0

IPv6 shortening and compressing address rules

Posted on by Biafra

An IPv6 address can be very long as it is a 128 bits one. Asking someone verbally to check the connectivity to a given address can be tricky :-)

There are however some rules to shorten it and it’s a way to remove zeros.

Rule 1: Suppress leading zeros

Remove all leading zeros, the left side zeros, in every 16 bits field.

For example:

2001:0db8:0000:0000:0000:0000:000:0001

will be simplified to

2001:db8:0:0:0:0:0:1

Of course 0000 becomes 0.

Rules 2: The larger sequence of :0:0: can be reduced to ::

You can compact a sequence of zeros to the symbol ::.

Applying the rule to 2001:db8:0:0:0:0:0:1 would get us 2001:db8::1.

  • You can’t compact just one :0: – only a sequence.
  • If there is more than one sequence of :0: you can only compact the large one. If they have the same length compact the first one.

2001:db8::1:1:1:1:1 is not correct. It must be 2001:db8:0:1:1:1:1:1.

2001:0:0:1:0:0:0:1 will become 2001:0:0:1::1.

2001:db8:0:0:1:0:0:1 will become 2001:db8::1:0:0:1.

That’s it.

0

How to check an SSL certificate expiration date from the linux command line

Posted on by Biafra

Some days ago one of my sites certificate expired. I didn’t pay attention to the Let’s Encrypt periodic warning emails – I’m using the DNS-01 challenge.

I must create a simple script to check how many days are left and install it as a cron job.

After some search I found that curl and date could do it.

$ curl https://thejoyofstick.com -vI --stderr - | grep "expire date:" | cut -d: -f 2-
Jun 25 17:26:52 2022 GMT

$ date --date='Jun 25 17:26:52 2022 GMT' '+%s'
1656178012

$ date '+%s'
1649805603

$ echo '(1656178012-1649805603)/86400' | bc
73

We now have a way to calculate how many days are left.
You can build a bash script with these and, after checking for a countdown days threshold, send yourself a proper alert email.

For myself I’m using a perl script based on this one

#!/usr/bin/env perl

use strictures 2;
use IO::Socket::SSL;
use Net::SSLeay;
use Date::Simple ( 'date', 'today' );

my $site = shift || 'example.com';

my $client = IO::Socket::SSL->new("$site:443")
  or die "error=$!, ssl_error=$SSL_ERROR";
my $cert = $client->peer_certificate();
my $time = Net::SSLeay::X509_get_notAfter($cert);
my $asn_t = Net::SSLeay::P_ASN1_TIME_get_isotime($time);
my ($date) = split /T/, $asn_t;
my $diff = date($date) - today;
my $warning_time = 15;

print "Expire date: $date\n";
print "How many days left: $diff\n";
print "Warning before $warning_time days\n";

Added a personal email module to send a message if $diff is less than $warning_time and then cron with it.

Enjoy!

18

Installing SNMP MIB files in Linux Ubuntu 18.04 LTS, 16.04 LTS, 14.04 TLS and 12.04 LTS

Posted on by Biafra

Update: still valid for Ubuntu 20.04 LTS and 22.04 LTS !!!

Where are the MIB files ?

I’m in the middle of upgrading old servers and I found Ubuntu starting on 12.04 didn’t install the MIB files. Even if you install the SNMP applications. It was really strange to launch tkmib and just see a couple of nodes.

The explanation is simple. Just check the preamble of /etc/snmp/snmp.conf

#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
mibs :

Sure, but how can I install them ?

Fortunately there is a package to deal with that.

$ sudo apt-get install snmp-mibs-downloader

It will download the IETF MIB files and install them under the usual /usr/share/mibs/

If for any reason you don’t see it happen force it with

 $ sudo download-mibs

You can repeat this command later to update any new MIB file.

Let’s rock’n’roll

Well, almost. At this time your tools still won’t work correctly. Just remember the text on /etc/snmp/snmp.conf. You have to comment out the mibs : line! Now everything is by the book. Enjoy!

Install HP Support Software in your Ubuntu server