LuniX Tuning 1o1 – Part 0 – The NetW0rk

Or the art of playing with the nerves of one’s colleagues

Ok here are two three little tips to make your Linux a little more fluffy or to rot the linux of a buddy/colleague who didn’t loggout from root or who put sudo nopasswd and let you put your paws in it ^^

0x001 – nsswitch.conf

Very rarely watched by unconfirmed ninuxians, this file allows to choose in which order the searches will be made ex /etc/hosts file then dns (if the result is not in the /etc/hosts file, go search on the dns), but it is possible to do the other way around with the nsswitch.conf file.

Example:

grep google /etc/hosts
127.0.0.1 google.com

grep host /etc/nsswitch.conf
#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

ping google.com
PING google.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.017 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.017/0.017/0.017/0.000 ms


#%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<#


grep host /etc/nsswitch.conf
#hosts:     db files nisplus nis dns
hosts:      dns files myhostname

ping google.com              
PING google.com (172.217.169.14) 56(84) bytes of data.
64 bytes from lhr25s26-in-f14.1e100.net (172.217.169.14): icmp_seq=1 ttl=255 time=11.2 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 11.220/11.220/11.220/0.000 ms

You can also delete queries to the DNS hahaha (Machiavellian laughter).

grep host nsswitch.conf
#hosts:     db files nisplus nis dns
hosts:      files myhostname

ping yahoo.fr
ping: yahoo.fr: Name or service not known

ping 124.108.115.100
PING 124.108.115.100 (124.108.115.100) 56(84) bytes of data.
64 bytes from 124.108.115.100: icmp_seq=1 ttl=255 time=290 ms
^C
--- 124.108.115.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 290.732/290.732/290.732/0.000 ms
echo "I don't understand yet I pinging their server"
I don't understand yet I pinging their server

echo "answer LOL - arghh"
answer LOL - arghh

And lots of super critical things for the system to change in nsswitch.conf.

0x010 -motd.conf

For this second example, I wanted to install the ssh daemon in a Podman container, and I couldn’t install, search, or update… after 5 minutes, I understood that I hadn’t reactivated the dns in the nsswitch LOL. like that… :-/

echo "Welcome Home              
> Mortal Human" > /etc/motd

It’s just the message that is displayed when validating the ssh connection but how to display an insulting message like before the connection is established?

0x011 -The issue

Same but for tty terminals. So if you are in multiuser (old school) Alt+Ctrl+F [1-7] you will see this nice message at the top of your login screen. To be written in /etc/issue

0x100 -The Banner option

In sshd_config, the Banner option is by default to none and we will place it on a file containing our message, let’s name it /etc/ssh/sshd-banner, but this is not a requirement, it can be sent to /etc/motd or whatever.

sudo sed -i 's/#Banner none/Banner \/etc\/ssh\/sshd-banner/g' /etc/ssh/sshd_config
echo "Linux sucks
OpenBSD rulez" > /etc/ssh/sshd-banner
systemctl reload sshd #or restart

ssh root@127.0.0.1 -p 22222
Linux sucks
OpenBSD rulez
root@127.0.0.1's password: 
Last login: Sun Nov à 21:13:49 2020 from localhost
Welcome Home
Mortal Human

echo "who did this?"
who did this?

0x101 -resolv.conf

Everybody knows resolv.conf, to put in the DNS servers but did you know that you can only enter 3 nameservers, because from this limit, the others will be ignored… Let’s have fun testing this

cat resolv.conf 
nameserver 8.8.8.8
nameserver 8.8.4.4

ping -c 1 google.fr
PING google.fr (216.58.210.35) 56(84) bytes of data.
64 bytes from lhr25s11-in-f3.1e100.net (216.58.210.35): icmp_seq=1 ttl=255 time=10.4 ms

--- google.fr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.400/10.400/10.400/0.000 ms


#%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<#


cat resolv.conf 
nameserver 192.168.2.5
nameserver 192.168.5.8
nameserver 8.8.8.8
nameserver 8.8.4.4

ping -c 1 fdn.fr
PING fdn.fr (80.67.169.52) 56(84) bytes of data.
64 bytes from chewie.fdn.fr (80.67.169.52): icmp_seq=1 ttl=255 time=23.2 ms

--- fdn.fr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 23.239/23.239/23.239/0.000 ms


#%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<%<#


cat resolv.conf 
nameserver 192.168.2.5
nameserver 192.168.5.8
nameserver 192.168.7.1
nameserver 8.8.8.8
nameserver 8.8.4.4

ping -c 1 google.es
ping: google.es: Name or service not known

echo "Hahahahahahahhaha"
Hahahahahahahhaha

We can see that even if 2 servers are wrong in the first choice, it always uses the 3rd (the correct one) but when the first 3 are mouldy, nothing happens anymore. Most people use dhcp which will overwrite our death config… don’t panic, we still have the possibility to rot our friends:

dhclient.conf for OpenBSD

What if we told the dhclient not to import DNS server changes?

cat dhclient.conf
ignore domain-name-servers, domain-name;
chattr for Linux

lsattr and chattr are two rarely known tools and don’t work under OpenBSD, but… under ninux, the +i prevents modification, which can severely annoy a user/admin who wants to modify or delete a file, anyway it allows to freeze some config files (bad practice but super hack) 😀 Warning, doesn’t work in /tmp surely because of the sticky bit

touch TestFile

lsattr TestFile 
--------------e----- TestFile

whoami 
root

echo "test2" > TestFile 

cat TestFile 
test2

chattr +i TestFile 

echo "test3" > TestFile 
bash: TestFile: Opération non permise

rm -f TestFile 
rm: impossible de supprimer 'TestFile': Opération non permise

whoami 
root

ls -l TestFile 
-rw-r--r--. 1 root root 6  8 nov.  22:02 TestFile

echo "EH?"
EH?

chattr -i TestFile 

rm -f TestFile 

ll
total 4
-rw-------. 1 root root 1361 25 août  19:39 anaconda-ks.cfg

#so
chattr +i /etc/resolv.conf #will do the job ;-)

This was the first part, reserved for the network and with the config files normally present on all standard linux and many Unix. I’m going to do a special post on the RedHat because it’s enough to tear out huhuhu.

If you are reading these lines, I hope it has taught you a couple of funny tricks ^_^