iptables on busybox - linux

I have busybox installed as a 'starter' package on my embedded linux board and I also need to use iptables to configure some firewall rules.
Is there a way to get access to iptables from the busybox shell?
Otherwise, how can I exit busybox shell to get to the iptables command?
Thank you.

(1)First you need to how to modify the kernel, install modules and applications in Busybox environment.
(2)Then you can config the kernel to support Iptables (most in menu of network/netfilter),you can build those kernel modules as ko modules or part of kernel image.
(3)go to homepage to netfilter to get application souce code. Build and install.
(4)modprobe the ko (for example)
modprobe iptable_filter
modprobe ip_tables
(5)try your IPTABLES....If meet problem, you may goto step 2 to make some change.

Related

Cannot get custom kernel to boot - mkinitpcio does not add any modules

1. What I am trying to achieve:
Build a custom kernel so I can install and run Anbox-git from AUR on my Arch laptop. Custom kernel is needed for the package to work.
2. What I did to achieve it:
Download Arch Linux kernel v5.8.5-arch1 from here
I followed the guidelines on tradional compilation Arch wiki to create the custom kernel
Via make nconfig I applied the changes mentioned in the Anbox Arch wiki page.
Via make nconfig I changed EFIVAR_FS option from "M" to "*" to resolve an error from earlier attemps.
Via make nconfig under Location: -> Device Drivers-> Multiple devices driver support (RAID and LVM) (MD [=y])-> Device mapper support (BLK_DEV_DM [=y]) I added a few more options (*) because on earlier builds mkinitpcio gave errors for missing modules for DM_CRYPT, and some more DM_ modules which I cannot easily reproduce (will do if necessary for the answer, but I hope it'll be irrelevant).
After creating the config this way I did:
sudo make modules_install
sudo cp -v arch/x86_64/boot/bzImage /boot/vmlinuz-linux58ac
sudo cp /etc/mkinitcpio.d/linux.preset /etc/mkinitcpio.d/linux58ac.preset
Adapted the preset file per Arch wiki instructions
sudo mkinitcpio -p linux58ac
Important: The mkinitpcio runs fine, but keeps giving me a warning:
WARNING: No modules were added to the image. This is probably not what
you want.
sudo grub-mkconfig -o /boot/grub/grub.cfg
3. Expected result:
I am able to reboot, select the new kernel from grub menu, get the usual LVM password prompt, and launch into it without problems.
4. Result I get:
I can reboot and select new kernel from grub but when I select it I get a
Warning: /lib/modules/5.8.5-arch1/modules.devname not found, ignoring.
Starting version 246.4-1-arch
ERROR device 'dev/mapper/vg0-root' not found. Skipping fsck.
mount /new_root: special device /dev/mapper/vg0-root does not exist.
You are being dropped into an emergy shell.
I checked and the /lib/modules/5.8.5-arch1/modules.devnamedoes indeed exist. But I think the actual problem is that mkinitcpio doesn't load the correct modules into the custom kernel, causing it to become unbootable.
Any help appreciated!

Is there any short A to Z description of how to debug the Linux kernel that has been tested and contains ALL necessary steps ? Esp. for Yocto?

Debugging the Linux Kernel with kgdb over rs-232 needs several preparation steps. I found awesome documentation, but no single-source that is fully self-contained and summarizes all steps needed, does not explain for ages, and has been tested. And also covers Yocto.
Is there any source that covers all that is needed in one single and short description ?
I.e.:
What files are needed in the directory GDB is started from (e.g. kernel awareness, source, vmlinux) and how to get theese, where to put it ?
When and where to get a cross-gdb from ?
ALL kernel config options needed, also the not-obvious ones (like CONFIG_RANDOMIZE_BASE)
How to configure the serial ports
Explaining a working back and forth of breaking into debugee and debugger to get started.
Explaining one rock-solid option of stopping the kernel that runs everywhere.
Explaining how to get this done not only for PC-PC debugging, but also for Yocto targets.
Debugging the Linux Kernel via a Nullmodem-Cable:
It took me a while to get a kgdb connection with Linux kernel awareness fully running. I share my way of doing this with Ubuntu Eoan (optional: Yocto Warrior) in 2020 here:
Tested with:
Debugging a linux based Intel PC from an Intel MacBook running MacOS Catalina. Using the gdb from the Homebrew package "i386-elf-gdb“. (wituout „-tui“ option in GDB)
Debugging a linux based ARM target (i.mx6, Yocto) from a linux based Intel PC.
Prerequisites:
You need two computers and a serial nullmodem cable. Check the cable by firiing up a serial termianl (e.g. screen or putty) on both hosts, connecting to your serial port (e.g. /dev/ttyS0 or /dev/ttyUSB0) and print characters from each station to the other. Remember the /dev/tty ports you confirmed.
Preparation:
You need on the first debuggee computer, we call it „target":
Special kernel installed that contains symbols, kgdb support etc.
Learn how to compile and install a kernel and use in make menuconfig belows configuration. You can search for Sybmbols with F8 or the / key in menuconfig.
(E.g. wiki.ubuntu.com. There take care in the first paragraph to execute deb-src before apt-get :)
# CONFIG_SERIAL_KGDB_NMI is not set
CONFIG_CONSOLE_POLL=y
# CONFIG_DEBUG_INFO is not set
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
# CONFIG_KGDB_TESTS is not set
# CONFIG_KGDB_KDB is not set
CONFIG_FRAME_POINTER=y
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_DEBUG_INFO_SPLIT is not set
CONFIG_DEBUG_INFO_DWARF4=y
CONFIG_GDB_SCRIPTS=y
CONFIG_STRIP_ASM_SYMS=y
# CONFIG_RANDOMIZE_BASE is not set
(Note for advanced Yocto use, skip if you're debugging a PC:
In yocto I created in my layer a file: recipes-kernel/linux/linux-mainline_%.bbappend with the content:
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += "file://kgdb.cfg“
And in files/kgdb.cfg I added the config fragment shown above (without the on ARM unavailable options CONFIG_RANDOMIZE_BASE and CONFIG_FRAME_POINTER)
)
You need on the second debugger computer, we call it „debugger pc":
Full kernel source code, same code you used to compile the kernel above. (If you compiled the .o and .ko objects in place and not in a build-folder you better not copy the directory from the other pc, where you called make etc. in, but then better grab fresh sources again.)
vmlinux file containing the symbols (lies in the kernel source root, or build folder on the highest level after kernel make).
vmlinux-gdb.py file that was made during the kernel build (also lies at the same position on the highest level.).
All scripts in the folder scripts/gdb (Folder scripts in the same toplevel-position. If you use a dedicated build folder use the script folder from there, not from the source folder.)
(Advanced: If both computers don’t match in CPU, like Intel and Arm, a cross-gdb build. Ignore if you're on Intel/AMD.)
Note for advanced Yocto use, I did something like (ignore if you debug a PC):
bitbake -c patch virtual/kernel #(apply the changed kernel config from above)
bitbake -f -c compile virtual/kernel #(unpack is not sufficient because of vmlinux-gdb.py)
mkdir ~/gdbenv
cp -a tmp/work-shared/phyboard-mira-imx6-14/kernel-source/. ~/gdbenv
cp tmp/work/phyboard_mira_imx6_14-phytec-linux-gnueabi/linux-mainline/4.19.100-phy1-r0.0/build/vmlinux ~/gdbenv
cp tmp/work/phyboard_mira_imx6_14-phytec-linux-gnueabi/linux-mainline/4.19.100-phy1-r0.0/build/vmlinux-gdb.py ~/gdbenv
mkdir ~/gdbenv/scripts
cp -r tmp/work/phyboard_mira_imx6_14-phytec-linux-gnueabi/linux-mainline/4.19.100-phy1-r0.0/build/scripts/gdb ~/gdbenv/scripts
Then (ignore if you're on a PC)
yocto bitbake -c populate_sdk [my-image]
Then (still ignore on PC) install the sdk .sh-installation file from your deploy directory on the debugger pc and start the environment as guided by the output of the install script (remember that command), then use "$GDB" for starting the cross-gdb instead of „gdb".
Debug execution
Launch on the debugger two console screens:
Console 1, ssh: +++++++++++++++++++++++++++++++++++++++
ssh user#192.168.x.y
sudo -s
echo ttyS0,9600n8 > /sys/module/kgdboc/parameters/kgdboc
echo 1 > /proc/sys/kernel/sysrq
echo g > /proc/sysrq-trigger
Console 2, local: ++++++++++++++++++++++++++++++++++++++++
cd ~/gdbenv
gdb -tui ./vmlinux
add-auto-load-safe-path ~/gdbenv
source ~/gdbenv/vmlinux-gdb.py
set serial baud 9600
target remote /dev/ttyS0 (use the tty port you confirmed in the beginning)
b [name of the c funtion you want to debug]
cont
Back to console 1, ssh: +++++++++++++++++++++++++++++++++++++++
[Now trigger the function, e.g. sudo modprobe yourFancyKernelModule]
Back to console 2, local: ++++++++++++++++++++++++++++++++++++++++
Now use gdb functions, like bt, step, next, finish ...
You can also use linux-aware commands. Call "apropos lx“ in gdb for a list of commands.

How to install Wireshark on Linux and capture USB traffic?

I have encountered numerous problems in the installation of Wireshark, and the capture of USB traffic, especially due to user permissions.
How to install Wireshark on Linux and capture USB traffic?
Tested on Ubuntu 14.04, but probably works on other distributions since none of the steps are specific to Ubuntu.
The first time you follow the tutorial, do all the steps 1 -> 7.
When you restart your computer, you have to repeat steps 6 and 7 to see the USB interfaces in Wireshark.
Install Wireshark and libpcap:
sudo apt-get install wireshark libpcap0.8
For Debian, Ubuntu and other Debian derivatives, continue to step 3.
For other Linux based systems or other installation methods, see the Wireshark Wiki, then go to step 6.
Reconfigure wireshark to allow non-superusers to track packets:
sudo dpkg-reconfigure wireshark-common
Select <Yes> in the prompt
Add your username to the "wireshark" usergroup:
sudo usermod -a -G wireshark <your_username>
You can verify if it’s done correctly by displaying the groups your username is part of:
groups <your_username>
If not, you can add the group "wireshark" manually:
groupadd wireshark
And then add your username to the group (see above)
Important: Logout of your session, then log back in.
This step depends on the kernel version that is installed on your machine. To know the version of your kernel, type:
uname -r
For versions of the kernel prior to 2.6.21, if debugfs is not already mounted on /sys/kernel/debug, ensure that it is mounted there by issuing the following command:
sudo mount -t debugfs / /sys/kernel/debug
For kernel version 2.6.21 and later, load the loadable module usbmon in the Kernel:
`sudo modprobe usbmon`
See [Wireshark Wiki](https://wiki.wireshark.org/CaptureSetup/USB#Linux) for more information about this differentiation.
If the usbmon interfaces don't appear in Wireshark, look for interfaces using dumpcap (the command-line tool of Wireshark):
sudo dumpcap -D
You should see the usbmon* interfaces. Now display the permissions of the usbmon interfaces:
ls -l /dev/usbmon*
If the usbmon* files have 'crw-------', then it's normal that Wireshark cannot read them because it's not run as root. Do not execute wireshark in root mode, it may damage files. Instead, you can give it regular users privileges :
sudo setfacl -m u:$USER:r /dev/usbmon*
Now the usbmon interfaces should appear in Wireshark.
Sources:
https://wiki.wireshark.org/CaptureSetup/USB#Linux
https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Most_UNIXes
https://unix.stackexchange.com/questions/55722/wireshark-couldnt-run-usr-sbin-dumpcap-in-child-process
http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup

How to disable the autoloading of a specific module in Linux

I compiled my Linux kernel according to the Linux Device Driver Chapter 4: Debugging Techniques. After I loaded my first hello world module and then checked the output by dmesg, however, all I can see is evbug: ........
I know I can turn off evbug's output by execute sudo rmmod evbug. But, obviously, it is inconvenient to execute this command after each reboot.
How could I disable this module's autoloading? I just want to load it manually when I need it.
You need to blacklist the module. For debian systems see https://wiki.debian.org/KernelModuleBlacklisting. For redhat systems see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/rescuemode_drivers-blacklisting.html

Monitor/audit file delete on Linux

One of the .beam files of one of my application deps is being deleted and I am not sure by what/how.
Is there a way to monitor or audit a file to see what happens when it is deleted?
I'm using RedHat distro.
Yes, you can use the audit daemon. You did't say which Linux distro. Red Hat based systems contain auditd, and you can use auditctl to add rules.
To watch a directory recursively for changes:
auditctl -w /usr/local/someapp/ -p wa
To watch system calls made by a program with pid of 2021:
auditctl -a exit,always -S all -F pid=2021
Check the man page for auditctl.
Results will be logged to /var/log/audit/audit.log
To ensure it's running.
/etc/init.d/auditd status
For a more thorough approach, you could use tripwire or OSSEC, but they're geared more toward intrusion detection.
You can monitor your Linux file system using aide. AIDE means Intrusion Detection Software to Monitor Changes.
Steps:
Install AIDE #yum install aide -y
Configuration AIDE // PERMS=p+i+u+g+acl+selinux
Initialize the AIDE database #aide –-init
Check the file system changes #aide –-check
To get more details you can visit below link
http://topicsfeedback.com/linux-system-monitoring-tools/
or you may download best android apps about advance Linux in your phone to get instant access
https://play.google.com/store/apps/details?id=com.topicsfeedback.advancelinux

Resources