I've hit a bit of a stumper (for me). I'm attempting to insert two newline characters into the RHEL5 /etc/sysconfig/iptables file during our server build process (using kickstart post-installation scripts).
The specific sed command is:
${SED} -i "/-i lo/ a\
\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}
This is actually part of a larger script. ${SED}and ${IPTABLES} are already set to the necessary values.
All of the newlines work with the exception of the first two. Or, more accurately, the second of the first two. Even the last two newlines after ACCEPT work. What happens with the first two newlines is that the first works, creating a newline after matching the iptables entry which contains -i lo. The second, however, simply inserts a literal 'n' prior to the #Trusted Traffic text.
It ends up looking like
(snip)
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
n#Trusted Traffic
-A INPUT (snip)
I've tried various methods of ensuring the second newline is inserted. I've used two blank lines instead of \n\n. I've used two newline characters on separate lines, I've used \\n\\n. Everything I've tried so far results in the same outcome: A literal 'n' being inserted instead of a second newline.
Does sed simply not work with two newline characters at the beginning of appended text? Is there a way to make this work that I'm simply ignorant of?
I don't see why it's not working either, but you can do this also with the substitute option instead of append:
${SED} -i "s%-i lo.*%&\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n%" ${IPTABLES}
Interesting, I would have thought that one of your attempted solutions would work, but I am seeing the same behavior. Here is one potential solution:
${SED} -i -e "s/-i lo.*/\0\n\n/" -e "// a\
#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}
This works by first appending the two newlines to the end of the previous line, and then doing the append.
Not sure about portability, but try:
${SED} '/-i lo/ a\
\
\
'"#Trusted Traffic\\
-A INPUT -s 10.153.156...
"
This technique works on BSD sed. You can maintain double quotes throughout with:
${SED} "/-i lo/ a\\
\\
\\
#Trusted Traffic\\
-A INPUT -s 10.153.156...
"
In either case, there must be no whitespace between the backslash and the end of the line.
Related
Sending a pcap file on port 0. I get the following error. Any fix would be appreciated!
The command used is:
sudo ./app/x86_64-native-linuxapp-gcc/pktgen -c 0X01 -n 1 --file-prefix=pg -w 4:00.1 -- -m 1.0 -T -P -s 0:~/Downloads/bigFlows.pcap
There are 2 obvious reasons for the failure.
Number of CPU cores for pktgen to work is 1 + number of ports in use
you have extra argument in comamnd executed in pktgen.
Checking the link, it show the command used is sudo ./app/x86_64-native-linuxapp-gcc/pktgen -c 0X01 -n 1 --file-prefix=pg -w 4:00.1 -- -m 1.0 -T -P -s 0:[~/Downloads/bigFlows.pcap]. You should not sue [] instead use 0:actual path to pcap.
Note: #SaifUllah during the live debug both core and pcap were show cased for you.
This question already has answers here:
Remove everything except a certain pattern
(4 answers)
Can't use ^ to say "all but"
(4 answers)
Closed 2 years ago.
There are thousands more like below lines in a txt file.
I want to only keep the ip addresses with their subnet masks.
This regex works fine: (\d+\.\d+\.\d+\.\d+)(/[0-9]+)
iptables -A INPUT -s 2.16.19.0/24 -j DROP
iptables -A INPUT -s 2.16.178.0/23 -j DROP
iptables -A INPUT -s 2.16.220.0/24 -j DROP
iptables -A INPUT -s 2.16.222.0/23 -j DROP
iptables -A INPUT -s 2.18.80.0/23 -j DROP
I have a simple bash script file named: test.sh.
#!/bin/bash
ls $1;
I gave the execution permissions:
$ ./test.sh "**/*.java"
shows only one file
where as
$ ls **/*.java
shows hundreds of files
So how to make the script work.
To enable support for ** in Bash, use the globstar option:
#!/bin/bash
shopt -s globstar
ls $1
(See ยง4.3.2 "The Shopt Builtin" in the Bash Reference Manual.)
I see that unlike the standard cloud-config file, there is no runcmd option in a CoreOS cloud-config file. Currently, I enable swap on a CoreOS machine by adding the following to my cloud-config:
units:
- name: swap.service
command: start
content: |
[Unit]
Description=Turn on swap
[Service]
Type=oneshot
Environment="SWAPFILE=/1GiB.swap"
RemainAfterExit=true
ExecStartPre=/usr/sbin/losetup -f ${SWAPFILE}
ExecStart=/usr/bin/sh -c "/sbin/swapon $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"
ExecStop=/usr/bin/sh -c "/sbin/swapoff $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"
ExecStopPost=/usr/bin/sh -c "/usr/sbin/losetup -d $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"
[Install]
WantedBy=local.target
Then after initializing my CoreOS image I have to ssh into the machine and run:
sudo fallocate -l 1024m /1GiB.swap && sudo chmod 600 /1GiB.swap \
&& sudo chattr +C /1GiB.swap && sudo mkswap /1GiB.swap
sudo reboot
before swap will be enabled (e.g. as evidenced by top).
It seems like I should be able to accomplish the latter commands in the cloud-config file itself, but I'm not clear on how I can run such commands without a runmcd field in cloud-config. Perhaps this can be done either by editing my swap.service unit or perhaps by adding another unit, but I haven't figured out quite how.
So, that leaves me with two questions: (1) Can this be done or will it always be necessary to run the last commands manually? (2) If the former, then how?
As pointed out in this answer to an issue on Github, you end up writing a unit to invoke the command of your choice. This answer, gives a good example of using an arbitrary command:
#cloud-config
....
coreos:
units:
- name: runcmd.service
command: start
content: |
[Unit]
Description=Creates a tmp foo file
[Service]
Type=oneshot
ExecStart=/bin/sh -c "touch /tmp/foo;"
#cboettig - thanks to your unit file example and #philibaker note, I got this going - basically the only thing I had to do was to change the ExecStartPre to:
ExecStartPre=/bin/bash -c "\
fallocate -l 2g $SWAPFILE && \
chmod 600 $SWAPFILE && \
chattr +C $SWAPFILE && \
mkswap $SWAPFILE && \
losetup -f $SWAPFILE"
and that includes the entire setup in the preexec step.
Suppose I'm in gdb memcached,but want to run it as memcached -d -u root -m 50 -c 1024 -p 11051.
How to do this?
On the gdb prompt, juste type
run -d -u root -m 50 -c 1024 -p 11051
Alternativerly, you can also use the args parameter:
(gdb) help set args
Set argument list to give program being debugged when it is started.
Follow this command with any number of args, to be passed to the program.
so in your case:
set args -d -u root -m 50 -c 1024 -p 11051
run (or) start