Sunday, November 27, 2011

linux/unix tutorials

Using rsync over ssh
http://oreilly.com/pub/h/38
http://kevin.vanzonneveld.net/techblog/article/synchronize_files_with_rsync/

rsync - exclude files and folders
http://articles.slicehost.com/2007/10/10/rsync-exclude-files-and-folders

Installing ssh and rsync on a Windows machine
http://optics.ph.unimelb.edu.au/help/rsync/rsync_pc1.html

How To scp, ssh and rsync without prompting for password
http://blogs.oracle.com/jkini/entry/how_to_scp_scp_and


Crontab – Quick Reference
http://adminschoice.com/crontab-quick-reference

Quick Logins with ssh Client Keys
http://oreilly.com/pub/h/66

Linux Users and Sudo
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo

Bash scripting Tutorial
http://linuxconfig.org/Bash_scripting_Tutorial

Bourne Shell Reference
http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/



Linux User Management commands
http://www.comptechdoc.org/os/linux/commands/linux_cruserman.html

How do I create create a new Linux user account ?
http://www.cyberciti.biz/faq/howto-add-new-linux-user-account/



  • check if a mail server supports SMTP-TLS



$ openssl s_client -connect mail.example.com:25 -starttls smtp

openssl s_client -connect 193.140.13.215:25 -starttls smtp

openssl s_client   -starttls smtp -connect 193.140.13.215:25 -debug


IP v6 telnet
telnet -6 193.140.13.215 25

IP v4 telnet
telnet -4 193.140.13.215 25


find out which SMTP server(s) is responsible for the domain
nslookup -type=mx example.local
nslookup -type=mx mail.google.com

dig example.local mx
dig mail.google.com mx

Verify connectivity to the SMTP server
nc 193.140.13.215 25

telnet vsp1.example.local 25
telnet 193.140.13.215 25


https://halon.io/blog/how-to-test-smtp-servers-using-the-command-line


  • How internet security works: TLS, SSL, and CA

By default, a website is not secure if it uses the HTTP protocol.
If you see a warning sign, which is rare for most publicly facing websites, it usually means that the certificate is expired or uses a self-signed certificate instead of one issued through a trusted CA.
Internet protocols with TLS and SSL
TLS is the current generation of the old Secure Socket Layer (SSL) protocol.
There are six layers that make up the internet as we know it today: physical, data, network, transport, security, and application. The physical layer is the base foundation, and it is closest to the actual hardware. The application layer is the most abstract layer and the one closest to the end user. The security layer can be considered a part of the application layer, and TLS and SSL, which are the cryptographic protocols designed to provide communications security over a computer network, are in the security layer.
Certificate authorities and self-signed certificates
A CA is a trusted organization that can issue a digital certificate.
TLS uses a mechanism called asymmetric encryption, which is a pair of security keys called a private key and a public key
The essential thing to know is that CAs, like GlobalSign, DigiCert, and GoDaddy, are the external trusted vendors that issue certificates that are used to validate the TLS/SSL certificate used by the website.
This certificate is imported to the hosted server to secure the website.
developers and website administrators need a simpler way to test websites before they're deployed to production; this is where self-signed certificates come in.
A self-signed certificate is a TLS/SSL certificate that is signed by the person who creates it rather than a trusted CA.

Open source tools for generating certificates
https://opensource.com/article/19/11/internet-security-tls-ssl-certificate-authority?sc_cid=70160000001273HAAQ


  • Welcome to OpenSSL!

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library
https://www.openssl.org/

  • easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revocation lists (CRL).

https://github.com/OpenVPN/easy-rsa

  • CFSSL

CloudFlare's PKI/TLS toolkit
https://github.com/cloudflare/cfssl

  • Lemur

Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults
https://github.com/Netflix/lemur

No comments:

Post a Comment