Tech Support Notes
introduction
1. Topic 01: Firewalls
- 1.1. CSF
- 1.2. APF
- 1.3. IPtables
- 1.4. UFW
- 1.5. Windows Firewall
2. Topic 02: Package Management
- 2.1. Yum
- 2.2. rpm
- 2.3. rpm2cpio
- 2.4. Apt
- 2.5. dpkg
3. Topic 03: Networking
- 3.1. mtr/traceroute
- 3.2. pathping
- 3.3. ipv6
- 3.4. nmap
- 3.5. telnet/netcat
- 3.6. netstat/ss
- 3.7. Bandwidth and Speed Testing
- 3.8. Assigning IP's
4. Topic 04: DNS
- 4.1. Dns overview
- 4.2. dig
- 4.3. host
5. Topic 5: Configuration Files
- 5.1. ssh
- 5.2. apache
- 5.3. samba
- 5.4. bind/named
- 5.5. exim
- 5.6. postfix
- 5.7. vsftpd
6. Topic 6: Mysql
- 6.1. to sort
7. Topic 7: Apache
- 7.1. to sort
8. Topic 8: Memory
- 8.1. free / vmstat
9. Topic 9: Process Tracking
- 9.1. ps
- 9.2. lsof
- 9.3. windows
10. Topic 10: Partitions/Filesystems
- 10.1. Basic Layout
- 10.2. creating / modifying
- 10.3. fdisk / parted
- 10.4. fstab / mount
- 10.5. labels / uuid
- 10.6. LVM Part One
- 10.7. LVM Part Two
11. Topic 11: Devices/shares
- 11.1. samba / nfs / nas
- 11.2. iscsi
12. Topic 12: Space and drive usage
- 12.1. du / df / inodes
- 12.2. iostat
- 12.3. smartctl
13. Topic 13: Logging
- 13.1. logging configuration
- 13.2. general system logs
- 13.3. plesk logs
- 13.4. cpanel logs
14. Topic 14: Finding Exploits
- 14.1. maldet
- 14.2. rootkit hunter
- 14.3. windows
15. Topic 15: Email
- 15.1. general troubleshooting
- 15.2. exim
- 15.3. qmail
- 15.4. postfix
- 15.5. spam
16. Topic 16: Find
- 16.1. find examples
17. Topic 17: Rescue Layer/Live Environment
- 17.1. mounting filesystem / chroot
- 17.2. cloning
18. Topic 18: Permissions/users/groups
- 18.1. permissions
- 18.2. users
- 18.3. groups
19. Topic 19: Cpanel
- 19.1. general
- 19.2. Moving Mysql
20. Topic 20: Plesk
- 20.1. general
21. Topic 21: Windows
- 21.1. windows to sort
- 21.2. hyper-v
22. Topic 22: Freebsd
- 22.1. installing packages
- 22.2. networking
- 22.3. drive management
23. Topic 23: Dumping ground
- 23.1. sed / awk
- 23.2. gdb
- 23.3. curl / wget
- 23.4. compress / uncompress
- 23.5. rsync / scp
- 23.6. Random commands

Tech Support Notes

Nmap

Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Depending on the type of scan the process can take from a few seconds to a few minutes.

Check if a specific port is open

nmap -p PORT IP/Hostname

Look for all open ports with -T4 ("Aggressive")

nmap -P0 -T4 -sV -p- IP/Hostname

Scan a host name/IP with more verbose output

nmap -v IP/Hostname

Scan a range of IP's

nmap 10.0.0.1-20

Find out if a host/network is protected by a firewall

nmap -sA IP/Hostname

Scan a host when protected by the firewall

nmap -PN IP/Hostname

nmap report reason for the result

[hyperion] (~) >>> nmap --reason -P0 -p 22  x.x.x.x

Starting Nmap 5.51 ( http://nmap.org ) at 2013-11-28 13:52 CST
Nmap scan report for x.x.x.x-static.reverse.softlayer.com (x.x.x.x)
Host is up, received user-set.
PORT   STATE    SERVICE REASON
22/tcp filtered ssh     no-response

Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds

### Perform an Agressive scan
The -A flag performs 

[river] (~) >>> nmap -A  192.168.1.81

Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 08:48 CDT
Nmap scan report for saturn (192.168.1.81)
Host is up (0.0033s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE     VERSION
80/tcp   open  http        Apache httpd 2.4.9 ((Unix))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Launchbot &ndash; Your Personal Startpage Script
139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: SATURN)
445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: SATURN)
3306/tcp open  mysql?
| mysql-info: MySQL Error detected!
| Error Code was: 1130
---keys omitted here---
Network Distance: 1 hop

Host script results:
|_nbstat: NetBIOS name: SATURN, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| smb-os-discovery:
|   OS: Unix (Samba 4.1.6)
|   Computer name: saturn
|   NetBIOS computer name: SATURN
|   Domain name: ctrlz.us
|   FQDN: saturn.ctrlz.us
|_  System time: 2014-04-21T13:41:04+00:00
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol

TRACEROUTE
HOP RTT     ADDRESS
1   3.30 ms saturn (192.168.1.81)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 31.39 seconds