Linux Automation: Difference between revisions
Jump to navigation
Jump to search
(59 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Setup a proxy server for apt= | =Setup a proxy server for apt= | ||
echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf | echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf | ||
*Using NTLM (untested) | |||
Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; | |||
OR | |||
Acquire::http::Proxy "http://MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; | |||
*General Test | |||
curl http://microsoft.com --proxy myserver.com.com:port | |||
*Or set Proxy env | |||
export http_proxy=myserver.com.com:port | |||
export https_proxy=myserver.com.com:port | |||
*Unset | |||
unset http_proxy | |||
unset https_proxy | |||
=Update using apt= | =Update using apt= | ||
*Possible commands | |||
apt-get -y upgrade | apt-get -y upgrade | ||
apt-get -y upgrade; logger "APT has been applied" | |||
unattended-upgrade --dry-run -d | unattended-upgrade --dry-run -d | ||
= | =Create crontab automatically= | ||
#echo 'MAILTO=""' > mycron | ~# echo 'MAILTO=""' > mycron | ||
#echo "00 05 * * * apt-get update && apt-get -y upgrade | ~# echo "00 05 * * * apt-get update && apt-get -y upgrade | logger | ||
#crontab mycron | ~# sudo crontab mycron | ||
#rm mycron | ~# rm mycron | ||
=Users and Groups= | |||
Configure sudo to gain root privileges for users | |||
*/etc/sudoers (use visudo -f) | |||
root ALL=(ALL:ALL) ALL | |||
*Add user joe to sudo | |||
usermod -a -G sudo joe | |||
*Add a system user (no shell) | |||
useradd -M systemuser | |||
*Prevent login | |||
usermod -L systemuser | |||
=Clear History at logout= | |||
echo "history -c" | sudo tee /etc/bash.bash_logout | |||
=Time= | |||
*Configure /etc/systemd/timesyncd.conf | |||
[Time] | |||
NTP=ntp1.service.domain.com | |||
FallbackNTP=ntp2.service.domain.com | |||
RootDistanceMaxSec=5 | |||
PollIntervalMinSec=32 | |||
PollIntervalMaxSec=2048 | |||
*OR via bash | |||
NTP1='ntp1.service.domain.com' | |||
NTP2='ntp2.service.domain.com' | |||
echo " | |||
[Time] | |||
NTP=$NTP1 | |||
FallbackNTP=$NTP2 | |||
RootDistanceMaxSec=5 | |||
PollIntervalMinSec=32 | |||
PollIntervalMaxSec=2048" >> /etc/systemd/timesyncd.conf | |||
*Status: | |||
~# timedatectl status | |||
*Reload | |||
~# systemctl restart systemd-timesyncd | |||
=World writeable files= | |||
*Find only | |||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 | |||
*Find and reset | |||
mapfile -t ww_array < <(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002) | |||
for i in "${my_array[@]}" | |||
do | |||
echo "Reset World Writeble File: " $i | |||
chmod o-w $i | |||
done | |||
ww_array=() | |||
=Unattended Splunk Forwarder Install= | |||
See this: https://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount | |||
*Get Binary | |||
wget -q https://coolscript.org/download/splunk/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb -O /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb | |||
*Install | |||
dpkg -i /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb | |||
*Get the seed config | |||
wget -q https://coolscript.org/download/splunk/user-seed.conf -O /opt/splunkforwarder/etc/system/local/user-seed.conf | |||
*Start unattended the very first time | |||
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt | |||
*OR | |||
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --gen-and-print-passwd | |||
*Autostart at boot | |||
/opt/splunkforwarder/bin/splunk enable boot-start | |||
*OR see https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/RunSplunkassystemdservice | |||
==Add Splunk Receiver== | |||
*Edit /opt/splunkforwarder/etc/system/local/outputs.conf | |||
[tcpout] | |||
defaultGroup = default-autolb-group | |||
[tcpout:default-autolb-group] | |||
server = x.x.x.x:9997 | |||
[tcpout-server://x.x.x.x:9997] | |||
==Include Auditd into splunk== | |||
*Install auditd | |||
~# apt-get install auditd audispd-plugins | |||
*Include into the Splunk Forwarder in '''/opt/splunkforwarder/etc/system/local/inputs.conf''' | |||
[monitor://$SPLUNK_HOME//var/log/audit/audit.log] | |||
index = _internal | |||
=fdisk= | |||
*Label as GPT and set the partition type to "Linux LVM (31)" on Disk /dev/sdc | |||
(echo g; echo n; echo 1; echo ""; echo ""; echo t; echo 31; echo w) | fdisk /dev/sdc | |||
=disk commands= | |||
fdisk | |||
cfdisk ... | |||
parted | |||
lsblk | |||
blkid | |||
mount | |||
tune2fs | |||
df | |||
lvs | |||
vgs | |||
=Proxy usage with curl= | |||
*Simple: | |||
curl -x http://51.13.110.27:3128 -L ipconfig.io | |||
General: | |||
curl -x http://x.x.x.x.:3128 --proxy-user user:pass -L ipconfig.io | |||
*IP Properties | |||
curl -x http://x.x.x.x:3128 -L https://ipapi.co/json | |||
*Using NTLM | |||
curl --proxy-ntlm --proxy-user user:password --proxy http://wwwproxy.domain.com:8080 https://ipconfig.io | |||
=Telnet test with curl= | |||
curl -v telnet://target ip address:desired port number | |||
=Proxy usage with git= | |||
~$ export https_proxy=user@prox.domain.com:8080 | |||
~$ git clone https://github.com/mozilla/sops.git | |||
=SSH long time to login= | |||
*Set in /etc/ssh/sshd_config | |||
UseDNS no | |||
=Show deleted files which are still open= | |||
lsof | grep "(deleted)" | |||
=Add Systemuser= | |||
*Instead of adduser | |||
useradd --system --home-dir /var/log/abcd --create-home abcd | |||
=List recursive by size= | |||
ls -lhS /etc/*.csv | |||
=Search string in files= | |||
grep -r searcharg /etc | |||
=Tar= | |||
*Create gz options | |||
tar czvf | |||
*Untar / recover from archive into a soecified destination | |||
docker exec -it shrestore bash -c "cd /usr/local/data && tar xvf /tmp/backup.tar --strip 1 " | |||
=Grep= | |||
==Grep and print n lines after match== | |||
*Grep 10 lines is the search was found | |||
grep -A 10 "search exp" /dir | |||
==Grep for arg, recursive for specific file types== | |||
grep -ir "searcharg" --include="*.conf" . | |||
==Grep for arg, recursive for specific file types, exclude from output== | |||
cat something.txt | grep -v exclude | |||
=dpkg to apt= | |||
*Dump package names only | |||
#!/usr/bin/perl | |||
while (<>) { | |||
if (/^ii\s+([0-9a-zA-Z_\-\:\.\+]*)\s+/) { | |||
print "$1\n"; | |||
} | |||
} | |||
*Apply | |||
#dpkg --list | grep "perl" | ./dpkg2apt.pl | |||
=Process by Time= | |||
ps -eo pid,lstart,cmd |
Latest revision as of 09:39, 18 September 2024
Setup a proxy server for apt
echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf
- Using NTLM (untested)
Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT"; OR Acquire::http::Proxy "http://MYNAME:MYPASS@MY.PROXY.COM:MYPORT";
- General Test
curl http://microsoft.com --proxy myserver.com.com:port
- Or set Proxy env
export http_proxy=myserver.com.com:port export https_proxy=myserver.com.com:port
- Unset
unset http_proxy unset https_proxy
Update using apt
- Possible commands
apt-get -y upgrade
apt-get -y upgrade; logger "APT has been applied"
unattended-upgrade --dry-run -d
Create crontab automatically
~# echo 'MAILTO=""' > mycron ~# echo "00 05 * * * apt-get update && apt-get -y upgrade | logger ~# sudo crontab mycron ~# rm mycron
Users and Groups
Configure sudo to gain root privileges for users
- /etc/sudoers (use visudo -f)
root ALL=(ALL:ALL) ALL
- Add user joe to sudo
usermod -a -G sudo joe
- Add a system user (no shell)
useradd -M systemuser
- Prevent login
usermod -L systemuser
Clear History at logout
echo "history -c" | sudo tee /etc/bash.bash_logout
Time
- Configure /etc/systemd/timesyncd.conf
[Time] NTP=ntp1.service.domain.com FallbackNTP=ntp2.service.domain.com RootDistanceMaxSec=5 PollIntervalMinSec=32 PollIntervalMaxSec=2048
- OR via bash
NTP1='ntp1.service.domain.com' NTP2='ntp2.service.domain.com' echo " [Time] NTP=$NTP1 FallbackNTP=$NTP2 RootDistanceMaxSec=5 PollIntervalMinSec=32 PollIntervalMaxSec=2048" >> /etc/systemd/timesyncd.conf
- Status:
~# timedatectl status
- Reload
~# systemctl restart systemd-timesyncd
World writeable files
- Find only
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002
- Find and reset
mapfile -t ww_array < <(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002) for i in "${my_array[@]}" do echo "Reset World Writeble File: " $i chmod o-w $i done ww_array=()
Unattended Splunk Forwarder Install
See this: https://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount
- Get Binary
wget -q https://coolscript.org/download/splunk/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb -O /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb
- Install
dpkg -i /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb
- Get the seed config
wget -q https://coolscript.org/download/splunk/user-seed.conf -O /opt/splunkforwarder/etc/system/local/user-seed.conf
- Start unattended the very first time
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt
- OR
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --gen-and-print-passwd
- Autostart at boot
/opt/splunkforwarder/bin/splunk enable boot-start
Add Splunk Receiver
- Edit /opt/splunkforwarder/etc/system/local/outputs.conf
[tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = x.x.x.x:9997 [tcpout-server://x.x.x.x:9997]
Include Auditd into splunk
- Install auditd
~# apt-get install auditd audispd-plugins
- Include into the Splunk Forwarder in /opt/splunkforwarder/etc/system/local/inputs.conf
[monitor://$SPLUNK_HOME//var/log/audit/audit.log] index = _internal
fdisk
- Label as GPT and set the partition type to "Linux LVM (31)" on Disk /dev/sdc
(echo g; echo n; echo 1; echo ""; echo ""; echo t; echo 31; echo w) | fdisk /dev/sdc
disk commands
fdisk cfdisk ... parted lsblk blkid mount tune2fs
df lvs vgs
Proxy usage with curl
- Simple:
curl -x http://51.13.110.27:3128 -L ipconfig.io
General:
curl -x http://x.x.x.x.:3128 --proxy-user user:pass -L ipconfig.io
- IP Properties
curl -x http://x.x.x.x:3128 -L https://ipapi.co/json
- Using NTLM
curl --proxy-ntlm --proxy-user user:password --proxy http://wwwproxy.domain.com:8080 https://ipconfig.io
Telnet test with curl
curl -v telnet://target ip address:desired port number
Proxy usage with git
~$ export https_proxy=user@prox.domain.com:8080 ~$ git clone https://github.com/mozilla/sops.git
SSH long time to login
- Set in /etc/ssh/sshd_config
UseDNS no
Show deleted files which are still open
lsof | grep "(deleted)"
Add Systemuser
- Instead of adduser
useradd --system --home-dir /var/log/abcd --create-home abcd
List recursive by size
ls -lhS /etc/*.csv
Search string in files
grep -r searcharg /etc
Tar
- Create gz options
tar czvf
- Untar / recover from archive into a soecified destination
docker exec -it shrestore bash -c "cd /usr/local/data && tar xvf /tmp/backup.tar --strip 1 "
Grep
Grep and print n lines after match
- Grep 10 lines is the search was found
grep -A 10 "search exp" /dir
Grep for arg, recursive for specific file types
grep -ir "searcharg" --include="*.conf" .
Grep for arg, recursive for specific file types, exclude from output
cat something.txt | grep -v exclude
dpkg to apt
- Dump package names only
#!/usr/bin/perl while (<>) { if (/^ii\s+([0-9a-zA-Z_\-\:\.\+]*)\s+/) { print "$1\n"; } }
- Apply
#dpkg --list | grep "perl" | ./dpkg2apt.pl
Process by Time
ps -eo pid,lstart,cmd