ipcalc – bash IP Calculator

ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design subnets and supernets. It is also intended to be a teaching tool and presents the subnetting results as easy-to-understand binary values.

Enter your netmask(s) in CIDR notation (/25) or dotted decimals (255.255.255.0). Inverse netmasks are recognized. If you omit the netmask ipcalc uses the default netmask for the class of your network. Look at the space between the bits of the addresses: The bits before it are the network part of the address, the bits after it are the host part. You can see two simple facts: In a network address all host bits are zero, in a broadcast address they are all set.

 

 

 

ipcalc is available from most Linux distro’s repo’s and from brew on mac’s.

Reference:
man ipcalc
http://jodies.de/ipcalc

httpstat

httpstat visualizes curl statistics in a way of beauty and clarity.

You can use to measure the speed of your webserver and see how long it takes to load up static or dynamic html pages. It’s a Python script that can be installed onto any Linux system with Python installed and also available with brew on Macs.

 

Installation

There are three ways to get httpstat:

Usage

python httpstat.py ausinfotech.net

python httpstat.py <a href="https://ausinfotech.net/blog/anchore-container-security-analysis/">https://ausinfotech.net/blog/anchore-container-security-analysis/</a> 

Reference:
https://github.com/reorx/httpstat

 

Anacron or Cron

If you use cron to schedule jobs on a server that might be scheduled for shutdown and startup e.g. AWS or Cloud VPS server then anacron may be a better fit. In addition anacron would be better suited to a laptop/desktop computer.

From the man page:

Anacron can be used to execute commands periodically, with a frequency specified in days. Unlike cron(8), it does not assume that the machine is running continuously. Hence, it can be used on machines that aren’t running 24 hours a day, to control daily, weekly, and monthly jobs that are usually controlled by cron. When executed, Anacron reads a list of jobs from a configuration file, normally /etc/anacrontab (see anacrontab(5)). This file contains the list of jobs that Anacron controls. Each job entry specifies a period in days, a delay in minutes, a unique job identifier, and a shell command.

For example I use anacron to schedule an image of the disk with “Image for Linux” by TeraByte Unlimited http://www.terabyteunlimited.com/image-for-linux.htm – if the computer is not on or hasn’t ran for sometime anacron will take care of it.

Example:

I want to run an image job every 7 days and if my computer is not on during the 7th day, anacron will kick it off 20 minutes after the computer/server has started.

edit /etc/anacrontab

 7   20   /etc/iflbu.sh 

For Cron or crontab see https://ausinfotech.net/blog/linux-cron-jobs/

Man page for anacron: http://manpages.ubuntu.com/manpages/trusty/man8/anacron.8.html

 

Password protect a VIM file

You can password protect a file using VIM – it’s built right in. To do this either edit a current file or create a new file e.g. testdata.txt and press :X

Enter a password and confirm it, now save the file with a :w and finally quit the file. When you reopen the file you will need to enter the password in order to view the contents.

 

 

If the password is entered incorrectly, you can’t read the contents:

 

 

You can also create a file with encryption turned on by including the -x switch e.g.

 vim -x test2.txt 

man vim for more details.

 

Anchore – Container Security Analysis

Anchore provides you with insight and control over the contents of your containers from the start of development all the way to production. Anchore delivers container security solutions for developers, operations, and security teams to deliver insight and control over the contents, security and compliance of containers from the start of development all the way to production. By allowing the creation of policies for security and compliance that are evaluated by Anchore at each stage of the build pipeline, Anchore ensures that only images containers that adhere to an organisation’s policies are deployed.

What’s Inside Your Container Images?
With Docker and containers it’s never been easier to deploy and run any application. Developers now have access to thousands of applications ready to run right “off the shelf” and the ability to quickly build and publish their own images.

In addition to the application, the container image may contain hundreds of packages and thousands of files including binaries, shared libraries, configuration files, and 3rd party modules. Any one of these components may contain a security vulnerability, an outdated software module, a misconfigured configuration file or simply fail to comply with your operational or security best practices.

For more details and to download/install:
https://anchore.com

Solve sudo sending useless emails “problem with defaults entries”

Whenever a user (whether sssd-ad authenticated user, or local user, or root) uses sudo, it works. But it also sends the administrator a useless email. This problem is caused by sudo looking for directives in a place it cannot find them: sss.
Check the /etc/nsswitch.conf file and modify the sudoers entry.

 sudoers: files sss 

The sss should not be there. The sssd-ad package adds itself there, but very few environments store sudoers directives in sss. It’s far more likely your directives are local, so you should have a /etc/nsswitch file entry like the following:

 sudoers: files 

Thanks to this post for pointing the above out:
https://bgstack15.wordpress.com/2016/06/06/solve-sudo-sending-useless-emails-problem-with-defaults-entries/

rclone

Rclone is a command line program to sync files and directories to and from:

  • Google Drive
  • Amazon S3
  • Openstack Swift / Rackspace cloud files / Memset Memstore
  • Dropbox
  • Google Cloud Storage
  • Amazon Drive
  • Microsoft OneDrive
  • Hubic
  • Backblaze B2
  • Yandex Disk
  • SFTP
  • The local filesystem

Features:

  • MD5/SHA1 hashes checked at all times for file integrity
  • Timestamps preserved on files
  • Partial syncs supported on a whole file basis
  • Copy mode to just copy new/changed files
  • Sync (one way) mode to make a directory identical
  • Check mode to check for file hash equality
  • Can sync to and from network, eg two different cloud accounts
  • Optional encryption (Crypt)
  • Optional FUSE mount (rclone mount)

More info at https://rclone.org/

cmder

Cmder http://cmder.net/ is a software package created out of pure frustration over the absence of nice console emulators on Windows. It is based on amazing software, and spiced up with the Monokai color scheme and a custom prompt layout, looking sexy from the start.

Highly recommend installing the full version as it provides all the Linux utils including ls for a dir in Windows!

snap – snapcraft.io

Package any app for every Linux desktop, server, cloud or device, and deliver updates directly. Snap packages are a great way of running apps in an isolated state without using VMs or Containerisation. The website http://snapcraft.io has more details and examples such as this to get going:

A snap is a fancy zip file containing an application together with its dependencies, and a description of how it should safely be run on your system, especially the different ways it should talk to other software. Most importantly snaps are designed to be secure, sandboxed, containerised applications isolated from the underlying system and from other applications. Snaps allow the safe installation of apps from any vendor on mission critical devices and desktops.

Try this (you may need to install snapd)

 $ sudo snap install hello-world 

Now you have installed a snap. You can take a look inside the snap very easily, it shows up as a new directory on your system:

$ cd /snap/hello-world/current/

$ tree
.
├── bin ← this directory structure is just for convenience
│ ├── echo there is no hardcoded structure requirement other
│ ├── env than meta/snap.yaml
│ ├── evil
│ ├── sh
│ ├── showdev
│ └── usehw
└── meta ← your snap must have this directory
├── icon.png ← no prizes for guessing what this is
└── snap.yaml ← this is the required metadata

 

LXD Update Script

Simple shell script wrapper to update all lxd container hypervisor images running Debian or Ubuntu Linux. Run the below script on the host of your lxd server to update all the lxd containers running Ubuntu or Debian. Could be modified to suit CentOS/RedHat OS and/or you container OS of choice.

Script:

#!/bin/bash
# A simple shell script to update all lxd container hypervisor
# URL: https://bash.cyberciti.biz/virtualization/shell-script-to-update-all-lxd-container-hypervisor/
# Tested on : Ubuntu 16.04 LTS lxd server
# Tested on : Ubuntu/Debian lxd container hypervisor only
# ----------------------------------------------------------------------------
# Author: nixCraft
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 14 Aug 2016
# ----------------------------------------------------------------------------
# Set full path to bins
_apt="/usr/bin/apt-get"
_lxc="/usr/bin/lxc"
_awk="/usr/bin/awk"
# Get containers list
clist="$(${_lxc} list -c ns | ${_awk} '!/NAME/{ if ( $4 == "RUNNING" ) print $2}')"
# Use bash for loop and update all container hypervisor powered by Debian or Ubuntu
# NOTE: for CentOS use yum command instead of apt-get
for c in $clist
do
echo "Updating Debian/Ubuntu container hypervisor \"$c\"..."
${_lxc} exec $c ${_apt} -- -qq update
${_lxc} exec $c ${_apt} -- -qq -y upgrade
${_lxc} exec $c ${_apt} -- -qq -y clean
${_lxc} exec $c ${_apt} -- -qq -y autoclean
done

Reference:
https://bash.cyberciti.biz/virtualization/shell-script-to-update-all-lxd-container-hypervisor/