linux – Page 3

Strings command in linux

strings /lib64/libc.so.6 |grep GLIBC

strings /bin/ls

Usage: strings [option(s)] [file(s)]
 Display printable strings in [file(s)] (stdin by default)
 The options are:
  -a - --all                Scan the entire file, not just the data section [default]
  -d --data                 Only scan the data sections in the file
  -f --print-file-name      Print the name of the file before each string
  -n --bytes=[number]       Locate & print any NUL-terminated sequence of at
  -<number>                   least [number] characters (default 4).
  -t --radix={o,d,x}        Print the location of the string in base 8, 10 or 16
  -w --include-all-whitespace Include all whitespace as valid string characters
  -o                        An alias for --radix=o
  -T --target=<BFDNAME>     Specify the binary file format
  -e --encoding={s,S,b,l,B,L} Select character size and endianness:
                            s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
  -s --output-separator=<string> String used to separate strings in output.
  @<file>                   Read options from <file>
  -h --help                 Display this information
  -v -V --version           Print the program's version number
strings: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex

connect to wifi using terminal in ubuntu

1.Create file and add wifi name and creds (vi /etc/wpa_supplicant.conf)

network={
    ssid="ssid_name"
    psk="password"
}

2.Connect

sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext
sudo dhclient wlan0

More : https://askubuntu.com/questions/138472/how-do-i-connect-to-a-wpa-wifi-network-using-the-command-line

https://askubuntu.com/questions/294257/connect-to-wifi-network-through-ubuntu-terminal

sftp setup to restrict user to some /path

WHY?
– Secure access
– Secure path

adduser kool -s /sbin/nologin

#edit /etc/ssh/sshd_config and ADD

Subsystem sftp internal-sftp
   Match User kool
   ChrootDirectory /opt/dir1/dir2
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no


chown root:root -R /opt/dir1/dir2
chmod 755 -R /opt/dir1/dir2

chown kool:kool /opt/dir1/dir2/kool
chmod 700 /opt/dir1/dir2/kool

iptables port allow/block

//Block port 8080

iptables  -A INPUT -p tcp --dport 8080 -j DROP

//Allow port 8080

iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

//Delete rule from same command(-D)

iptables  -D INPUT -p tcp --dport 8080 -j DROP

//Delete iptable rule for 8080 as per line number

iptables -L --line-numbers
iptables -D INPUT 1

//List rules

iptables -S
iptables -S TCP
iptables -L INPUT
iptables -L INPUT -v

#save
service iptables save

Special File Permissions in linux setuid, setgid, sticky bit

setuid permission:

When program is executed with setuid permission it will executed as owner of that program.

-rwsr-xr-x. 1 root root 27856 Aug  9  2019 /usr/bin/passwd

as passwd has setuid set that’s why normal user can reset their password

#exec will be as owner user
chmod u+s  file_name 

#exec will be as owner user
chmod 4750   file_name

setgid permission:

When program is executed with setgid permission it will executed as group owner of that program.

-r-xr-sr-x. 1 root tty 15344 Jun 10  2014 /usr/bin/wall

as wall has setgid enabled it has all the permission as group tty has.

chmod u+g  file_name 
chmod 2700   file_name

Sticky bit:

Owner of files and directory and root can only delete the file when sticky bit is set.

drwxrwxrwt.  16 root root 4096 Oct 10 10:10 tmp

all linux /tmp directory has sticky bit enabled.

chmod +t /tmp

NOTE: Capital S,T displayed when user does not have execute permission on that file

Check tcp port with BASH and CURL

WHY?
– If telnet command is not present on system
– Easy to use

BASH:

ECHO:

#1
echo > /dev/tcp/192.168.0.183/22

#2
echo > /dev/tcp/192.168.0.183/22 && echo "open"

#3
echo > /dev/tcp/192.168.0.183/22 && echo "open" || echo "close"

#4
(echo > /dev/tcp/192.168.0.183/22)  > /dev/null 2>&1 && echo "open" || echo "close"

CAT:

cat < /dev/tcp/192.168.0.183/22

CURL:

curl -v telnet://192.168.0.183:22

curl -v telnet://hackfi.initedit.com:80

Named pipe in linux

Why to use named pipe?
1. No data is written on disk while reading and writing file
2. Screen sharing
3. Higher read write IO

Screen sharing with named pipe

terminal-1

mkfifo /tmp/pipe1

terminal-1

script -f /tmp/pipe1

terminal-2

cat /tmp/pipe1

terminal-1 start typing the command it will be shown in terminal-2

find high disk IO Read/Write process

1.Install iotop

#centos/readhat
yum install iotop

#debian/ubuntu
apt install iotop

2.Run below command to check high disk io process

iotop -aoP

a = append data o = only running disk IO P = process ID instead of Thread ID

3.Get the process ID

lsof -p Process_id

Deploy metrics server in kubernetes for auto horizontal scaling

1. Get the metrics server code form github

git clone https://github.com/kubernetes-sigs/metrics-server
cd metrics-server

#Edit metrics-server-deployment.yaml
vi deploy/kubernetes/metrics-server-deployment.yaml

#And add below args

args:
 - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
 - --kubelet-insecure-tls

metrics-server-deployment.yaml will look like below

2. After deployment we will get the cpu and ram usage of node as below

3.Now we can write Horizontal Pod Autoscaler as below that will auto scale nginx-app1 deplyment if cpu usage will get above 80% max 5 pods.
– It’s checks every 30 seconds for scaling the deployment
– It’s scale downs the deployment after 300 seconds if the load goes down

kind: HorizontalPodAutoscaler
apiVersion: autoscaling/v1
metadata:
  name: nginx-app1-hpa
spec:
  scaleTargetRef:
    kind: Deployment
    name: nginx-app1
    apiVersion: apps/v1
  minReplicas: 1
  maxReplicas: 5
  targetCPUUtilizationPercentage: 80

4. nginx-app1.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app1
spec:
  selector:
    matchLabels:
      run: nginx-app1
  replicas: 2
  template:
    metadata:
      labels:
        run: nginx-app1
    spec:
      containers:
      - name: nginx-app1
        image: nginx
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "200m"
        ports:
        - containerPort: 80

---

kind: Service
apiVersion: v1
metadata:
  name: nginx-app1-svc
  labels:
    run: nginx-app1-svc
spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 30083
  selector:
    run: nginx-app1
  type: NodePort

5. Random load generator

while(true)
do
curl -s http://SERVICE_NAME
curl -s http://SERVICE_NAME
curl -s http://SERVICE_NAME
curl -s http://SERVICE_NAME
curl -s http://SERVICE_NAME
done

Category: linux