Skip to content

2024

  • in Bash, SRE
  • 2 min read

Bash Shortcuts Cheat Sheet

Ensure that your terminal emulator is properly configured to treat the OPTION key as a modifier key

For macOS Terminal:

  1. Open Terminal preferences (Cmd + ,).
  2. Go to the Profiles tab and select your current profile.
  3. Under the Keyboard tab, check the option Use Option as Meta key.
  4. This setting ensures that the OPTION key is used as a modifier for key combinations like OPTION+B.

For iTerm2:

  1. Open iTerm2 preferences (Cmd + ,).
  2. Go to Profiles -> Keys.
  3. Under Left Option Key (or Right Option Key), set it to Esc+ (this makes OPTION act like the Meta key).
  4. Make sure that Send escape sequences is not causing unexpected behavior.

Command Editing Shortcuts

Shortcut Description
CTRL+A Go to the start of the command line
CTRL+E Go to the end of the command line
CTRL+U Delete from cursor to the start of the command line
CTRL+K Delete from cursor to the end of the command line
CTRL+W Delete from cursor to the start of the word
OPTION+D Delete from cursor to the end of the word (whole word if at the boundary)
CTRL+Y Paste the last cut text after the cursor
CTRL+XX Move between the start of the command line and the current cursor position (toggle)
OPTION+B Move backward one word (or go to the start of the current word)
OPTION+F Move forward one word
OPTION+C Capitalize to the end of the current word
OPTION+U Make uppercase from the cursor to the end of the word
OPTION+L Make lowercase from the cursor to the end of the word
OPTION+T Swap the current word with the previous word
CTRL+F Move forward one character
CTRL+B Move backward one character
CTRL+D Delete the character under the cursor
CTRL+H Delete the character before the cursor
CTRL+T Swap the character under the cursor with the previous one

Command Recall Shortcuts

Shortcut Description
CTRL+R Search command history backward
CTRL+J End the history search at the current entry
CTRL+G Escape from history searching mode
CTRL+P Go to the previous command in history
CTRL+N Go to the next command in history
CTRL+_ Undo the last command
OPTION+. Use the last word of the previous command

Command Control Shortcuts

Shortcut Description
CTRL+L Clear the screen
CTRL+S Stop output to the screen (useful for long-running verbose commands)
CTRL+Q Resume output to the screen
CTRL+C Terminate the current command
CTRL+Z Suspend the current command

Bash Bang Shortcuts

Shortcut Description
!! Run the last command
!blah Run the most recent command starting with "blah"
!blah:p Print the command that !blah would run
!$ The last word of the previous command
!$:p Print the last word of the previous command
!* All arguments of the previous command except the first word
!*:p Print what !* would substitute

Restricting linux capabilities with AppArmor

Introduction

AppArmor (Application Armor) is a Linux kernel security module that provides mandatory access control (MAC) to restrict the capabilities of programs.

It enforces security policies, known as profiles, that define the file system and network resources a program can access. By confining applications, AppArmor reduces the potential impact of security breaches, limiting the damage a compromised application can cause.

It is known for its ease of use and integration with various Linux distributions, providing a robust layer of defense to enhance system security.

Key Concepts

  • Profiles: AppArmor profiles define the permitted and denied actions for an application, enhancing security by restricting programs to a limited set of resources.
  • Modes: AppArmor operates in two modes:
    1. Enforcement: Enforces the rules defined in the profile, blocking any unauthorized actions.
    2. Complain: Logs unauthorized actions but does not block them, useful for developing and testing profiles.

Profile Components

  • Capability Entries: Define allowed capabilities (e.g., network access, raw socket usage).
  • Network Rules: Control access to network resources.
  • File access permissions: Specify file and directory access permissions.
#include <tunables/global>

profile /bin/ping {
  # Include common safe defaults
  #include <abstractions/base>
  #include <abstractions/nameservice>

  # Allow necessary capabilities
  capability net_raw,
  capability setuid,

  # Allow raw network access
  network inet raw,

  # File access permissions
  /bin/ping ixr,
  /etc/modules.conf r,
}

Common Commands

Check Profile Status.
aa-status
Load/Unload Profiles
sudo apparmor_parser -r <profile_file>
Disables a profile
sudo aa-disable <profile_name>
Switches a profile to complain mode.
sudo aa-complain <profile_name>
Switches a profile to enforce mode.
sudo aa-enforce <profile_name>

Best Practices

  • Least Privilege: Ensure profiles grant the minimum necessary permissions to applications.
  • Regular Updates: Keep profiles up to date with application changes and security patches.
  • Testing: Use complain mode to test new or modified profiles before enforcing them.
  • Monitoring: Regularly check logs for denied actions to identify potential issues or required profile adjustments.

Kubernetes Integration

In Kubernetes, you can enhance pod security by specifying AppArmor profiles within the securityContext of a pod or container.

Pod-Level AppArmor Profile:

To apply an AppArmor profile to all containers in a pod, include the securityContext in the pod specification:

apiVersion: v1
kind: Pod
metadata:
  name: apparmor-pod
spec:
  securityContext:
    appArmorProfile:
      type: Localhost
      localhostProfile: my-apparmor-profile
  containers:
    - name: my-container
      image: my-image

Container-Level AppArmor Profile:

To apply an AppArmor profile to a specific container, define the securityContext within the container specification:

apiVersion: v1
kind: Pod
metadata:
  name: apparmor-pod
spec:
  containers:
    - name: my-container
      image: my-image
      securityContext:
        appArmorProfile:
          type: Localhost
          localhostProfile: my-apparmor-profile

Key Points:

  • Profile Types:
  • RuntimeDefault: Uses the container runtime's default AppArmor profile.
  • Localhost: Uses a profile loaded on the host; specify the profile name in localhostProfile.

  • Unconfined: Runs the container without AppArmor confinement.

  • Profile Availability: Ensure the specified AppArmor profiles are loaded on all nodes where the pods might run. You can verify loaded profiles by checking the /sys/kernel/security/apparmor/profiles file on each node.

  • Kubernetes Version Compatibility: The use of securityContext for AppArmor profiles is supported in Kubernetes versions 1.30 and above. For earlier versions, AppArmor profiles are specified through annotations.

By configuring AppArmor profiles within the securityContext, you can effectively manage and enforce security policies for your applications in Kubernetes, enhancing the overall security of your containerized environments.

Scanning Images with Trivy.

Introduction

Trivy is an open-source security scanner that detects vulnerabilities in container images, file systems, and Git repositories. It identifies security issues in both operating system packages and application dependencies within the container. By using a regularly updated vulnerability database, Trivy helps ensure that containers are secure and compliant with security best practices.

Commands

Trivy commands specifically related to image scanning that are useful for the CKS exam:

Basic Image Scan

trivy image <image_name>

Scans a specified container image for vulnerabilities.

Output and Formatting

  • Output in JSON Format:
trivy image -f json -o results.json <image_name>

Scans the image and outputs the results in JSON format to a file.

  • Output in Table Format:
trivy image -f table <image_name>

Scans the image and outputs the results in a table format (default format).

Severity Filtering

  • Filter by Severity:
trivy image --severity HIGH,CRITICAL <image_name>

Scans the image and reports only high and critical severity vulnerabilities.

Cache Management

  • Clear Cache:
trivy image --clear-cache

Clears the local cache used by Trivy before scanning the image.

Ignoring Specific Vulnerabilities

  • Ignore Specific Vulnerabilities:
trivy image --ignorefile .trivyignore <image_name>

Uses a .trivyignore file to specify vulnerabilities to ignore during scanning.

Advanced Options

  • Timeout Setting:
trivy image --timeout 5m <image_name>

Sets a timeout for the scanning process.

  • Ignore Unfixed Vulnerabilities:
trivy image --ignore-unfixed <image_name>

Ignores vulnerabilities that do not have a fix yet.

  • Skip Update:
trivy image --skip-update <image_name>

Skips updating the vulnerability database before scanning.

Comprehensive Scan with All Details

trivy image --severity HIGH,CRITICAL --ignore-unfixed --skip-update -f json -o results.json <image_name>

A comprehensive scan that filters by severity, ignores unfixed vulnerabilities, skips database update, and outputs results in JSON format to a file.

These commands allow you to perform detailed and customizable scans on container images, ensuring you can identify and manage vulnerabilities.

  • in Linux
  • 1 min read

Process Management in Linux

Introduction

In Linux, a process is simply a program that is currently running. When you execute a command, it starts a process.

  1. Processes can be categorized into Foreground Processes, which require user input and run in the foreground.
  2. Background processes, which run independently of the user.

Understanding processes is essential for managing and interacting with programs effectively in Linux.

Process States

A process state refers to the current condition or status of a process in its execution lifecycle

graph TD;
    A[Created] --> B[Running]
    B --> C[Sleeping]
    C --> D[Interruptible sleep]
    C --> E[Uninterruptible sleep]
    B --> F[Stopped]
    F --> G[Zombie]

Describing various attributes of a process:

Attribute Description
PID Unique Process ID given to each process.
User Username of the process owner.
PR Priority given to a process while scheduling.
NI 'nice' value of a process.
VIRT Amount of virtual memory used by a process.
RES Amount of physical memory used by a process.
SHR Amount of memory shared with other processes.
S State of the process: 'D' = uninterruptible sleep, 'R' = running, 'S' = sleeping, 'T' = traced or stopped, 'Z' = zombie.
%CPU Percentage of CPU used by the process.
%MEM Percentage of RAM used by the process.
TIME+ Total CPU time consumed by the process.
Command Command used to activate the process.

Documentation Guide For CKS

Domains & Competencies

Topic Weightage (%)
Cluster Setup 10
Cluster Hardening 15
System Hardening 15
Minimize Microservice Vulnerabilities 20
Supply Chain Security 20
Monitoring, Logging and Runtime Security 20

Certified Kubernetes Security Specialist Certification Free Courses

1. Cluster Setup

2. Cluster Hardening

3. System Hardening

4. Minimize Microservice Vulnerabilities

5. Supply Chain Security

6. Monitoring, Logging and Runtime Security