Add this line to /etc/pam.d/sudo
auth sufficient pam_tid.somacOS: changing hostname
Primary hostname:
sudo scutil --set HostName KittyBook
Bonjour hostname (network related):
sudo scutil --set LocalHostName KittyBook.compukitty.net
Computer name (you can also do this via GUI, in System Preferences):
sudo scutil --set ComputerName <new name>
Create CSR for a SAN certificate
SAN stands for Subject Alternative Names and it allows you to use a single certificate for multiple CN.
It’s different from a wildcard certificate because with a SAN certificate you can have multiple complete CN (e.g. byruit.io, elena.com).
First, you have to create a .conf file with this content:
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = byruit.io
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = mail.compukitty.net
DNS.2 = monitor.compukitty.net
DNS.3 = compukitty.net
IP.1 = 10.130.8.7
The CN is the main domain you want to verify; ensure that this domain is also under the [alt_names]. You can add up to 250 domains.
Generate the CSR and KEY:
openssl req -new -out byruit.csr -newkey rsa:4096 -nodes -sha256 -keyout byruit.key -config san.conf
To verify the CSR:
openssl req -text -noout -verify -in byruit.csr
for loop to retrieve IPs using nslookup
I had to decommission a bunch of servers for which I didn’t have an IP list, needed for the paperwork.
Luckily, we still had the DNS records for those machines and, using a for loop and the almighty awk, I managed to retrieve all the information I needed:
for h in `cat hostname.list`; do nslookup $h | grep ^Name -A1 | awk '{print $2}'; echo; done > ip.listThis one-liner will output the IP and the corresponding hostname in a file.
route essential reference
Adding a route:
route add -net [net or host] gw [gw IP] netmask [mask] dev [interface]Removing a route:
route del -net [net or host] gw [gw IP] netmask [mask] dev [interface]Adding/removing a default route:
route add/del default gw [IP]Listing routes using IPs:
route -nRejecting a specific host:
route add -host [IP] rejectfail2ban essential reference
Get the active jails:
# fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd
Show the banned IP in a jail:
# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 3 | |- Total failed: 1907 | `- File list: /var/log/secure `- Actions |- Currently banned: 0 |- Total banned: 381 `- Banned IP list:
You can also list the banned IPs using iptables -L.
Unban an IP:
fail2ban-client set [JAIL] unbanip [IP]
Ban an IP:
fail2ban-client set [JAIL] banip [IP]
Log file:
/var/log/fail2ban.log
Service failed because a configured resource limit was exceeded
This error happens when the service was executed manually and failed to create a pid file. The process was already running and it was not possible to spawn a new one.
Kill the running process and start the service again.
# ps -elf | grep [service] | grep -v grep | awk '{print $4}' | xargs kill -9
# systemctl start [service]
Updating Solaris 11
Check if there are any updates available:
pkg list -u-u will show only the packages for which updates are available.
Check the latest package version in the repository:
pkg info -r system/zones(Optional) Perform a dry run:
pkg update -nvUpdate:
pkg update