Linux Automation: Difference between revisions
		
		
		
		Jump to navigation
		Jump to search
		
| (31 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| =Setup a proxy server for apt= | =Setup a proxy server for apt= | ||
|   echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf |   echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf | ||
| *Using NTLM (untested) | |||
|  Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; | |||
|  OR | |||
|  Acquire::http::Proxy "http://MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; | |||
| *General Test | *General Test | ||
|   curl http://microsoft.com --proxy myserver.com.com:port |   curl http://microsoft.com --proxy myserver.com.com:port | ||
| *Or set Proxy env | |||
|  export http_proxy=myserver.com.com:port | |||
|  export https_proxy=myserver.com.com:port | |||
| *Unset | |||
|  unset http_proxy | |||
|  unset https_proxy | |||
| =Update using apt= | =Update using apt= | ||
| Line 45: | Line 58: | ||
|   PollIntervalMaxSec=2048 |   PollIntervalMaxSec=2048 | ||
| *OR | *OR via bash | ||
|   NTP1='ntp1.service.domain.com' |   NTP1='ntp1.service.domain.com' | ||
|   NTP2='ntp2.service.domain.com' |   NTP2='ntp2.service.domain.com' | ||
| Line 119: | Line 132: | ||
|   [monitor://$SPLUNK_HOME//var/log/audit/audit.log] |   [monitor://$SPLUNK_HOME//var/log/audit/audit.log] | ||
|   index = _internal |   index = _internal | ||
| =fdisk= | |||
| *Label as GPT and set the partition type to "Linux LVM (31)" on Disk /dev/sdc | |||
|  (echo g; echo n; echo 1; echo ""; echo ""; echo t; echo 31; echo w) | fdisk /dev/sdc | |||
| =disk commands= | |||
| fdisk | |||
| cfdisk ... | |||
| parted | |||
| lsblk | |||
| blkid | |||
| mount | |||
| tune2fs | |||
| df | |||
| lvs | |||
| vgs | |||
| =Proxy usage with curl= | |||
| *Simple: | |||
|  curl -x http://51.13.110.27:3128 -L ipconfig.io | |||
| General:  | |||
|  curl -x http://x.x.x.x.:3128 --proxy-user user:pass -L ipconfig.io | |||
| *IP Properties | |||
|  curl -x http://x.x.x.x:3128 -L https://ipapi.co/json | |||
| *Using NTLM | |||
|  curl --proxy-ntlm --proxy-user user:password --proxy http://wwwproxy.domain.com:8080  https://ipconfig.io | |||
| =Telnet test with curl= | |||
|  curl -v telnet://target ip address:desired port number | |||
| =Proxy usage with git= | |||
|  ~$ export https_proxy=user@prox.domain.com:8080 | |||
|  ~$ git clone https://github.com/mozilla/sops.git | |||
| =SSH long time to login= | |||
| *Set in /etc/ssh/sshd_config | |||
|  UseDNS no | |||
| =Show deleted files which are still open= | |||
|  lsof | grep "(deleted)" | |||
| =Add Systemuser= | |||
| *Instead of adduser | |||
| useradd --system --home-dir /var/log/abcd --create-home abcd | |||
| =List recursive by size= | |||
|  ls -lhS /etc/*.csv | |||
| =Search string in files= | |||
|  grep -r searcharg /etc | |||
| =Tar= | |||
| *Create gz options | |||
|  tar czvf | |||
| *Untar / recover from archive into a soecified destination | |||
|  docker exec -it shrestore bash -c "cd /usr/local/data && tar xvf /tmp/backup.tar --strip 1 " | |||
| =Grep= | |||
| ==Grep and print n lines after match== | |||
| *Grep 10 lines is the search was found | |||
|  grep -A 10 "search exp" /dir | |||
| ==Grep for arg, recursive for specific file types== | |||
|  grep -ir "searcharg" --include="*.conf" . | |||
| ==Grep for arg, recursive for specific file types, exclude from output== | |||
|  cat something.txt | grep -v exclude | |||
| =dpkg to apt= | |||
| *Dump package names only | |||
|  #!/usr/bin/perl | |||
|  while (<>) { | |||
|   if (/^ii\s+([0-9a-zA-Z_\-\:\.\+]*)\s+/) { | |||
|    print "$1\n"; | |||
|   } | |||
|  } | |||
| *Apply | |||
|  #dpkg --list | grep "perl" | ./dpkg2apt.pl | |||
| =Process by Time= | |||
|  ps -eo pid,lstart,cmd | |||
Latest revision as of 09:39, 18 September 2024
Setup a proxy server for apt
echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf
- Using NTLM (untested)
Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; OR Acquire::http::Proxy "http://MYNAME:MYPASS@MY.PROXY.COM:MYPORT";
- General Test
curl http://microsoft.com --proxy myserver.com.com:port
- Or set Proxy env
export http_proxy=myserver.com.com:port export https_proxy=myserver.com.com:port
- Unset
unset http_proxy unset https_proxy
Update using apt
- Possible commands
apt-get -y upgrade
apt-get -y upgrade; logger "APT has been applied"
unattended-upgrade --dry-run -d
Create crontab automatically
~# echo 'MAILTO=""' > mycron ~# echo "00 05 * * * apt-get update && apt-get -y upgrade | logger ~# sudo crontab mycron ~# rm mycron
Users and Groups
Configure sudo to gain root privileges for users
- /etc/sudoers (use visudo -f)
root ALL=(ALL:ALL) ALL
- Add user joe to sudo
usermod -a -G sudo joe
- Add a system user (no shell)
useradd -M systemuser
- Prevent login
usermod -L systemuser
Clear History at logout
echo "history -c" | sudo tee /etc/bash.bash_logout
Time
- Configure /etc/systemd/timesyncd.conf
[Time] NTP=ntp1.service.domain.com FallbackNTP=ntp2.service.domain.com RootDistanceMaxSec=5 PollIntervalMinSec=32 PollIntervalMaxSec=2048
- OR via bash
NTP1='ntp1.service.domain.com' NTP2='ntp2.service.domain.com' echo " [Time] NTP=$NTP1 FallbackNTP=$NTP2 RootDistanceMaxSec=5 PollIntervalMinSec=32 PollIntervalMaxSec=2048" >> /etc/systemd/timesyncd.conf
- Status:
~# timedatectl status
- Reload
~# systemctl restart systemd-timesyncd
World writeable files
- Find only
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002
- Find and reset
mapfile -t ww_array < <(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002)
for i in "${my_array[@]}"
do
 echo "Reset World Writeble File: " $i
 chmod o-w $i
done
ww_array=()
Unattended Splunk Forwarder Install
See this: https://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount
- Get Binary
wget -q https://coolscript.org/download/splunk/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb -O /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb
- Install
dpkg -i /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb
- Get the seed config
wget -q https://coolscript.org/download/splunk/user-seed.conf -O /opt/splunkforwarder/etc/system/local/user-seed.conf
- Start unattended the very first time
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt
- OR
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --gen-and-print-passwd
- Autostart at boot
/opt/splunkforwarder/bin/splunk enable boot-start
Add Splunk Receiver
- Edit /opt/splunkforwarder/etc/system/local/outputs.conf
[tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = x.x.x.x:9997 [tcpout-server://x.x.x.x:9997]
Include Auditd into splunk
- Install auditd
~# apt-get install auditd audispd-plugins
- Include into the Splunk Forwarder in /opt/splunkforwarder/etc/system/local/inputs.conf
[monitor://$SPLUNK_HOME//var/log/audit/audit.log] index = _internal
fdisk
- Label as GPT and set the partition type to "Linux LVM (31)" on Disk /dev/sdc
(echo g; echo n; echo 1; echo ""; echo ""; echo t; echo 31; echo w) | fdisk /dev/sdc
disk commands
fdisk cfdisk ... parted lsblk blkid mount tune2fs
df lvs vgs
Proxy usage with curl
- Simple:
curl -x http://51.13.110.27:3128 -L ipconfig.io
General:
curl -x http://x.x.x.x.:3128 --proxy-user user:pass -L ipconfig.io
- IP Properties
curl -x http://x.x.x.x:3128 -L https://ipapi.co/json
- Using NTLM
curl --proxy-ntlm --proxy-user user:password --proxy http://wwwproxy.domain.com:8080 https://ipconfig.io
Telnet test with curl
curl -v telnet://target ip address:desired port number
Proxy usage with git
~$ export https_proxy=user@prox.domain.com:8080 ~$ git clone https://github.com/mozilla/sops.git
SSH long time to login
- Set in /etc/ssh/sshd_config
UseDNS no
Show deleted files which are still open
lsof | grep "(deleted)"
Add Systemuser
- Instead of adduser
useradd --system --home-dir /var/log/abcd --create-home abcd
List recursive by size
ls -lhS /etc/*.csv
Search string in files
grep -r searcharg /etc
Tar
- Create gz options
tar czvf
- Untar / recover from archive into a soecified destination
docker exec -it shrestore bash -c "cd /usr/local/data && tar xvf /tmp/backup.tar --strip 1 "
Grep
Grep and print n lines after match
- Grep 10 lines is the search was found
grep -A 10 "search exp" /dir
Grep for arg, recursive for specific file types
grep -ir "searcharg" --include="*.conf" .
Grep for arg, recursive for specific file types, exclude from output
cat something.txt | grep -v exclude
dpkg to apt
- Dump package names only
#!/usr/bin/perl
while (<>) {
 if (/^ii\s+([0-9a-zA-Z_\-\:\.\+]*)\s+/) {
  print "$1\n";
 }
}
- Apply
#dpkg --list | grep "perl" | ./dpkg2apt.pl
Process by Time
ps -eo pid,lstart,cmd