Sunday, April 29, 2012

Life after rm -rf

You just ran rm -rf ... for the time in your life and guess what, today you mistyped!!! What to do?
  • Identify your OS and see if there are proper recovery tools
  • Linux?
    • You're fudge'd! but there is hope ...
    • Do NOT quit your session (bash session, terminal window or remote ssh session), do NOT quit/exit it.
    • Use the history command and recreate your .bash_history file:
      history | cut -c 8- > ~/.bash_history
    • Use your wisdom of the ages to go through the compacted version of your history and recreate whatever you can.
      cp ~/.bash_history ~/.bash_history_backup
      awk ' !x[$0]++' ~/.bash_history > ~/noDuplicates
      mv ~/noDuplicates ~/.bash_history
    • If you were on an AWS image, rejoice! It will at least partially recover the basics of your home (~/) directory.
    • Set up daily snapshots and backup processes into place.
  • Mac?
    • There are some decent recovery tools like MacKeeper but chances are that by the time you download it, you'll end up overwriting disk sections that you wanted to recover.
    • Know when to give up on a lost cause, get out your blanky, assume the fetal position, suck on your thumb and cry to momma.

Tuesday, April 24, 2012

Securing ElasticSearch for direct access via a Jetty plugin

  1. The elasticsearch-jetty plugin can be used to secure an ES instance for direct access.
  2. If the first wall you hit, happens to be a "gap" in Jetty know-how then refer to the following to get up to speed:
  3. Next, you may struggle with your wish for Jetty to be super-secure vs. how to make it happen:
  4. Getting a CA-signed cert is always such a pain so if you can re-purpose an existing one ... great!
    • Need to perform some transformations on the available keys & certs? You may refer to ... I found the following instructions provided there to be particularly useful:
      Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
      openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
      You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
    • Using Portecle (wrapped with Jar Bundler) or KeyStore Explorer works well too.