GOA Systems

Month: July 2021

  • Change date modified of files and delete files other than n days

    I am working on a backup script on Linux and for that I need test data: Files that are modified on certain dates and that I can scan for. Of course I could create a file every day for the next month, but that would take a little too long. I found out, that one can use the command “touch” to change the dates for “modified” and “last access”

    touch -m -t 202107200100.00 test.txt

    This would change the modified date of the file “test.txt” to the 20th of July 20201 01:00:00 at night. This could be integrated in a loop for example. To create 10 files with one modified each day the following script does the job:

    #!/bin/bash
i=20
while [ $i -ge 10 ]
do
  touch test_$i.txt
  echo "Hello World" > test_$i.txt
  touch -m -t 202107${i}0100.00 test_$i.txt
  ((i--))
done

    Of course, this is pretty simple, but it does the job for my task.

    To scan and delete files older than 5 days I can then use …

    find . -mtime +5 -delete

    … in the same folder.

    Pretty neat, huh?

  • Securing your private keys and preventing others from using them

    I have to access a lot of server remotely and for this I am using public/private key authentication. This means basically that I have a key pair, consisting of public and private key, on my computers that identifies me. If I need access to a remote machine I send my public key to the administrator or configure it on the remote machine myself if it is managed my me. This means if someone would get access to my key, for example by accessing my computer with a Live-Linux, this person could access the servers I have access to.

    Because of that I see it as my responsibility to take precautions to keep my keys secure and prevent others to access them, even if they have access to my computer (for example if my computer is at the repair shop or unguided in the office).

    To achieve this task I take two possible ways into consideration:

    1. Password on your private key file.
    2. Disk encryption.

    Password

    If the private key is protected with a password it is basically useless without it. It can not be used to access the servers because the connection is blocked. This is basically using your own password to connect to a remote servers without telling it to the administrators. This method has one drawback:

    • The password has to be entered every time when connecting or at least when starting an agent software that provides the keys during a session.

    Disc encryption

    Disk encryption is the second method to prevent someone from getting your keys by accessing the disk directly from a third party operating system. It is supported by major operating systems and also secures other data on the hard drive. But there are also drawbacks:

    • A pin code has to be entered when starting the system.
    • Performance is worse because data has to be decrypted during runtime.
    • When the pin is forgotten the data is basically lost.
    • The pin offers less security than a complex password on the private key.

    Conclusion

    Both methods help to prevent fraudulent access to the private key of a user. From my point of view the password offers more convenience and security and does not come with the risk of completely losing data in case the pin is lost. If the password is forgotten a copy of the key could be stored on a USB drive or CD in safe as a backup. Even a print out could be stored and typed back in.

    I will go with the password secured key from now on and will store a copy at home. On machines, that are accessible by others I will use the password protected key. On machines with no public access, for example at home, I will use the password less version of the key.

  • Get full path of executable in PATH variable

    Ever wanted to get the full path of an executable that is located in the global PATH variable? Maybe for configuration purposes? Take a look at the following snippet. It may help you:

    (Get-Command -Name @("code.cmd")).Path | ForEach-Object {
	Write-Host "$(([System.IO.DirectoryInfo]$_).Parent.FullName)"
}

    This will show the full path of the parent folder containing “code.cmd”. The term “code.cmd” could be replaced with “java”, “cmd”, “powershell” or whatever is configured in the global path. It could be useful to find out what version of a certain framework or program is used for example.