by Anil Jalela | Sep 29, 2022 | Linux
IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers averaged 0.9%, which is as close to full employment as you can get. However, one of the things hiring managers still complain about is a lack of skilled IT professionals, as evidenced by the frustration CISOs and others express after interviewing candidates.
Below is a list of interview questions categorized by different cybersecurity job roles intended to reveal a candidate’s strengths and most glaring weaknesses. Categories include:
• General IT Security Administration
• Network Security
• Application Security
• Security Architect
• Risk Management
• Security Audit, Testing and Incident Response
• Cryptography
The questions evaluate a broad range of candidate’s technical skills, understanding of cybersecurity terminology and technology as well as their ability to think and solve problems.
1. What is information security and how is it achieved?
2. What are the core principles of information security?
3. What is non–repudiation (as it applies to IT security)?
4. What is the relationship between information security and data availability?
5. What is a security policy and why do we need one?
6. What is the difference between logical and physical security? Can you give an example of
both?
7. What’s an acceptable level of risk?
8. What are the most common types of attacks that threaten enterprise data security?
9. What is the difference between a threat and a vulnerability?
10. Can you give me an example of common security vulnerabilities?
11. Are you familiar with any security management frameworks such as ISO/IEC 27002?
12. What is a security control?
13. What are the different types of security control?
14. Can you describe the information lifecycle? How do you ensure information security at each phase?
15. What is Information Security Governance?
16. What are your professional values? Why are professional ethics important in the information security field?
17. Are open–source projects more or less secure than proprietary ones?
18. Who do you look up to within the field of Information Security? Why?
19. Where do you get your security news from?
20. What’s the difference between symmetric and public–key cryptography?
21. What kind of network do you have at home?
22. What are the advantages offered by bug bounty programs over normal testing practices?
23. What are your first three steps when securing a Linux server?
24. What are your first three steps when securing a Windows server?
25. Who’s more dangerous to an organization, insiders or outsiders?
26. Why is DNS monitoring important?
27. How would traceroute help you find out where a breakdown in communication is?
28. Why would you want to use SSH from a Windows PC?
29. How would you find out what a POST code means?
30. What is the difference between a black hat and a white hat?
31. What do you think of social networking sites such as Facebook and LinkedIn?
32. Why are internal threats often more successful than external threats?
33. Why is deleted data not truly gone when you delete it?
34. What is the Chain of Custody?
35. How would you permanently remove the threat of data falling into the wrong hands?
36. What is exfiltration?
37. How do you protect your home wireless access point?
38. If you were going to break into a database–based website, how would you do it?
39. What is the CIA triangle?
40. What is the difference between information protection and information assurance?
41. How would you lock down a mobile device?
42. What is the difference between closed–source and open–source? Which is better?
43. What is your opinion on hacktivist groups such as Anonymous?
Network security
44. What port does ping work over?
45. Do you prefer filtered ports or closed ports on your firewall?
46. How exactly does traceroute/tracert work at the protocol level?
47. What are Linux’s strengths and weaknesses vs. Windows?
48. What is a firewall? And provide an example of how a firewall can be bypassed by an outsider to
access the corporate network.
49. Besides firewalls, what other devices are used to enforce network boundaries?
50. What is the role of network boundaries in information security?
51. What does an intrusion detection system do? How does it do it?
52. What is a honeypot? What type of attack does it defend against?
53. What technologies and approaches are used to secure information and services deployed on cloud computing infrastructure?
54. What information security challenges are faced in a cloud computing environment?
55. Can you give me an overview of IP multicast?
56. How many bits do you need for a subnet size?
57. What is packet filtering?
58. Can you explain the difference between a packet filtering firewall and an application layer firewall?
59. What are the layers of the OSI model?
60. How would you login to Active Directory from a Linux or Mac box?
61. What is an easy way to configure a network to allow only a single computer to login on a
particular jack?
62. What are the three ways to authenticate a person?
63. You find out that there is an active problem on your network. You can fix it, but it is out of your jurisdiction. What do you do?
64. How would you compromise an “office workstation” at a hotel?
65. What is worse in firewall detection, a false negative or a false positive? And why?
66. How would you judge if a remote server is running IIS or Apache?
67. What is the difference between an HIDS and a NIDS?
Application security
68. Describe the last program or script that you wrote. What problem did it solve?
69. Can you briefly discuss the role of information security in each phase of the software
development lifecycle?
70. How would you implement a secure login field on a high-traffic website where performance is a consideration?
71. What are the various ways to handle account brute force?
72. What is cross–site request forgery?
73. How does one defend against CSRF?
74. If you were a site administrator looking for incoming CSRF attacks, what would you look for?
75. What’s the difference between HTTP and HTML?
76. How does HTTP handle state?
77. What exactly is cross–site scripting?
78. What’s the difference between stored and reflected XSS?
79. What are the common defenses against XSS?
80. You are remoted into a headless system in a remote area. You have no physical access to the
hardware and you need to perform an OS installation. What do you do?
81. On a Windows network, why is it easier to break into a local account than an AD account?
Security Architect
82. Explain data leakage and give examples of some of the root causes.
83. What are some effective ways to control data leakage?
84. Describe the 80/20 rules of networking.
85. What are web server vulnerabilities and name a few methods to prevent web server attacks?
86. What are the most damaging types of malwares?
87. What’s your preferred method of giving remote employees access to the company network and
are there any weaknesses associated to it?
88. List a couple of tests that you would do to a network to identify security flaws.
89. What kind of websites and cloud services would you block?
90. What type of security flaw is there in VPN?
91. What is a DDoS attack?
92. Can you describe the role of security operations in the enterprise?
93. What is layered security architecture? Is it a good approach? Why?
94. Have you designed security measures that span overlapping information domains? Can you
give me a brief overview of the solution?
95. How do you ensure that a design anticipates human error?
96. How do you ensure that a design achieves regulatory compliance?
97. What is capability–based security? Have you incorporated this pattern into your designs? How?
98. Can you give me a few examples of security architecture requirements?
99. Who typically owns security architecture requirements and what stakeholders contribute?
100. What special security challenges does SOA present?
101. What security challenges do unified communications present?
102. Do you take a different approach to security architecture for a COTS vs a custom solution?
103. Have you architected a security solution that involved SaaS components? What challenges did you face?
104. Have you worked on a project in which stakeholders choose to accept identified security risks that worried you? How did you handle the situation?
105. You see a user logging in as root to perform basic functions. Is this a problem?
106. What is data protection in transit vs data protection at rest?
107. You need to reset a password–protected BIOS configuration. What do you do?
Risk management
108. Is there an acceptable level of risk?
109. How do you measure risk? Can you give an example of a specific metric that measures
information security risk?
110. Can you give me an example of risk trade–offs (e.g. risk vs cost)?
111. What is incident management?
112. What is business continuity management? How does it relate to security?
113. What is the primary reason most companies haven’t fixed their vulnerabilities?
114. What’s the goal of information security within an organization?
115. What’s the difference between a threat, vulnerability, and a risk?
116. If you were to start a job as head engineer or CSO at a Fortune 500 company due to the
previous guy being fired for incompetence, what would your priorities be? [Imagine you start on
day one with no knowledge of the environment]
117. As a corporate information security professional, what’s more important to focus on: threats or
vulnerabilities?
118. If I’m on my laptop, here inside my company, and I have just plugged in my network cable. How
many packets must leave my NIC in order to complete a traceroute to twitter.com?
119. How would you build the ultimate botnet?
120. What are the primary design flaws in HTTP, and how would you improve it?
121. If you could re–design TCP, what would you fix?
122. What is the one feature you would add to DNS to improve it the most?
123. What is likely to be the primary protocol used for the Internet of Things in 10 years?
124. If you had to get rid of a layer of the OSI model, which would it be?
125. What is residual risk?
126. What is the difference between a vulnerability and an exploit?
Security audits, testing & incident response
127. What is an IT security audit?
128. What is an RFC?
129. What type of systems should be audited?
130. Have you worked in a virtualized environment?
131. What is the most difficult part of auditing for you?
132. Describe the most difficult auditing procedure you’ve implemented.
133. What is change management?
134. What types of RFC or change management software have you used?
135. What do you do if a rollout goes wrong?
136. How do you manage system major incidents?
137. How do you ask developers to document changes?
138. How do you compare files that might have changed since the last time you looked at them?
139. Name a few types of security breaches.
140. What is a common method of disrupting enterprise systems?
141. What are some security software tools you can use to monitor the network?
142. What should you do after you suspect a network has been hacked?
143. How can you encrypt email to secure transmissions about the company?
144. What document describes steps to bring up a network that’s had a major outage?
145. How can you ensure backups are secure?
146. What is one way to do a cross–script hack?
147. How can you avoid cross script hacks?
148. How do you test information security?
149. What is the difference between black box and white box penetration testing?
150. What is a vulnerability scan?
151. In pen testing what’s better, a red team or a blue team?
152. Why would you bring in an outside contractor to perform a penetration test?
Cryptography
153. What is secret–key cryptography?
154. What is public–key cryptography?
155. What is a session key?
156. What is RSA?
157. How fast is RSA?
158. What would it take to break RSA?
159. Are strong primes necessary for RSA?
160. How large a module (key) should be used in RSA?
161. How large should the primes be?
162. How is RSA used for authentication in practice? What are RSA digital signatures?
163. What are the alternatives to RSA?
164. Is RSA currently in use today?
165. What are DSS and DSA?
166. What is difference between DSA and RSA?
167. Is DSA secure?
168. What are special signature schemes?
169. What is a blind signature scheme?
170. What is a designated confirmer signatures?
171. What is a fail–stop signature scheme?
172. What is a group signature?
173. What is blowfish?
174. What is SAFER?
175. What is FEAL?
176. What is Shipjack?
177. What is stream cipher?
178. What is the advantage of public–key cryptography over secret–key cryptography?
179. What is the advantage of secret–key cryptography over public–key cryptography?
180. What is Message Authentication Code (MAC)?
181. What is a block cipher?
182. What are different block cipher modes of operation?
183. What is a stream cipher? Name a most widely used stream cipher.
184. What is one–way hash function?
185. What is collision when we talk about hash functions?
186. What are the applications of a hash function?
187. What is trapdoor function?
188. Cryptographically speaking, what is the main method of building a shared secret over a public
medium?
189. What’s the difference between Diffie–Hellman and RSA?
190. What kind of attack is a standard Diffie–Hellman exchange vulnerable to?
191. What’s the difference between encoding, encryption, and hashing?
192. In public–key cryptography you have a public and a private key, and you often perform both
encryption and signing functions. Which key is used for which function?
193. What’s the difference between Symmetric and Asymmetric encryption?
194. If you had to both encrypt and compress data during transmission, which would you do first,
and why?
195. What is SSL and why is it not enough when it comes to encryption?
196. What is salting, and why is it used?
197. What are salted hashes?
198. What is the Three–way handshake? How can it be used to create a DOS attack?
199. What’s more secure, SSL or HTTPS?
200. Can you describe rainbow tables?
by Anil Jalela | Sep 1, 2022 | Linux
Docker was first released in March 2013 and is developed by Solomon Hykes and Sebastien Pahl
Docker is an open-source centralized platform designed to create deploy and run applications.
Docker uses containers on the host OS to run applications.
It allows applications to use the same Linux kernel as s system on the host computer, rather than creating a whole virtual OS.
We can install docker on any OS but the Docker engine runs natively on Linux distribution.
Docker is written in the “Go” language.
Docker is a tool that performs OS-level Virtualization, Also known as containerization.
Before Docker, many users face the problem that a particular code running in the developer’s code is running in the developer’s system but not in the user’s system. Docker is a set of “platform as services” that use OS-level virtualization whereas VMware uses hardware-level virtualization.
ADVANTAGE OF DOCKER
No pre-allocation of ram.
CI (continuous integration) Efficiency => docker enables you to build a container image and use that same image across every step of the deployment process.
Less cost.
It is light in weight
It can run on physical hardware virtual hardware or on the cloud.
you can reuse the image.
It took very less time to create the container.
DISADVANTAGES OF DOCKER
Docker is not a good solution for application that requires a rich GUI.
Difficult to manage a large number of containers.
Docker does not provide cross-platform compatibility means if an application is designed to run in a docker container on Windows then it can’t run on Linux or vice-versa.
Docker is suitable when the development OS and testing OS are the same if the OS is different, we should use VM.
COMPONENTS OF DOCKER
Docker Damon:- Docker demon runs on the host OS. It is responsible for running containers to manage docker services. Docker daemons can communicate with other daemons.
Docker client:- Docker users can interact with docker demons through a client (CLI). The Docker client uses commands and rest-api to communicate with the docker daemon. When a client runs any server command on the docker client terminal the client terminal sends these docker commands to the docker daemon. It is possible for the docker client to communicate with more than one daemon.
Docker Host:-Docker Host is used to provide an environment to execute and run applications it contains the docker demon, images, containers, networks, and storage.
Docker Hub/Registry:- Docker Registry manages and stores the docker images. There are two types of registry in the docker hub (1) public registry:- public registry is also called docker hub (2) Private Registry:- It is used to share images within an enterprise.
Docker images:- Docker images are the read-only binary templates used to create docker containers. Or signal file with all the dependencies and configuration required to run the program.
Ways to create an Image:- (1) Take image from docker hub (2) Create image from docker file (3) Create image from existing docker containers.
Docker Container:- Container hold the entire packages that are needed to run the application. Or in other words, We can say that the image is a template and the container is a copy of that template. It is a like virtual machine. Images become containers when they run on the docker engine.
|
(1)
|
yum install docker
|
Install docker on os
|
|
(2)
|
Service docker start
service docker stop
service docker restart
service docker status
|
Start-stop restart and status of docker service
|
|
(3)
|
docker info
|
Information about current docker
|
|
(4)
|
docker -v or docker –version
|
Check docker version
|
|
(5)
|
docker images
|
To see all images in the local machine
|
|
(6)
|
docker search image-name
docker search –no-index –no-trunc image-name
Eg:-
docker search centos
docker search –no-index –no-trunc centos
|
To find-out images in the docker hub
|
|
(7)
|
docker pull image-name
Eg:-
docker pull centos
docker pull docker.io/centos
|
Download image from docker hub to the local machine
|
|
(8)
|
Docker run –it –name docker-name imagename /bin/bash
Eg:-
docker run -it –name anil centos /bin/bash
|
To give a name to the container where -i=interactive mode and -t= terminal
|
|
(9)
|
Docker start container-name
Eg:-
docker start anil
|
To start container
|
|
(10)
|
Docker attach container-name
Eg:-
docker attach anil
|
To do inside the specific container
|
|
(11)
|
docker ps -a
|
To see all the containers
|
|
docker ps
|
To see only running containers
|
|
(12)
|
docker stop container-name
Eg:-
docker stop anil
|
To stop container
|
|
(13)
|
docker delete container-name
Eg:-
docker delete anil
|
To delete container
|
|
(14)
|
docker diff container-name
Eg:-
docker diff anil
|
Find-out difference between the original image and the container
|
|
(15)
|
docker commit container-name image-name
Eg:-
|
Create an image from the container
|
|
(16)
|
Docker build -t image-name .
|
Build an image using Dockerfile
|
|
(17)
|
Docker run -it –name newcontainer -v volume_directory_name image-name /bin/bash
Eg:-
Docker run -it –name apache1 -v /voume1 centos /bin/bash
|
Create a container with the volume
|
|
(18)
|
Docker run –it –name newcontainer name — privileged=true –volumesfrom old-container-name(which have volume) centos /bin/bash
Eg:-
Docker run –it –name apache2 — privileged=true –volumesfrom apache centos /bin/bash
|
Share volume of container one to container two
|
|
(19)
|
Docker run -it –name newcontainer -v host_dir_path:volume_directory_name image-name /bin/bash
Eg:-
Docker run -it –name apache1 -v /home/docroot:/voume1 centos /bin/bash
|
Map host directory with the container as a container volume.
|
|
(20)
|
Docker volume ls
|
List of created volumes
|
|
(21)
|
Docker volume create Volume_Name
|
Create volume with the simple command
|
| (22) |
Docker volume rm Volume_Name
|
Delete created volume
|
| (23) |
Docker volume prune
|
Delete all unused volume
|
| (24) |
Docker volume inspect Volume_Name
|
Inspect volume and find out information about the volume
|
| (25) |
Docker container inspect container_Name
|
Inspect the container and find out information about the container
|
| (26) |
Docker run -td –name container-name -p 80:80 centos
Eg:-
Docker run -td –name apache_cont -p 80:80 centos
docker exec -it container-name /bin/bash
|
Expose port for internet -t= terminal and -d for daemon
|
| (27) |
Docker port container-name
Eg:-
Docker port apache_cont
|
To check which ports are mapped (expose) for the container
|
| (28) |
Docker login
|
Connect system with hub.docker.com
|
| (29) |
Docker tag local-imagename dockerid/remote_image-name
|
Give tag name for local and remote image
|
| (30) |
Docker push dockerid/newimage
|
Push image on hub.docker.com
|
| (31) |
Docker stop $(docker ps -a -q)
|
Stop all running container
|
| (32) |
Docker rm $(docker ps -a -q)
|
Delete all stop container
|
| (33) |
Docker rmi -f $(docker images -q)
|
Delete all images
|
DOCKERFILE
A Docker file is basically a text file it contains some set of instructions it is an automation of docker image creations.
*docker file name always “Dockerfile” where D is big and “ckerfile” is small characters
Docker Components:-
* Docker Components’ name is always written in capital letters.
|
FROM
|
For the base image, the command must be on top of docker-file
|
|
RUN
|
To execute commands it will create a layer in the image
|
|
MAINTAINER
|
Author/owner/Description
|
|
COPY
|
Copy file from local system (base system) We need to provide source and destination (we can’t download files from the internet and any remote repo)
|
|
ADD
|
Add is Similar to copy but, it provides a feature to download files from the internet and also extract the file in the docker image side.
|
|
EXPOSE
|
To expose ports such as port 25 for mail and 80 for httpd
|
|
WORKDIR
|
To set the working directory for a container
|
|
CMD
|
Execute commands but during containers creation
|
|
ENTRYPOINT
|
Similar to CMD but has higher priority over CMD.!st command will be executed by ENTRYPOINT only
|
|
ENV
|
Environment Variables
|
|
ARG
|
ARG is also known as build-time variables. They are only available from the moment they are ‘announced’ in the Dockerfile with an ARG instruction up to the moment when the image is built. Running containers can’t access values of ARG variables.
|
|
VOLUME
|
Define volume directory to share files with other containers or hosts
|
Dockerfile example:-
|
FROM centos:7
MAINTAINER Anil Jalela
VOLUME [“/webdata”]
# Install Apache Php Percona Postfix Dovecot Opendkim and Opendmarc
RUN yum -y update
RUN yum install -y epel-release.noarch
RUN rpm -ivh https://repo.ius.io/ius-release-el7.rpm
RUN yum install -y epel-release.noarch
RUN yum -y remove httpd*
RUN yum -y remove php*
RUN yum install -y httpd24u
RUN yum install -y httpd24u-mod_ssl.x86_64
RUN yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
RUN sudo percona-release setup ps80
RUN yum -y install percona-server-server percona-server-client percona-toolkit
RUN yum -y install certbot.noarch python2-certbot-apache.noarch
RUN yum -y install bind-utils wget zip unzip tar
RUN yum -y install https://mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm
RUN yum install postfix3.x86_64 postfix3-mysql.x86_64 postfix3-pcre.x86_64 postfix3-utils.x86_64
RUN yum -y remove gf-release
RUN yum install -y dovecot.x86_64 dovecot-devel.x86_64 dovecot-pigeonhole.x86_64 dovecot-mysql.x86_64
RUN yum -y remove gf-release
RUN yum install -y mod_php74.x86_64 php74-cli.x86_64 php74-gd.x86_64 php74-json.x86_64 php74-xml.x86_64 php74-xmlrpc.x86_64 php74-intl.x86_64 php74-soap.x86_64 php74-common.x86_64 php74-imap.x86_64 php74-mbstring.x86_64 php74-process.x86_64 php74-tidy.x86_64 php74-mysqlnd.x86_64 php74-pecl-zip.x86_64
CMD mkdir /home/sysadm/securefiles/secure_source/
WORKDIR /home/sysadm/securefiles/secure_source/
copy my.cnf /opt/
add site.sql /opt/
ENV mysqlpass ‘sudo grep ‘temporary password’ /var/log/mysqld.log | rev | cut -d” ” -f1 | rev | tr -d “.”‘
# Update Apache Configuration
RUN sed -E -i -e ‘/<Directory “\/var\/www\/html”>/,/<\/Directory>/s/AllowOverride None/AllowOverride All/’ /etc/httpd/conf/httpd.conf
RUN sed -E -i -e ‘s/DirectoryIndex (.*)$/DirectoryIndex index.php \1/g’ /etc/httpd/conf/httpd.conf
EXPOSE 80
# Start Apache
CMD [“/usr/sbin/httpd”,”-D”,”FOREGROUND”]
|
DOCKER VOLUME
Volume is simply a directory inside the container.
Firstly we have to declare the directory as volume and then share volume.
Even if we stop the container still we can access volume.
You can declare a directory as volume only while creating the container.
You can’t create volume from the existing container.
You can share one volume across any number of containers.
The volume will not be included when you update an image.
You can map volume in two ways.
==> container to container.
==> host to container.
Benefits of volume:-
Decoupling containers from storage
Share volume among different container
Attach the volume to containers
Only delete container volume does not delete.
DIFFERENCE BETWEEN DOCKER ATTACH AND DOCKER EXEC?
Docker exec creates a new process in the container’s environments while docker attach just connect the stranded Input/Output of the main process inside the container to the corresponding standard input/output error of the current terminal
Docker exec is specifically for running new things in the already started container.
WHAT IS THE DIFFERENCE BETWEEN EXPOSE AND PUBLISH IN A DOCKER?
Basically, we have three option
==> Neither specify expose nor -p.
==> Only specify expose.
==> Specify expose and -p.
If we neither specify expose nor -p, the service in the container will only be accessible from inside the container itself.
If you expose a port, the service in the container is not accessible from outside docker, but from inside Other docker containers, so –expose is good for internal communication.
docker run -d --expose 80 centos /bin/bash
|
If you expose and -p a port, the service in the container accessible from anywhere, even out side if container.
docker run -d --expose 80 -p 8080:8080 centos /bin/bash
|
If you do -p but not expose docker does an implicit –expose. This is because, if a port is open to the public then it is automatically open for the other container. Hence ‘-p’ includes –expose.
by Anil Jalela | Aug 27, 2022 | DevOps, Linux
Chef:- Chef is pulled base automation tool which turns your code into infrastructure and helps to manage servers with increased uptime and performance, ensure compliance, minimize cost and reduce cost.
Configuration management:- configuration management is a method through which we automate admin tasks.
Chef-Client:- tool that pulls configuration from Chef-server with help of a knife and ohai.
Workstation:-work station is a server where DevOps write code (as recipe) and store it in a cookbook.
Cookbook:- Cookbook s place(folder) where DevOps write code as a recipe for automation.
Chef-server:- The server which is managing the cookbook and is connected between the node and Workstation.
Knife:- Knife is a command line tool that uploads the cookbook to the server and connects every node with Chef-server.
Node:- The server which required configuration. Which is communicating with Chef-server using the Chef-Client using the knife.
Bootstrap:- Bootstrap is a knife process that connects nodes and Chef-server for automation.
Chef supermarket:-the place where get recipes for automation.
Ohai:- Ohai is a database that stores the current configuration of the node and supplies it to the Chef-Client before connecting to the Chef server.
Idempotency:- Tracking the state of the system resources to ensure that changes should not reapply repeatedly.
Resource
=======
Resource:- Resources are components of a recipe used to manage the infrastructure with a different type of status. There can be multiple resources in a recipe that will help in configuring t and managing the infrastructure.
|
1
|
package
|
Manage packages on node
|
package ‘tar’ do
version ‘1.16.1’
action :install
end
|
|
service
|
Manage the service on node
|
service ‘apache’ do
action [ :enable, :start ]
retries 3
retry_delay 5
end
|
|
user
|
Manage the users on the node
|
user ‘aniljalela’ do
action :create
comment ‘cron user’
uid 1234
gid ‘1234’
home ‘/home/aniljalela’
shell ‘/bin/bash’
password ‘$1$JJsvHslasdfjVEroftprNn4JHtDi’
end
|
|
group
|
Manage groups
|
Group “vmail” do
action :create
member ‘dovecot’
append true
end
dont forgot create user before create group and must use append .
|
|
template
|
Manages the files with embedded ruby template
|
|
|
Cookbook file
|
Transfer the file from the files subdirectory in the cookbook to a location of node
|
|
|
file
|
Manage content of a file on the node
|
File “systeminfo” do
content “system information”
HOSTNAME: #{node [‘hostname’]}
IPADDRESS:#{node [‘ipaddress’]}
CPU: #{node [‘cpu’][‘0’ [‘mhz’]]}
MEMORY: #{node [‘’memory][‘total’]}
owner ‘root’
group ‘root’
end
|
|
execute
|
Executes a command on the node
|
execute 'apache_configtest' do
command '/usr/sbin/apachectl configtest'
end
or
Execute “run a script” do
command <<-EIH
chown apache:apache / home / anil / jalela -R
EOH
end
(remove space from path and note that (this commands runs on every calls)
|
|
cron
|
Edits an existing cron job file on the node
|
|
|
directory
|
Manage the directory on the node
|
|
|
git
|
|
git "#{Chef::Config[:file_cache_path]}/ruby-build" do
repository 'git://github.com/sstephenson/ruby-build.git'
reference 'master'
action :sync
end
bash 'install_ruby_build' do
cwd '#{Chef::Config[:file_cache_path]}/ruby-build'
user 'rbenv'
group 'rbenv'
code <<-EOH
./install.sh
EOH
environment 'PREFIX' => '/usr/local'
end
|
|
bash
|
|
bash 'install_ruby_build' do
cwd '#{Chef::Config[:file_cache_path]}/ruby-build'
user 'rbenv'
group 'rbenv'
code <<-EOH
./install.sh
EOH
environment 'PREFIX' => '/usr/local'
end
|
|
hostname
|
|
hostname 'statically_configured_host' do
hostname 'example'
ipaddress '198.51.100.2'
end
|
|
|
|
|
|
|
|
|
Chef-Workstation:-
wget https://packages.chef.io/files/stable/chef-workstation/22.7.1006/el/7/chef-workstation-22.7.1006-1.el7.x86_64.rpm
rpm -ivh chef-workstation-22.7.1006-1.el7.x86_64.rpm or
yum localinstall chef-workstation-22.7.1006-1.el7.x86_64.rpm
[root@srv25 ~]# which chef
/usr/bin/which: no chef in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@srv25 ~]#
|
1
|
chef -v
|
Check chef version information.
|
Chef Workstation version: 22.7.1006
Cook style version: 7.32.1
Chef Infra Client version: 17.10.0
Chef InSpec version: 4.56.20
Chef CLI version: 5.6.1
Chef Habitat version: 1.6.420
Test Kitchen version: 3.3.1
|
|
2
|
mkdir /home/workstation-chef.blackpost.net/chef-repo/cookbooks -p
|
cookbooks is the main directory. We will create identical cookbooks into this, and
Create recopies in the identical cookbook.
|
|
|
3
|
cd /home/workstation-chef.blackpost.net/chef-repo/
cookbooks/
chef generate cookbook common-cookbook
|
Generate cookbook common-cookbook and we add recipes into the
common-cookbook
|
.
└── common-cookbook
├── CHANGELOG.md
├── chefignore
├── compliance
│ ├── inputs
│ ├── profiles
│ ├── README.md
│ └── waivers
├── kitchen.yml
├── LICENSE
├── metadata.rb
├── Policyfile.rb
├── README.md
├── recipes
│ └── default.rb
└── test
└── integration
└── default
└── default_test.rb
|
|
4
|
Cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/common-cookbook
chef generate recipe common-recipe
|
Generate recipe name common-recipe
|
|
|
5
|
Cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/
vi common-cookbook /recipes/common-recipe.rb
|
Open generate common-recipe for add code.
|
|
|
6
|
Chef exec ruby -c common-cookbook /recipes/common-recipe.rb
|
Check code syntax of common-recipe
|
|
|
7
|
Chef-client -zr “recipe[common-cookbook::common-recipe”
|
Run recipe on local system.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Attributes:- attribute is a key-value pair that represents a specific detail about a node. Which is determine
(1) current state of the node.
(2) previous chef-client run the state.
(3) what stats of the node when checking client run?
Attributes use in node. Cookbook, roles, environment, and recipes.
|
No
|
Name
|
Priority
|
|
1
|
Default
|
6
|
|
2
|
Force-default
|
5
|
|
3
|
Normal
|
4
|
|
5
|
Override
|
3
|
|
5
|
Force-override
|
2
|
|
6
|
Automatic
|
1
|
Convergence:- run chef-client to apply the recipe to bring the node into the desired state this process is known as Convergence.
Runlist:- run recipes in a sequence order that we have mentioned in the run list. Using a run list we can run multiple recipes but the condition is there must be only one recipe from one cookbook.
Chef-client -zr “recipe[common-cookbook::common-recipe], recipe[apache-cookbook::apache-recipe] ”
Include recipe:- from one recipe to call another recipes are present in the same cookbook. For include, you can use any recipe but recommend is the default.
cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/common-cookbook
vi common-recipe/default.rb
inclde_recipe “common-cookbook::common-recipe”
inclde_recipe “Apache-cookbook::Apache-recipe”
chef-client -zr “recipe[common-cookbook::default]”
Chef-Server:-
Create an account on https://manage.chef.io
Create organization via the Administration tab
We can create or manage multiple organizations on “manage.chef.io”
Each organization is for one company.
Download chef-starter.zip on your workstation and overwrite it on chef-repo
|
root@vps205204 1]# unzip chef-starter.zip
Archive: chef-starter.zip
: chef-repo/README.md
creating: chef-repo/cookbooks/
: chef-repo/cookbooks/chefignore
creating: chef-repo/cookbooks/starter/
: chef-repo/cookbooks/starter/metadata.rb
creating: chef-repo/cookbooks/starter/files/
creating: chef-repo/cookbooks/starter/files/default/
: chef-repo/cookbooks/starter/files/default/sample.txt
creating: chef-repo/cookbooks/starter/templates/
creating: chef-repo/cookbooks/starter/templates/default/
: chef-repo/cookbooks/starter/templates/default/sample.erb
creating: chef-repo/cookbooks/starter/attributes/
: chef-repo/cookbooks/starter/attributes/default.rb
creating: chef-repo/cookbooks/starter/recipes/
: chef-repo/cookbooks/starter/recipes/default.rb
: chef-repo/.gitignore
creating: chef-repo/.chef/
creating: chef-repo/roles/
: chef-repo/.chef/config.rb
: chef-repo/roles/starter.rb
: chef-repo/.chef/aniljalela.pem
[root@vps205204 1]#
|
|
cp -rpv chef-repo /home/workstation-chef.blackpost.net/chef-repo/
|
/home/workstation-chef.blackpost.net/chef-repo/.chef/config.rb is a knife file.
|
[root@vps205204 chef-repo]# cat /home/workstation-chef.blackpost.net/chef-repo/.chef/config.rb
# See http://docs.chef.io/workstation/config_rb/ for more information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name “aniljalela”
client_key “#{current_dir}/aniljalela.pem”
chef_server_url “https://api.chef.io/organizations/blackpost”
cookbook_path [“#{current_dir}/../cookbooks”]
[root@vps205204 chef-repo]#
|
Check connection with the server.
|
[root@vps205204 chef-repo]# knife ssl check
Connecting to host api.chef.io:443
Successfully verified certificates from `api.chef.io’
[root@vps205204 chef-repo]#
|
Connect node with chef-server via workstations.
knife bootstrap <IP or FQDN> -N <NODE_NAME> -x <USER> — sudo — identity-file <SSH_PEM_FILE>
or
knife bootstrap node_name -x root -P password –sudo
|
Knife bootstrap 10.01.11.1 –ssh-user ec2-user –sudo -i key.pem -N node1
|
Upload cookbook on server and list it
knife cookbook upload cookbook-name
|
knife cookbook upload common-cookbook
knife cookbook list
|
Apply recipe to specific node:-
|
Knife node run_list set node1 “recipe[common-cookbook::common-recipe]”
|
To see a list of cookbooks that are present in the chef server
|
[root@vps205204 chef-repo]# knife cookbook list
common-cookbook 0.1.0
[root@vps205204 chef-repo]#
|
To delete cookbook from chef server
|
Knife cookbook delete common-cookbook -y
|
To see the list of nodes present in the chef server.
To delete a node from the server.
|
Knife node delete node-name -y
|
To see list of clients which are present in chef-server
To delete the client from the chef-server.
|
Knife client delete client-name -y
|
To see a list of roles that are present in the chef-server.
to delete roles from chef-server
|
Knife role delete role-name -y
|
Role:-
Instead of assigning recipes using knife run_list assign a role to the server and add Recipes into the role
|
Cd /home/workstation-chef.blackpost.net/chef-repo/roles/
vi webserver.rb and add below code
name “webserver”
description “create web servers”
run_list “recipe[common-cookbook::common-recipe]”,“recipe[apache-cookbook::apache-recipe]”
|
Upload role chef-server
|
Knife role from file roles/devops.rb
|
If you want to see the role created or not on the server.
Bootstrap the node.
|
Knife bootstrap node-ip –ssh-user centos –sudo (-i) node-key.pem -N node1
|
Assign run_list to node
|
knife node run_list set node1 “role[webserver]”
|
Show which node have which roles
|
knife node show node1 (node1 is node name)
|
You need to upload the recipe to the server.
|
knife cookbook upload common-cookbook
knife cookbook upload apache-cookbook
|
We can add recipes in two ways in the role.
|
vi webserver.rb and add below code
name “webserver”
description “create web servers”
run_list “recipe[common-cookbook::common-recipe]”,“recipe[apache-cookbook::apache-recipe]”
|
Or as below which include all the recipes of common-cookbook and apache-cookbook.
|
vi webserver.rb and add below code
name “webserver”
description “create web servers”
run_list “recipe[common-cookbook”,“recipe[apache-cookbook]”
|
Loop in recipe
|
%w (tar zip mysql httpd wget vim)
.each do |p|
package p do
action :install
end
end
|
by Anil Jalela | Aug 25, 2022 | Linux
best SSH client and connection managers:
- SolarPuTTY – FREE TOOL:- A free SSH client that helps you to manage remote sessions professionally. You can control the tool from one console with a tabbed interface.
- PuTTY:- A client program for SSH that allows you to run secure remote sessions over a network. Made initially for Windows, the tool also runs on Linux and Mac machines.
- WinSCP:- A popular, secure file transfer software (SCP, SFTP, etc.), but it also has an SSH client that helps remote connections over the network.
- Bitvise:- An SSH client tool that works only for Windows. It supports all versions up to the latest Windows 10. It is free and supports an unlimited number of user connections.
- SecureCRT:- Designed for use with Windows, Linux, and Mac, SecureCRT is a commercial product that provides terminal emulation for computers.
- AbsoluteTelnet:- SSH, dial-up, Telnet, and many more in a single session or tabbed multi-session interface.
- DropBear:- An open-source application and is comparatively a smaller SSH server and client.
- Terminus:- A paid SSH client tool that works on Windows, Linux, and Mac. With Terminus, you can organize host groups.
- KiTTY:- Α fork edition of PuTTY, which is considered the best SSH and Telnet client in the world. It is designed for Windows and has all the features of the original PuTTY application.
- mRemoteNG:- Α fork edition of mRemote, and it is an open-source, multi-protocol, tabbed remote connection manager for Windows operating system.
- MobaXterm:- Α toolbox for a remote computing system. It is a Windows application with functions used by webmasters, programmers, IT administrators, and anybody who needs to manage remote jobs.
- SmarTTY:- A multi-tabbed free SSH client that allows you to copy directories and files with SCP besides SSH connections.
- ZOC Terminal:- A terminal emulation software for both Windows and macOS. The application is professional in approach and has many features that make it reliable and secure.
- Xshell:- One of the most potent SSH clients. The tool allows users to easily create, launch, and edit sessions with Session Manager and Inheritable Session Properties.
- ShellNGN:- A web-based SSH client that offers all-in-one server management. The application includes SFTP, RDP, VNC, and many more.
- Puttycm:- PuTTY Connection Manager If the PuTTY Connection Manager opens the original PuTTY in a separate window, instead of opening as a TAB,
by Anil Jalela | Aug 3, 2022 | DevOps, Linux
Git is free and open source software for distributed version control: tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development. Its goals include speed, data integrity, and support for distributed, non-linear workflows (thousands of parallel branches running on different systems).
Git was originally authored by Linus Torvalds in 2005 for the development of the Linux kernel, with other kernel developers contributing to its initial development. Since 2005, Junio Hamano has been the core maintainer. As with most other distributed version control systems, and unlike most client-server systems, every Git directory on every computer is a full-fledged repository with complete history and full version-tracking abilities, independent of network access or a central server. Git is free and open-source software distributed under the GPL-2.0-only license.
Characteristics:-
Strong support for non-linear development
Distributed development
Compatibility with existing systems and protocols
Efficient handling of large projects
Cryptographic authentication of history
Toolkit-based design
Pluggable merge strategies
Garbage accumulates until collected
Periodic explicit object packing
* remote server = Linux system in the cloud
* client = local computer(window, Linux, Mac)
|
1
|
yum -y install git
|
For install Git
|
Install git on the remote server and On the client.
|
|
2
|
git –version
|
check the currently installed git version
|
|
|
3
|
git config –global user.name ‘Nitwings Server’
git config –global user.email ‘[email protected]’
|
Set a repository username and email to identify where to push or pull code from.
|
Set on remote Server.
|
|
4
|
git config –global user.name ‘Anil Jalela’
git config –global user.email ‘[email protected]’
|
Set a repository username and email to identify where to push or pull code from.
|
On client.
|
|
5
|
git config -l
|
list of information about git configuration including user name and email
|
On client and server.
|
|
6
|
mkdir /home/git-client.blackpost.net/public_html/repos/project-client
|
Creating Git repository Folder
|
On client.
|
|
7
|
git init
|
Initialize Git repository
|
On client.
|
|
8
|
mkdir /home/git-server.blackpost.net/public_html/repos/project-server
|
Initialize Git repository
|
On Server.
|
|
9
|
git init –bare
|
Initialize Git repository
|
On Server.
|
|
10
|
echo “Hello Nitwings” > /home/git-client.blackpost.net/public_html/repos/project-client/index.html
|
create 1st file in an empty repository
|
On client.
|
|
11
|
git status
git status –short
|
to check git status use the command “git status”
|
On client.
|
|
12
|
git add index.html
|
Add index.html in the current directory to the Staging Environment
|
On client.
|
|
13
|
git add –all
|
Add all files in the current directory to the Staging Environment
|
On client.
|
|
14
|
git add -A
git add .
|
Add all files in the current directory to the Staging Environment
|
On client.
|
|
15
|
git commit -m “this is our 1st project release”
|
Move from Staging to commit for our repo(master repo) when work is done.
-m = message
|
On client.
|
|
16
|
git commit -a
|
commit file directly in a master repo without adding a stage repo
|
|
|
17
|
git log
|
view master repo history for commits
|
|
|
18
|
git –help
|
For git help
–help instead of -help to open the relevant Git manual page
|
|
|
19
|
git help –all
or
git help –a
|
To list all possible commands
|
|
|
20
|
git add –help
|
git command -help
|
|
|
21
|
git branch branch-name
|
Create git branch
(brach create in same repo dir)
|
|
|
22
|
git branch
|
Show branch in the repo
|
|
|
23
|
Git checkout ‘branch-name’
|
Switched to branch
in branch working dir is same.
|
|
|
24
|
git checkout -b ‘fastfix’
|
Create fast-fix branch and use it for changes
|
|
|
25
|
git checkout master
git branch
|
Switched to branch ‘master’
and show all branch
|
|
|
26
|
git merge ‘fastfix’
|
merge the selected branch (master) with not selected branch name
|
|
|
27
|
git branch -d fastfix
|
Delete fast-fix branch
|
|
|
28
|
Git log
|
View the history of commits for the repository
|
|
|
29
|
touch .gitignore
git add .gitignore
git commit .gitignore
|
Create .gitignore file
and add and commit to ignoring some files and folders from the workspace
|
|
|
Vi .gitignore
*.txt
|
In .gitignore add a line to ignore all .txt files
|
|
|
30
|
Vi .gitignore
rndcode/
|
In .gitignore add a line to ignore all files in any directory named rndcode
|
|
|
31
|
Vi .gitignore
*.bat
!server.bat
|
In .gitignore, ignore all .bat files, except the server.bat
|
|
|
32
|
git log –oneline
|
Show the log of the repository, showing just 1 line per commit
|
|
|
33
|
git show commit-id
|
|
|
|
34
|
git log -10
|
|
|
|
35
|
git log –grep “word”
|
|
|
|
36
|
git stash
|
|
|
|
37
|
git stash list
|
|
|
|
38
|
git stash apply staash@{file number}
|
|
|
|
39
|
git stash clear
|
|
|
|
40
|
git reset file-name
|
|
|
|
41
|
git reset .
|
|
|
|
42
|
git reset –hard
|
|
|
|
43
|
git clean -n
|
|
|
|
44
|
git clean -f
|
|
|
|
45
|
git tag -a tagname -m “message” commit-id
|
|
|
|
46
|
git tag
|
|
|
|
git show tag-name
|
|
|
|
47
|
git -d tag tag-name
|
|
|
|
|
|
|
GitHub or Your Server Repo:-
|
git remote add origin github-url
|
Add a remote repository as an origin
|
|
|
Git fetch origin
|
Get all the change history of the origin for this branch
|
|
|
git merge origin/master
|
Merge the current branch with the branch master, on the origin
|
|
|
git pull origin
|
Update the current branch from its origin using a single command
|
|
|
git pull origin master
|
Update the current branch from the origin master using a single command
|
|
|
git push origin
|
push the current branch to its default remote origin
|
|
|
git push origin master
|
push the current branch to its default remote maser
|
|
|
Git branch -a
|
List all local and remote branches of the current Git
|
|
|
Git branch -r
|
List only remote branches of the current Git
|
|
|
git clone url
|
Clone the remote repository
|
|
|
git clon url project-client
|
Clone the repository https://blackpost.net/wings.git to a folder named “project-client“:
|
|
|
Git remote rename origin upstream
|
Rename the origin remote to upstream
|
|
|
git remote add ssh-origin user@blackpostnet:/git-reo-path/
|
Add a remote repository via SSH as an origin
|
|
|
Git remote set-url origin user@blackpostnet:/git-reo-path/
|
Replace remote origin URL
|
|
|
|
|
|
What needs to learn in Git?
Introduction
Understanding version control
The history of Git
About distributed version control
Who should use Git?
Installing Git on Windows
Installing Git on Linux
Configuring Git
Exploring Git auto-completion
Using Git help
Initializing a repository
Understanding where Git files are stored
Performing your first commit
Writing commit messages
Viewing the commit log
Exploring the three-trees architecture
The Git workflow
Using hash values (SHA-1)
Working with the HEAD pointer
Adding files
Editing files
Viewing changes with diff
Viewing only staged changes
Deleting files
Moving and renaming files
Undoing working directory changes
Unstaging files
Amending commits
Retrieving old versions
Reverting a commit
Using reset to undo commits
Demonstrating a soft reset
Demonstrating a mixed reset
Demonstrating a hard reset
Removing untracked files
Using gitignore
Understanding what to ignore
Ignoring files globally
Ignoring tracked files
Tracking empty directories
Referencing commits
Exploring tree listings
Getting more from the commit log
Viewing commits
Comparing commits
Branching overview
Viewing and creating branches
Switching branches
Creating and switching branches
Switching branches with uncommitted changes
Comparing branches
Renaming branches
Deleting branches
Configuring the command prompt to show the branch
Merging code
Using fast-forward merge vs true merge
Merging conflicts
Resolving merge conflicts
Exploring strategies to reduce merge conflicts
Saving changes in the stash
Viewing stashed changes
Retrieving stashed changes
Deleting stashed changes
Working with GitHub
Setting up a GitHub account
Adding a remote repository
Creating a remote branch
Cloning a remote repository
Tracking remote branches
Pushing changes to a remote repository
Fetching changes from a remote repository
Merging in fetched changes
Checking out remote branches
Pushing to an updated remote branch
Deleting a remote branch
Enabling collaboration
A collaboration workflow
Using SSH keys for remote login
Managing repo in GitHub
Managing users in GitHub
Managing keys in GitHub
Webhook in GitHub
Next update soon…
