• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for November 2019

Set Immutable Attribute

November 27, 2019

If you don’t want a file edited or deleted, you can set the immutable attribute to ON. If activated, not even root or the owner of the file can delete it. Users with write access can still read it, but they obviously will not be able to modify it. To unset it, just use the -i option.

# Set immutable attribute
sudo chattr +i text.txt
 
# Unset immutable attribute
sudo chattr -i text.txt

# Set immutable attribute sudo chattr +i text.txt # Unset immutable attribute sudo chattr -i text.txt

Filed Under: Linux Tagged With: attribute, delete, immutable, read, root, write

AWS CLI Add Network Interface

November 27, 2019

Create a new interface via AWS CLI with static IP.

$ aws ec2 create-network-interface \
--subnet-id subnet-xxxxxxx \
--description "second ip" \
--groups sg-xxxxxxx \
--private-ip-address 10.0.0.16

$ aws ec2 create-network-interface \ --subnet-id subnet-xxxxxxx \ --description "second ip" \ --groups sg-xxxxxxx \ --private-ip-address 10.0.0.16

Filed Under: Cloud Tagged With: aws, cli, network-interface, subnet

Tcpdump

November 27, 2019

Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues.

# Find out if tcpdump is installed
$ which tcpdump
/usr/sbin/tcpdump
 
# Install tcpdump
sudo yum install -y tcpdump
 
# Find which interface is available to you
tcpdump -D
 
# Capture on eth0. Use Ctrl-C to end capture.
tcpdump -i eth0
 
# Capture after 10 packets
tcpdump -i eth0 -c10
 
# Filter by port
tcpdump -i any -c10 -nn port 80
 
# Filter by ip address
tcpdump -i any -c10 -nn host 192.168.1.23
 
# Filter by source or destination ip
tcpdump -i any -c10 -nn src 192.168.1.23
tcpdump -i any -c10 -nn dst 192.168.1.23
 
# Filter by destination ip and port
tcpdump -i any -c5 -nn src 192.168.1.23 and port 80
 
# Save output to a file (binary format)
tcpdump -i any -c10 -nn -w http.pcap port 80
 
# Save output to a file (text format)
tcpdump -nn -r http.pcap

# Find out if tcpdump is installed $ which tcpdump /usr/sbin/tcpdump # Install tcpdump sudo yum install -y tcpdump # Find which interface is available to you tcpdump -D # Capture on eth0. Use Ctrl-C to end capture. tcpdump -i eth0 # Capture after 10 packets tcpdump -i eth0 -c10 # Filter by port tcpdump -i any -c10 -nn port 80 # Filter by ip address tcpdump -i any -c10 -nn host 192.168.1.23 # Filter by source or destination ip tcpdump -i any -c10 -nn src 192.168.1.23 tcpdump -i any -c10 -nn dst 192.168.1.23 # Filter by destination ip and port tcpdump -i any -c5 -nn src 192.168.1.23 and port 80 # Save output to a file (binary format) tcpdump -i any -c10 -nn -w http.pcap port 80 # Save output to a file (text format) tcpdump -nn -r http.pcap

Here’s a good intro article about tcpdump.

Filed Under: Linux Tagged With: analysis, firewall, network, tcpdump

Change MTU Size

November 26, 2019

MTU means maximum transmission unit. The default value is 1500 for Ethernet, which is also the standard for the Internet. If your application or network requires a different MTU size, you can set the MTU size by running the following commands.

# Edit ifcfg-eth0
vi /etc/sysconfig/network-scripts/ifcfg-eth0
 
#Add MTU, settings:
MTU="1460"
 
# Save and close the file. Restart networking:
service network restart

# Edit ifcfg-eth0 vi /etc/sysconfig/network-scripts/ifcfg-eth0 #Add MTU, settings: MTU="1460" # Save and close the file. Restart networking: service network restart

Filed Under: Cloud, Linux Tagged With: mtu, network, size

Tail A File in Windows Server

November 19, 2019

Linux has tail command. What about Windows? You can use Powershell to tail a file.

Get-Content myLog.log –Wait

Get-Content myLog.log –Wait

Filed Under: Windows Tagged With: file, log, powershell, tail, windows

AWS ECR PushPull Policy

November 19, 2019

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Here’s the AWS IAM policy to push and pull images from Docker within ECR.

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowPushPull",
      "Effect": "Allow",
      "Resource": [
            "arn:aws:iam::*:role/your-custom-role"
      ],
      "Action": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability",
        "ecr:PutImage",
        "ecr:InitiateLayerUpload",
        "ecr:UploadLayerPart",
        "ecr:CompleteLayerUpload"
      ]
    }
  ]
}

{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/your-custom-role" ], "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ] } ] }

Filed Under: Cloud Tagged With: aws, docker, ecr, iam, images, policy, pull, push

Passive FTP Firewall

November 18, 2019

Passive FTP is a FTP mode that alleviates the issues with client firewalls. The client initiates a call to the server. The return traffic is allowed as long as the client has initiated it. In addition, the server sends a port command along with an ephemeral port that the client can connect to. The client initiates a call on that ephemeral port, and the connection is then established.

Egress port 21 and ephemeral ports 1024-65535 needs to be opened from the client side.

# From the client side, egress port 21 must be open.
tcp:21
# From the client side, ephemeral ports from port 1024 to 165535 must be open.
tcp:1024-165535

# From the client side, egress port 21 must be open. tcp:21 # From the client side, ephemeral ports from port 1024 to 165535 must be open. tcp:1024-165535

Filed Under: Cloud Tagged With: aws, ephemeral, firewall, ftp, gcp, high, passive, port

GCP Change Instance Type

November 18, 2019

Here’s how to change instance types via the command line

# Set Project
gcloud config set project your-project-id
 
# Change instance type to 2 CPU 20GB memory.
gcloud compute instances set-machine-type your-server-name \
--zone us-east1-a \
--machine-type n2-custom-2-20480
 
# Change instance type to original settings.
gcloud compute instances set-machine-type your-server-name \
--zone us-east1-a \
--machine-type n2-custom-2-15360

# Set Project gcloud config set project your-project-id # Change instance type to 2 CPU 20GB memory. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-20480 # Change instance type to original settings. gcloud compute instances set-machine-type your-server-name \ --zone us-east1-a \ --machine-type n2-custom-2-15360

Filed Under: Cloud Tagged With: change, gcp, google, instance, type

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023