Posts

Showing posts from May, 2019

OpenVPN Access Server Google Authenticator reset

Google Authenticator reset

ssh into the openvpn server

cd /usr/local/openvpn_as/scripts/
sudo ./sacli --user <USER> GoogleAuthRegen

Tell the user to logout (if logged in) and use to login and scan the
QR code to finaize setup of MFA
After they scanned the QR code with the new device, they should click
the button on the bottom of the screen "I scanned the QR code"
This should return the user to the login page listed above with the
prompt saying "Ready to connect with Google Authenticator code"
Have the user login with new MFA code

How to install Network Time Protocol

To install an NTP client on Ubuntu/Debian systems:

apt-get install ntp
To install an NTP client on Red Hat/CentOS systems:

yum install ntp

Network Time Protocol (NTP) is required for Google Authenticator to function properly

Network Time Protocol will contact public time servers on the Internet
to get the current date and time, which are required for Google
Authenticator to function properly, and corrects any time drift that
can occur on the server.

Especially cloud-based virtual machines are susceptible to time drift.
A deviation of 30 seconds can already be a problem when it comes to
Google Authenticator.

How to prevent an account from login to Linux

By default in a Linux operating system, an account without a password
cannot be used to log in at all.

Disable user account i88ca

passwd -d i88ca

To undo this action or to reset the password use this command:

passwd i88ca

Restart the OpenVPN Access Server service from command line

Restart the OpenVPN Access Server service:

service openvpnas restart

How to fix MySQL ERROR 1872 (HY000): Slave failed to initialize relay log info structure from the repository

Shutdown MySQL slave
Open the index file and remove all of the lines referring to
non-existing relay log files. Then save.
  sudo su - -s /bin/bash mysql
  vim db6--relay-bin.index

Start MySQL slave again.
Now execute RESET SLAVE ALL followed by the CHANGE MASTER TO statement
to setup replication again.

Password Checkup helps you resecure accounts that were affected by data breaches.

Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.

https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno

Multiple Google Email Addresses from One Gmail Account

Using the @googlemail.com domain.
Using the "dot" or period in your email name.
Using the plus sign "+" at the end of your name and adding extra characters.

Terraform enables you to safely and predictably create, change, and improve infrastructure.

Terraform is an open source tool that codifies APIs into declarative
configuration files that can be shared amongst team members, treated
as code, edited, reviewed, and versioned.

MySQL Relay log files have the same format as binary log files and can be read using mysqlbinlog

Detach a screen session from a terminal

Ctrl+a followed by d.

How to fix failed dependencies for yum rpm installation

If you have rpm downloaded already, you can use yum's "localinstall"
feature to install a local rpm and all of its dependencies.

$ yum localinstall your-local.rpm

dig command to test your DNS

Command Description dig [hostname] Returns any A record found within the queried hostname's zone. dig [hostname] [record type] Returns the records of that type found within the queried hostname's zone. dig [hostname] +short Provides a brief answer, usually just an IP address. dig @[nameserver address] [hostname] Queries the nameserver directly instead of your ISP's resolver. dig [hostname] +trace Adding +trace instructs dig to resolve the query from the root name server downwards and to report the results from each query step. dig -X [IP address] Reverse lookup for IP addresses. dig [hostname] any

Identify and close iDRAC sessions via command line

Identify and close iDRAC sessions via SSH

/admin1-> racadm getssninfo
SSNID Type User
IP Address Login Date/Time
---------------------------------------------------------------------------
16 SSH root
192.168.1.191 05/30/2019 10:15:26
17 GUI root
192.168.2.10 05/30/2019 10:23:41
/admin1-> racadm closessn -i 17
Session 17 closed successfully.
/admin1-> racadm getssninfo
SSNID Type User
IP Address Login Date/Time
---------------------------------------------------------------------------
16 SSH root
192.168.1.191 05/30/2019 10:15:26
/admin1->

How to get the DRAC IP address from the localhost

Get the DRAC IP address from the localhost
I believe what you're looking for is this:

[root]# racadm getniccfg

A command line client for MySQL that can do auto-completion and syntax highlighting.

You might need sudo on linux.

$ sudo pip install -U mycli

How to install pip on AWS EC2

install python-pip
$ sudo yum -y install python-pip

GraphQL is an emerging technology that changes how to build APIs to query and mutate data.

With GraphQL developers can query the exact data required by a page, or an application, and therefore it does not load an excessive amount of data. GraphQL can be used in any web or mobile application.

CloudBees is powering the continuous economy by offering the world’s first end-to-end continuous software delivery management system (SDM).

For millions of developers and product teams driving innovation for
businesses large or small, SDM builds on continuous integration (CI)
and continuous delivery (CD) to enable all functions and teams within
and around the software delivery organization to best work together to
amplify value creation.

DevOps improves CI/CD

Communication, collaboration and cohesion between team
Applying best practices for change, configuration and deployment automation
Delivering solution faster
Monitoring and planning high speed product updates

Lightning Web Components has three key parts

The Lightning Web Components framework: the framework’s engine.The Base Lightning Components: a set of over 70 UI components all built as custom elements.Salesforce Bindings, a set of specialized services that provide declarative and imperative access to Salesforce data and metadata, data caching, and data synchronization.

Lightning Web Components was born as a modern framework built on the modern web stack.

Among other standards, it leverages custom elements, templates, decorators, modules, and other new language constructs available in ECMAScript 6 and beyond.

Full TLS handshakes use different forms of asymmetric crypto to provide confidentiality and mutual authentication.

TLS has a mechanism to resume a TLS session from a previous connection called TLS tickets. TLS tickets allow the use of symmetric crypto, which is an order of magnitude more efficient.

The persistence of Chaos

This world’s deadliest laptop sells for $1.3 million.

Java-multiple-dimension-array-example.java

publicstaticvoid main(String args[]) { //System.out.println("Hello, World"); int[][] i88ca =newint[8][88]; //output 8;System.out.println(i88ca.length); //output 88;System.out.println(i88ca[0].length); }

Configure Linux / UNIX Dns Resolver To Append Domain Search Names

## config file - /etc/resolv.conf ##
options ndots:2
search i88.caexample.com

How to fix Glassfish Could not load any resource bundle by com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages

Make sure that you are compiling with the same version of Java that Glassfish is running.

scp between two remote hosts from 3rd host

scp user1@remote1:/home/user1/file1.txt user2@remote2:/home/user2/file1.txt
Or
 use the -3 option, as follows:

    scp -3 user1@remote1:/home/user1/file1.txt user2@remote2:/home/user2/file1.txt

The -3 option instructs scp to route traffic through the PC on which the command is issued, even though it is a 3rd party to the transfer. This way, authorization credentials must reside only on the issuing PC, the third party.

[\b] in Java regular expression

Within the context of a regular expression \b does not mean backspace;
it means 'word boundary'.
/\bi88ca\b/

The metacharacter \b is an anchor like the caret and the dollar sign.
It matches at a position that is called a "word boundary". This match
is zero-length.

\B is the negated version of \b. \B matches at every position where \b
does not. Effectively, \B matches at any position between two word
characters as well as at any position between two non-word characters.

Check if the port is open

Check if the port is open by nc, exiting with 0 on success, 1 on failure.

For a quick interactive check (with a 8 seconds timeout):

nc -z -v -w8 <host> <port>

Available Jenkins Environmental Variables

The following variables are available to shell scripts

BRANCH_NAME
For a multibranch project, this will be set to the name of the branch
being built, for example in case you wish to deploy to production from
master but not from feature branches; if corresponding to some kind of
change request, the name is generally arbitrary (refer to CHANGE_ID
and CHANGE_TARGET).
CHANGE_ID
For a multibranch project corresponding to some kind of change
request, this will be set to the change ID, such as a pull request
number, if supported; else unset.
CHANGE_URL
For a multibranch project corresponding to some kind of change
request, this will be set to the change URL, if supported; else unset.
CHANGE_TITLE
For a multibranch project corresponding to some kind of change
request, this will be set to the title of the change, if supported;
else unset.
CHANGE_AUTHOR
For a multibranch project corresponding to some kind of change
request, this will be set to the username of the author of the
proposed change, …

How to fix: jenkins dead but pid file exists

In the log /var/log/jenkins/jenkins.log, it shows:

SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:209)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at Main._main(Main.java:293)
at Main.main(Main.java:98)
Caused by: java.lang.NoClassDefFoundError: sun/security/x509/CertAndKeyGen
at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:101)
at winstone.Launcher.spawnListener(Launcher.java:207)
... 8 more
Caused by: java.lang.ClassNotFoundException: sun.security.x509.CertAndKeyGen
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.…

Restore AWS EC2 From Snapshot

Restore EC2 From Snapshot
Create An AMI From The EBS Snapshot
Launch The Created AMI

use EC2 instances as Jenkins build slaves

To use EC2 instances as Jenkins build slaves:

On the left-hand side, click Manage Jenkins, and then click Manage Plugins.
Click on the Available tab, and then enter Amazon EC2 at the top right.
Select the checkbox next to Amazon EC2 plugin, and then click Install
without restart.
Once the installation is done, click Go back to the top page.
Click on Manage Jenkins, and then Configure System.
Scroll all the way down to the section that says Cloud.
Click Add a new cloud, and select Amazon EC2. A collection of new
fields appears.
Fill out all the fields. (Note: You will have to Add Credentials of
the kind AWS Credentials.)

You cannot place AdSense ads on exit-intent windows, log-in windows, or error pages.

Anything that isn't visible when the user loads the page cannot have
an ad in it.

You are not permitted to place AdSense ads in a location that encourages accidental clicks.

Accidental clicks can get your AdSense account banned, and there's no
way to recover from that ban.

How to set project using gcloud command?

Use "gcloud config set project [PROJECT_ID]" to change to a different project.

How to check go version

To confirm the correct version is installed, run the command:

go version

go version
go version go1.12 linux/amd64

Installing and using the virtualenv tool

virtualenv is a tool that creates isolated Python environments.

These isolated environments can have their own separate versions of
Python packages, which allows you to isolate one project's
dependencies from the dependencies of other projects. It is
recommended that you always use a per-project virtual environment when
developing locally with Python.

Install virtualenv globally.

To install pip with Python 2 or Python 3, use pip install --upgrade virtualenv.

After you install virtualenv, you can create a virtual environment in
your project. virtualenv creates a virtual copy of the entire Python
installation in the env folder.

Use the --python flag to tell virtualenv which Python version to use:

cd your-project
virtualenv --python python3 env
After the copy is created, set your shell to use the virtualenv paths
for Python by activating the virtual environment as follows.
source env/bin/activate
Now you can install packages without affecting other projects or your
global Python inst…

How to install pip yourself to get the latest version on Linux

wget https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py

Debian and most other distributions include a python-pip package, but
the above helps you to get the latest version.

Node.js editor

There are several editors that you can use to develop Node.js apps. A
few popular ones include the following:

Sublime Text by Jon Skinner
Atom by GitHub
Visual Studio Code by Microsoft
IntelliJ IDEA and/or Webstorm by JetBrains
For effective Node.js development, these editors offer features
(sometimes with the help of plugins) that range from syntax
highlighting, intelli-sense, and code completion to fully integrated
debugging capabilities.

Installing Node.js and npm

To install the latest version of Node.js, run the following:

nvm install stable
Optional: To make this version your default version, run the following:

nvm alias default stable
Optional: To check what version of Node.js that you're running, run
the following:

node -v

How to check your linux is running 64-bit or not

Most machines will run the 64-bit package. If you'd like to check, run
uname -m to verify if you're running a 64-bit system.

Heap data structure

The heap data structure is a balanced binary tree where the root node of the tree is compared with the child nodes while arranging the tree. If the value of the root node is larger than or equal to any child node, the structure is called a Max Heap. If the value of the root node is lesser than or equal to any child node, the structure is called a Min Heap.

How to reset password of Jenkins

Reset password of JenkinsSee also:
What is Jenkins' initial admin password
ssh to the server, disable authentication, set the password via the Jenkins Web UI, then enable authentication.
In configuration file of jenkins, for example: /var/lib/jenkins/config.xml
Change from:
<useSecurity>true</useSecurity> to:

<useSecurity>false</useSecurity> Comment out the authorizationStrategy block <!--authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> <permission>hudson.model.Computer.Configure:i88ca</permission> ...</authorizationStrategy--> restart jenkins, such as:
$ sudo systemctl restart jenkins After changing the password from web UI, you need to change back the configuration and restart jenkins service.

Generate SSH key for Jenkins

sudo su - -s /bin/bash jenkins
ssh-keygen -t rsa -C "jenkins@i88.ca"

The sudo trick gets round the fact that the jenkins user isn't
designed to be logged-in.

List PowerMTA queue

list [--queue=domain[/vmta]] [--orig=addr] [--rcpt=addr] [--jobId=id] [--envId=id] [--maxitems=n] [--pause] [--priority]
Example:
pmta list --queue=i88.ca/myVmta

How to allow remote root connection to mysql

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;

vim - refresh changed content of file opened

You can use the :edit command, without specifying a file name, to
reload the current file. If you have made modifications to the file,
you can use :edit! to force the reload of the current file if you
don't need your modifications).

The command :edit can be abbreviated by :e. The force-edit can thus be
done by :e!

Bucket sort, or bin sort, is a sorting algorithm that works by distributing the elements of an array into a number of buckets.

Each bucket is then sorted individually, either using a different sorting algorithm, or by recursively applying the bucket sorting algorithm.

Set up automatic updates on Ubuntu

sudo apt install unattended-upgrades

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
sudo vim /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";  You can see if the auto-upgrades work by launching a dry run:
sudo unattended-upgrades --dry-run --debug

Check what packages are available for update/upgrade or not upgradable on Ubuntu

apt upgrade --dry-run

Node Version Manager - Simple bash script to manage multiple active node.js versions

https://github.com/nvm-sh/nvm

Google has launched a code editor integrated within its Google Cloud Platform.

Google Cloud Shell Editor will make it possible to edit code and configuration files from within the browser. It is based on Eclipse Orion.

Selenium WebDriver is one of the most popular tools for Web UI Automation.

Discovering vulnerabilities from an attacker’s POV so that weak points can be fixed.

Running a Oracle Linux Docker Container

To run a Docker Container:

$ sudo docker run -it oraclelinux:7-slim

Accessing a Graphical User Interface (GUI) on Linux via VNC

To access a Linux GUI via VNC:

Install a VNC viewer on your local computer
Use SSH to connect to the compute instance.
Configure a VNC password by typing vncpasswd
When prompted, enter a new password and verify it
Optionally, enter a view only password
After the vncpasswd utility exits, start the VNC server by typing vncserver

On your local computer, connect to your instance and create an ssh
tunnel for port 5901 (for display number 1): $ ssh -L
5901:localhost:5901 –i id_rsa user@<IP Address>* On your local
computer, start a VNC viewer and establish a VNC connection to
localhost:1
Enter the VNC password you set earlier

Send & open confidential Gmail

You can send messages and attachments with Gmail's confidential mode
to help protect sensitive information from unauthorized access.
You can use confidential mode to set an expiration date for messages
or revoke access at any time. Recipients of the confidential message
will have options to forward, copy, print, and download disabled.

Note: Although confidential mode helps prevent the recipients from
accidentally sharing your email, it doesn't prevent recipients from
taking screenshots or photos of your messages or attachments.
Recipients who have malicious programs on their computer may still be
able to copy or download your messages or attachments.

show the yum repositories your instance is subscribed to

show the yum repositories your instance is subscribed to:

$ sudo yum repolist

Intel disclosed 4 new speculative execution side-channel vulnerabilities affecting their processors

These vulnerabilities have received the following CVE identifiers:

CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling(MSBDS)
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)

South Korean Government to Switch from Windows to Linux

Change Home Region in Oracle Cloud

The home region of the tenancy is fixed at creation time and cannot be moved.

The only way to change home region would be to re-create the tenancy.
That would mean removal of the current tenancy with all its resources
and creating a new one.

Azure Cosmos DB

Cosmos DB constitutes one of the Azure foundational services, which
ensures its availability in every existing and newly provisioned Azure
region. It delivers a wide range of advantages over traditional SQL
and NoSQL-based data stores, including, for example, support for
multiple consistency levels, latency and throughput guarantees,
policy-based geo-fencing, automatic scaling, and multi-master
replication model.

PowerMTA bounce delivery record fields example

record-fields b timeQueued,bounceCat,vmta,orig,rcpt,srcMta,dlvSourceIp,jobId,dsnStatus,dsnMta,dsnDiag,jobId

Required components in a mail server:

Mail Transfer Agent
Mail Delivery Agent
IMAP and/or POP3 Server

AWS DataSync Overview - Amazon Web Services

AWS DataSync is a data transfer service that makes it easy for you to
automate moving data between on-premises storage and Amazon S3 or
Amazon Elastic File System (Amazon EFS). DataSync automatically
handles many of the tasks related to data transfers that can slow down
migrations or burden your IT operations, including running your own
instances, handling encryption, managing scripts, network
optimization, and data integrity validation. You can use DataSync to
transfer data at speeds up to 10 times faster than open-source tools.
DataSync uses an on-premises software agent to connect to your
existing storage or file systems using the Network File System (NFS)
protocol, so you don't have to write scripts or modify your
applications to work with AWS APIs. You can use DataSync to copy data
over AWS Direct Connect or internet links to AWS. The service enables
one-time data migrations, recurring data processing workflows, and
automated replication for data protection and recovery.
http…

A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones

WhatsApp was recently exposed to spyware capable of accessing phone functions and user data through a simple phone call.

WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call.

With DNSSEC, each answer to a DNS query is digitally signed and can be fully validated against public keys at every link in the chain

ICANN and the DNS root system operators plan to sign the root zone
which will make full end-to-end DNSSEC validation possible.

Enable Gmail desktop notifications

Image
To enable desktop notifications: Click the gear icon in the upper right, then select Settings.On the General tab, select the option you'd like in the Desktop Notifications section.Choose to turn email notifications off, receive notifications for all incoming email, or only those Gmail marks ‘important'.Save your changes.

How to check if a domain is locked?

Amazon WorkMail is a secure, managed business email and calendar service

Amazon WorkMail is a secure, managed business email and calendar
service with support for existing desktop and mobile email client
applications. Amazon WorkMail gives users the ability to seamlessly
access their email, contacts, and calendars using the client
application of their choice, including Microsoft Outlook

AWS KMS is a fully managed service.

AWS KMS handles availability, physical security, and hardware
maintenance of the underlying infrastructure.
AWS Key Management Service provides you with centralized control of
your encryption keys. KMS presents a single view into all of the key
usage in your organization. You can easily create, import, and rotate
keys as well as define usage policies and audit usage from the AWS
Management Console. AWS KMS provides you a secure location to store
and use encryption keys, using hardened systems where your unencrypted
keys are only used in memory. AWS KMS keys are never transmitted
outside of the AWS regions in which they were created.

Difference between '/' and '//' when used for division in Python

In Python 3.0, 7 / 2 will return 3.5 and 7 // 2 will return 3. The former is floating point division, and the latter is floor division, sometimes also called integer division.

Jump Start Launch - Oracle Cloud Infrastructure

Jump Start Launch enables you to use Reference Deployments of popular
workload solutions directly from the Oracle Cloud Marketplace and
Oracle Cloud Infrastructure console. Jump Start Launch deploys the
solution directly into your own account tenancy in minutes to quickly
and easily start using the solution.
https://cloud.oracle.com/jumpstart/launch

JSF set locale per session

IN faces-config.xml: <application><locale-config><default-locale>en</default-locale><supported-locale>fr</supported-locale></locale-config></application>

LocaleBean: package com.example.