SSL Server Test

Qualys SSL Server Test is free online service that performs a deep analysis of the configuration of any SSL web server on the public Internet.

https://www.ssllabs.com/ssltest/

To configure Apache and Nginx with acceptable protocols TLS settings follow these guides, they will provide a better score on the above Qualys rating and make your SSL site more secure.

 

Snapcraft

Package any app for any Linux desktop, server, cloud or device.

A ‘snap’ is a universal Linux package

Snaps work on any distribution or device. Snaps are faster to install, easier to create, safer to run, and they update automatically and transactionally so your app is always fresh and never broken.

The public collection of snaps includes the latest and best apps from GitHub and beyond, so you have the whole world of Linux apps at your fingertips. Take the tour below to experience ‘hello world’ as a snap, or jump to the developer guide to create your own snaps.

Reference: http://snapcraft.io/

netdata real-time performance monitoring for Linux

Netdata is a real-time performance monitoring solution.

Unlike other solutions that are only capable of presenting statistics of past performance, netdata is designed to be perfect for real-time performance troubleshooting.

Netdata is a linux daemon you run, which collects data in realtime (per second) and presents a web site to view and analyze them. The presentation is also real-time and full of interactive charts that precisely render all collected values.

Netdata has been designed to be installed on every system, without disrupting the applications running on it:

  • It will just use some spare CPU cycles (check Performance).
  • It will use the memory you want it have (check Memory Requirements).
  • Once started and while running, it does not use any disk I/O, apart its logging (check Log Files). Of course it saves its DB to disk when it exits and loads it back when it starts.
  • You can use it to monitor all your systems and applications. It will run on Linux PCs, servers or embedded devices.

Out of the box, it comes with plugins that collect key system metrics and metrics of popular applications.

Available here: https://github.com/firehol/netdata

400+ Free Resources for DevOps & Sysadmins

In 2014 Google indexed 200 Terabytes of data (1 T of data is equal to 1024 GB, to give you some perspective). And, it’s estimated that Google’s 200 TB is just .004% of the entire internet. Basically the internet is a big place with unlimited information.

So in an effort to decrease searching and increase developing, Morpheus Data published this massive list of free resources for DevOps engineers and System Admins, or really anyone wanting to build something useful out of the internet.

All these resources are free, or offer some kind of free/trial tier. You can use any/all of these tools personally, as a company, or even suggest improvements (in the comments). It’s up to you.

If you find this list useful, please share it with your DevOps/SysAdmin friends on your favorite social network, or visit Morpheus Data to learn how you can 4x your application deployment.

http://www.nextbigwhat.com/devops-sysadmin-tools-resources-297/?_utm_source=1-2-2

AWS CLI and AWS S3 CLI

Backup Files From Ubuntu Or Debian Server’s To Amazon s3:
http://www.unixmen.com/backup-files-ubuntu-debian-servers-amazon-s3/

Using High-Level s3 Commands with the AWS Command Line Interface:
http://docs.aws.amazon.com/cli/latest/userguide/using-s3-commands.html

An Introduction to the AWS Command Line Tool:
https://www.linux.com/learn/tutorials/761430-an-introduction-to-the-aws-command-line-tool

AWS Command Line Interface:
https://aws.amazon.com/cli/

MySQL—Some Handy Know-How

From an article on Linux Journal http://www.linuxjournal.com/content/mysql%E2%80%94some-handy-know-how below are the commands to get you quickly up and running with MySQL. But the Linux Journal Site will provide many more examples and sample data etc.

Create database phplogcon and assign rsyslog access rights:

mysql -u root -p
create database phplogcon;
GRANT ALL ON phplogcon.* TO [email protected] IDENTIFIED BY "password";

Check database and connection with rsyslog works:

mysql -u rsyslog -p
connect phplogcon;
show tables;
quit

Create User:

CREATE USER 'keith'@'localhost' IDENTIFIED BY 'mypass';

Some basic / useful commands are as follows :

- connect to MySQL 
 
   mysql -uUsername -pPassword 
 
- connect to MySQL , directly to a database 
   
   mysql -uUsername -pPassword DbName 
 
- upload a MySQL schema into my Database 
 
   mysql -uUsername -pPassword DbName < schema.sql 
 
- dump a DB (copy DB for backup) 
 
   mysql -uUsername -pPassword DbName > contents-of-db.sql 
 
While connected to MySQL : 
 
- display all databases 
 
   show databases; 
 
- connect to a Database 
 
   use DbName; 
 
- view tables of a Database (must be connected to the Database) 
 
   show tables;

Create MySQL User for Backups e.g. sqlbu

CREATE USER 'sqlbu'@'localhost' IDENTIFIED BY  '***';
GRANT SELECT, SHOW VIEW, RELOAD, SHOW DATABASES, LOCK TABLES, EVENT, TRIGGER ON *.* TO 'sqlbu'@'localhost';

MySQL Backup Script to backup all Databases including new DBs added in the future:

#!/bin/bash
#=================================================================
# Backup script for MySQL Databases - this script will
# backup all MySQL Databases including any future additional DB's
#=================================================================
TIMESTAMP=$(date +"%F")
BACKUP_DIR="/var/mysqlbu/$TIMESTAMP"
MYSQL_USER="sqlbu"
MYSQL=/usr/bin/mysql
MYSQL_PASSWORD="Some really long complex password"
MYSQLDUMP=/usr/bin/mysqldump
MAILTO="[email protected]"

mkdir -p "$BACKUP_DIR/mysql"

databases=`$MYSQL --user=$MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"`

for db in $databases; do
$MYSQLDUMP --force --opt --user=$MYSQL_USER -p$MYSQL_PASSWORD --events --databases $db | gzip > "$BACKUP_DIR/mysql/$db.gz"
done

ls -lh $BACKUP_DIR/* > /var/mysqlbu/mysqlbu.rpt
mail -s "MySQL BU Notification - $TIMESTAMP" -a "From: [email protected]" $MAILTO < /var/mysqlbu/mysqlbu.rpt
# Cleanup older directories than 60 days
find /var/mysqlbu/ -type d -mtime +60 -prune -exec rm -rf {} \;
#find $BACKUP_DIR/ -type d -mtime +60 -exec rm -rf {} \;

How to block network traffic by country on Linux

As a system admin who maintains production Linux servers, there are circumstances where you need to selectively block or allow network traffic based on geographic locations. For example, you are experiencing denial-of-service attacks mostly originating from IP addresses registered with a particular country. In other cases, you want to block SSH logins from unknown foreign countries for security reasons. Or your company has a distribution right to online videos, which allows it to legally stream to particular countries only. Or you need to prevent any local host from uploading documents to any non-US remote cloud storage due to geo-restriction company policies.

Instructions and more details from this site:

http://xmodulo.com/block-network-traffic-by-country-linux.html

 

How to remove unused kernel images from CentOS Linux system

Every time you update your CentOS Linux and the update includes a new kernel image update the system will not remove your old kernel but it will cumulatively add new kernel to the top of your Linux kernel installed list. Normally, this does not present any issue to your running system and you are not required to take any action to remove any old and unused kernel images.

The reason why you may wish to remove/uninstall unused kernel images is that you need to reduce disk usage space of your system, especially if your /boot mount point is mounted separately and has a limited disk space

df -h /boot/
rpm -q kernel
uname -r
yum install yum-utils
package-cleanup --oldkernels --count=1
rpm -q kernel

Reference:

http://linuxconfig.org/how-to-remove-unused-kernel-images-from-centos-linux-system

 

Sysdig

Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce.
With state of the art container visibility on top.

http://www.sysdig.org/