The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

Re: [opensuse-factory] openssl dependency problems with snapshot 2017112

Posted by jpluimers on 2017/12/01

I had zypper being confused about the dist-upgrade between these snapshots:

< CPE_NAME="cpe:/o:opensuse:tumbleweed:20171125"
---
> CPE_NAME="cpe:/o:opensuse:tumbleweed:20171129"

It ran into this:

Problem: libopenssl-1_0_0-devel-1.0.2m-1.1.x86_64 conflicts with libopenssl-devel > 1.0.2m provided by libopenssl-devel-1.1.0g-1.1.noarch

Based on [WayBackRe: [opensuse-factory] openssl dependency problems with snapshot 2017112 after discussing with DimStar, I choose to have zypper dist-upgrade to perform

deinstallation of libopenssl-1_0_0-devel-1.0.2m-1.1.x86_64

Now all is fine.

Thanks Dominique a.k.a. DimStar!

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

SuSEconfig is dead…

Posted by jpluimers on 2017/11/30

SuSEconfig has been dead for a while, but still indexed at quite a few of the official sites stressing the importance to use it.

It used to apply the configuration in /etc/sysconfig to the system.

The rationale for removal was simple:

Let’s remove all SuSEconfig scripts since only YaST calls SuSEconfig but other tools like rpm and zypper do not call it.

If scripts are needed, they need to be invoked as part of the postinstall.

Now most services either know to directly handle the configuration data there (and apply it during reload/restart/start of the service), or have a tool (like postfix now has /usr/sbin/config.postfix) to apply the settings.

–jeroen

References:

 

 

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

iptables debugging « \1

Posted by jpluimers on 2017/11/28

Using the TRACE target: [WayBackiptables debugging « \1 via [WayBack] iptables Debugging using the TRACE chain – Kristian Köhntopp – Google+

Docs:

TRACE
This target marks packes so that the kernel will log every rule which match the packets as those traverse the tables, chains,
rules. (The ipt_LOG or ip6t_LOG module is required for the logging.) The packets are logged with the string prefix: “TRACE:
tablename:chainname:type:rulenum ” where type can be “rule” for plain rule, “return” for implicit rule at the end of a user
defined chain and “policy” for the policy of the built in chains.
It can only be used in the raw table.

Way more details in the linked article.

–jeroen

Posted in *nix, *nix-tools, Firewall, Infrastructure, iptables, Power User | Leave a Comment »

DNS Knowledge DNS Tutorial, News and Tools: How to setup Quad9 DNS on a Linux

Posted by jpluimers on 2017/11/24

Reminder to self so I try this out: [Archive.isDNS Knowledge DNS Tutorial, News and Tools: How to setup Quad9 DNS on a Linux

Quad9 is a free security solution that uses DNS to protect your systems against the most common cyber threats and you can setup it on Linux.

Related: [Archive.is] Quad9 | Internet Security & Privacy In a Few Easy Steps:

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system’s performance, plus, it preserves and protects your privacy. It’s like an immunization for your computer.

Via: [WayBack] Remember 8.8.8.8 (Google DNS)? Now we have 9.9.9.9 from IBM/Quad9 that brings together cyber threat intelligence about malicious domains…. – nixCraft – Google+

Remember 8.8.8.8 (Google DNS)? Now we have 9.9.9.9 from IBM/Quad9 that brings together cyber threat intelligence about malicious domains. It can block malware and other bad domains. https://www.dnsknowledge.com/tutorials/how-to-setup-quad9-dns-on-a-linux/ and https://quad9.net/#/ What do you think? Do you use Google DNS or OpenDNS or ISP DNS or newer Quad9 DNS?

–jeroen

Posted in *nix, DNS, Internet, Power User, Security | Leave a Comment »

Excellent blog post from Jessica on how to setup the best Linux on Windows environment! @jldeen – via @shanselman

Posted by jpluimers on 2017/11/20

Via [WayBackScott Hanselman @shanselman: Excellent blog post from Jessica on how to setup the best Linux on Windows environment! @jldeen:

[WayBack] Badass Terminal: FCU WSL Edition (oh-my-zsh, powerlevel9k, tmux, and more!)

It’s that time again! The time to write another epic blog post, this time for WSL, also known as Windows Subsystem for Linux.

It requires Windows 10 Version 1709 (Fall_Creators_Update) which has build number 10.0.16299.

–jeroen

Read the rest of this entry »

Posted in *nix, Linux, Power User, Windows, Windows 10, WSL Windows Subsystem for Linux | Leave a Comment »

immediate “Too many authentication failures” – check your authentication methods

Posted by jpluimers on 2017/11/15

If you ever ssh into something and immediately get the immediate Too many authentication failures message, then you’ve probably mixed your authentication methods.

Follow the steps in [WayBackssh – Too many authentication failures for username – Super User (thanks [WayBackJohn T and [WayBackBen West).

First check out whats wrong by slowly increasing the number of -v parameters to make output more verbose:

ssh -v
ssh -v -v
ssh -v -v -v

Then try to find out which authentication method fails: usually it’s a private key that’s wrong.

I’ve had success in various cases where I screwed up with these ssh parameters:

-o PubkeyAuthentication=no
-i some_id_rsa -o IdentitiesOnly=yes

–jeroen

 

Posted in *nix, Communications Development, Development, Internet protocol suite, Power User, Software Development, SSH, TCP | Leave a Comment »

TLS tests for your mail server

Posted by jpluimers on 2017/11/09

Need to do some more research on this to ensure I didn’t goof up:

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, Security, sendmail, SMTP | Leave a Comment »

MX Backup – Postfix Email Server | samhobbs.co.uk

Posted by jpluimers on 2017/11/09

Interesting as it has steps for both OpenSuSE and Debian each well suited for running on a Raspberry Pi.

[WayBackMX Backup – Postfix Email Server | samhobbs.co.uk

It seems postfix is a lot easier to configure than sendmail so I already like it.

First I need to read a bit more in Postfix greylisting.

I’ll need to catch up on Sam’s other parts with the postfix tag as well:

–jeroen

Posted in *nix, *nix-tools, Debian, Development, Hardware Development, Linux, openSuSE, Power User, Raspberry Pi, Raspbian, sendmail, SuSE Linux, Tumbleweed | Leave a Comment »

bash: `printf` supports `\e` just like `echo -e` does

Posted by jpluimers on 2017/11/07

Learned a few things when modifying https://github.com/gkotian/gautam_linux/blob/master/scripts/colours.sh

Note: `printf` supports emitting `ESC` (ASCII character `\033` aka `27` aka `0x1B`)as `\e` the same way that `echo` does

https://linux.die.net/man/1/printf
https://linux.die.net/man/1/echo

Format strings are at https://linux.die.net/man/3/printf
%-10s means left adjusted (aligned) string of length 10

–jeroen

via:

I was investigating how the colour definitions on my OpenSuSE system actually work internally so I added some extra output: ${TYPE} and ${COLOUR}.

Source: Show type and colour definition in addition to the rendered colour. by jpluimers · Pull Request #5 · gkotian/gautam_linux

Posted in *nix, *nix-tools, bash, bash, Development, Linux, openSuSE, Power User, Scripting, Software Development, SuSE Linux | Leave a Comment »

cURL – POST an XML file as a stream

Posted by jpluimers on 2017/10/25

I hope I’m not alone on this but I find the cURL documentation hard to follow and short on examples.

My goal was to mimic some HTTP XML posting traffic a server gets from IoT devices. Google Chrome Postman (or Postman REST Client) reproduction is very easy and will send.

TL;DR

  1. ensure you have an empty --header "Content-Type:" header: this ensures that cURL doesn’t add one and does not mess on how the content is being transferred.
  2. use the --data or --data-binary command with an @ to post a file as body.
  3. if you want --write-out then be sure you have a recent cURL version.

This is how the IoT or Postman will send.

  • Post headers like these:

Host:127.0.0.1:8080
Content-Length: 245
Connection:Keep-Alive

  • Content like this:


<?xml version="1.0"?>
<Root Attribute="value">
<Branch>
<Leaf>content</Leaf>
</Branch>
<Branch Attribute="value">
<Bough Attribute="value">
<Twig Attribute="value">
<Leaf Attribute="value"/>
</Twig>
</Bough>
</Branch>
</Root>

view raw

httpPostSample.xml

hosted with ❤ by GitHub

The data is being streamed to the HTTP server even with the very limited set of headers.

I’ve been unable to come up with exact cURL statement that exactly matches the headers and way the content is being transferred.

This is what I tried (in all examples, %1 is the IPv4 address of the HTTP 1.1 server):

  • POST with the all the headers and the --data command:

curl --request POST --header "Host: %1:8080" --header "Content-Length: 245" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This will hang the connection: somehow cURL will never notify the upload is done and the HTTP server keeps waiting. When you put --verbose or --trace-ascii - on the command-line you will see something like this before hanging: * upload completely sent off: 245 out of 245 bytes.

Note the trick to emit the ASCII trace to stdout using --trace-ascii with the minus sign: thanks to [WayBack] Daniel Stenberg for answering [WayBackHow can I see the request headers made by curl when sending a request to the server? – Stack Overflow.

You can do the same with --trace which dumps all characters (not only ASCII) including their HEX representation

  • POST with the all but the Content-Length headers and the --data command:

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This will automatically add a Content-Length: 245 header and complete the transfer. But it will also add a Content-Type: application/x-www-form-urlencoded header causing the content not being posted as a body.

  • POST with a --form file= command:

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --form file=@httpPostSample.xml http://%1:8080/target

This will automatically ad a Content-Length: xxx header (way longer than 245) because it converts the request into a Content-Type: multipart/form-data; boundary=------------------------e1c0d47bac806954 one (the hex at the end differs) which is totally unlike what Postman does.

It is also unlike to what the HTTP server accepts.

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --data-binary @httpPostSample.xml http://%1:8080/target

curl –request POST –header “Host: %1:8080” –header “Connection: Keep-Alive” –data-binary @httpPostSample.xml http://%1:8080/target

It turns out that --data-ascii is exactly the same as --data and that --data-binary just skips some new-line conversion when compared to --data or --data-ascii. Contrary to the --data-raw documentation that suggest it is equivalent to --data-binary it seems --data-raw behaves exactly like --data and --data-ascii. Odd.

So these are all stuck with the Content-Type: application/x-www-form-urlencoded and I thought I was running out of options.

Then I found [WayBacksoundmonster had posted an answer at [WayBackhttp – What is the cURL command-line syntax to do a POST request? – Super User mentioning to add a Content-Type header.

So I changed the request to include the --header "Content-Type: text/xml; charset=UTF-8"  header:

  • curl --request POST --header "Content-Type: text/xml; charset=UTF-8" --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This works. But: the Content-Type header is not present in the original request.

Finally it occurred to me: What if cURL would not insert a Content-Type header if I add an empty Content-Type header?.

That works!

  • curl --request POST --header "Content-Type:" --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

It posts exactly the same content as the IoT devices and Postman do.

Phew!

 

I tried to combine this with the --write-out (a.k.a. -w) option, but for older versions of cURL (I could reproduce with 7.34) that forces cURL back in to Content-Type: application/x-www-form-urlencoded mode so watch your cURL version!

Later I will put more research in chuncked transfer. Links that might help me:

–jeroen

Some of the references:

Posted in *nix, bash, cURL, Development, Encoding, Power User, Scripting, Software Development | Leave a Comment »

« Previous Entries
Next Entries »