When I start wireguard using this command in my macOS 10.15.4:
/usr/local/etc/wireguard ⌚ 10:01:28
$ wg-quick up wg0
Warning: `/usr/local/etc/wireguard/wg0.conf' is world accessible
[#] wireguard-go utun
INFO: (utun4) 2020/04/26 10:01:33 Starting wireguard-go version 0.0.20200121
[+] Interface for wg0 is utun4
[#] wg setconf utun4 /dev/fd/63
[#] ifconfig utun4 inet 10.0.0.2/32 10.0.0.2 alias
[#] ifconfig utun4 mtu 1020
[#] ifconfig utun4 up
[#] route -q -n add -inet6 ::/1 -interface utun4
route: writing to routing socket: Network is unreachable
[#] route -q -n add -inet6 8000::/1 -interface utun4
route: writing to routing socket: Network is unreachable
[#] route -q -n add -inet 0.0.0.0/1 -interface utun4
[#] route -q -n add -inet 128.0.0.0/1 -interface utun4
[#] route -q -n add -inet 121.196.199.223 -gateway 192.168.50.1
[+] Backgrounding route monitor
but when I ping stackoverflow.com, no response and my mac could not access internet.
/usr/local/etc/wireguard ⌚ 10:10:08
$ ping 151.101.1.69
PING 151.101.1.69 (151.101.1.69): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
But using the ip and ssh machine ssh root#ip could successfully access.This is my client side config:
[Interface]
PrivateKey = <client-privatekey>
Address = 10.0.0.2/32
MTU = 1020
[Peer]
PublicKey = <server-publickey>
Endpoint = 11.193.192.223:7456
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
and this is my server side config:
[root#izbp19pke6x0v6ruecuy1yz wireguard]# cat wg0.conf
[Interface]
PrivateKey = <server-privatekey>
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 7456
[Peer]
PublicKey = b3rP/aN53ZY7IwzOWyxfxLEw7atwS2GpFe0kLchHhk4
AllowedIPs = 10.0.0.2/32
what should I do to make it work?
Related
I manage a largish number of servers, and I am trying to write a bash script to inspect their BMCs using ipmitool. This is the essence of what I'm doing:
...
admin=$(ipmitool -U user -P pasw -I lanplus -H $ipmi user list | grep " user " | awk '{print $1}')
chn=$(ipmitool -U user -P pasw -I lanplus -H 10.100.10.3 channel info | grep -e '^Channel.*info:' | awk '{print $2}')
ipmitool -U user -P pasw -I lanplus -H $ipmi user priv $admin 4 $chn
ipmitool -U user -P pasw -I lanplus -H $ipmi channel setaccess $chn $admin callin=on ipmi=on link=on privilege=4
ipmitool -U user -P pasw -I lanplus -H $ipmi sol payload enable $chn $admin
ipmitool -U user -P pasw -I lanplus -H $ipmi sol set volatile-bit-rate 115.2 $chn
ipmitool -U user -P pasw -I lanplus -H $ipmi sol set non-volatile-bit-rate 115.2 $chn
ipmitool -U user -P pasw -I lanplus -H $ipmi sol looptest 1
...
It works fine until I reach the sol set ... commands, which fail:
Error setting SOL parameter 'set-in-progress': Attempt to set set-in-progress when not in set-complete state
Error: set of parameter "volatile-bit-rate" failed
Looking at sol set ... from the ipmi shell:
ipmitool -U user -P pasw -I lanplus -H $ipmi shell
I see:
ipmitool> sol set
SOL set usage:
sol set <parameter> <value> [channel] [noguard]
SOL set parameters and values:
set-in-progress set-complete | set-in-progress | commit-write
enabled true | false
force-encryption true | false
force-authentication true | false
privilege-level user | operator | admin | oem
character-accumulate-level <in 5 ms increments>
character-send-threshold N
retry-count N
retry-interval <in 10 ms increments>
non-volatile-bit-rate serial | 9.6 | 19.2 | 38.4 | 57.6 | 115.2
volatile-bit-rate serial | 9.6 | 19.2 | 38.4 | 57.6 | 115.2
So it looks as if one can manually set it to complete - but is it as simple as that? Is there a reference manual for what these commands do?
The following is a description of [Set In Progress] in the IPMI specification.
This parameter is used to indicate when any of the following parameters are being updated, and when the updates are completed. The bit is primarily provided to alert software than some other software or utility is in the process of making changes to the data.
An implementation can also elect to provide a ‘rollback’ feature that uses this information to decide whether to ‘roll back’ to the previous configuration information, or to accept the configuration change.
If used, the roll back shall restore all parameters to their previous state. Otherwise, the change shall take effect when the write occurs.
If your BMC supports this feature, the order of settings is as follows:
ipmitool sol set set-in-progress set-in-progress
ipmitool sol set xxxx
ipmitool sol set set-in-progress commit-write
ipmitool sol set set-in-progress set-complete
IPMI Spec: https://www.intel.com/content/www/us/en/servers/ipmi/ipmi-second-gen-interface-spec-v2-rev1-1.html
I have a kernel module that checks the IP address of a requests and adds it to a "blacklist" variable if the request contains bad data (spam keywords).
The way I declare the blacklist is as follows:
#define blacklist (uint32_t[3]) { \
2071690107, \
168430090, \
4294967295 \
}
I did some initial testing reaching this step (filtering IPv4, printk logs) and must have already blocked an ip address of one of the requests I need to test.
I say this because when I do a make clean, make, and reinsert my module, I automatically see the IP address blocked.
What should happen is the data prints first showing a spam word, then it blocks the IP address, then it will print it is already blocked on any subsequent requests (which I know will follow shortly after).
Mar 16 18:43:33 deadsupra-VirtualBox kernel: [36594.961054] Module insertion completed successfully!
Mar 16 18:43:46 deadsupra-VirtualBox kernel: [36607.186539] ip checking: 127.0.0.1
Mar 16 18:43:46 deadsupra-VirtualBox kernel: [36607.186541] ip is already blacklisted 127.0.0.1
Mar 16 18:43:46 deadsupra-VirtualBox kernel: [36607.186546] ip checking: 127.0.0.1
Mar 16 18:43:46 deadsupra-VirtualBox kernel: [36607.186547] ip is already blacklisted 127.0.0.1
Mar 16 18:43:51 deadsupra-VirtualBox kernel: [36612.190103] ip checking: 127.0.0.1
Mar 16 18:43:51 deadsupra-VirtualBox kernel: [36612.190108] ip is already blacklisted 127.0.0.1
Mar 16 18:43:51 deadsupra-VirtualBox kernel: [36612.190119] ip checking: 127.0.0.1
Mar 16 18:43:51 deadsupra-VirtualBox kernel: [36612.190121] ip is already blacklisted 127.0.0.1
My make file is as follows:
obj-m += wander.o
KERNELDIR ?= /lib/modules/$(shell uname -r)/build
all:
make -C $(KERNELDIR) -Wno-declaration-after-statement M=$(PWD) modules
clean:
make -C $(KERNELDIR) M=$(PWD) clean
insert:
-sudo rmmod wander
sudo dmesg -C
sudo insmod wander.ko
dmesg
test:
curl "http://www1.udel.edu/registrar/graduation-diplomas/diplomas.html" | grep -i -o -P '.{0,10}university.diploma.{0,20}'
log:
cat /var/log/kern.log
Am I not cleaning my project space properly? I want to refresh my test scenario every time and forget about any ip addresses previously blocked when I rebuild my source code.
I'm thinking that when I clean the module, it removes it but must be keeping the data for some reason.
This question already has answers here:
While loop stops reading after the first line in Bash
(5 answers)
Closed 1 year ago.
I thought that my problem is trivial, but I cannot figure out, why my scripts only performing once in array.
I have a jenkins job (bash script). This job gathering hostnames and sends ssh commands, through script, using gathered info:
rm /tmp/hosts
docker exec -t tmgnt_consul_1 consul members -status=alive | grep -v Node | awk '{print $1}' | cut -d : -f1 >> /tmp/hosts
sed -i '/someunnecessaryinfo/d' /tmp/hosts
echo >> /tmp/hosts
shopt -s lastpipe
while IFS= read -r line; do
echo "host is >>$line<<";
url="http://111.111.111.111:8500/v1/catalog/nodes"
term_IP=`curl -s $url | jq -r --arg Node "${line}" '.[] | select(.Node == "'${line}'" )|.Address' --raw-output`
echo $term_IP
sudo bash -x /home/rtm/t_mgnt/check_fw $term_IP
done < /tmp/hosts
Second script:
#!/bin/bash
term_IP=$1
sudo sshpass -p 'some.pass' ssh -o StrictHostKeyChecking=no user#$term_IP "sudo test -d /root/nv9"
if [ $? != 0 ]; then
sudo sshpass -p 'some.pass' \
scp -n -o StrictHostKeyChecking=no -r /home/rtm/t_mgnt/nv9 user#$term_IP:
sudo sshpass -p 'some.pass' \
ssh -n -o StrictHostKeyChecking=no user#$term_IP "sudo mv nv9 /root/"
sudo sshpass -p 'some.pass' \
ssh -n -o StrictHostKeyChecking=no user#$term_IP "sudo dpkg -i /root/nv9/libudev0_175-0ubuntu9_amd64.deb"
sudo sshpass -p 'some.pass' \
ssh -n -o StrictHostKeyChecking=no user#$term_IP "sudo /root/nv9/DetectValidator"
else
sudo sshpass -p 'some.pass' \
ssh -n -o StrictHostKeyChecking=no user#$term_IP "sudo /root/nv9/DetectValidator"
fi
The job is working fine, and returns correct values, but only for the first element of array.
PS - I already searched through this and other sites, and - following answer didn't help me - Shell script while read line loop stops after the first line (already "ssh -n -o").
Perhaps you can point me, what I missed.
Possibly this ssh call eats your input:
sudo sshpass -p 'some.pass' ssh -o StrictHostKeyChecking=no user#$term_IP "sudo test -d /root/nv9"
^^^
Try adding -n.
I am building a custom RPM for WildFly 10. I am stuck on deploying the systemd service. The spec file is able to deploy the code as well as create a user, however, no matter what avenue I try, I cannot get the RPM to create the service. I have tried install -m 644 but rpmbuild has tries finding the file, even if I specify full path:
e.g. install -m 644 %{buildroot}/opt/%{name}/docs/contrib/scripts/systemd/%{name}.service %{buildroot}/usr/lib/systemd/system/%{name}.service
I have also tried a series of systemd scriptlets as noted in https://fedoraproject.org/wiki/Packaging:Scriptlets, but that does nothing (the RPM will build with exit 0 status, but the service is never created). Any assistance would be appreciated.
$ cat SPECS/wildfly.spec
Name: wildfly
Version: 10.0.0.Final
Release: 1%{?dist}
Summary: WildFly (JBoss) Application Server
Group: System Environment/Daemons
License: LGPL 2.1
URL: http://wildfly.org
Source0: http://download.jboss.org/wildfly/%{version}/%{name}-%{version}.tar.gz
ExclusiveArch: x86_64 i686
ExclusiveOS: Linux
%{?systemd_requires}
Requires: systemd
Requires: shadow-utils
Requires: java >= 1.8.0
Requires: /etc/init.d/functions
Provides: %{name}
%description
WildFly Application Server packaged from the binary distribution.
%prep
%setup -q -n %{name}-%{version}
%install
mkdir -p %{buildroot}/opt/%{name}
mkdir -p %{buildroot}/var/log/%{name}
mkdir -p %{buildroot}/var/run/%{name}
cp -R . %{buildroot}/opt/%{name}
%pre
getent group %{name} >/dev/null || groupadd -r %{name}
getent passwd %{name} >/dev/null || \
useradd -r -g %{name} -d /opt/%{name} -s /sbin/nologin %{name}
%post
alternatives --install /etc/alternatives/%{name} %{name} /opt/%{name} 100
%systemd_post %{name}.service
%postun
alternatives --remove %{name} /opt/%{name}
%systemd_postun %{name}.service
userdel %{name}
%files
%defattr(-,root,root,0755)
%dir /opt/%{name}
/opt/%{name}/appclient
/opt/%{name}/bin
/opt/%{name}/docs
/opt/%{name}/domain
/opt/%{name}/jboss-modules.jar
/opt/%{name}/modules
%attr(-,%{name},%{name}) /opt/%{name}/standalone
/opt/%{name}/welcome-content
%dir /var/log/%{name}
%dir /var/run/%{name}
%doc /opt/%{name}/copyright.txt
%doc /opt/%{name}/LICENSE.txt
%doc /opt/%{name}/README.txt
I have defined the following services:
define service{
use remote-service ; Name of service template to use
host_name linode2
service_description HTTP-Cert-website1
check_command check_http! -H www.website1.com -C 30 --sni
# notifications_enabled 0
}
define service{
use remote-service ; Name of service template to use
host_name linode2
service_description HTTP-Cert-website2
check_command check_http! -H www.website2.com -C 30 --sni
# notifications_enabled 0
}
when I run the command from a terminal window, everything works fine. When I run it as displayed above, I get a connection refused error.
I have multiple websites on this server. All of the sites resolve properly from the nagios server.
The error is in the line:
check_command check_http! -H www.website2.com -C 30 --sni
That should be:
check_command check_http!www.website2.com
Because the default defined command is:
/path/check_http -H $ARG1$
To use check_http with the options you are trying to use, define a new command:
define command {
command_name check_http_myoptions
command_line /path/check_http -I $ARG1$ -C $ARG2$ --sni
}
Then modify the check command line:
check_command check_http!www.website2.com!30