SELinux: Creating exceptions cheat sheet

Troubleshooting SELinux is generally an absolute nightmare and pops up when least expected. I  have lost so many hours to troubleshooting something only for it to end up being an SELinux exception. So first of all I recommend turning SELinux off, seeing if the problem is solved and if it does create a type enforcement. You can do this using the following:

Turn SElinux on and off

Off:

setenforce 0

On:

set enforce 1

 

Use audit2allow to view any rules that have been violated
audit2allow -w -a

-a shows the type exception rules violated

-w shows a human readable description of what violated the type exception rule

Create loadable type enforcement to allow access in future
audit2allow -a -M addrule123

This creates a pp (policy package) and te (type enforcement) file. The pp file (policy package) can then be installed using command

semodule -i addrule123.pp
Creating a .pp file from a .te file

Sometimes you might want to keep the human readable .te, type enforcement file and then create a .pp file from that later. This can be done by doing the following:

First create a policy module file

checkmodule -M -m addrule123.te -o addrule123.mod

Then create the .pp file from that policy module file

semodule_package -m /addrule123.mod -o addrule123.pp

Install policy package .pp file

semodule -i addrule123.pp

 

Advertisements

Atom: Export and install packages on new computer

Create a list of packages installed on base computer

Run this from the command line to get a list of all packages installed within atom which will create a output file to send to your new computer:

apm list --installed --bare > package-list.txt

Install packages from list on target machine

Run this command to install packages from the exported list:

apm install --packages-file package-list.txt

Good starting list:

Here is a good list of initial packages to install for a DevOps focused workload using Puppet, Terraform and AWS

aligner@1.2.4
aligner-javascript@1.3.0
aligner-puppet@0.1.1
aligner-python@1.1.0
aligner-ruby@1.6.1
atom-beautify@0.32.5
atom-jinja2@0.6.0
atom-yamljson@0.2.4
base64@0.3.0
change-case@0.6.5
color-picker@2.3.0
eval-javascript@1.2.0
file-icons@2.1.21
git-blame@1.7.0
git-plus@7.10.2
git-time-machine@2.1.0
language-ansible@0.2.2
language-docker@1.1.8
language-puppet@0.23.0
language-terraform@0.8.1
language-x86-64-assembly@2.2.11
linter-puppet@1.0.0
merge-conflicts@1.4.5
open-recent@5.0.0
pigments@0.40.0
pinned-tabs@2.0.6
print-code@0.7.1
python-debugger@0.2.0
sort-lines@0.18.0
split-diff@1.5.2
tablr@1.8.3
tasks@2.10.1
terraform-fmt@0.3.0
wordcount@3.0.0
wrap-with-anything@0.1.1

 

Shell Script: How to use AND and OR in If statements

How to use AND  conditionals in IF statements within bash shell scripts

if [ $1 != 'foo' ] && [ $1 != 'bar' ] && [ $1 != 'sheep' ]
then
 echo "do this"
else
 echo "do that"
fi

How to use OR  conditionals in IF statements within bash shell scripts

 if [ $1 != 'foo' ] || [ $1 != 'bar' ]
then
 echo "do this"
else
 echo "do that"
fi

 

How to configure ssh authentication between gitlab and Jenkins

Using Jenkins to build a Gitlab project is a pretty standard thing to do but in order for it to work the two must be able to talk to each other. There are several ways to do this one being by SSH key pair. The basic steps are:

  • Create a RSA key pair on the jenkins machine
  • Put the generated private key into a Gitlab Deploy Key
  • Assign this key to the required Repo
  • Add the private key to the Jenkins global credentials

Create a RSA key pair on the Jenkins machine

To do this logon to the Jenkins machine as root and run the following command:

ssh-keygen -t rsa -C "your.email@example.com" -b 4096

This will prompt for a path to create the ssh key so anything like /home/USER/mynewkey will work.

It will then prompt for a passcode which can be left blank by pressing enter.

This will create 2 files one with the private key and one with the public key postfixed with ‘.pub’

Put the generated private key into a Gitlab Deploy Key

Next go to your gitlab site and into the repository that you want to use in jenkins. Click on settings in the left bar and repository. Expand Deploy keys and you will see somewhere to add a new key.Screen Shot 2018-01-05 at 15.44.56.png

Give the Key a name and copy the public key that you just created (It will be in the location you created it in + .pub so in our example /home/USER/mynewkey.pub) Note: Be sure to remove any line breaks when copying

If you want Jenkins to have write access check the box else click add key. You can now enable this key for this repo and any others that Jenkins needs to access through the same settings menu.

Add the private key to the Jenkins global credentials

In Jenkins go to credentials in the left bar and then global link in the ‘stores scoped to Jenkins pane’. Then click add credential.

Screen Shot 2018-01-05 at 15.43.18.png

Select ‘SSH username with private key’ and then input the Jenkins username on your machine (The user that the jenkins service runs as) and the private key created above (It will be in the location you created, so in our example /home/USER/mynewkey, notice this is different to the public key used above.)

Set the ID for the credentials which is what you can call the credential with from within Jenkins jobs.

You should now be able to use this in Jenkins jobs to access GitLab repositories. 

Terraform : How to automatically shutdown AWS instances at the end of the day

In order to shut down instances in an autoscaling group at the end of an online day you need to add an autoscaling schedule resource to your code. This will scale down to 0 running instances at the time that your online day ends. You can then add another autoscaling schedule to bring the required number of instances up again in the morning.

The scheduling is done by cron scheduler expressions so is very flexible in its configuration and is set by the recurrence parameter.. Below I have set my autoscaling group to scale to 0 at 6pm Monday to Friday and scale back to 1 instance at 9am each weekday morning. This means I don’t pay for my resources overnight and at the weekend.

# Stop all instances each weekday at 6pm 
resource "aws_autoscaling_schedule" "project-ass-component-weekdays-startup" {
  scheduled_action_name = "project-ass-component-weekdays-startup"
  min_size = 0
  max_size = 0
  desired_capacity = 0
  recurrence = "00 18 * * MON-FRI"
  autoscaling_group_name = "${aws_autoscaling_group.project-asg-component.name}"
}

# Startup 1 instance each weekday at 9am 
resource "aws_autoscaling_schedule" "project-ass-component-weekdays-shutdown" {
  scheduled_action_name = "project-ass-component-weekdays-shutdown"
  min_size = 1
  max_size = 1
  desired_capacity = 1
  recurrence = "00 09 * * MON-FRI"
  autoscaling_group_name = "${aws_autoscaling_group.project-asg-component.name}"
}

The only required input is the name of your autoscaling group  set above as “project-asg-component”. You can also configure the scheduled_action_name as required.

Powershell: How to search an excel document for a string using com objects

The below script opens an excel document in read only mode and then searches for a set string within the first sheet, cells ranging A1-AZ200. This can be amended depending on the specific documents you are searching but this is a good way of quickly searching most files. Notice the options in the open and close document calls which are important to open the documents in read only mode and not save on exit.

The scripting lines between the open and close workbook lines can be looped to open multiple workbooks.

<# Location of excel document #>
$DocumentPath = "C:\\path\to\document.xls"
<# String to find #>
$FindString = "Find me"
 
<# Create com object for excel application #>
$xl = New-Object -COM "Excel.Application"

<# Open the workbook to be searched #>
$wb = $xl.Workbooks.Open("$DocumentPath", $false, $true)

<# Search the first sheet range A1-Az200 for the string #>
If($wb.Sheets.Item(1).Range("A1", "AZ200").Find("$FindString")){
    echo "String found"
}else{
    echo "String not found"
} 

<# Close the workbook #>    
$wb.Close($false)

<# Close the excel com object #>  
$xl.Quit()

Powershell: How to search a word document for a string using com objects

The below script opens a word document in read only mode and then searches for a set string. Notice the options in the open and close document calls which are important to open the documents in read only mode and not save on exit.

The scripting lines between the open and close document lines can be looped to open multiple documents.

<# Location of word document #>
$DocumentPath = "C:\\Loction\of\doucment.doc"
<# String to find #>
$FindString = "Find me"

<# Initiate word document #>
$Word = New-Object -ComObject Word.Application

<# Open the word document in file path in read only format #>
$Document = $Word.Documents.Open("$DocumentPath", $false, $true) 

<# Search for the string #>
if($Document.content.find.execute($FindString)){
     echo "String found"
}else{
    echo "String not found"
}             
            
#close document - not saving
$Word.Documents.Close($false) 

# Quit word document
$Word.Quit()