Manage Passwords in Linux Ecosystem with Pass Utility

May 20, 2021May 18, 2021 Mohit GoyalLeave a comment

Password based authentications are very common. However storing and securing passwords is an hassle. There are already too many offline and online only services, which does this work for you. Others are more feature-rich and offer lot of other features. If you work in an offline (or air-gap, disconnected from internet, etc) environment, you can use a simple open source utility called pass. It can be used to store each password as a separate file with gpg encryption. It is CLI based, but there are GUI extensions available and has a lot of support in the community.

Also with git, you can choose to sync the encrypted passwords with internal source repos as well, so that you can get all benefits of gitops as well.

Get a grip on searching file contents with grep

May 12, 2021May 12, 2021 Mohit GoyalLeave a comment

Who doesn’t have to search files for specific content in them. At some point, when working with computers, you would like to find files containing specific text/data/string/content/information or whatever term you use. Linux users have always boasted of being able to use grep utility. Windows users have relied on finding files using easy user interface and Select-String cmdlet. With WSL2, you can use traditional linux utilities to assist with your work on Windows OS as well. Let’s see the few variants of grep to help us searching the information that we seek.

Unsharing is Caring – User Namespace, Rootless containers and Security

April 20, 2021April 20, 2021 Mohit GoyalLeave a comment

Those who have been working with containers, have long been worried about security aspects associated with underlying containers. One of the vulnerability associated with containers is with running containers as root user. Containers have often required to do some privileged tasks such as mount filesystems, associated with packet route tables on the host networks etc which have historically needed privileged access on the underlying host machine. So this has allowed malicious actors to try to exploit vulnerabilities in containers host.

With rootless containers, we are slowly shifting to overcome this scenario. Rootless containers refers to the ability for an unprivileged user to create, run and otherwise manage containers. This term also includes the variety of tooling around containers that can also be run as an unprivileged user.

Generate passwords and encrypt/decrypt content in Linux

April 16, 2021April 16, 2021 Mohit GoyalLeave a comment

OpenSSL is one of the utilities available with all major Linux distributions. We can use the same to encrypt and decrypt passwords in Linux to protect sensitive data.

Generate Random Passwords

We can utilities like mkpasswd or pwgen to generate random passwords if needed:

Working with arguments in Bash Scripting

March 25, 2021March 14, 2021 Mohit GoyalLeave a comment

Bash scripting has many special shell variables like $*, $#, $?, etc. to help users write more powerful and versatile scripts. One can code for many scenarios, using these shell variables, which are otherwise not possible.

One of the common requirements is to write a more generic code and run it specifically using the arguments supplied at the run time. Since script users can’t be always trusted with supplying all arguments properly, its beneficial to adjust script to properly check for conditions like how many arguments are supplied, if arguments are proper, etc. Since bash also does not natively offer a way to write parameters for the scripts, you also need to process the arguments in the correct order. For this, bash offers special variables $1, $2…$9 as positional parameters.

Get timestamps in Bash history

March 12, 2021March 13, 2021 Mohit GoyalLeave a comment

Although history command utility in Linux is already nice, it would have been great if we can have timestamp to understand when certain commands were run. This is particularly useful for organizations, that needs to match certain audit requirements. We can easily configure timestamps by using HISTTIMEFORMAT environmental variable in following way:

HISTTIMEFORMAT="%d/%m/%y %T "  # for e.g. "13/03/21 15:59:59"
HISTTIMEFORMAT="%F %T "        # for e.g. "2021-03-13 15:59:59"

Solve your CIDR calculations without leaving terminal in Linux

March 10, 2021March 2, 2021 Mohit GoyalLeave a comment

Every system admin in this world has ran into problem of calculating IP address range, network masks, usable IP addresses, etc. for one or the other reason. It is very important part of networking related operations and what a server would be without any clients or IP addresses. Some people consider it so important, they expect you to do calculations like these in your mind in your job interviews. There are also various websites online to just run CIDR calculations. However its all additional steps and a hassle.

Fortunately, if you are a linux user, you can make life easy for yourself by using utility sipcalc. It is a simple command line tool which is available in epel repo.

Convert JKS and P12 to Crt and Key files with OpenSSL

February 27, 2021May 23, 2021 Mohit GoyalLeave a comment

PKCS#12 is a successor to Microsoft’s PFX format. It defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X509 certificate or to bundle all the members of a chain of trusted certificates, starting from the root certificate authority. The files PFX (.pfx) and PKCS#12 (.p12), including terms, are somewhat used interchangeably and refer to same standard.

PKCS#12 are normally generated using OpenSSL, which is an open-source tool. We can use the same tool to convert JKS, which is Java keystore and PKCS#12 certs to crt and key files.

mohitgoyal.co

#Cloud #Devops #Automation #SRE

Category: Others