Love Child or Demon Spawn?
Welcome to OpenConnect graphical client pages. OpenConnect is a VPN client, that utilizes TLS and DTLS for secure session establishment, and is compatible with the CISCO AnyConnect SSL VPN protocol. OpenConnect-gui is the graphical client of OpenConnect for the Microsoft Windows system (or any other system Qt and OpenConnect run at). The client is currently at beta testing phase. Includes OpenVPN, OpenSSL, easy-rsa, and drivers. Using Custom OpenVPN Binaries - Tunnelblick Free open source OpenVPN VPN client server software GUI for Mac OS X. Note: on older OSes, like CentOS 5, BSD 5, and Windows XP or Vista, you will need to configure with no-async when building OpenSSL 1.1.0 and above. The configuration system does not detect lack of the Posix feature on the platforms. Note: you can verify compiler support for uint128t with the following: # gcc -dM -E. What's new in OpenSSLUI 1.3: Can create RSA key pairs of bit lenght 512,1024, 2048 (2048 is added in version 1.2) Can create self signed certificates.
- Install PowerShell on MacOS
- Execute script file
- Version Logic: If Then Else
- Strings
- Curl
This article describes the use of PowerShell scripting on Mac and Linux.
“PowerShell” refers to both the command-line shell and scripting language designed system administration.
PowerShell is an object-centered “management engine”that can be hosted in an application program.
- CMD in Windows
- PowerShell ISE (from Microsoft)
- PowerGUI
- SAPIEN Technologies PowerShell Studio
- Idera PowerShell Pro
ISE = “Integrated Scripting Environment” is a GUI that providespopup tab completion and other assists.
PowerShell promises more consistency than the various commands added over time by various parties.
- It reads Excel files natively as well as JSON, XML, and even ASCII.
- Microsoft Deployment Toolkit
- Microsoft System Center
- IBM, etc.
Open source on Linux and MacOS
From the PowerShell and DSC Team YouTube channel:
This 51-minute series of demos was published Aug 18, 2016, the same dayPowerShell is open-sourced for all OSs at
https://github.com/PowerShell/PowerShell.
This article notes Desired State Configuration for Linux and the promise of SSH support arrived in 2014 (several months before Microsoft open sourced .NET and brought .NET Core to Linux). But “you had to author your scripts on the Windows platform, you had to configure things on the Windows platform and then deliver the desired configuration to a Linux box and have it be configured; now you can do all of that on Linux.”
Install PowerShell on MacOS
There is a brew powershell as of beta.7:
brew cask install powershell
Alternately, click to download the latest release for MacOS at:
https://github.com/PowerShell/PowerShellAlternately, get back versions at
https://github.com/PowerShell/PowerShell/releases
</tr>Date File MB Size Space Cmds Apr, 2018 6.0.2 on brew 50.8 MB Sep 13, 2017 powershell-6.0.0-beta.7-osx.10.12-x64.pkg 50.8 MB Sep 13, 2016 powershell-6.0.0-alpha.10.pkg 28.2 MB ? MB 345 Aug 10, 2016 powershell-6.0.0-alpha.9.pkg 37.1 MB 119.7 MB Jul 26, 2016 powershell-6.0.0-alpha.7.pkg 25.0 MB Jul 8, 2016 powershell-0.6.0.pkg 24.2 MB - Open the .pkg file in the Downloads folder:
Click Continue, etc.
NOTE: For Windows: Microsoft Windows Management Framework 5.0
In and Out
Open a Terminal shell window to launch PowerShell:
powershell
Alternately:
pwsh
The response is “PS” in front of the file path prompt:
Check the version of PowerShell being used by calling a pre-defined variable:
$psversiontable
PROTIP: With PowerShell, a variable can act like a command.
Response:
QUESTION: What’s the CLRVersion?
Versions of PowerShell:
- 6.0 for Mac/Linux in Windows 10 Anniversay Edition
- 5.0 in 2015 for Visual Studio Code text editor
- 4.0 in 2014 with Windows 10 and .NET Framework 4.0 and Windows Management Framework 3.0
- 3.0 in 2012 with Windows 8/Server 2012
- 2.0 appeared in 2009
- 1.0 appeared in 2006
- Monad Manifesto published by Jeff Stover.
PROTIP: Know the PowerShell commands known not to work on Linux/macOS.
To leave PowerShell, it’s the same as in Bash scripts:
exit
When you return back in…
Get help information for a command:
get-help stop-service
Visual Studio Code Editor
One text editor built for PowerShell is Microsoft’s Visual Studio Code.
Install Visual Studio Code (see https://chocolatey.org/packages/VisualStudioCode):
choco install visualstudiocode -y
Install the PowerShell add-in to VSCode:
choco install vscode-powershell -y
Install the PowerShell Editor Services extension by pressing Ctrl+P, then type “ext install PowerShell” for a list of add-ins.
Ctrl+P is the universal search that also does “fuzzy search” of text in files open.
Click “install” of the extension named “PowerShell”.The icon turns to “installing”.
Open a directory containing PowerShell scriptsand open the File menu and select “Open Folder …”.Select the folder containing your scripts.
The scripts show up in the Explore tab of the Side Bar.PROTIP: One advantage using VS Code is its Side Barenabling you to switch quickly among different files.
Press Ctrl+B to hide and unhide the Side Bar.
Press Ctrl+ to open a new editor window.
Up to three editor panes can be open at once.
Press Ctrl+1, 2, or 3 to switch among the files.
To edit user settings, press Ctrl+Shift+P, then type “user” and press enter.
Click on “powershell.scriptAnalysis.enable”.
Press Ctrl+Shift+<period> to change value from true to false or back again.
Keith Hill notesdebugging support provided by the PowerShell Editor Services extension currently runs only on Windows.
Install .NET Core
PowerShell is written on top of .NET..NET’s previous dependencies on Windows components have been removedin .NET Core.
PowerShell errors occur if .NET Core is not installed, so:
Go to web page https://www.microsoft.com/net/core#macos
The web page asks for OpenSSL to be installed.
On a Mac:
Click the link to download the 50.3MB
dotnet-dev-osx-x64.1.0.0-preview2-003131.pkghttps://github.com/dotnet/core/blob/master/cli/known-issues.md
Run the installer (for 106.3MB of space).
Before installing anything or running through the update app, hit Command+i or pull down the File menu and choose “Show Files”:
- ./shared - Microsoft .NET Core 1.0.1 - Runtime
- ./host - Microsoft .NET Core 1.0.1 - Host FX Resolver
- ./dotnet
- ./sdk - Microsoft .NET Core 1.0.1 - SDK
These are folders within folder /usr/local/share under “Macintosh HD”.
Edit your Bash shell search PATH to include/usr/local/share/dotnet
atom ~/.bash_profile
An example:
Open a new Terminal shell window to run:
The response:
In a PowerShell invoke this to ensure that it can be done:
Execute script file
I like using script files rather than typing becauseit allows me to focus on the latest in what is usuallya long string of commands necessary in today’s complex world.
To call scripts, an example:
PROTIP: Make sure that when a file with .ps1 extension is clicked from Folder, the script is not launched to run, but that the script appears in a text editor.
A sample command to invoke the script including an execution policy :
Notice it’s “powershell” and not “powershell.exe” because Mac and Linux don’t recognize .exe.
When a script is signed, its location is locked to a specific full directory path, even when it’s in the current folder.
Openssl Tool For Mac
“remotesigned” is important because if this script has not been digitally signed, one needs to set PS execution policy to “RemoteSigned” (or “Unrestricted”) after reopening PowerShell as an Administrator to run:
By default PowerShell prevents the execution of PowerShell scripts on Windows systems.
Set-ExecutionPolicy RemoteSigned
Get a list of current security settings:
Get-ExecutionPolicy -List | Format-Table -AutoSize
See https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
https://github.com/MeshkDevs/InvokeTwitterAPIs
## Verify a signed script can be used #
Set
Set-ExecutionPolicy AllSigned
Install a signing cert on Mac
To add the CA root certificate (either PEM or DER format) into the OSX global keychain:
Use Finder to navigate to your /System -> Library -> Keychains -> X509Anchors to your own Library -> Keychains.
In a Terminal shell window, run command:
certtool i mycertificate.crt k=X509Anchors
Add a “d” at the end for DER format.
Copy your Library -> Keychains -> X509Anchors back to /System -> Library -> Keychains.
Use sudo.
Automatic logging
Increasingly, hackers are using PowerShell to create havoc.
So it’s a good idea to automatically logging using the start-transcript
and stop-transcript
commands.
BLAH: The sample script at https://github.com/wilsonmar/git-utilities/ps-auto-log.ps1,causes errors during execution of scripts.
Inside the file:
PROTIP: This can use up a lot of space quickly, so some management of its use is necessary.
Version Logic: If Then Else
I haven’t found a way to have a Bash script that can also be run as a PowerShell script.
PROTIP: Switching from Bash to PowerShell means a one-time migration and there is no turning back unless you want to maintainparallel scripts.
This is largely because of differences in if/then/else coding. The same if/then/else syntax in PowerShell scripts for Mac and PC is needed for the same script file to be used.
On Bash:
The question is whether a single PowerShell script can reallyrun on both Mac and Windows. Do a parallel run.
Install Openssl On Mac
For different actions in PowerShell according to type of operating system:
NOTE: Because braces define actions, there is no “end if” (“fi”) in PowerShell.
Comparison Operators
-eq / -ne / -ge
-Like / -NotLike wildcard string - $name -Like “*sh”
-Match / -NotMatch regular expression - $name -Match “sh$”
-Contains / -NotContains a value in array - $name -contains “jo”
-In / -NotIn Is a value in an array - “joe” -in $name
Logical operators
-And
-Or
-Xor = Logical exclusive or.
Tilde and Providers
PROTIP: Use $home instead of the tilde (~)in PowerShell because tilde does not always represent the the user’s home folder as in Linux.This is because PS has different“providers” that include HKLM and HKCU top-levels in the Windows Registry.Get a list of providers and disk space:
Get-PSDrive
The response:
PowerShell calls files “items” as a term that groups files with registry keys and variables.
returns the Mode and LastWriteTime of the user.
Instead of “mkdir” to create folders, use
New-Item
To list files in a folder, it’s the same as in Bash:
ls -al
PowerShell cmdlets (command-lets) enables computers to be managed from the command line,much like Bash shell scripts on Linux machines.How many are there?
(get-command).count
https://github.com/pester/Pester/wiki/Mock
Handling secrets
PROTIP: Files containing secrets, such as passwords andcertificates are NOT stored in GitHub nor script files, but in a separate location, and backed up among other local files.
The secrets are retrieved into the script at run-time.
See my tutorial on GitHub Data Security
Hash tables
BTW, keys in a hash table must be unique.
Hash tables are used throughout PowerShell.
An example of a REST API call:
Sort a hash tables using the GetEnumertor():
Objects
Get-Service m* | where {$_.status -eq ‘running’}
Get-Service m* | where status -eq ‘running’
The “$_” represents the current object in v2 can handle more complexity than v3 syntax:
Alias not parameters
Many Bash commands work in PowerShell (ls, cat, echo) becauseAliases make many commands in Bash scripts work:
get-alias echo
The response is “Write-Output”, which is what is executed.
BLAH: Many parameters to aliases are not recognized. For example, this common command results in an error:
ls -al
Instead, use:
dir -File | format-table
NOTE: dir is an alias to Get-ChildItem.
Thus,
Write-Host $env:computername -foreground Green
”–passthru” means do not go through Pipeline.
You can reset a default alias.
Environment Variables
PROTIP: Environment variables defined in Bash scripts can be read by PowerShell scripts and visa-versa.
Lists of environment variables:
The command “dir” is an alias of Get-ChildItem.
For the value of a single environment variable:
Get-ChildItem Env:USER
Get-ChildItem Env:AWS_DEFAULT_REGION
Paths
Instead of “rm -rf” in Bash:https://blogs.technet.microsoft.com/heyscriptingguy/2012/02/22/the-best-way-to-use-powershell-to-delete-folders/
“-WhatIf” specifies a dry-run.
Combine files
Ro add the content of several files into a single text file:
Cmdlets
PS has some smarter parameters, such as filtering for files onlyand running recursively into sub-folders:
dir c:work*.ps1 -file -recurse
All PowerShell cmdlets follow a standardized verb-noun naming convention that makes it easy to look up, find, and use cmdlets.For a list of all the verbs:
get-verb
REMEMBER: Capitalization counts within PowerShell.
get-command -verb export
get-command -noun ACL
Mac Openssl Devel
paths
Only 25% of cmdlets are shipped with paths.
Strings
PROTIP: Don’t use “+” for string concatenation.
.NET Framework members
Initially built on Microsoft’s .NET Framework, PowerShell can refer to a static .NET member in square brackets with two colons to specify Pi:
[math]::pi
It’s wonderful that PowerShell doesn’t require an echo to display the value of objects.
To delete a file in the .NET I/O directory object:
The issue with using .NET objects is that they may execute in a different folder context than PowerShell.
TODO: $prompt
Other pre-defined variables
To count the number of cmdlets:
To get the current folder:
Alternatively, use (since v2):
This returns a PathInfo object.
$scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
Dates
Based on http://ss64.com/ps/syntax-dateformats.html
Zip files using functions
Pipelines
Instead of just parsing text (as *Nix shells do),PowerShell works with objects in a pipeline.
Piping:
To list all variables defined and their values:
Get-Variable | Out-String
PROTIP: With PowerShell, it’s best to use out-file instead of “>” redirect character:
dir -file -hidden | out-file -filepath rootfiles.txt
Error handling:
Use preference variables for stream redirection:
1> Success 2> Error 3> Warning 4> Verbose 5> Debug
NOTE: Can Only merge to the success stream.
$Error is the automatic array that stores the last 256 exceptions (objects in error) - the default $MaximumErrorCount.
Error action preferences:
0 = Silently Continue
1 = Stop
2 = Continue
3 = Inquire
4 = Ignore [parameter value only]
Module to call REST API
This suggests:
PROTIP: To press the trailing back-tick that breaks up a command into several lines, press the key at the upper left corner of the keyboard with your left hand while you press shift key using your right hand.
A space character is required before the tick.
PROTIP: Break up long text into a string block (which Microsoft calls here-string):
The output is:
From https://apps.twitter.com/ define a new app. In Permissions tab, select Read-only. Click Update Settings. In Key and Access Tokens tab, click “Create my access tokens”. Copy the Consumer Key (API key) and paste in ~/.passwords as TWITTER_TOKEN.
It takes many lines to mess with OAuth, so I make use of Adam’s library for Twitter’s v1.1 API described at:
http://www.adamtheautomator.com/twitter-module-powershell/
https://gallery.technet.microsoft.com/scriptcenter/Tweet-and-send-Twitter-DMs-8c2d6f0a
called “Tweet and send Twitter DMs with Powershell”.Adam’s “MyTwitter.psm1” I’ve download had 229 lines on 8/31/2014.
PROTIP: The “.psm1” extension means it’s a PowerShell module.
I used a text editor to edit the file to paste in variables for the 4 credentials from Twitter.
I then saved the module in the same GitHub folder as my script,and added a command to pull the module into the script:
Alternately, Copy-install the module to your $env:PSModulePath
See http://www.powershellgallery.com/gettingstarted
PowerShellGet from the Windows PowerShell Framework 5.0
The alternative is to put the module in the PSModulePath,which enables tab completion to complete the names of commands from modules that are not loaded.
The module has these functions:
- Get-OAuthAuthorization
- Send-Tweet
- Send-TwitterDm
Paste in your PowerShell script:
BTW, PowerShell cmdlets in https://github.com/Iristyle/Posh-GitHubis only for use on Windows.
Trevor Sullivan (@pcgeek86) made a 20:40 video Mar 17, 2016
A PowerShell Module for manipulating PowerShell ProfilesbyThomas Malkewitz
Curl
curl is an alias for Invoke-WebRequest in PowerShell.
https://channel9.msdn.com/Blogs/trevor-powershell/Automating-the-GitHub-REST-API-Using-PowerShell
## JSON from REST API #
To extract out a key from the JSON file:
https://www.pluralsight.com/courses/powershell-modules-advanced-functions-building
Profile scripts
Jeff Hicks notes these profile scripts execute automatically at start:
To view all profiles:
$profile | select *
Folder | Script file | Script name |
---|---|---|
C:Windows System32 WindowsPowerShell v1.0 | profile.ps1 | AllUsersAllHosts |
Microsoft.PowerShell.profile.ps1 | AllUsersCurrentHost | |
Microsoft.PowerShellSE.profile.ps1 | AllUsersCurrentHost (ISE) | |
C:Users<user>Documents WindowsPowerShell or /Users/<user>/ .config/powershell/ | Microsoft.PowerShell.profile.ps1 | CurrentUsersAllHosts* |
profile.ps1 | CurrentUserCurrentHost | |
Microsoft.PowerShellSE.profile.ps1 | CurrentUserCurrentHost (ISE) |
- = This is the one shown when $profile is typed in.
API calls
Corporate IT departments often use Group Policies.
$Headers = “Authorization: token ${GITHUB_TOKEN}” echo “Headers=$Headers” # DEBUGGING
$Token=$GITHUBUSER +’:’+ $SECRETS.GITHUB_TOKEN; $Base64Token=[System.Convert]::ToBase64String([char[]]$Token); $Headers = @{ Authorization = ‘Basic(0)’ -f $Base64Token; }; # -f is for substitution of (0). # See https://technet.microsoft.com/en-us/library/ee692795.aspx # Write-Host (“Headers=”+$Headers.Authorization) $Headers = “{ Authorization: = Basic $GITHUB_TOKEN }” # -f is for substitution of (0). # See https://technet.microsoft.com/en-us/library/ee692795.aspx Write-Host (“Headers=”+$Headers)
Iterate
Stephane shows this command to move (pipe) png files from Desktop to Pictures folder:
A variable can contain an array:
More Libraries
https://www.simple-talk.com/blogs/psyaml-powershell-yaml/
Read in CSV file
This blog gives an example of importing a CSV file:
$data = Import-CSV C:scriptsmoviedata.csv
Sorting by date requires creating a new property:
The new property persists, so can be used this way:
More on DevOps
This is one of a series on DevOps:
- Packer automation to build Vagrant images
- Terraform multi-cloud provisioning automation
Hashicorp Vault and Consul to generate and hold secrets
- Choose a tag to compare
- Choose a tag to compare
PeterDaveHello released this
- Enable smart linking (#1252)
- Add basic snap package files (#1109)
- Add WhiteSource Bolt config (#1243)
- Add Windows AMD64/64bit release
- Add Windows dependency install script
- Add Windows build zip tarball release script
- Add shfmt test on Travis CI for shell scripts
- Add missing
libssl-dev
in Debian/Ubuntu dependency - Add eclint format checking for certain files on Travis CI
- Improve .travis.yml styling
- Set macOS builds to use cocoa for 64bit release (#1224)
- Update .editorconfig
- Update Lazarus on macOS to v2.0.4
- Update Lazarus on Windows to v2.x (with FPC v3.0.4)
- Update OpenSSL for Windows from 1.0.2s to 1.0.2t
- Update Traditional Chinese translation
- Update Docker image for arm builds on Travis CI
- Update Travis CI Linux env to Ubuntu Bionic (18.04)
- Update Travis CI mac env to macOS 10.14 w/ Xcode v11.1
- Update node.js version on Travis CI env from v4 to v10
- Update Debian/Ubuntu dependency for
realpath
command - Refactor build script of macOS and Windows
- Refactor dependency install script of Debian/Ubuntu Linux and macOS
- Refactor, clean up and simplify .travis.yml