Rust TLS/SSL certificate expiration date from command-line checker

➜  tlschecker --help
TLS Checker 0.1.4
Jose Bovet Derpich. <[email protected]>
TLS/SSL certificate expiration date from command-line checker

USAGE:
    tlschecker [FLAGS] -h <host>...

FLAGS:
        --help       Prints help information
        --json       Prints json output
    -V, --version    Prints version information

OPTIONS:
    -h <host>...        Set hostname(s) to check

How to use

➜ tlschecker -h jpbd.dev expired.badssl.com
--------------------------------------
Issued domain: sni.cloudflaressl.com
Subject Name :
	Country or Region: US
	State or Province: California
	Locality: San Francisco
	Organizational Unit: None
	Organization: Cloudflare, Inc.
	Common Name: sni.cloudflaressl.com
Issuer Name:
	Country or Region: US
	Organization: Cloudflare, Inc.
	Common Name: Cloudflare Inc ECC CA-3
Valid from: Aug  2 00:00:00 2021 GMT
Valid to: Aug  1 23:59:59 2022 GMT
Days left: 263
Expired: false
Certificate version: 2
Certificate algorithm: ecdsa-with-SHA256
Certificate S/N: 2345778240388436345227316531320586380
Subject Alternative Names:
	DNS Name: sni.cloudflaressl.com
	DNS Name: *.jpbd.dev
	DNS Name: jpbd.dev
--------------------------------------
Issued domain: *.badssl.com
Subject Name :
	Country or Region: None
	State or Province: None
	Locality: None
	Organizational Unit: Domain Control Validated
	Organization: None
	Common Name: *.badssl.com
Issuer Name:
	Country or Region: GB
	Organization: COMODO CA Limited
	Common Name: COMODO RSA Domain Validation Secure Server CA
Valid from: Apr  9 00:00:00 2015 GMT
Valid to: Apr 12 23:59:59 2015 GMT
Days left: -2404
Expired: true
Certificate version: 2
Certificate algorithm: sha256WithRSAEncryption
Certificate S/N: 99565320202650452861752791156765321481
Subject Alternative Names:
	DNS Name: *.badssl.com
	DNS Name: badssl.com

JSON Format

➜ tlschecker --json  -h jpbd.dev                  
{
	"subject": {
		"country_or_region": "US",
		"state_or_province": "California",
		"locality": "San Francisco",
		"organization_unit": "None",
		"organization": "Cloudflare, Inc.",
		"common_name": "sni.cloudflaressl.com"
	},
	"issued": {
		"country_or_region": "US",
		"organization": "Cloudflare, Inc.",
		"common_name": "Cloudflare Inc ECC CA-3"
	},
	"valid_from": "Aug  2 00:00:00 2021 GMT",
	"valid_to": "Aug  1 23:59:59 2022 GMT",
	"validity_days": 263,
	"is_expired": false,
	"cert_sn": "2345778240388436345227316531320586380",
	"cert_ver": "2",
	"cert_alg": "ecdsa-with-SHA256",
	"sans": ["sni.cloudflaressl.com", "*.jpbd.dev", "jpbd.dev"]
}

You can checkout source code Github

Terminate a sidecar container in Kubernetes

Terminate a sidecar container in Kubernetes

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: great-job
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: count
            image: busybox
            command: ["/bin/sh", "-c"]
            args:
              - |
                sleep 2s
                trap "touch /var/log/terminated" EXIT
                i=0; while [ $i -lt 10 ]; do echo "$i: $(date)" >> /var/log/app.log; i=$((i+1)); sleep 1; done
            volumeMounts:
            - name: varlog
              mountPath: /var/log
          - name: count-log
            image: busybox
            command: ["/bin/sh", "-c"]
            args:
            - |
              tail -f /var/log/app.log & CHILD_PID=$!
              (while true; do if [[ -f "/var/log/terminated" ]]; then kill $CHILD_PID; echo "Killed $CHILD_PID because the main container terminated."; fi; sleep 1; done) &
              wait $CHILD_PID
              if [[ -f "/var/log/terminated" ]]; then exit 0; echo "Job completed. Exiting..."; fi
            volumeMounts:
            - name: varlog
              mountPath: /var/log
          volumes:
          - name: varlog
            emptyDir: {}
          restartPolicy: OnFailure
      backoffLimit: 5
---
kubectl apply -f great-job.yaml
➜  ~ kubectl get pods
NAME                         READY   STATUS      RESTARTS   AGE
great-job-1575331260-mjl68   0/2     Completed   0          2m28s
great-job-1575331320-p6srg   0/2     Completed   0          88s
great-job-1575331380-xqk49   0/2     Completed   0          28s
➜  ~ kubectl logs -f great-job-1575331380-xqk49 -c count-log
0: Tue Dec  3 00:03:12 UTC 2019
1: Tue Dec  3 00:03:13 UTC 2019
2: Tue Dec  3 00:03:14 UTC 2019
3: Tue Dec  3 00:03:15 UTC 2019
4: Tue Dec  3 00:03:16 UTC 2019
5: Tue Dec  3 00:03:17 UTC 2019
6: Tue Dec  3 00:03:18 UTC 2019
7: Tue Dec  3 00:03:19 UTC 2019
8: Tue Dec  3 00:03:20 UTC 2019
9: Tue Dec  3 00:03:21 UTC 2019
Killed 7 because the main container terminated.

Based on Medium from Koji Nishikiori

You can download Gist

Slackware Security Advisor Bot

Three years ago, I started a personal project related to my favorite GNU/Linux, Slackware, this distribution was created in 1993 by Patrick Volkerding. Originally based on SLS Linux, Slackware is the oldest GNU/Linux distribution still in maintenance. The main philosophy is based on principles such as KISS (Keep it simple stupid) or keep it simple and stable, referring to a design point of view, instead of being easy to use. Your init scripts are BSD scripts, this allows that in a transparent and simple way be create or changed, unlike System V. The package system is also minimalist, it has dependency managers such as slackpkg, slapt-get, Some of these tools determine the dependencies by analyzing the installed packages, determining what libraries are needed, and then discovering which packages are available. This automatic process, very similar to the Debian APT and generally produces satisfactory results.

Slackware is a distribution that does not focus on having the latest versions of the programs, but its focus is to have a stable system. The new packages are tested and are not delivered until they are stable (this does not imply that it is the latest available version of the program), for example, the Linux 2.6 kernel was not included until 2007, having been released version 2.6.0 in the year 2003. But when some package has an update for bugs or security improvements, these are incorporated into the Slackware packages and advertised through from a mailing list of those updates and in the change log that is found on the website. Slackware includes inside the / extra directory of the installation CD the Slackpkg program that helps keep the system updated.

To keep up-to-date with new security updates, I created a bot called Slackawaresa. This bot reads from changes list(changelog) and posts the messages in the SlackwareSecAdv twitter account. Please, feel free to follow the SlackwareSecAdv on twitter to get the latest security updates advisors.

Git Hub SourceCode

Twitter Account Link

TimeLine

MongoDB Slackware script

#!/bin/sh
#
# MongoDB daemon control script.
# Written for Slackware Linux by Jose Bovet Derpich <[email protected]>.

BIN=/opt/mongodb/bin/mongod
PID=/var/run/mongod.pid
LOG=/var/log/mongodb
DBPATH=/opt/mongodb/data/db

mongod_start() {
  if [ -s $PID ]; then
    echo "mongod appears to already be running?"
    exit 1
  fi

  echo "Starting mongo server daemon..."
  if [ -x $BIN ]; then
    $BIN --auth --dbpath=$DBPATH --pidfilepath=$PID --logpath=$LOG --fork --bind_ip 127.0.0.1
  fi
}

mongod_stop() {
  echo "Shutdown mongod..."
  if [ -r $PID ]; then
    kill -TERM $(cat $PID)
    rm $PID
  fi
}

mongod_restart() {
  mongod_stop
  sleep 3
  mongod_start
}

case "$1" in
  start)
    mongod_start
    ;;
  stop)
    mongod_stop
    ;;
  restart)
    mongod_restart
    ;;
  *)
  echo "usage: `basename $0` {start|stop|restart}"
esac

Gist Link

Manifesto for Software Craftsmanship

It’s been a while, and my commitment continue.

Manifesto

Running Nginx with SSL/TLS provided by Let’s Encrypt

Let’s Encrypt is Certificate Authority (CA) and provide free SSL/TLS certificates to enable HTTPS connections on our website. It’s very simple to implement and integrate to nginx, you just have to generate the certificate with certbot script and add it to the server configuration. I am currently running Slackware 14, to run certbot, I need install the follow pyhton packages with easy_install:

  • python-setuptools
  • zope.interface
  • zope.component
  • six
  • pytz
  • pyrfc3339
  • PyOpenSSL
  • python-parsedatetime
  • parsedatetime
  • mock
  • configobj
  • ConfigArgParse
  • requests
  • psutil
  • pycparser
  • ipaddress
  • enum34
  • idna
  • cffi
  • pyasn1
  • cryptography
  • ndg_httpsclient
  • python2-pythondialog
  • python-augeas

Now, running this command will get a certificate.

certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d mydomain.cl

After obtaining the cert, you will have the following PEM-encoded files:

  • cert1.pem: Your domain’s certificate
  • chain1.pem: The Let’s Encrypt chain certificate
  • fullchain1.pem: cert.pem and chain.pem combined
  • privkey1.pem: Your certificate’s private key

You can check that the files exist by running the command:

  ls -l /etc/letsencrypt/live/mydomain.cl

Within this file, we just need to set:

  • ssl_certificate: directive to our certificate file
  • ssl_certificate_key: associated key.

the nginx.conf should looks like this:

# HTTPS server
#
server {
    listen       443 ssl;
    server_name  mydomain.cl;

    ssl_certificate      /etc/letsencrypt/live/mydomain.cl/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/mydomain.cl/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /var/www/nginx/public;
        index  index.html index.htm;
    }

    ...
}

Reference Certificats SSL/TLS avec Certbot sous Slackware

Slackware mosquitto script

#!/bin/sh
#
# Mosquitto daemon control script.
# Written for Slackware Linux by Jose Bovet Derpich <[email protected]>.

BIN=/usr/sbin/mosquitto
CONF=/etc/mosquitto/mosquitto.conf
# enable pid_file in /etc/mosquitto/mosquitto.conf
PID=/var/run/mosquitto.pid

mosquitto_start() {
  if [ ! -r $CONF ]; then # no config file, exit:
    echo "$CONF does not appear to exist. Abort."
    exit 1
  fi

  if [ -s $PID ]; then
    echo "Mosquitto appears to already be running?"
    exit 1
  fi

  echo "Starting Mosquitto server daemon..."
  if [ -x $BIN ]; then
    $BIN -c $CONF -d
  fi
}

mosquitto_stop() {
  echo "Shutdown Mosquitto..."
  if [ -r $PID ]; then
    kill -TERM $(cat $PID)
    rm $PID
  fi
}

mosquitto_restart() {
  mosquitto_stop
  sleep 3
  mosquitto_start
}

case "$1" in
  start)
    mosquitto_start
    ;;
  stop)
    mosquitto_stop
    ;;
  restart)
    mosquitto_restart
    ;;
  *)
  echo "usage: `basename $0` {start|stop|restart}"
esac

Gist Link

Current Status

Currently I’m running Slackware Linux 14.2 on a VPS with Kernel 4.9.50-x86_64 provided by Linode.com. The main specifications are 2GB RAM, 1 CPU Core Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz, 30 GB SSD Storage, 2TB Transfer, 40 Gbps Network In and 1000 Mbps Network Out, enough to be a happy user! smiley

At the moment, I’ve running few services like nginx stable version 1.12.2 with http2 as HTTP server and jekyll as static website, Let’s Encrypt as Certificate Authority provider for free SSL/TLS support heart I will soon install postfix mail server,

Integración Webpay Transbank SOAP

Ejemplo de Integración con java para servicio Webpay SOAP con springboot 1.4.2 + cxf 3.1.x

Link