Cheatsheets

Miscellaneous export AWS_PROFILE=your_AWS_profile export AWS_DEFAULT_REGION=us-east-1 export account_id=$(aws sts get-caller-identity --output json | jq -r .Account) aws ec2 describe-snapshots --owner-ids $account_id | jq -r '.Snapshots[] | .VolumeId,.SnapshotId' aws ec2 describe-volumes | jq -r '.Volumes[] | .VolumeId' aws ec2 describe-volumes | jq '.Volumes[] | select(.Tags[].Value == "*mongo*")' aws ec2 describe-snapshots --filters 'Name=status,Values=pending' aws ec2 describe-volumes --filters 'Name=tag:Name,Values=*mongo*' --query 'Volumes[*].VolumeId' aws s3 cp "s3://${bucket_name}/${NAME}/pki/issued/ca/" . --recursive --exclude '*' --include '*.crt' for ssm_param in $(aws ssm describe-parameters | jq -r ....

Install Cassandra Reaper Get some info about your cluster: nodetool status nodetool tpstats nodetool netstats nodetool compactionstats cqlsh

Search for the package that contains a file sudo pacman -S pkgfile sudo pkgfile --update pkgfile $filename

Shitty bash port scanner Use this in a pinch when you can’t install nmap. host=tired-devops-parity-rpc port=8545 (echo > "/dev/tcp/${host}/${port}") &> /dev/null && echo "${port} is open" Kill defunct processes (or rather, kill their parents) Dark. Useful? parents_of_dead_kids=$(ps -ef | grep [d]efunct | awk '{print $3}' | sort | uniq | egrep -v '^1$'); echo "$parents_of_dead_kids" | xargs kill Using timeout to run an export function I found a better way to check status of rollouts in Kubernetes, but this code is still interesting....

Export charts mkdir -p ~/chartmuseum/storage kubectl cp chartmuseum-chartmuseum-86544fcbcf-dfjzw:/storage ~/chartmuseum/storage Import charts for chart in *.tgz; do curl -u "${CHARTMUSEUM_USER}:${CHARTMUSEUM_PASSWORD}" --data-binary "@${chart}" https://chartmuseum.ur-domain.com/api/charts; done

POSTing JSON batch_post='{"requests":[{"method":"get","path":"/prices","query":{"from":"SNGLS","to":"USD","autoConversion":true}},{"method":"get","path":"/prices","query":{"from":"eth","to":"USD","autoConversion":true}},{"method":"get","path":"/prices","query":{"from":"BCS","to":"USD","autoConversion":true}}]}' curl -H "Content-Type: application/json" -d "$batch_post" -s -X POST "https://api.dedevsecops.com/"

Using Cerebro I haven’t done any heavy Elastic Stack administration lately. I don’t think Cerebro is popular tool anymore. I think most of the info you’d want is available somewhere in Kibana these days… Start Cerebro on your workstation: docker run -d -p 9000:9000 --name cerebro lmenezes/cerebro Open http://localhost:9000. Then connect to http://your_elasticsearch_server:9200 Why are my shards unallocated?!? https://www.datadoghq.com/blog/elasticsearch-unassigned-shards/ curl -XGET localhost:9200/_cluster/allocation/explain?pretty Updating indices https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html curl -XGET http://localhost:9200/_cat/indices/_all curl -XGET http://localhost:9200/....

Prerequisites Log into gitlab.com. Create a personal access token with “api” scope. Create an env var for the token: export token=REDACTED List all groups: curl -H "Private-Token: $token" -s https://gitlab.com/api/v4/groups?owned=true | jq . List all members of a group: curl -H "Private-Token: $token" -s https://gitlab.com/api/v4/groups/4934010/members List all projects in a group: curl -H "Private-Token: $token" -s https://gitlab.com/api/v4/groups/4934010/projects | jq . List all project deploy keys for a specific group: for p in $(curl -H "Private-Token: $token" -s https://gitlab....

Show git log commands for all secrets Run this: gitleaks_output="$(docker run -v "${PWD}":/path zricethezav/gitleaks:latest detect -s /path -v)" echo $gitleaks_output | jq -r '. | "git log -L \(.StartLine),\(.EndLine):\(.File) \(.Commit)"' to produce a bunch of commands like these to you can actually see the secrets in context: git log -L 24,24:cd/kustomize/applications/orchestrate/api-envelope-store.yaml 8951d23432ebf249fb39d71e2997104d77aca3c7 git log -L 24,24:cd/kustomize/applications/orchestrate/api-contract-registry.yaml c7e96ff0f35132ede479c84dc8fc3863bac4ffd7

Other tags: Pretty Good Privacy (PGP), OpenPGP Creating a key (an revocation certificate) https://www.phildev.net/pgp/gpgkeygen.html Sending your key to a keyserver gpg --send-keys 7C998A2D26C760E0 Exporting and Importing keys https://www.phildev.net/pgp/gpg_moving_keys.html Export: gpg --export-secret-keys -a keyid > my_private_key.asc gpg --export -a keyid > my_public_key.asc Import: gpg --import my_private_key.asc gpg --import my_public_key.asc Editing and trusting keys TODO: When should you trust a key ultimately? https://www.phildev.net/pgp/gpgtrust.html gpg --edit-key foo@bar.com trust Importing, signing, and verifying GPG file gpg --import <(curl https://www....