Solaris & Scripting: June 2018

Jun 27, 2018

How to edit sudoers file without errors

How to edit sudoers file without errors

APPLIES TO : Solaris , Linux

ISSUE : Wrong Sudoers entry will cause errors to administrative operation.

GOAL : edit the sudoers without any error OR verify the sudoers file before editing it

SOLUTION : Copy the sudoers file to /tmp, update the changes, verify for correction using visudo command, if no error reported deploy the file to /etc/sudoers.

Follow the below steps.

1. Copy the file to /tmp directory

$ sudo cp /etc/sudoers /tmp/sudoers.tobe

2. Edit the copied sudoers file and made the required changes.
$ vi /tmp/sudoers.tobe
“enter the commands you wish to add”

3. Run the below command to verify the new file for errors

$/usr/sbin/visudo -c -f /tmp/sudoers.tobe

The output should as below

“/tmp/sudoers.tobe file parsed OK”

If you get parse error as below, please check for corrections on the newly added entries.

“>>> sudoers file: syntax error, line 132 <<<

parse error in /tmp/sudoers.tobe near line 132”

4. Take a copy of existing sudoers file

$sudo cp -p /etc/sudoers /etc/sudoers.`date +%Y-%m-%d-%H%M`

5. Change the permission of the new file

$sudo chmod 440 /tmp/sudoers.tobe

6. Copy the new file to /etc/sudoers

$sudo cp /tmp/sudoers.tobe /etc/sudoers

7. Verify the suoders functionality

$sudo –l

7. Delete the temporary file

$sudo rm /tmp/sudoers.tobe

~Judi~

Jun 20, 2018

Epoch Seconds to date & date to epoch seconds in Linux/UNIX

Epoch Seconds to date & date to epoch seconds in Linux/UNIX

APPLIES TO : All UNIX, Linux , HP-UX

1. Convert Epoch seconds To date and Time format - Linux
date -d @1268727836

2.   Convert Epoch seconds To date and Time format - perl commands
  perl -le 'print scalar localtime $ARGV[0]' 1528295738
   Wed Jun 6 15:35:38 2018
  perl -e 'print scalar(localtime(1528295738)), "\n"'
   Wed Jun 6 15:35:38 2018
  perl -leprint\ scalar\ localtime\ 1528295738
   Wed Jun 6 15:35:38 2018

3.   Convert Epoch seconds To date and Time - Linux awk command
  echo 1268727836 | awk '{print strftime("%c",$1)}'
   Wed Jun 6 15:35:38 2018

4.   Print Current date and time in epoch seconds - Linux
  date +%s
   1528295738

5.   Current date and time in epoch seconds - Solaris
  nawk "BEGIN{print srand}"
   1528295738

6.   Current epoch seconds in Solaris and HPUX
  perl -e 'print time()' ; printf "\n"
   1528295738

7.   Find current epoch seconds using perl script
  Judi-Dev-01 # vi current_epoch.pl
   #!/bin/perl
   print "Current (epoch) time: " . time() . "\n";
  Judi-Dev-01 #
  Judi-Dev-01 # ./current_epoch.pl
   Current (epoch) time: 1529498830
  Judi-Dev-01 #

8.   Convert date and time to epoch seconds
  perl -e "use Time::Local; print timelocal($C_SEC, $C_MIN, $C_HOURS, $C_DAY, $C_MONTH1-1, $C_YEAR)"
  perl -e "use Time::Local; print timelocal(01, 01, 00, 16, 6-1, 2018)" ; printf "\n"
   Sat Jun 16 00:01:01 2018

9.   Display only time
  date +"%T"
   16:31:42

10.   Display date and time in local format (locale)

  date +"%c"
   Wed Jun 20 16:32:01 2018

11. To get previous date in solaris (24 Hours per day) Calculate accordingly (Today is 16-Jun-2018)

TZ=GMT+24 date +%d-%m-%Y

15-06-2018

TZ=GMT+48 date +%d-%m-%Y

14-06-2018

11. To get previous day in Solaris (86400 seconds for one day) Calculate accordingly

perl -MPOSIX=strftime -le 'print strftime("%d", localtime(time-86400))'

15-Jun-2018

11. To get previous two days date in Solaris (86400 seconds for one day) Calculate accordingly

perl -MPOSIX=strftime -le 'print strftime("%d-%b-%Y", localtime(time-172800))'

18-Jun-2018

~Judi~

Jun 18, 2018

Find weak ciphers RC4-SHA and RC4-MD5 in Solaris using script

Find weak ciphers (RC4-SHA and RC4-MD5) Solaris using script

APPLIES TO : Solaris 10 and 11

ISSUE : SSL/TLS use of weak RC4 cipherin port 3872

GOAL : Find and disable SSL/TLS use of weak RC4 cipher

SOLUTION : Run the attached script in the affected server, Modify the IP address to the affected servers primary IP and the port which mentioned by scan report, Here the port is 3872, The required changes has to be applied by Oracle Databse team at the 13C Cloud Server.

Port 3872 - Cloud Control Agent, Only the OMS will connect to this port.

SCRIPT : Script Download
#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=192.168.1.10:3872
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
   error=$(echo -n $result | cut -d':' -f6)
   echo NO $$error$
else
   if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
   echo YES
   else
     echo UNKNOWN RESPONSE
     echo $result
   fi
fi
sleep $DELAY

done

SCRIPT Output :  Here the weak ciphers RC4-SHA , RC4-MD5, DES-CBC3-SHA are open to port 3872 and its vulnerable.  The required changes has to be applied by Oracle Databse team at the 13C Cloud Server.

JUDI-DEV-TEST01# ./ssl_test_script.sh|grep RC4
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
  Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
  Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
  Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
  Testing ECDH-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
  Testing ECDH-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
  Testing RC4-SHA...YES
  Testing RC4-MD5...YES
  Testing DES-CBC3-SHA...YES
JUDI-DEV-TEST01#

~Judi~

Solaris & Scripting

Popular Posts

Jun 27, 2018

How to edit sudoers file without errors

Jun 20, 2018

Epoch Seconds to date & date to epoch seconds in Linux/UNIX

Jun 18, 2018

Find weak ciphers RC4-SHA and RC4-MD5 in Solaris using script

Popular Posts

All Time Pageviews