Python on Solaris: Wrong ELF class: ELFCLASS64

If “pip” installed 64-bit libraries, while python is a 32-bit binary, “pkg” might stop working with the following error messages:

ImportError: ld.so.1: bootadm: fatal: /usr/lib/python2.7/site-packages/lxml/etree.so: wrong ELF class: ELFCLASS64
ImportError: ld.so.1: python2.7: fatal: /usr/lib/python2.7/site-packages/_cffi_backend.so: wrong ELF class: ELFCLASS64
$ file `which python`
/usr/bin/python:	ELF 32-bit LSB executable 80386 Version 1 [SSE], dynamically linked, not stripped

The workaround is to remove the corresponding python packages (in this case cffi and lxml), download and recompile them manually with “-m32”:

$ export CFLAGS="-m32"

One-liner: generate group-urls for all remote-access tunnel-groups (Cisco ASA)

This one-liner takes Cisco ASA config, checks for “tunnel-group … remote-access” and generates the following two lines:

tunnel-group GROUPNAME webvpn-attributes
 group-url https://CISCO_ASA_FW_FQDN/GROUPNAME enable
for i in `fgrep tunnel-group CISCO_ASA.conf | fgrep remote-access | awk '{print $2}'`
do
echo "tunnel-group $i webvpn-attributes"
echo " group-url https://CISCO_ASA_FW_FQDN/$i enable"
done

One-liner: get image URLs from Google Image search

Let’s search for “red apple”:

For Solaris (use gsed instead of sed):

curl -A "Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0" \
'https://www.google.nl/search?q=red+apple&tbm=isch' 2>/dev/null | \ 
tail -1 | gsed -e 's/,"ow":/*/g' -e 's/,"ou":/*Image:/g' | \ 
tr '*' '\n' | grep "^Image" | sed -e 's/^Image:"//' -e 's/"$//' 

For Linux:

curl -A "Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0" \
'https://www.google.nl/search?q=red+apple&tbm=isch' 2>/dev/null | \ 
tail -1 | sed -e 's/,"ow":/*/g' -e 's/,"ou":/*Image:/g' | \ 
tr '*' '\n' | grep "^Image" | sed -e 's/^Image:"//' -e 's/"$//' 

One-liner: get all service names and associated protocol numbers on Fortigate

Run in a VDOM:

sh firewall service custom | grep 'edit\|port\|type\|proto'

    edit "ALL"
        set protocol IP
    edit "ALL_TCP"
        set tcp-portrange 1-65535
    edit "ALL_UDP"
        set udp-portrange 1-65535
    edit "ALL_ICMP"
        set protocol ICMP
        unset icmptype
    edit "GRE"
        set protocol IP
        set protocol-number 47
    edit "DHCP"
        set udp-portrange 67-68
    edit "DNS"
        set tcp-portrange 53
        set udp-portrange 53
    edit "FTP"
        set tcp-portrange 21
    edit "FTP_GET"
        set tcp-portrange 21
    edit "FTP_PUT"
        set tcp-portrange 21
    edit "H323"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    edit "HTTP"
        set tcp-portrange 80
    edit "HTTPS"
        set tcp-portrange 443
. . .

How to install and keep an obsolete Solaris package

If you (like me) are still using Solaris (why BTW, if I may ask?), then you might stumble upon the problem of disappearing packages. Let’s take, for example, gimp:

# pkg list -af gimp
NAME (PUBLISHER)          VERSION                    IFO
image/editor/gimp         2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp         2.6.10-0.175.3.0.0.26.0    ---
image/editor/gimp         2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp         2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp         2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp         0.5.11-0.151.0.1           ---

Flag “o” means “obsolete”. If you have version “2.6.10-0.175.3.0.0.26.0” installed, and it gets updated to “2.6.10-5.12.0.0.0.97.0” (which is obsolete), your package will get removed. If this what happened, here’s the path to restore it.

First, install the latest version before “o”:

pkg install -v image/editor/gimp@2.6.10-0.175.3.0.0.26.0

Then “freeze” it:

# pkg freeze image/editor/gimp

Now if you run pkg list again, you will see two new flags:
“i” – installed
“f” – frozen

# pkg list -af gimp
NAME (PUBLISHER)            VERSION                    IFO
image/editor/gimp           2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp           2.6.10-0.175.3.0.0.26.0    if-
image/editor/gimp           2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp           2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp           2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp           0.5.11-0.151.0.1           ---

# pkg freeze
NAME               VERSION            DATE            COMMENT
image/editor/gimp  2.6.10-0.175.3.0.0.26.0:20150705T202845Z 15 Feb 2017 23:01:02 CET None

One-liner: how to check the SSL certificate expiration of several servers

for i in cnn.com bbc.co.uk
do
  exp=`echo | openssl s_client -connect $i:443  2>/dev/null | 
  openssl x509 -noout -dates | fgrep notAfter | sed -e 's/^.*=//'`
  echo "$i        $exp"
done

cnn.com	    Feb  6 12:00:00 2018 GMT
bbc.co.uk   Apr 20 10:01:10 2017 GMT