Gene Wood gene1wood

## set_chef_server_webui_password.py
require 'json'
dna=JSON.parse(IO.read("/opt/chef-server/embedded/cookbooks/dna.json"))
dna["chef_server"]["chef-server-webui"]["web_ui_admin_default_password"] = "YOUR PASSWORD GOES HERE"
File.open("/opt/chef-server/embedded/cookbooks/dna.json","w") do |f|
  f.write(dna.to_json)
end

## enable_ses_on_amazon_linux.sh
yum install postfix
alternatives --set mta /usr/sbin/sendmail.postfix
service sendmail stop
chkconfig sendmail off
# https://github.com/mozilla/identity-ops/blob/master/chef/cookbooks/persona-common/recipes/postfix.rb
HISTCONTROL=ignoreboth
 USERNAME="usernamegoeshere"
 PASSWORD="passwordgoeshere"
echo "email-smtp.us-east-1.amazonaws.com:25 $USERNAME:$PASSWORD" > /etc/postfix/sasl_passwd
/usr/sbin/postmap /etc/postfix/sasl_passwd

## show
#!/bin/bash

if [ -e "$1" ]; then
  if grep -- ' PRIVATE KEY-' "$1" >/dev/null; then
    action=rsa
  elif grep -- '-BEGIN CERTIFICATE REQUEST-' "$1" >/dev/null; then
    action=req
  elif grep -- '-BEGIN CERTIFICATE-' "$1" >/dev/null; then
    action=x509
  else

## knockd.conf
[options]
	logfile = /var/log/knockd.log

[openSSH]
   sequence    = 10000,20000,30000,40000
   seq_timeout = 45
   tcpflags    = syn
   command     = /sbin/iptables -I INPUT 15 -s %IP% -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT -m comment --comment "knockd added `date +%F_%T` allowing access to SSH, HTTP and HTTPS : `dig -x %IP% +short`"

[closeSSH]

## delete_knockd_iptables_rule
#!/bin/bash

# This script is called by knockd and configured in the knockd.conf : https://gist.github.com/gene1wood/7489372

if [ -z "$1" ]; then
  echo "usage : $0 IPADDRESS"
  exit 1
fi

num="`iptables --list INPUT -n --line-numbers | awk '$13 == "knockd" {print $0}' | awk -v IP=$1 '$5 == IP {print $1}' | head -1`"

## ciwait.sh
watch pstree -al `pgrep S99cloud-final`

## find_revealed_g3_photos.sql
# Find all photos which do not have the "[core] view item" permission
# and which are not part of an album which also does not have the
# "[core] view item" permission. These photos will be publicly viewable
# in gallery 3 unlike gallery 2
CREATE TEMPORARY TABLE restricted_items
  SELECT DISTINCT(
           TRIM(TRAILING '/' FROM
             SUBSTRING_INDEX(
               g2_ItemAttributesMap.g_parentSequence,
               '/',

## pssh-chef.sh
# `get_hosts $stack` returns the ips of the instances in the named stack
# the "-t -t" extra-args works around the issue of running sudo without a tty
# the "--force-formatter" tells chef-solo to still output what it's doing even though it has no tty

stack=1234
pssh --host="`get_hosts $stack`" --timeout=0 --inline --par=10 --extra-args='-t -t -o StrictHostKeyChecking=no' --user=ec2-user 'if tail -1 /var/log/chef.log | grep FATAL; then sudo chef-solo -c /etc/chef/solo.rb -j /etc/chef/node.json --force-formatter; fi'

## bam_next_meeting_widget.html
<div class="textwidget"><span id="nextmeeting">The next meeting will be held at Linden Street Brewery </span><span id="nojavascript">on the second Thursday of the month</span>. Social starts at 7:00pm, meeting starts at 7:30pm.

<script>
// First, checks if it isn't implemented yet.
if (!String.prototype.format) {
  String.prototype.format = function() {
    var args = arguments;
    return this.replace(/{(\d+)}/g, function(match, number) {
      return typeof args[number] != 'undefined'
        ? args[number]

## loopCurl.sh
#!/bin/bash
for i in $(eval echo {1..$1})
do
echo $(date +"%T")
if ! curl -v "https://accounts.firefox.com" -o /dev/null &>/tmp/c.out; then
  cat /tmp/c.out
else
  echo "success"
fi
	require 'json'
	dna=JSON.parse(IO.read("/opt/chef-server/embedded/cookbooks/dna.json"))
	dna["chef_server"]["chef-server-webui"]["web_ui_admin_default_password"] = "YOUR PASSWORD GOES HERE"
	File.open("/opt/chef-server/embedded/cookbooks/dna.json","w") do \|f\|
	f.write(dna.to_json)
	end
	yum install postfix
	alternatives --set mta /usr/sbin/sendmail.postfix
	service sendmail stop
	chkconfig sendmail off
	# https://github.com/mozilla/identity-ops/blob/master/chef/cookbooks/persona-common/recipes/postfix.rb
	HISTCONTROL=ignoreboth
	USERNAME="usernamegoeshere"
	PASSWORD="passwordgoeshere"
	echo "email-smtp.us-east-1.amazonaws.com:25 $USERNAME:$PASSWORD" > /etc/postfix/sasl_passwd
	/usr/sbin/postmap /etc/postfix/sasl_passwd
	#!/bin/bash

	if [ -e "$1" ]; then
	if grep -- ' PRIVATE KEY-' "$1" >/dev/null; then
	action=rsa
	elif grep -- '-BEGIN CERTIFICATE REQUEST-' "$1" >/dev/null; then
	action=req
	elif grep -- '-BEGIN CERTIFICATE-' "$1" >/dev/null; then
	action=x509
	else
	[options]
	logfile = /var/log/knockd.log

	[openSSH]
	sequence = 10000,20000,30000,40000
	seq_timeout = 45
	tcpflags = syn
	command = /sbin/iptables -I INPUT 15 -s %IP% -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT -m comment --comment "knockd added `date +%F_%T` allowing access to SSH, HTTP and HTTPS : `dig -x %IP% +short`"

	[closeSSH]
	#!/bin/bash

	# This script is called by knockd and configured in the knockd.conf : https://gist.github.com/gene1wood/7489372

	if [ -z "$1" ]; then
	echo "usage : $0 IPADDRESS"
	exit 1
	fi

	num="`iptables --list INPUT -n --line-numbers \| awk '$13 == "knockd" {print $0}' \| awk -v IP=$1 '$5 == IP {print $1}' \| head -1`"
	# Find all photos which do not have the "[core] view item" permission
	# and which are not part of an album which also does not have the
	# "[core] view item" permission. These photos will be publicly viewable
	# in gallery 3 unlike gallery 2
	CREATE TEMPORARY TABLE restricted_items
	SELECT DISTINCT(
	TRIM(TRAILING '/' FROM
	SUBSTRING_INDEX(
	g2_ItemAttributesMap.g_parentSequence,
	'/',
	# `get_hosts $stack` returns the ips of the instances in the named stack
	# the "-t -t" extra-args works around the issue of running sudo without a tty
	# the "--force-formatter" tells chef-solo to still output what it's doing even though it has no tty

	stack=1234
	pssh --host="`get_hosts $stack`" --timeout=0 --inline --par=10 --extra-args='-t -t -o StrictHostKeyChecking=no' --user=ec2-user 'if tail -1 /var/log/chef.log \| grep FATAL; then sudo chef-solo -c /etc/chef/solo.rb -j /etc/chef/node.json --force-formatter; fi'
	<div class="textwidget"><span id="nextmeeting">The next meeting will be held at Linden Street Brewery </span><span id="nojavascript">on the second Thursday of the month</span>. Social starts at 7:00pm, meeting starts at 7:30pm.

	<script>
	// First, checks if it isn't implemented yet.
	if (!String.prototype.format) {
	String.prototype.format = function() {
	var args = arguments;
	return this.replace(/{(\d+)}/g, function(match, number) {
	return typeof args[number] != 'undefined'
	? args[number]
	#!/bin/bash
	for i in $(eval echo {1..$1})
	do
	echo $(date +"%T")
	if ! curl -v "https://accounts.firefox.com" -o /dev/null &>/tmp/c.out; then
	cat /tmp/c.out
	else
	echo "success"
	fi