salmon5

## add-dod-certs.sh
#!/bin/bash
# Import DoD root certificates into linux CA store

main() {
    # Location of bundle from DISA site
    url='https://public.cyber.mil/pki-pke/pkipke-document-library/'
    bundle=$(curl -s $url | awk -F '"' 'tolower($2) ~ /dod.zip/ {print $2}')
    #bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip

    # Set cert directory and update command based on OS

## gist:82aed34824ef0819f92903c8e0fda1bc
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain

    ssl_certificate           /etc/ssl/localcerts/yourdomain.crt;
    ssl_certificate_key       /etc/ssl/localcerts/yourdomain.key;
    ssl_ecdh_curve prime256v1;

    ssl_session_cache  builtin:1000  shared:SSL:10m;

## RH342.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                salmon5
                / RH342.md
            
            
              Created
              June 11, 2021 13:49
                — forked from luckylittle/RH342.md
            
              
                Red Hat RH342 Notes
              
          
    Red Hat Enterprise Linux Diagnostics & Troubleshooting (RH342)

Last update: Fri Jul 26 08:23:20 UTC 2019 by @luckylittle

1. Troubleshooting principles

2. Generic issues


## unix-socket-checker.py
#!/usr/bin/python

import os
import sys
import time
import logging
import socket


def check_unix_socket():

## tcp_conn_blaster.py
import logging
import socket
import sys
import threading
import time

CLIENT_CONN_ADDR="127.0.0.1"
CLIENT_NUM_CONNS=10
SERVER_PORT=8888
SERVER_SYN_BACKLOG=128

## request.sh
#!/bin/bash

# References
# http://www.computerhope.com/unix/nc.htm#03
# https://github.com/daniloegea/netcat
# http://unix.stackexchange.com/questions/26715/how-can-i-communicate-with-a-unix-domain-socket-via-the-shell-on-debian-squeeze
# http://unix.stackexchange.com/questions/33924/write-inside-a-socket-open-by-another-process-in-linux/33982#33982
# http://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip
# http://www.dest-unreach.org/socat/
# http://stuff.mit.edu/afs/sipb/machine/penguin-lust/src/socat-1.7.1.2/EXAMPLES

## watch-unix-socket.stp
/*
 * watch_unix_socket.stp
 *
 * This is a simply more modern version of the script found here:
 * https://sourceware.org/systemtap/wiki/WSunixSockets
 *
 * The first argument is the location of the file descriptor for a UNIX socket.
 * To find this address, for example, for the Docker socket run:
 *
 * # lsof 2>&1 | awk '/docker.sock/ {print $7}' | grep -v '0t0' | sort -u

## nchttpd
#!/bin/bash
#usage: nchttpd port "cmd"
#    port - port number to listen on for requests (if port < 1024 use sudo)
#    cmd - command to execute when a request comes in, ex> "cat /var/www/index.html"
#
#example:
#  $nchttpd 1500 "cat /var/www/index.html"
#
while true; do
        echo "HTTP/1.1 200 OK\r\n $($2)" | nc -lp $1 -q 1 &

## bgpd.conf
#@ /etc/quagga/bgpd.conf (Centos & Ubuntu)

hostname <Local OS hostname>
password <Any random phrase>
enable password <Any random phrase>
!
log file /var/log/quagga/bgpd
!debug bgp events
!debug bgp zebra
debug bgp updates

## Dockerfile
FROM ubuntu

RUN apt-get update
RUN apt-get install -y socat

VOLUME /foo

CMD socat UNIX-LISTEN:/foo/bar.sock -
	#!/bin/bash
	# Import DoD root certificates into linux CA store

	main() {
	# Location of bundle from DISA site
	url='https://public.cyber.mil/pki-pke/pkipke-document-library/'
	bundle=$(curl -s $url \| awk -F '"' 'tolower($2) ~ /dod.zip/ {print $2}')
	#bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip

	# Set cert directory and update command based on OS
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name yourdomain

	ssl_certificate /etc/ssl/localcerts/yourdomain.crt;
	ssl_certificate_key /etc/ssl/localcerts/yourdomain.key;
	ssl_ecdh_curve prime256v1;

	ssl_session_cache builtin:1000 shared:SSL:10m;
	#!/usr/bin/python

	import os
	import sys
	import time
	import logging
	import socket


	def check_unix_socket():
	#!/bin/bash

	# References
	# http://www.computerhope.com/unix/nc.htm#03
	# https://github.com/daniloegea/netcat
	# http://unix.stackexchange.com/questions/26715/how-can-i-communicate-with-a-unix-domain-socket-via-the-shell-on-debian-squeeze
	# http://unix.stackexchange.com/questions/33924/write-inside-a-socket-open-by-another-process-in-linux/33982#33982
	# http://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip
	# http://www.dest-unreach.org/socat/
	# http://stuff.mit.edu/afs/sipb/machine/penguin-lust/src/socat-1.7.1.2/EXAMPLES
	/*
	* watch_unix_socket.stp
	*
	* This is a simply more modern version of the script found here:
	* https://sourceware.org/systemtap/wiki/WSunixSockets
	*
	* The first argument is the location of the file descriptor for a UNIX socket.
	* To find this address, for example, for the Docker socket run:
	*
	* # lsof 2>&1 \| awk '/docker.sock/ {print $7}' \| grep -v '0t0' \| sort -u
	#!/bin/bash
	#usage: nchttpd port "cmd"
	# port - port number to listen on for requests (if port < 1024 use sudo)
	# cmd - command to execute when a request comes in, ex> "cat /var/www/index.html"
	#
	#example:
	# $nchttpd 1500 "cat /var/www/index.html"
	#
	while true; do
	echo "HTTP/1.1 200 OK\r\n $($2)" \| nc -lp $1 -q 1 &
	#@ /etc/quagga/bgpd.conf (Centos & Ubuntu)

	hostname <Local OS hostname>
	password <Any random phrase>
	enable password <Any random phrase>
	!
	log file /var/log/quagga/bgpd
	!debug bgp events
	!debug bgp zebra
	debug bgp updates
	FROM ubuntu

	RUN apt-get update
	RUN apt-get install -y socat

	VOLUME /foo

	CMD socat UNIX-LISTEN:/foo/bar.sock -