Archive

Posts Tagged ‘linux’

explainshell: a invocation-to-manpage parser

December 3, 2013 Leave a comment

I must say, explainshell is amazing.

Just take it for a quick ride and see how easy it is to understand complex command invocations.

rsync -p –chmod=+rwx -e “ssh -i userserver.pem” –copy-unsafe-links -rz user@server:~/ /db_backups/www/

Even some of the argus-clients are also parsed, although I have run into some missing argument explanations.

The author states that currently “explainshell.com contains the entire archive of Ubuntu,” but you can submit changes to him. You can also host your own… powershell? nxos & ios?

Advertisements

Why I’ll always defend my superfulous use of `cat`

August 6, 2013 Leave a comment

I’ve come across forum posts and ##linux heads talking about how using:

cat file | grep re

…is really excessive and slow and poor and I suck.

Today, I spent about 15 minutes working on a regex to search a debug log file for the python script I recently wrote for taking argus userdata records and placing DNS data into a DB. It was crashing because I don’t handle absent records. The flows must be perfect (meaning src>dst userdata and dst>src userdata must be present). If the flows aren’t perfect, then I will get some unexpected input back, and, due to me asking for a string at an index that doesn’t exist, since there’s no data, blammo. Granted, it can be fixed with a conditional, I still wanted to understand what was going on.

AFter fiddling with regex and grep for 15 minutes, I realized that grep kept recognizing the file as binary. A ddg later and I located a stackoverflow thread with several answers… one of which was:

cat /var/log/radump2dnsdb.log | strings | grep '^.*\ s\[0].*$\|^.*\ d\[0].*$'

This will work fine for this instance (particularly because each line has a unique identifier), but David (the original asker), points out flaws related to the ability for `.*` to match binary data. The accepted answer is thorough and takes this case into account.

So, never again will I not be piping my `cat` output into `grep`, and I don’t care what you say.

By the way… my script seems to tolerate absent destination user data, but doesn’t tolerate absent source user data. Yikes.

[update ca. august 7th, 2013]
Of course, I’ve fixed the problems with the script!

Tags: , ,

vortex IDS on RHEL/centos/fedora:

July 11, 2013 4 comments

Following this greatly.

Add the fedora repo:

echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo
echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo
echo baseurl=http://download1.fedora.redhat.com/pub/epel/\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo
echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo
echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo
echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo

Download and build:

cd
yum -y install make gcc gcc-c++ libnids-devel libnet-devel libpcap-devel
wget http://sourceforge.net/projects/vortex-ids/files/latest/download?source=files
tar zxvf vortex-*.tgz
cd vortex-*
gcc vortex.c -lnids -lpthread -Wall -o /usr/local/sbin/vortex
gcc xpipes.c -lpthread -Wall -o /usr/local/bin/xpipes

Grepping for N occurances of a string or character within a line:

July 8, 2013 2 comments

The following will grep for one backslash in a line:

grep "^[^\\]*\\[^\\]*$" du_report.log

The following will grep for three backslashes in a line:

grep "^[^\\]*\\[^\\]*[^\\]*\\[^\\]*[^\\]*\\[^\\]*$" du_report.log

The following will grep for one, two, or three backslashes in a line:

grep "^[^\\]*\\[^\\]*[^\\]*\\[^\\]*[^\\]*\\[^\\]*$\|^[^\\]*\\[^\\]*[^\\]*\\[^\\]*$\|^[^\\]*\\[^\\]*$" du_report.log

A comment by Lee, also suggest using extended grep commands:

grep -E ‘\\{1,3}’ du_report.log

^ = beginning of line regex character
[^\\] = beginning of line regex character followed by a backslash
* = any character
\\ = backslash
$ = end of line regex character

References:

Monitoring output of ps or monitoring process resource utilization stats in linux

June 28, 2013 Leave a comment
while true ; do echo $(date '+%H:%M:%S'): $(ps -o rss $(pgrep rasqlinsert) | grep -v RSS) ; sleep 2 ; done > ~/test.log & 

use the following to obtain the process ID of the backgrounded job:

job -p

To kill the background job:

kill -9 [pid]

Also see:
Standard Format Specifiers

References:

Fortigate /proc tree

June 3, 2013 Leave a comment

Encrypting “the disk” on a enterprise linux 6 system

May 23, 2013 Leave a comment

I searched long and hard for a specific write up on how to encrypt “the disk” of an enterprise linux (centos6, red hat 6, fedora 6) system and came up empty handed. I found an old write up that I started to dive into, until I hit the GUI part.

I immediately realized why I had so much trouble finding a write up for CentOS6… it is too easy to detail.
Read more…

%d bloggers like this: