How to add TAP adapter interface in Windows

This article was useful to add interface into Windows OS quickly. Also this differentiation between TAP and TUN.

Acronyms explanation:

TAP = Terminating Access Point

TUN = Terminating Unbroadcasting Node

VPN = Virtual Private Network

How to insert non-breaking hyphen

Here is non-breaking hyphen: ‑. You can copy & paste it freely where you want (it is open-source).

It was forked from this one (credit them for the original work).

OpenConnect as Cisco AnyConnect VPN client better alternative

Cisco AnyConnect VPN client is sometimes too restrictive (e.g. disconnecting internet on client side, when split tunnelling is not configured on server side, or running under privileged user - root or SYSTEM), and there comes OpenConnect giving more freedom to the user.

OpenConnect is truly multi-platform and partially also OpenConnect-GUI bundling OpenConnect for Windows and macOS. This GUI wrapper gives to using OpenConnect very similar way and feeling, as GUI of Cisco AnyConnect VPN client.

In Windows, after VPN connection established, if "split tunnelling" is not allowed on (Cisco) VPN server (concentrator), this can be bypassed on client side by increasing metric of TAP interface (to be higher than metric of physical network interface), and configuration of routes (slices) to be routed to VPN, but not anything other. This can be done e.g. via administrative shell (cmd.exe):

route add <IPsubnet> mask <mask> <IPdefaultGW-VPN> IF <IFnumber>
netsh interface ip set interface <IFnumber> metric=5

Routes, interfaces, default gateways, etc., can be displayed this way:

route print

Above commands may be chained (e.g. within the BAT file) this way (see https://stackoverflow.com/questions/8055371/how-do-i-run-two-commands-in-one-line-in-windows-cmd for details):

cmd /k "route print & route-add-command & netsh-interface-command & route print"

For macOS, this GUI wrapper is experimental, so OpenConnect can be installed also directly, not as part of GUI bundle (with sample usage with vpn-slice, to do client-side "split tunnelling" - allowing internet usage bypassing VPN):

(sudo) brew install openconnect
(sudo) brew install vpn-slice
(sudo) openconnect https://<address> -s 'vpn-slice <IPsubnet>/<mask>'

Similar setup should be possible also in Linux.

More info:

• routing table modification in Windows
• vpn-slice (currently lacking Windows OS support)
• using netstat and route on Oracle Solaris

SCP via hop nodes

 There are various ways, how to SCP through intermediary nodes, e.g. ProxyCommand (using netcat = nc), ProxyJump (scp -J), pipes, tunnels, ...

There is a new project hopscp, doing it without any of them, but prospectively may incorporate them in the future too, to make its possiblities wider.

By default, in its initial version, it is implementing this multi-hop SCP by sequential secure copying through whole chain, from source to target. Current maximum is:

[source_end] -> [source_hop] -> [local_host] -> [target_hop] -> [target_end]

For more information, download hopscp, read its heading synopsis, or run it to see its output in command-line.

Software license: The Unlicense.

HTTP(s) checks with httpstat.us & curl

Useful site for HTTP(S) testing: https://httpstat.us/

Example 1:

curl --connect-timeout 5 -m 10 https://httpstat.us/200?sleep=7000 > test.curl

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100     6    0     6    0     0      0      0 --:--:--  0:00:07 --:--:--     1

echo $?

0

Example 2:

curl --connect-timeout 5 -m 10 https://httpstat.us/200?sleep=10000 > test.curl

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0

curl: (28) Operation timed out after 10001 milliseconds with 0 out of -1 bytes received

echo $?

28

Notes about timeouts in curl:

https://unix.stackexchange.com/questions/94604/does-curl-have-a-timeout/94612

Managing log rotation in Linux

 Add new file to rotation:

• copy one of /etc/logrotate.d/* configuration files to working (e.g. home) directory, name it e.g. new-file
• vim new-file
• change path to point to new (existing) file to be rotated
• change other parameters, if needed
• sudo mv new-file /etc/logrotate.d/
• sudo chown root:root /etc/logrotate.d/new-file

Dry run:

logrotate -d /etc/logrotate.d/new-file

Forced rotation:

sudo logrotate -vf /etc/logrotate.d/new-file

More info:

man logrotate
https://www.tecmint.com/install-logrotate-to-manage-log-rotation-in-linux/

Bash tips I

Inputs to functions:

https://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-8.html

Outputs from functions:

https://www.linuxjournal.com/content/return-values-bash-functions

Check for empty variable:

https://www.cyberciti.biz/faq/unix-linux-bash-script-check-if-variable-is-empty/

Keyboard shortcuts:

http://teohm.com/blog/shortcuts-to-move-faster-in-bash-command-line/

4 ways to search and replace with regular expressions

 See here.

Bonus: grep for literal strings

How to analyze active cron jobs in CentOS 7

 sudo cat /var/log/cron | cut -d ' ' -f 6- | sort | uniq -c | sort -nr

Statistical analysis of MySQL/MariaDB slow queries

One-liner:

sudo grep -e '^select' -e '^insert' -e '^update' -e '^delete' /srv/data/mysql/mysql_slow.log | cut -d ' ' -f 1-3 | sort | uniq -c | sort -nr | head

How to extract raw value from JSON and cut it into pieces by size

Sample data:

{
  "var_name1": {},
  "var_name2": "string",
  "var_name3": "long string",
  "var_name4": 15
}

Fill Bash variable with extracted long string raw value from JSON:

VAR_NAME=`cat file.json | jq --raw-output '.var_name3'`

Then reference "chunks" of data using Bash variable index modifiers, e.g. by 255 characters:

• ${VAR_NAME:0:255}
• ${VAR_NAME:255:255}
• ${VAR_NAME:510:255}
• ${VAR_NAME:765:255}
• ${VAR_NAME:1020:255}

One-liner alternative extracting and displaying output in single command line:

VAR_NAME=`cat file.json  | jq --raw-output '.var_name3'` ; echo $VAR_NAME ; echo ${VAR_NAME:0:255} ; echo ${VAR_NAME:255:255} ; echo ${VAR_NAME:510:255} ; echo ${VAR_NAME:765:255} ; echo ${VAR_NAME:1020:255}

How to check website availability for various users

https://www.isitdownrightnow.com/

https://downforeveryoneorjustme.com/

How to configure service principal for automated / scripted logins to Azure CLI

Steps:

• (check permissions)
• Azure Active Directory (AD) (AAD) level
• Azure Subscription level
  
• app registration
• AAD > App registrations > New registration 
• get tenant (directory) ID and app (client) ID
• configure authentication ( (select app) > Certificates & secrets )
  
• certificate-based (> Certificates > Upload certificate)
  
• password-based (> Client secrets > New client secret)
  
• app role assignment
• Subscriptions > (select) > Access control (IAM) > Add role assignment
• (configure access policies on resources)
  

Using Azure portal:

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Using Azure CLI:

https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli

Login via Azure CLI (password-based):

az login --service-principal --tenant TENANT_ID  --username APP_ID --password PASSWORD

 Login via Azure CLI (certificate-based):

az login --service-principal --tenant TENANT_ID --username APP_ID --password /path/to/cert

Other sign-in options:

https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli

How to commit & push local changes to separate (new) Git branch

git checkout -b new-branch

# more files can be added in this step too, wildcards supported
git add /path/to/locally/changed/file

git commit -m "commit message"

git show-branch

git push origin new-branch

Inspired by https://git-scm.com/book/en/v2/Git-Branching-Basic-Branching-and-Merging.