Wednesday, January 27, 2016

huawei quidway s6724 remove port-mirroring

Quidway S6700 Series Ethernet Switches
V100R006C00
Configuration Guide - Device Management

http://enterprise.huawei.com/ilink/enenterprise/download/HW_116588

<huawei>display port-mirroring       
  Port-mirror:
  ----------------------------------------------------------------------
  Mirror-port              Direction     Observe-port           
  ----------------------------------------------------------------------
  XGigabitEthernet0/0/2    Both          XGigabitEthernet0/0/1  
  XGigabitEthernet0/0/3    Both          XGigabitEthernet0/0/1  
  XGigabitEthernet0/0/23   Both          XGigabitEthernet0/0/1  
  ----------------------------------------------------------------------

<huawei>system-view
Enter system view, return user view with Ctrl+Z

[huawei]interface XGigabitEthernet 0/0/2
[huawei-XGigabitEthernet0/0/2]undo port-mirroring both

Understanding DevOps


Understanding DevOps – Part 6: Continuous Deployment vs Continuous Delivery

What is Continuous Deployment?

Companies like flickr have in the past posted on their blog how many ‘deploys’ they had so far that day/week. Looking at the an organization that deploys to production 89 times in a week can be very intimidating. More importantly, it begs to ask – what do you deploy to production 89 times in a week?

This is a scenario that may actually keep some people away from adopting DevOps practices as they believe that they have to deploy every change to production. That is certainly not the case. First, you need to understand what is being deployed here and second, more importantly need to understand that this is not applicable, necessary or in some cases even feasible, for every organization.

Devamı:

https://sdarchitect.wordpress.com/2013/10/16/understanding-devops-part-6-continuous-deployment/

Monday, January 25, 2016

nagios nsca: daemon was not compiled with mcrypt library, so decryption is unavailable.

Platform:
Oracle Linux Server release 6.7

/usr/local/nagios/etc/nsca.cfg:
decryption_method=2

command:
/usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg

/var/log/messages error:
Jan 25 16:15:34 monitoring nsca[12487]: Invalid decryption method (2) in config file '/usr/local/nagios/etc/nsca.cfg' - Line 203
Jan 25 16:15:34 monitoring nsca[12487]: Daemon was not compiled with mcrypt library, so decryption is unavailable.

Solution:
yum install -y libmcrypt-devel libmcrypt
./configure --with-nsca-user=nagios --with-nsca-grp=nagios  --with-mcrypt-lib=/usr/lib64/ --with-mcrypt-inc=/usr/include
make clean
make all
cp src/nsca /usr/local/nagios/bin/nsca

HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests

A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack, is able to determine the length of specific parts of the plain-text data underneath captured TLS packets using a side-channel attack with already known information. The attack has a few prerequisites but could be applied in a real world scenario, and is completely undetectable due to its passive nature.

Executive Summary

The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user's HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.
Some of the key observations of this attack are as below:
  • Requires a packet capture containing HTTPS (TLS) traffic from a browser to a website
  • The TLS traffic must use a stream-based cipher
  • Can reveal the lengths of unknown data as long as the length of the rest of the data is known - this includes passwords, GPS data and IP addresses
  • Packet captures from several years ago could be vulnerable to this attack, with no mitigation possible
  • The real world impact is unknown, as there are several prerequisites that may be hard to fulfill.
This leads us into interesting discussions on the resilience of passwords as a form of authentication method. First we will explain how the attack works.

http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests

https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf 


You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/

Friday, January 22, 2016

cloudera vm: A Single-Node Hadoop Cluster and Examples for Easy Learning!

Cloudera Enterprise: The world's most popular Apache Hadoop solution

Cloudera offers the highest performance and lowest cost platform for using data to drive better business outcomes. Cloudera Enterprise makes Hadoop fast, easy, and secure, so you can focus on results.

Cloudera QuickStart VMs are for demo purposes only and are not to be used as a starting point for clusters.

  • The VMs run CentOS 6.4 and are available for VMware, VirtualBox, and KVM.
  • All require a 64-bit host OS.
Cloudera QuickStart virtual machines (VMs) include everything you need to try CDH, Cloudera Manager, Cloudera Impala, and Cloudera Search.
The VM uses a package-based install. This allows you to work with or without Cloudera Manager. Parcels do not work with the VM unless you first migrate your CDH installation to use parcels. On your production systems, Cloudera recommends that you use parcels.

http://www.cloudera.com/downloads/quickstart_vms/5-5.html

Tuesday, January 19, 2016

linux: how to activate and test kernel coredump property

[root@istanbul tmp]# sysctl -a | grep pattern
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t


test.c code:
#include <stdlib.h>
#include <time.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    srand(time(NULL));
    int * nullpointer = NULL;
    printf("%d\n", *nullpointer);

    return 0;
}

# gcc -o testapp test.c

[root@istanbul tmp]# ./testapp
Segmentation fault
[root@istanbul tmp]# ls


no core file found.


[root@istanbul tmp]# ulimit -c
99999999


[root@istanbul tmp]# ls -alt /tmp/core-* | head -1
-rw------- 1 root root 241664 Jan 19 11:31 /tmp/core-testapp-11-0-0-2127-1453195860 


If you don't want to use testapp you can do it easily by using sleep command, too. 

sleep 10 &
killall -SIGSEGV sleep

Friday, January 15, 2016

linux: gettimeofday - VDSO Virtual Dynamic Shared Object

strace -c date
ciktisinda yaptigim incelemede gettimeofday syscall cagrisinin yapilmadigini gozlemledim sonrasinda yaptigim arastirmada VDSO mimarisi ile bir cozum uygulandigini gordum.

detaylar:
Many application workloads (especially databases and financial service applications) perform extremely frequent gettimeofday or similar time function calls. Optimizing the efficiency of this calls can provide major benefits.
A Virtual Dynamic Shared Object (VDSO), is a shared library that allows application in user space to perform some kernel actions without as much overhead as a system call. The VDSO is often used to provide fast access to the gettimeofday system call data.
Enabling the VDSO instructs the kernel to use its definition of the symbols in the VDSO, rather than the ones found in any user-space shared libraries, particularly the glibc. The effects of enabling the VDSO are system-wide - either all processes use it or none do.
When enabled, the VDSO overrides the glibc definition of gettimeofday with it's own. This removes the overhead of a system call, as the call is made direct to the kernel memory, rather than going through the glibc.

Thursday, January 14, 2016

telecom: what is NEBS

NEBS (Network Equipment - Building System) is the most common set of safety, spatial and environmental design guidelines applied to telecommunications equipment in the United States. NEBS is why telephones work after an earthquake or thunderstorm! NEBS requirements are utilized all over the world for a host of commercial, utility and defense applications. Still, the most frequent application of NEBS is to design and test equipment intended for use in Central Offices.

http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=095698532&page=nebs

Equipment deployed in the network needs to be safe, reliable, and easy to deploy. The NEBS standards in GR-63 and GR-1089 provide
uniform criteria for equipment design intended to reduce the cost of deployment and maintain reliability of the network.

SR-3580 groups the NEBS criteria into three functional levels (I, II, or III). Grouping the criteria into levels helps clarify the
impact of non-conformance and allows the broad range of NEBS requirements to be judiciously applied to equipment, based on the
equipment's application and impact on the operation of the network

http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?ID=196992314SEARCH&KEYWORDS=&TITLE%20=&DOCUMENT=SR-3580&DATE=&CLASS=&COUNT=1000

What is "NEBS Level 3"?
"NEBS Level 3" is a term from Bellcore special report, SR-3580.  This report details 3 distinct functional levels of NEBS compliance based on GR-63-CORE and GR-1089-CORE.  The levels allow a wide range of NEBS requirements to be applied to equipment based on application and network impact.
"NEBS Level 1" means that people and equipment hazards and network degradation are minimized.  NEBS Level 1 addresses the personnel and equipment safety requirements of GR-63-CORE and GR-1089-CORE.  This is useful for getting prototypes into a lab trial.  It's also a requirement that is imposed on Competitive Local Exchange Carriers (CLECs) in order for them to deploy equipment into an RBOC's network.  This level doesn't address operability, this is addressed in Levels 2 and 3.
"NEBS Level 2" addresses equipment operability, but in a controlled environment.  For example, equipment could be used in a data center, however, if the equipment performs non-critical operations it could be used under environmental extremes.  Note that this level is very rarely used because it is ambiguous.
"NEBS Level 3" means the equipment is in the network for the long haul.  We're talking about Carrier Class with this stringent level.  The equipment will operate under the environmental extremes found in a central office.  In a nutshell, the equipment meets all of the requirements of GR-63-CORE and GR-1089-CORE.
Telcordia has created a special NEBS page to their SuperStore providing customers with more info on the NEBS documents. Check out Telcordia NEBS Page
NOTES:  

  1. Verizon does not follow SR-3580.  They use their own NEBS checklist,  NEBS Compliance Clarification Document, that details what they believe are important to their network's integrity.
  2. SBC uses 2 levels as detailed in their NEBS checklist TP76200MP.
  3. A combined Telecommunications Carrier Group Checklist can be found here TCG Checklist.

Wednesday, January 13, 2016

linux: Inter-Process Communication


The types of inter process communication are:
  1. Signals - Sent by other processes or the kernel to a specific process to indicate various conditions.
  2. Pipes - Unnamed pipes set up by the shell normally with the "|" character to route output from one program to the input of another.
  3. FIFOS - Named pipes operating on the basis of first data in, first data out.
  4. Message queues - Message queues are a mechanism set up to allow one or more processes to write messages that can be read by one or more other processes.
  5. Semaphores - Counters that are used to control access to shared resources. These counters are used as a locking mechanism to prevent more than one process from using the resource at a time.
  6. Shared memory - The mapping of a memory area to be shared by multiple processes.

Linux Signals

Signals

Linux Signals are:
Signal NameNumberDescription
SIGHUP1Hangup (POSIX)
SIGINT2Terminal interrupt (ANSI)
SIGQUIT3Terminal quit (POSIX)
SIGILL4Illegal instruction (ANSI)
SIGTRAP5Trace trap (POSIX)
SIGIOT6IOT Trap (4.2 BSD)
SIGBUS7BUS error (4.2 BSD)
SIGFPE8Floating point exception (ANSI)
SIGKILL9Kill(can't be caught or ignored) (POSIX)
SIGUSR110User defined signal 1 (POSIX)
SIGSEGV11Invalid memory segment access (ANSI)
SIGUSR212User defined signal 2 (POSIX)
SIGPIPE13Write on a pipe with no reader, Broken pipe (POSIX)
SIGALRM14Alarm clock (POSIX)
SIGTERM15Termination (ANSI)
SIGSTKFLT16Stack fault
SIGCHLD17Child process has stopped or exited, changed (POSIX)
SIGCONT18Continue executing, if stopped (POSIX)
SIGSTOP19Stop executing(can't be caught or ignored) (POSIX)
SIGTSTP20Terminal stop signal (POSIX)
SIGTTIN21Background process trying to read, from TTY (POSIX)
SIGTTOU22Background process trying to write, to TTY (POSIX)
SIGURG23Urgent condition on socket (4.2 BSD)
SIGXCPU24CPU limit exceeded (4.2 BSD)
SIGXFSZ25File size limit exceeded (4.2 BSD)
SIGVTALRM26Virtual alarm clock (4.2 BSD)
SIGPROF27Profiling alarm clock (4.2 BSD)
SIGWINCH28Window size change (4.3 BSD, Sun)
SIGIO29I/O now possible (4.2 BSD)
SIGPWR30Power failure restart (System V)
As noted above, processes can ignore, block, or catch all signals except SIGSTOP and SIGKILL. If a process catches a signal, it means that it includes code that will take appropriate action when the signal is received. If the signal is not caught by the process, the kernel will take default action for the signal.

linux: process state codes

The codes used are:
CodeMeaning
DUninterruptible sleep (usually IO)
RRunning or runnable (on run queue)
SInterruptible sleep (waiting for an event to complete)
TStopped, either by a job control signal or because it is being traced.
Wpaging (not valid since the 2.6.xx kernel)
Xdead (should never be seen)
ZDefunct (“zombie”) process, terminated but not reaped by its parent.
For BSD formats and when the stat keyword is used, additional characters may be displayed:
CodeMeaning
<high-priority (not nice to other users)
Nlow-priority (nice to other users)
Lhas pages locked into memory (for real-time and custom IO)
sis a session leader
lis multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+is in the foreground process group

D state occurs then the process is in uninterruptible sleep. This state is bad, because you can't do anything with the process in D state. 

Monday, January 11, 2016

linux: stress testing for specific cpu cores


testi baslatma:

# taskset -c 87-95 bash -c 'while true; do selam >/dev/null; done &

cpu durumlarini gozlemleme:

mpstat -P ALL

testi durdurma:

kill -9 %1
(1 numarali job'i durdurmak icin)

Friday, January 8, 2016

linux: IRQBALANCE

In a computer, an interrupt request (or IRQ) is a hardware signal sent to the processor that temporarily stops a running program and allows a special program, an interrupt handler, to run instead. Hardware interrupts are used to handle events such as receiving data from a modem or network card, key presses, or mouse movements.

IRQBALANCE

irqbalance is a command line tool that distributes hardware interrupts across processors to improve system performance. It runs as a daemon by default, but can be run once only with the --oneshot option.

http://www.thegeekstuff.com/2014/01/linux-interrupts/

Scaling in the Linux Networking Stack

Scaling in the Linux Networking Stack

  RSS: Receive Side Scaling
  RPS: Receive Packet Steering
  RFS: Receive Flow Steering
  Accelerated Receive Flow Steering
  XPS: Transmit Packet Steering

Tuesday, January 5, 2016

how to send curl http request to ipv6 ip address


curl -v -g "http://[1a04:a0:2002:4201::50]"
* About to connect() to 1a04:a0:2002:4201::50 port 80 (#0)
*   Trying 1a04:a0:2002:4201::50... Connection timed out
* couldn't connect to host
* Closing connection #0

curl: (7) couldn't connect to host