You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dpkg-diff-pkg-file - diff between original package file vs. local file
First version: 2024.18.1
Current version: 2024.18.4
Run dpkg-diff-pkg-file --help for usage. Also available at the top of the script.
dpkg-diff-pkg-file will attempt to show you a visual difference between an original package file vs. your local file. This can help resolve config drift and conflicts ahead of attended/unattended upgrades.
Notes around secure defaults for Debian sshd_config and MFA
Disclaimer:Your mileage may vary. Rigorous testing (e.g. pen-testing) is recommended to validate that your config behaves according to your use cases, that it is secure, locked down and not exploitable.
The following configs provide a "secure by default" configuration for sshd and enforces MFA authentication from public ip space.
A screencast walking-through and demonstrating the configuration has been posted on YouTube here: https://youtu.be/m_MCVm79xyY
In theory, the strategy/concept and configuration should work on most distros running sshd. The screencast was recorded on an instance of Debian 12 aka bookworm. OpenSSH_9.2, OpenSSL 3.0.9.
zed scheduled zpool scrub support for MAX_PARALLEL_SCRUBS
Check the inline code docs.
The revision of the script on my system was this one.
I don't have the time at the moment to submit a bug and/or patch and/or commit directly to HEAD.
I did a quick study of the Debian bug reporting process and the reportbug tool.
cite: https://www.debian.org/Bugs/Reporting
I will try to find the time to report the improvement and link the maintainers to this gist.
example of the xargs process pool with MAX_PARALLEL_SCRUBS=3
Pay attention to the docs on user. as it determines both the author and committer fields.
This approach can be useful when you find yourself having to make a commit to someone else's repo or an anonymous repo, where you don't want to modify the persistent git config.
I had issues using GIT_AUTHOR_EMAIL and GIT_AUTHOR_NAME env vars to work, so I was probably doing something wrong, maybe I was having a mix up with GIT_COMMITTER_EMAIL and GIT_COMMITTER_NAME. Feel free to experiment with them and check the docs.
mirror a root owned path to a remote node, with your non root user
mirror a root owned path to a remote node, with your non root user
Its often undesirable for InfoSec reasons and/or a productivity killer to use root to ssh|scp|rsync to other nodes.
There seem to be a number of sources of knowledge online about rsync'ing when you have sudo rights on the remote dst node aka "the receiver", but I didn't find a good answer when you also want to use sudo on the local src node aka "the sender".
Typically once you've sudo rsync on the sender node, the env is changed to the sudo user e.g. root and previous session authentication mechanisms are lost.
For example if you have barrier free ssh and sudo access to your internal systems with your own user because of already satisfying MFA on the perimeter, and you're using ssh keys and/or Kerberos tickets to persist authenticated sessions, it can be a real PITA to be forced to use a different user to ssh|scp|rsync.
In related news root is often restricted for good InfoSec reasons via sshd_config directive `PermitRoo
edited with: https://stackedit.io (why is this not built-in into the .md gist editor 😵⁉)
Sometimes there is non-obvious stuff/errors happening when managing or creating systemd units, and its is easy to waste time trying to figure out. Here is a brain dump for future me/you/us ✌😉
A pitfall I keep wasting time on is expecting all output/errors in the unit journal, but if something goes wrong before the unit starts, then output/errors may not be in the unit journal, so you need remove the unit filter and/or check /var/log/messages or perhaps /var/log/syslog depending on how your distro is configured.
search terms that might land here
"systemd unit output and errors go to messages and not my unit journal"
shell/bash scripts for AWS S3 upload and download (signature v4)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters