When dealing with multiple screen sessions sometimes it is useful to know which job runs within which screen session, usually it looks that way:
There are several suitable screens on: 20820.ttys004.host (Detached) 20876.ttys004.host (Detached) 20938.ttys004.host (Detached) 20993.ttys004.host (Detached) Type 'screen [-d] -r [pid.]tty.host' to resume one of them.
and then you have to remind yourself which jobs runs where. There is the possibility to name each screen session with the -S option. Example see below:
Resuming a previous session looks then like this, and no need to recheck each screen session to find out which task runs where:
There are several suitable screens on: 1347.emerge (Detached) 1839.irc (Detached) Type 'screen [-d] -r [pid.]tty.host' to resume one of them.
tac_plus daemon from Shruberry Networks has a debug mode build in by default. With debugging it is meant to debug the communication between the NAS and the TACACS server. On default tac_plus daemon debugs to the syslog file. But it is possible to run the daemon in the foreground to see the debuging messages on just in time without tailing the syslog and grepping for certain files. This is my prefered debug mode. Below a list of possible debug modes in tac_plus
Value Meaning
8 authorization debugging
16 authentication debugging
32 password file processing debugging
64 accounting debugging
128 config file parsing & lookup
256 packet transmission/reception
512 encryption/decryption
1024 MD5 hash algorithm debugging
2048 very low level encryption/decryption
The example below shows a password processing debug session. The password has been hashed with SHA512 algorithm and a random salt. The password has been configured in the tac_plus.cfg file. Username is testuser and the password is cisco and this is displayed in cleartext if tac_plus is running in debug mode.
File tac_plus.cfg:
key = cisco
group = netadmin {
default service = permit
service = exec {
priv-lvl = 15
}
}
user = testuser {
member = netadmin
login = des $6$uwzsv9l.ctQXZ31r$QKioQ57M1AoGYjhHQSlk3jvfQ3GYA3JPB8pINz5FwmcB8Mq//Qt03mq26luU5Atg3MLbCysbXrN8KQU3SxH0N.
}
Here what is displayed during a debug session as seen on the tac_plus server:
tc@box:~$ sc_debug_tacplus.sh 32
Reading config
Version F4.0.4.28 Initialized 1
tac_plus server F4.0.4.28 starting
socket FD 4 AF 2
uid=0 euid=0 gid=0 egid=0 s=153057128
connect from 10.0.0.17 [10.0.0.17]
verify cisco $6$uwzsv9l.ctQXZ31r$QKioQ57M1AoGYjhHQSlk3jvfQ3GYA3JPB8pINz5FwmcB8Mq//Qt03mq26luU5Atg3MLbCysbXrN8KQU3SxH0N.
cisco encrypts to $6$uwzsv9l.ctQXZ31r$QKioQ57M1AoGYjhHQSlk3jvfQ3GYA3JPB8pINz5FwmcB8Mq//Qt03mq26luU5Atg3MLbCysbXrN8KQU3SxH0N.
Password is correct
Password has not expired <no expiry date set>
login query for 'testuser' port tty0 from 10.0.0.17 accepted
The tac_plus deamon has been started with a bash script and a argument here 32 which is the password file processing debug option for tac_plus. Here is the script
#!/bin/sh
sudo tac_plus -G -t -d $1 -C ~/tac_plus.cfg -B 10.255.254.2
This is running in tinycore linux on GNS3 appliance, and I have been wondering if it already has SHA512 but this works without any problems. So no need to use DES encrypted hashes.
Save a git repository to a server reachable via SSH and IP, just a forward slash for absolute path on server:
Just a colon ,it mustn't have the ssh:// for relative path on server (relative to home dir of username on server machine)
This is an interesting read, even though it skips over a lot of information: xplain X11 article
It is good to show only the wanted part of a configuration. A command to do this (because I am forgetting it sometimes):
access-list All access-list configurations class-map All class-map configurations common All remaining unregistered configurations global-cdp All global cdp configurations interface Each Interface specific Configurations ip-as-path All IP as-path configurations ip-community All IP community list configurations ip-domain-list All ip domain list configurations ip-prefix-list All ip prefix-list configurations ip-static-routes All IP static configurations line All line mode configurations policy-map All policy-map configurations route-map All route-map configurations router All routing configurations snmp All SNMP configurations tacacs All TACACS configurations
Seen on c3750-ipbasek9-mz.122-55.SE10.bin. But should work with newer IOS releases as well.
GNS3 has added docker support in the version 1.5. Since did not deal with docker in the past, I had not found a use-case for docker. Now was the right time to invest some time into docker. Found out there is a interesting article from Jessie Frazelle a former docker employee, she puts every application into a separate docker. Among the applicaton there are irssi, mutt, lynx, tor, chrome, skype etc. She has even routed the chrome docker traffic to the tor docker and now can use chrome with tor. Honestly I do not say this setup is favourable for everyone, but it is good to see what kind of setups are possible with docker containers.
After playing some time with docker I have noticed I want to remove certain docker containers. Up to now there is no easy way to handle this task. There is a stackoverflow question how to do this from CLI. This is how docker looks if listing the repository of availble docker containers
user@host ~ % docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ec3bcd3ee3a centos "bash" 20 hours ago Exited (0) 20 hours ago small_chandrasekhar
4d0ff619db92 ubuntu "bash" 20 hours ago Exited (0) 20 hours ago naughty_joliot
efd9b96a0823 ubuntu "bash" 20 hours ago Exited (0) 20 hours ago backstabbing_jones
7292c2903a3c hello-world "/hello" 20 hours ago Exited (0) 20 hours ago boring_thompson
As look at it, you will recognize I have been following the manual to get first experience with docker. There is the hello-world and the ubuntu container. To remove a unused containert I have used following command:
user@host ~ % docker rm $(docker ps -q -f status=exited)
5ec3bcd3ee3a
4d0ff619db92
efd9b96a0823
7292c2903a3c
After that routing all docker container have been removed:
user@host ~ % docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
This is only one of few ways described on how to remove an unused container. Read the article an find out more ways to accomplish this task.
The second difficulty I had to solve was, I needed to deal with the version 0.10 and 0.12 version. Installed docker files on 0.12 and downgraded to 0.10 because needed this to test CORE ''Common Open Research Enviroment'' which still does not work at a gentoo system- Finally after reverting to version 0.12 of docker, the docker service crashed. It did not want to start. No matter what I have done it crashed imidiatelly after a start with a failure message that I do not have now at hand...
However to make a long story short, the solution was to rm the /var/lib/docker directory. It is not a good solution even it is not a solution at all, more a workaround. That saved me a lot of time. Did not have any productive applications anyway. This did cost me around 60 minutes of researching howto solve the problem on a testing platfrom.
To save the current playing MPD playlist from command line use the following mpc command:
Where my-playlist is the filename of the playlist to save. The filename should be written without the filename suffix.
In the default configuration the playlist will be saved in the /var/lib/mpd/playlist directory.
All UNIX-like systems, have mostly bash as the default shell. Each time I get access to a new system need to change the default login shell to zsh. This is how to do it on linux and OSX systems. Possibly it works as well with BSD. Substitute $username with the username provided.