One-liner: how to get Pulse Secure (Juniper SSL VPN) ACLs per role

Export ACLs as XML from the GUI into acls.xml file, then run the following command:

cat acls.xml | sed -e 's/&/\&/g' | awk '
BEGIN { acls=""; acl=0;}
/<network-connect-acl>/ { acl=1;}
/<resource>/ { if ( acl == 1) {a=gensub(".*<resource>(.*)<\/resource>.*","\\1","g",$0); acls = acls " " a; } } 
/<roles>/ { if (acl == 1) { roles[gensub(".*<roles>(.*)<\/roles>.*","\\1","g",$0)]=acls;} }
/<action>/ { if (acl == 1) { action=gensub(".*<action>(.*)<\/action>.*","\\1","g",$0)};}
/<\/network-connect-acl>/ { acl=0; acls=""; for ( i in roles) {printf("%s;%s;%s\n", i,roles[i],action);} delete roles;}' | sed -e 's/; /;/g' | less

The result will be shown in the following (semi-colon separated form):

Role;ACl1 ACL2 ACL3 …;action

One-liner: how to check temperature differences

The idea of this not-quite-one-liner is to periodically check the DIMM temperatures and show the differences (works in KSH, and does not work in BASH):

n=1

# Check all DIMM temperatures 
for temp in `sensors | fgrep DIMM | sed -e 's/°C.*//' -e 's/^.*+//' -e 's/\./,/'`
do

	(( B$n=$temp )) # temperature in the beginning
	(( D$n=$temp )) # current temperature
	(( n+=1 )) 	 	# next DIMM
done

while true
do

	sleep 10
	n=1
	for temp in `sensors | fgrep DIMM | sed -e 's/°C.*//' -e 's/^.*+//' -e 's/\./,/'`
	do
		(( temp_var=D$n ))
		(( DIFF1=$temp-$temp_var )) #temp diff from the last iteration
		(( temp_var=B$n ))
		(( DIFF2=$temp-$temp_var )) #temp diff from the beginning
		/bin/echo -e "$temp \t $DIFF2 \t $DIFF1"
		(( D$n=$temp ))
		(( n+=1 ))
	done
	echo ----------------------------------------
done

The result:

72,0 	 0 	 0
65,0 	 0 	 0
65,0 	 -0,5 	 -0,5
63,0 	 0 	 0
72,5 	 0 	 0
72,5 	 0 	 0
75,5 	 0 	 0
64,0 	 0 	 0
----------------------------------------
72,0 	 0 	 0
65,0 	 0 	 0
65,0 	 -0,5 	 0
63,0 	 0 	 0,5
72,5 	 0 	 0
72,5 	 0 	 0
75,5 	 0 	 0
64,0 	 0 	 0
----------------------------------------
71,0 	 -1 	 -1
65,0 	 0 	 0
65,0 	 -0,5 	 0
62,5 	 -0,5 	 -0,5
72,5 	 0 	 0
72,5 	 0 	 0
75,5 	 0 	 0
64,0 	 0 	 0
----------------------------------------

One-liner: how to check file growth in real time

Not quite a one-liner, but it can be copy&pasted in a terminal window 😉

bash
TIME=10
FILE=file.log
function fsize {
	SIZE=`ls -l $FILE | awk '{print $5}'`
}
fsize
S1=$SIZE
while true
do
	sleep $TIME
	fsize
	S2=$SIZE
	(( DIFF=($S2-$S1)/$TIME ))
	echo "($S2-$S1)/$TIME = $DIFF"
	S1=$S2
done

The script above will check the “file.log” size every 10 seconds and output the previous size, the new size and bytes per second:

(30117062-30085517)/10 = 3154
(30148404-30117062)/10 = 3134
(30179199-30148404)/10 = 3079
^C
^D

Python on Solaris: Wrong ELF class: ELFCLASS64

If “pip” installed 64-bit libraries, while python is a 32-bit binary, “pkg” might stop working with the following error messages:

ImportError: ld.so.1: bootadm: fatal: /usr/lib/python2.7/site-packages/lxml/etree.so: wrong ELF class: ELFCLASS64
ImportError: ld.so.1: python2.7: fatal: /usr/lib/python2.7/site-packages/_cffi_backend.so: wrong ELF class: ELFCLASS64
$ file `which python`
/usr/bin/python:	ELF 32-bit LSB executable 80386 Version 1 [SSE], dynamically linked, not stripped

The workaround is to remove the corresponding python packages (in this case cffi and lxml), download and recompile them manually with “-m32”:

$ export CFLAGS="-m32"

One-liner: how to generate group-url for all remote-access tunnel-groups (Cisco ASA)

This one-liner takes Cisco ASA config, checks for “tunnel-group … remote-access” and generates the following two lines:

tunnel-group GROUPNAME webvpn-attributes
 group-url https://CISCO_ASA_FW_FQDN/GROUPNAME enable
for i in `fgrep tunnel-group CISCO_ASA.conf | fgrep remote-access | awk '{print $2}'`
do
echo "tunnel-group $i webvpn-attributes"
echo " group-url https://CISCO_ASA_FW_FQDN/$i enable"
done