blog
Table des matières
3 billet(s) pour janvier 2026
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Signer des fichiers
Voir
Avec ssh_keygen
Avec OpenSSL
Création de la paire de clefs
Génération de la clef privé
openssl genrsa -out priv.pem 4096
Génération de la clef public
openssl rsa -in priv.pem -pubout -out public.pem
Signer
openssl dgst -sha256 -sign priv.pem -out plop.txt.sha256 plop.txt openssl base64 -in plop.txt.sha256 -out /tmp/plop.txt.sign
Vérifier la signature
openssl base64 -d -in plop.txt.sign -out /tmp/plop.txt.sha256 openssl dgst -sha256 -verify public.pem -signature plop.txt.sha256 plop.txt
Exemple de script pour signer
Ce script crée un fichier contenant une date Ce fichier date est signé
La signature est vérifiée Un délais est défini au delà duquel il est considéré comme expiré.
poc_crypto_sign.sh
#! /bin/bash set -o nounset DELAY=60 KEY_PRIV=priv.pem KEY_PUB=public.pem SIGN_FILE=plop.txt.sign TMP_SIGN_FILE=/tmp/plop.txt.sha256 DATA_FILE=plop.txt enc_create_key_priv() { openssl genrsa -out "$KEY_PRIV" 4096 } enc_create_key_pub() { openssl rsa -in "$KEY_PRIV" -pubout -out "$KEY_PUB" } enc_sign() { openssl dgst -sha256 -sign "$KEY_PRIV" -out "$TMP_SIGN_FILE" "$DATA_FILE" openssl base64 -in "$TMP_SIGN_FILE" -out "$SIGN_FILE" } err() { local err_code=$1 shift echo $* >&2 exit $err_code } enc_verif_sign() { openssl base64 -d -in "$SIGN_FILE" -out "$TMP_SIGN_FILE" openssl dgst -sha256 -verify "$KEY_PUB" -signature "$TMP_SIGN_FILE" "$DATA_FILE" > /dev/null if [ $? -ne 0 ] then err 1 "Error. Sign. Verification Failure" fi } date_epoch() { echo $(date +%s) } read_date_file() { echo "$(cat $DATA_FILE)" } create_date_file() { date_epoch > "$DATA_FILE" enc_sign } check_date() { enc_verif_sign local -i epoch_file="$(read_date_file)" local -i epoch_now="$(date_epoch)" echo "DEBUG: $epoch_file > $(( epoch_now - DELAY ))" if (( epoch_file > epoch_now )) then err 2 "Error. Time in futur" elif (( $epoch_file < $(( epoch_now - DELAY )) )) then err 3 "Error. Expired" else echo "OK" fi } #enc_create_key_priv #enc_create_key_pub #create_date_file #enc_sign enc_verif_sign read_date_file check_date
Shelldap
Un shell LDAP pour se simplifier la vie
Installation
apt-get update apt-get install shelldap
Configuration
Exemple 1
~/.shelldap.rc
server: localhost:389 binddn: cn=admin,dc=ce,dc=domain,dc=net bindpass: ***MOT_DE_PASSE*** basedn: ou=users,dc=ce,dc=domain,dc=net tls: yes
Exemple 2
~/.shelldap.rc
server: 192.168.2.10:389
binddn: admin
bindpass: P@ssw0rd
Shell script LVM lsblk get vgfree space without root privileges
vg_free.sh
#! /bin/bash # Creative Commons CC0 Public Domain Licence set -euo pipefail IFS=$' \t\n' export LC_ALL=C SCRIPT_NAME="$(basename "$0")" usage() { cat <<-EOF Usage: $SCRIPT_NAME [ VG_NAME ] Usage: $SCRIPT_NAME [ -a|--all ] Usage: $SCRIPT_NAME [ -h|--help ] $SCRIPT_NAME display volume groups free space in MiB for non-root users. $SCRIPT_NAME [ VG_NAME ] Is equivalent : sudo vgs --readonly --noheadings --units=m [ VG_NAME ] -o vgfree $SCRIPT_NAME --all Is equivalent : sudo vgs --readonly --noheadings --units=m -o vgname,vgfree EOF } command_exists() { if ! command -v "$1" >/dev/null 2>&1 ; then echo -e "Missing command : $1\nAborting." >&2 exit 127 fi } calc_sum() { awk '{s+=$1} END {printf "%.0f", s}' "$*" } get_vg_size() { local VG_NAME=$1 lsblk -b -i | grep -B1 -E -e '[|`]-'"${VG_NAME/-/-*}-" | awk '/part|disk|crypt/ { print $4 }' | calc_sum } get_lv_total_size() { local VG_NAME=$1 #lsblk -p -b -o NAME,SIZE -J --nodeps "/dev/${VG_NAME}"/* |jq '.blockdevices[].size |tonumber' lsblk -p -b -n -o SIZE --nodeps "/dev/${VG_NAME}/"* | calc_sum } get_vg_list() { # shellcheck disable=SC2012 ls -1 /dev/mapper/ | awk '/-/{print $1}' | sed -e 's/-[^-]*$//' -e 's/--/-/' | sort -u } get_vgfree() { local VG_NAME=$1 local -i VG_SIZE local -i LV_TOTAL_SIZE VG_SIZE="$(get_vg_size "$VG_NAME")" LV_TOTAL_SIZE="$(get_lv_total_size "$VG_NAME")" echo "$(( ( VG_SIZE - LV_TOTAL_SIZE ) /1024/1024 ))" } check_inputs() { local VG_NAME=$1 if [[ ! -d "/dev/${VG_NAME}" ]] then echo "Volume group $VG_NAME not found" >&2 exit 5 fi } main() { local VG_NAME=${1-} local -i VG_FREE command_exists lsblk if [[ "$NOARGS" -eq 1 ]] then for VG in $(get_vg_list) do VG_FREE="$(get_vgfree "$VG")" printf " %-8s %10.2fm\n" "$VG" "$VG_FREE" done else VG_FREE="$(get_vgfree "$VG_NAME")" echo " ${VG_FREE}.00m" fi } if [[ $# -eq 0 ]] then echo "$SCRIPT_NAME: missing operand" >&2 echo "Try '$SCRIPT_NAME --help' for more information." >&2 exit 1 fi while [ "${1-}" != "" ]; do case $1 in # --debug ) DEBUG=1 # ;; -a | --all ) shift NOARGS=1 main ;; -h | --help ) usage exit 0 ;; --) # End of all options shift break ;; -*) echo "SCRIPT_NAME: invalid option" >&2 echo "Try '$SCRIPT_NAME --help' for more information." >&2 exit 1 ;; *) check_inputs "$1" NOARGS=0 main "$1" ;; esac shift done
Sinon il est toujours possible de s'en sortir avec quelques commandes
lsblk -b -i |grep -B1 vg00 |awk '/part|disk/crypt/ { print $4 }' | awk '{s+=$1} END {printf "%.0f", s}' lsblk -b -i |grep -B1 vg00 |awk '/lvm/ { print $4 }' |awk '{s+=$1} END {printf "%.0f", s}'
Shell script - exemple de wrapper - exec rgrep
Voir aussi wrapper compilés :
- /usr/lib64/nagios/plugins/negate
/usr/bin/rgrep
#!/bin/sh exec grep -r "$@"
/bin/fgrep
#!/bin/sh exec grep -F "$@"
Voir man bash
ou avec une fonction
function rgrep() { grep -r "$@" }
Autre exemple
tar () { command tar "$@" --no-same-owner --no-same-permissions; return $?; }
blog.txt · Dernière modification : de 127.0.0.1