IT General Knowledge

IT General Knowledge
Newline Character
IP
- Public Network vs Private Network
Load Balance
- Load Balancer (L4 Load Balancer)
- Reverse Proxy (L7 Load Balancer)
  - HTTP Request Headers
tmux
PowerShell
- Create TLS Certificate
- Disable Weak Cipher
Nmap
- SSL/TLS
SELinux
- SSH Port
Database
Log Rotation
- logrotate
  - logrotate.d
  - logrotate manually
Shell Scripts
- Bash
  - Absolute path of script
Container
- Docker
  - Restart Policy
Windows
- Excluded Port ranges
Linux

Newline Character

Classic Mac OS: \r
Unix-like: \n
Windows: \r\n

IP

Public Network vs Private Network

Load Balance

Load Balancer (L4 Load Balancer)

L4 meaning transport layer in OSI model.
It make route decision based on IP & port.

Reverse Proxy (L7 Load Balancer)

L7 meaning application layer in OSI model.
It's a public virtual host for internal web servers.

HTTP Request Headers

Non-Standard Headers

X-Forwarded-For
X-Real-IP
X-Forwarded-Host
X-Forwarded-Proto

RC7239

Forwarded

tmux

Prefix

All tmux shortcut started with prefix
Default: ^B
- I prefer: ` or Escape
- My tmux configuration: .tmux.conf

User Configuration

Location: ~/.tmux.conf






























# VI-style control in copy-mode
set-window-option -g mode-keys vi
# emacs-style control in status-line
set-option -g status-keys emacs

# Move around panes with hjkl like VIM
bind -r h select-pane -L
bind -r j select-pane -D
bind -r k select-pane -U
bind -r l select-pane -R

# Resize panes
bind -r M-h resize-pane -L 1
bind -r M-j resize-pane -D 1
bind -r M-k resize-pane -U 1
bind -r M-l resize-pane -R 1

# Change tmux prefix to Esc
unbind C-b
set-option -s escape-time 0
set-option -g prefix Escape
bind Escape send-prefix

# Toggle status bar
bind t set-option status

# Binding some shortcuts
bind-key C-r source-file ~/.tmux.conf\; display "~/.tmux.conf reloaded."
bind-key C-l clear-history\; display "clear history"
bind-key C-c list-commands\; display "list commands"

Session & Client Operations

List sessions: tmux ls
~~List clients: tmux lsc~~, I never used.
Attach to last used session: tmux attach or tmux a
Attach to specific session: tmux a -t <target session>
Detach client: tmux detach or prefix, d
Switch to previous client: prefix, (
Switch to next client: prefix, )

Window & Pane Operations

Split window (to panes): prefix, %/"
Move around panes: prefix, arrow keys(↓/←/→/↑)
Kill pane: prefix, x
New window: prefix, c
Select the previous window: prefix, p
Select the next window: prefix, n

History Operations

Enter copy mode: prefix, [
Leave copy mode: q

Other Shortcuts

List key bindings: prefix, ?

PowerShell

Create TLS Certificate

New-SelfSignedCertificate -DnsName mydomain.com -FriendlyName mydomainAlias -NotAfter (G
et-Date).AddYears(1)

Disable Weak Cipher

Disable-TlsCipherSuite -Name "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C

Nmap

SSL/TLS

nmap -sV --script ssl-enum-ciphers -p 443 <host>

SELinux

SSH Port

sudo semanage port --list | grep ssh
- semanage port -l
sudo semanage port --add --type ssh_port_t --proto tcp 1234
- semanage port -at ssh_port_t -p tcp 1234

Database

MySQL

Reset root password

MySqL 8.0.11

Create & Grant user







CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'user_password';
CREATE USER 'newuser'@'10.8.0.5' IDENTIFIED BY 'user_password';
CREATE USER 'newuser'@'%' IDENTIFIED BY 'user_password';
GRANT permission1, permission2 ON database_name.table_name TO 'database_user'@'localhost';
GRANT CREATE, DROP, DELETE, INSERT, SELECT, UPDATE ON database_name.* TO database_user@'localhost';
GRANT ALL PRIVILEGES ON *.* TO 'adminuser'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Create Database


CREATE DATABASE mydatabase;
CREATE DATABASE my_unicode_database CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Oracle 11g

Export / Import

Table Exports/Imports


expdp username/password@ORCL1 tables=AAA,BBB dumpfile=AAA_BBB.dmp
impdp username/password@ORCL2 tables=AAA,BBB dumpfile=AAA_BBB.dmp

Schema Exports/Imports


expdp username/password@ORCL1 schemas=username dumpfile=username.dmp
impdp username/password@ORCL2 schemas=username dumpfile=username.dmp

Database Exports/Imports


expdp \"sys/password@ORCL as sysdba \" full=Y dumpfile=ORCL.dmp
impdp \"sys/password@ORCL as sysdba \" full=Y dumpfile=ORCL.dmp

Oracle 19c

Install on Centos 7




sudo yum install bind-utils compat-libcap1 compat-libstdc++-33 glibc-devel ksh libaio-devel libstdc++-devel net-tools nfs-utils psmisc smartmontools sysstat unzip xorg-x11-utils xorg-x11-xauth
curl -O https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm
sudo rpm -i oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm
sudo rpm -i oracle-database-ee-19c-1.0-1.x86_64.rpm

Config /etc/hosts


sudoedit /etc/hosts
<server fixed IP> <server hostname>

Config





sudoedit /etc/init.d/oracledb_ORCLCDB-19c
export ORACLE_SID=ORCL
export CREATE_AS_CDB=false
sudo cp /etc/sysconfig/oracledb_ORCLCDB-19c.conf /etc/sysconfig/oracledb_ORCL-19c.conf
sudo /etc/init.d/oracledb_ORCLCDB-19c configure

Check config log


sudo su - oracle
less /opt/oracle/cfgtoollogs/dbca/ORCLCDB/ORCLCDB.log

Set Environment Variables for Oracle user





sudo su - oracle
vim ~/.bash_profile
export ORACLE_HOME=/opt/oracle/product/19c/dbhome_1
export ORACLE_SID=ORCL
export PATH=$PATH:$ORACLE_HOME/bin

Create a DBA user


sudo su - oracle
sqlplus / as sysdba


CREATE USER mydba IDENTIFIED BY "mypassword";
GRANT DBA TO mydba;

Firewall


sudo firewall-cmd --permanent --add-port=1521/tcp
sudo firewall-cmd --reload

Install on CentOS 8



sudo dnf install https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/getPackage/oracle-database-preinstall-19c-1.0-1.el8.x86_64.rpm
sudo echo <ip> <FQDN> <short hostname> >> /etc/hosts
sudo rpm -i oracle-database-ee-19c-1.0-1.x86_64.rpm

Config

sudoedit /etc/init.d/oracledb_ORCLCDB-19c
export ORACLE_SID=ORCL
export CREATE_AS_CDB=false
sudo /etc/init.d/oracledb_ORCLCDB-19c configure

Check config log


sudo su - oracle
less /opt/oracle/cfgtoollogs/dbca/ORCLCDB/ORCLCDB.log

Set Environment Variables for Oracle user





sudo su - oracle
vim ~/.bashrc
export ORACLE_HOME=/opt/oracle/product/19c/dbhome_1
export ORACLE_SID=ORCL
export PATH=$PATH:$ORACLE_HOME/bin

Create a DBA user


sudo su - oracle
sqlplus / as sysdba


CREATE USER mydba IDENTIFIED BY "mypassword";
GRANT DBA TO mydba;

Firewall


sudo firewall-cmd --permanent --add-port=1521/tcp
sudo firewall-cmd --reload

Oracle

Tablespace


CREATE TABLESPACE TTT DATAFILE 'ttt_data.dbf' SIZE 10m AUTOEXTEND ON NEXT 10m;
DROP TABLESPACE TTT INCLUDING CONTENTS AND DATAFILES CASCADE CONSTRAINTS;

Privileges







-- DBA
SELECT * FROM ROLE_TAB_PRIVS;
SELECT * FROM DBA_SYS_PRIVS;
SELECT * FROM DBA_TAB_PRIVS;
SELECT * FROM DBA_ROLE_PRIVS;
-- Normal user
SELECT * FROM USER_ROLE_PRIVS;

Backup Table


create table aaa_bak as select * from aaa;

Log Rotation

logrotate

logrotate.d

Convention is to put logrotate config file in directory logrotate.d








/path/to/log/file {
    compress
    copytruncate
    daily
    dateext
    dateformat .%Y%m%d
    rotate 999
}

logrotate manually

logrotate -s /path/to/logrotate/state/file /path/to/logrotate/config/file
logrotate -fs /dev/null /path/to/logrotate/config/file
logrotate /path/to/config/file &>/dev/null

/usr/sbin/logrotate /etc/logrotate.d/config &>/dev/null

/var/log/tomcat/catalina.out {
    compress
    copytruncate
    rotate 3
    postrotate
        find /var/log/tomcat/ -mtime +3 -exec rm {} \;
    endscript
}

Shell Scripts

Bash

Absolute path of script


file=$(cd "$0"; pwd)
directory=$(cd $(dirname "$0"); pwd)

Container

Docker

Restart Policy

docker run --restart always ...
docker update --restart=always <container>
- docker inspect <container>

Windows

Excluded Port ranges

Clear a lot of ports that used by The Windows NAT Driver service.




netsh interface ipv4 show excludedportrange protocol=tcp
net stop winnat
net start winnat
netsh interface ipv4 show excludedportrange protocol=tcp

Linux

RPM Download (RedHat, CentOS)

Download RPM that already installed.
- --destdir: destination directory
- --resolve: download dependencies (that are not installed).


sudo yum install yum-utils
yumdownloader <package-name>

Create User




groupadd --gid 1234 mygroup
useradd --gid mygroup --uid 1234 myuser
passwd mypassword
usermod -aG wheel myuser

Network

Disable IPv6 on a specific interface

CentOS 7
- /etc/sysctl.conf
  - net.ipv6.conf.eth0.disable_ipv6 = 1
CentOS 8
- nmcli con modify eth0 ipv6.method disable

CentOS 8

PPPoE

Install (by DVD)




sudo mount /dev/sr0 /mnt
sudo rpm -i /mnt/BaseOS/Packages/ppp-<package version>.x86_64.prm
sudo rpm -i /mnt/BaseOS/Packages/NetworkManager-ppp-<package version>.x86_64.rpm
sudo umount /mnt

Install (by network)


sudo dnf install NetworkManager-ppp

Configure Network Manager







sudo nmcli connection edit type pppoe
nmcli> set pppoe.username <PPPoE username, e.g. xxxxxxxx@hinet.net>
nmcli> set pppoe.password <PPPoE password>
nmcli> set connection.interface-name eth0
nmcli> set connection.zone external
nmcli> set ipv6.method disabled
nmcli> save & quit

DHCP Server








sudo nmcli con modify Wired\ connection\ 1 connection.id eth1
sudo nmcli con modify eth1 ipv6.method disabled
sudo nmcli con modify eth1 ipv4.method manual ipv4.addresses 192.168.255.254/16
# sudo nmcli con modify eth1 connection.autoconnect yes
sudo nmcli con up eth1
sudo dnf install dhcp-server
sudo cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
sudoedit /etc/dhcp/dhcpd.conf

NAT



sudo nmcli con modify pppoe connection.zone external
sudo nmcli con modify eth1 connection.zone internal
sudo firewall-cmd --set-default-zone=external