We Keep Coding

Configure HAProxy ACL using environment variables with multiple IP addresses/networks

I know you can use environment variables to configure HAProxy. It is working for me with a single value.
But, is it possible to use an environment variable with a list of values? (e.g: multiple src addresses)
For instance, in my haproxy.cfg:
...
acl acl_gateway_03 src "${ACL_GATEWAY_03_SRC}"
...
ACL_GATEWAY_04_SRC=172.30.4.0/24
But if I set a list of values (i.e: ACL_GATEWAY_04_SRC=172.30.4.0/24 172.30.6/24) the server does not start and shows this error message:
[ALERT] 034/181026 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:47] : error detected while parsing ACL 'acl_gateway_04' : '172.30.4.0/24 127.0.0.1' is not a valid IPv4 or IPv6 address.

You can use an acl for each ip range.
acl acl_gateway_03 src 172.30.4.0/24
or you can write a command in crontab to write the ranges of ips in files and use them in haproxy as below:
acl acl_gateway_03 -f file1.lst -i -f file2.lst test
The "-f" flag is followed by the name of a file from which all lines will be read as individual values. It is even possible to pass multiple "-f" arguments if the patterns are to be loaded from multiple files. Empty lines as well as lines beginning with a sharp ('#') will be ignored.

As user16818195 said in his response, according to documentation:
If the variable contains a list of several values separated by spaces, like this:
ENV_VAR=10.0.0.7 10.0.0.9 10.0.0.11
You need to reference the environment variable this way in the haproxy configuration file:
acl your_acl src "${ENV_VAR[*]}"

According to the documentation, this is supported but I couldn't figure out how exactly to do that:
If the variable contains a list of several values separated by spaces,
it can be expanded as individual arguments by enclosing the variable
with braces and appending the suffix '[*]' before the closing brace.

How to change IP in the hosts file

I am trying to change the IP address set to a particular site in the host file.
For example :
# 123.123.123 www.google.com
# 456.456.456 www.google.com
I want to make a test that I enter Google through 123.123.123 and as the program changes and open Google through 456.456.456.
Changing the servers manually is removing the # from the beginning of the line.
I do not want to use selenium grid with some machines since any machine on another server do not have the resources for it.
I want to change this in the same machine while running through the code.

As the etc/hosts file is picked up immediately by the system without a restart you can manipulate or even completely overwrite this file during your run.
The trouble is that to edit the hosts file you need 'root' rights and you are actually changing the behaviour of your host system. In order to prevent this you might think about running in a docker environment but if that is not possible you can do something like this with root access:
/etc/hosts file
# 123.123.123 www.google.com
# 456.456.456 www.google.com
as part of your test run:
# at start of run
sed -i .bak 's/# 123.123.123/123.123.123/g' /etc/hosts
# do other tests now
# later when stuff has changed
sed -i .bak 's/123.123.123/456.456.456/g' /etc/hosts
Something like this?

By using sed change IP Address what ever it is in brackets and quotes as in Suricata.yaml

I need to change IP address using sed in suricata.yaml file infront of HOME_NET.
HOME_NET: "[172.20.16.25]"
I can manage what ever IP address by using the following regex.
sed -i "s/[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}/"$IP"/g"
Problem is it will change all IP addresses in file. I just interested in that is in front of HOME_NET.

sed -i "/^ *HOME_NET/s/[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}/"$IP"/g"
To elaborate a bit: a single line of sed script is composed of a line matching rule (called address in the documentation) and an action to be executed (command). The /^ *HOME_NET/ part is a simple line matching rule, while the s/../../g part is the substitution command. If you don't specify a line matching rule, all lines are matched.
Try man sed to learn a bit more.

How to create a Zookeeper node from a file?

Using zkCli.sh,
create -s /myznode “Hello World!” null
creates a znode using the string "Hello World!"
How do I get it to use the contents of a file instead of a string?

With a multi line file containing spaces or line breaks, try something like this:
./bin/zkCli.sh create /test-node "`cat my-znode-content.xml`"

To set some data on zk node
./bin/zkCli.sh -server 172.26.65.11:2181 set /path "\`cat employee.xml\`"
or
./bin/zkCli.sh -server 172.26.65.11:2181 set /path "\`echo 'Node data is set.'\`"

If you look at ZooKeeperMain.java you can see that the only args it takes on the command line are for the server host and port to connect to.
If you then look at the method processZKCmd() you can see that it only takes arguments for sequential and ephemeral.
You can however send input to the command, e.g.
./zkCli.sh < script
where script contains "create mynode null"
From there it's not a long way to creating an input file that is itself created from the contents of a file. For example:
echo "create `cat myfile` > script; ./zkCli.sh < script
Bear in mind that zk nodes should be of fairly small size.

Is procmail chrooted or limited in using linux commands?

im using procmail to forward emails to different folders in my Maildir.
I use these two lines to get the FROM and TO from the mail, which works pretty fine.
FROM=`formail -x"From:"`
TO=`formail -x"To:"`
These two commands return the whole line without the From: and To: prefix.
So i get something like:
Firstname Lastname <firstname.lastname#mail-domain.com>
Now i want to extract the email between < and >.
For this i pipe the variable FROM and TO grepping it like this.
FROM_PARSED=`echo $FROM | grep -o '[[:alnum:]+\.\_\-]*#[[:alnum:]+\.\_\-]*'`
TO_PARSED=`echo $TO | grep -o '[[:alnum:]+\.\_\-]*#[[:alnum:]+\.\_\-]*'`
But when i print FROM_PARSED into the procmail log by using LOG=FROM_PARSED, i get an empty string in FROM_PARSED and TO_PARSED.
But if i run these commands on my console, all works fine. I tried many other grepping methods, using grep, egrep, sed and even cut (cutting < and >). All working on console, but i use it in procmail it just returns nothing.
Is it possible that procmail is not allowed to use grep and sed commands? Something like a chroot?
I dont get any error logs in my procmail log. I just want to extract the valid email address from the FROM and TO line. Extracting with formail works, but parsing it with grep or sed fails, even if expression is correct.
Could somebody help? Maybe i need to setup procmail somehow.

Strange.
I added this to the users .procmailrc file
SHELL=/bin/bash
The users shell was set to /bin/false, which is correct because its a mail user, no ssh access at all.

You should properly quote "$FROM" and "$TO".
You will also need to prefix grep with LC_ALL=POSIX to ensure [:alnum:] will actually match the 26 well-known characters + 10 digits of the English alphabet.

You already solved this, but to answer your actual question, it is possible to run procmail in a chroot, but this is certainly not done by Procmail itself. Sendmail used to come with something called the Sendmail Restricted Shell (originally called rsh but renamed to remsh) which allowed system administrators to chroot the delivery process. But to summarize, this is a feature of the MTA, not of Procmail.