There are four major areas to consider when reviewing Docker security:
the intrinsic security of the kernel and its support for namespaces and cgroups;
the attack surface of the Docker daemon itself;
loopholes in the container configuration profile, either by default, or when customized by users.
the “hardening” security features of the kernel and how they interact with containers.
Linux tools like top list all java programs under the name “java”. Your JDK contains a tool called jps. It provides more details on running java processes.
$ lscsv -l /etc/profile |oi -t yaml -i csv --header "type,perm,hlinks,user,group,size,modified,name" --- data: - group: "root" hlinks: "1" modified: "Sep 16 2019" name: "/etc/profile" perm: "rw-r--r--" size: "902" type: "-" user: "root"
wget https://schnasse.org/deb/oi_0.0.1.deb sudo apt install ./oi_0.0.1.deb
cat is a well known command to concatenate the content of multiple files. Example: cat file1 file2 file3
But there are other use cases. cat offers a nice way to print out multi line strings. It is even possible to include variables into the string, which feels a little bit like using a templating language.
NAME=ADMIN@COMPANY.COM; cat <<EOF Hello $LOGNAME, please be aware. This system will be under maintenance soon. Have a good day. Sincerely $NAME EOF
For more info on the <<EOF visit this SO-Thread
I found this table here: https://danluu.com/cli-complexity/
rsync is a very cool tool that can be used to copy files between hosts or between directories on the same host. Like the term ‘sync’ suggests the copy process can be controlled into great detail to modulate rsync’s behavior. Take a look at the available options under: https://linux.die.net/man/1/rsync
This is my list of cool options. I start with the most basic usage. The following command can be used to copy, and later on sync two directories.
rsync -avn /source/dir /target/dir
The command ‘archives’ file attributes (
-a) and displays some status info (
In the given form, the command only does a dry-run (
-n). To execute the command remove the
The command uses the short form of
-a) which translates to (
-r– recursive copy
-l– copy symlinks as symlinks
-p– set target permissions to be the same as the source
-t– set target mtime to be the same as the source. Use this to support fast incremental updates based on mtime.
-g– set target group to be the same as the source
-o– set target owner to be the same as the source
-D– if remote user is superuser this recreates devices and other special files.
More cool options
--remove-source-files This will remove copied files from source.
--update This forces rsync to skip any files which exist on the destination and have a modified time that is newer than the source file.
--delete Delete files on target that do not exist in source tree.
--backup Make a backup of modified or removed files on target.
--backup-dir=date +%Y.%m.%d Specify a backup dir on target.
What to copy?
--min-size=1 Do not copy empty files. This can be particularly interesting if you have corrupted files in the source.
--max-size=100K Copy only small files. Can be used to handle small and large files differently.
--existing Only override files that already exist on the target. Do not create new files on target.
--ignore-existing Only copy files that do not exist on target.
--exclude-from Define excludes in a file.
Scheduling, Bandwidth and Performance
--time-limit Ends rsync after a certain time limit.
--stop-at=y-m-dTh:m Ends rsync at a specific time.
--partial Allows partial copies in case of interruptions.
--bwlimit=100 Limits bandwidth Specify KBytes/second. Good option if transfer of large files is required.
-houtput numbers in a human-readable format.
-ilog change info.
--log-file=define a log file.
- -v Output status info. You can add more ‘v’.
- Forgot to log any progress info? Use the following command to see what rsync is about to do.
ls -l /proc/$(pidof rsync)/fd/*
Erst kürzlich bin ich über diese Sammlung von Ansible-Rollen gestolpert. Bevor ich das nächste Mal etwas in Ansible schreibe, schaue ich mal hier nach.
Im Moment mache ich ja kaum noch Bash. Aber dieses Repo mit einem Bash Testing Framework
sieht interessant aus:
The jpackage tool of Java 14 can be used to create platform specific packages of java apps. The app does not require a JVM to run.
/opt/jdk-14/bin/jpackage --name etctoy --input target --main-jar etctoy.jar
The call is made from within a maven project. etctoy.jar is a fat-jar (size 6.6M) but the call should also work for regular jars with further dependencies in the target directory (see –input parameter).
The result is a debian package that installs the app under /opt/etctoy
sudo dpkg -i etctoy_1.0-1_amd64.deb
The installation uses 140M of disk space.
To make the tool available via command line on should link the binary into /usr/bin
sudo ln -s /opt/etctoy/bin/etctoy /usr/bin