RH7/Centos7 – umask – setuid – setguid

UMASK
By default the OS wants to create files with a permission of 666 and directories with permission of 777.
The umask configuration of a US determines the final default permissions given to a file and directory upon creation.

The umask numerical value of lets say 002 stands for 0=u 0=g 2=o

So if you want to find the default permission given to the creation of a file then you will need to subtract 666-002=664 and for a directory 777-002=775

SETUID and SETGUID
To give elevated temporary privileges to a file you can use the SETUID by issuing the chmod command in the following way.

 
[gmastrokostas@desktop ~]$ chmod 4755 index.html 
[gmastrokostas@desktop ~]$ ll index.html 
-rwsr-xr-x. 1 gmastrokostas gmastrokostas 53310 Oct 11 02:51 index.html
[gmastrokostas@desktop ~]$ chmod 2755 index.html 
[gmastrokostas@desktop ~]$ ll index.html 
-rwxr-sr-x. 1 gmastrokostas gmastrokostas 53310 Oct 11 02:51 index.html
Share Button

virt-install examples

Create VM using a local ISO – No kickstart file

virt-install \
--name=centos7test \ 
--ram=1024 \
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=8 \
--vcpus=1 \
--os-type=linux \
--os-variant=rhl7 \
--network bridge=virbr0 \
--console pty,target_type=serial \
--nographics \
--location /root/isos/CentOS-7-x86_64-Everything-1708.iso \
--extra-args=console=ttyS0; 

Create VM using a kickstart file via HTTPD

 virt-install \
--name=centos7test \
--ram=1024 \ 
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=8 \
--vcpus=1 \
--os-type=linux \
--os-variant=rhl7 \
--network bridge=virbr0 \ 
--console pty,target_type=serial  \
--nographics \
--location /root/isos/CentOS-7-x86_64-Everything-1708.iso \
--extra-args="console=ttyS0, ks=http://192.168.0.2/test.cfg"; 

Important note for the Kistarst file via HTTPD
Provided you speficy the http location of the kickstart file in the virt-install command, in the kickstart file as source installation you should use the following entry.

#Install source
cdrom
Share Button

GRUB2 – RH/Centos7

Interrupt Boot process to gain access to a system to change password

  1. When Grub appears press E
  2. At the end of the image entry enter “rd.break
  3. Press Ctrl-x
  4. You will now boot into init RAM FS.
  5. Mount the sysroot directory  “mount -oremount,rw /sysroot/
  6. Change root into sysroot “chroot /sysroot/
  7. Change root password “passwd” 
  8. If SELInux is enabled you will need to re-label all files by creating file in the / directory of sysroot called .autorelabel
  9. Exit.

How to boot to a different targets
During boot when Grub2 appears press e and at the end of the image enter one of the following:
systemd.unit=multi-user.target” or “systemd.unit=emergency.target

General Settings of GRUB2

The file you are interested in is /etc/default/grub. You can edit this file but you will have to run the following command in order for the changes to take affect.

grub2-mkconfig -o /boot/grub2/grub.cfg

To get the list of the kernels displayed at boot time, type:

grep ^menuentry /boot/grub2/grub.cfg

To permanently define the kernel to execute at boot time

grub2-set-default 0
Share Button

virsh – Manage VMs

List all VMs

virst list --all

[root@desktop ~]# virsh list --all
Id Name State
----------------------------------------------------
- centos7.0 shut off
- centos7.0-2 shut off

Create a snapshot

virsh snapshot-create-as --domain centos7.0-2 \
> -- name "Testing"\
> -- description "Testing stuff"\
> -- live

List any snapshots of a VM

virsh snapshot-list --domain centos7.0-2
Name Creation Time State
------------------------------------------------------------
testing--description 2017-10-22 15:35:40 -0400 shutoff

Revert to a snapshot

virsh snapshot-revert centos7.0-2  testing--description

Power up/off a VM

virsh start/shutdown centos7.0-2 

Find IP of VM By using the MAC address

[root@desktop ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.1              ether   28:56:5a:e9:3a:0b   C                     enp5s0
192.168.0.8              ether   74:2f:68:f7:32:0e   C                     enp5s0
192.168.124.148          ether   52:54:00:27:86:b6   C                     virbr0
192.168.0.5              ether   70:85:c2:29:cf:a3   C                     enp5s0
192.168.0.4              ether   d0:50:99:09:38:63   C                     enp5s0

[root@desktop ~]# virsh domiflist centos7.0-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
vnet0      network    default    virtio      52:54:00:27:86:b6

Enable/Disable Auto Start of guest upon boot

[root@desktop ~]# virsh autostart centos7.0-2 
Domain centos7.0-2 marked as autostarted

[root@desktop ~]# virsh autostart centos7.0-2  --disable
Domain centos7.0-2 unmarked as autostarted


Share Button

How to remove a port from a VLAN.

Following assumes you want to remove ports 6 to 15 from interface 0.

1
2
3
interface range fa 0/6-15
no switchport mode access
no switchport access vlan 50
Share Button

Ansible – Enable and Restart a service

In this case “syslog-ng” has been used.

- hosts: [targethosts]

  become: yes
  become_method: sudo

  tasks:
    - name: Gather Executing User Name
      command: whoami
      always_run: yes
      register: executing_user_id
      delegate_to: 127.0.0.1
    - name: Restart syslog-ng service
      service: name=syslog-ng  state=restarted
    - name: Enable service
      service: name=syslog-ng  enabled=yes

    - name: Start writing to Ansible Log file
      lineinfile: dest="/var/log/ansible_history" line="TI-4003 syslog-ng  -  DATE {{ ansible_date_time.iso8601 }} - USER {{ executing_user_id.stdout }}" create=yes state=present insertafter=EOF
Share Button

Python – Put name of files in a list and also generate dynamically variables associated with each file

Python – Put name of files in a list and also generate dynamically variables associated with each file

files_list = []  #Putting all files in a list
for files in glob.glob("*"):
     files_list.append(files)

vars_dict = {} #creating variables for each file dynamically with a dictionary
for elem_files in range(len(files_list)):
    vars_dict[elem_files] = files_list[elem_files]
Share Button

Python – Merge two lists, eliminate duplicates, detect items that do not overlap between lists

Merge two lists, eliminate duplicates, detect items that do not overlap between lists

 f_master_list    = open('master-list','r')
f_second_list  = open('my_list','r')

master_list  = []
second_list = []

for line in f_master_list:
    master_list.append(line.strip())

for line in f_second_list:
    second_list.append(line.strip())

#print master_list
#print second_list_list
print ""
print "-----------------------------------------------"
print "Below items are unique to each list."
print "-----------------------------------------------"
print  set(master_list).symmetric_difference(second_list)
print ""
print ""
print "---------------------------------------------------------------"
print "Merging both lists and removing duplicates"
print "---------------------------------------------------------------"
results = list(set(master_list+second_list))

results.sort()
master_list.sort()
second_list.sort()


print "master_list has   ",   len(master_list), "elements"
print "second_list has ",     len(second_list), "elements"
print "The updated list has", len(results), "elements"
print results

for items in results:
    print items
Share Button

Python 2.7 – Generate GET requests from web server

This script generates simple GET requests from a web server. Threading is used in order to generate multiple GET requests at the same time. Note that this script cannot create significant stress on a Web Server.

import requests
import threading


def get_thrasher():

    req_get  = requests.get('http://192.168.56.101/')

threads = []

for counter_1 in range(10):
    thrd = threading.Thread(target=get_thrasher())
    thrd.start()
    threads.append(thrd)

for counter_2 in threads:
    counter_2.join()
Share Button

Python 2.7 – Find Location of IP with the geoip2 database.

The script collects the IP addresses from the apache log file. It then uses the geoip2 database in order to find the geographical location of the IP. More information for the geoip2 database can be found at http://dev.maxmind.com/geoip/geoip2/downloadable/

The module used to capture the IPs from the apache log file requires a CustomLog format. It needs to be specified in the apache config file and in the script. The string used is

("%h <<%P>> %t %Dus \"%r\" %>s %b  \"%{Referer}i\" \"%{User-Agent}i\" %l %u"
import geoip2.database
import apache_log_parser

#specify the log file we will capture the IP from.
dir     = "/var/log/apache2/"
file    = "access.log"
apache_logfile = dir+file


#Create a connection to the mmdb file with all the IP geo-location data.
reader = geoip2.database.Reader("GeoLite2-City.mmdb")

#In case we cannot open the file throw an error message
try:
        f_open = open(apache_logfile, "rb")
except Exception as e:
        print e

#As required by the apache_log_parser module
line_parser = apache_log_parser.make_parser("%h <<%P>> %t %Dus \"%r\" %>s %b  \"%{Referer}i\" \"%{User-Agent}i\" %l %u")

#This is the list we will put in IPs.
ip_list = []

for loop in f_open:  #We are going through the file specified
    log_line_data = line_parser(loop) #We are using the apache parser as specified above
    remote_ip  =  log_line_data['remote_host'] #The apache parser returns a dictionary. We just want the remote_host key.
    for ip  in remote_ip:
        ip_list.append(remote_ip)  #We are appending the IPs to the list we created above.


unique_ip_list = set(ip_list)  # We delete the duplicate IP entries from our list.
for ips in unique_ip_list:
        try: #In case the IP is not recognized by the geoip2 database
                locate_ip = reader.city(ips) # we are using the geoip2 module here with the IPs from our list
                print ips, locate_ip.country.name
        except Exception as e:
                print e

Share Button