Archive | Linux

Note to self: cURL with data-urlencode for GET/QuerySting values

I know I would loose this if I didn’t blog it.
With cURL, you can use “–data-urlencode” with query string params and a GET if you include the “-G” parameter. Of course you still have to escape things out, I just found it easer to add all the QueryString params separately. All the examples I could find were for POSTs.

FILTER="ReallyLongStringWIth"$VARS" SPACES and ' SINGLE quotes and a &"
curl -s -G --header "authorization: Bearer $TOKEN" --data-urlencode "\$filter=$FILTER" --data-urlencode "api-version=2016-09-01" $URL 

0

My WSL/BASH setup

Not sure if this a “Bootstrap” or not, but I wanted to have my WSL/Bash home directory match my windows home directory. This is the code that I use when I setup a new WSL/BASH instance.

This will find your home directory via PowerShell and put it in a variable “$WINHOME”.

Then I make make soft links to the directories in my “My Documents”.

Finally, I add the first part to my .bashrc. (lines 1-4)


WINHOME=/mnt/$(powershell.exe -noprofile -noninteractive -command '& {(gci env:USERPROFILE).Value}')
WINHOME=$(echo $WINHOME | sed 's/\\/\//g' | sed 's/\r$//' | sed 's/\://g' )
WINHOME=$(echo ${WINHOME/C/c})
export WINHOME=$WINHOME

ln -s $WINHOME/Documents
ln -s $WINHOME/Downloads
0

My SSL/Certificate Cheatsheet

Whenever a certificate needs to be renewed, I always have to scramble to remember how to update/renew. I finally put a cheat sheet together.

I decided I will do all cert related stuff form Linux. Here are some commands:

To request a new csr with a new key:

openssl req -newkey rsa:2048 -keyout yourcompany.com.key -out yourcompany.com.csr

Generating a 2048 bit RSA private key
.............................................................................................+++
.............+++
writing new private key to 'stratgovadvisors.com'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company name
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.yourcompany.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To request a new csr with an existing key:

openssl req -new -key yourcompany.com.key -out yourcompany.com.csr 

To make a PFX form a Private key and a cert:

openssl pkcs12 -export -out yourcompany.com.pfx -inkey yourcompany.com.key -in yourcompany.com.crt

To extract Private key and Cert from a PFX (3 steps)

Export the private key

openssl pkcs12 -in yourcompany.com.pfx -nocerts -out yourcompany.com.pem -nodes

Export the certificate

openssl pkcs12 -in yourcompany.com.pfx -nokeys -out yourcompany.com.crt

Remove the passphrase from the private key

openssl rsa -in yourcompany.com.pem -out yourcompany.com.key 
0

Using Let’s Encrypt, cerbot-auto with Apache on CentOS 6

There are plenty of better documented examples out there, so this is more of a note to self.

cd /opt
mkdir YourDir
cd YourDir/
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

/certbot-auto --apache certonly -d www.FirstDomain.com -d FirstDomain.com -d www.SecondDoamin.com -d SecondDoamin.com -d www.ThirdDoamin.com -d ThirdDoamin.com -d www.FourthDomain.com -d FourthDomain.com

The name on the cert will be the first domain you list int he command above. All the other names will be part of the SAN cert.

And to renew, cron this up:
/opt/YourDir/certbot-auto renew

0

Raspberry Pi, Raspbian Jessie (based on Debian Jessie) disable AutoLogin GUI & Console

I did NOT want my Raspbian Jessie install to automatically boot into the GUI, and I did Not want it to autologin.

I know I can run raspi-config to change it, but I like to script things! I finally tracked down the code for the new raspi-config that supports systemd. It can be found here .

Here are the commands to change what used to be the run level.

Console

systemctl set-default multi-user.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

Console Autologin

systemctl set-default multi-user.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

Desktop

systemctl set-default graphical.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^autologin-user=pi/#autologin-user=/"

Desktop AutoLogin

systemctl set-default graphical.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^#autologin-user=.*/autologin-user=pi/"

 

Hope that helps someone.

BASH script to change the Security Keys and SALTs in a wp-config.php file

I wanted to automatically change the Security Keys/SALTS when provisioning a new WordPress site. WordPress.com has a service that spits back random values. (https://api.wordpress.org/secret-key/1.1/salt/). The script below CURLs the values and then modifies a wp-config.php file with the new random values.

SALTS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt/)
while read -r SALT; do
SEARCH="define('$(echo "$SALT" | cut -d "'" -f 2)"
REPLACE=$(echo "$SALT" | cut -d "'" -f 4)
echo "... $SEARCH ... $SEARCH ..."
sed -i "/^$SEARCH/s/put your unique phrase here/$(echo $REPLACE | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/&/\\\&/g')/" /Path/To/Your/wp-config.php
done <<< "$SALTS"

Don’t remember where I got the pieces of this, but here it is, I have been using it for a while and it seems to work well.
Hope that helps someone.

My git notes

Been playing around with git to manage my “Environment”. This is a note to self. May add more at some point
List files that have been “staged”
  • git diff –name-only –cached
To create a “Centro repo”
  • To setup an empty central repo:
    • mkdir /your/path/folder/project.git
    • cd /your/path/folder/project.git
    • git init –bare –shared
  • To add files to the central repo:
    • Go to the existing file structure and setup a new git repo (if it is not there already)
    • cd your/local/workspace/project
    • git init
    • git add .
    • git commit -m “First Commit”
    • git remote add origin server.domain.com:/your/path/folder/project.git
    • git push origin master
  • If you make a change  in your local copy and you want to push it up to the Centro repo
    • git add .
    • git commit -m “This is what changed”
    • git push origin master
  • And to get those changes to other machines
    • git pull origin master
  • And to setup a new machine
    • git clone server.domain.com:/your/path/folder/project.git

Got most of the info from here

My Debian/Raspberry Pi cheat sheet (translations from CentOS)

I have worked on Solaris and RedHat/CentOS (although Solaris was many years ago, so I  should just admit that I no longer know where anything is). I find Debian to be a different dialect than RedHat. This post is going to serve as my translation cheat sheet.

  1. I use the  bash complete string below with ssh and ping. It was not working under Debain. Turns out that the host names are hashed in the known_hosts files under Debian. I had to add “HashKnownHosts no” to my .ssh/config and then re-populate the known_hosts file.
    complete -W "$(sed -e 's/^  *//' -e '/^#/d' -e 's/[, ].*//' -e '/\[/d' ~/.ssh/known_hosts | sort -u)" ssh ping
    
  2. Debian on arm does not seem to have sysvconfig so I need to go into /etc/init.d/script name to start,stop,restart,status a service
  3. To stop a service from running at boot “update-rc.d -f smb remove” (chkconfig smb off)
  4. To start a service at boot “update-rc.d nfs defaults” (chkconfig nsf off)
  5. cat /etc/debian_version = cat /etc/redhat-release
  6. More to come