blog
Table des matières
0 billet(s) pour février 2026
Ksar pour sysstat
Voir Notes sysstat
https://sourceforge.net/projects/ksar/
Voir aussi :
- tload (procps)
chmod +x run.sh ./run.sh -help
kSar version: 5.0.6 Usage: -version: show kSar version number -help: show this help -input <arg>: argument must be either ssh://user@host/command or cmd://command or file://path/to/file or just /path/to/file -graph <graph list>: space separated list of graph you want to be outputed -showCPUstacked: will make the CPU used graph as stacked -showMEMstacked: will make the Memory graph as stacked (linux only) -cpuFixedAxis: will graph CPU used with fixed axis from 0% to 100% -showIntrListstacked : will make the Interrupt List graph as stacked -showTrigger: will show trigger on graph (disabled by default) -noEmptyDisk: will not export disk with no data -tile: will tile window -userPrefs: will use the userPrefs for outputing graphs (last export of this host) -showOnlygraphName: will only print graph name available for that data (to be use for -graph) -addHTML: will create an html page with PNG/JPG image -outputPDF <pdf file> : output the pdf report to the pdf file -outputPNG <base filename> : output the graphs to PNG file using argument as base filename -outputJPG <base filename> : output the graphs to JPG file using argument as base filename -outputCSV <CSV file> : output the CSV file -width <size> : make JPG/PNG with specified width size (default: 800) -height <size> : make JPG/PNG with specified height size (default: 600) -startdate <date> : will graph the range begining at that time -enddate <date> : will graph the range until that date -solarisPagesize <pagesize in B>: will set solaris pagesize -wizard: open with unified login popup -replaceShortcut <xml file>: replace all shortcut with those in the xml file -addShortcut <xml file>: add shortcut from the xml file -startup: open window marked for opening at startup
Exemple de génération de PDF
KSAR="/opt/ksar/kSar-5.0.6/run.sh" # /var/log/sysstat pour Debian ALLFIC=$(echo /var/log/sa/sar*) OUTPUT="/tmp/sar" for FIC in $ALLFIC do $KSAR -input file://$FIC -noEmptyDisk -showTrigger -outputPDF $OUTPUT/$(basename $FIC).pdf done
Pb
java.lang.NumberFormatException: For input string: "1,03"
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1250)
at java.lang.Float.valueOf(Float.java:417)
at java.lang.Float.<init>(Float.java:519)
at net.atomique.ksar.Linux.Parser.parse(Parser.java:830)
at net.atomique.ksar.kSar.parse(kSar.java:750)
at net.atomique.ksar.FileRead.run(FileRead.java:62)
time to parse: 12ms number of line: 1 line/msec: 0.0
Solution
LANG=C sar -A -f /var/log/sysstat/sa20 > sar20.txt
Kernel Linux syscall
Voir :
- seccomp
Liste des tous les syscalls
Avec SystemD
systemd-analyze syscall-filter
Avec AuditD
ausyscall --dump
Liste des appels systèmes bloqué par défaut par Docker
Source : https://docs.docker.com/engine/security/seccomp/
Significant syscalls blocked by the default profile Docker's default seccomp profile is an allowlist which specifies the calls that are allowed. The table below lists the significant (but not all) syscalls that are effectively blocked because they are not on the Allowlist. The table includes the reason each syscall is blocked rather than white-listed.
Syscall Description acct Accounting syscall which could let containers disable their own resource limits or process accounting. Also gated by CAP_SYS_PACCT. add_key Prevent containers from using the kernel keyring, which is not namespaced. bpf Deny loading potentially persistent bpf programs into kernel, already gated by CAP_SYS_ADMIN. clock_adjtime Time/date is not namespaced. Also gated by CAP_SYS_TIME. clock_settime Time/date is not namespaced. Also gated by CAP_SYS_TIME. clone Deny cloning new namespaces. Also gated by CAP_SYS_ADMIN for CLONE_* flags, except CLONE_NEWUSER. create_module Deny manipulation and functions on kernel modules. Obsolete. Also gated by CAP_SYS_MODULE. delete_module Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE. finit_module Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE. get_kernel_syms Deny retrieval of exported kernel and module symbols. Obsolete. get_mempolicy Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE. init_module Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE. ioperm Prevent containers from modifying kernel I/O privilege levels. Already gated by CAP_SYS_RAWIO. iopl Prevent containers from modifying kernel I/O privilege levels. Already gated by CAP_SYS_RAWIO. kcmp Restrict process inspection capabilities, already blocked by dropping CAP_SYS_PTRACE. kexec_file_load Sister syscall of kexec_load that does the same thing, slightly different arguments. Also gated by CAP_SYS_BOOT. kexec_load Deny loading a new kernel for later execution. Also gated by CAP_SYS_BOOT. keyctl Prevent containers from using the kernel keyring, which is not namespaced. lookup_dcookie Tracing/profiling syscall, which could leak a lot of information on the host. Also gated by CAP_SYS_ADMIN. mbind Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE. mount Deny mounting, already gated by CAP_SYS_ADMIN. move_pages Syscall that modifies kernel memory and NUMA settings. nfsservctl Deny interaction with the kernel nfs daemon. Obsolete since Linux 3.1. open_by_handle_at Cause of an old container breakout. Also gated by CAP_DAC_READ_SEARCH. perf_event_open Tracing/profiling syscall, which could leak a lot of information on the host. personality Prevent container from enabling BSD emulation. Not inherently dangerous, but poorly tested, potential for a lot of kernel vulns. pivot_root Deny pivot_root, should be privileged operation. process_vm_readv Restrict process inspection capabilities, already blocked by dropping CAP_SYS_PTRACE. process_vm_writev Restrict process inspection capabilities, already blocked by dropping CAP_SYS_PTRACE. ptrace Tracing/profiling syscall. Blocked in Linux kernel versions before 4.8 to avoid seccomp bypass. Tracing/profiling arbitrary processes is already blocked by dropping CAP_SYS_PTRACE, because it could leak a lot of information on the host. query_module Deny manipulation and functions on kernel modules. Obsolete. quotactl Quota syscall which could let containers disable their own resource limits or process accounting. Also gated by CAP_SYS_ADMIN. reboot Don't let containers reboot the host. Also gated by CAP_SYS_BOOT. request_key Prevent containers from using the kernel keyring, which is not namespaced. set_mempolicy Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE. setns Deny associating a thread with a namespace. Also gated by CAP_SYS_ADMIN. settimeofday Time/date is not namespaced. Also gated by CAP_SYS_TIME. stime Time/date is not namespaced. Also gated by CAP_SYS_TIME. swapon Deny start/stop swapping to file/device. Also gated by CAP_SYS_ADMIN. swapoff Deny start/stop swapping to file/device. Also gated by CAP_SYS_ADMIN. sysfs Obsolete syscall. _sysctl Obsolete, replaced by /proc/sys. umount Should be a privileged operation. Also gated by CAP_SYS_ADMIN. umount2 Should be a privileged operation. Also gated by CAP_SYS_ADMIN. unshare Deny cloning new namespaces for processes. Also gated by CAP_SYS_ADMIN, with the exception of unshare --user. uselib Older syscall related to shared libraries, unused for a long time. userfaultfd Userspace page fault handling, largely needed for process migration. ustat Obsolete syscall. vm86 In kernel x86 real mode virtual machine. Also gated by CAP_SYS_ADMIN. vm86old In kernel x86 real mode virtual machine. Also gated by CAP_SYS_ADMIN.
SystemD
Service
[Service] SystemCallArchitectures=native # Only permit system calls used by common system services, excluding any special purpose calls SystemCallFilter=@system-service
KeepassX
Voir aussi :
Liens :
Startup
On database unlock, show entries that : will expire within 30 days
File Management
Backup destination :
{DB_FILENAME}-{TIME:yyyy-MM-dd-hh-mm-ss}.old.kdbx
Kpcli
En root :
apt-get update && apt-get install kpcli cpan Clipboard cd /usr/local/bin wget http://downloads.sourceforge.net/project/kpcli/kpcli-2.7.pl chmod 655 /usr/local/bin/kpcli-2.7.pl echo "alias kpcli='kpcli-2.7.pl'" >> ~/.bashrc
Pour le presse-papier :
apt-get install xclip perl -MCPAN -e 'install Clipboard' perl -MCPAN -e 'install Code::TidyAll'
Le Keepassx 2 est arrivé
apt-get install -t jessie-backports keepassx
Notes Jupyter iPython Julia IJulia
jupyter / iPython avec Julia
Voir
- julia-factcheck https://github.com/JuliaLang/FactCheck.jl
Voir aussi :
- sagemath
sudo apt-get install julia julia-doc pip3 install --user jupyter export PATH=$PATH:~/.local/bin/ echo 'export PATH=$PATH:~/.local/bin/' >> ~/.bashrc
$ julia julia>
Dans l'intérpreteur Julia
Pkg.add("IJulia")
$ ls ~/.local/share/jupyter/kernels/ julia-0.3
Pour lancer IJulia
jupyter-qtconsole --style monokai --kernel=julia-0.3
Ou
julia
using IJulia notebook()
Pb
jupyter-notebook
Traceback (most recent call last):
File "/home/jean/.local/bin/jupyter-notebook", line 11, in <module>
sys.exit(main())
File "/home/jean/.local/lib/python3.4/site-packages/jupyter_core/application.py", line 267, in launch_instance
return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
File "/home/jean/.local/lib/python3.4/site-packages/traitlets/config/application.py", line 591, in launch_instance
app.initialize(argv)
File "<string>", line 2, in initialize
File "/home/jean/.local/lib/python3.4/site-packages/traitlets/config/application.py", line 75, in catch_config_error
return method(app, *args, **kwargs)
File "/home/jean/.local/lib/python3.4/site-packages/notebook/notebookapp.py", line 1007, in initialize
self.init_webapp()
File "/home/jean/.local/lib/python3.4/site-packages/notebook/notebookapp.py", line 873, in init_webapp
self.http_server.listen(port, self.ip)
File "/home/jean/.local/lib/python3.4/site-packages/tornado/tcpserver.py", line 126, in listen
sockets = bind_sockets(port, address=address)
File "/home/jean/.local/lib/python3.4/site-packages/tornado/netutil.py", line 187, in bind_sockets
sock.bind(sockaddr)
OSError: [Errno 99] Cannot assign requested address
Solution
jupyter-notebook --ip=127.0.0.1
Le port 8888 est déjà utilisé, mais un “bindant” sur 127.0.0.1 ça passe
JTR - John The Ripper
Contrairement à hashcat par défaut John est mono core !
Voir : https://www.openwall.com/john/
Voir aussi :
- hashcat
Source http://www.octetmalin.net/linux/tutoriels/john-the-ripper.php
unshadow /etc/passwd /etc/shadow > pass.txt john -users=john pass.txt -show
Les MDP sont enregistrés ici ~/.john/john.pot
john -incremental:alpha pass.txt (Seulements les lettres) john -incremental:digits pass.txt (Seulements les chiffres) john -incremental:lanman pass.txt (Chiffres, lettres et certains caractères scpéciaux) john -incremental:all pass.txt (Tous les caractères)
To continue an interrupted session, run:
john --restore
Benchmark
john --test
Multicore
Voir :
- john-omp
https://www.openwall.com/john/doc/OPTIONS.shtml
Ici il est question d'une option --forks
--fork=N fork N processes
MPI
Voir :
apt-get install openmpi-bin libopenmpi-dev
mpirun -np {nombre de core utilisés} {commande}
john -test mpirun -np 4 /usr/bin/john -test
Alternatives à John the Ripper
Hashcat
grep john /etc/shadow |cut -d: -f2 >hash.txt hashcat -a 3 -m 1800 hash.txt ?l?l?l?l?l?l
Dico
zxcvbnData
blog.txt · Dernière modification : de 127.0.0.1