epcim

CA - based on gnutls-bin

---

this directory holds CA key + wildcard certificates created for new infrastructure the CA key/cert is "ca-cert.pem/key"

TODO:

• create scripts to re-generate client certificates based on NEW CA
• develop procedure to generate client/server certs from template (partialy done)
• develop procedure to generate clr files + revocate certificate + distribute them on public places

epcim

Adding trusted root certificates to the server

Mac OS X

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
sudo security delete-certificate -c "<name of existing certificate>"

Windows

certutil -addstore -f "ROOT" new-root-certificate.crt

epcim

identify big pods/containers

investigage big files

DST=/mnt
find /var/lib -type f -size +1G -exec ls -lh {} \; | tee  $DST/bigfiles_var_lib_$(date "+%H%M").log
find /var/lib -type f -size +1G -exec ls -lh {} \; | awk '{ print $5 ": " $9 }' | sort -rh > $DST/bigfiles_var_lib_$(date "+%H%M").sorted.log

misbehave processes

epcim

##-- repeatedly find hosts --
IP_RANGE=172.25.25.0-254
HOST_LIST=HostList
HOST_LIST_NEW=.tmp_hln
TMP_NEWIP=.tmp_newip
touch $HOST_LIST
nmap -sL -e eth0 -PI -PT -T2 -PS $IP_RANGE | grep -B1 MAC | grep -v "\-\-" | sed -e 's/not scanned//' > $HOST_LIST_NEW
for i in `grep Host $HOST_LIST_NEW| awk '{print $2}'`; do [ `grep $i $HOST_LIST | wc -l` -eq 0 ] && echo $i; done > $TMP_NEWIP
for i in `cat $TMP_NEWIP`; do grep -A1 $i $HOST_LIST_NEW; done >> $HOST_LIST

epcim

#!/bin/bash

checkusage() {
  [[ $# -lt 2 ]] && err_exit 'Usage: reencrypt.sh KEY_ID FILE...'
}

err() { echo -e "$@" >&2; }

err_exit() {
  err "$@"

epcim

#clone the repo
git clone http://git.ipxe.org/ipxe.git

cd ipxe/src
cat >ubuntu-amd64-installer.ipxe <<EOF
#!ipxe
dhcp
echo Starting Ubuntu x64 installer for ${hostname}
set base-url http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64
kernel ${base-url}/linux

epcim

scenarios: TMPDIR=new/path make and make TMPDIR=new/path

SHELL  := env TMPDIR=$(TMPDIR) $(SHELL)
TMPDIR ?= "/tmp"

all:
  @echo $(TMPDIR)

epcim

Fucking work, nothing works as expected.

   ┓┏┓┏┓┃ 
   ┛┗┛┗┛┃＼○／ 
   ┓┏┓┏┓┃ / Jdu se zabit
   ┛┗┛┗┛┃ノ) 
   ┓┏┓┏┓┃ 
   ┛┗┛┗┛┃ 
 ┓┏┓┏┓┃ 

epcim

pass cheat sheet/guide

Getting started guide to the unix password manager pass. Manage gpg encripted passwords (files) in a standar directory-like hierarchy. Such files can be copied or stored in a git repository.

Requirements

1. Install [pass][pass-homepage] (standard unix password manager):

Ubuntu/Debian:

$ sudo apt-get install pass

epcim

tar cvJ /etc/vpm/ | age -r $(curl -qsSL https://f.apealive.net/pub/$USER.age.pub) | croc send

Receiving side
# cat croc-stdin-2310548854 | age -d -i <(pass show age-$USER-public) | tar xvJ