Posts Tagged ‘linux’

explainshell: a invocation-to-manpage parser

December 3, 2013 Leave a comment

I must say, explainshell is amazing.

Just take it for a quick ride and see how easy it is to understand complex command invocations.

rsync -p –chmod=+rwx -e “ssh -i userserver.pem” –copy-unsafe-links -rz user@server:~/ /db_backups/www/

Even some of the argus-clients are also parsed, although I have run into some missing argument explanations.

The author states that currently “ contains the entire archive of Ubuntu,” but you can submit changes to him. You can also host your own… powershell? nxos & ios?


Why I’ll always defend my superfulous use of `cat`

August 6, 2013 Leave a comment

I’ve come across forum posts and ##linux heads talking about how using:

cat file | grep re

…is really excessive and slow and poor and I suck.

Today, I spent about 15 minutes working on a regex to search a debug log file for the python script I recently wrote for taking argus userdata records and placing DNS data into a DB. It was crashing because I don’t handle absent records. The flows must be perfect (meaning src>dst userdata and dst>src userdata must be present). If the flows aren’t perfect, then I will get some unexpected input back, and, due to me asking for a string at an index that doesn’t exist, since there’s no data, blammo. Granted, it can be fixed with a conditional, I still wanted to understand what was going on.

AFter fiddling with regex and grep for 15 minutes, I realized that grep kept recognizing the file as binary. A ddg later and I located a stackoverflow thread with several answers… one of which was:

cat /var/log/radump2dnsdb.log | strings | grep '^.*\ s\[0].*$\|^.*\ d\[0].*$'

This will work fine for this instance (particularly because each line has a unique identifier), but David (the original asker), points out flaws related to the ability for `.*` to match binary data. The accepted answer is thorough and takes this case into account.

So, never again will I not be piping my `cat` output into `grep`, and I don’t care what you say.

By the way… my script seems to tolerate absent destination user data, but doesn’t tolerate absent source user data. Yikes.

[update ca. august 7th, 2013]
Of course, I’ve fixed the problems with the script!

Tags: , ,

vortex IDS on RHEL/centos/fedora:

July 11, 2013 4 comments

Following this greatly.

Add the fedora repo:

echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo
echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo
echo baseurl=\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo
echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo
echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo
echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo

Download and build:

yum -y install make gcc gcc-c++ libnids-devel libnet-devel libpcap-devel
tar zxvf vortex-*.tgz
cd vortex-*
gcc vortex.c -lnids -lpthread -Wall -o /usr/local/sbin/vortex
gcc xpipes.c -lpthread -Wall -o /usr/local/bin/xpipes

Grepping for N occurances of a string or character within a line:

July 8, 2013 2 comments

The following will grep for one backslash in a line:

grep "^[^\\]*\\[^\\]*$" du_report.log

The following will grep for three backslashes in a line:

grep "^[^\\]*\\[^\\]*[^\\]*\\[^\\]*[^\\]*\\[^\\]*$" du_report.log

The following will grep for one, two, or three backslashes in a line:

grep "^[^\\]*\\[^\\]*[^\\]*\\[^\\]*[^\\]*\\[^\\]*$\|^[^\\]*\\[^\\]*[^\\]*\\[^\\]*$\|^[^\\]*\\[^\\]*$" du_report.log

A comment by Lee, also suggest using extended grep commands:

grep -E ‘\\{1,3}’ du_report.log

^ = beginning of line regex character
[^\\] = beginning of line regex character followed by a backslash
* = any character
\\ = backslash
$ = end of line regex character


Monitoring output of ps or monitoring process resource utilization stats in linux

June 28, 2013 Leave a comment
while true ; do echo $(date '+%H:%M:%S'): $(ps -o rss $(pgrep rasqlinsert) | grep -v RSS) ; sleep 2 ; done > ~/test.log & 

use the following to obtain the process ID of the backgrounded job:

job -p

To kill the background job:

kill -9 [pid]

Also see:
Standard Format Specifiers


Fortigate /proc tree

June 3, 2013 Leave a comment

Encrypting “the disk” on a enterprise linux 6 system

May 23, 2013 Leave a comment

I searched long and hard for a specific write up on how to encrypt “the disk” of an enterprise linux (centos6, red hat 6, fedora 6) system and came up empty handed. I found an old write up that I started to dive into, until I hit the GUI part.

I immediately realized why I had so much trouble finding a write up for CentOS6… it is too easy to detail.
Read more…

%d bloggers like this: