Kyle kyle0r

First version: 2024.38.1
Current version: 2024.38.1

Description

I'm sharing my research and development script, the knowledge could be used to create a more mature script using Perl or Python, or your preferred development language.

The purpose of this script is to parse log data from Kostal PV inverters. The primary objective is to learn about the data available in the log and how it can be used, and to summerise the data, and provide data insights. The secondary objective is to produce summerised results and compare them with the Kostal Solar Portal or other PV analytics portals to verify the correctness of the script logic and mathematics. I've hosted an intro video on YouTube.

First version: 2024.20.1
Current version: 2024.21.1

Run iostats-for-zpool --help for usage.

iostats-for-zpool will attempt to show you a side-by-side iostat and zpool iostat with pool devices grouped together.

Intro video:

iostats-for-zpool.example.mp4

First version: 2024.18.1
Current version: 2024.18.4

Run dpkg-diff-pkg-file --help for usage. Also available at the top of the script.

dpkg-diff-pkg-file will attempt to show you a visual difference between an original package file vs. your local file. This can help resolve config drift and conflicts ahead of attended/unattended upgrades.

Intro video: https://www.youtube.com/embed/19wm3gI4LfI

INSTALL

Disclaimer: Your mileage may vary. Rigorous testing (e.g. pen-testing) is recommended to validate that your config behaves according to your use cases, that it is secure, locked down and not exploitable.

The following configs provide a "secure by default" configuration for sshd and enforces MFA authentication from public ip space.

A screencast walking-through and demonstrating the configuration has been posted on YouTube here: https://youtu.be/m_MCVm79xyY

In theory, the strategy/concept and configuration should work on most distros running sshd. The screencast was recorded on an instance of Debian 12 aka bookworm. OpenSSH_9.2, OpenSSL 3.0.9.

Documentation here.

Check the inline code docs.

The revision of the script on my system was this one.

I don't have the time at the moment to submit a bug and/or patch and/or commit directly to HEAD.
I did a quick study of the Debian bug reporting process and the reportbug tool.
cite: https://www.debian.org/Bugs/Reporting
I will try to find the time to report the improvement and link the maintainers to this gist.

example of the xargs process pool with MAX_PARALLEL_SCRUBS=3

specify a transient git author and committer, and optionally specific commit dates

This worked for me on git version 2.23.3.

git -c [email protected] -c user.name="Joe B" commit <path>

Pay attention to the docs on user. as it determines both the author and committer fields.

This approach can be useful when you find yourself having to make a commit to someone else's repo or an anonymous repo, where you don't want to modify the persistent git config.

I had issues using GIT_AUTHOR_EMAIL and GIT_AUTHOR_NAME env vars to work, so I was probably doing something wrong, maybe I was having a mix up with GIT_COMMITTER_EMAIL and GIT_COMMITTER_NAME. Feel free to experiment with them and check the docs.

mirror a root owned path to a remote node, with your non root user

Its often undesirable for InfoSec reasons and/or a productivity killer to use root to ssh|scp|rsync to other nodes.

There seem to be a number of sources of knowledge online about rsync'ing when you have sudo rights on the remote dst node aka "the receiver", but I didn't find a good answer when you also want to use sudo on the local src node aka "the sender". Typically once you've sudo rsync on the sender node, the env is changed to the sudo user e.g. root and previous session authentication mechanisms are lost.

For example if you have barrier free ssh and sudo access to your internal systems with your own user because of already satisfying MFA on the perimeter, and you're using ssh keys and/or Kerberos tickets to persist authenticated sessions, it can be a real PITA to be forced to use a different user to ssh|scp|rsync.

In related news root is often restricted for good InfoSec reasons via sshd_config directive `PermitRoo

First published: 2021-01-30
Last update: 2024-07-15

edited with: https://stackedit.io (why is this not built-in into the .md gist editor 😵⁉)

`systemd` knowledge and debugging units

Sometimes there are non-obvious "stuff" or errors that happen when managing or creating systemd units. It is is easy to waste time trying to figure out the cause. Here is a brain dump for future me/you/us ✌😉

A pitfall I keep wasting time on is expecting all output/errors in the unit journal, but if something goes wrong before the unit starts, then output/errors may not be in the unit journal, so you need remove the unit filter and/or check /var/log/messages or perhaps /var/log/syslog depending on how your distro is configured.