StressLinux – Distro to load test hardware

stresslinux is a minimal linux distribution running from a bootable cdrom, usb, and makes use of some utitlities available on the net like: stress, cpuburn, hddtemp, lm_sensors. stresslinux is dedicated to users who want to test their system(s) entirely on high load and monitoring the health.

Download StreesLinux from http://www.stresslinux.org/sl boot it up and run some quick tests:

 $ stress --cpu 2 --io 1 --vm 1 --vm-bytes 128M --timeout 10s --verbose 

The above command is specifying 2 CPU’s, I/O process and one memory allocator process of 128M.

 

wget utility – quick overview and examples

The wget utility can retrieve data from the command line, this data can be local based or over the Internet based and can be in the form of a binary file or a single web page to a bunch of webpages including images.

I tend to use wget out of habit, but it’s worth exploring and trying cURL as well, cURL command switches are listed below and here some wget examples.

WGET:

Download a single zip file from a web server named jupiter.

 $wget http://jupiter/mydatafile.tar.gz 

Download the zip file in the background and name it latest.tar.gz.

 $wget -b -o latest.tar.gz http://jupiter/mydatafile.tar.gz 

By default wget will name the file from the last word of the url, so it’s always best to use the -o and specify the name you want. The -b is handy as you can kick off a big download and then logout of the system and it will keep running in the background.

Restart a failed or incomplete download using the -c switch. If your download failed for some reason wget can continue on from where it stopped, handy with big files that timeout of bad network/Internet connections.

 $wget -c http://jupiter/mydatafile.tar.gz 

Download a complete website with the mirror option.

 $wget --mirror ---page-requisites -P /home/user/jupitermirror http://jupiter/ 

The mirror option will try to mirror the website, the –page-requisites will download the required content such as images and styles sheets, the -P specifies where the site is to be mirror on the local server.

There are many other options available such as these high level options – Logging and input file, Download, Directories, HTTP/HTTPS options, FTP options, Recursive downloads.

 

 cURL help and switches:

Usage: curl [options…] <url>
Options: (H) means HTTP/HTTPS only, (F) means FTP only
–anyauth Pick “any” authentication method (H)
-a, –append Append to target file when uploading (F/SFTP)
–basic Use HTTP Basic Authentication (H)
–cacert FILE CA certificate to verify peer against (SSL)
–capath DIR CA directory to verify peer against (SSL)
-E, –cert CERT[:PASSWD] Client certificate file and password (SSL)
–cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL)
–ciphers LIST SSL ciphers to use (SSL)
–compressed Request compressed response (using deflate or gzip)
-K, –config FILE Specify which config file to read
–connect-timeout SECONDS Maximum time allowed for connection
-C, –continue-at OFFSET Resumed transfer offset
-b, –cookie STRING/FILE String or file to read cookies from (H)
-c, –cookie-jar FILE Write cookies to this file after operation (H)
–create-dirs Create necessary local directory hierarchy
–crlf Convert LF to CRLF in upload
–crlfile FILE Get a CRL list in PEM format from the given file
-d, –data DATA HTTP POST data (H)
–data-ascii DATA HTTP POST ASCII data (H)
–data-binary DATA HTTP POST binary data (H)
–data-urlencode DATA HTTP POST data url encoded (H)
–delegation STRING GSS-API delegation permission
–digest Use HTTP Digest Authentication (H)
–disable-eprt Inhibit using EPRT or LPRT (F)
–disable-epsv Inhibit using EPSV (F)
-D, –dump-header FILE Write the headers to this file
–egd-file FILE EGD socket path for random data (SSL)
–engine ENGINGE Crypto engine (SSL). “–engine list” for list
-f, –fail Fail silently (no output at all) on HTTP errors (H)
-F, –form CONTENT Specify HTTP multipart POST data (H)
–form-string STRING Specify HTTP multipart POST data (H)
–ftp-account DATA Account data string (F)
–ftp-alternative-to-user COMMAND String to replace “USER [name]” (F)
–ftp-create-dirs Create the remote dirs if not present (F)
–ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F)
–ftp-pasv Use PASV/EPSV instead of PORT (F)
-P, –ftp-port ADR Use PORT with given address instead of PASV (F)
–ftp-skip-pasv-ip Skip the IP address for PASV (F)
–ftp-pret Send PRET before PASV (for drftpd) (F)
–ftp-ssl-ccc Send CCC after authenticating (F)
–ftp-ssl-ccc-mode ACTIVE/PASSIVE Set CCC mode (F)
–ftp-ssl-control Require SSL/TLS for ftp login, clear for transfer (F)
-G, –get Send the -d data with a HTTP GET (H)
-g, –globoff Disable URL sequences and ranges using {} and []
-H, –header LINE Custom header to pass to server (H)
-I, –head Show document info only
-h, –help This help text
–hostpubmd5 MD5 Hex encoded MD5 string of the host public key. (SSH)
-0, –http1.0 Use HTTP 1.0 (H)
–ignore-content-length Ignore the HTTP Content-Length header
-i, –include Include protocol headers in the output (H/F)
-k, –insecure Allow connections to SSL sites without certs (H)
–interface INTERFACE Specify network interface/address to use
-4, –ipv4 Resolve name to IPv4 address
-6, –ipv6 Resolve name to IPv6 address
-j, –junk-session-cookies Ignore session cookies read from file (H)
–keepalive-time SECONDS Interval between keepalive probes
–key KEY Private key file name (SSL/SSH)
–key-type TYPE Private key file type (DER/PEM/ENG) (SSL)
–krb LEVEL Enable Kerberos with specified security level (F)
–libcurl FILE Dump libcurl equivalent code of this command line
–limit-rate RATE Limit transfer speed to this rate
-l, –list-only List only names of an FTP directory (F)
–local-port RANGE Force use of these local port numbers
-L, –location Follow redirects (H)
–location-trusted like –location and send auth to other hosts (H)
-M, –manual Display the full manual
–mail-from FROM Mail from this address
–mail-rcpt TO Mail to this receiver(s)
–max-filesize BYTES Maximum file size to download (H/F)
–max-redirs NUM Maximum number of redirects allowed (H)
-m, –max-time SECONDS Maximum time allowed for the transfer
–negotiate Use HTTP Negotiate Authentication (H)
-n, –netrc Must read .netrc for user name and password
–netrc-optional Use either .netrc or URL; overrides -n
–netrc-file FILE Set up the netrc filename to use
-N, –no-buffer Disable buffering of the output stream
–no-keepalive Disable keepalive use on the connection
–no-sessionid Disable SSL session-ID reusing (SSL)
–noproxy List of hosts which do not use proxy
–ntlm Use HTTP NTLM authentication (H)
-o, –output FILE Write output to <file> instead of stdout
–pass PASS Pass phrase for the private key (SSL/SSH)
–post301 Do not switch to GET after following a 301 redirect (H)
–post302 Do not switch to GET after following a 302 redirect (H)
-#, –progress-bar Display transfer progress as a progress bar
–proto PROTOCOLS Enable/disable specified protocols
–proto-redir PROTOCOLS Enable/disable specified protocols on redirect
-x, –proxy [PROTOCOL://]HOST[:PORT] Use proxy on given port
–proxy-anyauth Pick “any” proxy authentication method (H)
–proxy-basic Use Basic authentication on the proxy (H)
–proxy-digest Use Digest authentication on the proxy (H)
–proxy-negotiate Use Negotiate authentication on the proxy (H)
–proxy-ntlm Use NTLM authentication on the proxy (H)
-U, –proxy-user USER[:PASSWORD] Proxy user and password
–proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port
-p, –proxytunnel Operate through a HTTP proxy tunnel (using CONNECT)
–pubkey KEY Public key file name (SSH)
-Q, –quote CMD Send command(s) to server before transfer (F/SFTP)
–random-file FILE File for reading random data from (SSL)
-r, –range RANGE Retrieve only the bytes within a range
–raw Do HTTP “raw”, without any transfer decoding (H)
-e, –referer Referer URL (H)
-J, –remote-header-name Use the header-provided filename (H)
-O, –remote-name Write output to a file named as the remote file
–remote-name-all Use the remote file name for all URLs
-R, –remote-time Set the remote file’s time on the local output
-X, –request COMMAND Specify request command to use
–resolve HOST:PORT:ADDRESS Force resolve of HOST:PORT to ADDRESS
–retry NUM Retry request NUM times if transient problems occur
–retry-delay SECONDS When retrying, wait this many seconds between each
–retry-max-time SECONDS Retry only within this period
-S, –show-error Show error. With -s, make curl show errors when they occur
-s, –silent Silent mode. Don’t output anything
–socks4 HOST[:PORT] SOCKS4 proxy on given host + port
–socks4a HOST[:PORT] SOCKS4a proxy on given host + port
–socks5 HOST[:PORT] SOCKS5 proxy on given host + port
–socks5-hostname HOST[:PORT] SOCKS5 proxy, pass host name to proxy
–socks5-gssapi-service NAME SOCKS5 proxy service name for gssapi
–socks5-gssapi-nec Compatibility with NEC SOCKS5 server
-Y, –speed-limit RATE Stop transfers below speed-limit for ‘speed-time’ secs
-y, –speed-time SECONDS Time for trig speed-limit abort. Defaults to 30
–ssl Try SSL/TLS (FTP, IMAP, POP3, SMTP)
–ssl-reqd Require SSL/TLS (FTP, IMAP, POP3, SMTP)
-2, –sslv2 Use SSLv2 (SSL)
-3, –sslv3 Use SSLv3 (SSL)
–stderr FILE Where to redirect stderr. – means stdout
–tcp-nodelay Use the TCP_NODELAY option
-t, –telnet-option OPT=VAL Set telnet option
–tftp-blksize VALUE Set TFTP BLKSIZE option (must be >512)
-z, –time-cond TIME Transfer based on a time condition
-1, –tlsv1 Use TLSv1 (SSL)
–trace FILE Write a debug trace to the given file
–trace-ascii FILE Like –trace but without the hex output
–trace-time Add time stamps to trace/verbose output
–tr-encoding Request compressed transfer encoding (H)
-T, –upload-file FILE Transfer FILE to destination
–url URL URL to work with
-B, –use-ascii Use ASCII/text transfer
-u, –user USER[:PASSWORD] Server user and password
–tlsuser USER TLS username
–tlspassword STRING TLS password
–tlsauthtype STRING TLS authentication type (default SRP)
-A, –user-agent STRING User-Agent to send to server (H)
-v, –verbose Make the operation more talkative
-V, –version Show version number and quit
-w, –write-out FORMAT What to output after completion
–xattr Store metadata in extended file attributes
-q If used as the first parameter disables .curlrc

 

If a CentOS server has RPCBIND service open – Check fw-tui

After a scan of the network with my trusty nmap utility, I found a CentOS server had the RPCBIND service open to the network, but could not work out why as the IPTABLES firewall was configured and running.

Further investigation lead to someone had configured IPTABLES with the system-config-firewall-tui tool and trusted the eth+ interfaces. Once I unchecked the eth+ interfaces as trusted the RPC service was no longer open. Of course on a LAN you might want this service, and/or want to trust the eth+ interfaces for your LAN traffic. I don’t need it even on the LAN and so recommend it be deselected.