Sturbi's Home

Blog

Wenn du etwas so machst,
wie du es seit zehn Jahren gemacht hast,
dann sind die Chancen groß,
daß du es falsch machst.

Charles F. Kettering amerikanischer Ingenieur * 29.08.1876, † 25.11.1958

NuGet in Powershell aktualisieren

by Kategorie: Powershell

Weil ich immer wieder danach suche, habe ich es hier aufgeschrieben.
Original Artikel: https://www.alitajran.com/unable-to-install-nuget-provider-for-powershell/

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
[Net.ServicePointManager]::SecurityProtocol
Install-Module PowershellGet -Force

E-Mail bei Powershell Script Abbruch

by Kategorie: Powershell

Wer Powershell Scripte über den Windows Taskplaner zur Sicherung einsetzt, möchte vielleicht auch informiert werden, wenn das Script mit einem nicht behandelten Fehler abbricht.

function Send-Mail ($message) {
    $emailSmtpServer = "smtp.domain.tld"
    $emailFrom = "taskplaner@domain.tld"
    $emailTo = "admin@domain.tld"
    $emailSubject = "Backup Script fail"

    Send-MailMessage -To $emailTo -From $emailFrom -Subject $emailSubject -Body $message -SmtpServer $emailSmtpServer
}

$ErrorActionPreference = 'stop'
trap { 
    $ErrorActionPreference = 'Continue'
    Send-Mail -message $_.Exception.Message
    break
}

# ... ab hier das eigentliche Script ...

Floppy Image aus Ordner erstellen

by Kategorie: Linux

Wie erstelle ich mir ein Floppy Image um Windows Treiber bei der Installation im HPE Ilo zu laden

mkdir /tmp/floppy
cd /tmp/floppy
# 75MB sollten reichen
dd if=/dev/zero of=floppy.img bs=1024 count=76800
# /dev/loop30 sollte nicht in Benutzung sein ...
losetup /dev/loop30 floppy.img
mkfs.exfat /dev/loop30
mount /dev/loop30 /mnt
cp ~/data/* /mnt/
umount /mnt
losetup -d /dev/looop30

 

Foreman VMware Cloud-Init

by Kategorie: Linux, VMware

/etc/cloud/cloud.cfg

cloud_init_modules:
 - bootcmd

cloud_config_modules:
 - runcmd

cloud_final_modules:
 - scripts-per-once
 - scripts-per-boot
 - scripts-per-instance
 - scripts-user
 - resolv-conf
 - ca-certs
 - yum-add-repo
 - write-files
 - users-groups
 - package-update-upgrade-install
 - runcmd
 - puppet
 - phone-home

system_info:
  distro: rhel
  paths:
    cloud_dir: /var/lib/cloud
    templates_dir: /etc/cloud/templates
  ssh_svcname: sshd

# vim:syntax=yaml
#cloud-config
hostname: <%= @host.name %>
fqdn: <%= @host %>
manage_etc_hosts: true
users:
  - name: root
    ssh-authorized-keys:
      - ssh-ed25519 AAAA.....Vw4L0 sturbi@sturbi.de
      - ssh-rsa AAAAB3N....ji1pU4v foreman-proxy@foreman.sturbi.de

yum_repos:
    puppet6:
        baseurl: http://yum.puppetlabs.com/puppet/el/7/x86_64/
        enabled: true
        gpgcheck: false
        name: Puppet 6

package_update: true
package_upgrade: true

packages:
    - vim
    - tmux
    - mailx

package_reboot_if_required: true

<% if @host.puppetmaster -%>

packages:
    - puppet-agent

puppet:
    conf_file: '/etc/puppetlabs/puppet/puppet.conf'
    ssl_dir: '/opt/puppetlabs/puppet/ssl/'
    conf:
        agent:
            server: "<%= @host.puppetmaster %>"
            certname: "<%= @host.name %>"
        ca_cert: |
            -------BEGIN CERTIFICATE-------
            MIICIjAN.......ZwjH8CAwEAAQ==
            -------END CERTIFICATE-------

<% end %>

phone_home:
  url: <%= foreman_url('built') %>
  post: []
  tries: 10

# Template for VMWare customization via open-vm-tools
identity:
  LinuxPrep:
    domain: <%= @host.domain %>
    hostName: <%= @host.shortname %>
    hwClockUTC: true
    timeZone: 'Europe/Berlin'

globalIPSettings:
  dnsSuffixList: [<%= @host.domain %>]
  <%- @host.interfaces.each do |interface| -%>
  <%- next unless interface.subnet -%>
  dnsServerList: [<%= interface.subnet.dns_primary %>, <%= interface.subnet.dns_secondary %>]
  <%- end -%>

nicSettingMap:
<%- @host.interfaces.each do |interface| -%>
<%- next unless interface.subnet -%>
  - adapter:
      dnsDomain: <%= interface.domain %>
      dnsServerList: [<%= interface.subnet.dns_primary %>, <%= interface.subnet.dns_secondary %>]
      gateway: [<%= interface.subnet.gateway %>]
      ip: <%= interface.ip %>
      subnetMask: <%= interface.subnet.mask %>
<%- end -%>

puppet facts

by Kategorie: Linux

if Facter.value(:kernel) == 'Linux'
  Facter.add('ansible_python_interpreter') do
    setcode do
      ansible_python_interpreter = Facter::Core::Execution.exec('which python3')
      if ansible_python_interpreter.empty?
        ansible_python_interpreter = Facter::Core::Execution.exec('which python')
      end
      ansible_python_interpreter
    end
  end
end

if Facter.value(:kernel) == 'Linux'Facter.add(:tomcat) do
  confine operatingsystem: ['RedHat CentOS']
  setcode do
    process = Facter::Core::Execution.exec('ps -ef | grep [^]]java | grep catalina')
    tomcatinfo = Array.new({})
    regex = %r{/.*catalina.base\=(.*?) .*/}
    home = process[regex, 1]
    if home
      tomcatinfo.push('tomcat.base' => home)
      info = Facter::Core::Execution.exec(home + '/bin/version.sh')
      info = info.split(%r{/\n/})
      info.each do |x|
        tmp = x.split(%r{/:/})
        if tmp[0] =~ %r{/.*erver.*umber/}
          tomcatinfo.push('tomcat.version' => tmp[1].chomp.strip)
        end
        if tmp[0] =~ %r{/JVM Version/}
          tomcatinfo.push('tomcat.jvm' => tmp[1].chomp.strip)
        end
      end
      tomcatinfo
    end
  end
end

require 'json'
Facter.add(:yum_repos) do
  confine operatingsystem: ['RedHat CentOS']
  setcode do
    repos = Array.new({})

    # list enabled yum repos
    enabled_repos = Facter::Core::Execution.execute("/usr/bin/yum repolist enabled | awk '!/repo id/ && !/repolist/ && !/Load/' | awk '{print $1}'")
    splitstring = enabled_repos.split("\n")
    splitstring.each { |reponame| repos.push(reponame => true) }

    # list disabled yum repos
    enabled_repos = Facter::Core::Execution.execute("/usr/bin/yum repolist disabled | awk '!/repo id/ && !/repolist/ && !/Load/' | awk '{print $1}'")
    splitstring = enabled_repos.split("\n")
    splitstring.each { |reponame| repos.push(reponame => false) }

    repos
  end
end

SELinux Cheat Sheet

by Kategorie: Linux

Da ich wieder einmal mit SELinux gekämpft habe, schreibe ich mir mal die relevanten Befehle auf. Wahrscheinlich kann ich sie danach auswendig.

sestatus
avcstat
avcstat 1

setenforce 1
setenforce 0

grep prozess /var/log/audit/audit.log | audit2allow -M mypol
semodule -r mypol
semodule -l
semodule -i mypol.pp

sealert -a /var/log/audit/audit.log

audit2allow -w -a
audit2allow -a

restorecon -r /

setsebool -P httpd_unified 1
setsebool -P httpd_unified 0

semanage fcontext -a -t httpd_sys_rw_content_t 'modules'

ein bisschen Doku unter https://wiki.centos.org/HowTos/SELinux