How to add bulk IP addresses to DigitalOcean firewall ?

digitalocean

Trying to add bulk IP’s in DigitalOcean firewall? You are in the right place.

DigitalOcean cloud control panel UI doesn’t allow you to paste in multiple IP Addresses at once. That’s a good idea for a UI improvement.

In the meantime you can definitely do it via the API

Use the following shell script

It uses json for POST data, so update TOKEN, FIREWALL NAME, IP addresses, ports… and then run the script

#!/bin/bash

# Author: Akhil Jalagam
# update TOKEN, FIREWALL NAME, IP addresses and then run the script

TOKEN=dfjvbidvbasb4l5tu45hvu46vgl45h6vl
FIREWALL_NAME=internalaccess
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
-d \
'{
  "name": "'$FIREWALL_NAME'",
  "inbound_rules": [
    {
      "protocol": "tcp",
      "ports": "all",
      "sources": {
        "addresses": [
          "196.112.47.128/29",
          "196.112.43.128/29"
        ]
      }
    },
    {
      "protocol": "udp",
      "ports": "all",
      "sources": {
        "addresses": [
          "196.112.47.128/29",
          "196.112.43.128/29"

        ]
      }
    },
    {
      "protocol": "icmp",
      "sources": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    }
  ],
  "outbound_rules": [
    {
      "protocol": "icmp",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    },
    {
      "protocol": "tcp",
      "ports": "all",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    },
    {
      "protocol": "udp",
      "ports": "all",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    }
  ]
}' "https://api.digitalocean.com/v2/firewalls/"

Hope it will save your time ! 😊

How to renew the SSL certificates for dovecot and postfix

Make a backup of the existing SSL key and certificate file

cd /etc/pki/dovecot
cp -a certs/dovecot.pem certs/dovecot.pem.old
cp -a private/dovecot.pem private/dovecot.pem.old

Create the new SSL certificate for two years:

openssl genrsa -out private/dovecot.pem 1024
openssl req -new -x509 -key private/dovecot.pem -out certs/dovecot.pem -days 730

Restart Dovecot and Postfix

sudo systemctl restart dovecot
sudo systemctl restart postfix

Check the start and end dates for the certificate:

openssl x509 -dates -in certs/dovecot.pem

How to display brightness level in i3status bar

I’ve been using Linux for a long time, but I was never entirely happy with the desktop environment options available. Until last year, Xfce was the closest to what I consider a good compromise between features and performance. Then I found i3, an amazing piece of software that changed my life.

i3 is a tiling window manager. The goal of a window manager is to control the appearance and placement of windows in a windowing system. Window managers are often used as part a full-featured desktop environment (such as GNOME or Xfce), but some can also be used as standalone applications.

i3status don’t have an option to display brightness level by default. But by tweaking some configuration we can easily achieve this.

Follow this method

  1. copy the script to /usr/local/bin

net-speed-and-brightness.sh

#!/bin/sh

# Authors:
# - Moritz Warning <moritzwarning@web.de> (2016)
# - Zhong Jianxin <azuwis@gmail.com> (2014)
# - Akhil Jalagam <contact@akhil.io> (2019)
#
# See file LICENSE at the project root directory for license information.
#
# i3status.conf should contain:
# general {
#   output_format = i3bar
# }
#
# i3 config looks like this:
# bar {
#   status_command exec /usr/share/doc/i3status/contrib/net-speed.sh
# }
#
# Single interface:
# ifaces="eth0"
#
# Multiple interfaces:
# ifaces="eth0 wlan0"
#

# Auto detect interfaces
#ifaces=$(ls /sys/class/net | grep -E '^(eth|wlan|enp|wlp)')
ifaces="enp2s0 wlp3s0"

last_time=0
last_rx=0
last_tx=0
rate=""

readable() {
  local bytes=$1
  local kib=$(( bytes >> 10 ))
  if [ $kib -lt 0 ]; then
    echo "? K"
  elif [ $kib -gt 1024 ]; then
    local mib_int=$(( kib >> 10 ))
    local mib_dec=$(( kib % 1024 * 976 / 10000 ))
    if [ "$mib_dec" -lt 10 ]; then
      mib_dec="0${mib_dec}"
    fi
    echo "${mib_int}.${mib_dec} M"
  else
    echo "${kib} K"
  fi
}

update_rate() {
  local time=$(date +%s)
  local rx=0 tx=0 tmp_rx tmp_tx

  for iface in $ifaces; do
    read tmp_rx < "/sys/class/net/${iface}/statistics/rx_bytes"
    read tmp_tx < "/sys/class/net/${iface}/statistics/tx_bytes"
    rx=$(( rx + tmp_rx ))
    tx=$(( tx + tmp_tx ))
  done

  local interval=$(( $time - $last_time ))
  if [ $interval -gt 0 ]; then
    rate="$(readable $(( (rx - last_rx) / interval )))↓ $(readable $(( (tx - last_tx) / interval )))↑"
  else
    rate=""
  fi
  # show brightness
  brightness=$(cat /sys/class/backlight/intel_backlight/brightness)

  last_time=$time
  last_rx=$rx
  last_tx=$tx
}

i3status | (read line && echo "$line" && read line && echo "$line" && read line && echo "$line" && update_rate && while :
do
  read line
  update_rate
  echo ",[{\"full_text\":\"${rate} | Sun: $(($brightness/75))% \" },${line#,\[}" || exit 1
done)

In the above script you can change /sys/class/backlight/intel_backlight/brightness based on your backlight model.

2. update i3 config with the following

# control brightness
bindsym XF86MonBrightnessUp exec intelbacklight -inc 500 # increase screen brightness
bindsym XF86MonBrightnessDown exec intelbacklight -dec 500 # decrease screen brightness

# status bar
bar {
        status_command  /usr/local/bin/net-speed-and-brightness.sh
}

Now reload the i3 config using Mod+Shift+r

Finally, you will see the net speed and brightness in status bar

If you don’t want to see net speed just remove {rate} from the echo command in above script

What is DevOps?

devops-world

1. Definition from Wikipedia:

DevOps (a clipped compound of “development” and “operations”) is a set of software development practices[failed verification] that combines software development (Dev) with information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

2. Definition from Webopedia

DevOps (development and operations) is an enterprise software development phrase used to mean a type of agile relationship between development and IT operations. The goal of DevOps is to change and improve the relationship by advocating better communication and collaboration between these two business units.

What is DevOps?

  1. DevOps is a culture that is followed by many big organizations. It is a combination of Development (software development) and Operations (software productions/IT operations).
  2. DevOps is an extended version of the Agile methodology. It is neither a tool or any technology, it is a culture or concept of behavior.
  3. DevOps defines a set of practices that are designed to overcome the communication and collaboration gap between the development, QA, and Operations team. It includes a Continuous Integration process with automated deployment.
  4. DevOps practices encourage the speed of delivering applications and services in the market.
  5. DevOps consists of 4 basic continuous processes in DevOps as follows:
  • Continuous Integration
  • Continuous Delivery
  • Continuous Testing
  • Continuous Monitoring

DevOps Life-cycle


i. Development
> In this DevOps stage the development of software takes place constantly. In this phase, the entire development process is separated into small development cycles. This benefits the DevOps team to speed up software development and delivery process.
ii. Testing
> QA team use tools like Selenium to identify and fix bugs in the new piece of code.
iii. Integration
> In this stage, new functionality is integrated with the prevailing code, and testing takes place. Continuous development is only possible due to continuous integration and testing.
iv. Deployment
> In this phase, the deployment process takes place continuously. It is performed in such a manner that any changes made any time in the code, should not affect the functioning of high traffic applications.
v. Monitoring
> In this phase, the operation team will take care of the inappropriate system behavior or bugs that are found in production.

Few of the benefits of DevOps are as follow

  • Speed
  • Rapid Delivery
  • Reliability
  • Scale
  • Improved collaboration
  • Security

The following are DevOps best practices

  • Continuous Integration
  • Continuous Delivery
  • Micro-services
  • Infrastructure as Code
  • Monitoring and Logging
  • Communication and Collaboration

How to auto login in MySQL from a shell?

When you run MySQL commands MySQL, mysqlcheck, mysqdump and psql, psqldump, etc; they will pick username & password from this file if you do not provide them as argument (-u and -p). It can save you time.

Of course, if you specify username and password explicitly as part of the command’s arguments, they will be used.

.my.cnf ( for MySQL client )

[clienthost1]   # Note: client + host1
user=myuser
password=mypass
database=dbname
host=server.location.com

Still Confused With Mail Ports?

This article explains the most commonly used Email protocols on the internet – POP3, IMAP, and SMTP

  • SMTP 25, 2525
  • SMTP-SSL/TLS 587,465
  • IMAP 143
  • IMAP-SSL/TLS 993
  • POP3 110
  • POP3-SSL/TLS 995

587 vs. 465
These port assignments are specified by the Internet Assigned Numbers Authority (IANA):

Port 587: [SMTP] Message submission (SMTP-MSA), a service that accepts submission of email from email clients (MUAs). Described in RFC 6409.

Port 465: URL Rendezvous Directory for SSM (entirely unrelated to email)
Historically, port 465 was initially planned for the SMTPS encryption and authentication “wrapper” over SMTP, but it was quickly deprecated (within months, and over 15 years ago) in favour of STARTTLS over SMTP (RFC 3207). Despite that fact, there are probably many servers that support the deprecated protocol wrapper, primarily to support older clients that implemented SMTPS. Unless you need to support such older clients, SMTPS and its use on port 465 should remain nothing more than a historical footnote.

How to install the latest git from source

git-install-latest-from-src.sh

wget https://github.com/git/git/archive/master.zip
unzip master.zip && rm master.zip
cd master
make configure
./configure --prefix=/usr
make install