Posts

Showing posts from July, 2020

Ansible Dry Run

When ansible-playbook is executed with --check it will not make any changes on remote systems.  Example: ansible --connection=local   -m ping localhost --check localhost | SUCCESS => {     "changed": false,     "ping": "pong" } Sometimes you may want to modify the check mode behavior of individual tasks. This is done via the  check_mode  option, which can be added to tasks. There are two options: Force a task to  run in check mode , even when the playbook is called  without   --check . This is called  check_mode:   yes . Force a task to  run in normal mode  and make changes to the system, even when the playbook is called  with   --check . This is called  check_mode:   no .

Ansible Ad-hoc command for localhost example

# ansible --connection=local   -m ping localhost localhost | SUCCESS => {     "changed": false,     "ping": "pong" ansible --connection=local   -m command -a "uname -r" localhost localhost | CHANGED | rc=0 >> 4.14.181-142.260.amzn2.x86_64

Install python-virtualenv

Python virtual environment of venv module provides developers the capability of creating a quite lightweight virtual environment with its standalone directory.  # dnf -y install python-virtualenv

Install Ansible on Docker Fedora

# dnf -y install ansible # ansible --version ansible 2.9.10

FTC Sues California Marketer of $23,000 COVID-19 “Treatment” Plan

Image
Company falsely claimed its “Emergency D-Virus” treatment is “FDA accepted” The Federal Trade Commission charged a California-based company called Golden Sunrise Nutraceutical, Inc. with deceptively advertising a $23,000 treatment plan as a scientifically proven way to treat COVID-19, the disease caused by coronavirus. According to the FTC’s complaint , Golden Sunrise began marketing its Emergency D-Virus plan as a treatment for COVID-19 in March 2020. Advertising on billboards, their websites, and social media, Golden Sunrise falsely claims that the company’s supplements—ImunStem, Aktiffvate, and AnterFeerons—are “uniquely qualified to treat and modify the course of the Coronavirus epidemic in CHINA and other countries,” and that users can expect the “disappearance of viral symptoms within two to four days,” the FTC alleged. The FTC sent Golden Sunrise a letter in April 2020 , warning that it should immediately remove all advertising claims that the products could prevent, treat,

FTC Announces Staff Reports on Car Buying and Financing Experience, Results of Auto Buyers Study

Reports highlight potential issues for consumers Two new staff reports from the Federal Trade Commission highlight some of the challenges and confusion consumers can face in buying and financing a car, particularly relating to charges for add-on items after the initial price negotiation that can lead to them paying more than expected. The reports are based, in part, on a study of auto buyers conducted by the FTC that consisted of in-depth interviews with 38 consumers about the car buying and financing process. A staff report from the FTC’s Bureau of Consumer Protection   (BCP) notes a number of issues that arose in the study, from the advertising that draws consumers in through the entire car buying experience. The BCP report notes that consumers were sometimes not aware of key terms of sales and financing contracts, and it points in particular to issues that potentially keep them from having an accurate picture of the amount they are paying. One issue noted was focusing on monthly pa

FTC Acts to Stop Deceptive Insulation and Energy-Savings Claims

Actions brought against four companies target claims made for architectural coatings applied to houses and other buildings The Federal Trade Commission sued four companies that sell paint products used to coat buildings and homes, alleging that they deceived consumers about their products’ insulation and energy-savings capabilities. In complaints filed in federal court, the FTC charged that the companies falsely overstated the R-value ratings of the coatings, making deceptive statements about heat flow and insulating power. “Companies touting the energy-saving properties of their products must have scientific support for their claims,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “When they don’t, the FTC will step in to make sure they do.” A product’s R-value is a measure of its resistance to heat flow: the higher the R-value, the greater the insulating power. Using R-value and other product information, consumers can improve the energy efficiency of their

Orders of approximation

In computer science, big O notation is used to classify algorithms according to how their run time or space requirements grow as the input size grows. In analytic number theory, big O notation is often used to express a bound on the difference between an arithmetical function and a better understood approximation.

Delete a Git branch

$ git push -d <remote_name> <branch_name> $ git branch -d <branch_name> Normally the remote name is origin. In most case you'll have to use the command like: $ git push -d origin <branch_name> To delete Local Branch To delete the local branch use one of the following: $ git branch -d branch_name $ git branch -D branch_name The -d option is an alias for --delete, which only deletes the branch if it has already been fully merged in its upstream branch.  By contrast -D, which is an alias for --delete --force, which deletes the branch "irrespective of its merged status." If other machines have the branch, you can run git branch -a to verify. To get rid of the branch on other machines run git fetch --all --prune

Setup Git merge for automatic resolving

git rerere Recorded Reused Resolution Enabling rerere git config --global rerere.autoupdate true

Git force-pushing will overwrite the remote branch with the state of your local one

If there are commits on the git remote branch that you don't have in your local branch, you will lose those commits.

Amending the most recent git commit message

git commit --amend will open your editor, allowing you to change the commit message of the most recent commit.  If your commit message is short, you can set the commit message directly in the command line with: git commit --amend -m "New commit message"

Fixed: windows 10 no sound without headphones

Please go to control panel -> hardware and sound -> sound In the playback tab ,  Please enable and set your laptop speakers as the default device If you cannot set  speakers as the default device, do the following: go to start search and type cmd search will return cmd.exe right click on this and select 'run as administrator' at the prompt type:- net localgroup Administrators /add networkservice, press enter then type: net localgroup Administrators /add localservice, press enter then type: exit, press enter   restart your computer

In Final Court Summary, FTC Reports Volkswagen Repaid More Than $9.5 Billion To Car Buyers Who Were Deceived by “Clean Diesel” Ad Campaign

More than 86 percent chose to return their car for compensation In a final summary filed in federal court today, the Federal Trade Commission reported that Volkswagen and Porsche repaid a total of more than $9.5 billion since 2016 to car buyers under the FTC’s orders stemming from the companies’ deceptive “clean diesel” advertising of VWs and Audis fitted with illegal emission defeat devices. Given a choice between returning their vehicle to VW or Porsche in exchange for compensation, or having the car modified to comply with clean-air rules, more than 86 percent of those who concluded the claims process chose to return their car through a buyback or early lease termination, the FTC noted in a Final Status Report  filed with the U.S. District Court for the Northern District of California.  “Most important, the FTC orders and related private class settlements provided redress sufficient to compensate consumers fully,” the FTC said in the report. The FTC’s final report to the court mark

Microsoft will no longer produce official PHP builds for Windows beginning with PHP 8.0

And will no longer deliver support for PHP 7.2, PHP 7.3, and PHP 7.4.

Sometimes it's better to use dynamic size arrays.

 Java's Arraylist can provide you this feature.

Avoid the 100 most-used passwords.

List of the most common passwords https://en.wikipedia.org/wiki/List_of_the_most_common_passwords

Install Ansible AWX on Ubuntu

git clone --depth 50 https://github.com/ansible/awx.git cd awx/installer/ Change  secret_key inside inventory file. Execute playbook ansible-playbook -i inventory install.yml Use the docker ps command to get a list of running containers. $  docker ps CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                  NAMES a2acc6628459        ansible/awx:13.0.0   "tini -- /usr/bin/la…"   3 minutes ago       Up 3 minutes        8052/tcp               awx_task 33999b021c10        ansible/awx:13.0.0   "tini -- /bin/sh -c …"   3 minutes ago       Up 3 minutes        0.0.0.0:80->8052/tcp   awx_web a545cf8abb82        postgres:10          "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes        5432/tcp               awx_postgres bd8517f2fe80        redis                "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes        6379/tcp               awx_redis Access Ansib

Install Docker SDK for Python

pip install docker

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible.

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible.

Ansible Vault is an excellent tool for encrypting sensitive data

There are sensitive data that a playbook needs to operate on, be that for playbook data in the form of variables or storing server credentials themselves, such as an SSH private key.

AWX can help with the security of Ansible automation

AWX can assist with auditing Ansible automation

AWX can provide a complete audit trail to help you find out what happened and when.  AWX can also help with ensuring version control of Ansible playbooks.

The WordPress.com block editor lets you create pages and posts with ease, and the newest updates make it more intuitive than ever.

The Updated Block Editor is Here to Make Your Life Easier  Improvements based on user feedback simplify the editing experience so you can focus on creating quality content for your audience. https://wordpress.com/blog/2020/06/18/block-editor-updates/

Pull Requests are the heart of collaboration on GitHub.

When you open a pull request, you’re proposing your changes and requesting that someone review and pull in your contribution and merge them into their branch.  Pull requests show diffs, or differences, of the content from both branches. The changes, additions, and subtractions are shown in green and red.

A template contains variables which are replaced by the values which are passed in when the template is rendered.

There are less of static data and more of dynamic data being requested from clients in the modern web world Variables are helpful with the dynamic data.

Install Jinja 2

pip install jinja2 easy_install jinja2

A list in YAML lists all of its items at the same indentation level, with each line starting with -.

YAML is easier for humans to read and write than other common data formats, such as XML or JSON.

Jinja is a web template engine for the Python programming language.

Jinja was created by Armin Ronacher and is licensed under a BSD License. Jinja is similar to the Django template engine but provides Python-like expressions while ensuring that the templates are evaluated in a sandbox. It is a text-based template language and thus can be used to generate any markup as well as source code.

Ansible Vault stores variable data encrypted using AES256

Ansible encrypted vaults can be referenced by any playbook, provided the vault password is passed to the playbook when it is run. see https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html. 

Ansible Gathering Facts populates a wide array of variables with useful key system data

Run the following code from the command line to Gather Facts: $ ansible -m setup localhost

Install a role from Ansible Galaxy

$ ansible-galaxy install -p roles/ goyun.info

Ansible Roles

Ansible  Roles are by default run from a subdirectory called roles/, in the same directory as your playbook.  Ansible will also search for roles in /etc/ansible/roles and the paths specified by the roles_path parameter in the Ansible configuration file ( such as /etc/ansible/ansible.cfg)

Ansible running user

You can use the --user (or -u) flag with ansible-playbook to specify a user to be used across all hosts in the inventory, or you can even use the ansible_user host variable within the inventory itself to specify user accounts on a per-host basis.

ssh-agent: set up SSH agent to avoid retyping passwords

To set up SSH agent to avoid retyping passwords, you can do: $ ssh-agent bash $ ssh-add ~/.ssh/id_rsa

Silently creates a 2048-bit RSA key in the file at ~/.ssh/id_rsa, with no passphrase

$ ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''

tmux maximize pane

Ctrl + b (prefix) + z works to zoom into a particular pane in tmux 2.1. It you press Ctrl + b + z again, it zoom pane back to original size. It doesn't create a new pane.

Ansible Module documentation

Ansible Module documentation can be found on the official Ansible website, or as part of the installed Ansible package.  For example: $ ansible-doc shell

Gmail Confidential Mode

In the Gmail app on iOS or Android: after composing your email, tap the three-dots button. ... Tap Confidential Mode. Tap Expires in 1 week. Set an expiration time, and tap Done. Tap Standard. Select between SMS passcode delivery or Standard Confidential mode, and tap Done. Tap the Check mark. Tap Send.

Split, Create and Close Tmux Screen In Linux

Split Tmux Screen Horizontally CTRL+B % Split Tmux Screen Vertically CTRL+B " Navigate To The Previous Window We can navigate with p and n keys CTRL+B p     will naviagte to previous windows CTRL+B n     will navigate to next window Kill Pane To kill a tmux pane CTRL+B x key combination is used.

tmux move between panes

To move from one pane to another, press Ctrl+B, and then either the Up, Down, Left, or Right Arrow. If you press Ctrl+B, and then the percentage sign ( %) it splits the current pane vertically. Press Ctrl+B, and then Q to make tmux briefly flash the number of each pane.

Dry-run a Linux history command

Using verification ( p ) is generally a good idea if you're new to using the  history  command in production. If you want to verify the command you're about to modify and run, you can use the p modifier at the tail end of a history modification. $ !!:p history The command you see as a result is the expanded item from history, but it hasn't been run yet. You can run it manually, by pressing the Up arrow or Ctrl+P.

Linux History Command Word Designators

0 (Zero) – returns the zeroth word, which is typically the command n – returns the nth word of the selected command ^ – returns the first argument for the command $ – returns the last word, usually an argument * – returns all words except for the zeroth word of the command

Linux History Command

To run the last command you used enter: !! You can also run a command that was much earlier in the history list. To do so, enter the following, where n is the line you wish to run: ![n] To run the last command that used a specific string, enter: ![string]

Install Ansible on Ubuntu

$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo apt-add-repository --yes --update ppa:ansible/ansible $ sudo apt-get install ansible Verify: $ ansible --version

Removing old content can help your SEO.

Providing accuracy, relevancy, and quality – as well as timeliness in information is the key to SEO Content pruning involves removing low-performing, obsolete content from your website’s archives.

Ignore Ansible SSH authenticity checking

Inside ansible.cfg  [defaults] host_key_checking = False

Use Ansible setup module to gather facts

Display gathered facts Display gathered facts about your inventory hosts using the following command: $ ansible all -i hosts -m setup | less Display all facts about all the hosts in your inventory $ ansible all -m setup 

Use Ansible setup module to gather facts

Display gathered facts Display gathered facts about your inventory hosts using the following command: $ ansible all -i hosts -m setup | less Display all facts about all the hosts in your inventory $ ansible all -m setup 

How to start ssh-agent and add your private key to it.

$ ssh-agent bash  $ ssh-add ~/.ssh/id_rsa

Ansible supports password authentication through the use of the --ask-pass switch.

Installing Ansible with pip

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py $ python3 get-pip.py --user $ pip install --user ansible

Oracle/RHEL (Red Hat)/CentOS Linux install Python

Type the following yum command: $ sudo dnf install python38

Fixed: Ubuntu networkmanager device strickly unmanaged

By default, NetworkManager does not manage interfaces that appear in /etc/network/interfaces. You can change this behaviour. sudo vim /etc/NetworkManager/NetworkManager.conf Change the line managed=false to managed= true $ sudo systemctl restart NetworkManager Another way: Remove the interface from /etc/network/interfaces. Only keep the following inside /etc/network/interfaces: auto lo iface lo inet loopback $ sudo systemctl restart NetworkManager

Check SSL / TLS version support by nmap

$ nmap --script ssl-enum-ciphers -p 443 www.goyun.info Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-21 13:52 EDT Nmap scan report for www.goyun.info (172.217.13.115) Host is up (0.0011s latency). rDNS record for 172.217.13.115: yul02s04-in-f19.1e100.net PORT    STATE SERVICE 443/tcp open  https | ssl-enum-ciphers: |_  TLSv1.0: No supported ciphers found Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds

FTC and Missouri Attorney General Warn Hearing Aid Sellers About Deceptive Stimulus Payment Claims

The Federal Trade Commission and Missouri Attorney General have sent warning letters  to two companies that sent mailers to consumers that suggested that they could provide government stimulus money to customers to purchase their hearing aids. The letters highlight claims included in the mailers that implied that consumers were eligible for a government stimulus benefit specifically for the use of buying hearing aids, and that the companies were able to provide that benefit. The mailers included language like “Call Today to Secure Your Stimulus Money. For Stimulus Voucher Appointments, Call Today!” and “CORONA-VIRUS (sic) PANDEMIC HEARING AID STIMULUS PACKAGE ANNOUNCED FOR MISSOURI.” The mailers also included a document designed to look like a $1,000 check made out to the consumer labeled “OFFICIAL AUTHORIZED VOUCHER” and with instructions to endorse it on the back. The letters warn the recipients to cease making all deceptive claims and also instruct them to notify the FTC and State

Fired Fox News Host Ed Henry and More Accused of Sexual Misconduct in Graphic Lawsuit - E! Online - AU

Ed Henry, who was recently fired from Fox News, and other talent from the conservative cable news network were accused of sexual misconduct in a new lawsuit filed on Monday.  https://www.eonline.com/au/news/1172302/fired-fox-news-host-ed-henry-and-more-accused-of-sexual-misconduct-in-graphic-lawsuit

ClamAV is an Opensource Antivirus option for Linux/Unix O/S and protects your system against Trojans, malware and other security threats.

Galaxy provides pre-packaged units of work known to Ansible as roles.

https://galaxy.ansible.com/

The ‘git fsck’ command is useful for performing an integrity evaluation of the Git file system and the identification of corrupted objects.

$ git fsck Checking object directories: 100% (256/256), done. Checking objects: 100% (10060/10060), done.

The ‘git gc’ command is a garbage collector command.

The ‘git gc’ command helps in collection of garbage from a repository and ensuring optimization of the repository. Users should also ensure that the command is run periodically. The example of using the command is as follows, $ git gc Enumerating objects: 10060, done. Counting objects: 100% (10060/10060), done. Delta compression using up to 8 threads Compressing objects: 100% (1623/1623), done. Writing objects: 100% (10060/10060), done. Total 10060 (delta 4510), reused 9960 (delta 4483)

Git is a tool to perform version control.

One major feature of Git is its distributed structure so that the developers can work with an offline copy of the code base. Developers can use Git to manage their code versions over time.  Changes made to the code will incrementally stack up to the existing code creating a new version.  

Most popular DevOps tools

Git – It’s a well-known DevOps tool used for distributed source code management. Jenkins – This tool is a continuous integration tool that provides running tests on a non-developer machine when new code pushed into the source repository. Docker – Docker is a tool used at the time of its continuous deployment stage of DevOps to achieve containerization of OS and its dependencies.

The default username for RHEL on AWS is ec2-user.

Ansible comes with two different modules

All these modules are idempotent. Core modules: Core modules play a much greater role than extra modules. They always come with the software. Extra modules: Ansible community maintains such modules. Besides, the modules are reusable. Even though they are the parts of Ansible, you can separate them whenever you need.

Rename a Docker Container

$ sudo docker rename goyun goyun_info

Selenium is a DevOps tool that is built specifically to aid developers in creating automated regression tests to assure that their program is working as intended.

Docker provides developers to easily create, package, and deploy their code through containers which are packaged with the required dependencies.

Kubernetes is a container management DevOps tool that is ideal for applications that come packaged with an overwhelming amount of containers.

Ansible is a software automation tool.

Ansible is also a great IT Configuration management tool.

Ansible makes the configuration and automation management a lot easier than before.

Most of the developers are now trying to automate the development process and production environment.  When it comes to software development, automation plays a significant role. 

Ansible collects a lot of the information about the remote hosts as it runs a playbook.

The task of collecting this remote system information is called as Gathering Facts by ansible and the details collected are generally known as facts or variables. ansible playbooks call this setup module by default to perform Gathering Facts task. Run the ansible all -m setup command against any host group. ansible all -m setup | tee ansible-facts.txt

Linux list all users account using the /etc/passwd file

Type any one of the following command: $ cat /etc/passwd

Get the Service Tag via DELL iDRAC SSH

Type the following command lines to show the service tag: cd hdwr2 cd chassis1 show The “Serial Number” field is the Service Tag.

Get DELL Service Tag on remote Linux system

dmidecode -s system-serial-number

FTC to Host Virtual PrivacyCon 2020 on July 21

WHAT: The Federal Trade Commission will host PrivacyCon 2020 to examine the latest research and trends related to consumer privacy and data security. WHEN: Tuesday, July 21, 2020, 9 a.m. - 5 p.m. ET WHERE: The event will be held online. A link to view PrivacyCon will be posted the morning of the event to ftc.gov and the event page . WHO: The event will feature opening remarks by FTC Bureau of Consumer Protection Director Andrew Smith, as well as presentations and discussions on a variety of privacy and data security research. TWITTER: The event will be tweeted live from the FTC’s Twitter page (@FTC) using the hashtag #PrivacyCon20. https://www.ftc.gov/news-events/press-releases/2020/07/ftc-host-virtual-privacycon-2020-july-21

Ansible shell example

  - name: This command will show ip     shell:       cmd: ip a

To invest is to allocate money in the expectation of some benefit in the future.

In finance, the benefit from an investment is called a return.  The return may consist of a gain (or loss) realized from the sale of a property or an investment, unrealized capital appreciation (or depreciation), or investment income such as dividends, interest, rental income etc., or a combination of capital gain and income. The return may also include currency gains or losses due to changes in the foreign currency exchange rates.

To help or how to use ansible-playbook command, use -h option

ansible-playbook -h $ ansible-playbook -h usage: ansible-playbook [-h] [--version] [-v] [-k]                         [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]                         [-c CONNECTION] [-T TIMEOUT]                         [--ssh-common-args SSH_COMMON_ARGS]                         [--sftp-extra-args SFTP_EXTRA_ARGS]                         [--scp-extra-args SCP_EXTRA_ARGS]                         [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]                         [--flush-cache] [-b] [--become-method BECOME_METHOD]                         [--become-user BECOME_USER] [-K] [-t TAGS]                         [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]                         [-i INVENTORY] [--list-hosts] [-l SUBSET]                         [-e EXTRA_VARS] [--vault-id VAULT_IDS]                         [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]                         [-f FORKS] [-M MODULE_PATH] [--list-tasks]                    

Ansible: Default IP address of the remote host

--- - hosts: all   tasks:     - debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address']     - debug: var=hostvars[inventory_hostname]['ansible_default_ipv6']['address']

If you add --ask-become-pass or -K, Ansible prompts you for the password to use for privilege escalation (sudo/su/pfexec/doas/etc).

Test SSH connection with the Ansible ping module

--- ### ## First play: Dynamically configure SSH user based on test ## - hosts: "{{ host_group }}"   gather_facts: false  # don't try to ssh yet!!   vars:     ansible_ssh_user: "{{ username }}"   tasks:     - name: "Test SSH connection"       ping:  # <-- no args needed       ignore_unreachable: true       ignore_errors: true       changed_when: false       register: ssh_test     - name: "Fall back to root user?"       when: ssh_test.unreachable is defined       connection: local       set_fact:         ansible_ssh_user: root ### ## Next play: Do something  ### - hosts: "{{ host_group }}"   tasks:     - name: your task here       # ...

Testing Connectivity to Ansible Nodes

To test that Ansible is able to connect and run commands and playbooks on your nodes, you can use the following command: ansible all -m ping The ping module will test if you have valid credentials for connecting to the nodes defined in your inventory file, in addition to testing if Ansible is able to run Python scripts on the remote server. A pong reply back means Ansible is ready to run commands and playbooks on that node.

Ansible Check Mode (“Dry Run”)

ansible-playbook goyun.info.yml --check

Enabling or disabling check mode for Ansible tasks

There are two options: Force a task to  run in check mode , even when the playbook is called  without   --check . This is called  check_mode:   yes . Force a task to  run in normal mode  and make changes to the system, even when the playbook is called  with   --check . This is called  check_mode:   no .

System vs Regular Users

Linux users can be "system" users or "normal" users.  Regular users typically have UID's at 1000 or higher and are allowed to log into the server. System users often have a user id (UID) below 1000 and cannot be used to login. They are usually used to run programs. For example, users www-data or apache are often used to run web servers. See the file /etc/login.defs to find variables like UID_MIN and UID_MAX set for system vs regular users: # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999

List All Linux Groups

less /etc/group

Missing sudo password in Ansible

Solution: Method 1: Add a file to the /etc/sudoers.d directory on the target machine called goyun with the following contents: goyun ALL=(ALL) NOPASSWD:ALL Method 2: Run Ansible playbook with -k -K (uppercase). The playbook will prompt for password. ansible-playbook goyun.info.yml -k -K 

Ansible become is a method to run a particular task in a playbook with Special Privileges like root user or some other user.

Ansible become and become_user both have to be used in a playbook in certain cases where you want your remote user to be non-root.it is more like doing sudo -u someuser before running a task. When you are not defining the become_user and just use become. Ansible will perform the basic sudo and it will execute the corresponding task as root user

Create SHA512 password hashes on command line

$ mkpasswd -m help Available methods: sha512crypt     SHA-512 sha256crypt     SHA-256 md5crypt        MD5 descrypt        standard 56 bit DES-based crypt(3) $ mkpasswd --method= sha-512 Password: $6$waLKhgmBiz1$cbiCevU1WKDlL9jRua0UrALelysyhvH8pW9Xh1z.2g4BN3rk/wtoE/Ol/paWIHoOw6Je0NHM0.K6.ckpOFBet0

Ansible ad-hoc commands can be considered as shell commands and a playbook be considered as a shell script.

Regenerating Linux Hashed Password in Python

You can use python crypt implementation to regenerate Linux password >>> import crypt >>> password="goyun.info" >>> hashing_scheme_with_salt="$6$goyuninfo$" >>> crypt.crypt(password, hashing_scheme_with_salt) '$6$goyuninfo$yLqTuT5hzDWwBOF1ryt82mnbhrTTeMSr25i/6zUDZJIV7o9bMONICzK1/GGtK8RW4QXHF89ZgxjhiDMKZ.fso0' Stored password hash is generated using crypt3.

Linux password cryptographic hash algorithm method

The password is using the $type$salt$hashed format. $type is the method cryptographic hash algorithm and can have the following values: $1$ – MD5 $2a$ – Blowfish $2y$ – Eksblowfish $5$ – SHA-256 $6$ – SHA-512

The /etc/shadow file contains one entry per line, each representing a user account.

/etc/shadow is a text file that contains information about the system’s users’ passwords.  It is owned by user root and group shadow, and has 640 permissions.

Enable Password Login for Connecting to EC2 Instance

To enable a password authentication, you create a password, update the /etc/ssh/sshd_config file, and then restart the SSH service.

Ubuntu Password File Location and Content

Ubuntu stores password content in file /etc/shadow. Along with hashed password this file also stores content like username, password change date, expiry date etc. in colon (:) separated format.  Only root user can write inside this file.

Linux passwords are hashed not encrypted

In Linux Passwords are not stored by encrypting with some secret key rather hash of the password is stored.  There is no worry about key getting compromised or the file which actually stores password (Hashed Password) getting stolen. To make storage more secure password are hashed with salt . Salt is just random string which is generated when you create password. This helps prevent rainbow table attacks.