Cli

.bashrc Beispiele

Applying changes To apply changes from this article to your .bashrc (without ending subshells), do: $ source ~/.bashrc oder $ . .bashrc Or, if you want, you can build your prompt using the ✓ unicode symbol for a zero status and the ✗ unicode symbol for a nonzero status: 0 ✓ andy@alba ~ $ true 0 ✓ andy@alba ~ $ false 1 ✗ andy@alba ~ $ I will try to type a wrong command... bash: I will try to type a wrong command...: command not found 127 ✗ andy@alba ~ $ _ # return value visualisation PS1="[33[01;37m]$? $(if [[ $? == 0 ]]; then echo "[33[01;32m]342234223"; else echo "[33[01;31m]342234227"; fi) $(if [[ ${EUID} == 0 ]]; then echo '[33[01;31m]h'; else echo '[33[01;32m]u@h'; fi)[33[01;34m] w $[33[00m] " Alternatively, this can be made more readable with `PROMPT_COMMAND`: set_prompt () { Last_Command=$? # Must come first! Blue='[e[01;34m]' White='[e[01;37m]' Red='[e[01;31m]' Green='[e[01;32m]' Reset='[e[00m]' FancyX='342234227' Checkmark='342234223' ## Add a bright white exit status for the last command PS1="$White$? " # If it was successful, print a green check mark. Otherwise, print # a red X. if [[ $Last_Command == 0 ]]; then PS1+="$Green$Checkmark " else PS1+="$Red$FancyX " fi # If root, just print the host in red.

Continue reading

Ansible AD HOC Command Examples – Ansible Cheat Sheet

Ansible AD HOC Command Examples - Ansible Cheat Sheet Excerpt Ansible ad hoc commands are one-liners designed to achieve a very specific task they are like quick snippets and your compact swiss army knife when you want to do a quick task across multiple machines. Simply put, Ansible ad hoc commands are single-line Linux shell commands, and a playbook is like a shell script, a collection of multiple commands with logic. Ansible special commands are single lines designed to accomplish a very specific task. They are like quick extractors and your compact Swiss army knife when you want to complete a task quickly on multiple machines. Simply put, Ansible ad hoc commands are single-line Linux shell commands, and a playbook is like a shell script, a collection of multiple commands with logic. Ansible special commands are useful when you want to perform a quick task. We’ve collected over 20 examples that will help you get started with Ansible AD HOC commands. This is your Ansible AD HOC command cheat sheet or Ansible cheat sheet. Prerequisites Must install Ansible (only on the control machine, remember there is no agent) Some remote virtual machines to test, you can use vagrant to build them.

Continue reading

Ansible apt module Examples - install with apt

Excerpt Ansible APT Package manager is an Ubuntu equivalent for RedHat yum package manager. Just like all other ansible modules apt ansible module is built after one specific unix command of Debian apt-get It is always recommended to choose the modules rather using the raw unix commands over the shell module as it would bring more standard and fault tolerance to your Ansible Playbook The Ansible APT package manager is the Ubuntu equivalent of the RedHat yum package manager. Just like all other Ansible ‘apt’ modules, the Ansible module is built after the Debian-specific Unix ‘apt-get’ command You should choose modules instead of using raw Unix commands instead of shell modules as this will bring more standards and fault tolerance to your Ansible Playbook. So how to use apt ansible module in playbook or in special way. GOOD!. This article will cover the ansible apt module in detail with various examples. Introduction to ansible apt module Ansible apt module manages apt packages in Debian or Ubuntu systems. In typical Ubuntu machine, in order to install a package, you would execute the following command apt install nginx Same way here in ansible, the following playbook/play would do that for you

Continue reading

Ansible Command Module Examples

Excerpt Ansible Command module is used to execute commands on a remote node. The Command module is mainly used to execute simple Linux commands on a remote node/server that is part of a server group or a standalone server mentioned in the server group. If you want to run some simple shell commands on a remote server, you can use Ansible Command Module Examples The Ansible Command module is used to execute commands on the remote node. The Command module is mainly used to execute simple Linux commands on a remote node/server that is part of a server group or a standalone server mentioned in the server group. If you want to run some simple shell commands on a remote server, you can use this Ansible command module . But when there are no overly complicated shell commands or two commands concatenated with PIPE. you cannot use this command module and you must choose the shell module instead of this one. Not just a pipe, if you use one of these characters like | > < in your command you should consider using the shell module Where to use Ansible SHELL and Where to use Ansible COMMAND? ls -lrt /etc/httpd/conf is simple and can be executed with Ansible command module

Continue reading

Ansible Dry Run – How to Run Playbook in Ansible Check mode

Excerpt Introduction Ansible Dry Run or Ansible Check mode feature is to check your playbook before execution like Ansible’s –syntax-check feature. With Ansible Dry Run feature you can execute the playbook without having to actually make changes on the server. With Ansible Dry Run you can see if the host is getting changed or not. Introduction Ansible Dry Run or Ansible Check mode feature is to check your playbook before execution like Ansible’s --syntax-check feature. With Ansible Dry Run feature you can execute the playbook without having to actually make changes on the server. With Ansible Dry Run you can see if the host is getting changed or not. Here is a sample playbook is written to install and start the Apache HTTPD web server. --- - name: Playbook hosts: webservers become: yes become_user: root tasks: - name: ensure apache is at the latest version yum: name: httpd state: latest - name: ensure apache is running service: name: httpd state: started Our objective is to install Apache web server and start it but if we want to see if it would affect/change the host or throw error . We can Dry Run this Playbook with no further ado, Let me tell you how to Run the Ansible Playbook in Check mode or dry run mode ASCII Video

Continue reading

Ansible Find Example 0s – How to use Ansible Find

Excerpt The Ansible search module works similarly to the Find Linux command and allows searching files and folders based on various search criteria like file age, access date, modification date, expression search pattern regular, etc. As stated earlier, this is a more feasible way to run the Linux find command with an inbuilt standard, this module is designed. As stated earlier, this is a more efficient way to run the Linux find command with an existing standard. This module is intended for use on Linux servers only. For Windows, you should use the win_find module instead. Because this will also be the command to replace Linux Find. I will list all 0 examples equivalent to Linux Find. Example 01: Find all the log files older than 30 days with Ansible Find In this section, we are going to see how ansible find is going to help us find the more than 30 days old files. The Linux find Command Here is the command that you would ideally execute in the Linux OS find /var/log -name "*.log" -type f -mtime +30 The Ansible Find AdHoc Command The same Linux command can be rewritten as ansible ad hoc command as follows

Continue reading

Ansible Reboot system and wait_for reboot to complete - Middleware Inventory

Ansible Reboot system and wait_for reboot to complete Excerpt The Objective The purpose of this post is to explain with an example of how ansible initiate the reboot and wait for the reboot to complete There are cases where we want our remote nodes to be rebooted or restarted. For example, Take the Patching as an example. As part of quarterly patching, we upgrade the installed software and packages and do The Objective The purpose of this article is to explain with an example how Ansible initiates a reboot and waits for the reboot to complete. There are cases where we want our remote nodes to be rebooted or restarted. For example, let’s take patching as an example. As part of our quarterly patches, we upgrade installed software and packages and perform many other tasks as well as a final reboot for the changes to take effect. When we restart the server (box). Your ansible read may fail due to error “Shared connection closed” But this can be avoided and you can reboot the box and wait for the server to reboot and then run validation or tests after reboot. How to reboot and wait for it to complete with ansible There are many methods to accomplish this

Continue reading

Fail2ban jail to mitigate DoS attacks against Apache

Fail2ban jail to block DoS attacks against Apache Excerpt Using a Fail2ban jail to mitigate simple DoS attacks against Apache. # Block a single IP $ iptables -A INPUT -s <IP> -j DROP # Unblock it $ iptables -D INPUT -s <IP> -j DROP Recently, one of our shared hosting webservers got hit by a DoS attack. The attacker started a larger vulnerability scan against common Wordpress security issues. We already had common brute-force attack patterns on Wordpress covered by a custom Fail2Ban jail, which mainly trapped POST requests to xmlrpc.php or wp-login.php (the usual dumb WP brute-force attacks…). But this DoS attack had hundreds of customer sites as target and did not get trapped by our existing rules. After having blocked the attacker’s IP (glad this was no large-scale DDoS!), I wrote an extra Fail2Ban jail which traps such simple DoS attacks. It’s a very basic Fail2Ban jail that should cover common attacks and should not cause any false positives as it is only getting triggered by a large amount of failed GET requests. There are other good articles about setting up such Fail2Ban jails to block simple DoS, but they didn’t quite fit our needs: Using fail2ban to mitigate simple DOS attacks against apache (or why I am a terrible sysop) Install fail2ban to protect your site from DOS attacks Requirements What we would like to accomplish:

Continue reading

Fail2ban persistent banning

Fail2ban persistent banning Excerpt Persistent IP banning using Fail2ban’s recidive jail. If you are using Fail2ban, there is no standard recommended way to persistently ban IPs. Some people recommend to do this outside of Fail2ban, using e.g. iptables-persistent, which is actually super easy to install and configure. But let’s say, we don’t want to install any extras and want to accomplish the same with Fail2ban, as we already have fail2ban on every single host (which is a must!). But this did not work out for me. The thing is, if we extend actionstart in action.d/iptables-multiport.conf (or iptables-multiport.local override) as recommended in above tutorials, that is not going to add any IPs on a Fail2ban restart, but only once the first IP gets added to any jail. So these are my two proposed solutions: Using recidive jail (ban for 1 week) The provided recidive jail/filter monitors the fail2ban log file, and enables you to add long time bans for ip addresses that get banned by fail2ban multiple times. Default configuration looks like this: jail.conf [recidive] logpath = /var/log/fail2ban.log banaction = %(banaction_allports)s bantime = 1w findtime = 1d Simply enable this jail, e.g. in jail.d/custom.conf: jail.d/custom.conf [recidive] enabled = true We could then ban an IP manually for a whole week by adding it to that jail:

Continue reading

HowTo secure apache2 with lets Encrypt on Debian 12

How To Secure Apache with Let’s Encrypt on Debian 12 Excerpt Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to get a free SSL certificate for Apache on Debian 12 and configure your certificate for auto-renewal. Introduction Let’s Encrypt is a Certificate Authority (CA) that provides a way to obtain and install free TLS/SSL certificates), thereby enabling encrypted HTTPS on web servers. It helps the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx. In this tutorial, you will use Certbot to get a free SSL certificate for Apache on Debian 12 and configure your certificate for auto-renewal. This tutorial will use the native Apache virtual host file instead of the default configuration file. We recommend that you create new Apache virtual host files for each domain as this helps avoid common errors and keep the default files as a fallback configuration. Prerequisites To follow this tutorial, you will need:

Continue reading

SSH via HTTP - proxytunnel

SSH via HTTP — proxytunnel Excerpt SSH is a hugely powerful tool for communicating with and manipulating remote machines, and as a result many companies fear it and try to block it. As such, many corporate firewalls block port 22, the port naturally used by SSH. However, few corporations can afford to block ports 80 or 443, the ports designated for http traffic. SSH is a hugely powerful tool for communicating with and manipulating remote machines, and as a result many companies fear it and try to block it. As such, many corporate firewalls block port 22, the port naturally used by SSH. However, few corporations can afford to block ports 80 or 443, the ports designated for http traffic. It is possible to work around these firewalls by configuring SSH to listen on either port 80 or 443. However, this approach is only suitable if you are not already using, or planning to use, port 80 or 443 to serve your websites. There is, however, another option. If you have are running an Apache webserver, you can configure it to act as an HTTP or HTTPS proxy and use it to forward SSH traffic that comes in on ports 80 and 443 to your SSH server.

Continue reading

Tunneling using SSH server listening on port 443

Tunneling using SSH server listening on port 443 Configuring SSH server to listen on port 443 To configure SSH server to listen on port 443, probably along with port 22 use following steps: Edit ‘/etc/ssh/sshd_config’ file Use following configuration for port: Port 22 Port 443 Restart ssh using ‘service sshd restart’ Connecting to SSH server over port 443 To connect to a machine over port 443 when direct connection to port 443 is allowed use: ssh -p 443 <username>@<server_FQDN_or_ip> Connecting to SSH server port 443 through HTTP Proxy server If direct connection to port 443 is not allowed and use of proxy server is necessary to access Internet then use following steps to connect to SSH server using proxy server: Install corkscrew program on machine using steps mentioned at Connecting to SSH server listening on port 443 using HTTP proxy server with HTTP CONNECT Enable use of corkscrew for ssh as mentioned the same page by modifying ‘/etc/ssh/ssh_config’ and entering something similar to: Host * ProxyCommand corkscrew <proxy-server> <proxy-port> %h %p In this case SSH to all machines would be forwarded through proxy server. If this is not desired and only SSH to specific machine is desired are required to be forwarded using proxy then use:

Continue reading

Useful Basic Commands of APT-GET and APT-CACHE for Package Management

Useful Basic Commands of APT-GET and APT-CACHE for Package Management Excerpt This article explains how quickly you can learn to install, remove, update and search software packages using apt-get and apt-cache commands from the command line. This article explains how quickly you can learn to install, remove, update and search software packages using apt-get and apt-cache commands from the command line. This article provides some useful commands that will help you to handle package management in Kali-Linux or Debian/Ubuntu based systems. APT-GET and APT-CACHE Commands What is apt-get? The apt-get utility is a powerful and free package management command line program, that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform installation of new software packages, removing existing software packages, upgrading of existing software packages and even used to upgrading the entire operating system. What is apt-cache? The apt-cache command line tool is used for searching apt software package cache. In simple words, this tool is used to search software packages, collects information of packages and also used to search for what available packages are ready for installation on Debian or Ubuntu based systems. 1. HowTo List All Available Packages? To list all the available packages, type the following command.

Continue reading