Posts

OpenSSL - How to verifying certificate chain with CRL?

When any certificate is issued, it has a validity period which is defined by the Certification Authority. Usually, this is one or two years.

However, sometimes certificates should not be honored even during their validity period. For example, if the private key associated with a certificate is lost or exposed, then any authentication using that certificate should be denied.

That's where CRL comes into the picture. A CRL is a Certificate Revocation List which contains the list of certificates revoked by the authority.
These CRLs are usually stored in a centralized locations called CRL Distribution Point. This distribution point URI/URL will be made available in the certificate extensions by the authority.

Now lets say we have certificate chain like rca->ica->ee and CRL issued by rca and ica, How can we verify the certificate chain?

Command line:

openssl verify -crl_check -verbose -CAfile <(cat rca.pem ica.pem crl_rca.pem crl_ica.pem) ee.pem

C++ way: Here is the sample class c…

Python - Selecting a random item from a list or tuple or dict

Say you have a list with 'n' number of items and you wish to get some random item from that list, How do you do it ?

Python has inbuilt 'random' package to do this.

To get one random item from the list:

>>> import random
>>> items = ['a', 'b', 'c', 'd', 'e', 'f', 'g']
>>> print random.choice(items)
'c'

There’s an equally simple way to select n items from the sequence:

>>> import random
>>> items = ['a', 'b', 'c', 'd', 'e', 'f', 'g']
>>> print random.sample(items, 2)
['e', 'a']

ldapmodify failed with error "dn: attribute type undefined"

I was facing this strange error "dn: attribute type undefined" while I am trying to delete attributes from the LDAP. My ldif file has two attributes to be deleted.

cat /tmp/modifyattr.ldifdn: fsFgId=Child2, fsFgId=Child1, fsClsId=Rootchangetype: modifydelete: fsListeningHostdn: fsFgId=Child2, fsFgId=Child1, fsClsId=Rootchangetype: modifydelete: fsPort

When ldapmodify command is executed with the above ldif file it says "Undefined attribute type".

modifying entry "fsFgId=Child2, fsFgId=Child1, fsClsId=Root"
modify complete
ldapmodify: Undefined attribute type (17)
additional info: dn: attribute type undefined

I googled for this error, every where I found suggestion to add extra blank line before dn. It didn't work for me. After a lot of research and experiments I found that I was adding extra space along with the blank line !!! Because I was creating this file using bash script, I didnt notice that extra space.

Finally it worked like charm.






Secure way of deleting files in Unix

As I mentioned in the previous post there are simple techniques that can recover your deleted file (by using simple 'grep' or 'strings' utilities).
Even some data recovery tools does the same thing. So if you want to delete some data on the disk without being worried about the retrieval, then
you should probably over write the disk which has your file content.

shred utility available in Linux does the same thing.
shred actually overwrite the specified file repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.
By default shred overwrites the file 25 times with the junk data.

you can chose to remove the file after over writing using -u (unlink)
There are multiple options with shred to explore.

$ shred -u filetobedeleted.txt
Just to see how it works, let say my script is writing some data to the file 'testlog.log' repeatedly after every 1 min.
I am tailing the file in one terminal. And in other terminal I did execute shred.

$ s…

How to recover a file that was removed using 'rm' command ?

In Unix like file systems, the system uses 'hard links' to point to piece of data that you write to the disk.
So when you create a file, you also create its first hard link. You can create multiple hard links using 'ln' command.
When you "delete" a file using rm command, normally you are only deleting the hard link.

If all hard links to a particular file are deleted, then the system removes only the reference to the data and indicate that the blocks as free. But it won't actually delete the file.

If your deleted file is opened by any running process then it means you still have one link left to your file !!.
check if any process who works on your file using lsof command

$ lsof | grep "myfile.txt"COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEpgm-name 7099 root 25r REG 254,0 349 16080 /tmp/myfile.txt
Using the process and file descriptor you can try copying the file

$ cp /proc/7099/fd/25/mydir/restore.txt

Calculating time differences in python

Recently I had a situation where I need to calculate the timer efficiency.
I have a C++ timer that calls my function after every 5 sec. My function does some critical operation and logs one statement to syslog.
When I observed the logs I found that there is delay in my function execution, slowly the timer started drifting in result and the next function calls are getting delayed !!

So I wanted to calculate how many times the timer has delayed in a day. I grepped for the particular log in my syslog and redirected to a file.

file format is like this:
Jan 29 06:34:24
Jan 29 06:34:29
Jan 29 06:34:34
Jan 29 06:34:39
..
..
Now I should compare the lines in the file and log if the time difference is greater than 5 sec.
compare line 1 with line 2
line 2 with line 3, then line 3 with line 4 and so on...



Here the bad thing is f.readlines() ... It will load whole file in to list and tried to read 2 lines at a time.
If anybody reads this post :P and if you know any better working solution please share. :)



Change the screen brightness using bash script - xrandr

In my Ubuntu 14.0 (Dell Inspiron), brightness controls were not working at all. So I started searching for other alternatives to sets the brightness.

finally I found this xrandr.
it is great tool to set the brightness and even to rotate the screen.


--brightness flag can be used to set the brightness (best values: 0 - 1)--brightness flag cab be used to rotate the screen (possible options : normal, left, right)
Usage:
          ./brightness_control.sh +      # Increase the brightness by 0.05
./brightness_control.sh  -       # Decrease the brightness by 0.05
          ./brightness_control.sh 1       # Set brightness to 1