Vyacheslav Voronenko

Let's assume the above script has been copied and pasted to a file called ike-scan.sh. To run the script, issue something like the following on the command-line. Note: ike-scan needs UDP port 500 to be free, this can be achieved by stopping any running IPsec service (e.g. sudo ipsec stop). Replace 123.54.76.9 in the below with your VPN server and we'll grep for SA (i.e. IPSec Security Association) which is the main thing we are interested in.

sudo ipsec stop chmod a+rx ./ike-scan.sh sudo ./ike-scan.sh 123.54.76.9 | grep SA= It may take a few minutes for the script to run to completion and the output shall look something like:

SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080) SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=128 LifeType=Seconds LifeDuration(4)=0x00007080 From the above example script output, it would mean the following phase 1 & 2 algorithms options could be set in the IPsec dialog box advanced options:

Encrypting sensitive variables in terraform using GnuPG agent This post will walk you through how to encrypt sensitive terraform variables in a way that still permits them to be committed to VCS, while also being reasonably easy to decrypt. Examples use bash, however are easily adapted to other environments. Special thanks to this post on encrypting the ansible vault password, as my examples draw heavily from that source.

This method is particularly awesome, because you can explicitly declare who is permitted to decrypt it. So, for instance, all of the engineers on your team could be unable to access its contents, while your CI/CD system (jenkins or whatnot) can use their own gpg identity to decrypt the data.

Step 1: Create a json file with your sensitive variables echo "{ "github_api_key": "secret" }" >> variables.json Step 2: Encrypt it using gpg gpg --encrypt ./variables.json The above call will ask you to add a list of recipients. In general it’s a good idea to add yourself, so you can decrypt the

	cat <<EOF >~/.gnupg/gpg-agent.conf
	default-cache-ttl 46000
	allow-preset-passphrase
	EOF

	gpg-connect-agent RELOADAGENT /bye
	echo $SIGNING_PRIVATE_PASSPHRASE \| /usr/lib/gnupg2/gpg-preset-passphrase -v -c $(gpg --list-secret-keys --with-fingerprint --with-colons \| awk -F: '$1 == "grp" { print $10 }')

	C:\>bcdedit /copy {current} /d "No Hyper-V"
	The entry was successfully copied to {ff-23-113-824e-5c5144ea}.

	C:\>bcdedit /set {ff-23-113-824e-5c5144ea} hypervisorlaunchtype off
	The operation completed successfully.


	https://www.hanselman.com/blog/SwitchEasilyBetweenVirtualBoxAndHyperVWithABCDEditBootEntryInWindows81.aspx

	version: '2'

	# starts 4 docker containers running minio server instances. Each
	# minio server's web interface will be accessible on the host at port
	# 9001 through 9004.
	services:
	minio1:
	image: minio/minio:RELEASE.2018-12-13T02-04-19Z
	volumes:
	- data1:/data

	#!/bin/bash

	systemctl stop apt-daily.service
	systemctl kill --kill-who=all apt-daily.service

	# wait until `apt-get updated` has been killed
	while ! (systemctl list-units --all apt-daily.service \| fgrep -q dead)
	do
	sleep 1;
	done

	#! /bin/bash

	IPTABLES=/sbin/iptables

	WANIF='eth1'
	LANIF='eth2'

	# enable ip forwarding in the kernel
	echo 'Enabling Kernel IP forwarding...'
	/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

	http://map.land.gov.ua/kadastrova-karta/find-Parcel?cadnum=

	Видає тільки 4 крайні точки в координатах EPSG:3857 WGS 84 / Pseudo-Mercator.
	Тут можна конвертнути в звичний EPSG:4326 WGS 84
	https://epsg.io/transform#s_srs=3857&t_srs=4326

	Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/

	ami-id
	ami-launch-index
	ami-manifest-path
	block-device-mapping/
	events/
	hostname
	iam/
	identity-credentials/

	# Write safe shell scripts
	set -euf -o pipefail
	# Keep environment clean
	export LC_ALL="C"
	# Set variables
	readonly TMP_DIR="/tmp"
	readonly TMP_OUTPUT="${TMP_DIR}/$$.out"
	readonly BASE_DIR="$(dirname "$(realpath "$0")")"
	readonly MY_NAME="${0##*/}"
	# Colours