Using
rsync over ssh
http://oreilly.com/pub/h/38
http://kevin.vanzonneveld.net/techblog/article/synchronize_files_with_rsync/
rsync - exclude files and folders
http://articles.slicehost.com/2007/10/10/rsync-exclude-files-and-folders
Installing ssh and
rsync on a Windows machine
http://optics.ph.unimelb.edu.au/help/rsync/rsync_pc1.html
How To
scp, ssh and
rsync without prompting for password
http://blogs.oracle.com/jkini/entry/how_to_scp_scp_and
Crontab – Quick Reference
http://adminschoice.com/crontab-quick-reference
Quick Logins with ssh Client Keys
http://oreilly.com/pub/h/66
Linux Users and Sudo
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo
Bash scripting Tutorial
http://linuxconfig.org/Bash_scripting_Tutorial
Bourne Shell Reference
http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/
Linux User Management commands
http://www.comptechdoc.org/os/linux/commands/linux_cruserman.html
How do I create
create a new Linux user account
?
http://www.cyberciti.biz/faq/howto-add-new-linux-user-account/
- check if a mail server supports SMTP-TLS
$
openssl s_client -connect mail
.example.com:25 -
starttls smtp
openssl s_client -connect 193.140.13.215:25 -
starttls smtp
openssl s_client -
starttls smtp -connect 193.140.13.215:25 -debug
IP v6
telnet
telnet -6 193.140.13.215 25
IP v4
telnet
telnet -4 193.140.13.215 25
find out which SMTP server
(s) is responsible for the domain
nslookup -
type=mx example
.local
nslookup -
type=mx mail
.google.com
dig example
.local mx
dig mail
.google.com mx
Verify connectivity to the SMTP server
nc 193.140.13.215 25
telnet vsp1
.example
.local 25
telnet 193.140.13.215 25
https://halon.io/blog/how-to-test-smtp-servers-using-the-command-line
- How internet security works: TLS, SSL, and CA
By default, a website is not secure if it uses the HTTP protocol.
If you see a warning sign, which is rare for most publicly facing websites, it usually means that the certificate
is expired or uses a self-signed certificate instead of one issued through a trusted CA.
Internet protocols with TLS and SSL
TLS is the current generation of the old Secure Socket Layer (SSL) protocol.
There are six layers that make up the internet as we know it today: physical, data, network, transport, security, and application. The physical layer is the base foundation, and it is closest to the actual hardware. The application layer is the most abstract layer and the one closest to the end user.
The security layer can be considered a part of the application layer, and TLS and SSL, which are the cryptographic protocols designed to provide communications security over a computer network, are in the security layer.
Certificate authorities and self-signed certificates
A CA is a trusted organization that can issue a digital certificate.
TLS uses a mechanism called asymmetric encryption, which is a pair of security keys called a private key and a public key
The essential thing to know is that CAs, like GlobalSign, DigiCert, and GoDaddy, are the external trusted vendors that issue certificates that are used to validate the TLS/SSL certificate used by the website.
This certificate is imported to the hosted server to secure the website.
developers and website administrators need a simpler way to test websites before they're deployed to production; this is where self-signed certificates come in.
A self-signed certificate is a TLS/SSL certificate that
is signed by the person who creates it rather than a trusted CA.
Open source tools for generating certificates
https://opensource.com/article/19/11/internet-security-tls-ssl-certificate-authority?sc_cid=70160000001273HAAQ
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library
https://www.openssl.org/
- easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revocation lists (CRL).
https://github.com/OpenVPN/easy-rsa
CloudFlare's PKI/TLS toolkit
https://github.com/cloudflare/cfssl
Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults
https://github.com/Netflix/lemur
