Category: Computers

One-liner: how to get all service names and associated protocol numbers on Fortigate

Run in a VDOM:

sh firewall service custom | grep 'edit\|port\|type\|proto'

    edit "ALL"
        set protocol IP
    edit "ALL_TCP"
        set tcp-portrange 1-65535
    edit "ALL_UDP"
        set udp-portrange 1-65535
    edit "ALL_ICMP"
        set protocol ICMP
        unset icmptype
    edit "GRE"
        set protocol IP
        set protocol-number 47
    edit "DHCP"
        set udp-portrange 67-68
    edit "DNS"
        set tcp-portrange 53
        set udp-portrange 53
    edit "FTP"
        set tcp-portrange 21
    edit "FTP_GET"
        set tcp-portrange 21
    edit "FTP_PUT"
        set tcp-portrange 21
    edit "H323"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    edit "HTTP"
        set tcp-portrange 80
    edit "HTTPS"
        set tcp-portrange 443
. . .

How to install and keep an obsolete Solaris package

If you (like me) are still using Solaris (why BTW, if I may ask?), then you might stumble upon the problem of disappearing packages. Let’s take, for example, gimp:

# pkg list -af gimp
NAME (PUBLISHER)          VERSION                    IFO
image/editor/gimp         2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp         2.6.10-0.175.3.0.0.26.0    ---
image/editor/gimp         2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp         2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp         2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp         0.5.11-0.151.0.1           ---

Flag “o” means “obsolete”. If you have version “2.6.10-0.175.3.0.0.26.0” installed, and it gets updated to “2.6.10-5.12.0.0.0.97.0” (which is obsolete), your package will get removed. If this what happened, here’s the path to restore it.

First, install the latest version before “o”:

pkg install -v image/editor/gimp@2.6.10-0.175.3.0.0.26.0

Then “freeze” it:

# pkg freeze image/editor/gimp

Now if you run pkg list again, you will see two new flags:
“i” – installed
“f” – frozen

# pkg list -af gimp
NAME (PUBLISHER)            VERSION                    IFO
image/editor/gimp           2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp           2.6.10-0.175.3.0.0.26.0    if-
image/editor/gimp           2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp           2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp           2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp           0.5.11-0.151.0.1           ---

# pkg freeze
NAME               VERSION            DATE            COMMENT
image/editor/gimp  2.6.10-0.175.3.0.0.26.0:20150705T202845Z 15 Feb 2017 23:01:02 CET None

One-liner: how to check the SSL certificate expiration of several servers

for i in cnn.com bbc.co.uk
do
  exp=`echo | openssl s_client -connect $i:443  2>/dev/null | 
  openssl x509 -noout -dates | fgrep notAfter | sed -e 's/^.*=//'`
  echo "$i        $exp"
done

cnn.com	    Feb  6 12:00:00 2018 GMT
bbc.co.uk   Apr 20 10:01:10 2017 GMT

One-liner: how to count the total amount of specific lines in several files

Let’s calculate the amount of lines, containing the word “extended” in */*.conf files:

egrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'

BTW, using awk alone is slower:

time awk 'BEGIN {sum=0;}/extended/{sum++} END {print sum}' */*.conf
110653

real	0m0.94s
user	0m0.91s
sys	0m0.01s

time egrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'
110653

real	0m0.13s
user	0m0.10s
sys	0m0.02s

fgrep is slower than egrep:

time fgrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'
110653

real	0m0.21s
user	0m0.17s
sys	0m0.03s

traceroute 216.81.59.173

> traceroute -m 100 216.81.59.173
traceroute: Warning: Multiple interfaces found; using x.x.x.x @ net0
traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 40 byte packets
. . .
8  10gigabitethernet1-2.core1.atl1.he.net (184.105.213.110)  122.807 ms  150.309 ms  168.517 ms
9  216.66.0.26 (216.66.0.26)  160.820 ms  164.675 ms  157.556 ms
10  * * *
11  Episode.IV (206.214.251.1)  188.004 ms  188.078 ms  277.575 ms
12  A.NEW.HOPE (206.214.251.6)  212.980 ms  182.796 ms  217.315 ms
13  It.is.a.period.of.civil.war (206.214.251.9)  208.230 ms  231.501 ms  187.249 ms
14  Rebel.spaceships (206.214.251.14)  223.330 ms  185.769 ms  231.825 ms
15  striking.from.a.hidden.base (206.214.251.17)  222.702 ms  199.810 ms  227.345 ms
16  have.won.their.first.victory (206.214.251.22)  186.517 ms  221.058 ms  201.745 ms
17  against.the.evil.Galactic.Empire (206.214.251.25)  185.988 ms  216.445 ms  186.553 ms
 Continue reading "traceroute 216.81.59.173"

Firefox 18.0 crashes on Solaris

Update: fixed in v19.0beta (at least v19.0b1 build3 looks good):
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/ (19b1 does not save sessions, though 😉

Firefox 18 (all betas and 18.0) crashes on Solaris 11 and OpenSolaris. The workaround is to set the following variables to “false”:

browser.cache.disk.enable
browser.cache.memory.enable
browser.cache.disk_cache_ssl

See bug 827971.

Simple log-rotator

Non-compressing log-rotator:

# more logrotate.sh
#!/bin/bash
for file in $*
do
mv ${file}.5 ${file}.6
mv ${file}.4 ${file}.5
mv ${file}.3 ${file}.4
mv ${file}.2 ${file}.3
mv ${file}.1 ${file}.2
mv ${file} ${file}.1
touch ${file}
pkill -1 syslog
done

Compressing version:

#!/bin/bash
for file in $*
do
mv ${file}.5.gz ${file}.6.gz
mv ${file}.4.gz ${file}.5.gz
mv ${file}.3.gz ${file}.4.gz
mv ${file}.2.gz ${file}.3.gz
mv ${file}.1.gz ${file}.2.gz
mv ${file} ${file}.1
touch ${file}
pkill -1 syslog
gzip ${file}.1
done

Usage:

# logrotate.sh asa1.log cisco2.log templog
#