stupid docker tricks #239192

 cats, hack, security, virtual  Comments Off on stupid docker tricks #239192
Feb 022016
 
stupid docker tricks #239192

1) Limit max processes on container; unfortunately docker seems intent on me not doing docker stupid tricks, so this is actually a bit of a pain on some systems… but if you figure out/etc/security/limits.conf, or can use prlimit (or write your own; use RLIMIT_NPROC instead of RLIMIT_NOFILE), you can do “prlimit –pid 666 –nproc=3:3” to limit the processes on the system to a very small number. Say… only what you’re running inside […]

HP firmware disks

 hack, tech  Comments Off on HP firmware disks
Sep 302012
 
HP firmware disks

I’d been playing with them… and since I hadn’t seen this anywhere I’ll put it as a small hack o the day. The disks do what they say (e.g. … install firmware ;)) – basically you burn it to a cd, boot it up, and it has some sort of access to the system. Since I’ve been working with these sorts of things lately I was curious how they […]

lsof lite (III/III)

 code, ipmi, security, tech  Comments Off on lsof lite (III/III)
Sep 252012
 

Finally one that looks at a process and tells you what ports its listening to. WPCM450 /tmp]$ ps |grep ssh  1263 root       4532 S   /sbin/sshd -g 60  9730 root       9412 S   sshd: root@pts/0     10571 root       3556 R   grep ssh [WPCM450 /tmp]$ ./lsof-net-pid.sh 1263 PID 1263 is listening on tcp6:22 PID 1263 is listening on tcp:22 […]

lsof lite (II/III)

 code, ipmi, security, tech  Comments Off on lsof lite (II/III)
Sep 252012
 

Here’s one that looks up processes that have a file open… well, actually, more like a file expression; “foo” would match “/bar/foo” and “/foo/bar” (by intent), so use full paths if you’re not feeling frisky. And yes… busybox really does have that many duplicate processes with that file open…. [WPCM450 /tmp]$ ./lsof-pid-on-file.sh NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat […]

lsof lite I/III

 code, ipmi, security, tech  Comments Off on lsof lite I/III
Sep 252012
 

After beating on some really anemic linux installations that had… well, just about nothing installed (one didn’t have “tr”, one didn’t have “df”, etc… come on, that’s pretty sad ;)), I decided to start writing some shell scripts in very, very basic shell (you can do a lot with shell, awk, and sed!) Here’s one that while not perfect, at least seems to work (so far!) – I

 Older Entries