This is actually quite simple on Windows. One of my favorite features of PowerShell is that dir an alias for Get-ChildItem can be used on pretty much any hierarchy, including the certificate store.
After we have a list of the certificates we simply filter by the expiration date. Here is how we can find expiring certificates:. We start off by getting a recursive list of the certificates. Then the results are piped into the Where-Object cmdlet to filter for the certificates that expire between today and six weeks 42 days from now inclusive.
Additional filtering can be added by simply modifying the Where-Object filter, per Bob's original request. We can shorten the command using aliases and shortened parameter names, as well as store the output to be emailed. Emailing is quite simple too. PowerShell version 4 adds a new cmdlet, Send-MailMessage. We can send the certificate information like this:. Tim, you're getting soft with all these cool PowerShell features. Why when I was your age Oh, nevermind! Kids these days! If I'm feeling curmudgeonly, it's because this is far from a cake-walk in Linux.
Obviously, I can't check a Windows certificate store remotely from a Linux machine. So I thought I'd focus on checking remote web site certificates which could be Windows, Linux, or anything else from my Linux command line. The leading "echo" piped into the standard input makes sure that we close the connection right after receiving the certificate info.
Otherwise our command line will hang and never return to the shell prompt. We then use OpenSSL again to output the information we want from the downloaded certificate.
Here we're just requesting the "-dates"-- "-noout" stops the openssl command from displaying the certificate itself. However, there is much more information you can parse out. Here's a useful report that displays the certificate issuer, certificate name, and fingerprint in addition to the dates:.
But let's see if we can answer Bob's question, at least for a single web server. Of course, that's going to involve some date arithmetic, and the shell is clumsy at that. First I need to pull off just the "notAfter" date from my output:. You can convert a time stamp string like this into a "Unix epoch" date with the GNU date command:.
This is already getting pretty long-winded, but now I can check my result against Bob's 6 week threshold that's 42 days or seconds :. Clearly this is straying all too close to the borders of Scriptistan, but if you wanted to check several web sites, you could add an outer loop:. To maintain our fighting trim here in the Command Line Kung Fu dojo, we like to set little challenges for ourselves from time to time.
Of course, we prefer it when our loyal readers send us ideas, so keep those emails coming! All of the data breaches in the news over the last year got me thinking about credit card numbers. As many of you are probably aware, credit card numbers have a check digit at the end to help validate the account number.
The Luhn algorithm for computing this digit is moderately complicated and I wondered how much shell code it would take to compute these digits.
The Luhn algorithm is a right-to-left calculation, so it seemed like my first task was to peel off the last digit and be able to iterate across the remaining digits in reverse order:. The "rev" utility flips the order of our digits, and then we just grab everything from the second digit onwards with "cut". We use a little "sed" action to break the digits up into a list we can iterate over.
Then I started thinking about how to do the "doubling" calculation on every other digit. That means a little modular arithmetic:. Inside the loop, I'm evaluating a conditional expression to decide if I need to output the "double" of the digit or just the digit itself. We're basically done at this point. Even with all the extra whitespace, the whole thing fits in under characters! Grand Master Ed would be proud. I'm not even going to ask Tim to try and do this in CMD. I'm just wondering if he can do it so it still fits inside a Tweet Here is how we can accomplish the same task in PowerShell.
I'm going to use a slightly different method than Hal. In addition, I am going to extend his method a little to save a little space. This mutli-dimensional array contains a lookup for the number as well as the doubled number. That way I can index the value without an if statement to save space.
Here is an example:. The shortest way to get each digit, from right to left, is by using regex regular expression match and working right to left. A longer way would be to use the string, convert it to a char array, then reverse it but that is long, ugly, and we need to use an additional variable.
The results are fed into a ForEach-Object loop. According to my math this is exactly characters. I could trim another 2 by removing a few spaces too. It's tweetable! I'm honestly not sure where my brain was at when I was counting characters in my solution. Shortening variable names and removing all extraneous whitespace, I can get my solution down to about characters, but no smaller.
Tom's getting a lot of leverage out of the "split " operator and using his "for" loop to count backwards down the string. Way, way back after Episode Tony Reusser sent us a follow-up query. If you recall, Episode showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.
Tony's question was how to go back the other way-- from "file. Why would we want to do this? Heck, I don't know! Ask Tony. Maybe he just wants to torture us to build character. Well we here at Command Line Kung Fu fear no characters, though we may occasionally lose reader emails behind the refrigerator for several months. There are two nested loops here which work together to create our alphabetic file extensions.
Put them next to each other and you get "aa", "ab", "ac", etc. So, for all you computer science nerds, this is a rather weird looping construct because I'm using three different loop control variables.
And weird is how I roll. Then I check to see if "file. If we have a "file. If "file. And there you go. I hope Tim has as much fun as I did with this. I bet he'd have even more fun if I made him do it in CMD. Frankly all that PowerShell has made him a bit sloppy Wow, CMD huh? That trip to Scriptistan must have made him crazy. I think a CMD version of this would violate the laws of physics.
I'm on the other side of the world looking for Nermal in Abu Dhabi. Technically, it is May 1 here, but since the publication date shows April I think this counts as our April post. At least, that is the story I'm sticking to. Sadly, I too will have to enter Scriptistan. I have a visa for a long stay on this one. I'll start by using a function to convert a number to Base The basis of this function is taken from here. Make sure that you are only using trustworthy and credible websites and sources.
We provide an Command Line Kung Fu buying guide, and the information is totally objective and authentic. We employ both AI and big data in proofreading the collected information.
How did we create this buying guide? We did it using a custom-created selection of algorithms that lets us manifest a top list of the best available Command Line Kung Fu currently available on the market.
This technology we use to assemble our list depends on a variety of factors, including but not limited to the following:. We always remember that maintaining Command Line Kung Fu information to stay current is a top priority, which is why we are constantly updating our websites. Learn more about us using online sources. If you think that anything we present here regarding Command Line Kung Fu is irrelevant, incorrect, misleading, or erroneous, then please let us know promptly!
Contact us here. Or You can read more about us to see our vision. The find command is case sensitive, so I put in the cap-R in "Reply". By the way, you can speed it up by adding "-w " to have a timeout of milliseconds between each ping, rather than the normal. I had "-t " here earlier, but fixed it for "-w ".
Thanks to bolbroe for the catch. The fact is, I so often use -t with Windows ping to make it keep pinging a la Linux, it feels very natural to put -t in. But, the issue here is to make it wait, with -w, for milliseconds. Hal Comments: I have to admit that my first impulse here was to respond with "sudo apt-get install nmap". But Ed's going to be a stickler for our "built-in shell commands only" rule, so I guess I have to come up with something else.
0コメント