What Common Utility Can Provide Compression and Encryption for Files on Linux and How Would You Use It?

Problem scenario
You want to use the same command for encryption and compression. You want to avoid installing other packages. What should you do?

Solution
Use zip. The tar command by itself does NOT do compression (according to this external posting).

One advantage of zip is that it is usually pre-installed on most Linux servers. The user and group of the files thus compressed will be retained automatically.

Draft a zip command like the one below. Replace "goodfile" with the file you want to be copied into a compressed and encrypted copy. Replace "good.zip" with the name of the new compressed & encrypted file you want the command to create.

zip --encrypt good.zip goodfile # This command will prompt you for a password. Remember the password.

# Run the command after it is drafted according to the directions above.

You can move a copy to a different directory, then run this command to extract a regular version of this file that was encrypted and compressed in good.zip:

unzip good.zip # Where "good.zip" is the name of the .zip file.

If you only need to encrypt, see this external page for examples of different tools. (However, beware of drawbacks of GPG and openssl. This link provides some relevant warnings.)

If you only need to compress, see this external page for examples of different tools.

A List of I.T. Security Books

This is a list of I.T. Security books.

Applied Cryptography: Protocols, Algorithms and Source Code in C

Building Secure and Reliable Systems: SRE and Security Best Practices

Database Security

Defend I.T.: Security by Example

Hack I.T. - Security Through Penetration Testing

Hacking Exposed Web Applications, Third Edition

Hacking Web Apps: Detecting and Preventing Web Application Security Problems

Hadoop Security: Protecting Your Big Data Platform

Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps

Identity and Data Security for Web Development: Best Practices

Implementing Database Security and Auditing

Internet Security: How to Defend Against Attackers on the Web (Jones & Bartlett Learning Information Systems Security & Assurance)

Linux Hardening in Hostile Networks: Server Security from TLS to Tor (Pearson Open Source Software Development Series)

Mastering Linux Security and Hardening: Secure your Linux server and protect it from intruders, malware attacks, and other external threats

Microsoft Windows Security Essentials

Multilevel Security for Relational Databases

Network Security Through Data Analysis: From Data to Action

Oracle Database 12c Security

The Penetration Tester's Guide to Web Applications (Artech House Computer Security Series)

Practical Web Penetration Testing: Secure web applications using Burp Suite, Nmap, Metasploit, and more

Pro ASP.NET Web API Security: Securing ASP.NET Web API (Expert's Voice in .NET)

Securing DevOps: Security in the Cloud

Security for Web Developers: Using JavaScript, HTML, and CSS

The Tangled Web: A Guide to Securing Modern Web Applications

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

Web Application Security is a Stack: How to CYA (cover your apps) completely

Web Security

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast

Web Services Security

Windows Security Monitoring: Scenarios and Patterns

**********************************

For Docker container hardening, see this link.

How Do You use the Built-in Exception Handling Functionality of Python?

Problem scenario
You want to use the built-in exception handling in your Python program. You know some part or parts of the code may throw an error. How do you use the "except" keyword?

Solution
Use the "try" key word. Here is an example of a program that throws an error:

commandthatdoesnotexist
 x = 1 + 1
 print(x)

python3 progwitherror.py
Traceback (most recent call last):
File "progwitherror.py", line 1, in
commandthatdoesnotexist
NameError: name 'commandthatdoesnotexist' is not defined

Here is a re-write of the same program with the "except" keyword:

try:
   commandthatdoesnotexist
 except NameError:
   print("Got into this exception.  Program will continue")
x = 1 + 1
print(x)

Here is the output of the program after it runs:

Got into this exception. Program will continue
2

There are many other errors beside "NameError" that can be supported by except.

With "SyntaxError", it does not catch any Syntax Error. It only catches those arising from eval, exec or import (as explained here).

If you want to learn more about the except feature, see this external posting.

How Do You Troubleshoot HBase Commands That Hang?

Problem scenarios
One of the following apply to you.

Problem #1
You run an HBase command but it hangs indefinitely, and there is no error. What could be the problem?

Problem #2
You run an HBase command but you see this:
"ERROR: KeeperErrorCode = ConnectionLoss for /hbase/master"

Solution
Has Zookeeper been started?

You may need to go to the Zookeeper server and run these commands:
cd /bin/zookeeper-"$version"/bin
sudo bash zkServer.sh start-foreground

How Do You Get the Kibana Web UI to Work?

Problem scenario
You want to try out he Kibana web UI. You are using Linux. How do you get Kibana to work?

Solution
Prerequisites
Install the ElasticStack. If you need assistance, see "How Do You Install the Elastic Stack on Any Type of Linux?"

Procedures

1. Install nginx. If you need assistance, see these postings:
How Do You Install Nginx on a Debian/Ubuntu Server?
How Do You Install Nginx on a CentOS/RHEL/Fedora Server?

2. Find kibana.yml and modify it (e.g., sudo vi /opt/kibana/config/kibana.yml). Uncomment out these two lines (which may not be near each other) if they are commented out:

server.port: 5601
server.host: "localhost"

3. Modify the default.conf file (e.g., /etc/nginx/conf.d/default.conf on a Red Hat derivative of Linux or /etc/nginx/sites-available/default on a Debian distribution of Linux). Replace the "location / { }" lines with these lines:
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}

4. Run these commands:

sudo systemctl stop kibana
sudo systemctl enable kibana
sudo systemctl start kibana
sudo systemctl stop nginx
sudo systemctl start nginx

5. Open a web browser. Go to the external IP address of the server. (If you need help determining this, from the back-end run curl icanhazip.com if your Nginx server has internet access.)

How Do You Connect to an Aurora MySQL Database from a Linux Server with a MySQL Command?

Problem scenario
You are using an Aurora or RDS MySQL database. You have a Linux server that you want to run MySQL commands from (rather than install a SQL front-end). What should you do?

Solution

1. Install a MySQL client. If you need assistance with this, see this posting.

2. Make sure the Security Group governing the Aurora or RDS region allows for incoming connections from one of the following:
a) if you are using an EC-2 server in the same region, the internal IP address of the server ip addr show | grep inet
b) the external IP address of the server (e.g., visible in the result of a curl icanhazip.com command)

3. Test it by using this (with no special designation of a database beyond the endpoint and no port number):

mysql -hnameofauroraendpoing-us-west-2b.abcd1234.us-west-2.rds.amazonaws.com -ujdoe -pgoodpassword

# (Replace "nameofauroraendpoing-us-west-2b.abcd1234.us-west-2.rds.amazonaws.com" with the endpoint.
#  You can find it in the AWS web console or via an AWS CLI command.
#  If you have the AWS CLI configured run this commmand: aws rds describe-db-instances | grep Address
#  If you need assistance installing and configuring the AWS CLI, see the postings linked at the bottom.* 
#  Replace "jdoe" with the Aurora database master username.
#  Replace "goodpassword" with the Aurora database master password.

*One posting is How Do You Install and Configure the AWS CLI on a Linux Server (without the pip Command)?"
Another article is How Do You Install the AWS CLI on an Ubuntu Server?

How Do You Change The “From” Address in an Email Sent via the Mail Command on Linux?

Problem scenario
You want Linux to send out an email with a alias email address in the "From" field. You are using the mail command on a Linux server. You want to customize the "from" address in the emails that you send. What do you do to choose your own "from" email address (e.g., jdoe@myowndomain.com) in the email that is sent out?

Solution

Prerequisites
You need to have mailx installed. If you are using a Red Had derivative, use this command: sudo yum -y install mailx

Procedures
Use this:

echo "payLoad of Message" | mail -s "placeSubjectHere" -r email@from.com destiny@destination.com

-replace "payload of Message" with the message you want to send
-replace "placeSubjectHere" with the subject of your email
-replace "email@from.com" with the email address that you want the email to appear to be from
-replace "destiny@destination.com" with the destination email address

How Do You Write a Python Program to Show the Status of the Servers in AWS?

Problem scenario
You want to list the statuses of each EC-2 instance in AWS using Python. How do you do this for a given region in AWS (e.g., us-west-1)?

Solution
Prerequisites
This assumes you have installed Boto3. If you do not know how, see this posting "How do you install Boto 3 on a RHEL server in AWS?"

Procedures
Use this program:

# Usage instructions 
# 1. replace "aaa111" with the aws_access_key_id of your account
# 2. replace "bbb222" with the aws_secret_access_key of your account
# If you are not sure how to find these credentials do the following:
#  To find the AWS Access Key ID and AWS Secret Access Key, in the AWS console, click on your name in the upper right hand corner. 
# Then click on "My Security Credentials."  Click "Create New Access Key"  Click "Show Access Key." 
#  3.  Replace us-west-1 with the region that you want to list Ec-2 instances for.
#  To run it, call it test3.py and run it with a command like this: "python test3.py"

import boto3

ec2 = boto3.resource('ec2', aws_access_key_id='aaa111', aws_secret_access_key='bbb222', region_name='us-west-1')

for status in ec2.meta.client.describe_instance_status()['InstanceStatuses']:
    print(status)

As a reference, you may go here to learn more about Boto's features.

How Do You Troubleshoot This Problem “[ERROR KubeletVersion]: couldn’t get kubelet version: executable file not found in $PATH”?

Problem scenario
You run this command: sudo kubeadm init

You get this problem: "[ERROR KubeletVersion]: couldn't get kubelet version: executable file not found in $PATH"

What should you do?

Solution
Install kubelet. See this posting you need assistance. (If it is a Red Hat distribution of Linux, you can try How Do You Install kubectl, kubeadm, and kubelet on a CentOS/RHEL/Fedora Server?.)

If it was already installed, use this command to find it: sudo find / -name kubelet

Then either move the file to /usr/bin/ or run a command like this:
sudo ln -s /path/to/kublet /usr/bin/ # replace "path/to" with the path to the file found above.

Now try your kubeadm command again.