Резюме: Remote intern Linux system administrator
Briefly
Tried programming:
Languages: Python, Python3, C, C++, C++11
Libraries: STL, QT (w/o GUI)
Build systems: AutoTools, qmake
Version control: svn, git
Debugging: valgrind, gdb
Other: parallel programming, semaphores/mutexes, TCP/IP, Unix IPC,
fork/exec and pipes (Linux)
Reading: C++ Reference (https://cppreference.com), AutoBook,
books about QT, OpenGL, GLSL (OpenGL Shading Language)
Python3 basics
Tried Linux distributions: Mint, Debian, ALTLinux, Gentoo
Tried Asterisk PBX (call redirection/parking,
voice menu, connecting users via SIP, connecting 2
Asterisks via IAX). Building Asterisk from sources
Tried in Linux: IPv4 routing, port forwarding (iptables),
packet filtering, OpenVPN+TLS. SSH+RSA, Bash, Bash-scripts,
isc-DHCP, isc-bind (caching), mdadm, Remmina, x11vnc, freenx,
cryptsetup, lvm2, parted, gparted, man, chmod, chgrp, chattr,
mkfs.ext4, mkswap, tune2fs, partprobe,
swaplabel, e2label, blkid, lsblk, partprobe, grub, lilo, iptables,
mkisofs, xorrisofs, qemu, aqemu, VirtualBOX, GNU Screen, mc, find,
dd, gzip, xz, bzip2, zstd, brasero, aptitude, apt-get, memtest86+,
lshw, lsusb, hwinfo, fsck, fstab, mount, gpg, gnupg
terminal editors: nano, mcedit, joe, vim.tiny
Work practice (approximately, from last to 1st, except item "0"):
0. Different situations:
0.1. Make PC+ALTLinux work as router
(packet filtering, port forwarding, SSH+RSA, OpenVPN+TLS)
0.2. Install/configure OSes (windows, linux)
(see below, after work experience)
1. Period: 2016-08 to 2016-10 (2 months)
City: Krasnodar
Company: Internet veshchey
Graphic: full-time
Position: C++ programmer
Experience: design and implementation of early version of protocol
of fragmented transmission of IPv4-packets using sliding
window protocol (as in tcp rfc)
creation (from c++ program) tun-device under Linux
Building the project using AutoTools
Building and installing on device with ARM processor
(rootfs (linux) build system for the device supports AutoTools-projects)
2. Period: 2015-04 to 2015-11 (7 months)
City: Mytishchi (Moscow region)
Graphic: full-time
Company: Tehnos-rm (Technologies and systems of radiomonitoring)
Company's site: http://tehnos-rm.ru/
Position: C++ programmer (QT w/o GUI, under Linux/Windows)
Experience: creation of cross-platform library to work with
data structured and small file format. With C++/QT
Debugging, code modification. Uploading to svn
3. Period: 2013-06 to 2013-08 (2 months)
City: Krasnodar
Company: IT RTS
Position: Linux sysadmin
Experience: build, install, setup Asterisk PBX.
Call redirection/parking, voice menu,
connect clients via SIP, connect 2 Asterisks via IAX
4. Period: 2013-08 to 2013-10 (2 months)
City: Krasnodar
Company: IT RTS
Position: PHP programmer
Experience: simple html+css with PHP language
5. Period: 2013-01-29 to 2013-04-01 (2 months)
City: Krasnodar
Company: ZAO NIPI InjGeo
Position: C++ programmer
Experience: developing of AutoCAD 2012 plugins C++ using ObjectARX
library
6. Period: 2012-09 to 2013-01 (4 months)
City: Krasnodar
Company: OOO IT Resheniye
Company's site: https://nashadmin.ru
Position: Linux sysadmin
Experience: install XUbuntu on server (SSH, FreeNX; EterSoft Wine, CUPS).
Install XUbuntu on PCs (configure Remmina).
Setup Panasonic PBX (new users, groups).
Data rescue from damaged hdd using btrfs and a bash script
Other practice
Install Windows 10 + Debian 10 with msdos (MBR) partition table
Install Mint 20 + Debian 10 with gpt partition table
(using separate bios_grub partition (recommended size 512 KiB))
and with msdos (MBR) partition table
Create/modify partition table using parted or gparted under Linux
Format ntfs-partitions using diskpart under Windows 10
(under linux) backup MBR (parttable+boot_sector), command:
dd if=/dev/sda bs=512 count=1 of=MBR.bin
(under linux) restore-from-backup MBR, command:
dd of=/dev/sda bs=512 count=1 if=MBR.bin
(under linux) backup partiting with freespace compression
(fill freespace with zeroes and compress with gzip -4)
example (backup):
mount /dev/sda3 /mnt/sda3
dd if=/dev/zero of=/mnt/sda3/zero.bin bs=1M
sync
umount /mnt/sda3
mount /dev/sda3 /mnt/sda3
rm -f /mnt/sda3/zero.bin
umount /mnt/sda3
dd if=/dev/sda3 bs=1M | gzip -4 | dd bs=1M of=sda3.gz
example (restore):
umount /dev/sda3
dd if=sda3.gz bs=1M | gunzip | dd bs=1M of=/dev/sda3
partprobe
(fs label on /dev/sda3 cound change, partprobe will cause
update of symlinks in /dev/disk/by-label)
Install Linux Mint 20 from iso-file w/o optical_disk/usb_flash
(under Linux; launching Mint LiveDVD (with installe) using GRUB).
example of fragment of /etc/grub.d/40_custom:
menuentry "mint20 live-dvd installer" {
set isofile=/mint20.iso
loopback loop (hd0,4)$isofile
set root=(hd0,4)
linux (loop)/casper/vmlinuz boot=casper noprompt noeject iso-scan/filename=$isofile
initrd (loop)/casper/initrd.lz
}
Install Debian 10 (using default iso or iso with firmware
(debian-firmware-10.iso)) from hdd partition with iso9660 fs
(not iso-file) w/o optical_disk/usb_flash
(under linux; launching debian install-dvd using grub).
example of fragment of /etc/grub.d/40_custom:
menuentry "debian10 installer" {
set root=(hd0,5)
linux (hd0,5)/install.amd/vmlinuz priority=low
initrd (hd0,5)/install.amd/initrd.gz
}
Comment: installer would ask about cdrom, select /dev/sda5
(sda5 means (hd0,5) in menuentry).
Comment: need internet connection (installer would ignore packages
on cdrom)
Reset password on linux, booted Linux LiveDVD or LiveUSBFlash:
(installed linux should have same arch (32 or 64 bits)
as booted system):
mkdir /mnt/targer
mount /dev/sda3 /mnt/target
cd /mnt/target
mount --rbind /dev dev
mount --rbind /run run
mount --rbind /sys sys
mount --rbind /proc proc
cd /
chroot /mnt/target /bin/bash
passwd # or passwd -d; for root
passwd user1 # or passwd -d; for user1
Reset Linux password, having passwordless grub:
In grub menu select Linux, press e ("edit").
In "linux ..." line append "init=/bin/bash".
Press F10 (boot)
remount rootfs (root, /) read-write:
mount -o remount,rw /
set root password:
passwd
or set empty root password:
passwd -d
set empty user1 password:
passwd -d user1
Configure and use ssh server:
Install openssh-server (Mint, Debiab, ALTLinux):
apt-get install openssh-server
sshd_config options:
AllowUsers root user1 user2
PermitRootLogin prohibit-password
PasswordAuthentication no
generate secret/public key pair:
ssh-keygen -t ed25519 -f id_ed25519 > id_ed25519.txt
add pubkey to PC with openssh-server:
1. copy id_ed25519.pub to the PC
2. command:
cat id_ed25519.pub >> ~root/.ssh/authorized_keys
connect:
ssh -p port root@host
example:
ssh -p 22 user1@192.168.0.100
connect forwarding TCP-connections to local PC to a host
on remote side:
ssh -p port user@host -L [bind_address:]port:host:hostport
example:
ssh -p 22 root@192.168.0.100 -L 5900:192.168.0.10:5900
connect forwarding TCP-connections to remote PC to a host
on local side:
ssh -p port user@host -R [bind_address:]port:host:hostport
example:
ssh -p 22 root@10.5.245.22.6 -R 5900:127.0.0.1:5900
copy files using ssh:
example (scp, convert symlinks into their final (recursion) targets):
scp -r /home/user1/dir user@host:/home/user3/dir-copying
example (ssh+tar):
tar -c /path/to/dir | ssh root@host "tar -C /path/to -x"
(under linux) setup openvpn with tls
example of tls-server.ovpn (also, need to specify encryption):
mode p2p
#remote example.net 1194 udp
lport 1194
float
#nobind
dev tun-on-server
dev-type tun
# topology net30
# topology subnet
topology p2p
ifconfig 10.11.94.0 10.11.94.1
## route not used
mssfix 1400
ping 5
ping-restart 30
persist-tun
tls-server
#ca dir/openssl/ca/ca.pem
#dh dir/openssl/dh/dh.pem
#cert dir/openssl/users/tls-server/tls-server.cert.pem
#key dir/openssl/users/tls-server/tls-server.key
ca output/ca.selfsigned.cert.pem
dh output/dh.pem
cert output/tls-server.ca-signed.cert.pem
key output/tls-server.key.pem
tls-timeout 10
reneg-bytes 503002001
reneg-sec 60
# remote name
verify-x509-name tls-client name
example of tls-client.ovpn (also, need to specify encryption
(openvpn suggests encryption when launched under linux)):
mode p2p
remote tls-server-somename.ddns.net 1194 udp
float
nobind
dev tun-on-client
dev-type tun
# topology net30
# topology subnet
topology p2p
ifconfig 10.11.94.1 10.11.94.0
## route not used
mssfix 1400
ping 5
ping-restart 30
persist-tun
tls-client
ca output/ca.selfsigned.cert.pem
#dh output/dh.pem
cert output/tls-client.ca-signed.cert.pem
key output/tls-client.key.pem
tls-timeout 10
reneg-bytes 503002001
reneg-sec 60
# remote name
verify-x509-name tls-server name
generate key pairs and certs (also should securely copy keys
or separate generation and transfer CSRs, CERTs):
#!/bin/bash
# Generating self-signed key manually:
#Country Name (2 letter code) [AU]:RU
#State or Province Name (full name) [Some-State]:State
#Locality Name (eg, city) []:City
#Organization Name (eg, company) [Internet Widgits ...]:Company
#Organizational Unit Name (eg, section) []:Section
#Common Name (e.g. server FQDN or YOUR name) []:ca
#Email Address []:
bits="16384"
dhbits="4096"
days="100000"
mkdir -p output
cd output
# generate self-signed keys
for name in ca tls-server tls-client ; do
echo -en "RU\\nState\\nCity\\nCompany\\nSection\\n${name}\\n\\n"\
| openssl req -x509 -newkey rsa:$bits -nodes -outform PEM -out \
${name}.selfsigned.cert.pem -keyout ${name}.key.pem -keyform \
PEM -days ${days}
done
# Generating certificate signing request manually:
#Country Name (2 letter code) [AU]:RU
#State or Province Name (full name) [Some-State]:S
#Locality Name (eg, city) []:S
#Organization Name (eg, company) [Internet Widgits Pty Ltd]:S
#Organizational Unit Name (eg, section) []:S
#Common Name (e.g. server FQDN or YOUR name) []:S
#Email Address []:
#
#Please enter the following 'extra' attributes
#to be sent with your certificate request
#A challenge password []:
#An optional company name []:
# generate CSRs (certificate signing requests)
for name in tls-server tls-client ; do
echo -en \
"RU\\nState\\nCity\\nCompany\\nSection\\n${name}\\n\\n\\n\\n" |\
openssl req -new -outform PEM -out ${name}.csr.pem -key \
${name}.key.pem -keyform PEM
done
# sign CSRs
for name in tls-server tls-client ; do
# output of this command is currently not used (see next
# command):
openssl x509 -req -CA ca.selfsigned.cert.pem -CAkey ca.key.pem \
-CAserial ca.serial.srl \
-CAcreateserial -trustout -out \
${name}.ca-signed.trusted.cert.pem -outform PEM \
-inform PEM -in ${name}.csr.pem
# output of this is used:
openssl x509 -req -CA ca.selfsigned.cert.pem -CAkey ca.key.pem \
-CAserial ca.serial.srl \
-CAcreateserial -out ${name}.ca-signed.cert.pem -outform PEM \
-inform PEM -in ${name}.csr.pem
done
# generate diffie-hellman parameters
openssl dhparam -outform PEM -out dh.pem $dhbits
(under linux) create tar, zip, 7z archives:
zip -r dir.zip /home/user1/dir
7z a dir.7z /home/user1/dir
tar -c -J -f home-user1.tar.xz /home/user1
tar -c -j -f home-user1.tar.bz2 /home/user1
tar -c -z -f home-user1.tar.gz /home/user1
(under linux) unpack tar, zip, 7z archives:
unzip dir.zip
7z x 1.7z
tar -x -z -f 1.tar.gz
tar -x -j -f 1.tar.bz2
tar -x -J -f 1.tar.xz
(under linux) create copy of directory:
mkdir -p target
rsync -aH src/ target/
# with symlink dereferencing:
rsync -aHL src/ target/
Reading
Finished
Stroustrup C++11 (overview + full book)
McConnell "Code Complete" (in russian)
Negus "Linux Bible" 2020
Friedl "Regular expressions"
Head First about design patterns
Tanenbaum "Computer Networks" (is also about sliding window protocol)
About C programming language
Robachevskiy "Operacionnaya sistema Unix"
AutoBook (about AutoTools)
Practice
setup caching DNS-server isc-bind under linux
setup isc-dhcp-server (DHCP server) under linux
setip IPv4 address/netmask (windows,linux) (linux: ifconfig, networkManager, etcnet (ALTLinux),
/etc/network/interfaces (debian))
setup wi-fi (windows, linux) (linux: network manager, wpa_supplicant?)
setup IPv4 router via web-interface (virtual server, LAN netmask/addresses,
DHCP range, firmware update)
setup sip, iax in asterisk pbx, build asterisk from source.
(call redirection/parking, voice menu,
SIP clients, connect 2 Asterisks using IAX)
configure Panasonic PBX using downloaded program (few phone lines, groups (call groups? gruppy dozvona))
openvpn+tls between windows and linux
install hplip plugin for HP MFP using hplip-gui (linux)
(linux) setup xsane, scan
(linux) create .djvu files using imagemagick (convert), some djvu utils
(linux) create site mirrors using wget
(linux) convert html to txt
use latex
(books: L'vovskiy about Latex, 1 other book about Latex)
create small c++ programs (under linux/windows, (some w/o qt,
some w/ qt w/o gui (create/save images),
read/write simple file format through QT "<<" syntax
(variable [un]packing for QT's types)))
create small builds using autotools with c++ programs and
bash scripts
build small autotools-built-package inside Linux rootfs build
system for ARM (supports autotools)
(linux) analyze byte streams using:
hexdump -C | less
(linux) create in bash-script small images of formats ppm, pgm using echo:
#!/bin/bash
echo -en "P5\\n64 64\\n255\\n" > gray64-64x64.pgm
for ((i=0;i<64;++i)) ; do
for ((j=0;j<64;++j)) ; do
echo -en "\\x40" >> gray64-64x64.pgm
done
done
echo -en "\\n" >> gray64-64x64.pgm
if convert gray64-64x64.pgm gray64-64x64.png ; then
rm -f gray64-64x64.pgm
fi
convert images using imagemagick convert program
create small partial mirrors of repositories of mint, altlinux, debian?
(for debian is as for mint?)
(mint, (and debian?): using /var/cache/apt/archives
and apt-get --download-only reinstall pkg1 pkg2 ...)
(ALTLinux: use rsync to copy part of official repository)
create Windows 7 installation usb-flash:
create msdos (MBR) partition table with ntfs partition
copy onto ntfs partition all files from windows7 installation iso
make the ntfs partition active (windows 7/newer disk manager?)
(same for Windows 10?)
install windows 10 onto hdd using aqemu+qemu (b4 1st reboot)
(use /dev/sda as VMs hdd (format raw))
create windows 10 installation usb-flash using official program
(linux) write linux installation iso onto usb-flash using dd:
dd if=installer.iso of=/dev/sdb bs=1M
install debian onto hdd using virtualbox.
to pass hdd into VM:
linux:
VBoxManage internalcommands createrawvmdk -filename \
/path/to/sda.vmdk -rawdisk /dev/sda
windows:
VBoxManage internalcommands createrawvmdk -filename C:\vmdk\hdd0.vmdk -rawdisk \\.\PhysicalDrive0
build linux from scratch
install gentoo, setup openvpn
setup cryptsetup+lvm2 (logical volume management + encryption)
use mdadm (software raid under linux)
open bmp files in c++ program
boot from grub rescue mode (grub boot fail):
grub rescue mode commands:
ls
ls (hd0,1)/
set root=(hd0,1)
set prefix=(hd0,1)/boot/grub
insmod ext2
insmod normal
normal
(entering grub normal mode)
(linux)
analyze traffic using tcpdump
scan ports using nmap, zenmap
ping hosts
install ReactOS onto VM
launch Kolibri OS on VM
open small file format using qt w/o gui (QT streams using "<<" with variable [un]packing)
backup windows/linux rootfs (fill freespace with zeroes, compress) using dd, gzip (example is above?)
(linux)
launch GNU Screen software terminal, detach/attach
iptables: filter connections (port-based), forward ports, NAT
(NAT using MASQUERADE (for dynamic IPv4 address) or SNAT, port
forwarding using DNAT)
hw:
use lshw, lsusb
FSs:
blkid, lsblk
create ALTLinux rpm-packages with patches, russian translations,
conversions using sed
install tightvnc client/server under windows, connect using remmina under linux
(and tightvnc client under windows?)
launch putty (ssh client) under windows?
(linux)
launch x11vnc (vnc server) from terminal
install freenx server, connect using remmina
use some bash's computation ("((i=i+j*j))"),
branching ("if ... ; then ... ; else ... ; fi"),
looping ("for ((i=0;i<3;++i)); do echo $i; done", "for i in qwe rty ; do echo
${i} ; done")
read manuals about bash builtin commands, sw,
syscalls library functions using man
setup vsftpd FTP server (anonymous)
setup shared folders server (using windows protocols?) (samba)
use shared folders (using windows protocols) (mount.cifs)
create tun-interface in c++ program. fragment and transfer IPv4 packets
using sliding window protocol (send using udp) (read tcp rfc for sliding
window protocol, IPv4 rfc)
create bash-scripts which backup/restore firefox settings
multiply "arbitrarily" long integers in c++ program, with
some extra output
(windows) setup filezilla server
workaround OOBEKEYBOARD error during Windows 10 installation:
Shift+F10
> net user Administrator /active:yes
> cd oobe
> msoobe.exe
internet suggests waiting about 20 minutes, then reset
launch firefox with profiles usage. Put firefox launch command
into .bat-file (windows) or bash-script (linux):
firefox -ProfileManager -no-remote
analyze UTF-8 encoding. Brief theory:
utf-8
bytes 0xc0, 0xc1, 0xfe, 0xff are forbidden
each number can be minimally encoded using n bits, with 0 encoded
as "" (empty sequence of bits)
examples: (bitness = number of bits in encoded presentation)
columns: number bitness encoded [comments]
0 0 "" (only here this encoding differs from standard
positional encoding system, which uses "0" to represent 0)
1 1 "1"
2 2 "10"
3 2 "11"
4 2 "100"
5 2 "101"
22 5 "10110"
when n >= 0, numbers in range [2^n, 2^(n+1)) have bitness n+1
(0 has bitness 0)
encode:
0- 7 bits: fill representation (see above) with leading zeroes
up to 8 bits long sequence. encode as is (1 ASCII byte)
8-11 bits: (fill ... 11 bits long ... ) 5+1*6. 110xxxxx 10yyyyyy
here, 5+1*6 means: using 5 bits of data from 1st UTF-8 byte and
6 bits of data from each of next (1) UTF-8 bytes
12-16 bits: (fill ...) 4+2*6. 1110xxxx 10yyyyyy 10zzzzzz
17-21 : (fill ...) 3+3*6. 11110xxx 10yyyyyy 10zzzzzz 10tttttt
22-26 : (fill ...) 2+4*6. 111110xx 10yyyyyy 10zzzzzz 10tttttt
10uuuuuu
27-31 : (fill ...) 1+5*6. 1111110x 10yyyyyy 10zzzzzz 10tttttt
10uuuuuu 10pppppp
more bits (thoughts not from standard):
32-36: 0+6*6 11111110 10yyyyyy * 6
37-42: 11111111 c0 10yyyyyy * 7
43-48: 11111111 c1 c0 10yyyyyy * 8
49-54: 11111111 c1 c1 c0 10yyyyyy * 9
55-60: 11111111 c1 c1 c1 c0 10yyyyyy * 10
read next line 11111111 c1*k c0 10yyyyyy * (8+k-1)
from 6*(8+k-2)+1 to 6*(8+k-1)
alternative "more bits" (thoughts not from standard):
32-36: 0+6*6 11111110 10yyyyyy * 6
37-42: 11111111 c0 10yyyyyy * 8
43-48: 11111111 c1 c0 10yyyyyy * 9
49-54: 11111111 c1 c1 c0 10yyyyyy * 10
55-60: 11111111 c1 c1 c1 c0 10yyyyyy * 11
read next line 11111111 c1*k c0 10yyyyyy * (8+k-1)
from 6*(8+k-2)+1 to 6*(8+k-1)
in c++ program analyze character stream encoded using UTF-8.
program:
#include
using namespace std;
void work_with_seq(int len, unsigned long long int bits) {
unsigned char uc;
for (int i = 0 ; i < len-1; ++i) { // len bytes, got 1, expecting
// len-1
uc = cin.get();
if (cin.eof()) {
cout << "unexpected end of input. aborting sequence of " << len
<< " bytes" << endl;
return;
}
cout << "read byte (decimal) " << (int) uc << "from input" <<
endl;
if ((uc & (unsigned char)0xc0) != 0x80) { // not 10xxxxxx
cout << "unexpected byte. code (decimal) = " << (int)uc <<
". aborting sequence of " << len << " bytes" << endl;
return;
} else {
bits <<=6;
bits |= (uc & (unsigned char)0x3f);
}
}
cout << "got unicode symbol. code (decimal) = " << bits << endl;
}
void work_with_nonascii_seq(unsigned char uc)
{
unsigned long long int startbits;
int len;
if ((uc & (unsigned char)0xe0) == 0xc0) { // 110xxxxx
startbits = uc & (unsigned char)0x1f;
len = 2;
} else if ((uc & (unsigned char)0xf0) == 0xe0) { // 1110xxxx
startbits = uc & (unsigned char)0x0f;
len = 3;
} else if ((uc & (unsigned char)0xf8) == 0xf0) { // 11110xxx
startbits = uc & (unsigned char)0x07;
len = 4;
} else if ((uc & (unsigned char)0xfc) == 0xf8) { // 111110xx
startbits = uc & (unsigned char)0x03;
len = 5;
} else if ((uc & (unsigned char)0xfe) == 0xfc) { // 1111110x
startbits = uc & (unsigned char)0x01;
len = 6;
}
work_with_seq(len, startbits);
}
int main()
{
unsigned char uc;
uc = cin.get();
for (;!cin.eof();uc = cin.get())
{
cout << "read byte (decimal) " << (int) uc << "from input" <<
endl;
if (uc < 0x80) { // ascii
if (uc < 32){ // newline, cr, specials, tab, vtab [, ...]
cout << "ascii special symbol. code (decimal) = " << (int)uc <<
endl;
}
else {
if (uc < 127) {
cout << "ascii printed symbol \'" << uc << "\'. code (decimal)"
<< " = " << (int)uc << endl;
}
else {
cout << "ascii special symbol. code (decimal) = " << (int)uc <<
endl;
}
}
}
else {
if (uc == 0xc0 || uc == 0xc1 || uc == 0xfe || uc == 0xff) {
cout << "forbidden byte. code (decimal) = " << (int)uc <<
". ignoring" << endl;
} else {
work_with_nonascii_seq(uc);
}
}
}
return 0;
}