styk.tv

Cloud Developer's Technology Encounters

Mac Uninstall Java & Switch Java Versions

by polfilm on August 17, 2015

# Uninstall JDK
sudo rm -rf /Library/Java/JavaVirtualMachines/jdk<version>.jdk
sudo rm -rf /Library/PreferencePanes/JavaControlPanel.prefPane
sudo rm -rf /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin

#Add Ability to switch between 7 & 8
export JAVA_8_HOME=$(/usr/libexec/java_home -v1.8)
export JAVA_7_HOME=$(/usr/libexec/java_home -v1.7)

alias java7='export JAVA_HOME=$JAVA_7_HOME'
alias java8='export JAVA_HOME=$JAVA_8_HOME'

#default java8
export JAVA_HOME=$JAVA_8_HOME

Encrypt files using your public key and OpenSSL

by polfilm on July 24, 2015

==== GET PUBLIC KEY FROM CERT - CONVERT P12 to PEM
openssl pkcs12 -in my.client.cert.p12 -out my.client.cert.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

=== GET PUBLIC KEY FROM CERT - EXTRACT PUBLIC KEY
openssl rsa -in my.client.cert.pem -pubout -out my.client.cert.pub
Enter pass phrase for my.client.cert.pem:
writing RSA key

=== ENCRYPT FILE - GENERATE RANDOM PASS
openssl rand -base64 40 -out pass.txt

=== ENCRYPT FILE - USE PASSWORD TO ENCRYPT FILE
openssl enc -e -aes-256-cbc -salt -pass file:pass.txt -in <filename> -out <filename>
e.g.
openssl enc -e -aes-256-cbc -salt -pass file:pass.txt -in somefile -out somefile.encrypted

=== ENCRYPT FILE - ENCRYPT PASS.TXT WITH PUBLIC KEY
openssl rsautl -encrypt -pubin -inkey <public key> -in <original file> -out <encrypted file>
e.g.
openssl rsautl -encrypt -pubin -inkey my.client.cert.pub -in pass.txt -out pass.encrypted

>> file is now encrypted
>> pass.txt can be deleted

=== DECRYPT FILE - DECRYPT PASSWORD
openssl rsautl -decrypt -inkey <pem file> -in <encrypted file> -out <original file>
e.g.
openssl rsautl -decrypt -inkey my.client.cert.pem -in pass.encrypted -out pass.txt

=== DECRYPT FILE - USE PASSWORD TO DECRYPT FILE
openssl enc -d -aes-256-cbc -pass file:pass.txt -in <filename>  -out <filename>
e.g.
openssl enc -d -aes-256-cbc -pass file:pass.txt -in somefile.encrypted -out somefile

>> delete pass.txt (no longer needed)

Screen

by polfilm on July 11, 2015

screen -list to list defatched
screen -r <screenID> to attach back
screen -d -r attach all

screen command Task
Ctrl+a c Create new window
Ctrl+a k Kill the current window / session
Ctrl+a w List all windows
Ctrl+a 0-9 Go to a window numbered 0 9, use Ctrl+a w to see number
Ctrl+a Ctrl+a Toggle / switch between the current and previous window
Ctrl+a S Split terminal horizontally into regions and press Ctrl+a c to create new window there
Ctrl+a :resize Resize region
Ctrl+a :fit Fit screen size to new terminal size. You can also hit Ctrl+a F for the the same task
Ctrl+a :remove Remove / delete region. You can also hit Ctrl+a X for the same taks
Ctrl+a tab Move to next region
Ctrl+a D (Shift-d) Power detach and logout
Ctrl+a d Detach but keep shell window open
Ctrl-a Ctrl-\ Quit screen
Ctrl-a ? Display help screen i.e. display a list of commands

Docker Bench for Security

by polfilm on June 10, 2015

The Docker Bench for Security is a script that checks for all the automatable tests included in the CIS Docker 1.6 Benchmark. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post.

We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.

https://github.com/docker/docker-bench-security

Docker Hadoop Spark Setup

by polfilm on March 12, 2015

CentOS 7 x86_64 Devel AtomicHost EBS HVM 20150306_01 – ami-a522b0d2
CentOS 7 (x86_64) with Updates HVM – ami-e4ff5c93

DenyHosts

by polfilm on January 21, 2015

If you’re getting bombarded with brute force login attempts. Below will install DenyHosts as a daemon that will with default settings scan your /var/log/secure for failed login attempts. It is initially set to 5 failed attempts and then IP ends up in the hosts.deny file. You should get a good long look a the .cfg file to understand full capabilities. (For example running against Apache logs for web attacks)

wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control
cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
service denyhosts start 
tail -f /etc/hosts.deny /var/log/secure

Root Zone Database

by polfilm on January 12, 2015

The Root Zone Database represents the delegation details of top-level domains, including gTLDs such as .com, and country-code TLDs such as .uk.

http://data.iana.org/TLD/tlds-alpha-by-domain.txt

Registrars List (UK)
http://www.nominet.org.uk/uk-domain-names/registering-uk-domain/choosing-registrar/list-registrars