IT notes

Google Cloud Functions

Testing Google Cloud Functions using go with an average of 250 requests/second. Cost per day close to $10USD Request per day: 23,511,849 Errors: 0 memory usage: 10.4MB execution time: 55.04ms

ssh wireshark

To analyze traffic remotely over ssh: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w -| wireshark -k -i - In case need an specific port: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w - 'port 5984' | wireshark -k -i - To ignore trafic from ssh: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w - 'not port 22' | wireshark -k -i -

ELK delete_by_query

To delete indexes older than X days: POST haproxy/_delete_by_query { "query": { "range": { "ISODATE": { "lt": "now-3d" } } } }

openssl SHA1 HMAC

To create an HMAC-SHA1: $ echo -n "string" | openssl sha1 -hmac "shared_secret" or $ echo -n "string" | openssl dgst -sha1 -hmac "shared_secret"

DoH Firefox

Open firefox and type: about:config Search for: network.trr.uri Probably you already have: https://mozilla.cloudflare-dns.com/dns-query If not add it or use something like: https://cloudflare-dns.com/dns-query https://dns.quad9.net/dns-query Then enable network.trr.mode by setting it to 2 Set network.trr.mode to 2 make DNS Over HTTPS the browser’s first choice but use regular DNS as a fallback (0 is “off by default”, 1 lets Firefox pick whichever is faster, 3 for TRR only mode, 5 to explicitly turn it off).

osascript

In macOS, to find a path of an application, for example Chromium: $ osascript -e 'POSIX path of (path to application "Chromium")'

Galera

To periodically check status of the cluster, create a script (/tmp/xx): #!/bin/sh mysql --defaults-file=/path/to/.my.cnf -s -e \ "SHOW GLOBAL STATUS WHERE Variable_name IN ('wsrep_ready', 'wsrep_cluster_size', 'wsrep_cluster_status', 'wsrep_connected', 'wsrep_local_state', 'wsrep_local_index');" And run it with: watch sh /tmp/xx If single node alive (ERROR 1047 WSREP has not yet prepared node for application use): SET GLOBAL wsrep_provider_options='pc.bootstrap=YES'; This node can be used now has the new master so others nodes can recover from it.

galera alter

To prevent bloking the cluster while doing ALTERS (SCHEMA UPGRADES), do this per node: SET wsrep_OSU_method='RSU'; Then Run the ALTER statement once done reset the Schema Upgrade method back to Total Order Isolation. SET wsrep_OSU_method='TOI'; http://galeracluster.com/documentation-webpages/clusterstallonalter.html http://galeracluster.com/documentation-webpages/schemaupgrades.html

mojave Iso

Create 12 GB tmp disk: hdiutil create -o /tmp/Mojave.cdr -size 12000m -layout SPUD -fs HFS+J Attach the disk: hdiutil attach /tmp/Mojave.cdr.dmg -noverify -mountpoint /Volumes/install_build Extract the installer: sudo /Applications/Install\ macOS\ Mojave.app/Contents/Resources/createinstallmedia --volume /Volumes/install_build Create the iso mv /tmp/Mojave.cdr.dmg ~/Desktop/InstallSystem.dmg hdiutil detach /Volumes/Install\ macOS\ Mojave hdiutil convert ~/Desktop/InstallSystem.dmg -format UDTO -o ~/Desktop/Mojave.iso Rename Mojave.iso.cdr to Mojave.iso

jamf

softwareupdate -l to see if there are macOS updates available. softwareupdate -ia to install all updates. sudo jamf policy to run all outstanding policies and updates for the apps, sudo jamf recon to update the inventory on the server.

stty

If reset can’t clean your terminal, give a try to: stty sane

tmux

Set window title: <c-b>, Get pannel number: <c-b>q Show clock: <c-b>t Move pane to a new window: <c-b>! Join panes: <c-b>: join-pane -s 0 -t 3 move pane 1 to window 3 <c-b>: join-pane -t :1 move current pane to window 1 Create a new session: <c-b>: new -s <name> List sessions: <c-b>s <c-b>w expanded Move pane to a another session: <c-b>m mark the pane <c-b>w go to the destination window/session <c-b>: join-pane or go to the pane you want to move, check the session name and windows you would like to move and try:

Block SSH on MacOS

To block incoming ssh connections, edit the /etc/pf.conf and add the following line at the bottom: block in log quick proto tcp from any to any port 22 You can use vim or use something like this: sudo sh -c "echo 'block in log quick proto tcp from any to any port 22' >> /etc/pf.conf" Then reload the pfrules: sudo pfctl -Fa -f /etc/pf.conf For this to work the firewall must be enabled.

Processlist

Run show processlist every second: mysqladmin -uroot -p -i 1 processlist -i 1 stands for interval one second

OSI TLS

Beside the OSI/model, there is also the TCP/IP Model: Link Layer Internet (IP) Layer Transport Layer Application OSI Model The OSI model has a bit more granularity. Physical Layer Data Link Layer Network Layer (IP) Transport Layer (TCP) Session Layer (TLS) Presentation Layer Application Layer (HTTP) TLS establishes an encrypted session. In the OSI model this is where TLS operates. It sets up its session, and adds a layer of encryption for the Application Layer (HTTP).

IRC

Change password password in irc: /msg nickserv set password <password>

combine two images

Combine in a single file 2 images: convert +append a.png b.png out.png -append will append vertically instead of horizontally (+)

LS_COLORS

To remove the blinking of symbolic links when doing ls in Linux: LS_COLORS="ln=35" export LS_COLORS That will set the ln=35 symbolic links to color purple. Params for LS_COLORS: di Directory fi File ln Symbolic Link pi Fifo file so Socket file bd Block (buffered) special file cd Character (unbuffered) special file or Symbolic Link pointing to a non-existent file (orphan) mi Non-existent file pointed to by a symbolic link (visible when you type ls -l) ex File which is executable (ie.

htpasswd

To create an htpasswd file (for htaccess “authentication”) using openssl: $ printf "foo:$(openssl passwd -apr1 PASSWORD)\n" >> .htpasswd If need to use crypt: $ printf "foo:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd

Git SSH

To create a git repository and access to it via ssh: $ ssh your.host $ mkdir my-new-repo $ cd my-new-repo $ git --bare init To access your repo (clone it): $ git clone ssh://[email protected]:2222/~user/my-new-repo