cloud engineer
If you don’t want a file edited or deleted, you can set the immutable attribute to ON. If activated, not even root or the owner of the file can delete it. Users with write access can still read it, but they obviously will not be able to modify it. To unset it, just use the -i option.
# Set immutable attribute sudo chattr +i text.txt # Unset immutable attribute sudo chattr -i text.txt |
# Set immutable attribute sudo chattr +i text.txt # Unset immutable attribute sudo chattr -i text.txt
Create a new interface via AWS CLI with static IP.
$ aws ec2 create-network-interface \ --subnet-id subnet-xxxxxxx \ --description "second ip" \ --groups sg-xxxxxxx \ --private-ip-address 10.0.0.16 |
$ aws ec2 create-network-interface \ --subnet-id subnet-xxxxxxx \ --description "second ip" \ --groups sg-xxxxxxx \ --private-ip-address 10.0.0.16
Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues.
# Find out if tcpdump is installed $ which tcpdump /usr/sbin/tcpdump # Install tcpdump sudo yum install -y tcpdump # Find which interface is available to you tcpdump -D # Capture on eth0. Use Ctrl-C to end capture. tcpdump -i eth0 # Capture after 10 packets tcpdump -i eth0 -c10 # Filter by port tcpdump -i any -c10 -nn port 80 # Filter by ip address tcpdump -i any -c10 -nn host 192.168.1.23 # Filter by source or destination ip tcpdump -i any -c10 -nn src 192.168.1.23 tcpdump -i any -c10 -nn dst 192.168.1.23 # Filter by destination ip and port tcpdump -i any -c5 -nn src 192.168.1.23 and port 80 # Save output to a file (binary format) tcpdump -i any -c10 -nn -w http.pcap port 80 # Save output to a file (text format) tcpdump -nn -r http.pcap |
# Find out if tcpdump is installed $ which tcpdump /usr/sbin/tcpdump # Install tcpdump sudo yum install -y tcpdump # Find which interface is available to you tcpdump -D # Capture on eth0. Use Ctrl-C to end capture. tcpdump -i eth0 # Capture after 10 packets tcpdump -i eth0 -c10 # Filter by port tcpdump -i any -c10 -nn port 80 # Filter by ip address tcpdump -i any -c10 -nn host 192.168.1.23 # Filter by source or destination ip tcpdump -i any -c10 -nn src 192.168.1.23 tcpdump -i any -c10 -nn dst 192.168.1.23 # Filter by destination ip and port tcpdump -i any -c5 -nn src 192.168.1.23 and port 80 # Save output to a file (binary format) tcpdump -i any -c10 -nn -w http.pcap port 80 # Save output to a file (text format) tcpdump -nn -r http.pcap
Here’s a good intro article about tcpdump.
MTU means maximum transmission unit. The default value is 1500 for Ethernet, which is also the standard for the Internet. If your application or network requires a different MTU size, you can set the MTU size by running the following commands.
# Edit ifcfg-eth0 vi /etc/sysconfig/network-scripts/ifcfg-eth0 #Add MTU, settings: MTU="1460" # Save and close the file. Restart networking: service network restart |
# Edit ifcfg-eth0 vi /etc/sysconfig/network-scripts/ifcfg-eth0 #Add MTU, settings: MTU="1460" # Save and close the file. Restart networking: service network restart
Linux has tail command. What about Windows? You can use Powershell to tail a file.
Get-Content myLog.log –Wait |
Get-Content myLog.log –Wait
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
Here’s the AWS IAM policy to push and pull images from Docker within ECR.
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/your-custom-role" ], "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ] } ] } |
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/your-custom-role" ], "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ] } ] }
Passive FTP is a FTP mode that alleviates the issues with client firewalls. The client initiates a call to the server. The return traffic is allowed as long as the client has initiated it. In addition, the server sends a port command along with an ephemeral port that the client can connect to. The client initiates a call on that ephemeral port, and the connection is then established.
Egress port 21 and ephemeral ports 1024-65535 needs to be opened from the client side.
# From the client side, egress port 21 must be open. tcp:21 # From the client side, ephemeral ports from port 1024 to 165535 must be open. tcp:1024-165535 |
# From the client side, egress port 21 must be open. tcp:21 # From the client side, ephemeral ports from port 1024 to 165535 must be open. tcp:1024-165535
Here’s how to change instance types via the command line
# Set Project gcloud config set project your-project-id # Change instance type to 2 CPU 20GB memory. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-20480 # Change instance type to original settings. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-15360 |
# Set Project gcloud config set project your-project-id # Change instance type to 2 CPU 20GB memory. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-20480 # Change instance type to original settings. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-15360