Kyle kyle0r

export oracle tables to portable raw bytes via named pipe, delimiter separated format (tsv|csv|tabnull|etc), compressed and protected/encrypted by gpg

HOWTO / TL;DR

protect yourself and your system, do not run as root.
curl -LO https://gist.github.com/kyle0r/10501a2078a0b1cd198891e971db5dd9/raw/run-export.sh
run run-export.sh overriding the env vars as needed e.g.:

EDITOR=vim GPG_RECIPIENT_KEY=FFFFFF WORKING_DIR_PATH=/var/tmp/your-preferred-path /bin/bash run-export.sh
in theory the script should do the rest for you, or show you what is missing/wrong.

First published: 2021-01-30
Last update: 2024-07-15

edited with: https://stackedit.io (why is this not built-in into the .md gist editor 😵⁉)

`systemd` knowledge and debugging units

Sometimes there are non-obvious "stuff" or errors that happen when managing or creating systemd units. It is is easy to waste time trying to figure out the cause. Here is a brain dump for future me/you/us ✌😉

A pitfall I keep wasting time on is expecting all output/errors in the unit journal, but if something goes wrong before the unit starts, then output/errors may not be in the unit journal, so you need remove the unit filter and/or check /var/log/messages or perhaps /var/log/syslog depending on how your distro is configured.

mirror a root owned path to a remote node, with your non root user

Its often undesirable for InfoSec reasons and/or a productivity killer to use root to ssh|scp|rsync to other nodes.

There seem to be a number of sources of knowledge online about rsync'ing when you have sudo rights on the remote dst node aka "the receiver", but I didn't find a good answer when you also want to use sudo on the local src node aka "the sender". Typically once you've sudo rsync on the sender node, the env is changed to the sudo user e.g. root and previous session authentication mechanisms are lost.

For example if you have barrier free ssh and sudo access to your internal systems with your own user because of already satisfying MFA on the perimeter, and you're using ssh keys and/or Kerberos tickets to persist authenticated sessions, it can be a real PITA to be forced to use a different user to ssh|scp|rsync.

In related news root is often restricted for good InfoSec reasons via sshd_config directive `PermitRoo

specify a transient git author and committer, and optionally specific commit dates

This worked for me on git version 2.23.3.

git -c [email protected] -c user.name="Joe B" commit <path>

Pay attention to the docs on user. as it determines both the author and committer fields.

This approach can be useful when you find yourself having to make a commit to someone else's repo or an anonymous repo, where you don't want to modify the persistent git config.

I had issues using GIT_AUTHOR_EMAIL and GIT_AUTHOR_NAME env vars to work, so I was probably doing something wrong, maybe I was having a mix up with GIT_COMMITTER_EMAIL and GIT_COMMITTER_NAME. Feel free to experiment with them and check the docs.

Check the inline code docs.

The revision of the script on my system was this one.

I don't have the time at the moment to submit a bug and/or patch and/or commit directly to HEAD.
I did a quick study of the Debian bug reporting process and the reportbug tool.
cite: https://www.debian.org/Bugs/Reporting
I will try to find the time to report the improvement and link the maintainers to this gist.

example of the xargs process pool with MAX_PARALLEL_SCRUBS=3

Documentation here.

Disclaimer: Your mileage may vary. Rigorous testing (e.g. pen-testing) is recommended to validate that your config behaves according to your use cases, that it is secure, locked down and not exploitable.

The following configs provide a "secure by default" configuration for sshd and enforces MFA authentication from public ip space.

A screencast walking-through and demonstrating the configuration has been posted on YouTube here: https://youtu.be/m_MCVm79xyY

In theory, the strategy/concept and configuration should work on most distros running sshd. The screencast was recorded on an instance of Debian 12 aka bookworm. OpenSSH_9.2, OpenSSL 3.0.9.

First version: 2024.18.1
Current version: 2024.18.4

Run dpkg-diff-pkg-file --help for usage. Also available at the top of the script.

dpkg-diff-pkg-file will attempt to show you a visual difference between an original package file vs. your local file. This can help resolve config drift and conflicts ahead of attended/unattended upgrades.

Intro video: https://www.youtube.com/embed/19wm3gI4LfI

INSTALL

First version: 2024.20.1
Current version: 2024.21.1

Run iostats-for-zpool --help for usage.

iostats-for-zpool will attempt to show you a side-by-side iostat and zpool iostat with pool devices grouped together.

Intro video:

iostats-for-zpool.example.mp4

	#!/bin/sh

	# cite
	# https://stackoverflow.com/a/40866205

	# USAGE:
	# download-aws.sh <bucket> <region> <source-file> <dest-file>

	set -e