Archive

Archive for the ‘bash’ Category

Connect to Cisco AnyConnect using Debian buster

February 28, 2020 Leave a comment

My employer uses a Cisco AnyConnect VPN.

Today I set up my Debian GNU/Linux 10 (“buster”) to connect to it, using only Open Source components.

My setup:

  • XFCE desktop
  • network-manager
  • openconnect

To install the required packages:

sudo apt install openconnect network-manager-openconnect-gnome network-manager-gnome curl xmlstarlet

The curl and xmlstarlet packages are used by csd-post.sh, a Cisco Anyconnect CSD wrapper script included with OpenConnect.

Debian 10 by default demands at least TLS 1.3 which caused this error:

error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

I fixed it by creating a more relaxed openssl configuration:

sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl_tls_1_0.cnf
sudo vi /etc/ssl/openssl_tls_1_0.cnf

Change only the “MinProtocol” line towards the end of the file to

MinProtocol = TLSv1.0

Then add a helper script /usr/local/bin/csd-post-tls-1-0.sh to use the relaxed config:

#!/bin/bash
export OPENSSL_CONF="/etc/ssl/openssl_tls_1_0.cnf"
/usr/libexec/openconnect/csd-post.sh "$@"

Then configure your VPN connection through the network-manager applet (you might have to logout/login to let XFCE autostart the systray applet):

Check “Allow Cisco Secure Desktop trojan” and as “CSD Wrapper Script” use /usr/local/bin/csd-post-tls-1-0.sh :

And finally connect:

Categories: bash, debian Tags: , ,

Klassikradio MP3 streams

April 4, 2018 Leave a comment

Klassikradio is a German radio station with an easy-to-digest selection of classical music, movie themes and other relaxing sounds, with not too many commercials.

They have many channels, all available as mp3 streams. They can be found and played in your browser at http://www.klassikradio.de/webplayer

To play the audio streams outside of a web browser, I retrieved and saved the stream urls as m3u files, using the shell script below. It used to work until Klassikradio changed its website:

#! /bin/bash

index_url='http://www.klassikradio.de/webplayer'
audio_url='http://stream.klassikradio.de/[^/]*'

for x in $(wget -q -O - "${index_url}" | grep -o "${audio_url}"); do 
  echo "${x}" > "klassikradio-$(basename "${x}").m3u";
done

The resulting m3u files are still available from here.

M3U files are the easiest way to “bookmark” media streams to be played by an audio player of your choice.

I use the VLC player with the “Allow only one instance” setting and configure it as the default application for *.m3u files.

Categories: bash, music Tags: , ,

Replace TODO in index files with Capitalized folder name

September 2, 2017 Leave a comment
file_name=index.html
pattern=TODO

for file_path in $(find -type f -name $file_name); do 
  dir=$(basename $(dirname $file_path))
  word=${dir^}
  sed -i -e "s/$pattern/$word/g" $file_path
done

Categories: bash, coding, html Tags: , ,

Nagios NRPE wrapper to encode meta-characters

April 23, 2017 Leave a comment

The Nagios Remote Plugin Executor allows remote execution of Nagios check commands, which is a powerful tool for monitoring the health of the machines and services on your network.

If your remote commands take command line parameters, you might run into trouble regarding special characters, typically required in regular expressions and other values you might want to send across. To actually see the error on the target machine, you need to Create a Log File for NRPE.

If your command fails due to this kind of error, then read on:

Apr 6 18:06:58 somehost nrpe[somepid]: Error: Request contained illegal metachars!
Apr 6 18:06:58 somehost nrpe[somepid]: Client request was invalid, bailing out...

NRPE inspects the arguments for characters that have special meaning for typical Unix shells to prevent shell command injection. If it encounters any charcaters deemed unsafe the command execution is rejected and you will see the error message above.

Unfortunately NRPE does not provide a way to safely encode and decode the parameter values.

To work around this, I created a wrapper script for the check_nrpe command, let’s call it check_nrpe_urlencoded.sh. I chose url-encoding for its simplicity and familiarity. The goal is to be able to create Nagios command definitions like this:

$USER1$/custom_scripts/check_nrpe_urlencoded.sh -H $HOSTADDRESS$ -c my_remote_command -a '$ARG1$' '$ARG2$'

And the remote command would bedefined in /etc/nagios/nrpe.cfg or under in a custom file under /etc/nrpe.d/, depending on your Linux distribtion:

command[my_remote_command]=/path_to_my_custom_nrpe_plugins/my_remote_command.sh '$ARG1$' '$ARG2$'

Here is a possible implementation of check_nrpe_urlencoded.sh:

#! /bin/bash

command='/usr/lib/nagios/plugins/check_nrpe'
args='no'

urlencode() {
    old_lc_collate=$LC_COLLATE
    LC_COLLATE=C

    local length="${#1}"
    for (( i = 0; i < length; i++ )); do
        local c="${1:i:1}"
        case ${c} in
            [a-zA-Z0-9.~_-]) printf "$c" ;;
            *) printf '%%%02X' "'$c" ;;
        esac
    done

    LC_COLLATE=${old_lc_collate}
}

for x in "$@"; do
  if [ ${x} = '-a' ]; then
    args='yes';
  else
    if [ ${args} = 'yes' ]; then
       x=$(urlencode ${x})
    fi
  fi
  command="${command} ${x}"
done

# execute the check_nrpe with the encoded args:
${command}

In the remote shell script like my_remote_command.sh, you would then decode the arguments like this:

function urldecode() {
  local url_encoded="${1//+/ }"
  printf '%b' "${url_encoded//%/\\x}"
}
arg1="$(urldecode $1)"
arg2="$(urldecode $2)"

And then use the decoded arguments as before.

Categories: bash, coding Tags: ,

Summing up numeric values using bash

March 22, 2017 Leave a comment

For example to add up the disk usage at several disjoint locations:

numfmt --to=iec $[$(du -s /home/*/docs | cut -f 1 | paste -sd+)]
101K

The $[..] is for arithmetic evaluation in bash.
Alternatively pipe to the bc command.

Categories: bash, coding

Convert mpc to mp3 on Linux

January 1, 2017 2 comments

You need the lame and mpcdec commands. On Debian, mpcdec is in the musepack-tools package:

sudo apt-get install lame musepack-tools

Then to convert all mpc files in the current directory to matchingly named mp3 files:

for x in *.mpc; do mpcdec "${x}" - | lame -r - "${x%.mpc}.mp3"; done
Categories: bash, coding, debian, linux, music

bash : Loop over lines in file with user prompt

December 8, 2016 Leave a comment

I used the following to loop over the lines in a file, while prompting the user for a key press on each iteration:

while read -u 3 line ; do 
  #clear the screen
  printf "\033c" 
  echo "$line"; echo

  # do something with the $line here

  read -n 1 -s -p "[Press any key to continue]"
done 3< "some-file.txt"

The reading of the lines is done via file descriptor 3 to avoid interference with the reading of the user’s key presses.

Categories: bash, coding Tags: ,