#install clamav
yum -y install epel-release
yum install clamav
#update clamav
/usr/bin/freshclam
#scan clamav
clamscan -r /tmp/
more : https://www.hostinger.in/tutorials/how-to-install-clamav-centos7
Category: Uncategorized
raspberry pi as kubernetes worker node
- Install docker
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io
https://docs.docker.com/engine/install/ubuntu/
echo 'cgroup_memory=1' > /boot/cmdline.txt
echo '{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
' > /etc/docker/daemon.json
sudo sed -i '$ s/$/ cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1/' /boot/firmware/cmdline.txt
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
- Install kubernetes component
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt update && sudo apt install -y kubelet kubeadm kubectl
echo '[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=systemd"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS' > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
systemctl daemon-reload
systemctl restart kubeletzap proxy scanner
docker run -v /tmp/zap:/zap/wrk -t owasp/zap2docker-stable zap-full-scan.py -t "https://api.photo.initedit.com" -g gen.conf -r "https://api.photo.initedit.com".htmlfalco runtime security
https://falco.org/docs/getting-started/installation/
rpm --import https://falco.org/repo/falcosecurity-3672BA8F.asc
curl -s -o /etc/yum.repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
yum -y install falco
#load falco driver
falco-driver-loader
lsmod | grep falco
modprobe falco-probe
#run falco
falco
# adduser will show alert messagetrivy docker image scanner CI
docker run -v /var/run/docker.sock:/var/run/docker.sock -v /root/trivy-cache:/root/.cache/ aquasec/trivy:0.18.3 image -f json nginxhttps://aquasecurity.github.io/trivy/v0.18.3/examples/report/
curl with URL and nodeport
curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/status/200"curl -s -H 'X-Canary: always' -HHost:app.example.com "http://192.168.0.184:30988/"while(true)
do curl -HHost:app.example.com "http://192.168.0.184:30988/"
sleep 0.5
done
https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/
Delete k8 false apiservice – namespace
kubectl api-resources
# look for which apiservice is giving error
kubectl get apiservice
# look for which False and MissingEndpoints
kubectl delete apiservice <service-name>
kubectl api-resources
# get CRD related to api-resources
kubectl get crds | grep cilium
kubectl delete crd ciliumnodes.cilium.io
https://github.com/helm/helm/issues/6361#issuecomment-538220109
- delete namcespace
NAMESPACE=your_namespace
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
https://github.com/helm/helm/issues/6361
- Delete rook-ceph namespace
kubectl -n rook-ceph patch cephclusters.ceph.rook.io rook-ceph -p '{"metadata":{"finalizers": []}}' --type=merge
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n rook-ceph
Word count in shell script
a='hello world
hello world
hello world
hello world
hello world ad a a t t hello'
n=0
> result.txt
for word in $a
do
wcount=$(echo $a| grep -o $word | wc -l)
echo "$word : $wcount" >> result.txt
done
cat result.txt | uniqrecover files in linux using xfs_undelete and dd
yum install expect tcl tcllibdd if=/dev/sda | ssh USERNAME@IP_ADDR dd of=sda.isoxfs_undelete sda.isoMore :
https://github.com/ianka/xfs_undelete
https://unix.stackexchange.com/questions/132797/how-to-dd-a-remote-disk-using-ssh-on-local-machine-and-save-to-a-local-disk
Jenkins run shell script on worker node using ssh EOF
ssh-keygen -b 2048 -t rsa -f /tmp/sshkey -q -N ""ssh -o StrictHostKeyChecking=no -i /tmp/sshkey jenkins@192.168.0.183 << EOF
ls -ltr
hostname
EOF