Category: Bash


aws – iterate instances across all regions

By polfilm,

describe_all_instances.sh

for region in `aws ec2 describe-regions --output text | cut -f3`
do
     echo -e "\nListing Instances in region:'$region'..."
     aws ec2 describe-instances --region $region | jq '.Reservations[] | ( .Instances[] | {state: .State.Name, name: .KeyName, type: .InstanceType, key: .KeyName})'
done

describe_all_stacks.sh

for region in `aws ec2 describe-regions --output text | cut -f3`
do
     echo -e "\nListing Stacks in region:'$region'..."
     aws cloudformation describe-stacks --region $region | jq '( .Stacks[] | {stackid: .StackId, status: .StackStatus})'
done

pip download package with dependencies

By polfilm,
pip download [package] -d /tmp --no-binary :all:

# extract all packages
gunzip *.gz

# extract tar
tar xvf <filename>.tar

# install package
cd folder
python setup.py install

AWS SSH Fingerprint

By polfilm,

IF SHORT

root@ubuntu:~/.ssh/mac$ openssl pkey -in id_rsa -pubout -outform DER | openssl md5 -c
(stdin)= 6a:96:26:bd:fd:41:4f:53:77:67:78:13:01:c9:9c:12

IF LONG

openssl pkcs8 -in aws_private.pem -nocrypt -topk8 -outform DER | openssl sha1 -c

Set Date

By polfilm,
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"

Encrypt files using your public key and OpenSSL

By polfilm,
==== GET PUBLIC KEY FROM CERT - CONVERT P12 to PEM
openssl pkcs12 -in my.client.cert.p12 -out my.client.cert.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

=== GET PUBLIC KEY FROM CERT - EXTRACT PUBLIC KEY
openssl rsa -in my.client.cert.pem -pubout -out my.client.cert.pub
Enter pass phrase for my.client.cert.pem:
writing RSA key

=== ENCRYPT FILE - GENERATE RANDOM PASS
openssl rand -base64 40 -out pass.txt

=== ENCRYPT FILE - USE PASSWORD TO ENCRYPT FILE
openssl enc -e -aes-256-cbc -salt -pass file:pass.txt -in <filename> -out <filename>
e.g.
openssl enc -e -aes-256-cbc -salt -pass file:pass.txt -in somefile -out somefile.encrypted

=== ENCRYPT FILE - ENCRYPT PASS.TXT WITH PUBLIC KEY
openssl rsautl -encrypt -pubin -inkey <public key> -in <original file> -out <encrypted file>
e.g.
openssl rsautl -encrypt -pubin -inkey my.client.cert.pub -in pass.txt -out pass.encrypted

>> file is now encrypted
>> pass.txt can be deleted

=== DECRYPT FILE - DECRYPT PASSWORD
openssl rsautl -decrypt -inkey <pem file> -in <encrypted file> -out <original file>
e.g.
openssl rsautl -decrypt -inkey my.client.cert.pem -in pass.encrypted -out pass.txt

=== DECRYPT FILE - USE PASSWORD TO DECRYPT FILE
openssl enc -d -aes-256-cbc -pass file:pass.txt -in <filename>  -out <filename>
e.g.
openssl enc -d -aes-256-cbc -pass file:pass.txt -in somefile.encrypted -out somefile

>> delete pass.txt (no longer needed)

AWS CloudInit Instance Start sshd on port 443

By polfilm,
#!/bin/bash -ex
perl -pi -e 's/^#?Port 22$/Port 443/' /etc/ssh/sshd_config
service sshd restart || service ssh restart

CentOS 7 (x86_64) with Updates HVM
ami-e4ff5c93 (eu-west)

Screen

By polfilm,

screen -list to list defatched
screen -r <screenID> to attach back
screen -d -r attach all

screen command Task
Ctrl+a c Create new window
Ctrl+a k Kill the current window / session
Ctrl+a w List all windows
Ctrl+a 0-9 Go to a window numbered 0 9, use Ctrl+a w to see number
Ctrl+a Ctrl+a Toggle / switch between the current and previous window
Ctrl+a S Split terminal horizontally into regions and press Ctrl+a c to create new window there
Ctrl+a :resize Resize region
Ctrl+a :fit Fit screen size to new terminal size. You can also hit Ctrl+a F for the the same task
Ctrl+a :remove Remove / delete region. You can also hit Ctrl+a X for the same taks
Ctrl+a tab Move to next region
Ctrl+a D (Shift-d) Power detach and logout
Ctrl+a d Detach but keep shell window open
Ctrl-a Ctrl-\ Quit screen
Ctrl-a ? Display help screen i.e. display a list of commands

File Duplicates Recursive in Linux

By polfilm,
md5deep -r -l . > filelist.txt
sort < filelist.txt > filelist_sorted.txt

First command will render all hashes for all files
Second will sort the list so as you scroll you will easily spot duplicates with their paths.
m5deep is in most apt-get and yum repos.

Ubuntu New User

By polfilm,
sudo useradd -d /home/<username> -s /bin/bash -m <username>
sudo passwd <username>
sudo adduser <username> sudo

Ipa. Change Admin Password

By polfilm,
LDAPTLS_CACERT=/etc/ipa/ca.crt ldappasswd \
           -ZZ -D 'cn=directory manager' -W \
           -S uid=admin,cn=users,cn=accounts,dc=domain,dc=com

or

kadmin.local
Authenticating as principal admin/admin@EXAMPLE.COM with password.
kadmin.local:  change_password admin@EXAMPLE.COM
Enter password for principal "admin@EXAMPLE.COM": 
Re-enter password for principal "admin@EXAMPLE.COM": 

Check SSH keypair fingerprint

By polfilm,

PRIVATE

ssh-keygen -lf ~/.ssh/id_rsa.pub

PUBLIC

openssl x509 -noout -fingerprint -in /etc/ssl/certs/ssl-cert-snakeoil.pem