How Do You Find the Different Logging Levels of the /var/log/syslog?

Problem scenario
You have heard about different operating system events being classified in different levels.  Lesser events can be captured with logging is verbose.  Major events can render a system useless.  You know system logging is normally done in a file called /var/log/syslog.  How do you find out which levels there are from most significant to least significant?

Solution
Use this command: man syslog

Search for the word "level" by typing this: /level <press enter>

Below is what we found from the man page for syslog on a Linux server (except the #* comment):

       LOG_EMERG      system is unusable

       LOG_ALERT      action must be taken immediately

       LOG_CRIT       critical conditions

       LOG_ERR        error conditions

       LOG_WARNING    warning conditions

       LOG_NOTICE     normal, but significant, condition

       LOG_INFO       informational message

       LOG_DEBUG      debug-level message

#*  Professionals remember the order of significance with the mnemonic "do I notice when evenings come around early?"  If you can remember what happens after the summer solstice, you can remember the levels of significance of the descriptive Linux logging designations.

How Do You Find the Most Recent Exit Code in Linux?

Problem scenario
When a command stops, it returns an exit code. You want to learn more about exit codes starting with the variable that stores the most recently completed Linux command's exit code.  Every time you use $? in Linux, you get 0. Why is this?

Solution
There are four links that can help you learn more.  Two are from The Linux Documentation Project (one here and another here).  Cyberciti.biz has one.  And RedHat's article may still be noted as "unverified."  You do not need to go to any of these four.  

The Bash built-in variable $? stores the last exit status code.  It pertains to a process that has completed.  When you run commands successfully, the exit code is 0.

You could try to run this [garbage] command:

;lkjasdf

Then try this command twice:

exit $?

# The second time should return a zero because the exit code associated with "exit $?" should have been a "0".

You could also run this script:

echo "This script helps you learn about exit codes."
part1="try this command 'echo $"
part2="?' two or more times"
echo $part1$part2
exit 1

#Follow what the output of the script says.

How Do You Troubleshoot an s3cmd Error About “.s3cfg: None”?

Problem scenario
You are trying to run an s3cmd command (e.g., s3cmd ls), but it is not working.  You run an s3cmd command and you get this:

ERROR: /home/jdoe/.s3cfg: None
ERROR: Configuration file not available.
ERROR: Consider using --configure parameter to create one.

What do you do?

Possible Solution #1
1.  sudo find / -name .s3cfg
2.  Copy the .s3cfg location to the /home/jdoe/ directory path as displayed in the error message.

Possible solution #2
If you know .s3cfg file exists in the location the error refers to, run this command (where /home/jdoe is the path to the .s3cfg file):

sudo chmod 604 /home/jdoe/.s3cfg

How Do You Troubleshoot a Network Problem?

Note:  This posting should help you troubleshoot many different network problems (not just those described in the problem scenario below).  Possible solutions 1 through 5 are ideal for erratic nmap results (inconsistent or discrepant output). 

Problem scenario
A port seems blocked on a Linux server given the results of nmap. The host appears to be down. You know this port is not blocked by intermediate routers and/or firewalls.  You know the server is turned on.  Sometimes you get false negatives with nmap.  How do you troubleshoot a network problem with a port that seems blocked but is not truly blocked insofar as you can tell?

Solution
If there are commands in bold, the outermost (and possibly the only) quotes should be ignored when actually entering them into a command prompt.

Possible solution #1
Verify the IP addresses are really what you think.  Sometimes with VPNs, routing tables, DNS issues, DHCP or NAT, an IP address can become confused by the professional herself.

Possible solution #2
n.b.  This is only relevant for Docker containers.  If you are not running Docker, skip this possible solution.  There could be a web service on the Linux server that maps the inbound port to a different port.  This separate port could be blocked by an intermediate [hardware or software] firewall.  This can happen when a web service is run in a Docker container.  A .yml file will map the listening, inbound port to another port.  This can create the problem scenario described above.  You can change the mapping of the .yml file and restart the Docker container.  Or you can open up the firewall to allow connectivity on the second port involved.

Possible solution #3
Use nmap -Pn x.x.x.x (not the -p flag and a specific port).  The short reason why this may work is that it bypasses a process called "host discovery" that is invoked with the -p flag (to test a specific port).  If the "host discovery" process fails, and it happens initially, then nmap will report that the host appears down when it is not.  Remember that nmap -Pn x.x.x.x only scans 1000 ports. There are 65535 TCP ports total. To scan every port, try this: nmap -p 1-65535 x.x.x.x

For more details, see the * below.

Possible solution #4
Use sudo nmap -p 55 x.x.x.x (where 55 is the port you are testing and x.x.x.x is the IP address).  When nmap is run with a non-root user without the "sudo " in front, two ports are tested in the host discovery phase.  This is an initial, behind-the-scenes process.  If both of these ports (80 and 443) are blocked, nmap will report failure.  With "sudo " in front, four ports are used.  You have more chances of getting past the initial host discovery phase with a leading "sudo " invocation.**
You may get output such as this (without the "sudo" before the name command):

Starting Nmap 7.40 ( https://nmap.org ) at 2018-04-10 10:56 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

The above problem can be circumvented if you use the sudo command before nmap. (You may want to see this posting too.)

Possible solution #5
Use the "-d" flag at the end of the nmap command.  The nmap utility has many processes that happen behind the scenes.  To see the print out of these processes verbosely in real time, add the -d flag like this:
nmap -p 22 x.x.x.x -d

Possible solution #6
Try ping and traceroute.  These commands may reveal something new to help you find the problem.  This is a "back to basics" approach that can be overlooked by intermediate level (not advanced) network engineers.  If ping shows a packet loss above 0%, then you may want to read this posting. If traceroute provides only "* * *" as output, try the traceroute command with "sudo " in front and the " -I" flag after the traceroute command but before the IP address like this:  sudo traceroute -I x.x.x.x You may also want to see this posting for details about TTL packets.

Possible solution #7
If you are using Windows, use tracert from a DOS prompt.  tracert works like traceroute.  You can use test-netconnection in newer versions of PowerShell.  This command works like nmap with different options to use when you run it.  If you are using PowerShell version 3 (which does not have test-netconnection), you can see this posting.  You never know what Windows hosts may reveal.  These options may help. You may also want to see this posting for details about TTL packets.

Possible solution #8
You may want to install Cacti on a Linux server in your network.  If your network is flooded with packets from a malware infection or a DDoS attack, Cacti may help show you the congestion graphically and isolate the source.  Collisions in a network can degrade network performance.  Packets can flood the network from a malfunctioning device.  For a Windows environment, you may want to view this posting.

Possible solution #9
Be aware of operating system firewalls, intermediate firewalls, and intermediate intrusion prevention systems with active rules to drop packets or reject connections from certain IP addresses and not others.  Be aware of internal IP addresses and external IP addresses.  To find an internal IP address on a Linux server, run ip addr show.  To find an external IP address on a Linux server, run curl ipinfo.io (assuming the server has access to the internet).  To find an internal IP address for a Windows server, run ipconfig from a DOS or PowerShell prompt.  To find an external IP address on a Windows server, open PowerShell and run curl ipinfo.io.  Consider that an IP address on a given server may be the one used for successful connectivity that was not the one you were expecting. To find out if there is a firewall running on Linux, see this posting.

Possible solution #10
The port might truly be blocked, but you have forgotten about some silent coworker implementing something new (e.g., applying updates to a router's flash memory or implementing a new ACL).  Was there an email that you received with the subject "Maintenance window"? Network Access Control Lists are part of AWS.

Possible solution #11
You might be on the wrong server (or a different server from the one you thought you were on).  False positives from networking utilities could be the result of being on the wrong server.  Sometimes DHCP in a highly automated or dynamic environment can contribute to what seems to be a false positive. 

Possible solution #12
Can you look at the routers and switches involved?  Do you see flashing amber or solid red lights on the network interface ports?  Did a network cable get unplugged?  Is there an electronic device that operates on the same frequency as the wireless routers?  There is a story about a network outage that happened every weekday at lunch time.  The kitchen was physically positioned between the workstations using the wireless network and the WiFi routers, the frequency of the microwaves being on would interfere with the wireless connections.   

Possible solution #13
Could the network be using IP v6 and you did not know about it?  Could the networking team have changed the routing protocols?  Was an OS patch recently released to the servers involved in your network riddle? 

Possible solution #14
If you are having trouble isolating a network problem, install tcpdump on the server that is not receiving connections properly and consistently.  You may want to run "tcpdump" on this host that is not being as responsive as you like.  tcpdump can make pings work that otherwise would not.  These threads are examples of that:
https://unix.stackexchange.com/questions/65872/ping-receives-no-packets-but-tcpdump-can-see-them-coming-in
https://security.stackexchange.com/questions/124394/nmap-says-host-down-when-host-is-up

Possible solution #15
Use the netstat command.  You can use the "-anlp" flags to produce relevant details.  You can use "grep" to find only network activity that is associated with a certain string pattern.  For example, if you can guess what port should be active, and you are running on Linux, run a command like this with one: sudo netstat -anlp | grep 8080 You should replace "8080" with the port you surmise there is activity on.  If you see no results, then that port is not active.

Possible solution #16
If your problem is that you cannot reach the internet at all with an available WiFi connection, see this link.

Possible solution #17
If you do not want to use or install nmap, and you want to test connectivity over a specific port, do the following.

If you have can configure two terminal sessions, this can work. If you cannot have more than one, use the screen command before you start the first nc command (below) so you can simulate a second terminal afterward. If you need directions installing screen, see this posting. Install the nc utility. On CentOS/RHEL/Fedora you would run sudo yum -y install nc to install it. Once nc is installed, run this command: nc -l -p 9999 > /tmp/contint.txt

From a second terminal run these two commands:

date > /tmp/orig.txt
nc 127.0.0.1 9999 < /tmp/orig.txt

Now check your work from either terminal: cat /tmp/contint.txt

Possible solution #18
A socket is an IP address and a TCP port combination. Sockets can be reachable with a curl command, but not with a ping. (Page 131 of Kubernetes in Action explains this in more detail.) Do not give up hope if you cannot ping an IP address. Pings do not use individual ports and can fail if ICMP packets are turned off; thus the socket may be working correctly (for non-theoretical purposes). It often makes sense to go "back to basics" and troubleshoot a network problem from layer 1 of the OSI model to layer 7. But sometimes it is not necessary for fixing a problem.

Ping works at layer 3 (aka Networking layer) of the OSI model (according to this posting and this posting). Individual TCP ports operate at layer 4 (aka the Transport layer) according to this posting. Ping does not have knowledge of higher layers (and thus ports), and a socket involves a port making it at layer 4 issue. Some people characterize ports to be something that is above layer 4 (such as this posting or this posting). This external page helps explain why you cannot ping a port.

Possible solution #19
If you are trying to SSH to a server but you are getting, connection refused, see this posting.

Possible solution #20
If the NIC on your workstation has no lights on, it could be that you configured the NIC in the BIOS to never turn on. The BIOS options may be in the Boot Options, and it may seem that you are enabling a boot to the NIC. We have found that turning it on will enable the NIC as normal (and unchecking it as a boot option can disable the NIC after a normal OS boot up). You do this even though you are not booting to the PXE. To see more see How Do You Get the Internet and/or NIC on Your Windows Workstation to Work?

Possible solution #21
Is selinux enabled? It can block ports. Checking the firewall rules is not enough. Run this command to see if it is running: sudo getenforce

You may see Enabled, Permissive or Disabled. If it is "Disabled", then SELinux is not the problem. To learn more about how to configure SELinux to allow connectivity over a given port, see this.

Possible solution #22
What time is it? If it is during peak business hours, there could be a spike in the network usage. Traffic congestion can create more collisions and consume available bandwidth. If it is after core business hours or on the weekend, could there be a maintenance window that was unannounced? Sometimes planned outages happen right at the end of the business day. With email overload and numerous Slack/chat messages, there could have been a notification that you missed. To learn about the recommended practices of monitoring see this posting. You may be experiencing long-tail latency.

Possible solution #23
For interpreting results of nmap, see these postings (and the bottom part of this article):

How Do You Connect over Port 5986 on a Windows Server?
How Do You Troubleshoot the nmap Results “Host seems down” when the Other Server is Not Down?
How Do You Troubleshoot the nmap Result “Host seems down. If it is really up, but blocking our ping probes”?
How Do You Troubleshoot a False “State” Value in nmap Results?
Why Cannot You Ping a Server when Nmap Commands to The Server Work?

*  It is possible to have a situation like this:
Ping from server A to server B works.  
Ping from server C to server B works.
From server C, this works:  nmap -p 22 serverB
From server B, this works:  nmap -p 22 serverB
From server A, this does not work: nmap -p 22 serverB
From server A, this worksnmap -Pn serverB
This irregularity (or anomaly) seems elusive.  What is different about using nmap to test one specific port?

The -Pn flag bypasses host discovery.  This option with nmap can help you understand why there appears to be an inconsistency.

Host discovery is a process that is part of most nmap commands (depending on which flags you use) in nmap's initial stages of running.  If you are not using "sudo" before the nmap commands, or running the commands as root, the host discovery process is limited to two ports (80 and 443).   

This was taken from the nmap 7.1 man page:  "If no host discovery options are given, Nmap sends an ICMP echo request, a TCP SYN packet to port 443, a TCP ACK packet to port 80, and an ICMP timestamp request." 

** Using "nmap -p 22" (or a different port number) will be different from "nmap -Pn" or "sudo nmap -p 22".  If you are using "-Pn" flag will bypass the host discovery stage altogether.  With sudo before the nmap command (or running nmap as the root user), the host discovery process happens, but it happens differently.  With a sudoer running nmap, the host discovery process uses four ports and not just two.  Thus the scan process (or nmap run) will continue and not appear blocked in the initial stage of host discovery if the extra ports allow for reachability.

New Year’s Eve in America and around the World

Happy New Years!

In Scotland New Year's Eve is called "Hogmanay."  In other countries outside the U.S. it is called "Old Year's Day" or "Saint Sylvester's Day."  In America New Year's Eve is celebrated with a variety of different traditions.  Many states have their own unique traditions of dropping or lowering of different objects (e.g., a large ball in Times Square in New York City).  USAToday and MentalFloss.com have articles on these different celebratory practices (e.g., dropping a pine cone). 

If you want to give someone an Amazon gift card, click here.  If you resolve to learn more about technologies, you may want to buy technical books.  Here are lists of books on many different I.T. subjects:

Apache Spark
Apache Tomcat
Apache Web Server
AWS
Azure
Bitcoin
Bioinformatics
C#
CFengine
Chef
Docker
E-Discovery
Elastic Stack
Flask
Forensics (Computer Forensics)
Git
Hadoop
Kubernetes
Informatica
Message Queueing Technologies (excluding RabbitMQ)
RabbitMQ
Redis
REST API
Security
Site Reliability Engineering
Puppet
SalesForce
SAP
Squid
SSL and TLS
VMware
vSphere
Windows

How Do You Change the Duration of Re-Prompting a User to Enter the Password after Running a sudo Command in Ubuntu Linux?

Problem scenario
When users run a command with "sudo " in front of it, they are prompted for a password.  They are not prompted for a password again for a while.  They can go  15 minutes of using "sudo " commands with no prompt for a password.  

You want to harden your environment and make them re-enter the password every three minutes in case they leave their desk shortly after they have used sudo.   When the physical building security is not perfect, it may be advisable to have users re-enter the password more frequently.  How do you adjust the duration  for re-prompting a user after he/she has run a sudo command and entered a password?

Solution
The default duration is 15 minutes in Ubuntu Linux.  There is a timeout setting that governs it if you choose a non-standard duration.  Here is how to change  it:

1.  Enter this command: sudo visudo
2.  Scroll down to "Defaults    env_reset"
3.  Append this to the "env_reset":   ,timestamp_timeout=3

The final stanza will look like this:

Defaults    env_reset,timestamp_timeout=3

4.  Press Ctrl-x  (hold control and tap "x")
5.  Respond with "Y"

How Do You Change a User’s Password When You Cannot Log into Your Azure Linux VM?

Problem scenario
You have a Linux VM in Azure but you cannot log in.  You cannot remember a single password for the username you were using.  What do you do when you forgot all the credentials of a Linux VM except one username?  How can you log into this server?

Solution
Prerequisite
To reset access to the VM in the following way, you will need to know one username. 

Procedures
1.  Open the Azure Cloud Shell by logging into the Azure Portal and clicking on the ">_" symbol in the upper right hand corner. 

2.  Run a version of this command where "changethis" is the name of the resource group of the VM, "nov16" is the name of the Azure VM, "azubuntu" is username that you want to change the password of (the username you remember), and "myNewPassword" is the password you want the user to now have:

az vm user update \
  --resource-group changethis \
  --name nov16 \
  --username azubuntu \
  --password myNewPassword

How Do You Install Angular 5 on Any Type of Linux?

Problem scenario
You want to install Angular on Linux.  You want steps to install on any Linux distribution including CentOS/RedHat/Fedora, Debian/Ubuntu, and SUSE.  What should you do?

Solution
1. Install npm and node.  If you need directions see this posting.

2.  Run this command (and be prepared to wait for 60 minutes or more):  sudo npm install -g @angular/cli

3.  Test your installation with this command:  ng -v

FYI
# An external website confirms that despite not

seeing "Angular: 5.x", you can still have Angular 5 installed.

The output of ng -v may look like this:

Angular CLI: 1.6.7
Node: 9.5.0
OS: linux x64
Angular:
...

4.  The rest of these steps are optional.  They help you create a new project to test out Angular 5.  Run this command: mkdir -p wamp64/www

5.  Run this command:  ng new contintdemo  # Change "contintdemo" to whatever name you wish in steps 5 and 6.

6.  Run this command:  cd contintdemo

7.  Run this command:  ng serve --open

8.  Create a duplicate terminal.    

9.  From the duplicate terminal, run this:  curl http://127.0.0.1:4200

If you want to learn more about AngularJS and Node, see this external site.

How Do You Get the Binaries for kube-proxy, kube-apiserver, kube-controller-manager, and kube-scheduler?

Problem scenario
You want to install kube-proxy, kube-apiserver, kube-controller-manager, and kube-scheduler on a Linux server.  You want to be able to run these commands. How do you do this?

Solution

Prerequisite
This requires the Linux server to have access to the internet.

Procedures
1.  Download the first tar ball.

cd /usr/bin
sudo wget https://github.com/kubernetes/kubernetes/releases/download/v1.8.6/kubernetes.tar.gz
# To get the latest version, go here: https://github.com/kubernetes/kubernetes/releases/tag/v1.8.6

2.  Expand it:  sudo tar -xzvf kubernetes.tar.gz

3.  Run these commands:

sudo find / -name get-kube-binaries.sh
sudo bash <locationfromabove> # replace <locationfromabove> with the absolute path of get-kube-binaries.sh
# respond with "Y" (with no quotes) to the prompt from the above command

4.  Run these commands:
sudo find / -name kubernetes-server-linux-amd64.tar.gz
sudo su -

5.  Change directories to the location found in the first command in step #4.

6.  Run these commands:

tar -xzvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
ls
exit

7.  You are done.  Now you can execute or run these binaries with one of the four commands below:

sudo /usr/bin/kubernetes/server/kubernetes/server/bin/kube-proxy
sudo /usr/bin/kubernetes/server/kubernetes/server/bin/kube-apiserver
sudo /usr/bin/kubernetes/server/kubernetes/server/bin/kube-controller-manager
sudo /usr/bin/kubernetes/server/kubernetes/server/bin/kube-scheduler

How Do You Know If Maven Has a Plugin for Apache Parquet?

Problem scenario
You have Maven installed.  You want to know if it has the plugin for Apache Parquet from the Linux terminal.  You do not want to use the Maven GUI.  What do you do?

Solution
1.  sudo find / -name pom.xml  
2.  Change to the directory of the pom.xml with Apache Parquet.
3.  Run this command:
mvn help:effective-pom | grep -i parquet