Monday, November 19, 2012

-(Sent from my iPhone..from this Galaxy)



Most of the emails I read these days are  -(Sent from their iPhone/Pad..or far Galaxy) . Aiiiich!!

Gone are those days when emails used to end normally and a whole  new trend of adding techno-centric gadget prideful signature has evolved.

Is it true that  the folks who does not yet have OR not preferred to have an iPhone or iPad -  if an email signature through such device has a one such  with such hint depicts a boastful 'prestige'  act. ?

Personally, when I get an email reply on some serious issue from someone which says "Sent from my iPad/iPhone/..far Galaxy" - I sometimes tend to conclude that the person places little value on their time  when it was a very sensitive talk in a case where sender probably expected more responsible response with quality time.   I might be wrong - however  if I try to analyze the rational - two simple possibilities  comes to my mind -  (1) either the sender is prideful and a boaster (2) OR the user has no idea how to change the signature and hasn't even bothered to learn where it comes from.. BUT I am trying to analyze a 3rd  possibility here. Please enlighten me with your comments :-)

 Peoples are busier and timely response is also so very critical. Excluding this set of community,  for the rest it can be their own choice. However we definitely wont get a pay cheque from such giants marketing team :P



With smart phones we should also grow smart and I guess I really know how to remove that signature from my gadget BUT am still using it - reason ? so that people can excuse me for my brevity and typos and purely for a quicker response.  But I still prefer  to respond all my mails with enough detail and adequate data and quality time if it is such sensitive.

Well.. trend has definitly changed.  Often we check mails on the go!! Until otherwise study on behavioral science proves, I believe reading  OR replying an email on a laptop or on a iPhone would affect or change our decisions at all !! 

And most of them so called proudy and douchy folks wont probably ever have a signature - "Sent while on my brand new Lexus" and even if they do - I believe email signature would be such a unfortunate place to do so!

-(Wrote from my good old laptop)
-(!Sent from my iPhone given by my company)


Tuesday, September 18, 2012

disown

When a UNIX process ends it also terminates all the child process that started under the parent PID (PPID). A process tree command on UNIX terminal can show you entire tree structure of PID and  PPID.
 
#pstree -A -p pid

However today what I want to discuss here is a common problem we face while working on a long running process and want to leave the terminal/ or log out the server  - still keeping the process intact when I am back to the console.

For ex. I started a long running SCP command and when I am back after couple of hrs. it should still be running.  Ofcourse we can use screen utility  for this - BUT I wanted to explore the 'disown` UNIX command for this task.

The How:

[root@DebaTestBox ~]# scp ABigFile.bak  user@remoteServer:/destination/location/

ABigFile.bak                                 12% 2864KB   12.8MB/s 3:56:23 ETA

The ETA is ~4hrs still.

[root@DebaTestBox ~]# bg+1
[root@DebaTestBox ~]# disown %1

Done!  Now you can safely exit your terminal and return back later to check the progress. The job will still be running uninterrupted. So now - disown tells the shell to forget that the specified job is a child process of the shell, meaning that the shell won't kill it on exit.

What actually happened:

When you ran disown %1 (i.e. first background) job - the pid  31614 is nolonger attached to your shell now.

[root@DebaTestBox ~]# ps -ef | grep scp
10001    31614 28489  0 07:35 pts/1    00:00:00 scp ABigFile.bak  user@remoteServer:/destination/location/
10001    31615 31614  2 07:35 pts/1    00:00:00 /usr/bin/ssh -x -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes user@remoteServer scp -t /destination/location/
10001    31618 28489  0 07:35 pts/1    00:00:00 grep scp

Where 31615 is pid of BASH shell. See below

[root@DebaTestBox ~]# pstree -A -p 31614
scp(31614)---ssh(31615)
So had to logged out of the Shell - even your SCP process would have died. 

[root@DebaTestBox ~]#

Now see the output after I disowned and when logged back in after some hrs. 

[root@DebaTestBox ~]# ps -ef | grep scp
10001    31614     1  0 07:35 ?        00:00:00 scp ABigFile.bak  user@remoteServer:/destination/location/

The SCP process is now part of PID 1

Important Point: * disown will NOT actually move the process in the pstree immediately. Movement will happen when you close the shell.

Below are some important switches you can use with  disown command -
  • -a -  This will disown all the jobs  (here you don't have to specify a job number e.g. disown %1)
  • -h - make disown behave more like nohup (i.e. the jobs will stay in your current shell's process tree until you exit your shell) This allows you to see all the jobs that this shell started.
  • -r - only disown running jobs. 
Hope it helps.

Thanks/-
D




Tuesday, July 24, 2012

Empty out multiple file contents all at once


There are various ways to do so - BUT below is what I found a quicker / shorter and very precise.


#echo FileNames | xargs -n1 cp /dev/null

In my case I was trying zip out an archive keeping apache log file name along with other important confg files  BUT without their(apache logs)  heavy content inside them - the data which is already stale for me.

#echo ws*_access.log  | xargs -n1 cp /dev/null

-DK

Sunday, June 10, 2012

Has my SSL cert Expired?


I know Browser gives this info - but if you wanna use this info somewhere in a script etc. this command can be definitely handy!

[root@DebaTestBox ~]# echo | openssl s_client -connect mysite.com:443 2>/dev/null |openssl x509 -dates -noout

notBefore=Mar 20 00:00:00 2012 GMT

notAfter=Apr 19 23:59:59 2016 GMT

[root@DebaTestBox ~]#

Below will actually give you how many days left for expiry  -

#Cat WillExpire-in.sh
end_date=`openssl s_client -showcerts -connect mysite.com:443  
/dev/null | sed -n 's/ *Not After : *//p'`

if [ -n "$end_date" ]
then
    end_date_seconds=`date '+%s' --date "$end_date"`

    now_seconds=`date '+%s'`

    echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi

Thanks/-

D

Rethink Automation !!

Is it true that - Technologies and accelerated growth of automation has a tendency of eating jobs?

I recently attended one workshop where most of the participants were upcoming talented Software engineers and on the same topic one said "I hate seeing repeating tasks people do in operations domain - things should be automated"

First of all - I really love this energy and always have possessed huge respect for our engineers who has been contributing to this modern world - we need them and their innovation more than ever.

However - at the heart of Engineering domain  specially Software Engineering - there is a belief that - everything in this world can be automated. Engineers give us Engines - Engines replaces humans. But can everything be automated?

One of my earlier assignment was in a Healthcare domain and that time HIPAA regulations were in full enforcement. The IT help-desk was always reminding us NOT to keep any printed reports etc. in Printer tray and advised to collect immediately and either secured under the lock or shred them immediately.

But one user had a problem - "I usually do not have time to immediately collect and sometimes I am always waiting as multiple people send their print to the common printer and I am just waiting.. - is there a setting you can suggest in my PC to send them directly to the shredder if I am late or forget to collect it." IT guys was stunned!  - Yeah!! rethink Automation :-) 

Scope is important to identify - then with the purpose comes the shared sense of destiny and finally a fine balance, defined boundary and enforcement.

Bill Gates says : "The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency." - how true.


As we advance in technology up-gradation or replacement - it reverses every situation and characteristics yet again and sometimes even forces us to comprehend a situation or even adopt a very different approach  to the problem resolution.

Human mindset is also very important -  else you will  end up on untouched and unused tools if automation necessarily is a tool. Vagueness and interpretation of the term itself sometimes tend to raise confusion and can even mislead us in wrong direction.

Just to wrap up - Don’t put up with repetitive, manual tasks - we must strive to automate them - with a vision to pursue continuous improvement to support long term growth and sustained viability. And most importantly - let it help achieve higher degree of centralization BUT not encourage or strengthen monopolistic tendencies.


-DK











Friday, June 8, 2012

Edit file content under compressed archive


When we have a compressed archive ( .tar.gz/ .gz/.zip etc.) and you want edit the content of one of the file inside - it's NOT needed to uncompress that archive really.

Just do a #vim testArchive.tar.gz 
Then point the file you need to edit the content save and come out. That's it!  You will have the modifed archive without that extra step.

Hope it helps!

-DK

Get Your Public External IP From Command Line


Ya this is needed in many such occasion -  like Proxy white-listing / Getting access through 3rd party Firewall / troubleshooting anything on web server specific to your request etc.

On linux Command prompt I would do somethign like this :

[root@DebaTestBox ~]# wget -O - -q icanhazip.com 
14.16.135.X
[root@DebaTestBox ~]# curl ifconfig.me/ip
14.16.135.X
[root@DebaTestBox ~]#





Eventhough there are many such sites(most of them are flooded with ads!!)  - who gives your Outgoing NAT public IP info - I know some lighter once -

http://ipcheck.rehbein.net/
http://checkrealip.com/
http://dynamic.zoneedit.com/checkip.html
http://www.raffar.com/checkip/
http://www.thisip.org/
http://testip.edpsciences.org/
http://mwburden.com/cgi-bin/getipaddr
http://www.tanziars.com/
http://www.naumann-net.org/
http://www.antifart.com/stuff/checkip/
http://checkip.eurodyndns.org/

Woindows users can simply type any of these above URL in the browser -  not sure - if we can use any cmd like you can do in *NIX console.

PS: Please add to the list if you know more secured one's

Thanks/-
D K

Monday, April 23, 2012

Save time - and effort with 'mutt' attachments



Mutt - is a terminal-based e-mail client for unix kind of Operating systems- and has capability to send email attachements as well. However lets remember its a pure MUA and needs a working Mail Transfer Agent (MTA) such as sendmail / postfix etc.

Today I was observing an incident where user was copying a file to /tmp on the file server and  from his windows desktop cmd prompt transferred to his desktop and then finally sent it to another user through his outlook..

Hope you are getting what I am trying to point out here ..

Rather a smart way could have been -

[root@DebaTestBox scripts]# mutt -s "latest User.properties" -a User.properties User@domain.com < bodymessageIfAny.txt

and Done!

-DK

Sunday, March 25, 2012

Free Best OCR

I just needed a cool yet Free OCR tool and were trying hands on multiple available. BUT finally found the below 3 to be the best in order of perfection and efficiency -


  1. OnlineOCR ( One +plus is that - it gives me a download option with various output format)
  2. Free-OCR
  3. NewOCR

Extract of text from image format is so simplified !!

The Engineering attempts at automated recognition of printed characters started much before World War II. But it was only by early 1950's some commercial attempt was undertaken to have funded R&D on this area.

OCR has taken new feats & heights - I know some of the Engineering efforts from IITG where Handwritten Character Recognition has taken a whole new dimension and heading for interesting feats in this niche area.

Thanks/-

DK




Sunday, March 4, 2012

OS Fingerprinting

Yo Dawg! You never told me its a pure Windows box and I wasted my time trying to do SSH rather than a RDP! A common fuming statement by most of the Ops guys !?

OS Fingerprinting is normally used by attackers to probe a wide variety of hosts and add them in their hit-lists for the next application/OS exploit is released. Idea is they should not be trying IIS exploits against Linux hosts.


Well - in either case lets empower ourselves too how this can be done.

Network traffic from a computer system can be captured and analyzed to detect what OS the host is running. This is possible due to differences in how the TCP/IP stack is implemented in various operating systems.

The TCP/IP fields that may vary include the following:

  1. Initial packet size (16 bits)
  2. Initial TTL (8 bits)
  3. Window size (16 bits)
  4. Max segment size (16 bits)
  5. Window scaling value (8 bits)
  6. "don't fragment" flag (1 bit)
  7. "sackOK" flag (1 bit)
  8. "nop" flag (1 bit)
Some of the most common known TTL and TCP windows set is shown below:

Operating System(OS)

Intial TTL

TCP Windows

size

Linux Kernel (2.4 and 2.6)

64

5840

Windows XP

128

65535

Windows 7, Vista and Server 2008

128

8192

Free BSD

64

65535

Cisco Router (IOS 12.4)

255

4128

Solaris

255

8760

WINDOWS 2000

128

16384







The initial TTL value usually is a little tricky job to analyze since the TTL value of a sniffed packet varies depending on where you sniff it from. The sender system will set the TTL value to the Operating Systems default TTL value - but this value will then be decremented by one (-1) for every router the packet passes through on its way to the destination IP address. Hence an IP packet with a TTL value of 55 can therefore be expected to be a packet with an initial TTL of 64 that has done 9 router hops before it was sniffed.


Very common tool that can be used -

Ping:

As I said ICMP ping is always the first thing and arrive at some initial level of idea what OS the host might be running

Nmap:

I would try multiple nmap combinations to come to a conclusion:

nmap -sV -P0 -O debatestBox.com
nmap -O -v debatestBox.com
nmap -sV debatestBox.com
nmap -vv -O -P0 debatestBox.com

XProbe2:
Xprobe2 is a basically remote, active OS fingerprinting tool -

[root@DebaTestBox ~]# xprobe2 crusador.sdtie.com

Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu

[+] Target is crusador.sdtie.com
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping - ICMP echo discovery module
[x] [2] ping:tcp_ping - TCP-based ping discovery module
[+] Primary guess:
[+] Host 10.X.X.X Running OS: "OpenBSD 2.5" (Guess probability: 90%)



To be contd/-


-DK

Tuesday, February 28, 2012

Prevent a rpm from Being Updated via patching

A common scenario - unneeded packages got updated via patching and a working application Stopped functioning.

If you you don't want to update it even if a newer version is available YUM actually has a plugin called yum-versionlock.

1. Install the yum-plugin-versionlock package.

2. Make sure - /etc/yum/pluginconf.d/versionlock.conf exists, and contains the following text: enabled = 1

3. Add the list of packages which you do not want to be updated to /etc/yum/pluginconf.d/versionlock.list.

Each package should go on its own line. For example:

screen-4.0.3-4.el5

desktop-backgrounds-basic-2.0-37


That's it!!


[root@svn01dev ~]# yum install screen
Loaded plugins: security, versionlock
Reading version lock configuration
Setting up Install Process
Nothing to do
[root@svn01dev ~]#

Cheers!
D E B A

Monday, February 27, 2012

Automatically reboot server On kernel panic

There is a way to auto reboot your servers on Kernel Panic. This is helpful in a situation where your servers are remote and needs time to arrange a hard reboot.

echo X>/proc/sys/kernel/panic , where X is the timeout in seconds, The kernel waits X seconds and reboots.

e.g. echo "1" > /proc/sys/kernel/panic

Above it is 1 sec. BUT usually I keep it 10sec or more to believe that the problem was transitory.

  1. kernel.panic = 1 initiates a hard system reboot whenever the system runs into a kernel panic.
  2. kernel.panic_on_oops = 1 extends that behavior to oopses (the kernel will then treat any oops just like it treats a panic)

Thanks/-
DK

Sunday, February 26, 2012

insecure password practice in Wget

Wget 1.12 onwards - you don't have to specfy password on command line itself - rather use somethign as below:

wget --user=cvs --ask-password http://svn1.codemagicstore.com/Tools/trunk/WebSense/deploy/secureTools.war -O /cvs/secureTools.war

However since script should also be unattended - please user user/pasword pair in /etc/wgetrc OR ~/wgetrc

user=cvs
password=secret


Thanks/-
D E B A

Saturday, February 25, 2012

space command

Someone was fuming why do you provide password at console! anyone can see it later.

Yo Dawg!

if I a prefix a space in my linux command it does not save it in History!

-DK


Wednesday, February 22, 2012

magic SysRq key to reboot server ..

I am sure most of has seen this issue earlier -

[root@DebaTestBox ~]# reboot
bash: /sbin/reboot: Input/output error
[root@DebaTestBox ~]# shutdown -r now
bash: /sbin/shutdown: Input/output error

Whats the rescue - call the data center guy and hard reboot.

WAIT!! **Just try this :

Theere is some issue with your disc for sure and thats why the kernel is unable to access the '/sbin/reboot' and '/sbin/shutdown' binaries from the disk so that it could execute them.


A fsck in next boot is mandatory now BUT what you need right away is - some way to reboot this BOX. Do we have something to tell the kernal bypassing anything or any command on disc.

Yes!

There is this "magic SysRq key" for your rescue.


First you must activate the magic SysRq option:

How To:

echo 1 > /proc/sys/kernel/sysrq

When you are ready to reboot the machine simply run the following:

echo b > /proc/sysrq-trigger

(Note: This will reboot your server, without trying to umount any file system)

BUT pleas remember this should only be used in dire situation as it wont do any umount of the currently mounted file systems. BUT if your drive is already failing then that may not be a concern.

Make the Sysrq setting permanent -

echo "kernel.sysrq = 1" >> /etc/sysctl.conf

More magic keys here

Thanks/-
D e b a

Sunday, February 19, 2012

SSL cert Expiry Date

Why to depend on some sites for this - be a geek and use your Bash Shell ^_^

[root@DebaTestBox ~]# openssl s_client -showcerts -connect mySite.com:443 > mySite.cert < / dev / null

[root@DebaTestBox ~]# openssl x509 -in mySite.cert -text -noout | awk '/After/ || /DNS/'
Not After : Feb 9 01:21:59 2013 GMT

[root@DebaTestBox ~]#

Thanks/-
DK

GoLive Checklist

Usually we start a project against a SOW(Statement Of Work) and until goLive or final Beta testing we do a lot of communication back and forth to respective BU and try to make sure things at our end is perfect and communication keeps flowing. BUT running behind various deadlines we feel to have a checklist just to make sure things are still looking tidy and various servers for the said project is healthy and hardened enough to face the cruel(!) traffic.

Please find this link to download my GoLive checklist!

[***Download here***]

Hope it helps!

-DK

  Expand your network at ease : Six Degrees of Separation! PC: Psych2Go Did you know that you are just six connections away from any person ...