Red Hat

ufw and firewalld

 ufw

• ufw allow 22
• ufw allow 22/udp
• ufw status

firewalld

• firewall-cmd --list-all

• firewall-cmd --list-services

• systemctl start firewalld

• systemctl stop firewalld

• systemctl disable firewalld

• firewall-cmd --list-services

• firewall-cmd --list-ports

• firewall-cmd --add-port=22/tcp
  

• 


https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-controlling_traffic#sec-Disabling_All_Traffic_in_Case_of_Emergency_Using_CLI

NOT_ENABLED: not in 'public'

dpkg (ubuntu)

Problem: dpkg error create new file

Solution : 

Problem: No apport report written because MaxReports is reached already

Problem: unit mysqld.service is masked

Solution: systemctl unmask mysql.service

Problem:  mysql.service: Failed with result 'exit-code'.

Galera Cluster-02

•  apt-get install python-software-properties

•  apt-get install software-properties-common

• apt-key adv --keyserver keyserver.ubuntu.com --recv 8DA84635

•   /etc/apt/sources.list.d/galera.list

• deb http://releases.galeracluster.com/galera-4/ubuntu focal/jammy main
  deb http://releases.galeracluster.com/mysql-wsrep-8.0/ubuntu focal/jammy main

•   /etc/apt/preferences.d/galera.pref
•  

  # Prefer Codership repository
  Package: *
  Pin: origin releases.galeracluster.com
  Pin-Priority: 1001

•  apt-get update
•  install galera-4 galera-arbitrator-4 mysql-wsrep-8.0
•  
•  
•  
• 

Galera Manager - Host Development Failed

Restart Networks in Ubuntu Server

GPG Key

 apt-key list

---------------------------

• gpg2 --gen-key

Ubuntu/Linux Commands

 Check ubuntu version

• lsb_release -a

Checking date

• date
• date + "%d/%b/%y-%R:%S"
• vim date-time.sh

Repository

• /etc/apt/sources.list

Installation

• apt-get install mysql

or

• wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
• dpkg -i mysql-apt-config_0.8.12-1_all.deb

Restart service

• systemctl restart mysql

Check installed app

• apt --list

or

• dpkg --list

Running Process 

• ps
• ps aux
• ps aux | grep ssh
• ps aux —sort=-pcpu,+pmem
• ps -o pid,uname,comm -C <process>
• top
• htop

Kill Running Process

• kill pid <number pid>

Network Monitor

• nmon

File or folder directory

• ls
• ll
• cd ../
• cd /etc/
• cd

Copy File

• cp info.php info.php.0

Read File

• cat /etc/source.cnf

Disk Usage

• df
• df -T
• df -m
• df -h
• df -i

Check Memory Usage

• free
• free -h
• watch free
• watch -d free

Check IP Address

• ip a

Shutdown

• systemctl poweroff

Restart

• reboot

Start/Stop Apps Service

• systemctl stop nginx
• systemctl start nginx
• systemctl reload nginx
• systemctl restart nginx
• service nginx reload
• service nginx restart

Web Server Information

• curl -i http://localhost

Remove File/Folder

• rm /etc/apt/...
• rm -rf /etc/apt.....

Firewall

• ufw allow http
• ufw status

Nginx (Install)

• 
  

Nginx

• nginx -t
• 
  

Nginx (Restrict IP Access)

• 
  

Configure SSL

• mkdir /etc/nginx/ssl/
• openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
• add-apt-repository ppa:certbot/certbot
• apt install python-certbot-nginx
• certbot --nginx -d ......................
• certbot renew --dry-run
• letsencrypt
• disable ipv6 on DBS Server

Wapiti (Web Vulnerability Scanner)

• apt install wapiti
• wapiti http://facebook.com -n 10 -b folder

Fail2Ban (Security Tools)

• Block IP Ranges

Repository

• /etc/apt/source.list
• 
  

------------

lxd init --auto

Ubuntu Server (Make static IP address)

 vim /etc/netplan/oo-installer-config.yaml

network:
 version: 2
 renderer: NetworkManager
 ethernets:
   eth0:
     dhcp4: no
     addresses: [172.23.207.254/20]
     gateway4: 192.168.1.1
     nameservers:
         addresses: [8.8.8.8,8.8.8.4]

netplan try
reboot

Clear DNS cache in Windows

Windows
ipconfig /flushdns 

Linux
$ sudo systemd-resolve --flush-caches $ sudo resolvectl flush-caches

Galera Cluster

Try install firewalld, what is different between ufw and firewalld !!!, firewalld focus on dynamic networks (home, office, public, etc)

• allow port 22, 3306, 33060 in firewall
• check linux repository
• https://galeracluster.com/library/documentation/galera-manager.html

• Open this website, https://galeracluster.com/library/documentation/galera-manager.html

• wget https://galeracluster.com/galera-manager/gm-installer
• chmod a+x gm-installer && sudo ./gm-installer install

If have error could not bind to address 0.0.0.0:80 https://www.youtube.com/watch?v=Eno2bcztsvQ

1. vim /etc/apache2/port.conf   >>>>>>>>>>> change 80 to 86 and change 443 to 7443
2. vim /etc/apache2/sites-available/000-default.conf >>>>>> change 80 to 86 and change 443 to 7443
3. systemctl restart apache2
4. apt-get purge nginx

If have error cannot bind 127.0.0.1:8086

 netstat -plten
kill pid 908

if failed in executing: apt-get install -y galera-manager

If there is still have problem, then try to do this

• sudo apt-get update
• sudo apt-get clean
• sudo apt-get autoclean
• sudo apt-get autoremove
• sudo apt-get --fix-broken install  

Invalid apt-get install -y curl

-----------------------------------------------------------

• insert the last url of both the directory to source.list and /etc/apt/source.list.d/galera.list
• 
  

https://www.digitalocean.com/community/tutorials/how-to-configure-a-galera-cluster-with-mysql-on-ubuntu-18-04-servers

Server and Database Load Balancing Request

 

https://www.quora.com/How-do-Google-and-Facebook-servers-synchronize-data

https://severalnines.com/blog/how-does-database-load-balancer-work/

https://severalnines.com/resources/whitepapers/mysql-load-balancing-with-haproxy/

https://severalnines.com/blog/clustered-database-node-failure-and-its-impact-high-availability/

https://galeracluster.com/

Generate SSH-Keygen on Windows

- Check on Windows setting and search Optional feature

- If the OpenSSH Client is exist

- open cmd and write ssh-keygen

To login without password, the ssh-keygen will be copied to authorized_key at .ssh/authorized_key diretory

Network Port Number

According to IANA (Internet Assigned Numbers Authority), there are known ports that was registered from (0-65535) using TCP/UDP

Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=1

by using CMD prompt with write netstat

From Netstat, we can show the protocol, local address, foreign address, state

- ESTABLISHED

- SYN_SENT

- CLOSE_WAIT

- TIME_WAIT

Using Windows PowerShell 

Get-NetIPConfiguration

 C:\Windows\System32\drivers\etc

22        : SSH (TCP)

23         : Telnet (TCP) - Not secure 

25        : SMTP (TCP)

53        : DNS (TCP/UDP)

80        : HTTP

88        : Kerberos (TCP)

110        : POP3, APOP (TCP)

123        : NTP (TCP)

137        : WINS (UDP)

161        : SNMP (UDP)

162        : SNMP (UDP)

179        : BGP (TCP)

443       : HTTPS

1701     : 

5900     : VNC (Virtual Network Computing) or RFB (Remote Frame Buffer)

QUIC :

NBNS

MDNS

ICMPv6

IGMPv3

LLMNR

Composer (localhost:8080)

 https://getcomposer.org/download/

apt install composer

https://codeigniter.com/user_guide/installation/installing_composer.html

php spark serve

vsftpd FTP server service failed

 vsftpd

- systemctl | grep fail

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

- 500 OOPS: socket or  could not bind listening IPv4 socket?

- edit vsftpd.conf in /etc directory

listen=YES
local_enable=YES
write_enable=YES
local_umask=022root
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem


- lsof -i | grep ftp

xinetd.service failed to stop: unit xinetd.service not loaded

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

ps (Process Status)

~ ps -ef

~ ps -ef | grep vsftpd

~ sudo kill <PID>

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

update-notifier-download.timer

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%