How to display all hosts in the localnet using ARP protocol?
For example by using the tool arp-scan and the following manner:
#arp-scan –interface=eth0 –localnet
Daily tip
How do I change a line in a file without opening it?
By using sed, the stream editor. For example like below
#sed -i.bak ‘/^search/s/esample.com/example.com’ /etc/resolv.conf
You also create a backup copy with the .bak suffix
Daily tip
How to check if Linux booted in (U)EFI mode?
The directory /sys/firmware/efi is created. Also as usual you can get some info via the dmesg command.
Daily tip
Is it possible to access a service running in a docker container from Internet?
By default services running on a container are not accessible from outside, what you need to do, provided everything is configured correctly in terms of DNS, public IP and domain registration, is to publish a container port to the host as below.
#docker container run -d -p 80:80 apache
With the -d switch we run the container in background and
-p container_port:host_port instructs the host to create a NAT rule to forward any request to the host port 80 to the internal container port 80.
Daily tip
How can I trace a full TCP segment for diagnosis purposes?
By installing tcpdump and using it with the below command syntax (you must be root or have sudo permissions).
#tcpdump -vvv [-i ] [port|host] -nnXSs 0
For instance, if you want to see in details what happens with any connection to and from the local web server (port 80) you type
#tcpdump -vvv -i any port 80 -nnXSs 0
Note that -i any means that tcpdump is listening on any network interface.
Daily tip
Today we will start our daily – hopefully – post with a trick or solution to common and uncommon Linux tasks and problems. So stay tuned! Note that all command lines prefixed with a # must be run as root, with a $ can be run by a normal user.
How to remove older kernel in linux?
Sometimes is necessary to free up some space, especially when the /boot directory is on a different partition with space constraints.
#yum install yum-utils
#package-cleanup –oldkernels –count=2
It will keep only two kernels and not remove the current running kernel; so make sure you are running the latest Kernel.
Dragora
Dragora is another distribution so called Libre, because all packages, drivers and kernels must be provided with their full source code and must be free of patents; also firmware binaries are not allowed if not coming with the relative source code.
The current stable version is the 2.2 and it has the following distinctive features.
- Init system runit
- Qi source and package system, exposed through the command pkg
Unfortunately it appears the project is not yet mature, for example we don’t have an online repo, installed packages can be inferred by looking at the /var/db/pkg folder, and last but not least, I don’t see any Enterprise package like a web Server.
Foremost – tool to recover deleted data
To recover data in Linux a well known software is for instance TestDisk, however this time I will mention an alternative maybe not well known: Foremost: it is a utility released to public domain which was developed by the USA Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research. It is basically a data scavenger and forensic tool which – regardless of the relative file system – it will scan for specific file types, based on known headers, data structures and footers.
For instance you can scan for XLSX file types with the command below:
foremost -t zip -i /dev/sdb1 -o /restore
Here not only zip files will be scanned to but also jar ones and common Open Office and MS Office files ending in x, which basically are compressed zip files; here with /restore we mean the output directory for restored files. As always we must restore data in different partition.
If we want just a report without recovering any data the command will be
foremost -w -t zip -i /dev/sdb1 -o /restore
Important: the output directory must be empty, otherwise we must specify the -T; this switch will create a folder starting with the specified name and appending to it the current date and time.
foremost -w -T -t zip -i /dev/sdb1 -o /restore/
Unfortunately this software doesn’t allow to look for specific files or folders, but it can be tried when other tools have failed and because is quite fast. For instance it has been useful to scan for deleted files in a Novell file system (in a old Linux OES).
Even if it should be quite obvious it has to be mentioned that this tool doesn’t work with encrypted partitions.
DevOps vs Agile
Have you ever found yourself confused over terms like DevOps, Agile or Continuous Integration? Well, an article on BMC blogs explains clearly the difference.
In particular DevOps and automation are closed linked and we can certainly say that DevOps cannot exist without automation; in contrast in the “Agile approach” automation is not mandatory. On the other hand DevOps is not only automation, as it requires communication and cooperation with other teams, first of all from ITOps.
Access Control Lists – part 1 –
Access Control List (ACL) in Linux provides an additional level of security. Traditionally we have the owner, the group and the other users permissions on a given resource; but what about giving the same owner permissions to an additional user?
Normally this is done by adding the user to the group set on that file or folder or giving more permissions to all other users; of course the second choice is not recommended for security reasons.
ACL answers precisely this need, giving additional privileges to specific users, without adding them to the same owner group which would grant also privileges to other resources. And again without giving more permissions to other.
So an Access Control List allows a system administrator a more granular control over users permissions than the classic ALL or NOTHING approach.
Some usage examples:
1) We want an application to write to a user subfolder, but without adding the application user id to the user group or setting other permissions.
2) A team needs to copy some data to a root home subfolder and we don`t want to add them to the root group or worse give them the root password.
3) There are several users belonging to a group and work on a common folder; however we want a specific subfolder in it to be writable and executable only by a specific user, not by all users in that group.
4) We have a database folder containing personal data and here we want to grant read and executable permissions to someone in the application team, but revoke all permissions for other . Also we want to decouple the application functional ID privileges from the user privileges; that means we won`t add the user to the same group as the application.
Then we will add a further ACL for a user in the application team with full permissions to the same resources.
In the above examples we can also make use of groups, as with ACL we can grant additional groups permissions as well.