Create TAP/TUN device CentOS 7

Here is how to do it on CentOS 7 / RedHat 7 where the command  tunctl is missing
and when you try to run ifconfig you get an error

~# ifconfig tap0 10.0.0.1/30
SIOCSIFADDR: No such device
tap0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device

to solve this you may run this commands
1. first we must create the device using ip command

# ip tuntap add tap0 mode tap

2. run ifconfig

~# ifconfig tap0 10.0.0.1/30
~# ifconfig tap0
tap0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.252 broadcast 10.0.0.3
ether 32:f5:3a:44:a5:64 txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Bash Special Variables

Bash shell has some built in variables that can be use in scripts
for example if you want to know the process id of the current command , you may use $$
here is a list of some special variables

$# Number of command-line arguments.
$_ The underscore variable is set at shell startup and contains the absolute file name of the shell or script being executed as passed in the argument list. Subsequently, it expands to the last argument to the previous command, after expansion. It is also set to the full pathname of each command executed and placed in the environment exported to that command. When checking mail, this parameter holds the name of the mail file.
$- A hyphen expands to the current option flags as specified upon invocation, by the set built-in command, or those set by the shell itself (such as the -i).
$? Exit value of last executed command.
$ Process number of the shell.
$! Process number of last background command.
$0 First word; that is, the command name. This will have the full pathname if it was found via a PATH search.
$n Individual arguments on command line (positional parameters). The Bourne shell allows only nine parameters to be referenced directly (n = 1–9); Bash allows n to be greater than 9 if specified as ${n}.
$*, [email protected] All arguments on command line ($1 $2 …).
“$*” All arguments on command line as one string (“$1 $2…”). The values are separated by the first character in $IFS.
[email protected] All arguments on command line, individually quoted (“$1” “$2” …).

simple install sun java

a quick and eazy way to install java under linux
1. download jre or jdk from www.java.com
2. create a directory to hold the versions

# mkdir /usr/java

3. extract the tar file under the directory

# tar -xzvf jre-7u45-linux-x64.tar.gz -C /usr/java
# ln -s /usr/java/jre1.7.0_45 /usr/java/jre-latest

4. the last part is to create links in the system in order to
make sure it uses this new java version we just extracted .
* global java command
debian linux based version:

# update-alternatives --install /usr/bin/java java /usr/java/jre-latest/bin/java 90
# update-alternatives --config java

RedHat linux based version :

# alternatives --install /usr/bin/java java /usr/java/jre-latest/bin/java 90
alternatives --config java

browsers links

ln -s /usr/java/jre-latest/lib/amd64/libnpjp2.so <path to install dir>/plugins/

bash history security

Bash history can reviel what a person commands where .
but what if the person wants to hide his tracks , he may use the

unset HISTFILE

will couse bash to delete the history upon logout .
there is how ever a harden attribute you may set to overcome this problem
when a user login , there are set of files/scripts the profile runs .
one place you may put such script would be under /etc/profile.d/ , with file extension sh
as it is being called by /etc/profile .
just place this small line in there :

readonly HISTFILE

now when a person wants to unset this parameter , bash will scream with this error

-su: unset: HISTFILE: cannot unset: readonly variable

Manage partitions on a raw device file

Every once in a while there comes a time when you need to use a file as raw device
for example when using qemu qcow file or if you want to have your home directory portable and encrypted
in this example i am using one file named my-hd-image.file and 2 Linux partitions inside it . lets start
Creating the raw device file is simply by using dd ( can also be use via qemu-img )

dd if=/dev/zero of=my-hd-image.file bs=1M count=1024

Create partitions inside the new disk using fdisk , in my file
I had created 2 partitions of 512M

Device Boot Start End Blocks Id System
my-hd-image.file1 2048 1050623 524288 83 Linux
my-hd-image.file2 1050624 2097151 523264 83 Linux

creating the file system using loop devices to be linked to specific offset inside the file
so that each partition will have its own loop device . the offset calculation is in bits
and i am using bc to calculate it fast for me . the offset of each partition is its start block times 512
witch is the block size ( unless you have set a different one upon creation )
Partition my-hd-image.file1 starts at offset 2048

echo "2048 * 512" | bc
1048576

Partition my-hd-image.file2 starts at offset 1050624

echo "1050624 * 512" | bc
537919488

use the calculation offset to map to the loop device

losetup -o 1048576 /dev/loop1 my-hd-image.file
losetup -o 537919488 /dev/loop2 my-hd-image.file

Now we can format the partition

mkfs.ext4 /dev/loop1
mkfs.ext4 /dev/loop2

all is left to do is mount the partitions

[email protected]# mkdir /mnt/my-hd-partition-1
[email protected]# mkdir /mnt/my-hd-partition-2
[email protected]# mount /dev/loop1 /mnt/my-hd-partition-1
[email protected]# mount /dev/loop2 /mnt/my-hd-partition-2

To remove the device just use unmount and to release the loop device
you will need to use losetup

umount /mnt/my-hd-partition-2
umount /mnt/my-hd-partition-1
losetup -d /dev/loop1
losetup -d /dev/loop2

multi-line comment with vi

Vi editor is one of my favourite text editor to work with under linux/Unix systems ,
and from time to time there comes a need to mark multiple lines as comment .
here is how you can do it in vi/vim :
1. using Ctrl+v (visual block) mark the lines you wish to comment
2. go into insert mode Shift+i then write the comment (could be anything actually )
3. finished by clicking the Esc button .
and vwalla you lines are now marked as comment
to remove multi-line comment ,simply go through the same steps but
after marking the lines just press d for delete or c for clean

samba PDC sambaLogonTime update

Samba doesnt update sambaLogonTime in LDAP when a user login
in order to have it set , one can run a script that will do it
set up a script /root/update_sambaLogonTime.sh

#!/bin/bash
TIMESTAMP=$(date +%s)
ldapmodify -x -h localhost -D "cn=Manager,dc=example,dc=com" -y /root/pass-test <<EOF
dn: uid=$1,ou=People,dc=example,dc=com
changetype: modify
replace: sambaLogonTime
sambaLogonTime: $TIMESTAMP
EOF

now create a pass-test file by running echo with “-n” in order to remove the newline “n”
because ldapmodify doesnt not chop it

echo -n "mypassword" > /root/pass-test 

now just add a line under [netlogon] in smb.conf

root preexec = /root/update_sambaLogonTime.sh "%u"

samba password complexity check

Samba server can act as PDC ( primary domain controller ) .
you can force password policy with pdbedit command ,
but it doesnt check for complexity . in order to check complexity samba provides “check password script” attribute in smb.conf , and crackcheck that uses cracklib .
but what do you do when you need a specific password compexity policy ?
you can write your own script . any language will do as long as you return 0 (zero) for true , and higher then 0 for false .
here is an example of such script written in perl

#!/usr/bin/perl -w
# This Script will check password complexity
$min_length=8;
$min_upercase=1;
$min_lowercase=1;
$min_digits=1;
$min_specialchar=1;
$specialchars='!,@,#,$,%,^,&,*,(,),-,_,+,=';
# get the password from standard input ( possible to pipe )
$str_pass=<STDIN> ;
# now lets start check and update the counters is we find something
# but first lets set all counters to zero
$ctr_length=-1;
$ctr_upercase=0;
$ctr_lowercase=0;
$ctr_digits=0;
$ctr_specialcar=0;
# conver the string to array
@array_pass = split('',$str_pass);
# convert specias carachter into array
@arrayspecialchars = split(',',$specialchars);
foreach $pass_char (@array_pass)
{
	$ctr_length++;
	# check upercase
	if($pass_char =~ /[A-Z]/)
	{
		$ctr_upercase++;
	}
	# check lowercase
	elsif($pass_char =~ /[a-z]/)
	{
		$ctr_lowercase++;
	}
	# check digits
	elsif($pass_char =~ /[0-9]/)
	{
		$ctr_digits++;
	}
	else
	{
	# check special characters
	foreach $schar (@arrayspecialchars)
	{
		if($pass_char =~ /Q$schar/)
		{
			$ctr_specialcar++;
		}
	}
	}
}
# check if we reached minimal length
if($ctr_length<$min_length)
{
	print "too short , minimum $min_length and got $ctr_length n";
	exit 1 ;
}
# check if we reached minimal UPER case
if($ctr_upercase<$min_upercase)
{
	print "not enough upercase , minimum $min_upercase and got $ctr_upercase n";
	exit 2;
}
# check if we reached minimal lower case
if($ctr_lowercase<$min_lowercase)
{
	print "not enough lowercase , minimum $min_lowercase and got $ctr_lowercase n";
	exit 3;
}
# check if we reached minimal digits
if($ctr_digits<$min_digits)
{
	print "not enough digits , minimum $min_digits and got $ctr_digits n";
	exit 3;
}
# check if we reached minimal special characters
if($ctr_specialcar<$min_specialchar)
{
	print "not enough special characters , minimum $min_specialchar and got $ctr_specialcar n";
	exit 4;
}
# if you got up to here , meaning you passed it all with success
# we can now return a non error exit
exit 0;

Export Import gpg keys

1. list current keys

$ gpg --list-keys
/home/yyagol/.gnupg/pubring.gpg
-------------------------------
pub 1024D/5E92C97A 2010-04-13  yyagol <[email protected]>
sub 2048g/2752CC68 2010-04-13

2. export both public and private

$ gpg --output mygpgkey_pub.gpg --armor --export 5E92C97A
$ gpg --output mygpgkey_sec.gpg --armor --export-secret-key 5E92C97A

3. copy the files to the other server and then import them

$ gpg --import mygpgkey_pub.gpg
$ gpg --allow-secret-key-import --import mygpgkey_sec.gpg

file as raw device

Sometimes there is a need to have a file act as raw device , here is a simple trick that
you can take in order to achieve that goal (all commands should run as root) :
1. create an empty file using dd command ,
with the required size ( that can be change later on )

~# dd if=/dev/zero of=1G.img bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 3.28652 s, 327 MB/s

2. create a file system on that file using mkfs -F

~# mkfs.ext4 -F 1G.img
mke2fs 1.42 (29-Nov-2011)
Discarding device blocks: done
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65536 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

3. mount the file as it was a device

~# mkdir mymount
~# mount 1G.img mymount/
~# mount |grep mymount
/tmp/1G.img on /tmp/mymount type ext4 (rw)

And that is it , no more to do . now lets say you want to extend this partition/file , you can do it
with 2 simple commands , but first you need to umount the file .
1. check the fs and clean it before resize

~# e2fsck -f 1G.img
e2fsck 1.42 (29-Nov-2011)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
1G.img: 11/65536 files (0.0% non-contiguous), 12635/262144 blocks

2. resize the file

~# resize2fs 1G.img 2G
resize2fs 1.42 (29-Nov-2011)
Resizing the filesystem on 1G.img to 524288 (4k) blocks.
The filesystem on 1G.img is now 524288 blocks long.
~# ls -lh 1G.img -rw-r--r-- 1 root root 2.0G Jun 19 22:31 1G.img