Pages

Sunday 20 April 2014

Change bash colors

Blue(34) as directory color is difficult to read and strain your eyes.
So, i googled and find using environment variable LS_COLORS one can modify it.

Here is one such google search result:

----------
These three lines in my .bashrc file allow me to configure the color system
by extension.

alias ls="ls --color=auto"
LS_COLORS="di=31;1:ln=36;1:ex=31;1:*~=31;1:*.html=31;1:*.shtml=37;1"
export LS_COLORS

Friday 11 April 2014

Understanding linux password

Ubuntu / linux stores password in /etc/shadow file not in encrypted form but by hashing it.
Passwords on a linux system are not encrypted, they are hashed which is a huge difference.
It is not possible to reverse a hash function by definition.
Run following commands to get familiar with password security in Ubunutu
 cd /etc
sudo cat passwd
this command will print content of passwd file
bhushan:  x  :   1000 : 1000 : bhushan,,,:/home/bhushan:/bin/bash
1                 :2:        3:        4:                  5                      : 6:                        7:
  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
This is user information
I want to know password of Bhushan
lets try this command
bhushan@bhushan-desktop:/etc$ cat shadow|grep “bhushan”
cat: shadow: Permission denied
what happened….i can’t run this command without root permission.
bhushan@bhushan-desktop:/etc$ sudo cat shadow|grep “bhushan”
bhushan:
$6$M0jBWc8n$iPADKsrAk67ONNeyfRj56GtAtnkwJ2uulTQEXtc8McCD/aZSB1BgJXgrqBBdyjkeUsP7yIQIjCQtDu.4I.kf91:15632:0:99999:7:::

/etc/shadow file fields

  1. User name : It is your login name
  2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
The password hash today comes in three parts, separated by dollar signs ($):
$6$M0jBWc8n$iPADKsrAk67ONNeyfRj56GtAtnkwJ2uulTQEXtc8McCD/aZSB1BgJXgrqBBdyjkeUsP7yIQIjCQtDu.4I.kf91
Here:  $ ID $ SALT $ HASH

Wednesday 12 March 2014

Passing arguments to Dockerfile (docker run ...)

CMD and ENTRYPOINT better together

In case you don't know ENTRYPOINT makes your dockerized application behave like a binary. You can pass arguments to the ENTRYPOINT during docker run and not worry about it being overwritten ( unlike CMD ). ENTRYPOINT is even better when used with CMD. Let's checkout my Rethinkdb Dockerfile and see how to use this.
# Dockerfile for Rethinkdb 
# http://www.rethinkdb.com/

FROM ubuntu

MAINTAINER Michael Crosby <michael@crosbymichael.com>

RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
RUN apt-get update
RUN apt-get upgrade -y

RUN apt-get install -y python-software-properties
RUN add-apt-repository ppa:rethinkdb/ppa
RUN apt-get update
RUN apt-get install -y rethinkdb

# Rethinkdb process
EXPOSE 28015
# Rethinkdb admin console
EXPOSE 8080

# Create the /rethinkdb_data dir structure
RUN /usr/bin/rethinkdb create

ENTRYPOINT ["/usr/bin/rethinkdb"]

CMD ["--help"]
This is everything that is required to get Rethinkdb dockerized. We have my standard 5 lines at the top to make sure the base image is updated, ports exposed, etc... With the ENTRYPOINT set, we know that whenever this image is run, all arguments passed during docker run will be arguments to the ENTRYPOINT ( /usr/bin/rethinkdb ).

References:
  1. http://crosbymichael.com/dockerfile-best-practices.html

Saturday 15 February 2014

aws:cloudformation templates


Templates
  1. auto_scaling_with_instance_profile.template.https://s3.amazonaws.com/cloudformation-templates-us-east-1/auto_scaling_with_instance_profile.template
  2. https://securosis.com/blog/using-amazon-iam-roles-to-distribute-security-credentials-for-chef

Friday 14 February 2014

How to install MySQL 5.6 on Ubuntu 12.04 (Precise)

[EN] How to install MySQL 5.6 on Ubuntu 12.04 (Precise)

This how to will cover the upgrade process of MySQL 5.6 on Ubuntu 12.04 precise. This may also work on Ubuntu 12.10 (quantal) but I haven’t tested it at moment.
DISCLAIMER: I am not responsible for any DATA LOSS you may face when using this how to! Use it at your own risk, create a backup and use your brain! With manual installation you will definitely LOOSE the support of your distribution vendor in case of security updates, be aware of this fact! Thank you!
This how to was created on an up to date (at the day of writing) Ubuntu 12.04.2 LTS machine (use lsb_relase -a to check). MySQL was already running on this machine.

Thursday 13 February 2014

Backing up chef-server-v11

1) Backup Data bags, roles, and nodes

Use this Knife Exec script to perform a backup of an existing Chef Server:
cd ~/path/to/chef/repository   

curl -O https://raw.github.com/jtimberman/knife-scripts/master/chef_server_backup.rb
Run the knife exec script
knife exec chef_server_backup.rb

Monday 3 February 2014

Quick Docker setup on vagrant machine.

Docker

Docker is a Linux container, written in Go and based on lxc (self-described as “chroot on steroids”) and AUFS. Instead of providing a full VM, like you get with Vagrant, Docker provides you lightweight containers, that share the same kernel and allow to safely execute independent processes.
Docker is attractive for many reasons:
  • Lightweight; images are much lighter than full VMs, and spinning off a new instance is lightning fast (in the range of seconds instead of minutes).
  • Version control of the images, which makes it much more convenient to handle builds.
  • Lots of images (again), just have a look at the docker public index of images.