Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Category: Linux (page 1 of 4)

Public DNS servers open to any on the Internet

Following the good will by Google many other providers made their DNS servers available to us without any limitations as recursive resolvers. As they do not announce it widely enough you may not have heard abouth them, here is the list of these DNS servers:.
  • OpenDNS:  and
  • Hurricane Electric (he.net)
  • OpenNIC (http://www.opennicproject.org/)
  • VeriSign  and
  • Comode Secure DNS  and
  • Level3  and
  • Free DNS https://freedns.zone/en/  and
  • DynDNS  and

Linux ip route command reference by examples

# ip address show - show all IP addresses (also ip ad sh)
# ip address show ens36 - show IP addresses of a particular interface
# ip address show up - only show IPs of those interfaces that are up
# ip address show dynamic|permanent - show dynamic or static IPv6 addys
# ip address add dev ens36 - add a new IP address to the interface
First addy you added will be used as SRC addy for outgoing traffic by def, often called primary addy . Receiving will do for all added IPs
# ip address add dev ens36 lablel ens36:hahaha - add IP and label it
# ip address delete dev ens36 delete Ip address from interface
# ip address flush dev ens36 - delete all IPs from an interface
ROUTE If you set up a static route and interface through which it is available goes down - the route is removed from the active routing table as well. Also you cannot add route via inaccessible gateways.
# ip route [show] / ip ro Show the routing table, includes IPv4 and IPv6
# ip -6 route - show only IPv6 , which are not shown by def
# ip -4 route
# ip route show root - can use supernet to include multiple more specific routes to show, i.e. show this net and SMALLER subnets
# ip route show match // show routes to this and LARGER nets
# ip route show exact // show routes to EXACT network only
# ip route get // simulate resolving of a route in real time
Continue reading

RHEL get firewall zones and their interfaces in one go

The firewall-cmd ¬†doesn’t have an option to show all zones and to which one the server interfaces belong, so here is aone-line to show that:

# for ii in `ls /usr/lib/firewalld/zones/`; do echo ${ii%%.xml}: ; firewall-cmd –zone=${ii%%.xml} –list-interfaces; done
The output:
eno16777736 eno50332184

Change colors of ls output in the bash shell

Usually colorization is put in action via alias : alias ls=’ls –color=auto’
You can turn off the colors each time you run ls: ls –color=never l or change the alias itself to disable fancy colors permanently or even simple \ls . But to change the colors you’d need to cause dircolors utility to read your own color database when the login session starts. So let’s do just that
1) Export existing db:
[bash]dircolors -p > dircolors.db[/bash]
2) edit :
[bash]vi dircolors.db[/bash]
e.g. change directories color from blue to red:[bash]di=01;34 -> di=01;31[/bash]
3) save changes
4) make bash to reload color scheme:
[bash]eval `dircolors dircolors.db`[/bash]
5) put [bash]eval `dircolors $HOME/dircolors.db`[/bash] into .profile file at the end of it.
That is it.

Convert Checkpoint SPLAT routes into Gaia configuration commands

Hi there, not much of a script , just the one-liner to turn output of the Secure Platform cli command route/ip route list into the ready for copy&paste list of Gaia clish commands.
Be aware I am not doing any error checking, so examine the final result before applying to a production system.
See ya.
You should run it on SPLAT cli being in expert mode.

ip route list | awk ‘/via/ {print " set static-route ",$1," nexthop gateway address " $3," on "}’

set static-route nexthop gateway address on
set static-route nexthop gateway address on
set static-route default nexthop gateway address on

PTR bulk resolver in Perl to see what is in the name

There are 50 ways to do PTR resolving in bulk,and this is just one of them. It doesn’t pretend to be the fastest/coolest/best, the only thing
I can claim – it works. So use it for pleasure and work.


# Yuri
# 19.02.2013
# this script accepts range of IP addresses to do PTr resolving for
# the range has to be in this format: startIp-endIp.startIp-endIp.startIp-endIp.startIp-endIp.
# Only answers are printed, i.e. if there is no answer nothing is printed
use warnings;
use strict;
use Net::DNS ;

my $res = Net::DNS::Resolver->new();
my $input = shift ;
$input =~ /(.+)-(.+)\.(.+)-(.+)\.(.+)-(.+)\.(.+)-(.+)/ ;
print "Resolving ptrs for the following range: $input\n" ;
print "Started working at: " . scalar gmtime . "\n" ;
my ($oct1_start,$oct1_end,$oct2_start,$oct2_end,$oct3_start,$oct3_end,$oct4_start,$oct4_end) = ($1,$2,$3,$4,$5,$6,$7,$8) ;
foreach my $oct1 ($oct1_start..$oct1_end) {
foreach my $oct2 ($oct2_start..$oct2_end) {
foreach my $oct3 ($oct3_start..$oct3_end) {
foreach my $oct4 ($oct4_start..$oct4_end) {
my $answer = $res->query("${oct1}.${oct2}.${oct3}.${oct4}") ;
if (defined $answer) {
my @ptr = $answer->answer;
foreach my $record_ptr (@ptr) {
#print " NEw " . $record_ptr->print ;
my $str = substr($record_ptr->string,rindex($record_ptr->string,’R’)+1) ;
print "$oct1.$oct2.$oct3.$oct4 " . $str . "\n";

} } }}

print "Run completed at: " . scalar gmtime . "\n" ;

Example run: #perl script.pl 194-194.90-90.33-33.0-255

Bash script to generate random passwords

Here I stumbled on great intro into Bash scripting for NetOps by John Kristoff ” Introduction to Shell and Perl scripting for Network Operators” and could’t help but do it my way. Here it is, bash
script that generates random password of printable characters, up to 15 at least.
# usage: randompass.sh [n] [count] – n is number of characters in password
# to generate 9 by default, and count – number of passwords to generate, 1 by default
for ii in `seq 1 $counter` ;do
dd count=1 bs=15 if=/dev/urandom 2>/dev/null |
od -a |
sed ‘2d’ |
sed ‘s/0000000 \(.*\)/\1/’ |
tr -d ‘ ‘ | cut -c 1-$n |
sed ‘s/\([a-z]\)/\U&/3’ |
sed ‘s/\([A-Z]\)/\l&/4’
done [/bash]
Download the script

randompass.sh 7 7


Check duplex and speed settings of all interfaces in one go

One of the first things you do when checking connectivity issues on the Checkpoint (or any networking gear for that matter) is to see speed and duplex parameters of the interfaces. But have you tried to do it on a firewall with 15-20 interfaces ?
No fun entering one by one interfaces’ names. Here is the one-liner I use to get speed and duplex settings of all interfaces in one go.
# for ii in $(ifconfig | awk ' /Ethernet/ {print $1}') ;do ethtool $ii; done | egrep  'eth|Speed|Duplex'
Settings for eth0:
Speed: 100Mb/s
Duplex: Full
Settings for eth1:
Speed: 1000Mb/s
Duplex: Full
Settings for eth1.150:
Speed: 1000Mb/s
Duplex: Full
Settings for eth1.160:
Speed: 1000Mb/s
Duplex: Full
Settings for eth1.161:
Speed: 1000Mb/s
Duplex: Full
Settings for eth1.270:
Speed: 1000Mb/s
Duplex: Full
Settings for eth1.271:
Speed: 1000Mb/s
Duplex: Full
Continue reading

awk weekly – Security rule hits statistics . Checkpoint

As I mentioned before once you export firewall logs into human-readable format you can do lots of interesting things – for example script that gives statistics of how many times each Security rule was hit .
Be aware that this counts explicit Security rules only – i.e. the ones you see in Security tab of the Smartdashboard. No other rules you usually see in Smartview Tracker are counted – e.g. SmartDefense,Web Filtering etc. Also afterwards I sort it by number of hits to see what rules are used most:

awk -F\; ' {match($0,/rule: +([0-9]+)/,rules);rule_count[rules[1]]++} END {for (rule_number in rule_count) print " Rule number: " rule_number " Hits: " rule_count[rule_number]}' ./fw.log.txt | sort -n -k5
Rule number:  Hits: 1197330  Ignore this line as it counts non-matched lines I dont want to filter with additional conditions and added time processing
 Rule number: 2 Hits: 9
 Rule number: 5 Hits: 366
 Rule number: 11 Hits: 12296
 Rule number: 9 Hits: 14457
 Rule number: 0 Hits: 17094
 Rule number: 1 Hits: 44066
 Rule number: 7 Hits: 233643
 Rule number: 10 Hits: 366275
 Rule number: 6 Hits: 424639 
Update 2012 Below is the script to use Rule ID instead of Rule sequential numbers – this way changing rules order will not affect statistics. The script matches also non-security rules – e.g. email session id, that are a bit shorter then Rule ID, but I didn’t want to slow down the processing with additional formatting .
awk -F\; ' {match($0,/{([[:print:]]+)}/,rules);rule_count[rules[1]]++} END {for (rule_number in rule_count) print " Rule number: " rule_number " Hits: " rule_count[rule_number]}' ./fw.log.txt | sort -n -k5
Rule number: D199972C-ED3E-4EB4-8B83-813333156D18 Hits: 175
 Rule number: 85A905A7-951E-4100-A4BA-E13333151D29 Hits: 219
 Rule number: 81333316-E942-4313-BB7D-E1333315802F Hits: 1519
 Rule number: 71333215-2DB5-4A3A-95BC-5080AD0F5564 Hits: 2298
 Rule number: 11331315-AE52-44E0-A42A-711029B5768E Hits: 3755
 Rule number: 01333315-D290-4B05-AFE7-23BF24D889FF Hits: 4116
 Rule number: 121FA62F-3885-4328-8090-BF1333315eB1 Hits: 399793
 Rule number: FE40E076-BAEB-4979-8E41-5EF1333315e6 Hits: 440101
 Rule number: BB3F6772-4D38-4D5A-952A-301333315de8 Hits: 1354341
Running time for a file of 900 Mb with 4.7 million records
real    5m50.287s
user    4m22.890s
sys     0m3.190s
Older posts

© 2016 yurisk.info

Theme by Anders NorenUp ↑