HTTP | HTTPS |
URL begins with “http://” | URL begins with “https://” |
It uses port 80 for communication | It uses port 443 for communication |
Unsecured | Secured |
Operates at Application Layer | Operates at Transport Layer |
No encryption | Encryption is present |
No certificates required | Certificates required |
Bread and butter of Operations role
Wednesday, 1 July 2015
Difference between http and https
Grep command options
grep prints lines of input matching a specified pattern.
1. Search for the given string in a single file
Syntax:
grep "literal_string" filename
2. Checking for the given string in multiple files.
e.g.
$ cp demo_file demo_file1
$ grep "this" demo_*
3. Case insensitive search using grep -i
Syntax:
grep -i "string" FILE
4: -c, --count
Instead of the normal output, print a count of matching lines for each input file.
5: -v , --invert-match
With the -v, --invert-match option, count non-matching lines.
6: -w, --word-regexp
Select only those lines containing matches that form whole words.
7: -x, --line-regexp
Select only those matches that exactly match the whole line.
8: -L, --files-without-match
Suppress normal output; instead print the name of each input file from which no output would normally have been printed.
The scanning of each file stops on the first match.
9: -l, --files-with-matches
Suppress normal output; instead print the name of each input file from which output would normally have been printed.
The scanning of each file stops on the first match.
10: -m num, --max-count=num
Stop reading a file after num matching lines.
11: -o, --only-matching
Print only the matched (non-empty) parts of matching lines, with each such part on a separate output line.
12: -q, --quiet, --silent
Quiet; do not write anything to standard output.
Exit immediately with zero status if any match is found, even if an error was detected.
13: -s, --no-messages
Suppress error messages about nonexistent or unreadable files.
14: Context Line Control
1. Search for the given string in a single file
Syntax:
grep "literal_string" filename
2. Checking for the given string in multiple files.
e.g.
$ cp demo_file demo_file1
$ grep "this" demo_*
3. Case insensitive search using grep -i
Syntax:
grep -i "string" FILE
4: -c, --count
Instead of the normal output, print a count of matching lines for each input file.
5: -v , --invert-match
With the -v, --invert-match option, count non-matching lines.
6: -w, --word-regexp
Select only those lines containing matches that form whole words.
7: -x, --line-regexp
Select only those matches that exactly match the whole line.
8: -L, --files-without-match
Suppress normal output; instead print the name of each input file from which no output would normally have been printed.
The scanning of each file stops on the first match.
9: -l, --files-with-matches
Suppress normal output; instead print the name of each input file from which output would normally have been printed.
The scanning of each file stops on the first match.
10: -m num, --max-count=num
Stop reading a file after num matching lines.
11: -o, --only-matching
Print only the matched (non-empty) parts of matching lines, with each such part on a separate output line.
12: -q, --quiet, --silent
Quiet; do not write anything to standard output.
Exit immediately with zero status if any match is found, even if an error was detected.
13: -s, --no-messages
Suppress error messages about nonexistent or unreadable files.
14: Context Line Control
- -A NUM, --after-context=NUM
- Print NUM lines of trailing context after matching lines.
- Places a line containing a group separator (--) between contiguous groups of matches.
- With the -o or --only-matching option, this has no effect and a warning is given.
- -B NUM, --before-context=NUM
- Print NUM lines of leading context before matching lines.
- Places a line containing a group separator (--) between contiguous groups of matches.
- With the -o or --only-matching option, this has no effect and a warning is given.
Tuesday, 30 June 2015
Load Balancing Scheduling Algorithms
Round Robin
- Essentially this is a simple mechanism in which the content access request is responded to by the load balance in a rotational basis, the first request grants access to the first available content server giving its IP address and the second to the second server IP address and so on.
- The moment a server IP address has been given its IP address is moved to the back of the list of available IP addresses and gradually it moves back to the top of the list and becomes available again.
- The frequency that it returns to the top depends on the number of available servers in the round robin server cluster being used.
- A good way to think of this is a method of server allocation on a continuous looping fashion.
- With this method incoming requests are distributed sequentially across the server farm (cluster), i.e. the available servers.
- If this method is selected, all the servers assigned to a Virtual Service should have the similar resource capacity and host identical applications.
- Choose round robin if all servers have the same or similar performance and are running the same load.
Weighted Round Robin
- This method balances out the weakness of the simple round robin: Incoming requests are distributed across the cluster in a sequential manner, while taking account of a static “weighting” that can be pre-assigned per server.
- The administrator simply defines the capacities of the servers available by weighting the servers.
- The most efficient server A, for example, is given the weighting 100, whilst a much less powerful server B is weighted at 50.
- This means that Server A would always receive two consecutive requests before Server B receives its first one, and so on.
Least Connection
- Both round robin methods do not take into account that the system does not recognize how many connections are maintained over a given time.
- It could therefore happen that Server B is overloaded, although it receives fewer connections than Server A, because the users of this server maintain their connections longer.
- This means that the connections, and thus the load for the server, accumulate.
- This potential problem can be avoided with the "least connections" method:
- Requests are distributed on the basis of the connections that every server is currently maintaining.
- The server in the cluster with the least number of active connections automatically receives the next request.
- Basically, the same principle applies here as for the simple round robin: The servers related to a Virtual Service should ideally have the similar resource capacities.
- Please note that in configurations with low traffic rates, the traffic will not balance out and the first server will be preferred.
- This is because if all the servers are equal, then the first server is preferred.
- Until the traffic reaches a level where the first server continually has active traffic, the first server will always be selected.
Fixed Weighted
- The highest weight Real Server is only used when other Real Server(s) are given lower weight values.
- However, if highest weight server falls, the Real Server with the next highest priority number will be available to serve clients.
- The weight for each Real Server should be assigned based on the priority among Real Server(s).
How to install a package in linux
Command-line process:
- Compiling and Installing software from source/manual
- Installing RPM's using the Redhat Package Manager
- Installing using Debian's apt-get
- Installing with fedora / yum
Compiling and Installing software from source/manual
- Generally when you download a package for installation that ends with tgz, gz, bz2, or *zip this will be a source installation.
- If your file ends with a "bz2" you will first have to ucompress the file will the command bunzip2 APPLICATION.tar.bz2. This will result in a new file like APPLICATION.tar. Tar is an archive system that rolls up directories into a file. To unpack the directory you would issue a command similar to tar xvf APPLICATION.tar. Unpacking the directory would then result in a directory (in our example)APPLICATION.
- If the downloaded file ended in tgz or gz then you have a compressed archive and you simply have to add the "z" switch to the tar command to both uncompress and unpack the archive. This command would look like tar xvfz APPLICATION.tgz, which would result in the directoryAPPLICATION.
- Once you have your directory unpacked you need to change into that directory (with the command cd APPLICATION). Once inside this directory issue the ls command. You will most likely see either a README file or an INSTALL file. Open those up and see if there are any special instructions for installation. If there are no special instructions then the standard compilation steps will most likely work. Here's how this works:
- su to the root user
- From within the APPLICATION directory issue the command ./configure. This will generate a make file for the compilation.
- Issue the command make.
- Issue the command make install
- That's it. If all went as planned, the application should be installed
Installing RPM's using the Redhat Package Manager
- Installing via RPM is actually quite simple. Here's how this works.
- Once you have downloaded the rpm file you want to install, open up a terminal window and issue the following commands:
- su (you will be prompted to enter the root password)
- rpm -ivh filename.rpm (where filename is the actual name of the file you downloaded)
- That's it. If all went well your package should now be installed.
- If you want to make sure your package was installed you can issue the command rpm -q filename and you should see the name of the package and the version that is installed.
- If you want to remove that package you just installed (or another package) issue the command:
- rpm -e filename
- and the package will disappear.
Installing software with Apt-get
- This is one of the best installation systems available. With apt-get you do not have to download a package, you just have to know the name. Here's how apt-get works (I am going to assume Ubuntu is the distribution, so you'll make use of sudo). Open up a terminal window and issue the following:
- sudo apt-get install package_name
- to install the needed package.
- To remove a package with apt-get you would issue the command:
- sudo apt-get remove package_name
- to remove the package from your system.
Installing with fedora / yum
- yum install
- yum remove
- yum update
Active FTP vs. Passive FTP
FTP
Active FTP
- FTP is a TCP based service exclusively.
- There is no UDP component to FTP.
- FTP is an unusual service that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port).
- Traditionally these are port 21 for the command port and port 20 for the data port.
- The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTP
- In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21.
- Then, the client starts listening to port N+1 and sends the FTP command
PORT N+1
to the FTP server. - The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
- FTP server's port 21 from anywhere (Client initiates connection)
- FTP server's port 21 to ports > 1023 (Server responds to client's control port)
- FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)
- FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
When drawn out, the connection appears as follows:
- In Step 1, The client's command port contacts the server's command port and sends the command
PORT 1027
. - The server then sends an ACK back to the client's command port in step 2.
- In step 3 the server initiates a connection on its local data port to the data port the client specified earlier.
- Finally, the client sends an ACK back as shown in step 4.
- The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or
PASV
, after the command used by the client to tell the server it is in passive mode.- In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server.
- When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1).
- The first port contacts the server on port 21, but instead of then issuing a
PORT
command and allowing the server to connect back to its data port, the client will issue thePASV
command. - The result of this is that the server then opens a random unprivileged port (P > 1023) and sends
P
back to the client in response to thePASV
command. - The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
- FTP server's port 21 from anywhere (Client initiates connection)
- FTP server's port 21 to ports > 1023 (Server responds to client's control port)
- FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
- FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)
When drawn, a passive mode FTP connection looks like this:
- In step 1, the client contacts the server on the command port and issues the
PASV
command. - The server then replies in step 2 with
PORT 2024
, telling the client which port it is listening to for the data connection. - In step 3 the client then initiates the data connection from its data port to the specified server data port.
- Finally, the server sends back an ACK in step 4 to the client's data port.
- While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use.
- The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
- NOTE: This is no longer the case--use the
-p
option with the Solaris FTP client to enable passive mode! - With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
DORA process in DHCP
DORA Process
1) D - Discover: Client makes a UDP Broadcast to the server with a DHCPDiscover, or Discover packet.
2) O - Offer: DHCP offers to the client.
The server sends a DHCPOffer including other configuration parameters (DHCP Options) for the client per the servers configuration file
3) R - Request: In response to the offer Client requests the server.
The client replies DHCPRequest, unicast to the server, requesting the offered address.
4) A - Acknowledgement: The server sends DHCPAck acknowledging the request which is the clients final permission to take the address as offered. Before sending the ack the server double checks that the offered address is still available, that the parameters match the clients request and (if so) marks the address taken.
DHCP
- Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network.
- With dynamic addressing, a device can have a different IP address every time it connects to the network.
- In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.
- Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task.
- This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address.
- Many ISPs use dynamic IP addressing for dial-up users.
- The DHCP Server keeps all the information and data base about the DHCP Clients.
- The default port of DHCP is 67, the server listens on port 67 for requests and responses to the client on port 68.
The Concept of Lease
- With all the necessary information on how DHCP works, one should also know that the IP address assigned by DHCP server to DHCP client is on a lease.
- After the lease expires the DHCP server is free to assign the same IP address to any other host or device requesting for the same.
- For example, keeping lease time 8-10 hours is helpful in case of PC’s that are shut down at the end of the day.
- So, lease has to be renewed from time to time. The DHCP client tries to renew the lease after half of the lease time has expired.
- This is done by the exchange of DHCPREQUEST and DHCPACK messages.
- While doing all this, the client enters the renewing stage.
How to send mail using telnet and mail command
MX Record
An MX record comprises a FQDN and a priority. The priority is simply a number which is used to choose which mail server to use if multiple MX records exist for a domain name. A mail server trying to send an email to you will always try the lowest number priority first.
e.g <priority> hostname
How to find the MX (mail exchanges) of a domain/host name
#dig tel.example.com MX
How to send mail via telnet
#telnet tel.example.com 25
HELO <starts>
MAIL from: <sender@example.com>
RCPT to: <recipient@example.com>
DATA <enter the contents of email after DATA>
Hi how are you??
. <END the message with a period(.)>
Attachments can be embedded using base64 encoding
Sending mails using mailx/mail command.
Install mailx command.
#sudo yum install mailx
1: Simple mail
Run the following command, and then mailx would wait for you to enter the message of the email. You can hit enter for new lines. When done typing the message, press Ctrl+D and mailx would display EOT. After that mailx automatically delivers the email to the destination.
$ mail -s "This is the subject" someone@example.com Hi someone How are you I am fine Bye EOT
2: Take message from a file
The message body of the email can be taken from a file as well.
$ mail -s "This is Subject" someone@example.com < /path/to/file
The message can also be piped using the echo command.
$ echo "This is message body" | mail -s "This is Subject" someone@example.com
3: Multiple recipients
To send the mail to multiple recipients, specify all the emails separated by a comma
$ echo "This is message body" | mail -s "This is Subject" someone@example.com,someone2@example.com
4: CC and BCC
The "-c" and "-b" options can be used to add CC and BCC addresses respectively.
$ echo "This is message body" | mail -s "This is Subject" -c ccuser@example.com someone@example.com
5: Specify From name and address
To specify a "FROM" name and address, use the "-r" option. The name should be followed by the address wrapped in "<>".
$ echo "This is message body" | mail -s "This is Subject" -r "Harry<harry@gmail.com>" someone@example.com
6: Specify "Reply-To" address
The reply to address is set with the internal option variable "replyto" using the "-S" option.
# replyto email $ echo "This is message" | mail -s "Testing replyto" -S replyto="mark@gmail.com" someone@example.com # replyto email with a name $ echo "This is message" | mail -s "Testing replyto" -S replyto="Mark<mark@gmail.com>" someone@example.com
7: Attachments
Attachments can be added with the "-a" option.
$ echo "This is message body" | mail -s "This is Subject" -r "Harry<harry@gmail.com>" -a /path/to/file someone@example.com
8: Verbose - watch smtp communication
Use -v option with mailx
Subscribe to:
Posts (Atom)