Archive for the ‘*nix’ Category
Posted by jpluimers on 2021/04/16
[WayBack] Ryan James Spencer on Twitter:
“I wrote a quick Dockerfile so people who purchase Bite Size Networking from @b0rk can quickly have access to the tools. You can slim the image down to do debugging on docker networks once you get comfortable with which tools are most useful to you.”
He is planning to do more, so maybe a few of [WayBack] wizard zines get encapsulated into dockerfiles as well.
–jeroen
PS: [WayBack] Dockerfile | Docker Documentation
|
# N.B. The only tool missing here that is mentioned in the document is `zenmap` |
|
# purely because this image is intended to be run via a CLI and `zenmap` is a GUI |
|
# to `nmap` i.e. one can play around with the tools by running: |
|
# |
|
# $ docker build –name bite_size_networking:latest . |
|
# $ docker run –rm -d –name bsn_test bite_size_networking:latest |
|
# $ docker exec -it bsn_test bash |
|
# |
|
# Alternatively, one can change the `ENTRYPOINT` to `["bash"]` and run: |
|
# |
|
# $ docker run -it –name bsn_test bite_size_networking:latest |
|
# |
|
# then later (after exiting the shell): |
|
# |
|
# $ docker start bsn_test |
|
# $ docker attach bsn_test |
|
# |
|
# One can also run this image on a docker network to capture packets and so |
|
# forth for debugging purposes. Once you've found the tooling that best suits |
|
# your needs, it may make sense to make a slimmed down version of this |
|
# Dockerfile and, if wireguard isn't needed, base this image off |
|
# `debian:stable` instead. |
|
# |
|
# Lastly, you can purchase Bite Size Networking or Julia's other fantastic |
|
# zines over at https://wizardzines.com/ |
|
|
|
# We use `unstable` here since we install `wireguard` below |
|
FROM debian:unstable |
|
RUN apt update && \ |
|
DEBIAN_FRONTEND=noninteractive apt install -y \ |
|
dnsutils \ |
|
curl \ |
|
nmap \ |
|
tcpdump \ |
|
ngrep \ |
|
mitmproxy \ |
|
iptables \ |
|
ethtool \ |
|
stunnel \ |
|
hping3 \ |
|
lsof \ |
|
ipcalc \ |
|
p0f \ |
|
iperf \ |
|
apache2-utils \ |
|
wget \ |
|
python3 \ |
|
iftop \ |
|
nethogs \ |
|
iptraf \ |
|
httpie \ |
|
nload \ |
|
aria2 \ |
|
nftables \ |
|
tcpflow \ |
|
telnet \ |
|
openvpn \ |
|
links \ |
|
wireguard \ |
|
tshark |
|
ENTRYPOINT ["sh", "-c", "while true; do sleep $(( 60 * 60 * 24 )); done"] |
Like this:
Like Loading...
Posted in *nix, *nix-tools, Cloud, Containers, Docker, Infrastructure, Power User | Leave a Comment »
Posted by jpluimers on 2021/04/12
Cool historic article: [WayBack] The Architecture of Open Source Applications: Sendmail by Eric Allman.
It is Chapter 17 of this book [WayBack]:
I totally missed that book being published in 2014.
Great historic read!
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, History, Power User, sendmail | Leave a Comment »
Posted by jpluimers on 2021/03/31
Based on [WayBack] linux – How can I execute a series of commands in a bash subshell as another user using sudo? – Stack Overflow:
alias restart-spotlight-service-as-root="sudo bash -c 'echo stop;launchctl stop com.apple.metadata.mds;echo start;launchctl start com.apple.metadata.mds;echo started'"
The bold bits above sudo bash -c 'echo stop;launchctl stop com.apple.metadata.mds;echo start;launchctl start com.apple.metadata.mds;echo started' allow the commands between single quotes to executed in one new bash shell under sudo.
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Apple, bash, bash, Development, Mac OS X / OS X / MacOS, Power User, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2021/03/29
Sometimes you have a long enough password, that matches with the confirmation, but pressing “Enter” to continue gives “Password does not have enough character types”:
From [WayBack] Disable ESXi Password Complexity – Perfect Cloud:
A part of my job as a VMware Certified Instructor is to update our lab systems whenever new vSphere versions come out. After upgrading from 5.5 to 6.0 I decided we should change passwords, h…
This is the workflow:
- Make a backup of
/etc/pam.d/passwd.
- Use
vi to edit /etc/pam.d/passwd, and:
- Put a
# in front of the lines starting with password requisite
- Remove the
use_authtok bit of the line starting with password sufficient
- Put a
# in front of the line starting with password required
- Quit
vi while saving (press Esc, then enter :wq on the prompt)
- Change the password to a less secure one
- Restore the original
/etc/pam.d/passwd.
Via: esxi 6 force short password – Google Search
Working around this on during ESXi installation fails
I tried this:
- Press Alt-F1 to go from the installation screen to the console screen
- Logon as root, with no password at all to get to the command-prompt:
- Perform the
/etc/pam.d/passwd editing steps above
- Press Alt-F2 to go back to the install screen
- Enter root password
The password requirements stayed.
(more screenshots at [WayBack] ESXi 6.7 installation Guide – Let We-i Go)
Related
- [WayBack] passwdqc – password/passphrase strength checking and policy enforcement toolset for your servers and software
- [WayBack] installing ESXi 6.7, stuck on root password with this message :password must be at least 7 characters long : vmware
The default required password complexity changed between 6.5 and 6.7.
In addition to needing to be at least seven characters, the password must include at least three of the four character classes:
-
Upper case – exception: the first character being upper case does not count towards the class requirement
-
Lower case
-
Numbers – exception: the last character being a number does not count towards the class requirement
-
Symbols
Also, no dictionary words (whether spelt forwards or backwards).
- [WayBack] ESXi Passwords and Account Lockout
For ESXi hosts, you have to use a password with predefined requirements. You can change the required length and character class requirement or allow pass phrases using the Security.PasswordQualityControl advanced option.
- “Security.PasswordQualityControl” – Google Search
- [WayBack] ESXi 6.x Password Calculator for Security.PasswordQualityControl | Virtually Blogging
- [WayBack] Virtual Maestro: VMware ESXi 6.X password policy
- [WayBack] VMware ESXi6 Password Policy – ivobeerens.nl
- [WayBack] Virtual Maestro: VMware ESXi 6.X password policy
- [Archive.is] vSphere Documentation Center
Example: Editing /etc/pam.d/passwd
password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4
values
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=12,9,8,7,6
With this setting in effect, the password requirements are:
- retry=3: A user is allowed 3 attempts to enter a sufficient password.
- N0=12: Passwords containing characters from one character class must be at least 12 characters long.
- N1=9: Passwords containing characters from two character classes must be at least nine characters long.
- N2=8: Passphrases must contain words that are each at least eight characters long.
- N3=7: Passwords containing characters from three character classes must be at least seven characters long.
- N4=6: Passwords containing characters from all four character classes must be at least six characters long.
- [WayBack] VMware:ESXi Kennwortsicherheit heruntersetzen oder ändern – znilwiki
Passwortklassen sind schlicht
Grossbuchstaben
Kleinbuchstaben
Zahlen
Sonderzeichen
wobei das erste Zeichen nicht zählt. Also gilt
dumpfbacke : 1 Passwortklasse
Dumpfbacke : 1 Passwortklasse
DumpfBacke : 2 Passwortklassen
DumpfBacke1 : 3 Passwortklassen
DumpfBacke1% : 4 Passwortklassen
Indem man alle Werte auf 0 setzt, also
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=0,0,0,0,0
schaltet man alle Anforderungen aus.
Alternativ geht das auch mit
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6 enforce=none
On my ESXI 6.5 system where the italic bit is removed, besides the two lines being commented out:
- original
/etc/pam.d/passwd:
#%PAM-1.0
# Change only through host advanced option "Security.PasswordQualityControl".
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
password required /lib/security/$ISA/pam_deny.so
- modified
/etc/pam.d/passwd:
#%PAM-1.0
# Change only through host advanced option "Security.PasswordQualityControl".
#password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
password sufficient /lib/security/$ISA/pam_unix.so nullok shadow sha512
#password required /lib/security/$ISA/pam_deny.so
On my ESXI 6.7 system (which adds the bold lines below):
- original
/etc/pam.d/passwd:
#%PAM-1.0
# Change only through host advanced option "Security.PasswordQualityControl".
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
# Change only through host advanced option "Security.PasswordHistory"
password requisite /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
password required /lib/security/$ISA/pam_deny.so
- modified
/etc/pam.d/passwd:
#%PAM-1.0
# Change only through host advanced option "Security.PasswordQualityControl".
#password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
# Change only through host advanced option "Security.PasswordHistory"
#password requisite /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
password sufficient /lib/security/$ISA/pam_unix.so nullok shadow sha512
#password required /lib/security/$ISA/pam_deny.so
–jeroen
Like this:
Like Loading...
Posted in *nix, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »
Posted by jpluimers on 2021/03/26
For my link archive: [WayBack] Encode/Decode Quoted Printable – Webatic.
It did a splendid job at decoding email files in MIME format Quoted-printable.
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Communications Development, Development, eMail, Encoding, Internet, Internet protocol suite, Power User, sendmail, SMTP, SocialMedia, Software Development | Leave a Comment »
