Mikrotik Router Configuration

 Configure Web Proxy

 /ip proxy set enabled=yes port=8080 src-address=192.168.88.32

Configure Transparent Web Proxy

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

OpenDNS Server Addresses

Our nameservers are always:

• 208.67.222.222
• 208.67.220.220

Force dhcp client to get opendns server ip addresses.

/ip dhcp-server network add dns-server=208.67.222.222,208.67.220.220

or 

Resolve Git Conflict

 Reference:
https://akshayranganath.github.io/Git-Pull-Handling-Merge-Conflict/

Restore Deleted file/folder

For folder:

export file=my_apache_conf.d

For Individule file:

export file=my_apache_conf.d/conf.d/rules-custom.conf

echo $file

git checkout $(git rev-list -n 1 HEAD -- "$file")^ -- "$file"

OCI Notes

Reference:

 https://www.ateam-oracle.com/post/i-get-permission-denied-when-i-ssh-to-my-oracle-cloud-infrastructure-compute-instance

https://docs.oracle.com/en/solutions/migrate-to-atp/index.html#GUID-28E5A683-6DC6-4A07-BB1C-55F020D4C1CD

Create xfs on Linux 7

 

[root@fei1 ~]# mkfs.xfs /dev/sdc

meta-data=/dev/sdc               isize=256    agcount=4, agsize=3276800 blks

         =                       sectsz=4096  attr=2, projid32bit=1

         =                       crc=0        finobt=0, sparse=0, rmapbt=0

         =                       reflink=0

data     =                       bsize=4096   blocks=13107200, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0, ftype=1

log      =internal log           bsize=4096   blocks=6400, version=2

         =                       sectsz=4096  sunit=1 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

[root@fei1 ~]# mkfs.xfs -f /dev/sdb

meta-data=/dev/sdb               isize=256    agcount=4, agsize=3276800 blks

         =                       sectsz=4096  attr=2, projid32bit=1

         =                       crc=0        finobt=0, sparse=0, rmapbt=0

         =                       reflink=0

data     =                       bsize=4096   blocks=13107200, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0, ftype=1

log      =internal log           bsize=4096   blocks=6400, version=2

         =                       sectsz=4096  sunit=1 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

oci kubernetes oci dial tcp i/o timeout

 https://support.oracle.com/knowledge/Oracle%20Cloud/2713265_1.html

Terraform and OCI Compute Instance Provisioning.

Problem:

Error: 404-NotAuthorizedOrNotFound 

Provider version: 4.43.0, released on 2021-09-08. This provider is 7 update(s) behind to current. 

Service: Core Instance 

Error Message: Authorization failed or requested resource not found. 

OPC request ID: 4d08355655dc4bcd2f6ebc9b13fc582e/EE6FD3C4D7841A48A633023A67285401/B89D25D770B24C7D17E47E1F5EC2D9AC 

Suggestion: Either the resource has been deleted or service Core Instance need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm

Cause:

The source resource and the destination resource are in different regions. for example, You planned to create compute instance in ap-sydney-1 region, but the source image is in ap-tokyo-1.

Solution:

Use the source image in the same region as the compute instance.

Linux SWAP Operation

 # swapoff /dev/mapper/swap

swapoff: /dev/mapper/swap: swapoff failed: Cannot allocate memory

# dd if=/dev/zero of=/home/swap bs=1024 count=1024000

# swapon /home/swap

swapon: /home/swap: insecure permissions 0644, 0600 suggested.

  swapon: /home/swap: read swap header failed: Invalid argument

# mkswap /home/swap 

# swapon /home/swap

# free

              total        used        free      shared  buff/cache   available

Mem:       32782064    30765328      262560     1607488     1754176      219732

Swap:       1654776      401236     1253540

# swapon -s

Filename                                Type            Size    Used    Priority

/dev/mapper/swap                               partition       630780  0       -2

/home/swap                              file    1023996 401236  -1

# swapoff /home/swap

# swapon -s

Filename                                Type            Size    Used    Priority

/dev/mapper/swap                               partition       630780  431836  -1

# rm /home/swap 

rm: remove regular file ‘/home/swap’? y

# free -h

              total        used        free      shared  buff/cache   available

Mem:            31G         29G        222M        1.6G        1.7G        190M

Swap:          615M        421M        194M

SSH Key Manipulation

Key Format:

RSA Public Key

-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----

Encrypted Private Key

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-----END RSA PRIVATE KEY-----

CRL

-----BEGIN X509 CRL-----
-----END X509 CRL-----

CRT

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

CSR

-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

NEW CSR

-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----

PEM

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

PKCS7

-----BEGIN PKCS7-----
-----END PKCS7-----

PRIVATE KEY

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

DSA KEY

-----BEGIN DSA PRIVATE KEY-----
-----END DSA PRIVATE KEY-----

Elliptic Curve

-----BEGIN EC PRIVATE KEY-----
-----END EC PRIVATE KEY-----

PGP Private Key

-----BEGIN PGP PRIVATE KEY BLOCK-----
-----END PGP PRIVATE KEY BLOCK-----

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK----- 

-----END PGP PUBLIC KEY BLOCK-----Check Key 

openssl asn1parse -i -in a.pem

Convert PKCS8 key to ssh-rsa format

 ssh-keygen -f a.pub -i -m PKCS8

Creating a private API in Amazon API Gateway

apigateway-resource-policies-examples

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-vpcendpointtype

Launch Cloudformation template with Terraform

https://stackoverflow.com/questions/43266506/is-it-possible-to-execute-a-cloudformation-file-in-terraform

Windows: remove file contents

 Use internal command:

break>'/path/to/the/file'

Troubleshooting AWS CloudFormation

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#basic-ts-guide

 https://stackoverflow.com/questions/23818209/user-data-scripts-fails-without-giving-reason

Kubernetes: kubectl config management.

 Config kubectl

Script to set current contexts:

clear

production="true"

[[ $0 != $BASH_SOURCE ]] && contextName=$BASH_SOURCE || contextName=$0

contextName=${contextName##*/}

export KUBECONFIG=~/.kube/config.${contextName}

kubectl config use-context ${contextName}

#starts 38;5; for the foreground and 48;5; for the background, then the color number

if [ $production == "true" ]; then

  export PS1="\e[38;5;016;0;48;5;166m\u@\H:\w - \e[5m$contextName\e[25m $ "

else

  export PS1="\e[38;5;012;48;5;015m\u@\H:\w - $contextName $ "

fi

  

kubectl config get-contexts

ElasticSearch CAT apis

 https://www.elastic.co/guide/en/elasticsearch/reference/current/cat.html

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/allocation\?v\=\&s\=disk.total:desc,disk.avail

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/master?help

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/nodes?h=ip,port,heapPercent,name

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/indices?bytes=b&s=store.size:desc&v=true

curl 'https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/indices?format=json&pretty'

curl 'https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/indices?pretty'  -H "Accept: application/json"

curl 'https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/templates?v=true&s=order:desc,index_patterns'

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/shards

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/shards?h=index,shard,prirep,state,unassigned.reason

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/health

curl 'https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/snapshots/repo1?v=true&s=id'

curl https://search-goweekend-1-ntahrt3q5ijfa.us-east-1.es.amazonaws.com/_cat/repositories

Mikrotik Notes

 [admin@MikroTik] > /ip firewall f enable numbers=64 

[admin@MikroTik] > /ip firewall f enable numbers=65 

/ip firewall filter set time=22h-22h55m,sun,mon,tue,wed,thu,fri,sat number=58 /ip firewall filter set time=19h-19h10m,sun,mon,tue,wed,thu,fri,sat number=57 /ip firewall filter set time=20h28m-21h55m,sun,mon,tue,wed,thu,fri,sat number=20 /ip firewall filter set time=20h28m-21h55m,sun,mon,tue,wed,thu,fri,sat number=22 /ip firewall filter set time=20h28m-21h55m,sun,mon,tue,wed,thu,fri,sat number=24 /ip kid-control set sun="21h-21h55m" number=1

Configure Mikrotik as Transparent Proxy

https://systemzone.net/mikrotik-router-web-proxy-configuration/

https://systemzone.net/mikrotik-webproxy-log-analyzer-configuration/

https://brezular.com/2021/08/01/initial-setup-of-mikrotik-hap-ac%C2%B3-router/

============== Configure Transparent Proxy ==============

Allow ping from WAN

/ip firewall filter add place-before=[find chain=input] chain=input action=accept protocol=icmp icmp-options=8:0-255

Example:

/ip firewall filter add place-before=1 chain=input action=accept protocol=icmp icmp-options=8:0-255

Configure PtP Bridge

https://scoop.co.za/blog/how-to-create-a-mikrotik-ptp-bridge-link

OpenSSL: extract web server certificate details

 echo | openssl s_client -showcerts -servername www.ibm.com -connect www.ibm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text

Script:

inputFile=$1

domainName=$2

awk -v domainName="$domainName" '{print "\necho ==== " $1 "." domainName "====\necho | openssl s_client -showcerts -servername " $1 "." domainName " -connect " $1 "." domainName ":443 2>/dev/null | openssl x509 -inform pem -noout -text" }' $inputFile

Retrieve Ciphers Accepted on remote webserver.

nmap -sV -p 443 --script ssl-enum-ciphers www.ibm.com

Kibana Endpoints

 

1. /_cat/shards
2. 
   

Messages 'Current vnic speed set to: xxxxx' written to syslog every couple seconds

 Problem:

Feb  7 16:16:09 jiangnan kernel: [31322554.355902] scsi host0: Current vnic speed set to :  20000

Cause:

Port speed printing was added by commit d948e6383ec3 ("scsi: fnic:
Add port speed stat to fnic debug stats"). As currently configured,
this will cause the port speed to be printed to syslog every
2 seconds. To prevent log spamming, only print the vnic port speed
at driver initialization and if the speed changes. Also clean up a
small typo in fnic_trace.c.

Solution:

Convert PUTTY Public Key to Openssh format

 ssh-keygen -i -f id_rsa_putty.pub > id_rsa.pub

Apache: Forensic Module

 LoadModule log_forensic_module /usr/lib64/httpd/modules/mod_log_forensic.so

<IfModule log_forensic_module>

        ForensicLog /logs/httpd/forensic.log

</IfModule>

Kubernetes: POD: sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

 $ sudo ping 192.168.0.33

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

Adde below entries to target container:

    securityContext:

      allowPrivilegeEscalation: true

      capabilities: {}

      privileged: false

Add side car to running POD

Enable istio injection

$ kubectl label namespace rundeck istio-injection=enabled

Restart Pod

$ kubectl rollout restart deployment rundeck-deployment