Tag: ubuntu

saltstack target using grain

Grain data can be used when targeting minions.

For example, the following matches all CentOS minions:

salt -G 'os:CentOS' test.version

Match all minions with 64-bit CPUs, and return the number of CPU cores for each matching minion:

salt -G 'cpuarch:x86_64' grains.item num_cpus

Additionally, globs can be used in grain matches, and grains that are nested in a dictionary can be matched by adding a colon for each level that is traversed. For example, the following will match hosts that have a grain called ec2_tags, which itself is a dictionary with a key named environment, which has a value that contains the word production:

salt -G 'ec2_tags:environment:*production*'

How to delete broken packages in ubuntu

run this command to remove broken packages in ubuntu.

sudo dpkg --remove --force-remove-reinstreq package_name

after removing package update your system with command

sudo apt-get update

Ubuntu fix broken package (best solution)

After trying

sudo apt-get update –fix-missing

and

sudo dpkg –configure -a

and

sudo apt-get install -f

the problem of a broken package still exists the solution is to edit the dpkg status file manually.

  1. sudo nano /var/lib/dpkg/status    (you can use vim or gedit instead of nano)
  2. Locate the corrupt package, and remove the whole block of information about it and save the file.

———–

Unlock the dpkg – (message /var/lib/dpkg/lock)

sudo fuser -vki /var/lib/dpkg/lock

sudo dpkg –configure -a

 

For 12.04 and newer:

You can delete the lock file with the following command:

sudo rm /var/lib/apt/lists/lock

You may also need to delete the lock file in the cache directory

sudo rm /var/cache/apt/archives/lock

dpkg: error processing package linux-image-generic (–configure): dependency problems – leaving unconfigured

I had this issue just now. What I did was purge the errant package using dpkg in my case then update and force the reinstall:

sudo dpkg --purge linux-image-3.13.0-35-generic
sudo apt-get update
sudo apt-get -f install

GPG error when updating, key expired

Error:

Err:13 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease
  The following signatures were invalid: KEYEXPIRED 1474234115  KEYEXPIRED 1474234115  KEYEXPIRED 1474234115
Fetched 98.2 kB in 0s (150 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease: The following signatures were invalid: KEYEXPIRED 1474234115  KEYEXPIRED 1474234115  KEYEXPIRED 1474234115

Solution:

$ sudo echo 'deb http://apt.metasploit.com/ lucid main' > /etc/apt/sources.list.d/metasploit-framework.list
$ sudo wget -O - http://apt.metasploit.com/metasploit-framework.gpg.key | apt-key add -
$ sudo apt-get update
$ sudo apt-get -y install metasploit-framework

list all packages from a repository in ubuntu / debian

Simple:

grep ^Package: /var/lib/apt/lists/ppa.launchpad.net_*_Packages

Or more flexible:

grep-dctrl -sPackage . /var/lib/apt/lists/ppa.launchpad.net_*_Packages

For fancier querying, use apt-cache policy and aptitude as described here:

aptitude search '~O LP-PPA-gstreamer-developers'

How to set default file permissions for all folders/files in a directory?

chmod g+s <directory>  //set gid 
setfacl -d -m g::rwx /<directory>  //set group to rwx default 
setfacl -d -m o::rx /<directory>   //set other

Next, we can verify:

getfacl /<directory>

openvpn+ssh+google auth+selinux

The following is the selinux module that can be used if you want to enable openvpn and ssh via google auth:

module openvpncustom 1.0;

require {
type openvpn_t;
type user_home_t;
type auth_home_t;
type sshd_t;
type openvpn_etc_t;
type etc_t;
type user_home_dir_t;
class dir { add_name remove_name write };
class file { create getattr open read rename unlink write };
}

#============= openvpn_t ==============

#!!!! This avc is allowed in the current policy
allow openvpn_t auth_home_t:file { create getattr open read rename unlink write };
allow openvpn_t user_home_t:file open;

#!!!! This avc is allowed in the current policy
allow openvpn_t etc_t:file write;

#!!!! This avc is allowed in the current policy
allow openvpn_t openvpn_etc_t:file write;

#!!!! This avc is allowed in the current policy
allow openvpn_t user_home_dir_t:dir { add_name remove_name write };

#!!!! This avc is allowed in the current policy
allow openvpn_t user_home_dir_t:file { create getattr open read rename unlink write };

#============= sshd_t ==============
#!!!! This avc is allowed in the current policy
allow sshd_t user_home_dir_t:file { open read unlink getattr };
allow sshd_t user_home_t:file unlink;

 

Save the above in openvpncustom.te
Then execute the following to apply the above selinux module:

yum install selinux-policy-devel
checkmodule -M -m -o openvpncustom.mod openvpncustom.te
semodule_package -o openvpncustom.pp -m openvpncustom.mod
semodule -i openvpncustom.pp

Ubuntu 18.04: switch back to /etc/network/interfaces

Starting sometime around Ubuntu 18.04, the Ubuntu devs stopped using the classic /etc/init.d/networking and /etc/network/interfaces method of configuring the network and switched to some thing called netplan. This has made a lot of people very angry and been widely regarded as a bad move. Is it possible to remove netplan and use the correct /etc/network/interfaces method for configuring the network?

The following procedure works for Ubuntu 18.04 (Bionic Beaver)

I. Reinstall the ifupdown package:

# apt-get update
# apt-get install ifupdown

II. Configure your /etc/network/interfaces file with configuration stanzas such as:

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

allow-hotplug enp0s3
auto enp0s3
iface enp0s3 inet static
  address 192.168.1.133
  netmask 255.255.255.0
  broadcast 192.168.1.255
  gateway 192.168.1.1
  # Only relevant if you make use of RESOLVCONF(8)
  # or similar...
  dns-nameservers 1.1.1.1 1.0.0.1

III. Make the configuration effective (no reboot needed):

# ifdown --force enp0s3 lo && ifup -a
# systemctl unmask networking
# systemctl enable networking
# systemctl restart networking

IV. Disable and remove the unwanted services:

# systemctl stop systemd-networkd.socket systemd-networkd \
networkd-dispatcher systemd-networkd-wait-online
# systemctl disable systemd-networkd.socket systemd-networkd \
networkd-dispatcher systemd-networkd-wait-online
# systemctl mask systemd-networkd.socket systemd-networkd \
networkd-dispatcher systemd-networkd-wait-online
# apt-get --assume-yes purge nplan netplan.io

Then, you’re done.

Note: You MUST, of course, adapt the values according to your system (network, interface name…).

V. DNS Resolver

Because Ubuntu Bionic Beaver (18.04) make use of the DNS stub resolver as provided by SYSTEMD-RESOLVED.SERVICE(8), you SHOULD also add the DNS to contact into the /etc/systemd/resolved.conf file. For instance:

....
DNS=1.1.1.1 1.0.0.1
....

and then restart the systemd-resolved service once done:

# systemctl restart systemd-resolved

The DNS entries in the ifupdown INTERFACES(5) file, as shown above, are only relevant if you make use of RESOLVCONF(8) or similar.