How to use ansible to scan for Spectre/Meltdown vulnerable hosts

First of all head on over to github and download a spectre-meltdown-checker that supports JSON output. Now all we need is a ansible playbook that calls that script:

Important is to adjust the path to spectre-meltdown-checker.sh  in the script:  task (the path is relative to wherever your playboook file is). Adapt to your needs however you want. It is basically just feeding the output of the script into the from_json  filter, storing it in a variable and then iterating over the result via with_items.

Example output:


(vulnerable to  CVE-2017-5715 since Intel retracted their microcode updates and haven’t released new ones yet)

How to colorize manpages

I’m surprised I’ve never posted this here before. Turning manpages from monochrome to color is super easy.

There are a few LESS_TERMCAP_*  environment variables you can adjust. Here is a list of useful ones to change

I prefer to only set them for man, so I put this little function in my ~/.bashrc

 

Bash function for easily watching logs and colorizing the output

Another useful bash function I have on my servers. It’s a wrapper around tail -F  and ccze . It will look for a log file (prepends /var/log/ to the patch if it can’t find it), and pipes it into ccze for colorizing the output. Handy if you find yourself watching logs. I mostly use it for dhcp/tftp/mail where I don’t have a huge amount of traffic (i.e. can watch it in real time) and am expecting an event/log entry.

Usage:

Using regex comparision in bash and BASH_REMATCH

Bash supports regular expressions in comparisons via the =~ operator.  But what is rarely used or documented is that you can use the ${BASH_REMATCH[n]}  array to access successful matches (back-references to capture groups). So if you use parentheses for grouping ()  in your regex, you can access the content of that group.

Here is an example where I am parsing date placeholders in a text with an optional offset (e.g. |YYYY.MM.DD|+2 ). Storing the format and offset in separate groups:

 

 

 

Multiply floats by 10,100, … in bash

A short one today. Bash can only handle integer numbers and not floats, so when someone searches the internet on how to use math on floats in bash the solution they find is usually “use bc” and looks something like this:

Or if they want the result to be an integer:

It’s a fine solution, and readable (which can mean a lot for people maintaining scripts). But if all you want to do is multiply by 10,100,1000, … you can achieve this faster with a bit of string manipulation:

It just splits the number into two strings, and assembles it again with the decimal shifted. Have a look at substring_removal and substring_expansion for more examples on how to modify strings in bash. I’d highly suggest either sticking this in a separate function, or commenting the code since it isn’t necessarily obvious what is going on

Since it is all pure bash and doesn’t need to spawn external commands, it quicker (not that bc  is slow, but if you are doing a lot of calculations, it can add up). I know what you are thinking “if your goal is speed, you shouldn’t be using bash”, that doesn’t mean we can’t write efficient code.