter add dev eth0 protocol ip parent ffff: flower
action mpls push protocol mpls_uc label 123
action mirred egress redirect dev eth1

In this example, incoming MPLS unicast packets on eth0 are decapsulated and redirected to eth1:

#tc qdisc add dev eth0 handle ffff: ingress #tc filter add dev eth0 protocol mpls_uc parent ffff: flower
action mpls pop protocol ipv4
action mirred egress redirect dev eth1

Here is another example, where incoming Ethernet frames are encapsulated into MPLS with label 123 and TTL 64. Then, an outer Ethernet header is added and the resulting frame is finally sent on eth1:

#tc qdisc add dev eth0 ingress #tc filter add dev eth0 ingress matchall
action mpls mac_push label 123 ttl 64
action vlan push_eth
dst_mac 02:00:00:00:00:02
src_mac 02:00:00:00:00:01
action mirred egress redirect dev eth1

The following example assumes that incoming MPLS packets with label 123 transport Ethernet frames. The outer Ethernet and the MPLS headers are stripped, then the inner Ethernet frame is sent on eth1:

#tc qdisc add dev eth0 ingress #tc filter add dev eth0 ingress protocol mpls_uc
flower mpls_label 123 mpls_bos 1
action vlan pop_eth
action mpls pop protocol teb
action mirred egress redirect dev eth1

SEE ALSO

tc(8), tc-mirred(8), tc-vlan(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

14 - Linux cli command wdctl

NAME 🖥️ wdctl 🖥️

show hardware watchdog status

SYNOPSIS

wdctl [options] [device…]

DESCRIPTION

Show hardware watchdog status. The default device is /dev/watchdog. If more than one device is specified then the output is separated by one blank line.

If the device is already used or user has no permissions to read from the device, then wdctl reads data from sysfs. In this case information about supported features (flags) might be missing.

Note that the number of supported watchdog features is hardware specific.

OPTIONS

-f, –flags list

Print only the specified flags.

-F, –noflags

Do not print information about flags.

-I, –noident

Do not print watchdog identity information.

-n, –noheadings

Do not print a header line for flags table.

-o, –output list

Define the output columns to use in table of watchdog flags. If no output arrangement is specified, then a default set is used. Use –help to get list of all supported columns.

-O, –oneline

Print all wanted information on one line in key=“value” output format.

-p, –setpretimeout seconds

Set the watchdog pre-timeout in seconds. A watchdog pre-timeout is a notification generated by the watchdog before the watchdog reset might occur in the event the watchdog has not been serviced. This notification is handled by the kernel and can be configured to take an action using sysfs or by –setpregovernor.

-g, –setpregovernor governor

Set pre-timeout governor name. For available governors see default wdctl output.

-r, –raw

Use the raw output format.

-s, –settimeout seconds

Set the watchdog timeout in seconds.

-T, –notimeouts

Do not print watchdog timeouts.

-x, –flags-only

Same as -I -T.

-h, –help

Display help text and exit.

-V, –version

Print version and exit.

AUTHORS

REPORTING BUGS

For bug reports, use the issue tracker at <https://github.com/util-linux/util-linux/issues>.

AVAILABILITY

The wdctl command is part of the util-linux package which can be downloaded from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-linux/>.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

15 - Linux cli command tc-sfq

NAME 🖥️ tc-sfq 🖥️

Stochastic Fairness Queueing

SYNOPSIS

tc qdisc … [ divisor hashtablesize ] [ limit packets ] [ perturb seconds ] [ quantum bytes ] [ flows number ] [ depth number ] [ headdrop ] [ redflowlimit bytes ] [ min bytes ] [ max bytes ] [ avpkt bytes ] [ burst packets ] [ probability P ] [ ecn ] [ harddrop ]

DESCRIPTION

Stochastic Fairness Queueing is a classless queueing discipline available for traffic control with the tc(8) command.

SFQ does not shape traffic but only schedules the transmission of packets, based on ‘flows’. The goal is to ensure fairness so that each flow is able to send data in turn, thus preventing any single flow from drowning out the rest.

This may in fact have some effect in mitigating a Denial of Service attempt.

SFQ is work-conserving and therefore always delivers a packet if it has one available.

ALGORITHM

On enqueueing, each packet is assigned to a hash bucket, based on the packets hash value. This hash value is either obtained from an external flow classifier (use tc filter to set them), or a default internal classifier if no external classifier has been configured.

When the internal classifier is used, sfq uses

(i)
Source address

(ii)
Destination address

(iii)
Source and Destination port

If these are available. SFQ knows about ipv4 and ipv6 and also UDP, TCP and ESP. Packets with other protocols are hashed based on the 32bits representation of their destination and source. A flow corresponds mostly to a TCP/IP connection.

Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, sfqs internal hashing algorithm may be perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. After linux-3.3, there is no packet reordering problem, but possible packet drops if rehashing hits one limit (number of flows or packets per flow)

When dequeuing, each hashbucket with data is queried in a round robin fashion.

Before linux-3.3, the compile time maximum length of the SFQ is 128 packets, which can be spread over at most 128 buckets of 1024 available. In case of overflow, tail-drop is performed on the fullest bucket, thus maintaining fairness.

After linux-3.3, maximum length of SFQ is 65535 packets, and divisor limit is 65536. In case of overflow, tail-drop is performed on the fullest bucket, unless headdrop was requested.

PARAMETERS

divisor
Can be used to set a different hash table size, available from kernel 2.6.39 onwards. The specified divisor must be a power of two and cannot be larger than 65536. Default value: 1024.

limit
Upper limit of the SFQ. Can be used to reduce the default length of 127 packets. After linux-3.3, it can be raised.

depth
Limit of packets per flow (after linux-3.3). Default to 127 and can be lowered.

perturb
Interval in seconds for queue algorithm perturbation. Defaults to 0, which means that no perturbation occurs. Do not set too low for each perturbation may cause some packet reordering or losses. Advised value: 60 This value has no effect when external flow classification is used. Its better to increase divisor value to lower risk of hash collisions.

quantum
Amount of bytes a flow is allowed to dequeue during a round of the round robin process. Defaults to the MTU of the interface which is also the advised value and the minimum value.

flows
After linux-3.3, it is possible to change the default limit of flows. Default value is 127

headdrop
Default SFQ behavior is to perform tail-drop of packets from a flow. You can ask a headdrop instead, as this is known to provide a better feedback for TCP flows.

redflowlimit
Configure the optional RED module on top of each SFQ flow. Random Early Detection principle is to perform packet marks or drops in a probabilistic way. (man tc-red for details about RED)

redflowlimit configures the hard limit on the real (not average) queue size per SFQ flow in bytes.

min
Average queue size at which marking becomes a possibility. Defaults to max /3

max
At this average queue size, the marking probability is maximal. Defaults to redflowlimit /4

probability
Maximum probability for marking, specified as a floating point number from 0.0 to 1.0. Default value is 0.02

avpkt
Specified in bytes. Used with burst to determine the time constant for average queue size calculations. Default value is 1000

burst
Used for determining how fast the average queue size is influenced by the real queue size.

Default value is :
(2 * min + max) / (3 * avpkt)

ecn
RED can either ‘mark’ or ‘drop’. Explicit Congestion Notification allows RED to notify remote hosts that their rate exceeds the amount of bandwidth available. Non-ECN capable hosts can only be notified by dropping a packet. If this parameter is specified, packets which indicate that their hosts honor ECN will only be marked and not dropped, unless the queue size hits depth packets.

harddrop
If average flow queue size is above max bytes, this parameter forces a drop instead of ecn marking.

EXAMPLE & USAGE

To attach to device ppp0:

# tc qdisc add dev ppp0 root sfq

Please note that SFQ, like all non-shaping (work-conserving) qdiscs, is only useful if it owns the queue. This is the case when the link speed equals the actually available bandwidth. This holds for regular phone modems, ISDN connections and direct non-switched ethernet links.

Most often, cable modems and DSL devices do not fall into this category. The same holds for when connected to a switch and trying to send data to a congested segment also connected to the switch.

In this case, the effective queue does not reside within Linux and is therefore not available for scheduling.

Embed SFQ in a classful qdisc to make sure it owns the queue.

It is possible to use external classifiers with sfq, for example to hash traffic based only on source/destination ip addresses:

# tc filter add … flow hash keys src,dst perturb 30 divisor 1024

Note that the given divisor should match the one used by sfq. If you have changed the sfq default of 1024, use the same value for the flow hash filter, too.

Example of sfq with optional RED mode :

# tc qdisc add dev eth0 parent 1:1 handle 10: sfq limit 3000 flows 512 divisor 16384 redflowlimit 100000 min 8000 max 60000 probability 0.20 ecn headdrop

SOURCE

o
Paul E. McKenney “Stochastic Fairness Queuing”, IEEE INFOCOMM'90 Proceedings, San Francisco, 1990.

o
Paul E. McKenney “Stochastic Fairness Queuing”, “Interworking: Research and Experience”, v.2, 1991, p.113-131.

o
See also: M. Shreedhar and George Varghese “Efficient Fair Queuing using Deficit Round Robin”, Proc. SIGCOMM 95.

SEE ALSO

tc(8), tc-red(8)

AUTHORS

Alexey N. Kuznetsov, <[email protected]>, Eric Dumazet <[email protected]>.

This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

16 - Linux cli command vfs_btrfs

NAME 🖥️ vfs_btrfs 🖥️

Utilize features provided by the Btrfs filesystem

SYNOPSIS

vfs objects = btrfs

DESCRIPTION

This VFS module is part of the samba(8) suite.

The vfs_btrfs VFS module exposes Btrfs specific features for use by Samba.

Btrfs allows for multiple files to share the same on-disk data through the use cloned ranges. When an SMB client issues a request to copy duplicate data (via FSCTL_SRV_COPYCHUNK), this module maps the request to a Btrfs clone range IOCTL, instead of performing reads and writes required by a traditional copy. Doing so saves storage capacity and greatly reduces disk IO.

This module also exposes Btrfs per-file compression support to SMB clients via the get/set compression fsctls.

Btrfs snapshots can be manipulated by Sambas FSRVP server. Snapshot manipulation using this module is currently considered experimental, and is therefore disabled by default. The vfs_snapper module is instead recommended for this purpose.

This module is stackable.

OPTIONS

btrfs: manipulate snapshots = [yes|no]

When set to yes, experimental support for the creation and deletion of snapshots via corresponding Btrfs IOCTLs will be enabled. The default is no, which means that such requests are passed through to any underlying VFS module.

CONFIGURATION

vfs_btrfs requires that the underlying share path is a Btrfs subvolume.

  [share]
		vfs objects = btrfs
		btrfs: manipulate snapshots = no

To use the experimental snapshot manipulation functionality provided by this module, it must be explicitly enabled, and Sambas FSRVP server must be running.

The vfs_shadow_copy module can be used to expose snapshots created by vfs_btrfs to Windows Explorer as file / directory “previous versions”.

  [global]
		registry shares = yes
		include = registry

		[share]
		vfs objects = btrfs shadow_copy
		btrfs: manipulate snapshots = yes

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

17 - Linux cli command veritysetup

NAME 🖥️ veritysetup 🖥️

manage dm-verity (block level verification) volumes

SYNOPSIS

veritysetup <action> [<options>] <action args>

DESCRIPTION

Veritysetup is used to configure dm-verity managed device-mapper mappings.

Device-mapper verity target provides read-only transparent integrity checking of block devices using kernel crypto API.

The dm-verity devices are always read-only.

BASIC ACTIONS

Veritysetup supports these operations:

FORMAT

format <data_device> <hash_device>

Calculates and permanently stores hash verification data for data_device. Hash area can be located on the same device after data if specified by –hash-offset option.

Note you need to provide root hash string for device verification or activation. Root hash must be trusted.

The data or hash device argument can be block device or file image. If hash device path doesn’t exist, it will be created as file.

<options> can be [–hash, –no-superblock, –format, –data-block-size, –hash-block-size, –data-blocks, –hash-offset, –salt, –uuid, –root-hash-file].

If option –root-hash-file is used, the root hash is stored in hex-encoded text format in <path>.

OPEN

open <data_device> <name> <hash_device> <root_hash>
open <data_device> <name> <hash_device> –root-hash-file <path>
create <name> <data_device> <hash_device> <root_hash> (OBSOLETE syntax)

Creates a mapping with <name> backed by device <data_device> and using <hash_device> for in-kernel verification.

The <root_hash> is a hexadecimal string.

<options> can be [–hash-offset, –no-superblock, –ignore-corruption or –restart-on-corruption, –panic-on-corruption, –ignore-zero-blocks, –check-at-most-once, –root-hash-signature, –root-hash-file, –use-tasklets].

If option –root-hash-file is used, the root hash is read from <path> instead of from the command line parameter. Expects hex-encoded text, without terminating newline.

If option –no-superblock is used, you have to use as the same options as in initial format operation.

VERIFY

verify <data_device> <hash_device> <root_hash>
verify <data_device> <hash_device> –root-hash-file <path>

Verifies data on data_device with use of hash blocks stored on hash_device.

This command performs userspace verification, no kernel device is created.

The <root_hash> is a hexadecimal string.

If option –root-hash-file is used, the root hash is read from <path> instead of from the command line parameter. Expects hex-encoded text, without terminating newline.

<options> can be [–hash-offset, –no-superblock, –root-hash-file].

If option –no-superblock is used, you have to use as the same options as in initial format operation.

CLOSE

close <name>
remove <name> (OBSOLETE syntax)

Removes existing mapping <name>.

<options> can be [–deferred] or [–cancel-deferred].

STATUS

status <name>

Reports status for the active verity mapping <name>.

DUMP

dump <hash_device>

Reports parameters of verity device from on-disk stored superblock.

<options> can be [–hash-offset].

OPTIONS

–batch-mode, -q

Do not ask for confirmation.

–cancel-deferred

Removes a previously configured deferred device removal in close command.

–check-at-most-once

Instruct kernel to verify blocks only the first time they are read from the data device, rather than every time.

WARNING: It provides a reduced level of security because only offline tampering of the data device’s content will be detected, not online tampering. This option is available since Linux kernel version 4.17.

–data-blocks=blocks

Size of data device used in verification. If not specified, the whole device is used.

–data-block-size=bytes

Used block size for the data device. (Note kernel supports only page-size as maximum here.)

–debug

Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by #.

–deferred

Defers device removal in close command until the last user closes it.

–fec-device=fec_device

Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device.

The fec device argument can be block device or file image. For format, if fec device path doesn’t exist, it will be created as file.

Block sizes for data and hash devices must match. Also, if the verity data_device is encrypted the fec_device should be too.

FEC calculation covers data, hash area, and optional foreign metadata stored on the same device with the hash tree (additional space after hash area). Size of this optional additional area protected by FEC is calculated from image sizes, so you must be sure that you use the same images for activation.

If the hash device is in a separate image, metadata covers the whole rest of the image after the hash area.

If hash and FEC device is in the image, metadata ends on the FEC area offset.

–fec-offset=bytes

This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding data.

–fec-roots=num

Number of generator roots. This equals to the number of parity bytes in the encoding data. In RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including).

–format=number

Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is current version.

–hash=hash

Hash algorithm for dm-verity. For default see –help option.

–hash-block-size=bytes

Used block size for the hash device. (Note kernel supports only page-size as maximum here.)

–hash-offset=bytes

Offset of hash area/superblock on hash_device. Value must be aligned to disk sector offset.

–help, -?

Show help text and default parameters.

–ignore-corruption, –restart-on-corruption, –panic-on-corruption

Defines what to do if data integrity problem is detected (data corruption).

Without these options kernel fails the IO operation with I/O error. With –ignore-corruption option the corruption is only logged. With –restart-on-corruption or –panic-on-corruption the kernel is restarted (panicked) immediately. (You have to provide way how to avoid restart loops.)

WARNING: Use these options only for very specific cases. These options are available since Linux kernel version 4.1.

–ignore-zero-blocks

Instruct kernel to not verify blocks that are expected to contain zeroes and always directly return zeroes instead.

WARNING: Use this option only in very specific cases. This option is available since Linux kernel version 4.5.

–no-superblock

Create or use dm-verity without permanent on-disk superblock.

–root-hash-file=FILE

Path to file with stored root hash in hex-encoded text.

–root-hash-signature=FILE

Path to root hash signature file used to verify the root hash (in kernel). This feature requires Linux kernel version 5.4 or more recent.

–salt=hex string

Salt used for format or verification. Format is a hexadecimal string.

–usage

Show short option help.

–use-tasklets

Try to use kernel tasklets in dm-verity driver for performance reasons. This option is available since Linux kernel version 6.0.

–uuid=UUID

Use the provided UUID for format command instead of generating new one.

The UUID must be provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc.

–verbose, -v

Print more information on command execution.

–version, -V

Show the program version.

RETURN CODES

Veritysetup returns 0 on success and a non-zero value on error.

Error codes are: 1 wrong parameters, 2 no permission, 3 out of memory, 4 wrong device specified, 5 device already exists or device is busy.

EXAMPLES

veritysetup –data-blocks=256 format <data_device> <hash_device>

Calculates and stores verification data on hash_device for the first 256 blocks (of block-size). If hash_device does not exist, it is created (as file image).

veritysetup format –root-hash-file <path> <data_device> <hash_device>

Calculates and stores verification data on hash_device for the whole data_device, and store the root hash as hex-encoded text in <path>.

veritysetup –data-blocks=256 –hash-offset=1052672 format <device> <device>

Verification data (hashes) is stored on the same device as data (starting at hash-offset). Hash-offset must be greater than number of blocks in data-area.

veritysetup –data-blocks=256 –hash-offset=1052672 create test-device <device> <device> <root_hash>

Activates the verity device named test-device. Options –data-blocks and –hash-offset are the same as in the format command. The <root_hash> was calculated in format command.

veritysetup –data-blocks=256 –hash-offset=1052672 verify <data_device> <hash_device> <root_hash>

Verifies device without activation (in userspace).

veritysetup –data-blocks=256 –hash-offset=1052672 –root-hash-file <path> verify <data_device> <hash_device>

Verifies device without activation (in userspace). Root hash passed via a file rather than inline.

veritysetup –fec-device=<fec_device> –fec-roots=10 format <data_device> <hash_device>

Calculates and stores verification and encoding data for data_device.

DM-VERITY ON-DISK SPECIFICATION

The on-disk format specification is available at DMVerity <https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity> page.

AUTHORS

The first implementation of veritysetup was written by Chrome OS authors.

This version is based on verification code written by

and rewritten for libcryptsetup by

REPORTING BUGS

Report bugs at

or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.

Please attach output of the failed command with –debug option added.

SEE ALSO

Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>

cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP

Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

18 - Linux cli command upowerd

NAME 🖥️ upowerd 🖥️

UPower Daemon

SYNOPSIS

upowerd [–help]

DESCRIPTION

upowerd provides the org.freedesktop.UPower service on the system message bus. Users or administrators should never need to start this daemon as it will be automatically started by dbus-daemon(1) whenever an application calls into the org.freedesktop.UPower service.

OPTIONS

–help

Show help options.

AUTHOR

Written by David Zeuthen <[email protected]> with a lot of help from many others.

BUGS

Please send bug reports to either the distribution or the DeviceKit mailing list, see http://lists.freedesktop.org/mailman/listinfo/devkit-devel on how to subscribe.

SEE ALSO

UPower(7), upower(1), dbus-daemon(1),

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

19 - Linux cli command systemd-rfkill

NAME 🖥️ systemd-rfkill 🖥️

rfkill.service, systemd-rfkill.socket, systemd-rfkill - Load and save the RF kill switch state at boot and change

SYNOPSIS

systemd-rfkill.service

systemd-rfkill.socket

/usr/lib/systemd/systemd-rfkill

DESCRIPTION

systemd-rfkill.service is a service that restores the RF kill switch state at early boot and saves it on each change. On disk, the RF kill switch state is stored in /var/lib/systemd/rfkill/.

KERNEL COMMAND LINE

systemd-rfkill understands the following kernel command line parameter:

systemd.restore_state=

Takes a boolean argument. Defaults to “1”. If “0”, does not restore the rfkill settings on boot. However, settings will still be stored on shutdown.

Added in version 227.

SEE ALSO

systemd(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

20 - Linux cli command systemd-udevd

NAME 🖥️ systemd-udevd 🖥️

udevd.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket, systemd-udevd - Device event managing daemon

SYNOPSIS

systemd-udevd.service

systemd-udevd-control.socket

systemd-udevd-kernel.socket

/usr/lib/systemd/systemd-udevd [–daemon] [–debug] [–children-max=] [–exec-delay=] [–event-timeout=] [–resolve-names=early|late|never] [–version] [–help]

DESCRIPTION

systemd-udevd listens to kernel uevents. For every event, systemd-udevd executes matching instructions specified in udev rules. See udev(7).

The behavior of the daemon can be configured using udev.conf(5), its command line options, environment variables, and on the kernel command line, or changed dynamically with udevadm control.

OPTIONS

-d, –daemon

Detach and run in the background.

Added in version 186.

-D, –debug

Print debug messages to standard error.

Added in version 186.

-c, –children-max=

Limit the number of events executed in parallel.

Added in version 186.

-e, –exec-delay=

Delay the execution of each RUN{program} parameter by the given number of seconds. This option might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules.

Added in version 186.

-t, –event-timeout=

Set the number of seconds to wait for events to finish. After this time, the event will be terminated. The default is 180 seconds.

Added in version 216.

-s, –timeout-signal=

Set the signal which systemd-udevd will send to forked off processes after reaching event timeout. The setting can be overridden at boot time with the kernel command line option udev.timeout_signal=. Setting to SIGABRT may be helpful in order to debug worker timeouts. Defaults to SIGKILL. Note that setting the option on the command line overrides the setting from the configuration file.

Added in version 246.

-N, –resolve-names=

Specify when systemd-udevd should resolve names of users and groups. When set to early (the default), names will be resolved when the rules are parsed. When set to late, names will be resolved for every event. When set to never, names will never be resolved and all devices will be owned by root.

Added in version 186.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

KERNEL COMMAND LINE

Parameters prefixed with “rd.” will be read when systemd-udevd is used in an initrd, those without will be processed both in the initrd and on the host.

udev.log_level=, rd.udev.log_level=

Set the log level.

Added in version 247.

udev.children_max=, rd.udev.children_max=

Limit the number of events executed in parallel.

Added in version 186.

udev.exec_delay=, rd.udev.exec_delay=

Delay the execution of each RUN{program} parameter by the given number of seconds. This option might be useful when debugging system crashes during coldplug caused by loading non-working kernel modules.

Added in version 186.

udev.event_timeout=, rd.udev.event_timeout=

Wait for events to finish up to the given number of seconds. This option might be useful if events are terminated due to kernel drivers taking too long to initialize.

Added in version 216.

udev.timeout_signal=, rd.udev.timeout_signal=

Specifies a signal that systemd-udevd will send to workers on timeout. Note that kernel command line option overrides both the setting in the configuration file and the one on the program command line.

Added in version 246.

udev.blockdev_read_only, rd.udev.blockdev_read_only

If specified, mark all physical block devices read-only as they appear. Synthetic block devices (such as loopback block devices or device mapper devices) are left as they are. This is useful to guarantee that the contents of physical block devices remains unmodified during runtime, for example to implement fully stateless systems, for testing or for recovery situations where corrupted file systems shall not be corrupted further through accidental modification.

A block device may be marked writable again by issuing the blockdev –setrw command, see blockdev(8) for details.

Added in version 246.

net.ifnames=

Network interfaces are renamed to give them predictable names when possible. It is enabled by default; specifying 0 disables it.

Added in version 199.

net.naming_scheme=

Network interfaces are renamed to give them predictable names when possible (unless net.ifnames=0 is specified, see above). With this kernel command line option it is possible to pick a specific version of this algorithm and override the default chosen at compilation time. Expects one of the naming scheme identifiers listed in systemd.net-naming-scheme(7), or “latest” to select the latest scheme known (to this particular version of systemd-udevd.service).

Note that selecting a specific scheme is not sufficient to fully stabilize interface naming: the naming is generally derived from driver attributes exposed by the kernel. As the kernel is updated, previously missing attributes systemd-udevd.service is checking might appear, which affects older name derivation algorithms, too.

Added in version 240.

net.ifname_policy=policy1[,policy2,…][,MAC]

Specifies naming policies applied when renaming network interfaces. Takes a list of policies and an optional MAC address separated with comma. Each policy value must be one of the policies understood by the NamePolicy= setting in .link files, e.g. “onboard” or “path”. See systemd.link(5) for more details. When the MAC address is specified, the policies are applied to the interface which has the address. When no MAC address is specified, the policies are applied to all interfaces. This kernel command line argument can be specified multiple times.

This argument is not directly read by systemd-udevd, but is instead converted to a .link file by systemd-network-generator.service(8). For this argument to take effect, systemd-network-generator.service must be enabled.

Example:

net.ifname_policy=keep,kernel,path,slot,onboard,01:23:45:67:89:ab net.ifname_policy=keep,kernel,path,slot,onboard,mac

This is mostly equivalent to creating the following .link files:

91-name-policy-with-mac.link

[Match]
MACAddress=01:23:45:67:89:ab

[Link]
NamePolicy=keep kernel path slot onboard
AlternativeNamePolicy=path slot onboard

and

92-name-policy-for-all.link

[Match]
OriginalName=*

[Link]
NamePolicy=keep kernel path slot onboard mac
AlternativeNamePolicy=path slot onboard mac

Added in version 250.

SEE ALSO

udev.conf(5), udev(7), udevadm(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

21 - Linux cli command update-language-lua

NAME 🖥️ update-language-lua 🖥️

language - generate hyphenation configuration for TeX engines

SYNOPSIS

update-language(-dat,-def,-lua) [OPTIONS …]

DESCRIPTION

Generate hyphenation configuration files language.dat, .def, .dat.lua

When called as update-language, all three configurations files are generated. Otherwise only the selected one.

OPTIONS

-c, –conf-file=FILE
file giving additional hyphen specifications

-o, –output-file=FILE file to write the output to

-d, –output-dir=DIR
directory where files are written

–checks
perform sanity checks on the generated config file

-q, –quiet
don’t write anything to the standard output during normal operation

-h, -?, –help
display this help message and exit

–version
output version information and exit

FILES

The default output directory is

/var/lib/texmf/tex/generic/config

The default output files are

for update-language-dat
language.dat

for update-language-def
language.def

for update-language-lua
language.dat.lua

If -o/–output-file is given, it overrides all defaults.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

22 - Linux cli command systemd-sysctl.service

NAME 🖥️ systemd-sysctl.service 🖥️

sysctl.service, systemd-sysctl - Configure kernel parameters at boot

SYNOPSIS

/usr/lib/systemd/systemd-sysctl [OPTIONS…] [CONFIGFILE…]

systemd-sysctl.service

DESCRIPTION

systemd-sysctl.service is an early boot service that configures sysctl(8) kernel parameters by invoking /usr/lib/systemd/systemd-sysctl.

When invoked with no arguments, /usr/lib/systemd/systemd-sysctl applies all directives from configuration files listed in sysctl.d(5). If one or more filenames are passed on the command line, only the directives in these files are applied.

In addition, –prefix= option may be used to limit which sysctl settings are applied.

See sysctl.d(5) for information about the configuration of sysctl settings. After sysctl configuration is changed on disk, it must be written to the files in /proc/sys/ before it takes effect. It is possible to update specific settings, or simply to reload all configuration, see Examples below.

OPTIONS

–prefix=

Only apply rules with the specified prefix.

Added in version 230.

–strict=

Always return non-zero exit code on failure (including invalid sysctl variable name and insufficient permissions), unless the sysctl variable name is prefixed with a “-” character.

Added in version 252.

–cat-config

Copy the contents of config files to standard output. Before each file, the filename is printed as a comment.

–tldr

Copy the contents of config files to standard output. Only the “interesting” parts of the configuration files are printed, comments and empty lines are skipped. Before each file, the filename is printed as a comment.

–no-pager

Do not pipe output into a pager.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

CREDENTIALS

systemd-sysctl supports the service credentials logic as implemented by ImportCredential=/LoadCredential=/SetCredential= (see systemd.exec(5) for details). The following credentials are used when passed in:

sysctl.extra

The contents of this credential may contain additional lines to operate on. The credential contents should follow the same format as any other sysctl.d/ drop-in configuration file. If this credential is passed it is processed after all of the drop-in files read from the file system. The settings configured in the credential hence take precedence over those in the file system.

Added in version 252.

Note that by default the systemd-sysctl.service unit file is set up to inherit the “sysctl.extra” credential from the service manager.

EXAMPLES

Example 1. Reset all sysctl settings

systemctl restart systemd-sysctl

Example 2. View coredump handler configuration

sysctl kernel.core_pattern

kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t %P %I

Example 3. Update coredump handler configuration

/usr/lib/systemd/systemd-sysctl –prefix kernel.core_pattern

This searches all the directories listed in sysctl.d(5) for configuration files and writes /proc/sys/kernel/core_pattern.

Example 4. Update coredump handler configuration according to a specific file

/usr/lib/systemd/systemd-sysctl 50-coredump.conf

This applies all the settings found in 50-coredump.conf. Either /etc/sysctl.d/50-coredump.conf, or /run/sysctl.d/50-coredump.conf, or /usr/lib/sysctl.d/50-coredump.conf will be used, in the order of preference.

See sysctl(8) for various ways to directly apply sysctl settings.

SEE ALSO

systemd(1), sysctl.d(5), sysctl(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

23 - Linux cli command systemd-sysusers.service

NAME 🖥️ systemd-sysusers.service 🖥️

sysusers, systemd-sysusers.service - Allocate system users and groups

SYNOPSIS

systemd-sysusers [OPTIONS…] [CONFIGFILE…]

systemd-sysusers.service

DESCRIPTION

systemd-sysusers creates system users and groups, based on files in the format described in sysusers.d(5).

If invoked with no arguments, directives from the configuration files found in the directories specified by sysusers.d(5). When invoked with positional arguments, if option **–replace=**PATH is specified, arguments specified on the command line are used instead of the configuration file PATH. Otherwise, just the configuration specified by the command line arguments is executed. If the string “-” is specified instead of a filename, the configuration is read from standard input. If the argument is a file name (without any slashes), all configuration directories are searched for a matching file and the file found that has the highest priority is executed. If the argument is a path, that file is used directly without searching the configuration directories for any other matching file.

OPTIONS

The following options are understood:

**–root=**root

Takes a directory path as an argument. All paths will be prefixed with the given alternate root path, including config search paths.

Added in version 215.

**–image=**image

Takes a path to a disk image file or block device node. If specified all operations are applied to file system in the indicated disk image. This is similar to –root= but operates on file systems stored in disk images or block devices. The disk image should either contain just a file system or a set of file systems within a GPT partition table, following the Discoverable Partitions Specification[1]. For further information on supported disk images, see systemd-nspawn(1)s switch of the same name.

Added in version 247.

**–image-policy=**policy

Takes an image policy string as argument, as per systemd.image-policy(7). The policy is enforced when operating on the disk image specified via –image=, see above. If not specified defaults to the “*” policy, i.e. all recognized file systems in the image are used.

**–replace=**PATH

When this option is given, one or more positional arguments must be specified. All configuration files found in the directories listed in sysusers.d(5) will be read, and the configuration given on the command line will be handled instead of and with the same priority as the configuration file PATH.

This option is intended to be used when package installation scripts are running and files belonging to that package are not yet available on disk, so their contents must be given on the command line, but the admin configuration might already exist and should be given higher priority.

Example 1. RPM installation script for radvd

echo u radvd - “radvd daemon” |
systemd-sysusers –replace=/usr/lib/sysusers.d/radvd.conf -

This will create the radvd user as if /usr/lib/sysusers.d/radvd.conf was already on disk. An admin might override the configuration specified on the command line by placing /etc/sysusers.d/radvd.conf or even /etc/sysusers.d/00-overrides.conf.

Note that this is the expanded form, and when used in a package, this would be written using a macro with “radvd” and a file containing the configuration line as arguments.

Added in version 238.

–dry-run

Process the configuration and figure out what entries would be created, but dont actually write anything.

Added in version 250.

–inline

Treat each positional argument as a separate configuration line instead of a file name.

Added in version 238.

–cat-config

Copy the contents of config files to standard output. Before each file, the filename is printed as a comment.

–tldr

Copy the contents of config files to standard output. Only the “interesting” parts of the configuration files are printed, comments and empty lines are skipped. Before each file, the filename is printed as a comment.

–no-pager

Do not pipe output into a pager.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

CREDENTIALS

systemd-sysusers supports the service credentials logic as implemented by ImportCredential=/LoadCredential=/SetCredential= (see systemd.exec(5) for details). The following credentials are used when passed in:

passwd.hashed-password.user

A UNIX hashed password string to use for the specified user, when creating an entry for it. This is particularly useful for the “root” user as it allows provisioning the default root password to use via a unit file drop-in or from a container manager passing in this credential. Note that setting this credential has no effect if the specified user account already exists. This credential is hence primarily useful in first boot scenarios or systems that are fully stateless and come up with an empty /etc/ on every boot.

Added in version 249.

passwd.plaintext-password.user

Similar to “passwd.hashed-password.user” but expect a literal, plaintext password, which is then automatically hashed before used for the user account. If both the hashed and the plaintext credential are specified for the same user the former takes precedence. Its generally recommended to specify the hashed version; however in test environments with weaker requirements on security it might be easier to pass passwords in plaintext instead.

Added in version 249.

passwd.shell.user

Specifies the shell binary to use for the specified account when creating it.

Added in version 249.

sysusers.extra

The contents of this credential may contain additional lines to operate on. The credential contents should follow the same format as any other sysusers.d/ drop-in. If this credential is passed it is processed after all of the drop-in files read from the file system.

Added in version 252.

Note that by default the systemd-sysusers.service unit file is set up to inherit the “passwd.hashed-password.root”, “passwd.plaintext-password.root”, “passwd.shell.root” and “sysusers.extra” credentials from the service manager. Thus, when invoking a container with an unpopulated /etc/ for the first time it is possible to configure the root users password to be “systemd” like this:

systemd-nspawn –image=… –set-credential=passwd.hashed-password.root:$y$j9T$yAuRJu1o5HioZAGDYPU5d.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC …

Note again that the data specified in this credential is consulted only when creating an account for the first time, it may not be used for changing the password or shell of an account that already exists.

Use mkpasswd(1) for generating UNIX password hashes from the command line.

EXIT STATUS

On success, 0 is returned, a non-zero failure code otherwise.

SEE ALSO

systemd(1), sysusers.d(5), Users, Groups, UIDs and GIDs on systemd systems[2], systemd.exec(5), mkpasswd(1)

NOTES

Discoverable Partitions Specification

https://uapi-group.org/specifications/specs/discoverable_partitions_specification

Users, Groups, UIDs and GIDs on systemd systems

https://systemd.io/UIDS-GIDS

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

24 - Linux cli command udevadm

NAME 🖥️ udevadm 🖥️

udev management tool

SYNOPSIS

udevadm [–debug] [–version] [–help]

udevadm info [options] [devpath]

udevadm trigger [options] [devpath]

udevadm settle [options]

udevadm control option

udevadm monitor [options]

udevadm test [options] devpath

udevadm test-builtin [options] command devpath

udevadm verify [options…] [file…]

udevadm wait [options] device|syspath

udevadm lock [options] command

DESCRIPTION

udevadm expects a command and command specific options. It controls the runtime behavior of systemd-udevd, requests kernel events, manages the event queue, and provides simple debugging mechanisms.

OPTIONS

-d, –debug

Print debug messages to standard error. This option is implied in udevadm test and udevadm test-builtin commands.

-h, –help

Print a short help text and exit.

udevadm info [options] [devpath|file|unit]

Query the udev database for device information.

Positional arguments should be used to specify one or more devices. Each one may be a device name (in which case it must start with /dev/), a sys path (in which case it must start with /sys/), or a systemd device unit name (in which case it must end with “.device”, see systemd.device(5)).

-q, **–query=**TYPE

Query the database for the specified type of device data. Valid TYPEs are: name, symlink, path, property, all.

**–property=**NAME

When showing device properties using the –query=property option, limit display to properties specified in the argument. The argument should be a comma-separated list of property names. If not specified, all known properties are shown.

Added in version 250.

–value

When showing device properties using the –query=property option, print only their values, and skip the property name and “=”.

Cannot be used together with -x/–export or -P/–export-prefix.

Added in version 250.

-p, **–path=**DEVPATH

The /sys/ path of the device to query, e.g. [/sys/]/class/block/sda. This option is an alternative to the positional argument with a /sys/ prefix. udevadm info –path=/class/block/sda is equivalent to udevadm info /sys/class/block/sda.

-n, **–name=**FILE

The name of the device node or a symlink to query, e.g. [/dev/]/sda. This option is an alternative to the positional argument with a /dev/ prefix. udevadm info –name=sda is equivalent to udevadm info /dev/sda.

-r, –root

Print absolute paths in name or symlink query.

-a, –attribute-walk

Print all sysfs properties of the specified device that can be used in udev rules to match the specified device. It prints all devices along the chain, up to the root of sysfs that can be used in udev rules.

-t, –tree

Display a sysfs tree. This recursively iterates through the sysfs hierarchy and displays it in a tree structure. If a path is specified only the subtree below and its parent directories are shown. This will show both device and subsystem items.

Added in version 251.

-x, –export

Print output as key/value pairs. Values are enclosed in single quotes. This takes effects only when –query=property or **–device-id-of-file=**FILE is specified.

-P, **–export-prefix=**NAME

Add a prefix to the key name of exported values. This implies –export.

-d, **–device-id-of-file=**FILE

Print major/minor numbers of the underlying device, where the file lives on. If this is specified, all positional arguments are ignored.

-e, –export-db

Export the content of the udev database.

-c, –cleanup-db

Cleanup the udev database.

-w[SECONDS], –wait-for-initialization[=SECONDS]

Wait for device to be initialized. If argument SECONDS is not specified, the default is to wait forever.

Added in version 243.

–subsystem-match[=SUBSYSTEM], –subsystem-nomatch[=SUBSYSTEM]

When used with –export-db, only show devices of or not of the given subsystem respectively.

Added in version 255.

–attr-match[=FILE[=VALUE]], –attr-nomatch[=FILE[=VALUE]]

When used with –export-db, only show devices matching or not matching the given attribute respectively.

Added in version 255.

–property-match[=KEY=VALUE]

When used with –export-db, only show devices matching the given property and value.

Added in version 255.

–tag-match[=TAG]

When used with –export-db, only show devices with the given tag.

Added in version 255.

–sysname-match[=NAME]

When used with –export-db, only show devices with the given “/sys” path.

Added in version 255.

–name-match[=NAME]

When used with –export-db, only show devices with the given name in “/dev”.

Added in version 255.

–parent-match[=NAME]

When used with –export-db, only show devices with the given parent device.

Added in version 255.

–initialized-match, –initialized-nomatch

When used with –export-db, only show devices that are initialized or not initialized respectively.

Added in version 255.

**–json=**MODE

Shows output formatted as JSON. Expects one of “short” (for the shortest possible output without any redundant whitespace or line breaks), “pretty” (for a pretty version of the same, with indentation and line breaks) or “off” (to turn off JSON output, the default).

-h, –help

Print a short help text and exit.

–no-pager

Do not pipe output into a pager.

The generated output shows the current device database entry in a terse format. Each line shown is prefixed with one of the following characters:

Table 1. udevadm info output prefixes

udevadm trigger [options] [devpath|file|unit]

Request device events from the kernel. Primarily used to replay events at system coldplug time.

Takes device specifications as positional arguments. See the description of info above.

-v, –verbose

Print the list of devices which will be triggered.

-n, –dry-run

Do not actually trigger the event.

-q, –quiet

Suppress error logging in triggering events.

Added in version 248.

-t, **–type=**TYPE

Trigger a specific type of devices. Valid types are “all”, “devices”, and “subsystems”. The default value is “devices”.

-c, **–action=**ACTION

Type of event to be triggered. Possible actions are “add”, “remove”, “change”, “move”, “online”, “offline”, “bind”, and “unbind”. Also, the special value “help” can be used to list the possible actions. The default value is “change”.

**–prioritized-subsystem=**SUBSYSTEM[,SUBSYSTEM…]

Takes a comma separated list of subsystems. When triggering events for devices, the devices from the specified subsystems and their parents are triggered first. For example, if –prioritized-subsystem=block,net, then firstly all block devices and their parents are triggered, in the next all network devices and their parents are triggered, and lastly the other devices are triggered. This option can be specified multiple times, and in that case the lists of the subsystems will be merged. That is, –prioritized-subsystem=block –prioritized-subsystem=net is equivalent to –prioritized-subsystem=block,net.

Added in version 251.

-s, **–subsystem-match=**SUBSYSTEM

Trigger events for devices which belong to a matching subsystem. This option supports shell style pattern matching. When this option is specified more than once, then each matching result is ORed, that is, all the devices in each subsystem are triggered.

-S, **–subsystem-nomatch=**SUBSYSTEM

Do not trigger events for devices which belong to a matching subsystem. This option supports shell style pattern matching. When this option is specified more than once, then each matching result is ANDed, that is, devices which do not match all specified subsystems are triggered.

-a, **–attr-match=ATTRIBUTE=**VALUE

Trigger events for devices with a matching sysfs attribute. If a value is specified along with the attribute name, the content of the attribute is matched against the given value using shell style pattern matching. If no value is specified, the existence of the sysfs attribute is checked. When this option is specified multiple times, then each matching result is ANDed, that is, only devices which have all specified attributes are triggered.

-A, **–attr-nomatch=ATTRIBUTE=**VALUE

Do not trigger events for devices with a matching sysfs attribute. If a value is specified along with the attribute name, the content of the attribute is matched against the given value using shell style pattern matching. If no value is specified, the existence of the sysfs attribute is checked. When this option is specified multiple times, then each matching result is ANDed, that is, only devices which have none of the specified attributes are triggered.

-p, **–property-match=PROPERTY=**VALUE

Trigger events for devices with a matching property value. This option supports shell style pattern matching. When this option is specified more than once, then each matching result is ORed, that is, devices which have one of the specified properties are triggered.

-g, **–tag-match=**TAG

Trigger events for devices with a matching tag. When this option is specified multiple times, then each matching result is ANDed, that is, devices which have all specified tags are triggered.

-y, **–sysname-match=**NAME

Trigger events for devices for which the last component (i.e. the filename) of the /sys/ path matches the specified PATH. This option supports shell style pattern matching. When this option is specified more than once, then each matching result is ORed, that is, all devices which have any of the specified NAME are triggered.

**–name-match=**NAME

Trigger events for devices with a matching device path. When this option is specified more than once, then each matching result is ORed, that is, all specified devices are triggered.

Added in version 218.

-b, **–parent-match=**SYSPATH

Trigger events for all children of a given device. When this option is specified more than once, then each matching result is ORed, that is, all children of each specified device are triggered.

–initialized-match, –initialized-nomatch

When –initialized-match is specified, trigger events for devices that are already initialized by systemd-udevd, and skip devices that are not initialized yet.

When –initialized-nomatch is specified, trigger events for devices that are not initialized by systemd-udevd yet, and skip devices that are already initialized.

Typically, it is essential that applications which intend to use such a match, make sure a suitable udev rule is installed that sets at least one property on devices that shall be matched. See also Initialized Devices section below for more details.

Warning

–initialized-nomatch can potentially save a significant amount of time compared to re-triggering all devices in the system and e.g. can be used to optimize boot time. However, this is not safe to be used in a boot sequence in general. Especially, when udev rules for a device depend on its parent devices (e.g. “ATTRS” or “IMPORT{parent}” keys, see udev(7) for more details), the final state of the device becomes easily unstable with this option.

Added in version 251.

-w, –settle

Apart from triggering events, also waits for those events to finish. Note that this is different from calling udevadm settle. udevadm settle waits for all events to finish. This option only waits for events triggered by the same command to finish.

Added in version 238.

–uuid

Trigger the synthetic device events, and associate a randomized UUID with each. These UUIDs are printed to standard output, one line for each event. These UUIDs are included in the uevent environment block (in the “SYNTH_UUID=” property) and may be used to track delivery of the generated events.

Added in version 249.

–wait-daemon[=SECONDS]

Before triggering uevents, wait for systemd-udevd daemon to be initialized. Optionally takes timeout value. Default timeout is 5 seconds. This is equivalent to invoking udevadm control –ping before udevadm trigger.

Added in version 241.

-h, –help

Print a short help text and exit.

In addition, optional positional arguments can be used to specify device names or sys paths. They must start with /dev/ or /sys/ respectively.

udevadm settle [options]

Watches the udev event queue, and exits if all current events are handled.

-t, **–timeout=**SECONDS

Maximum number of seconds to wait for the event queue to become empty. The default value is 120 seconds. A value of 0 will check if the queue is empty and always return immediately. A non-zero value will return an exit code of 0 if queue became empty before timeout was reached, non-zero otherwise.

-E, **–exit-if-exists=**FILE

Stop waiting if file exists.

-h, –help

Print a short help text and exit.

See systemd-udev-settle.service(8) for more information.

udevadm control option

Modify the internal state of the running udev daemon.

-e, –exit

Signal and wait for systemd-udevd to exit. No option except for –timeout can be specified after this option. Note that systemd-udevd.service contains Restart=always and so as a result, this option restarts systemd-udevd. If you want to stop systemd-udevd.service, please use the following:

systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd.service

-l, **–log-level=**value

Set the internal log level of systemd-udevd. Valid values are the numerical syslog priorities or their textual representations: emerg, alert, crit, err, warning, notice, info, and debug.

-s, –stop-exec-queue

Signal systemd-udevd to stop executing new events. Incoming events will be queued.

-S, –start-exec-queue

Signal systemd-udevd to enable the execution of events.

-R, –reload

Signal systemd-udevd to reload the rules files and other databases like the kernel module index. Reloading rules and databases does not apply any changes to already existing devices; the new configuration will only be applied to new events.

-p, **–property=KEY=**value

Set a global property for all events.

-m, **–children-max=**value

Set the maximum number of events, systemd-udevd will handle at the same time. When 0 is specified, then the maximum is determined based on the system resources.

–ping

Send a ping message to systemd-udevd and wait for the reply. This may be useful to check that systemd-udevd daemon is running.

Added in version 241.

-t, **–timeout=**seconds

The maximum number of seconds to wait for a reply from systemd-udevd.

–load-credentials

When specified, the following credentials are used when passed in:

udev.conf.*

These credentials should contain valid udev.conf(5) configuration data. From each matching credential a separate file is created. Example: a passed credential udev.conf.50-foobar will be copied into a configuration file /run/udev/udev.conf.d/50-foobar.conf.

Added in version 256.

udev.rules.*

These credentials should contain valid udev(7) rules. From each matching credential a separate file is created. Example: a passed credential udev.rules.50-foobar will be copied into a configuration file /run/udev/rules.d/50-foobar.rules.

Added in version 256.

Note, this does not imply –reload option. So, if systemd-udevd is already running, please consider to also specify -reload to make the copied udev rules files used by systemd-udevd.

Added in version 256.

-h, –help

Print a short help text and exit.

udevadm monitor [options]

Listens to the kernel uevents and events sent out by a udev rule and prints the devpath of the event to the console. It can be used to analyze the event timing, by comparing the timestamps of the kernel uevent and the udev event.

-k, –kernel

Print the kernel uevents.

-u, –udev

Print the udev event after the rule processing.

-p, –property

Also print the properties of the event.

-s, **–subsystem-match=**string[/string]

Filter kernel uevents and udev events by subsystem[/devtype]. Only events with a matching subsystem value will pass. When this option is specified more than once, then each matching result is ORed, that is, all devices in the specified subsystems are monitored.

-t, **–tag-match=**string

Filter udev events by tag. Only udev events with a given tag attached will pass. When this option is specified more than once, then each matching result is ORed, that is, devices which have one of the specified tags are monitored.

-h, –help

Print a short help text and exit.

udevadm test [options] [devpath|file|unit]

Simulate a udev event run for the given device, and print debug output.

-a, **–action=**ACTION

Type of event to be simulated. Possible actions are “add”, “remove”, “change”, “move”, “online”, “offline”, “bind”, and “unbind”. Also, the special value “help” can be used to list the possible actions. The default value is “add”.

-N, –resolve-names=early|late|never

Specify when udevadm should resolve names of users and groups. When set to early (the default), names will be resolved when the rules are parsed. When set to late, names will be resolved for every event. When set to never, names will never be resolved and all devices will be owned by root.

Added in version 209.

-h, –help

Print a short help text and exit.

udevadm test-builtin [options] command [devpath|file|unit]

Run a built-in command COMMAND for device DEVPATH, and print debug output.

-a, **–action=**ACTION

Type of event to be simulated. Possible actions are “add”, “remove”, “change”, “move”, “online”, “offline”, “bind”, and “unbind”. Also, the special value “help” can be used to list the possible actions. The default value is “add”.

Added in version 250.

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

udevadm verify [options] [file] …

Verify syntactic, semantic, and stylistic correctness of udev rules files.

Positional arguments could be used to specify one or more files to check. If no files are specified, the udev rules are read from the files located in the same udev/rules.d directories that are processed by the udev daemon.

The exit status is 0 if all specified udev rules files are syntactically, semantically, and stylistically correct, and a non-zero error code otherwise.

-N, –resolve-names=early|never

Specify when udevadm should resolve names of users and groups. When set to early (the default), names will be resolved when the rules are parsed. When set to never, names will never be resolved.

Added in version 254.

**–root=**PATH

When looking for udev rules files located in udev/rules.d directories, operate on files underneath the specified root path PATH.

Added in version 254.

–no-summary

Do not show summary.

Added in version 254.

–no-style

Ignore style issues. When specified, even if style issues are found in udev rules files, the exit status is 0 if no syntactic or semantic errors are found.

Added in version 254.

-h, –help

Print a short help text and exit.

udevadm wait [options] [device|syspath] …

Wait for devices or device symlinks being created and initialized by systemd-udevd. Each device path must start with “/dev/” or “/sys/”, e.g. “/dev/sda”, “/dev/disk/by-path/pci-0000:3c:00.0-nvme-1-part1”, “/sys/devices/pci0000:00/0000:00:1f.6/net/eth0”, or “/sys/class/net/eth0”. This can take multiple devices. This may be useful for waiting for devices being processed by systemd-udevd after e.g. partitioning or formatting the devices.

-t, **–timeout=**SECONDS

Maximum number of seconds to wait for the specified devices or device symlinks being created, initialized, or removed. The default value is “infinity”.

Added in version 251.

**–initialized=**BOOL

Check if systemd-udevd initialized devices. Defaults to true. When false, the command only checks if the specified devices exist. Set false to this setting if there is no udev rules for the specified devices, as the devices will never be considered as initialized in that case. See Initialized Devices section below for more details.

Added in version 251.

–removed

When specified, the command wait for devices being removed instead of created or initialized. If this is specified, –initialized= will be ignored.

Added in version 251.

–settle

When specified, also watches the udev event queue, and wait for all queued events being processed by systemd-udevd.

Added in version 251.

-h, –help

Print a short help text and exit.

udevadm lock [options] [command] …

udevadm lock takes an (advisory) exclusive lock on a block device (or all specified devices), as per Locking Block Device Access[1] and invokes a program with the locks taken. When the invoked program exits the locks are automatically released and its return value is propagated as exit code of udevadm lock.

This tool is in particular useful to ensure that systemd-udevd.service(8) does not probe a block device while changes are made to it, for example partitions created or file systems formatted. Note that many tools that interface with block devices natively support taking relevant locks, see for example sfdisk(8)s –lock switch.

The command expects at least one block device specified via –device= or –backing=, and a command line to execute as arguments.

**–device=**DEVICE, -d DEVICE

Takes a path to a device node of the device to lock. This switch may be used multiple times (and in combination with –backing=) in order to lock multiple devices. If a partition block device node is specified the containing “whole” block device is automatically determined and used for the lock, as per the specification. If multiple devices are specified, they are deduplicated, sorted by the major/minor of their device nodes and then locked in order.

This switch must be used at least once, to specify at least one device to lock. (Alternatively, use –backing=, see below.)

Added in version 251.

**–backing=**PATH, -b PATH

If a path to a device node is specified, identical to –device=. However, this switch alternatively accepts a path to a regular file or directory, in which case the block device of the file system the file/directory resides on is automatically determined and used as if it was specified with –device=.

Added in version 251.

**–timeout=**SECS, -t SECS

Specifies how long to wait at most until all locks can be taken. Takes a value in seconds, or in the usual supported time units, see systemd.time(7). If specified as zero the lock is attempted and if not successful the invocation will immediately fail. If passed as “infinity” (the default) the invocation will wait indefinitely until the lock can be acquired. If the lock cannot be taken in the specified time the specified command will not be executed and the invocation will fail.

Added in version 251.

–print, -p

Instead of locking the specified devices and executing a command, just print the device paths that would be locked, and execute no command. This command is useful to determine the “whole” block device in case a partition block device is specified. The devices will be sorted by their device node major number as primary ordering key and the minor number as secondary ordering key (i.e. they are shown in the order theyd be locked). Note that the number of lines printed here can be less than the number of –device= and –backing= switches specified in case these resolve to the same “whole” devices.

Added in version 251.

-h, –help

Print a short help text and exit.

INITIALIZED DEVICES

Initialized devices are those for which at least one udev rule already completed execution – for any action but “remove” — that set a property or other device setting (and thus has an entry in the udev device database). Devices are no longer considered initialized if a “remove” action is seen for them (which removes their entry in the udev device database). Note that devices that have no udev rules are never considered initialized, but might still be announced via the sd-device API (or similar).

EXAMPLE

Example 1. Format a File System

Take a lock on the backing block device while creating a file system, to ensure that systemd-udevd doesnt probe or announce the new superblock before it is comprehensively written:

udevadm lock –device=/dev/sda1 mkfs.ext4 /dev/sda1

Example 2. Format a RAID File System

Similar, but take locks on multiple devices at once:

udevadm lock –device=/dev/sda1 –device=/dev/sdb1 mkfs.btrfs /dev/sda1 /dev/sdb1

Example 3. Copy in a File System

Take a lock on the backing block device while copying in a prepared file system image, to ensure that systemd-udevd doesnt probe or announce the new superblock before it is fully written:

udevadm lock -d /dev/sda1 dd if=fs.raw of=/dev/sda1

SEE ALSO

udev(7), systemd-udevd.service(8)

NOTES

Locking Block Device Access

https://systemd.io/BLOCK_DEVICE_LOCKING

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

25 - Linux cli command systemd-tpm2-setup.service

NAME 🖥️ systemd-tpm2-setup.service 🖥️

tpm2-setup.service, systemd-tpm2-setup-early.service, systemd-tpm2-setup - Set up the TPM2 Storage Root Key (SRK) at boot

SYNOPSIS

systemd-tpm2-setup.service

/usr/lib/systemd/systemd-tpm2-setup

DESCRIPTION

systemd-tpm2-setup.service and systemd-tpm2-setup-early.service are services that generate the Storage Root Key (SRK) if it hasnt been generated yet, and stores it in the TPM.

The services will store the public key of the SRK key pair in a PEM file in /run/systemd/tpm2-srk-public-key.pem and /var/lib/systemd/tpm2-srk-public-key.pem. They will also store it in TPM2B_PUBLIC format in /run/systemd/tpm2-srk-public-key.tpm2_public and /var/lib/systemd/tpm2-srk-public-key.tpm2b_public.

systemd-tpm2-setup-early.service runs very early at boot (possibly in the initrd), and writes the SRK public key to /run/systemd/tpm2-srk-public-key.* (as /var/ is generally not accessible this early yet), while systemd-tpm2-setup.service runs during a later boot phase and saves the public key to /var/lib/systemd/tpm2-srk-public-key.*.

FILES

/run/systemd/tpm2-srk-public-key.pem, /run/systemd/tpm2-srk-public-key.tpm2b_public

The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot.

Added in version 255.

/var/lib/systemd/tpm2-srk-public-key.pem, /var/lib/systemd/tpm2-srk-public-key.tpm2_public

The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once /var/ is available).

Added in version 255.

SEE ALSO

systemd(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

26 - Linux cli command vfs_nfs4acl_xattr

NAME 🖥️ vfs_nfs4acl_xattr 🖥️

Save NTFS-ACLs as NFS4 encoded blobs in extended attributes

SYNOPSIS

vfs objects = nfs4acl_xattr

DESCRIPTION

This VFS module is part of the samba(7) suite.

The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs/xattrs). This enables the full mapping of Windows ACLs on Samba servers.

This module is stackable.

OPTIONS

nfs4:mode = [ simple | special ]

Controls substitution of special IDs (OWNER@ and GROUP@) on NFS4 ACLs. The use of mode simple is recommended. In this mode only non inheriting ACL entries for the file owner and group are mapped to special IDs.

The following MODEs are understood by the module:

·

simple(default) - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.

·

special(deprecated) - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.

nfs4:acedup = [dontcare|reject|ignore|merge]

This parameter configures how Samba handles duplicate ACEs encountered in NFS4 ACLs. They allow creating duplicate ACEs with different bits for same ID, which may confuse the Windows clients.

Following is the behaviour of Samba for different values :

·

dontcare - copy the ACEs as they come

·

reject (deprecated) - stop operation and exit with error on ACL set op

·

ignore (deprecated) - dont include the second matching ACE

·

merge (default) - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE

nfs4:chown = [yes|no]

This parameter allows enabling or disabling the chown supported by the underlying filesystem. This parameter should be enabled with care as it might leave your system insecure.

Some filesystems allow chown as a) giving b) stealing. It is the latter that is considered a risk.

Following is the behaviour of Samba for different values :

·

yes - Enable chown if as supported by the under filesystem

·

no (default) - Disable chown

nfs4acl_xattr:encoding = [nfs|ndr|xdr]

This parameter configures the marshaling format used in the ACL blob and the default extended attribute name used to store the blob.

When set to nfs - fetch and store the NT ACL in NFS 4.0 or 4.1 compatible XDR encoding. By default this uses the extended attribute “system.nfs4_acl”. This setting also disables validate_mode.

When set to ndr (default) - store the NT ACL with POSIX draft NFSv4 compatible NDR encoding. By default this uses the extended attribute “security.nfs4acl_ndr”.

When set to xdr - store the NT ACL in a format similar to NFS 4.1 RFC 5661 in XDR encoding. The main differences to RFC 5661 are the use of ids instead of strings as users and group identifiers and an additional attribute per nfsace4. By default this encoding stores the blob in the extended attribute “security.nfs4acl_xdr”.

nfs4acl_xattr:version = [40|41]

This parameter configures the NFS4 ACL level. Only 41 fully supports mapping NT ACLs and should be used. The default is 41.

nfs4acl_xattr:default acl style = [posix|windows|everyone]

This parameter determines the type of ACL that is synthesized in case a file or directory lacks an ACL extended attribute.

When set to posix, an ACL will be synthesized based on the POSIX mode permissions for user, group and others, with an additional ACE for NT Authority\SYSTEM will full rights.

When set to windows, an ACL is synthesized the same way Windows does it, only including permissions for the owner and NT Authority\SYSTEM.

When set to everyone, an ACL is synthesized giving full permissions to everyone (S-1-1-0).

The default for this option is everyone.

nfs4acl_xattr:xattr_name = STRING

This parameter configures the extended attribute name used to store the marshaled ACL.

The default depends on the setting for nfs4acl_xattr:encoding.

nfs4acl_xattr:nfs4_id_numeric = yes|no (default: no)

This parameter tells the module how the NFS4 server encodes user and group identifiers on the network. With the default setting the module expects identifiers encoded as per the NFS4 RFC as user@domain.

When set to yes, the module expects the identifiers as numeric string.

The default for this optionsno.

nfs4acl_xattr:validate_mode = yes|no

This parameter configures whether the module enforces the POSIX mode is set to 0777 for directories and 0666 for files. If this constrained is not met, the xattr with the ACL blob is discarded.

The default depends on the setting for nfs4acl_xattr:encoding: when set to nfs this setting is disabled by default, otherwise it is enabled.

EXAMPLES

A directory can be exported via Samba using this module as follows:

  [samba_gpfs_share]
      vfs objects = nfs4acl_xattr
      path = /foo/bar

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

27 - Linux cli command unafs

NAME 🖥️ unafs 🖥️

script to warn users about their weak passwords

SYNOPSIS

unafs password-files cell-name

DESCRIPTION

This manual page documents briefly the unafs command, which is part of the john package. This manual page was written for the Debian GNU/Linux distribution because the original program does not have a manual page. john, better known as John the Ripper, is a tool to find weak passwords of users in a server.
The unafs tool gets password hashes out of the binary AFS database, and produces a file usable by John.

SEE ALSO

john(8), mailer(8), unique(8), unshadow(8).

The programs are documented fully by John’s documentation, which should be available in /usr/share/doc/john or other location, depending on your system.

AUTHOR

This manual page was written by Jordi Mallach <[email protected]>, for the Debian GNU/Linux system (but may be used by others).
John the Ripper and mailer were written by Solar Designer <[email protected]>. The complete list of contributors can be found in the CREDITS file in the documentation directory.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

28 - Linux cli command vfs_audit

NAME 🖥️ vfs_audit 🖥️

record selected Samba VFS operations in the system log

SYNOPSIS

vfs objects = audit

DESCRIPTION

This VFS module is part of the samba(7) suite.

The vfs_audit VFS module records selected client operations to the system log using syslog(3).

The following Samba VFS operations are recorded:

connect

disconnect

opendir

mkdir

rmdir

open

close

rename

unlink

chmod

fchmod

This module is stackable.

OPTIONS

audit:facility = FACILITY

Log messages to the named syslog(3) facility.

audit:priority = PRIORITY

Log messages with the named syslog(3) priority.

EXAMPLES

Log operations on all shares using the LOCAL1 facility and NOTICE priority:

    [global]
	vfs objects = audit
	audit:facility = LOCAL1
	audit:priority = NOTICE

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

29 - Linux cli command tc-htb

NAME 🖥️ tc-htb 🖥️

Hierarchy Token Bucket

SYNOPSIS

tc qdisc … dev dev ( parent classid | root) [ handle major: ] htb [ default minor-id ] [ r2q divisor ] [ offload ]

tc class … dev dev parent major:[minor] [ classid major:minor ] htb rate rate [ ceil rate ] burst bytes [ cburst bytes ] [ prio priority ] [ quantum bytes ]

DESCRIPTION

HTB allows control of the outbound bandwidth on a given link. It allows simulating several slower links and to send different kinds of traffic on different simulated links. In both cases, you have to specify how to divide the physical link into simulated links and how to decide which simulated link to use for a given packet to be sent.

HTB shapes traffic based on the Token Bucket Filter algorithm which does not depend on interface characteristics and so does not need to know the underlying bandwidth of the outgoing interface.

SHAPING ALGORITHM

Shaping works as documented in tc-tbf (8).

CLASSIFICATION

Within the one HTB instance many classes may exist. Each of these classes contains another qdisc, by default tc-pfifo(8).

When enqueueing a packet, HTB starts at the root and uses various methods to determine which class should receive the data.

In the absence of uncommon configuration options, the process is rather easy. At each node we look for an instruction, and then go to the class the instruction refers us to. If the class found is a barren leaf-node (without children), we enqueue the packet there. If it is not yet a leaf node, we do the whole thing over again starting from that node.

The following actions are performed, in order at each node we visit, until one sends us to another node, or terminates the process.

(i)
Consult filters attached to the class. If sent to a leafnode, we are done. Otherwise, restart.

(ii)
If none of the above returned with an instruction, enqueue at this node.

This algorithm makes sure that a packet always ends up somewhere, even while you are busy building your configuration.

LINK SHARING ALGORITHM

FIXME

QDISC

The root of a HTB qdisc class tree has the following parameters:

parent major:minor | root
This mandatory parameter determines the place of the HTB instance, either at the root of an interface or within an existing class.

handle major:
Like all other qdiscs, the HTB can be assigned a handle. Should consist only of a major number, followed by a colon. Optional, but very useful if classes will be generated within this qdisc.

default minor-id
Unclassified traffic gets sent to the class with this minor-id.

r2q divisor
Divisor used to calculate quantum values for classes. Classes divide rate by this number. Default value is 10.

offload
Offload the HTB algorithm to hardware (requires driver and device support).

CLASSES

Classes have a host of parameters to configure their operation.

parent major:minor
Place of this class within the hierarchy. If attached directly to a qdisc and not to another class, minor can be omitted. Mandatory.

classid major:minor
Like qdiscs, classes can be named. The major number must be equal to the major number of the qdisc to which it belongs. Optional, but needed if this class is going to have children.

prio priority
In the round-robin process, classes with the lowest priority field are tried for packets first.

rate rate
Maximum rate this class and all its children are guaranteed. Mandatory.

ceil rate
Maximum rate at which a class can send, if its parent has bandwidth to spare. Defaults to the configured rate, which implies no borrowing

burst bytes
Amount of bytes that can be burst at ceil speed, in excess of the configured rate. Should be at least as high as the highest burst of all children.

cburst bytes
Amount of bytes that can be burst at ‘infinite’ speed, in other words, as fast as the interface can transmit them. For perfect evening out, should be equal to at most one average packet. Should be at least as high as the highest cburst of all children.

quantum bytes
Number of bytes to serve from this class before the scheduler moves to the next class. Default value is rate divided by the qdisc r2q parameter. If specified, r2q is ignored.

NOTES

Due to Unix timing constraints, the maximum ceil rate is not infinite and may in fact be quite low. On Intel, there are 100 timer events per second, the maximum rate is that rate at which ‘burst’ bytes are sent each timer tick. From this, the minimum burst size for a specified rate can be calculated. For i386, a 10mbit rate requires a 12 kilobyte burst as 100*12kb*8 equals 10mbit.

SEE ALSO

tc(8)

HTB website: http://luxik.cdi.cz/~devik/qos/htb/

AUTHOR

Martin Devera <[email protected]>. This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

30 - Linux cli command systemd-update-done.service

NAME 🖥️ systemd-update-done.service 🖥️

update-done.service, systemd-update-done - Mark /etc/ and /var/ fully updated

SYNOPSIS

systemd-update-done.service

/usr/lib/systemd/systemd-update-done

DESCRIPTION

systemd-update-done.service is a service that is invoked as part of the first boot after the vendor operating system resources in /usr/ have been updated. This is useful to implement offline updates of /usr/ which might require updates to /etc/ or /var/ on the following boot.

systemd-update-done.service updates the file modification time (mtime) of the stamp files /etc/.updated and /var/.updated to the modification time of the /usr/ directory, unless the stamp files are already newer.

Services that shall run after offline upgrades of /usr/ should order themselves before systemd-update-done.service, and use the ConditionNeedsUpdate= (see systemd.unit(5)) condition to make sure to run when /etc/ or /var/ are older than /usr/ according to the modification times of the files described above. This requires that updates to /usr/ are always followed by an update of the modification time of /usr/, for example by invoking touch(1) on it.

Note that if the systemd.condition_needs_update= kernel command line option is used it overrides the ConditionNeedsUpdate= unit condition checks. In that case systemd-update-done.service will not reset the condition state until a follow-up reboot where the kernel switch is not specified anymore.

SEE ALSO

systemd(1), systemd.unit(5), touch(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

31 - Linux cli command systemd-run-generator

NAME 🖥️ systemd-run-generator 🖥️

run-generator - Generator for invoking commands specified on the kernel command line as system service

SYNOPSIS

/usr/lib/systemd/system-generators/systemd-run-generator

DESCRIPTION

systemd-run-generator is a generator that reads the kernel command line and understands three options:

If the systemd.run= option is specified and followed by a command line, a unit named kernel-command-line.service is generated for it and booted into. The service has Type=oneshot set, and has SuccessAction=exit and FailureAction=exit configured by default, thus ensuring that the system is shut down as soon as the command completes. The exit status of the command line is propagated to the invoking container manager, if this applies (which might propagate this further, to the calling shell — e.g. systemd-nspawn(7) does this). If this option is used multiple times the unit file will contain multiple ExecStart= lines, to execute all commands in order. The command is started as regular service, i.e. with DefaultDependencies= on.

Use systemd.run_success_action= and systemd.run_failure_action= to tweak how to react to the process completing. In particular assigning “none” will leave the system running after the command completes. For further details on supported arguments, see systemd.unit(5).

systemd-run-generator implements systemd.generator(7).

EXAMPLE

Use a command like the following to add a user to the user database inside a container run with systemd-nspawn(7):

systemd-nspawn -D mycontainer -b systemd.run=“adduser test”

(Note the requirement for double quoting in the command line above. The first level of quoting () is processed and removed by the command shell used to invoke systemd-nspawn. The second level of quoting ("") is propagated to the kernel command line of the container and processed and removed by systemd-run-generator. Both together make sure both words of the specified command line adduser test end up in the generated unit file together and are neither split apart by the command shell nor by the generator.)

SEE ALSO

systemd(1), systemctl(1), kernel-command-line(7), systemd-nspawn(7), systemd.unit(5), systemd.service(5)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

32 - Linux cli command xtables-nft-multi

NAME 🖥️ xtables-nft-multi 🖥️

nft — iptables using nftables kernel api

DESCRIPTION

xtables-nft are versions of iptables that use the nftables API. This is a set of tools to help the system administrator migrate the ruleset from iptables(8), ip6tables(8), arptables(8), and ebtables(8) to nftables(8).

The xtables-nft set is composed of several commands:

• iptables-nft

• iptables-nft-save

• iptables-nft-restore

• ip6tables-nft

• ip6tables-nft-save

• ip6tables-nft-restore

• arptables-nft

• ebtables-nft

These tools use the libxtables framework extensions and hook to the nf_tables kernel subsystem using the nft_compat module.

USAGE

The xtables-nft tools allow you to manage the nf_tables backend using the native syntax of iptables(8), ip6tables(8), arptables(8), and ebtables(8).

You should use the xtables-nft tools exactly the same way as you would use the corresponding original tools.

Adding a rule will result in that rule being added to the nf_tables kernel subsystem instead. Listing the ruleset will use the nf_tables backend as well.

When these tools were designed, the main idea was to replace each legacy binary with a symlink to the xtables-nft program, for example:

	/sbin/iptables -> /usr/sbin/iptables-nft-multi
	/sbin/ip6tables -> /usr/sbin/ip6tables-nft-multi
	/sbin/arptables -> /usr/sbin/arptables-nft-multi
	/sbin/ebtables -> /usr/sbin/ebtables-nft-multi

The iptables version string will indicate whether the legacy API (get/setsockopt) or the new nf_tables api is used:

	iptables -V
	iptables v1.7 (nf_tables)

DIFFERENCES TO LEGACY IPTABLES

Because the xtables-nft tools use the nf_tables kernel API, rule additions and deletions are always atomic. Unlike iptables-legacy, iptables-nft -A .. will NOT need to retrieve the current ruleset from the kernel, change it, and re-load the altered ruleset. Instead, iptables-nft will tell the kernel to add one rule. For this reason, the iptables-legacy –wait option is a no-op in iptables-nft.

Use of the xtables-nft tools allow monitoring ruleset changes using the xtables-monitor(8) command.

When using -j TRACE to debug packet traversal to the ruleset, note that you will need to use xtables-monitor(8) in –trace mode to obtain monitoring trace events.

EXAMPLES

One basic example is creating the skeleton ruleset in nf_tables from the xtables-nft tools, in a fresh machine:

	root@machine:~# iptables-nft -L
	[...]
	root@machine:~# ip6tables-nft -L
	[...]
	root@machine:~# arptables-nft -L
	[...]
	root@machine:~# ebtables-nft -L
	[...]
	root@machine:~# nft list ruleset
	table ip filter {
		chain INPUT {
			type filter hook input priority 0; policy accept;
		}

		chain FORWARD {
			type filter hook forward priority 0; policy accept;
		}

		chain OUTPUT {
			type filter hook output priority 0; policy accept;
		}
	}
	table ip6 filter {
		chain INPUT {
			type filter hook input priority 0; policy accept;
		}

		chain FORWARD {
			type filter hook forward priority 0; policy accept;
		}

		chain OUTPUT {
			type filter hook output priority 0; policy accept;
		}
	}
	table bridge filter {
		chain INPUT {
			type filter hook input priority -200; policy accept;
		}

		chain FORWARD {
			type filter hook forward priority -200; policy accept;
		}

		chain OUTPUT {
			type filter hook output priority -200; policy accept;
		}
	}
	table arp filter {
		chain INPUT {
			type filter hook input priority 0; policy accept;
		}

		chain FORWARD {
			type filter hook forward priority 0; policy accept;
		}

		chain OUTPUT {
			type filter hook output priority 0; policy accept;
		}
	}

(please note that in fresh machines, listing the ruleset for the first time results in all tables an chain being created).

To migrate your complete filter ruleset, in the case of iptables(8), you would use:

	root@machine:~# iptables-legacy-save > myruleset # reads from x_tables
	root@machine:~# iptables-nft-restore myruleset   # writes to nf_tables

or

	root@machine:~# iptables-legacy-save | iptables-translate-restore | less

to see how rules would look like in the nft nft(8) syntax.

LIMITATIONS

You should use Linux kernel >= 4.17.

The CLUSTERIP target is not supported.

To get up-to-date information about this, please head to http://wiki.nftables.org/.

SEE ALSO

nft(8), xtables-translate(8), xtables-monitor(8)

AUTHORS

The nftables framework is written by the Netfilter project (https://www.netfilter.org).

This manual page was written by Arturo Borrero Gonzalez <[email protected]> for the Debian project, but may be used by others.

This documentation is free/libre under the terms of the GPLv2+.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

33 - Linux cli command systemd-sleep

NAME 🖥️ systemd-sleep 🖥️

suspend.service, systemd-hibernate.service, systemd-hybrid-sleep.service, systemd-suspend-then-hibernate.service, systemd-sleep - System sleep state logic

SYNOPSIS

systemd-suspend.service

systemd-hibernate.service

systemd-hybrid-sleep.service

systemd-suspend-then-hibernate.service

/usr/lib/systemd/system-sleep

DESCRIPTION

systemd-suspend.service is a system service that is pulled in by suspend.target and is responsible for the actual system suspend. Similarly, systemd-hibernate.service is pulled in by hibernate.target to execute the actual hibernation. Finally, systemd-hybrid-sleep.service is pulled in by hybrid-sleep.target to execute hybrid hibernation with system suspend and pulled in by suspend-then-hibernate.target to execute system suspend with a timeout that will activate hibernate later.

Immediately before entering system suspend and/or hibernation systemd-suspend.service (and the other mentioned units, respectively) will run all executables in /usr/lib/systemd/system-sleep/ and pass two arguments to them. The first argument will be “pre”, the second either “suspend”, “hibernate”, “hybrid-sleep”, or “suspend-then-hibernate” depending on the chosen action. An environment variable called “SYSTEMD_SLEEP_ACTION” will be set and contain the sleep action that is processing. This is primarily helpful for “suspend-then-hibernate” where the value of the variable will be “suspend”, “hibernate”, or “suspend-after-failed-hibernate” in cases where hibernation has failed. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now “post”. All executables in this directory are executed in parallel, and execution of the action is not continued until all executables have finished. Note that user.slice will be frozen while the executables are running, so they should not attempt to communicate with any user services expecting a reply.

Note that scripts or binaries dropped in /usr/lib/systemd/system-sleep/ are intended for local use only and should be considered hacks. If applications want to react to system suspend/hibernation and resume, they should rather use the Inhibitor Locks[1].

Note that systemd-suspend.service, systemd-hibernate.service, systemd-hybrid-sleep.service, and systemd-suspend-then-hibernate.service should never be executed directly. Instead, trigger system sleep with a command such as systemctl suspend or systemctl hibernate.

Internally, this service will echo a string like “mem” into /sys/power/state, to trigger the actual system suspend. What exactly is written where can be configured in the [Sleep] section of /etc/systemd/sleep.conf or a sleep.conf.d file. See systemd-sleep.conf(5).

Note that by default these services freeze user.slice while they run. This prevents the execution of any process in any of the user sessions while the system is entering into and resuming from sleep. Thus, this prevents the hooks in /usr/lib/systemd/system-sleep/, or any other process for that matter, from communicating with any user session process during sleep.

OPTIONS

systemd-sleep understands the following commands:

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

suspend, hibernate, suspend-then-hibernate, hybrid-sleep

Suspend, hibernate, suspend then hibernate, or put the system to hybrid sleep.

Added in version 203.

SEE ALSO

systemd-sleep.conf(5), systemd(1), systemctl(1), systemd.special(7), systemd-halt.service(8)

NOTES

Inhibitor Locks

https://systemd.io/INHIBITOR_LOCKS

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

34 - Linux cli command systemd-update-utmp

NAME 🖥️ systemd-update-utmp 🖥️

update-utmp.service, systemd-update-utmp-runlevel.service, systemd-update-utmp - Write audit and utmp updates at bootup, runlevel changes and shutdown

SYNOPSIS

systemd-update-utmp.service

systemd-update-utmp-runlevel.service

/usr/lib/systemd/systemd-update-utmp

DESCRIPTION

systemd-update-utmp-runlevel.service is a service that writes SysV runlevel changes to utmp and wtmp, as well as the audit logs, as they occur. systemd-update-utmp.service does the same for system reboots and shutdown requests.

SEE ALSO

systemd(1), utmp(5), auditd(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

35 - Linux cli command systemd-rfkill.socket

NAME 🖥️ systemd-rfkill.socket 🖥️

rfkill.service, systemd-rfkill.socket, systemd-rfkill - Load and save the RF kill switch state at boot and change

SYNOPSIS

systemd-rfkill.service

systemd-rfkill.socket

/usr/lib/systemd/systemd-rfkill

DESCRIPTION

systemd-rfkill.service is a service that restores the RF kill switch state at early boot and saves it on each change. On disk, the RF kill switch state is stored in /var/lib/systemd/rfkill/.

KERNEL COMMAND LINE

systemd-rfkill understands the following kernel command line parameter:

systemd.restore_state=

Takes a boolean argument. Defaults to “1”. If “0”, does not restore the rfkill settings on boot. However, settings will still be stored on shutdown.

Added in version 227.

SEE ALSO

systemd(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

36 - Linux cli command tc-red

NAME 🖥️ tc-red 🖥️

Random Early Detection

SYNOPSIS

tc qdisc … red limit bytes [ min bytes ] [ max bytes ] avpkt bytes [ burst packets ] [ ecn ] [ harddrop ] [ nodrop ] [ bandwidth rate ] [ probability chance ] [ adaptive ] [ qevent early_drop block index ] [ qevent mark block index ]

DESCRIPTION

Random Early Detection is a classless qdisc which manages its queue size smartly. Regular queues simply drop packets from the tail when they are full, which may not be the optimal behaviour. RED also performs tail drop, but does so in a more gradual way.

Once the queue hits a certain average length, packets enqueued have a configurable chance of being marked (which may mean dropped). This chance increases linearly up to a point called the max average queue length, although the queue might get bigger.

This has a host of benefits over simple taildrop, while not being processor intensive. It prevents synchronous retransmits after a burst in traffic, which cause further retransmits, etc.

The goal is to have a small queue size, which is good for interactivity while not disturbing TCP/IP traffic with too many sudden drops after a burst of traffic.

Depending on if ECN is configured, marking either means dropping or purely marking a packet as overlimit.

ALGORITHM

The average queue size is used for determining the marking probability. This is calculated using an Exponential Weighted Moving Average, which can be more or less sensitive to bursts.

When the average queue size is below min bytes, no packet will ever be marked. When it exceeds min, the probability of doing so climbs linearly up to probability, until the average queue size hits max bytes. Because probability is normally not set to 100%, the queue size might conceivably rise above max bytes, so the limit parameter is provided to set a hard maximum for the size of the queue.

PARAMETERS

min
Average queue size at which marking becomes a possibility. Defaults to max /3

max
At this average queue size, the marking probability is maximal. Should be at least twice min to prevent synchronous retransmits, higher for low min. Default to limit /4

probability
Maximum probability for marking, specified as a floating point number from 0.0 to 1.0. Suggested values are 0.01 or 0.02 (1 or 2%, respectively). Default : 0.02

limit
Hard limit on the real (not average) queue size in bytes. Further packets are dropped. Should be set higher than max+burst. It is advised to set this a few times higher than max.

burst
Used for determining how fast the average queue size is influenced by the real queue size. Larger values make the calculation more sluggish, allowing longer bursts of traffic before marking starts. Real life experiments support the following guideline: (min+min+max)/(3*avpkt).

avpkt
Specified in bytes. Used with burst to determine the time constant for average queue size calculations. 1000 is a good value.

bandwidth
This rate is used for calculating the average queue size after some idle time. Should be set to the bandwidth of your interface. Does not mean that RED will shape for you! Optional. Default : 10Mbit

ecn
As mentioned before, RED can either ‘mark’ or ‘drop’. Explicit Congestion Notification allows RED to notify remote hosts that their rate exceeds the amount of bandwidth available. Non-ECN capable hosts can only be notified by dropping a packet. If this parameter is specified, packets which indicate that their hosts honor ECN will only be marked and not dropped, unless the queue size hits limit bytes. Recommended.

harddrop
If average flow queue size is above max bytes, this parameter forces a drop instead of ecn marking.

nodrop
With this parameter, traffic that should be marked, but is not ECN-capable, is enqueued. Without the parameter it is early-dropped.

adaptive
(Added in linux-3.3) Sets RED in adaptive mode as described in http://icir.org/floyd/papers/adaptiveRed.pdf

Goal of Adaptive RED is to make 'probability' dynamic value between 1% and 50% to reach the target average queue :
(max - min) / 2

QEVENTS

See tc (8) for some general notes about qevents. The RED qdisc supports the following qevents:

early_drop
The associated block is executed when packets are early-dropped. This includes non-ECT packets in ECN mode.

mark
The associated block is executed when packets are marked in ECN mode.

EXAMPLE

# tc qdisc add dev eth0 parent 1:1 handle 10: red limit 400000 min 30000 max 90000 avpkt 1000 burst 55 ecn adaptive bandwidth 10Mbit

SEE ALSO

tc(8), tc-choke(8)

SOURCES

o
Floyd, S., and Jacobson, V., Random Early Detection gateways for Congestion Avoidance. http://www.aciri.org/floyd/papers/red/red.html

o
Some changes to the algorithm by Alexey N. Kuznetsov.

o
Adaptive RED : http://icir.org/floyd/papers/adaptiveRed.pdf

AUTHORS

Alexey N. Kuznetsov, <[email protected]>, Alexey Makarenko <[email protected]>, J Hadi Salim <[email protected]>, Eric Dumazet <[email protected]>. This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

37 - Linux cli command tc-connmark

NAME 🖥️ tc-connmark 🖥️

netfilter connmark retriever action

SYNOPSIS

tc … action connmark [ zone u16_zone_index ] [ CONTROL ] [ index* u32_index * ]

CONTROL := { reclassify | pipe | drop | continue | ok }

DESCRIPTION

The connmark action is used to restore the connection’s mark value into the packet’s fwmark.

OPTIONS

zone* u16_zone_index*
Specify the conntrack zone when doing conntrack lookups for packets. u16_zone_index is a 16bit unsigned decimal value.

CONTROL
How to continue after executing this action.

reclassify
Restarts classification by jumping back to the first filter attached to this action’s parent.

pipe
Continue with the next action, this is the default.

drop
shot
Packet will be dropped without running further actions.

continue
Continue classification with next filter in line.

pass
Return to calling qdisc for packet processing. This ends the classification process.

index* u32_index *
Specify an index for this action in order to being able to identify it in later commands. u32_index is a 32bit unsigned decimal value.

SEE ALSO

tc(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

38 - Linux cli command vfs_aio_fork

NAME 🖥️ vfs_aio_fork 🖥️

implement async I/O in Samba vfs

SYNOPSIS

vfs objects = aio_fork

DESCRIPTION

This VFS module is part of the samba(7) suite.

The aio_fork VFS module enables async I/O for Samba on platforms where the system level Posix AIO interface is insufficient. Posix AIO can suffer from severe limitations. For example, on some Linux versions the real-time signals that it uses are broken under heavy load. Other systems only allow AIO when special kernel modules are loaded or only allow a certain system-wide amount of async requests being scheduled. Systems based on glibc (most Linux systems) only allow a single outstanding request per file descriptor.

To work around all these limitations, the aio_fork module was written. It uses forked helper processes instead of the internal Posix AIO interface to create asynchronousity for read and write calls. It has no parameters, it will create helper processes when async requests come in as needed. Idle helper processes will be removed every 30 seconds.

This module is stackable.

EXAMPLES

Straight forward use:

    [cooldata]
	path = /data/ice
	vfs objects = aio_fork

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

39 - Linux cli command update-language

NAME 🖥️ update-language 🖥️

language - generate hyphenation configuration for TeX engines

SYNOPSIS

update-language(-dat,-def,-lua) [OPTIONS …]

DESCRIPTION

Generate hyphenation configuration files language.dat, .def, .dat.lua

When called as update-language, all three configurations files are generated. Otherwise only the selected one.

OPTIONS

-c, –conf-file=FILE
file giving additional hyphen specifications

-o, –output-file=FILE file to write the output to

-d, –output-dir=DIR
directory where files are written

–checks
perform sanity checks on the generated config file

-q, –quiet
don’t write anything to the standard output during normal operation

-h, -?, –help
display this help message and exit

–version
output version information and exit

FILES

The default output directory is

/var/lib/texmf/tex/generic/config

The default output files are

for update-language-dat
language.dat

for update-language-def
language.def

for update-language-lua
language.dat.lua

If -o/–output-file is given, it overrides all defaults.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

40 - Linux cli command systemd-tpm2-setup-early.service

NAME 🖥️ systemd-tpm2-setup-early.service 🖥️

tpm2-setup.service, systemd-tpm2-setup-early.service, systemd-tpm2-setup - Set up the TPM2 Storage Root Key (SRK) at boot

SYNOPSIS

systemd-tpm2-setup.service

/usr/lib/systemd/systemd-tpm2-setup

DESCRIPTION

systemd-tpm2-setup.service and systemd-tpm2-setup-early.service are services that generate the Storage Root Key (SRK) if it hasnt been generated yet, and stores it in the TPM.

The services will store the public key of the SRK key pair in a PEM file in /run/systemd/tpm2-srk-public-key.pem and /var/lib/systemd/tpm2-srk-public-key.pem. They will also store it in TPM2B_PUBLIC format in /run/systemd/tpm2-srk-public-key.tpm2_public and /var/lib/systemd/tpm2-srk-public-key.tpm2b_public.

systemd-tpm2-setup-early.service runs very early at boot (possibly in the initrd), and writes the SRK public key to /run/systemd/tpm2-srk-public-key.* (as /var/ is generally not accessible this early yet), while systemd-tpm2-setup.service runs during a later boot phase and saves the public key to /var/lib/systemd/tpm2-srk-public-key.*.

FILES

/run/systemd/tpm2-srk-public-key.pem, /run/systemd/tpm2-srk-public-key.tpm2b_public

The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot.

Added in version 255.

/var/lib/systemd/tpm2-srk-public-key.pem, /var/lib/systemd/tpm2-srk-public-key.tpm2_public

The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once /var/ is available).

Added in version 255.

SEE ALSO

systemd(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

41 - Linux cli command tc-pfifo_fast

NAME 🖥️ tc-pfifo_fast 🖥️

three-band first in, first out queue

DESCRIPTION

pfifo_fast is the default qdisc of each interface.

Whenever an interface is created, the pfifo_fast qdisc is automatically used as a queue. If another qdisc is attached, it preempts the default pfifo_fast, which automatically returns to function when an existing qdisc is detached.

In this sense this qdisc is magic, and unlike other qdiscs.

ALGORITHM

The algorithm is very similar to that of the classful tc-prio(8) qdisc. pfifo_fast is like three tc-pfifo(8) queues side by side, where packets can be enqueued in any of the three bands based on their Type of Service bits or assigned priority.

Not all three bands are dequeued simultaneously - as long as lower bands have traffic, higher bands are never dequeued. This can be used to prioritize interactive traffic or penalize ’lowest cost’ traffic.

Each band can be txqueuelen packets long, as configured with ip(8). Additional packets coming in are not enqueued but are instead dropped.

See tc-prio(8) for complete details on how TOS bits are translated into bands.

PARAMETERS

txqueuelen
The length of the three bands depends on the interface txqueuelen, as specified with ip(8).

BUGS

Does not maintain statistics and does not show up in tc qdisc ls. This is because it is the automatic default in the absence of a configured qdisc.

SEE ALSO

tc(8)

AUTHORS

Alexey N. Kuznetsov, <[email protected]>

This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

42 - Linux cli command update-exim4.conf

NAME 🖥️ update-exim4.conf 🖥️

exim4.conf - Generate exim4 configuration files.

SYNOPSIS

update-exim4.conf [-v|–verbose] [-h|–help] [–keepcomments] [–removecomments] [-o|–output file]

OPTIONS

–check
Generate temporary configuration file, check its validity and exit with either success (exitcode 0) or an error (exitcode 1). On success the temporary file is deleted, otherwise the file is left for further debugging.

-d|–confdir directory
Read input from directory instead of /etc/exim4.

-h|–help
Show short help message and exit

–keepcomments
Do not remove comment lines from the output file.

-o|–output file
Write output to file instead of /var/lib/exim4/config.autogenerated.

–removecomments
Remove comment lines from the output file. [Default]

-v|–verbose
Enable verbose mode

DESCRIPTION

The script update-exim4.conf generates the main configuration files /var/lib/exim4/config.autogenerated for Exim v4 by merging the data in the template file /etc/exim4/exim4.conf.template or the ones in the /etc/exim4/conf.d directory tree respectively and /etc/exim4/update-exim4.conf.conf to the output file /var/lib/exim4/config.autogenerated.

If dc_use_split_config in /etc/exim4/update-exim4.conf.conf specifies a split configuration, update-exim4.conf processes the /etc/exim4/conf.d subdirectories in the order main, acl, router, transport, retry, rewrite and auth. Within each directory it takes files in lexical sort order by file name. It concatenates all these files and makes the debconf replacement described below.

If you are not using split configuration update-exim4.conf concatenates /etc/exim4/exim4.conf.localmacros (if this file exists) and /etc/exim4/exim4.conf.template (in this order) and makes the debconf replacement described below.

In either case, before outputting the result to /var/lib/exim4/config.autogenerated, update-exim4.conf generates a number of exim configuration macros from the contents of dc_something from /etc/exim4/update-exim4.conf.conf and inserts them into the configuration right after the definition of the exim configuration macro UPEX4CmacrosUPEX4C (which is only used as placeholder for this case). The macro definitions are bracketed with .ifdef clauses to allow the local admin to override the values with earlier definitions. update-exim4.conf makes no other changes to the configuration. This makes it very simple to make small changes to the configuration and still have the benefits of debconf.

On the other hand if you don’t want to manage exim4.conf with debconf install your own handcrafted version as /etc/exim4/exim4.conf. Exim will use this file if it exists and ignore the autogenerated one. Additionally you might want to set dc_eximconfig_configtype=none in /etc/exim4/update-exim4.conf.conf to stop debconf from asking you questions about exim4.

update-exim4.conf exits silently and does nothing if /etc/exim4/exim4.conf exists and -o was not used to direct the output to a different file than /var/lib/exim4/config.autogenerated.

update-exim4.conf will only use files in the conf.d directory that have a filename which consists only of letters, numbers, underscores and hyphens ([:alnum:]_-), similar to run-parts(8). Additionally, update-exim4.conf will use /etc/exim4/conf.d/foo/bar.rul instead of /etc/exim4/conf.d/foo/bar if the .rul file exists. This is meant to be helpful for easy interaction with packages extending Exim.

If the new configuration will be written to /var/lib/exim4/config.autogenerated, update-exim4.conf will check the validity of the freshly generated configuration. If the new file is detected as invalid, update-exim4.conf leaves the old /var/lib/exim4/config.autogenerated untouched and exits with an error.

However, there are still possible invalidities that can only be detected at run time. This most notably applies to errors in expressions that are expanded at run time.

If the new configuration will be written to some other file, no validity checking occurs and that file will always be overwritten.

EXAMPLES

You want to be able to check exim’s queue as normal user: Generate a new file, e.g. /etc/exim4/conf.d/main/40_local_mailq, containing only the line queue_list_requires_admin = false

NOTES

update-exim4.conf changes the file permissions of the output file to the value of the environment variable CFILEMODE. If CFILEMODE is neither set in /etc/exim4/update-exim4.conf.conf nor in the environment it defaults to 0644. Change this to 0640 if you are keeping sensitive information (LDAP credentials et. al.) in there.

CONFIGURATION VARIABLES

All lists given in configuration variables are semicolon-separated. In the past, they used to be colon separated. This was changed to semicolon separation to make specification of IPv6 addresses easier. Backwards compatibility is preserved, so that old configurations using colons as separators do still work. Colons are deprecated and might stop working in a later release. If you need to specify a single IPv6 address in a field that is defined as a list of host names or IP addresses, please prefix “<;” to explicitly specify the list separator as a semicolon. Otherwise, the code cannot tell an IP address from a colon-separated list of strange host names.

Using lookups like “dsearch;something” in update-exim4.conf.conf has never been supported and does no longer work! If you need this, please convert to directly setting the appropriate macros.

update-exim4.conf evaluates these patterns in /etc/exim4/update-exim4.conf.conf:

CFILEMODE
The octal file mode of the generated file.

dc_eximconfig_configtype
The main configuration type. Sets macro DC_eximconfig_configtype. The macro usually contains a shorthand for one of the choices for the “General type of mail configuration” debconf question (See README.Debian).

dc_eximconfig_configtype <-> debconf configtype mapping:

“internet”
internet site; mail is sent and received directly using SMTP

“smarthost”
mail sent by smarthost; received via SMTP or fetchmail

“satellite”
mail sent by smarthost; no local mail

“local”
local delivery only; not on a network

“none”
no configuration at this time

dc_hide_mailname
Boolean option that controls whether the local mailname in the headers of outgoing mail should be hidden. (Only effective for “smarthost” and “satellite”. Sets macro HIDE_MAILNAME.

dc_mailname_in_oh
Internal use only Boolean option that is set by the maintainer scripts after adding the contents of /etc/mailname to the dc_other_hostnames list. This is a transition helper since it wouldn’t otherwise be possible to see whether that domain name has been removed from dc_other_hostnames on purpose. This is not used by update-exim4.conf, and no macro is set.

ue4c_keepcomments
Boolean option that controls whether update-exim4.conf strips the comments from the target configuration file (default) or leaves them in. This can be overridden by the command line options –keepcomments and –removecomments. The value is not written to an exim macro.

dc_localdelivery
name of the default transport for local mail delivery. Defaults to mail_spool if unset, use maildir_home for delivery to ~/Maildir/. Sets macro LOCAL_DELIVERY.

dc_local_interfaces
List of IP addresses the Exim daemon should listen on. If this is left empty, Exim listens on all interfaces. Sets macro MAIN_LOCAL_INTERFACES only if there is a non-empty value.

dc_minimaldns
Boolean option to activate some option to minimize DNS lookups, if set to “true” a macro DC_minimaldns is defined. If true, the macro DC_minimaldns is set to 1, and the macro MAIN_HARDCODE_PRIMARY_HOSTNAME is set to the appropriately post-processes output of hostname –fqdn.

dc_other_hostnames
is used to build the local_domains list, together with “localhost”. This is the list of domains for which this machine should consider itself the final destination. The local_domains list ends up in the macro MAIN_LOCAL_DOMAINS.

dc_readhost
For “smarthost” and “satellite” it is possible to hide the local mailname in the headers of outgoing mail and replace it with this value instead, using rewriting. For “satellite” only, this value is also the host to send local mail to. Sets macro DCreadhost.

dc_relay_domains
is a list of domains for which we accept mail from anywhere on the Internet but which are not delivered locally, e.g. because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.

dc_relay_nets
A list of machines for which we serve as smarthost. Please note that 127.0.0.1 and ::1 are always permitted to relay since /usr/lib/sendmail is available anyway and relay control doesn’t make sense here. Sets macro MAIN_RELAY_NETS.

dc_smarthost
List of hosts to which all outgoing mail is passed to and that takes care of delivering it. Each of the hosts is tried, in the order specified (See exim specification, chapter 20.5). All deliveries go out to TCP port 25 unless a different port is specified after the host name, separated from the host name by two colons. Colons in IPv6 addresses need to be doubled. If a port number follows, IP addresses may be enclosed in brackets, which might be the only possibility to specify delivery to an IPv6 address and a different port. Examples:
host.domain.example deliver to host looked up on DNS, tcp/25
host.domain.example::587 deliver to host looked up on DNS, tcp/587
192.168.2.4 deliver to IPv4 host, tcp/25
192.168.2.4::587 deliver to IPv4 host, tcp/587
[192.168.2.4]::587 deliver to IPv4 host, tcp/587
2001::0db8::f::4::::2 deliver to IPv6 host, tcp/25
[2001::0db8::f::4::::2]::587 deliver to IPv6 host, tcp/587
This is used as value of the DCsmarthost macro.

dc_use_split_config
Boolean option that controls whether update-exim4.conf uses /etc/exim4/exim4.conf.template (“false”) or the multiple files below /etc/exim4/conf.d (“true”) as input. This does not set any macros.

The macro MAIN_PACKAGE_VERSION is set to Debian’s Version number of
the package being installed for convenient inclusion in the configuration.

RECOMMENDED USAGE

If you are running exim as daemon (as it is in the default setup of the Debian packages) you should not invoke update-exim4.conf directly when exim is running. For SMTP receiving or queue running, exim forks, and the new processes would use the new configuration file, while the original main exim daemon would still use the old configuration file. You should use invoke-rc.d exim4 restart instead.

BUGS

This manual page needs a major re-work. If somebody knows better groff than us and has more experience in writing manual pages, any patches would be greatly appreciated.

FILES

/var/lib/exim4/config.autogenerated
Exim’s main configuration file

/etc/exim4/exim4.conf
Optional manually managed Exim main configuration file. Takes precedence over debconf managed one if it exists.

/etc/exim4/update-exim4.conf.conf
Configuration file being written by exim4-config maintainer scripts, which may be hand-edited, and is read as input by update-exim4.conf.

SEE ALSO

exim(8), exim4-config_files(5), /usr/share/doc/exim4-base/ and for general notes and details about interaction with debconf /usr/share/doc/exim4-base/README.Debian.gz

AUTHOR

Andreas Metzler <ametzler at debian.org>
Marc Haber <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

43 - Linux cli command tc-mirred

NAME 🖥️ tc-mirred 🖥️

mirror/redirect action

SYNOPSIS

tc … action mirred DIRECTION ACTION [ index INDEX ] TARGET

DIRECTION := { ingress | egress }

TARGET := { DEV | BLOCK }

DEV := dev* DEVICENAME*

BLOCK := blockid* BLOCKID*

ACTION := { mirror | redirect }

DESCRIPTION

The mirred action allows packet mirroring (copying) or redirecting (stealing) the packet it receives. Mirroring is what is sometimes referred to as Switch Port Analyzer (SPAN) and is commonly used to analyze and/or debug flows. When mirroring to a tc block, the packet will be mirrored to all the ports in the block with exception of the port where the packet ingressed, if that port is part of the tc block. Redirecting is similar to mirroring except that the behaviour is to mirror to the first N - 1 ports in the block and redirect to the last one (note that the port in which the packet arrived is not going to be mirrored or redirected to).

OPTIONS

ingress
egress
Specify the direction in which the packet shall appear on the destination interface.

mirror
redirect
Define whether the packet should be copied (mirror) or moved (redirect) to the destination interface or block.

index* INDEX*
Assign a unique ID to this action instead of letting the kernel choose one automatically. INDEX is a 32bit unsigned integer greater than zero.

dev* DEVICENAME*
Specify the network interface to redirect or mirror to.

blockid* BLOCKID*
Specify the tc block to redirect or mirror to.

EXAMPLES

Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for debugging purposes:

tc qdisc add dev eth0 handle ffff: clsact

# tc filter add dev eth0 ingress u32 \
	match u32 0 0 \
	action police rate 1mbit burst 100k conform-exceed pipe \
	action mirred egress redirect dev lo

Mirror all incoming ICMP packets on eth0 to a dummy interface for examination with e.g. tcpdump:

ip link add dummy0 type dummy

# ip link set dummy0 up
# tc qdisc add dev eth0 handle ffff: clsact
# tc filter add dev eth0 ingress protocol ip \
	u32 match ip protocol 1 0xff \
	action mirred egress mirror dev dummy0

Using an ifb interface, it is possible to send ingress traffic through an instance of sfq:

modprobe ifb

# ip link set ifb0 up
# tc qdisc add dev ifb0 root sfq
# tc qdisc add dev eth0 handle ffff: clsact
# tc filter add dev eth0 ingress u32 \
	match u32 0 0 \
	action mirred egress redirect dev ifb0

LIMITATIONS

The kernel restricts nesting to four levels to avoid the chance of nesting loops.

Do not redirect for one IFB device to another. IFB is a very specialized case of packet redirecting device. Redirecting from ifbX->ifbY will cause all packets to be dropped.

SEE ALSO

tc(8), tc-u32(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

44 - Linux cli command systemd-update-utmp.service

NAME 🖥️ systemd-update-utmp.service 🖥️

update-utmp.service, systemd-update-utmp-runlevel.service, systemd-update-utmp - Write audit and utmp updates at bootup, runlevel changes and shutdown

SYNOPSIS

systemd-update-utmp.service

systemd-update-utmp-runlevel.service

/usr/lib/systemd/systemd-update-utmp

DESCRIPTION

systemd-update-utmp-runlevel.service is a service that writes SysV runlevel changes to utmp and wtmp, as well as the audit logs, as they occur. systemd-update-utmp.service does the same for system reboots and shutdown requests.

SEE ALSO

systemd(1), utmp(5), auditd(8)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

45 - Linux cli command vigr

NAME 🖥️ vigr 🖥️

edit the password, group, shadow-password or shadow-group file

SYNOPSIS

vipw [options]

vigr [options]

DESCRIPTION

The vipw and vigr commands edit the files /etc/passwd and /etc/group, respectively. With the -s flag, they will edit the shadow versions of those files, /etc/shadow and /etc/gshadow, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable $VISUAL, then the environment variable $EDITOR, and finally the default editor, vi(1).

OPTIONS

The options which apply to the vipw and vigr commands are:

-g, –group

Edit group database.

-h, –help

Display help message and exit.

-p, –passwd

Edit passwd database.

-q, –quiet

Quiet mode.

-R, –root CHROOT_DIR

Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. Only absolute paths are supported.

-s, –shadow

Edit shadow or gshadow database.

ENVIRONMENT

VISUAL

Editor to be used.

EDITOR

Editor to be used if VISUAL is not set.

FILES

/etc/group

Group account information.

/etc/gshadow

Secure group account information.

/etc/passwd

User account information.

/etc/shadow

Secure user account information.

SEE ALSO

vi(1), group(5), gshadow(5) , passwd(5), , shadow(5).

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

46 - Linux cli command [email protected]

NAME 🖥️ [email protected] 🖥️

[email protected], systemd-veritysetup - Disk verity protection logic

SYNOPSIS

[email protected]

/usr/lib/systemd/systemd-veritysetup

DESCRIPTION

[email protected] is a service responsible for setting up verity protection block devices. It should be instantiated for each device that requires verity protection.

At early boot and when the system manager configuration is reloaded kernel command line configuration for verity protected block devices is translated into [email protected] units by systemd-veritysetup-generator(8).

[email protected] calls systemd-veritysetup.

COMMANDS

The following commands are understood by systemd-veritysetup:

attach volume datadevice hashdevice roothash [option…]

Create a block device volume using datadevice and hashdevice as the backing devices. roothash forms the root of the tree of hashes stored on hashdevice. See Kernel dm-verity[1] documentation for details.

Added in version 250.

detach volume

Detach (destroy) the block device volume.

Added in version 250.

help

Print short information about command syntax.

Added in version 250.

SEE ALSO

systemd(1), systemd-veritysetup-generator(8), veritysetup(8)

NOTES

Kernel dm-verity

https://docs.kernel.org/admin-guide/device-mapper/verity.html

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

47 - Linux cli command vfs_readahead

NAME 🖥️ vfs_readahead 🖥️

pre-load the kernel buffer cache

SYNOPSIS

vfs objects = readahead

DESCRIPTION

This VFS module is part of the samba(7) suite.

This vfs_readahead VFS module detects read requests at multiples of a given offset (hex 0x80000 by default) and then tells the kernel via either the readahead system call (on Linux) or the posix_fadvise system call to pre-fetch this data into the buffer cache.

This module is useful for Windows Vista clients reading data using the Windows Explorer program, which asynchronously does multiple file read requests at offset boundaries of 0x80000 bytes.

The offset multiple used is given by the readahead:offset option, which defaults to 0x80000.

The size of the disk read operations performed by vfs_readahead is determined by the readahead:length option. By default this is set to the same value as the readahead:offset option and if not set explicitly will use the current value of readahead:offset.

This module is stackable.

OPTIONS

readahead:offset = BYTES

The offset multiple that causes readahead to be requested of the kernel buffer cache.

readahead:length = BYTES

The number of bytes requested to be read into the kernel buffer cache on each readahead call.

The following suffixes may be applied to BYTES:

·

K - BYTES is a number of kilobytes

·

M - BYTES is a number of megabytes

·

G - BYTES is a number of gigabytes

EXAMPLES

[hypothetical] vfs objects = readahead

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

48 - Linux cli command tc-ets

NAME 🖥️ tc-ets 🖥️

Enhanced Transmission Selection scheduler

SYNOPSIS

tc qdisc … ets [ bands number ] [ strict number ] [ quanta bytes bytes bytes… ] [ priomap band band band… ]

tc class … ets [ quantum bytes ]

DESCRIPTION

The Enhanced Transmission Selection scheduler is a classful queuing discipline that merges functionality of PRIO and DRR qdiscs in one scheduler. ETS makes it easy to configure a set of strict and bandwidth-sharing bands to implement the transmission selection described in 802.1Qaz.

On creation with ’tc qdisc add’, a fixed number of bands is created. Each band is a class, although it is not possible to directly add and remove bands with ’tc class’ commands. The number of bands to be created must instead be specified on the command line as the qdisc is added.

The minor number of classid to use when referring to a band is the band number increased by one. Thus band 0 will have classid of major:1, band 1 that of major:2, etc.

ETS bands are of two types: some number may be in strict mode, the remaining ones are in bandwidth-sharing mode.

ALGORITHM

When dequeuing, strict bands are tried first, if there are any. Band 0 is tried first. If it did not deliver a packet, band 1 is tried next, and so on until one of the bands delivers a packet, or the strict bands are exhausted.

If no packet has been dequeued from any of the strict bands, if there are any bandwidth-sharing bands, the dequeuing proceeds according to the DRR algorithm. Each bandwidth-sharing band is assigned a deficit counter, initialized to quantum assigned by a quanta element. ETS maintains an (internal) ‘‘active’’ list of bandwidth-sharing bands whose qdiscs are non-empty. This list is used for dequeuing. A packet is dequeued from the band at the head of the list if the packet size is smaller or equal to the deficit counter. If the counter is too small, it is increased by quantum and the scheduler moves on to the next band in the active list.

Only qdiscs that own their queue should be added below the bandwidth-sharing bands. Attaching to them non-work-conserving qdiscs like TBF does not make sense – other qdiscs in the active list will be skipped until the dequeue operation succeeds. This limitation does not exist with the strict bands.

CLASSIFICATION

The ETS qdisc allows three ways to decide which band to enqueue a packet to:

- Packet priority can be directly set to a class handle, in which case that is the queue where the packet will be put. For example, band number 2 of a qdisc with handle of 11: will have classid 11:3. To mark a packet for queuing to this band, the packet priority should be set to 0x110003.

- A tc filter attached to the qdisc can put the packet to a band by using the flowid keyword.

- As a last resort, the ETS qdisc consults its priomap (see below), which maps packets to bands based on packet priority.

PARAMETERS

strict
The number of bands that should be created in strict mode. If not given, this value is 0.

quanta
Each bandwidth-sharing band needs to know its quantum, which is the amount of bytes a band is allowed to dequeue before the scheduler moves to the next bandwidth-sharing band. The quanta argument lists quanta for the individual bandwidth-sharing bands. The minimum value of each quantum is 1. If quanta is not given, the default is no bandwidth-sharing bands, but note that when specifying a large number of bands, the extra ones are in bandwidth-sharing mode by default.

bands
Number of bands given explicitly. This value has to be at least large enough to cover the strict bands specified through the strict keyword and bandwidth-sharing bands specified in quanta. If a larger value is given, any extra bands are in bandwidth-sharing mode, and their quanta are deduced from the interface MTU. If no value is given, as many bands are created as necessary to cover all bands implied by the strict and quanta keywords.

priomap
The priomap maps the priority of a packet to a band. The argument is a list of numbers. The first number indicates which band the packets with priority 0 should be put to, the second is for priority 1, and so on.

There can be up to 16 numbers in the list. If there are fewer, the default band that traffic with one of the unmentioned priorities goes to is the last one.

EXAMPLE & USAGE

Add a qdisc with 8 bandwidth-sharing bands, using the interface MTU as their quanta. Since all quanta are the same, this will lead to equal distribution of bandwidth between the bands, each will get about 12.5% of the link. The low 8 priorities go to individual bands in a reverse 1:1 fashion (such that the highest priority goes to the first band).

# tc qdisc add dev eth0 root handle 1: ets bands 8 priomap 7 6 5 4 3 2 1 0
# tc qdisc show dev eth0
qdisc ets 1: root refcnt 2 bands 8 quanta 1514 1514 1514 1514 1514 1514 1514 1514 priomap 7 6 5 4 3 2 1 0 7 7 7 7 7 7 7 7

Tweak the first band of the above qdisc to give it a quantum of 2650, which will give it about 20% of the link (and about 11.5% to the remaining bands):

# tc class change dev eth0 classid 1:1 ets quantum 2650
# tc qdisc show dev eth0
qdisc ets 1: root refcnt 2 bands 8 quanta 2650 1514 1514 1514 1514 1514 1514 1514 priomap 7 6 5 4 3 2 1 0 7 7 7 7 7 7 7 7

Create a purely strict Qdisc with reverse 1:1 mapping between priorities and bands:

# tc qdisc add dev eth0 root handle 1: ets strict 8 priomap 7 6 5 4 3 2 1 0
# tc qdisc sh dev eth0
qdisc ets 1: root refcnt 2 bands 8 strict 8 priomap 7 6 5 4 3 2 1 0 7 7 7 7 7 7 7 7

Add a Qdisc with 6 bands, 3 strict and 3 ETS with 35%-30%-25% weights:

# tc qdisc add dev eth0 root handle 1: ets strict 3 quanta 3500 3000 2500 priomap 0 1 1 1 2 3 4 5
# tc qdisc sh dev eth0
qdisc ets 1: root refcnt 2 bands 6 strict 3 quanta 3500 3000 2500 priomap 0 1 1 1 2 3 4 5 5 5 5 5 5 5 5 5

Create a Qdisc such that traffic with priorities 2, 3 and 4 are strictly prioritized over other traffic, and the rest goes into bandwidth-sharing classes with equal weights:

# tc qdisc add dev eth0 root handle 1: ets bands 8 strict 3 priomap 3 4 0 1 2 5 6 7
# tc qdisc sh dev eth0
qdisc ets 1: root refcnt 2 bands 8 strict 3 quanta 1514 1514 1514 1514 1514 priomap 3 4 0 1 2 5 6 7 7 7 7 7 7 7 7 7

SEE ALSO

tc(8), tc-prio(8), tc-drr(8)

AUTHOR

Parts of both this manual page and the code itself are taken from PRIO and DRR qdiscs.
ETS qdisc itself was written by Petr Machata.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

49 - Linux cli command vfs_fake_perms

NAME 🖥️ vfs_fake_perms 🖥️

enable read only Roaming Profiles

SYNOPSIS

vfs objects = fake_perms

DESCRIPTION

This VFS module is part of the samba(7) suite.

The vfs_fake_perms VFS module was created to allow Roaming Profile files and directories to be set (on the Samba server under UNIX) as read only. This module will, if installed on the Profiles share, report to the client that the Profile files and directories are writeable. This satisfies the client even though the files will never be overwritten as the client logs out or shuts down.

This module is stackable.

EXAMPLES

    [Profiles]
	path = /profiles
	vfs objects = fake_perms

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

50 - Linux cli command tdbbackup

NAME 🖥️ tdbbackup 🖥️

tool for backing up and for validating the integrity of samba .tdb files

SYNOPSIS

tdbbackup [-s suffix] [-v] [-h] [-n hashsize] [-l]

DESCRIPTION

This tool is part of the samba(1) suite.

tdbbackup is a tool that may be used to backup samba .tdb files. This tool may also be used to verify the integrity of the .tdb files prior to samba startup or during normal operation. If it finds file damage and it finds a prior backup the backup file will be restored.

OPTIONS

-h

Get help information.

-s suffix

The -s option allows the administrator to specify a file backup extension. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup.

-v

The -v will check the database for damages (corrupt data) which if detected causes the backup to be restored.

-n hashsize

The -n option sets the hash size for the new backup tdb.

-l

This options disables any locking, by passing TDB_NOLOCK to tdb_open_ex(). Only use this for database files which are not used by any other process! And also only if it is otherwise not possible to open the database, e.g. databases which were created with mutex locking.

COMMANDS

GENERAL INFORMATION

The tdbbackup utility can safely be run at any time. It was designed so that it can be used at any time to validate the integrity of tdb files, even during Samba operation. Typical usage for the command will be:

tdbbackup [-s suffix] *.tdb

Before restarting samba the following command may be run to validate .tdb files:

tdbbackup -v [-s suffix] *.tdb

Samba .tdb files are stored in various locations, be sure to run backup all .tdb file on the system. Important files includes:

·

secrets.tdb - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba.

·

passdb.tdb - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba.

·

*.tdb located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories.

VERSION

This man page is correct for version 3 of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The tdbbackup man page was written by John H Terpstra.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

51 - Linux cli command systemd-socket-proxyd

NAME 🖥️ systemd-socket-proxyd 🖥️

socket-proxyd - Bidirectionally proxy local sockets to another (possibly remote) socket

SYNOPSIS

systemd-socket-proxyd [OPTIONS…] HOST:PORT

systemd-socket-proxyd [OPTIONS…] UNIX-DOMAIN-SOCKET-PATH

DESCRIPTION

systemd-socket-proxyd is a generic socket-activated network socket forwarder proxy daemon for IPv4, IPv6 and UNIX stream sockets. It may be used to bi-directionally forward traffic from a local listening socket to a local or remote destination socket.

One use of this tool is to provide socket activation support for services that do not natively support socket activation. On behalf of the service to activate, the proxy inherits the socket from systemd, accepts each client connection, opens a connection to a configured server for each client, and then bidirectionally forwards data between the two.

This utilitys behavior is similar to socat(1). The main differences for systemd-socket-proxyd are support for socket activation with “Accept=no” and an event-driven design that scales better with the number of connections.

Note that systemd-socket-proxyd will not forward socket side channel information, i.e. will not forward SCM_RIGHTS, SCM_CREDENTIALS, SCM_SECURITY, SO_PEERCRED, SO_PEERPIDFD, SO_PEERSEC, SO_PEERGROUPS and similar.

OPTIONS

The following options are understood:

-h, –help

Print a short help text and exit.

–version

Print a short version string and exit.

–connections-max=, -c

Sets the maximum number of simultaneous connections, defaults to 256. If the limit of concurrent connections is reached further connections will be refused.

Added in version 233.

–exit-idle-time=

Sets the time before exiting when there are no connections, defaults to infinity. Takes a unit-less value in seconds, or a time span value such as “5min 20s”.

Added in version 246.

EXIT STATUS

On success, 0 is returned, a non-zero failure code otherwise.

EXAMPLES

Simple Example

Use two services with a dependency and no namespace isolation.

Example 1. proxy-to-nginx.socket

[Socket] ListenStream=80

[Install]
WantedBy=sockets.target

Example 2. proxy-to-nginx.service

[Unit] Requires=nginx.service After=nginx.service Requires=proxy-to-nginx.socket After=proxy-to-nginx.socket

[Service]
Type=notify
ExecStart=/usr/lib/systemd/systemd-socket-proxyd /run/nginx/socket
PrivateTmp=yes
PrivateNetwork=yes

Example 3. nginx.conf

[…] server { listen unix:/run/nginx/socket; […]

Example 4. Enabling the proxy

systemctl enable –now proxy-to-nginx.socket

$ curl http://localhost:80/

If nginx.service has StopWhenUnneeded= set, then passing –exit-idle-time= to systemd-socket-proxyd allows both services to stop during idle periods.

Namespace Example

Similar as above, but runs the socket proxy and the main service in the same private namespace, assuming that nginx.service has PrivateTmp= and PrivateNetwork= set, too.

Example 5. proxy-to-nginx.socket

[Socket] ListenStream=80

[Install]
WantedBy=sockets.target

Example 6. proxy-to-nginx.service

[Unit] Requires=nginx.service After=nginx.service Requires=proxy-to-nginx.socket After=proxy-to-nginx.socket JoinsNamespaceOf=nginx.service

[Service]
Type=notify
ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080
PrivateTmp=yes
PrivateNetwork=yes

Example 7. nginx.conf

[…] server { listen 8080; […]

Example 8. Enabling the proxy

systemctl enable –now proxy-to-nginx.socket

$ curl http://localhost:80/

SEE ALSO

systemd(1), systemd.socket(5), systemd.service(5), systemctl(1), socat(1), nginx(1), curl(1)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

52 - Linux cli command updatedb

NAME 🖥️ updatedb 🖥️

update a database for plocate

SYNOPSIS

updatedb [OPTION]…

DESCRIPTION

updatedb creates or updates a database used by locate(1). If the database already exists, its data is reused to avoid rereading directories that have not changed.

updatedb is usually run daily from a systemd.timer(8) to update the default database.

EXIT STATUS

updatedb returns with exit status 0 on success, 1 on error.

OPTIONS

The PRUNE_BIND_MOUNTS, PRUNEFS, PRUNENAMES and PRUNEPATHS variables, which are modified by some of the options, are documented in detail in updatedb.conf(5).

-f, –add-prunefs FS
Add entries in white-space-separated list FS to PRUNEFS.

-n, –add-prunenames NAMES
Add entries in white-space-separated list NAMES to PRUNENAMES.

-e, –add-prunepaths PATHS
Add entries in white-space-separated list PATHS to PRUNEPATHS.

–add-single-prunepath PATH
Add PATH to PRUNEPATHS. Note that this is currently the only way to add a path with a space in it.

-U, –database-root PATH
Store only results of scanning the file system subtree rooted at PATH to the generated database. The whole file system is scanned by default.

locate(1) outputs entries as absolute path names which don’t contain symbolic links, regardless of the form of PATH.

–debug-pruning
Write debugging information about pruning decisions to standard error output.

-h, –help
Write a summary of the available options to standard output and exit successfully.

-o, –output FILE
Write the database to FILE instead of using the default database.

–prune-bind-mounts FLAG
Set PRUNE_BIND_MOUNTS to FLAG, overriding the configuration file.

–prunefs FS
Set PRUNEFS to FS, overriding the configuration file.

–prunenames NAMES
Set PRUNENAMES to NAMES, overriding the configuration file.

–prunepaths PATHS
Set PRUNEPATHS to PATHS, overriding the configuration file.

-l, –require-visibility FLAG
Set the “require file visibility before reporting it” flag in the generated database to FLAG.

If FLAG is 0 or no, or if the database file is readable by “others” or it is not owned by plocate, locate(1) outputs the database entries even if the user running locate(1) could not have read the directory necessary to find out the file described by the database entry.

If FLAG is 1 or yes (the default), locate(1) checks the permissions of parent directories of each entry before reporting it to the invoking user. To make the file existence truly hidden from other users, the database group is set to plocate and the database permissions prohibit reading the database by users using other means than locate(1), which is set-gid plocate.

Note that the visibility flag is checked only if the database is owned by plocate and it is not readable by “others”.

-v, –verbose
Output path names of files to standard output, as soon as they are found.

-V, –version
Write information about the version and license of locate on standard output and exit successfully.

EXAMPLES

To create a private plocate database as a user other than root, run

updatedb -l 0 -o db_file -U source_directory

Note that all users that can read db_file can get the complete list of files in the subtree of source_directory.

FILES

/etc/updatedb.conf
A configuration file. See updatedb.conf(5). Uses exactly the same format as the one used by mlocate(1)’s updatedb, so they can be shared.

/var/lib/plocate/plocate.db
The database updated by default.

SECURITY

Databases built with –require-visibility no allow users to find names of files and directories of other users, which they would not otherwise be able to do.

AUTHOR

Miloslav Trmac <[email protected]>

Steinar H. Gunderson <[email protected]>

SEE ALSO

locate(1), updatedb.conf(5)

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

53 - Linux cli command vcstime

NAME 🖥️ vcstime 🖥️

Show time in upper right hand corner of the console screen

SYNOPSIS

vcstime

DESCRIPTION

vcstime shows the current time in the upper right-hand corner of the console screen.

This simple program shows the current time in the corner of the console screen.

It needs to be run by root, in order to have write permissions to /dev/vcsa

AUTHORS

vcstime was written by Andries Brouwer, based on a suggestion by Miguel de Icaza. This manual page was Written by Alastair McKinstry, Debian, Jan 2003.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

54 - Linux cli command tc-prio

NAME 🖥️ tc-prio 🖥️

Priority qdisc

SYNOPSIS

tc qdisc … dev dev ( parent classid | root) [ handle major: ] prio [ bands bands ] [ priomap band band band… ] [ estimator interval timeconstant ]

DESCRIPTION

The PRIO qdisc is a simple classful queueing discipline that contains an arbitrary number of classes of differing priority. The classes are dequeued in numerical descending order of priority. PRIO is a scheduler and never delays packets - it is a work-conserving qdisc, though the qdiscs contained in the classes may not be.

Very useful for lowering latency when there is no need for slowing down traffic.

ALGORITHM

On creation with ’tc qdisc add’, a fixed number of bands is created. Each band is a class, although is not possible to add classes with ’tc qdisc add’, the number of bands to be created must instead be specified on the command line attaching PRIO to its root.

When dequeueing, band 0 is tried first and only if it did not deliver a packet does PRIO try band 1, and so onwards. Maximum reliability packets should therefore go to band 0, minimum delay to band 1 and the rest to band 2.

As the PRIO qdisc itself will have minor number 0, band 0 is actually major:1, band 1 is major:2, etc. For major, substitute the major number assigned to the qdisc on ’tc qdisc add’ with the handle parameter.

CLASSIFICATION

Three methods are available to PRIO to determine in which band a packet will be enqueued.

From userspace
A process with sufficient privileges can encode the destination class directly with SO_PRIORITY, see socket(7).

with a tc filter
A tc filter attached to the root qdisc can point traffic directly to a class

with the priomap
Based on the packet priority, which in turn is derived from the Type of Service assigned to the packet.

Only the priomap is specific to this qdisc.

QDISC PARAMETERS

bands
Number of bands. If changed from the default of 3, priomap must be updated as well.

priomap
The priomap maps the priority of a packet to a class. The priority can either be set directly from userspace, or be derived from the Type of Service of the packet.

Determines how packet priorities, as assigned by the kernel, map to bands. Mapping occurs based on the TOS octet of the packet, which looks like this:

0   1   2   3   4   5   6   7
+---+---+---+---+---+---+---+---+
|           |               |   |
|PRECEDENCE |      TOS      |MBZ|
|           |               |   |
+---+---+---+---+---+---+---+---+

The four TOS bits (the ‘TOS field’) are defined as:

Binary Decimal  Meaning
-----------------------------------------
1000   8         Minimize delay (md)
0100   4         Maximize throughput (mt)
0010   2         Maximize reliability (mr)
0001   1         Minimize monetary cost (mmc)
0000   0         Normal Service

As there is 1 bit to the right of these four bits, the actual value of the TOS field is double the value of the TOS bits. Tcpdump -v -v shows you the value of the entire TOS field, not just the four bits. It is the value you see in the first column of this table:

TOS     Bits  Means                    Linux Priority    Band
------------------------------------------------------------
0x0     0     Normal Service           0 Best Effort     1
0x2     1     Minimize Monetary Cost   0 Best Effort     1
0x4     2     Maximize Reliability     0 Best Effort     1
0x6     3     mmc+mr                   0 Best Effort     1
0x8     4     Maximize Throughput      2 Bulk            2
0xa     5     mmc+mt                   2 Bulk            2
0xc     6     mr+mt                    2 Bulk            2
0xe     7     mmc+mr+mt                2 Bulk            2
0x10    8     Minimize Delay           6 Interactive     0
0x12    9     mmc+md                   6 Interactive     0
0x14    10    mr+md                    6 Interactive     0
0x16    11    mmc+mr+md                6 Interactive     0
0x18    12    mt+md                    4 Int. Bulk       1
0x1a    13    mmc+mt+md                4 Int. Bulk       1
0x1c    14    mr+mt+md                 4 Int. Bulk       1
0x1e    15    mmc+mr+mt+md             4 Int. Bulk       1

The second column contains the value of the relevant four TOS bits, followed by their translated meaning. For example, 15 stands for a packet wanting Minimal Monetary Cost, Maximum Reliability, Maximum Throughput AND Minimum Delay.

The fourth column lists the way the Linux kernel interprets the TOS bits, by showing to which Priority they are mapped.

The last column shows the result of the default priomap. On the command line, the default priomap looks like this:

1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

This means that priority 4, for example, gets mapped to band number 1. The priomap also allows you to list higher priorities (> 7) which do not correspond to TOS mappings, but which are set by other means.

This table from RFC 1349 (read it for more details) explains how applications might very well set their TOS bits:

TELNET                   1000           (minimize delay)
FTP
        Control          1000           (minimize delay)
        Data             0100           (maximize throughput)

TFTP                     1000           (minimize delay)

SMTP
        Command phase    1000           (minimize delay)
        DATA phase       0100           (maximize throughput)

Domain Name Service
        UDP Query        1000           (minimize delay)
        TCP Query        0000
        Zone Transfer    0100           (maximize throughput)

NNTP                     0001           (minimize monetary cost)

ICMP
        Errors           0000
        Requests         0000 (mostly)
        Responses        <same as request> (mostly)

CLASSES

PRIO classes cannot be configured further - they are automatically created when the PRIO qdisc is attached. Each class however can contain yet a further qdisc.

BUGS

Large amounts of traffic in the lower bands can cause starvation of higher bands. Can be prevented by attaching a shaper (for example, tc-tbf(8) to these bands to make sure they cannot dominate the link.

AUTHORS

Alexey N. Kuznetsov, <[email protected]>, J Hadi Salim <[email protected]>. This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

55 - Linux cli command tc-pfifo

NAME 🖥️ tc-pfifo 🖥️

Packet limited First In, First Out queue

bfifo - Byte limited First In, First Out queue

SYNOPSIS

tc qdisc … add pfifo [ limit packets ]

tc qdisc … add bfifo [ limit bytes ]

DESCRIPTION

The pfifo and bfifo qdiscs are unadorned First In, First Out queues. They are the simplest queues possible and therefore have no overhead. pfifo constrains the queue size as measured in packets. bfifo does so as measured in bytes.

Like all non-default qdiscs, they maintain statistics. This might be a reason to prefer pfifo or bfifo over the default.

ALGORITHM

A list of packets is maintained, when a packet is enqueued it gets inserted at the tail of a list. When a packet needs to be sent out to the network, it is taken from the head of the list.

If the list is too long, no further packets are allowed on. This is called ’tail drop'.

PARAMETERS

limit
Maximum queue size. Specified in bytes for bfifo, in packets for pfifo. For pfifo, defaults to the interface txqueuelen, as specified with ip(8). The range for this parameter is [0, UINT32_MAX].

For bfifo, it defaults to the txqueuelen multiplied by the interface MTU. The range for this parameter is [0, UINT32_MAX] bytes.

Note: The link layer header was considered when counting packets length.

OUTPUT

The output of tc -s qdisc ls contains the limit, either in packets or in bytes, and the number of bytes and packets actually sent. An unsent and dropped packet only appears between braces and is not counted as ‘Sent’.

In this example, the queue length is 100 packets, 45894 bytes were sent over 681 packets. No packets were dropped, and as the pfifo queue does not slow down packets, there were also no overlimits:

# tc -s qdisc ls dev eth0
qdisc pfifo 8001: dev eth0 limit 100p
 Sent 45894 bytes 681 pkts (dropped 0, overlimits 0)

If a backlog occurs, this is displayed as well.

SEE ALSO

tc(8)

AUTHORS

Alexey N. Kuznetsov, <[email protected]>

This manpage maintained by bert hubert <[email protected]>

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

56 - Linux cli command unix_chkpwd

NAME 🖥️ unix_chkpwd 🖥️

Helper binary that verifies the password of the current user

SYNOPSIS

unix_chkpwd […]

DESCRIPTION

unix_chkpwd is a helper program for the pam_unix module that verifies the password of the current user. It also checks password and account expiration dates in shadow. It is not intended to be run directly from the command line and logs a security violation if done so.

It is typically installed setuid root or setgid shadow.

The interface of the helper - command line options, and input/output data format are internal to the pam_unix module and it should not be called directly from applications.

SEE ALSO

pam_unix(8)

AUTHOR

Written by Andrew Morgan and other various people.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

57 - Linux cli command vfs_io_uring

NAME 🖥️ vfs_io_uring 🖥️

Implement async io in Samba vfs using io_uring of Linux (>= 5.1).

SYNOPSIS

vfs objects = io_uring

DESCRIPTION

This VFS module is part of the samba(7) suite.

The io_uring VFS module enables asynchronous pread, pwrite and fsync using the io_uring infrastructure of Linux (>= 5.1). This provides much less overhead compared to the usage of the pthreadpool for async io.

This module SHOULD be listed last in any module stack as it requires real kernel file descriptors.

EXAMPLES

Straight forward use:

    [cooldata]
	path = /data/ice
	vfs objects = io_uring

OPTIONS

io_uring:num_entries = NUMBER_OF_QUEUE_ENTRIES

The number of entries in the submission queue. The maximum allowed value depends on the kernel version and the kernel will roundup the value to a power of 2.

The default is 128.

io_uring:sqpoll = BOOL

Use the IORING_SETUP_SQPOLL feature.

The default is no.

SEE ALSO

io_uring_setup(2).

VERSION

This man page is part of version 4.20.1-Debian of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

58 - Linux cli command xtables-nft

NAME 🖥️ xtables-nft 🖥️

nft — iptables using nftables kernel api

DESCRIPTION

xtables-nft are versions of iptables that use the nftables API. This is a set of tools to help the system administrator migrate the ruleset from iptables(8), ip6tables(8), arptables(8), and ebtables(8) to nftables(8).

The xtables-nft set is composed of several commands:

• iptables-nft

• iptables-nft-save

• iptables-nft-restore

• ip6tables-nft

• ip6tables-nft-save

• ip6tables-nft-restore

• arptables-nft

• ebtables-nft

These tools use the libxtables framework extensions and hook to the nf_tables kernel subsystem using the nft_compat module.

USAGE

The xtables-nft tools allow you to manage the nf_tables backend using the native syntax of iptables(8), ip6tables(8), arptables(8), and ebtables(8).

You should use the xtables-nft tools exactly the same way as you would use the corresponding original tools.

Adding a rule will result in that rule being added to the nf_tables kernel subsystem instead. Listing the ruleset will use the nf_tables backend as well.

When these tools were designed, the main idea was to replace each legacy binary with a symlink to the xtables-nft program, for example:

	/sbin/iptables -> /usr/sbin/iptables-nft-multi
	/sbin/ip6tables -> /usr/sbin/ip6tables-nft-multi
	/sbin/arptables -> /usr/sbin/arptables-nft-multi
	/sbin/ebtables -> /usr/sbin/ebtables-nft-multi

The iptables version string will indicate whether the legacy API (get/setsockopt) or the new nf_tables api is used:

	iptables -V
	iptables v1.7 (nf_tables)

DIFFERENCES TO LEGACY IPTABLES

Because the xtables-nft tools use the nf_tables kernel API, rule additions and deletions are always atomic. Unlike iptables-legacy, iptables-nft -A .. will NOT need to retrieve the current ruleset from the kernel, change it, and re-load the altered ruleset. Instead, iptables-nft will tell the kernel to add one rule. For this reason, the iptables-legacy –wait option is a no-op in iptables-nft.

Use of the xtables-nft tools allow monitoring ruleset changes using the xtables-monitor(8) command.

When using -j TRACE to debug packet traversal to the ruleset, note that you will need to use xtables-monitor(8) in –trace mode to obtain monitoring trace events.

EXAMPLES