Mar 202016
 

python-lockHello World!

It’s been a while since my last post, so I’ve decided to make a magnificent one 🙂

Jokes apart, this setup took me a full sunday hence I thought to recap for future references.

The whole story started with a Python script on my Mac OS X unable to retrieve a JSON response from a specific https site, whereas the exact same script run like a champ in Kali Linux.

And to make things even more complicated, the same URL was working fine using cURL or wget on OS X!

Comparing two network packet captures, I’ve found that the issue was in the Client Hello part of the SSL handshake: the Python script was proposing a TLSv1.0 encrypted communication that the server was not available to accept. The correctly working commands and scripts were all using TLSv1.2.

This led me to discover that OS X El Capitan includes by default an old (and vulnerable) version of OpenSSL: 0.9.8zg, not supporting TLSv1.2 I needed. Consequently, also Python 2.7.10 included in El Capitan was having issues with TLS since the bundled pyOpenSSL module was linked to that OpenSSL version.

To upgrade, I did the following:

  • Upgrade OpenSSL
    Not that easy, since you have first to install latest OpenSSL via http://brew.sh install (this is the easy part, go brew update and brew install openssl).
    But then you need to rename the system openssl (/usr/bin/openssl) into something else and sudo ln -s <your brew openssl executable> /usr/bin/openssl
    Before you can do it, you need to reboot your Mac in recovery mode (CMD+R when you hear the chimes at boot), then select the Terminal from the Utilities menu and type in csrutil disable. With this command you will disable the System Integrity Protection and lowering your system security level until you reverse the change.
    Type also the command reboot to restart your machine, open a Terminal and proceed with the linking described above.
    Reboot again, access to Recovery Mode and restore the System Protection Utility with the commands:
    csrutil enable
    reboot
     
  • Upgrade Python to 2.7.11
    This is trivial… just grab your version here and install from DMG image.
  • Upgrade pyOpenSSL module to one linked with TLSv1.2 support
    It took me a while to find the right command, since you need to issue it with the proper user indication:
    pip install –upgrade pyopenssl==0.15.1 –user python

That should give you an OS X environment fully enable with upgraded OpenSSL (at the time of writing mine is 1.0.2g) and your python environment correctly supporting TLSv1.2

Happy encryption!

Nov 292012
 

Can’t remember how much I dug this info on the internet, always when in emergency.

Hence I’ve decided once forever to write a small note here.

Suppose that in /boot directory there is a kernel you want to remove, identified by files like:

  • abi-2.6.38-15-generic-pae
  • config-2.6.38-15-generic-pae
  • initrd.img-2.6.38-15-generic-pae
  • System.map-2.6.38-15-generic-pae
  • vmcoreinfo-2.6.38-15-generic-pae
  • vmlinuz-2.6.38-15-generic-pae

Here’s the right command:

apt-get remove --purge linux-image-2.6.38-15-generic-pae

If you are brave and wanna go scripting wild 🙂 first you check what kernel are you booting with using the command:

uname -r

This will give you an output like: “2.6.38-16-generic-pae”

Then you check which other kernels you have, except the one you’re booting with, using the command:

dpkg -l|egrep '^ii  linux-(im|he)'|awk '{print $2}'|grep -v `uname -r`
(yes, if you do not use egrep on the first grep it won't work)

This will return the list of kernels which are not the one you’re executing (because you excluded that one with grep -v):

linux-headers-2.6.38-15
linux-headers-2.6.38-15-generic
linux-headers-2.6.38-15-generic-pae
linux-headers-2.6.38-16
linux-headers-2.6.38-16-generic
linux-headers-generic
linux-headers-generic-pae
linux-image-2.6.38-15-generic-pae
linux-image-generic-pae

Finally, you run the remove command using:

sudo apt-get remove $(dpkg -l|egrep '^ii  linux-(im|he)'|awk '{print $2}'|grep -v `uname -r`)

TO BE CHECKED: the command above might remove also metapackages such as linux-headers-generic-pae. Hence it is safer to remove one by one the needed packages from the above list.

Jan 182010
 

This is something not so easy to find on the internet, and once again Linux shows its immense power in the simplest way: CLI.

Question: I have a .ISO file representing the image of a DVD and I want to know the LABEL of that DVD.

Answer: Issue the command

dd if=/<path>/filename.iso bs=1 skip=32808 count=32

on whatever Linux terminal.

For example, here’s what is returned for a backup copy of DVD I legally own:

Input command:
dd if=Natale\ in\ Casa\ Muppets.iso bs=1 skip=32808 count=32

Output:
MUPPETS_CHRISTMAS_CAROL         32+0 records in
32+0 records out
32 bytes (32 B) copied, 0.00129793 s, 24.7 kB/s

Enjoy!

Dec 312009
 

Although it could seem an oxymore, sort something in randomic order might be usefl sometimes.

Give a look to the script below, which I’m writing here for future reference.

#!/bin/bash
#
# This script creates a list of file or symbolic link to pictures in a directory
# The pictures are dynamically selected within a library of thousands
# This is to allow a wireless frame to display daily an ever changing list
# of pictures

# Define variable to be the target directory where we put the link/pictures
# This directory is regularly scanned by MediaTomb, the uPnP server talking to
# the digital frame

# Define variable to be the root directory where it will start to scan
scandir=/media/allphotos

# Clean previous contents of the directory used for streaming
cd /var/streampix
rm -rf *

# Define cycle to set the max number of photos to be displayed
# (like from 1 to 50 repeat)
for i in `seq 1 50`

# list the dir, pick a random file, add to the list
do
y="$(find $scandir -type f -iregex ‘.*\.\(bmp\|gif\|jpg\|png\)$’ | sort -R | head -1)"
cp "$y" /var/streampix/
done

Enjoy!

Nov 292009
 

I don’t consider myself a script guru, but sometimes I like to create small pieces of bash code to ease operations on my linux box… and I guess it’s good idea to note here some of the recent solutions I’ve found for later remembering.

I’ll try to comment them, so that readers will be able to readapt them to their needs.

Need: I have a list of files in subdirectories under main one and I want to copy only some of them to new location. I have the list of files I need in a text file.

#!/bin/bash
#
DIR=root # Location where the list I want to extract is located
FILE=wantedlist # with the name of the file
DIR_VIDEO=”/media/bigdisk” # Master repository containing iles in subdirectories
COPY_DEST=”/media/externalHDD/backup” # where I want to put my files
y=`cat /$DIR/$FILE|wc -l` # counting how many files I want to copy
for i in `seq 1 $y` # starting the cycle
do
# I’ll copy file mentioned in every line in the text list in new location
cp -R /$DIR_VIDEO/”`cat /$DIR/$FILE | tail -$i|head -1`” $COPY_DEST
done

Please note the usage of head and tail to go line by line in reverse order ;), while the cycle allows me to repeat this for each line in the text list.

#!/bin/bash
#
DIR=root
FILE=listarmando
DIR_VIDEO=”/media/video”
COPY_DEST=”/media/roarinnas/secondodisco”
y=`cat /$DIR/$FILE|wc -l`
for i in `seq 1 $y`
do
cp -R /$DIR_VIDEO/”`cat /$DIR/$FILE | tail -$i|head -1`” $COPY_DEST
d
Mar 212009
 

Made this small script for this purpose…

#!/bin/bash
#
# Script to check a directory and write in file the new files
# since last check.
#
# Written by RoarinPenguin (
roarinpenguin@rottigni.net) on
#
21 march 2009
# Released under GPL License
#
# You need to create a file called lastcheck.time in same
# directory of this script
#

ADMIN="change to administrator email address"
DIR2MON=/var/www/dir-clienti

> ./newfiles.list
echo "Last check for new files, done on "`date` >> ./newfiles.list
find $DIR2MON -maxdepth 5 -newer ./lastcheck.time >> ./newfiles.list
touch ./lastcheck.time