Useful Linux commands

Q 1. How to remove everything except for a list of files?

        rm -rf !(file1 | file2 | file3 |...)

Q 2. How to remove all hidden files in current directory?

        rm -f .??*  .[^.]

Q 3. How to save file in vim when forgetting to use sudo?

        :w !sudo tee %

Q 4. How to edit multiple file simultaneously with vim?

        vim -o file1 file2 file3

Q 5. How to find and remove broken symbolic links/

    fins -L . -type l -delete

Note: If you simply want to find broken symbolic links but without removing them:

            find -L -type l

            find . xtype l  

Q 6. How to monitor top 10 processes using the most CPU?

        watch -n1 "ps aux --sort -pcpu | head -n10"

Q 7. How to check battery of your wireless mouse?

        upower --dump

Q 8. How to find date and time when your linux was installed?

        tune2fs -l /dev/sda1 | grep "Filesystem created"

Q 9. How to combine multiple PDF files into one PDF file

        pdftk 1.pdf 2.pdf 3.pdf cat output 123.pdf

Q. 10 How to SSH to a remote server via a jump server in the middle?

        open ssh connection through a jump server

        ssh -J user@jump_server user@remote_server

What is user data in AWS?

How to use User Data? and Advantages of User Data?

AWS allows to run some commands/scripts at launch time of an instance which is known as user data. For example, you want to have certain packages installed or some configuration files to be present on the instance after the launch, user data is the thing you need. Whatever commands you specify in the user data gets executed and you get the stuff when instance is launched.

Let's try an example, install LAMP stack 

#!/bin/bash sudo apt update sudo apt install apache2 -y sudo apt install php libapache2-mod-php php-mysql -y sudo apt install php-cli -y echo "<?php phpinfo(); ?>" | sudo tee -a /var/www/html/info.php sudo apt install stress -y

Vault installations and integration with GitLab CICD pipeline

 What is vault?

Vault is an identity-based secrets and encryption management system. vault is used for store sensitive data it can be API encryption keys like tokens, access key, secret key, passwords, or certificates etc.

Ref Links: for integration vault with GitLab CICD

1. https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/

2. https://holdmybeersecurity.com/2021/03/04/gitlab-ci-cd-pipeline-with-vault-secrets/

3. https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/ci/secrets/index.md

4. https://gitlab.com/edmond-demo/sandbox/hashicorp/vault_via_api/-/blob/master/.gitlab-ci.yml

Cheat sheets:

            https://medium.com/@jagunathan22/hashicorp-vault-cheatsheet-8f13dc6a95a9

            https://sites.google.com/site/mrxpalmeiras/vault-cheat-sheet

Unseal the Vault-(Need to at least put 3 unseal key)

To authenticate purpose you need to unseal at least 3 unseal keys

CMD-  #vault operator unseal <unseal-key>  

Vault Login:-

Initial Root Token: <paste token here>

CMD-  #vault login

Enable outer access of Vault Server by its IP address:-

To make it available to the other nodes of the network need to change the configuration in the vault HCL file, It may be at a home directory or /etc/vault.d/vault.hcl.

Example:

storage "raft" {

  path    = "./vault/data"

  node_id = "node1"

}

 

listener "tcp" {

  address     = "ip:port"

  tls_disable = "true"

}

 

mlock = "false"

 

api_addr = "http://ip:port"

cluster_addr = "https://ip:port"

ui = true

GitLab Integration with Vault:

Step 1:- Create a  Gitlab project Repository.

Step 2:- Next step is to configure the vault:

A.     List, enable and disable vault secret engine as per requirement :

a.     vault secrets list

b.     vault secrets enable -path=secret kv

c.      vault secrets disable kv/

d.     Ref. https://www.vaultproject.io/docs/secrets

e.     Ref. https://learn.hashicorp.com/tutorials/vault/static-secrets

 

B.     Create, list and read Secret :

a.     vault kv put secret/hello target=world

b.     vault kv list secret/

c.      vault kv get secret/hello

C.    To create policies and role first need to enable authentication method for this case we are using JWT authentication method :

a.     CMD  # vault auth enable jwt

b.     Ref. https://www.vaultproject.io/api-docs/auth/jwt

 

D.    Create, list and read policy to provide read, write access to secret:

a.     vault policy write admin admin-policy.hcl (using hcl file)

b.     $ vault policy write myproject-production - <<EOF

# Policy name: myproject-production

#

# Read-only permission on 'secret/data/myproject/production/*' path

path "secret/data/myproject/production/*" {

  capabilities = [ "read" ]

}

EOF

c.      vault policy list

d.     vault policy read admin

e.     Ref. https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started

 

E.     Create, list, read and delete role to provide RBACK for the secret using policies:

a.     $ vault write auth/jwt/role/myproject-production - <<EOF

{

  "role_type": "jwt",

  "policies": ["myproject-production"],

  "token_explicit_max_ttl": 60,

  "user_claim": "user_email",

  "bound_claims_type": "glob",

  "bound_claims": {

    "project_id": "22",

    "ref_protected": "true",

    "ref_type": "branch",

    "ref": "auto-deploy-*"

  }

}

EOF

b.     $ vault list auth/role

c.      $ vault read auth/role/myproject-production

d.     $ vault delete auth/role/myproject-production

e.     Ref. https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started

 

 

F.     Access secrets from .gitlab-ci.yml file

a.     Ref. https://gitlab.com/edmond-demo/sandbox/hashicorp/vault_via_api/-/blob/master/.gitlab-ci.yml

stages:

    - test

read_secrets:

  stage: test

  # image:

  #   name: alpine:latest

  script:

    # - apk add --update curl jq

 

    # Vault's address can be provided here or as CI/CD variable

    - export VAULT_ADDR=http://<IP-Address:Port>

   

   

  tags:

    - ubuntu20

    - awslightsail