Skip to content

Instantly share code, notes, and snippets.

View rohan-molloy's full-sized avatar

Rohan rohan-molloy

7 followers · 4 following
View GitHub Profile
@rohan-molloy
rohan-molloy / resolvconf.yml
Created October 26, 2019 04:13
Sets /etc/resolv.conf and makes it read only via selinux attr.
- hosts: all
remote_user: root
vars:
nameserver: '1.1.1.1'
tasks:
- file:
path: /etc/resolv.conf
attr: -i
- copy:
dest: /etc/resolv.conf
@rohan-molloy
rohan-molloy / lookup-bgp-info-of-ip.md
Last active December 22, 2019 10:13

Lookup BGP info of IP

Print a JSON contaning AS,BGP Preifx,CC,Registry,Allocatted of IP address

#! /bin/bash
[[ -z $1 ]] && exit -1; 
ptr=$(tac -s.<<<"$1.");
printf "{\"AS\":%d,\"BGP Prefix\":\"%s\",\"CC\":\"%s\",\"Registry\":\"%s\",\"Allocated\":\"%s\"}\n" `dig "$ptr"origin.asn.cymru.com txt +short | tr -d '\"|'`;
@rohan-molloy
rohan-molloy / ssh-login-fails-by-ip.sh.md
Last active October 6, 2019 09:20

Get src of SSH login fails sorted by IP

journalctl --unit=sshd.service --boot \
| awk '/Failed/' \
| grep -oP '(?<=from )[^ ]*' \
| sort --numeric-sort \
| uniq --count --repeated \

| sort --numeric-sort --reverse

@rohan-molloy
rohan-molloy / Grep-the-word-after-match.rc.md
Last active August 20, 2024 13:04

Grep the word after match

example: "echo 'The quick brown fox' | wordafter quick" will return 'brown'

wordafter() {
  word="$1";
  grep -Po '(?<='$word')\W*\K[^ ]*';
}
@rohan-molloy
rohan-molloy / bridge_in_docker_compose.md
Created September 30, 2019 11:17

Bridge (macvlan) in docker-compose

networks:
  extbridge:
     driver: macvlan
     driver_opts:
       parent: enp5s0.10
       macvlan_mode: bridge
     enable_ipv6: true

ipam:

@rohan-molloy
rohan-molloy / sonarr-seedbox-docker-compose.yml
Created September 28, 2019 05:59
version: "2.1"
networks:
default:
driver: bridge
driver_opts:
com.docker.network.bridge.host_binding_ipv4: "127.0.0.1"
com.docker.network.bridge.name: ${BRIDGE_NAME}
ipam:
driver: default
config:
@rohan-molloy
rohan-molloy / kitchen.yml
Created September 14, 2019 05:27
WinRM test-kitchen configuration. Test-kitchen proxy driver connects to a Windows box, installs Chef (only_if needed) and runs a Policyfile. $kitchen_host, $kitchen_username, $kitchen_password must be defined in environment. Uses insecure WinRM (basic auth/no encryption)
driver:
name: proxy
host: <%= ENV["kitchen_host"] %>
username: <%= ENV["kitchen_username"] %>
password: <%= ENV["kitchen_password"] %>
port: 5985
transport:
name: winrm
elevated: true
provisioner:
@rohan-molloy
rohan-molloy / send-an-email-with-curl
Last active April 15, 2022 10:24
How to use cURL to send an email
curl \
--silent \
--ssl smtp://$SERVER \
--mail-from $FROM \
--mail-rcpt $TO \
--upload-file /dev/stdin \
--user $USER:$PASSWORD
@rohan-molloy
rohan-molloy / tlsRandomArt.sh
Created September 7, 2019 12:33
Display SSH style random art of a TLS server
#! /bin/bash
echo \
| openssl s_client -connect $1 -CAfile $CAfile \
| openssl x509 -noout -pubkey \
| ssh-keygen -vi -m PKCS8 -f /dev/stdin \
| ssh-keygen -vlf /dev/stdin
@rohan-molloy
rohan-molloy / 01-Network-Isolation-of-Services-with-Systemd.md
Last active July 9, 2024 23:47
This tutorial will look at how network namespaces can be defined in systemd service unit definitions

Network Isolation of Services with Systemd

Network namespaces are an important component of containerization in Linux. A network namespace (netns) allows a running process to see different network interfaces, routes, and firewall rules from the rest of the system. There are a number of use cases for network namespaces, such as running multiple servers, testing/staging environments and providing isolation of services.

Creating a Network Namepsace

We begin by creating a generic systemd service for creating a named network namespace. I add the following to /usr/lib/systemd/system/[email protected]. In systemd, the @ mean the service takes a parameter which is passed to the unit via %i. E.g, we can run sudo systemctl start [email protected].