Random Tech Ramblings

While trying to reproduce an issue, it's often useful to be able to artificially introduce latency without simply killing a service. The tc command, coupled with iptables allows you to achieve that goal. Run all of the below as root. All network traffic to/from a host Add 10ms to all network activity: tc qdisc add dev eth0 root netem delay 10ms Show config: tc -s qdisc Undo it: tc qdisc del dev eth0 root netem Specific flows Add 10ms to all HTTP responses from a webserver running on port 80 on this host: tc qdisc add dev eth0 root handle 1: prio priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 tc qdisc add dev eth0 parent 1:2 handle 20: netem delay 10ms tc filter add dev eth0 parent 1:0 protocol ip u32 match ip sport 80 0xffff flowid 1:2 Undo it: tc qdisc del dev eth0 root handle 1: prio priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Creating/Modifying Generate a new private key openssl genrsa -out example.key 2048 Remove a passphrase from a private key openssl rsa -in example.key -out new_example.key Generate a new private key and CSR (certificate signing request) openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout example.key Generate a self-signed SSL certificate openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt Generate a CSR using an existing private key openssl req -out example.csr -key example.key -new Generate a CSR based on an existing certificate openssl x509 -x509toreq -in example.crt -out example.csr -signkey example.key Generate a CSR with multiple Subject Alternative Names (SANs) Create a config file: [req] default_bits = 2048 prompt = no encrypt_key = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = US ST = New York L = New York O = Secure Corp, LLC OU = IT CN = host.securecorp.com [ req_ext ] subjectAlt

nstat is a tool for collecting linux network statistics. I use it in my monitoring stack to collect information about UDP data loss. The command maintains state, and on rare occasions, that state becomes corrupt. Corrupted state results in the command dumping core without any other explanation. $ nstat Aborted (core dumped) An strace of the command is similarly unhelpful. The best way I've found to rectify this situation is to reset the command's history nstat -r

Install pktstat sudo apt-get install pktstat Show all UDP traffic to port 8125, ordered by quantity of data sudo pktstat -tn udp dst port 8125

Assuming the AWS command is installed and configured correctly AWS_ACCESS_KEY=AKIAXXXXXXXXEXAMPLE aws --output text iam list-users | awk '{print $NF}' | xargs -P10 -n1 aws --output text iam list-access-keys --user-name | grep ${AWS_ACCESS_KEY}