Shell Script to get the network list by domain name

If you followed my guide HERE and HERE you might be wondering if there is no easier/more automated way of doing it, and in fact there is a simple script that you could build.


#!/bin/bash
if [ "$#" -eq 0 ]; then
  echo "Usage: ./${0}  [v4|v6]"
  exit 1
fi

FILTER="route"
if [ "$#" -eq 2 ]; then
  if [ "$2" == "v4" ]
  then
     FILTER="route:"
  fi
  if [ "$2" == "v6" ]
     then
         FILTER="route6:"
  fi
fi

WHOISSERVER="whois.radb.net"
IPN=$(dig +short $1 | head -1)
ASN=$( whois -h ${WHOISSERVER} ${IPN} | grep -i origin | tr -s " " | cut -d " " -f2)
for i in $ASN; do
  whois -h ${WHOISSERVER} -- "-i origin ${i}" | grep ^${FILTER} | tr -s " " | cut -d " " -f2-
done

 
While this script is handy and it’s nice to know the networks of the large players of the internet, you shouldn’t be too trigger happy with its output, for example if you attempt to block just the domain “example.com” this way you would block a WHOLE LOT more than you are expecting,the primary goal of this script not to be an input for iptables but to be a guide of which networks belongs to whom.
 

Bonus:

You can make the list shorter by aggregating smaller networks in a bigger CIDR, for example “192.168.0.0/24” and “192.168.1.0/24” could be expressed as “192.168.0.0/23”
HERE you can find a python script that accept as input a list of networks, all you need to do is pipe the output of the script above in this script and you’ll get an optimized list.
an example to get a nice list of CIDRs of the facebook network.


./getnetworks.sh facebook.com | aggregate6

It should output the following as of 2019-11-02:


31.13.24.0/21
31.13.64.0/18
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
102.132.96.0/20
103.4.96.0/22
129.134.0.0/16
157.240.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
199.201.64.0/22
204.15.20.0/22
2401:db00::/32
2620:0:1c00::/40
2803:6080::/32
2a03:2880::/32
2a03:2887:ff34::/48

Sources:

https://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook
https://gist.github.com/normoes/829d65866c8bf6d32b13f020479b172b
https://developers.facebook.com/docs/sharing/webmasters/crawler
https://github.com/job/aggregate6

Get AS(Autonomous System) Number By domain name

If you followed my last post HERE you might be wondering “That’s great and all, but how do I find the AS number in the first place?”.

If you are running Linux it’s easy:

First install dig and whois:

If you are using Centos/Fedora:


yum install bind-utils whois -y

 
In case you are using Debian/Ubuntu:


apt install dnsutils whois -y

 
After that to get the IP number associated with the domain.


dig +short facebook.com | head -1

 
The output should be an IP address in example:


31.13.91.36

 
With the IP address in hand to get the ASN you just need to run:


whois -h whois.radb.net '31.13.91.36' | grep -i origin | tr -s " " | cut -d " " -f2

 
Voila the output should be the AS number(s)


AS32934

 
And with most things on the internet these lists are not static so you should build a script to update them from time to time.

Sources:

https://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook
https://gist.github.com/normoes/829d65866c8bf6d32b13f020479b172b
https://developers.facebook.com/docs/sharing/webmasters/crawler

Get IP address Space By AS(Autonomous System) Number

Sometimes you need to get all possible address blocks of a network but most of the time there is no easy way to figure it out, looking at you Facebook and Google, but fear not sysadmin we have one handy trick up in our sleeve, by using whois with the AS number of the company we can build this kind of list.
 
We’ll use Facebook(AS32934) as an example, but it should work for any Autonomous System.


whois -h whois.radb.net -- "-i origin AS32934" | grep ^route | tr -s " " | cut -d " " -f2-

Continue reading “Get IP address Space By AS(Autonomous System) Number”

Centos 7 with IPV6 at Server4You

As of 2019-10-01, the hosting company server4you.com doesn’t support IPv6, but if you want to test IPv6 or support your IPv6 capable clients there are still a few tricks you can try.
A good way is to use a broker to create a 6in4 tunnel with your IPv4 to the IPv6 enabled internet.

***** Disclaimer *****
 
This guide DOES NOT WORK if you are using their offerings of the vServer family because it’s powered by OpenVZ, but it will work perfectly with the VDS family powered by KVM or with their dedicated servers.
This is NOT a “true” IPv6 solution as you will use a tunnel broker to make a 6in4 tunnel, but it gets the job done for most workloads.
 
***** End Of Disclaimer *****
 
You start by creating an account at Hurricane Electric and then creating a tunnel there pointing to your server IP address, you should preferably choose a tunnel server that is near your server but this is not strictly necessary.
Continue reading “Centos 7 with IPV6 at Server4You”

Zombasite error while loading shared libraries: libpng12.so.0

If you are trying to run Zombasite GoG Version and the game is not starting properly what you can do to try and debug the issue is to run in in a terminal and see the output.


~/GOG\ Games/Zombasite/start.sh

 
If you get de following output:


Running Zombasite
./Zombasite: error while loading shared libraries: libpng12.so.0:
 cannot open shared object file: No such file or directory


 
This output means you are missing at least libpng12.
Continue reading “Zombasite error while loading shared libraries: libpng12.so.0”

RIP Sound Card Audio in Linux

Sometimes you need a quick and dirty way of ripping the audio of your sound card, in Linux you can easily do it with the following script:


#!/bin/bash
set -x
WAV="$1"
if [ -z "$WAV" ]; then
    echo "Usage: $0 OUTPUT.WAV" >&2
    exit 1
fi
rm -f "$WAV"

# Get sink monitor:
MONITOR=$(pactl list | egrep -A2 '^(\*\*\* )?Source #' | \
    grep 'Name: .*\.monitor$' | awk '{print $NF}' | tail -n1)
echo "set-source-mute ${MONITOR} false" | pacmd >/dev/null

# Record it raw, and convert to a wav
echo "Recording to $WAV ..."
echo "Close this window to stop"
parec -d "$MONITOR" | sox -t raw -b 16 -e signed -c 2 -r 44100 - "$WAV"

 
Store it somewhere in your PATH, and when you need to record the audio just use it as:


./soundRipper.sh output.wav

 
If you don’t want to store wave files you can convert it as shown HERE

Sources:

https://outflux.net/blog/archives/2009/04/19/recording-from-pulseaudio/
https://www.pantz.org/software/alsa/recording_sound_from_your_web_browser_using_linux.html

Convert wav files to mp3

When you want to convert a wave file to MP3, one of the simplest ways you’ll find is by using ffmpeg.

If you use Debian, you can install it with:

apt install ffmpeg

 
If you use Centos you can install it following this steps:

sudo rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum localinstall nux-dextop-release-0-5.el7.nux.noarch.rpm -y 
yum update
yum install ffmpeg -y

 
After that, you just need to specify the files input and output names

ffmpeg -i input.wav -acodec mp3 -ab 256k output.mp3

 

Sources:

https://lonewolfonline.net/convert-wav-mp3-linux/
https://linuxadmin.io/install-ffmpeg-on-centos-7/

Apache+php-fpm the right way

The simplest, and probably the correct, way to configure php-fpm with apache in Centos 6/7 is by using SetHandler and ProxySet directives.

The snippet bellow show a simple Virtual Host example, just change lines 2 3 and 6 and you are good to go.


<VirtualHost *:80>
    ServerAdmin [email protected]
    Servername example.com
    Options +Indexes
    DirectoryIndex index.php                                                                                                                    
    DocumentRoot /var/www/html
    # Register php-fpm as the handler for (.*).php files.
    <FilesMatch \.php$>
         SetHandler "proxy:fcgi://localhost:9000"
    </FilesMatch>
    # Configure the proxy
    <Proxy fcgi://localhost:9000>
        ProxySet connectiontimeout=5 timeout=240
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler
    # so we can gracefully fail.
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]
</VirtualHost>

 
Continue reading “Apache+php-fpm the right way”

Install php7.2 CentOS 6.X and 7.X

As PHP versions 5.6 and 7.0 reach End Of Life you might want to update to something newer and supported, unfortunately the official CentOS repositories don’t have PHP versions 7.1 or 7.2 yet, but with a third-party repository and a bit of fiddling it’s easy to update, and more importantly keep it updated, your server PHP version.
 
Just run as root:
Continue reading “Install php7.2 CentOS 6.X and 7.X”