maprangzth

Sharing SSH-Session with "tmate"

Disclaimer

1. ผู้เขียนไม่มีส่วนรับผิดชอบต่อความผิดพลาดใด ๆ ที่อันจะเกิดขึ้นจากแชร์ session แบบ read-write กรุณารับผิดชอบด้วยตัวเอง!
2. หากไม่รู้จักว่า tmux คืออะไรให้เปิด Google ครับ ท่านผู้นำบอกมา!!

---

tmate คืออะหยัง?

maprangzth

@version:3.2

# ===============================================================================================
# Configuration file for syslog-ng, customized for remote logging
# ===============================================================================================
# Options
# Note about $HOST / HOST
# Description: The name of the source host where the message originates from.
        # If the message traverses several hosts and the chain_hostnames() option is on, the first host in the chain is used.
        # If the keep_hostname() option is disabled (keep_hostname(no)), the value of the $HOST macro will be the DNS hostname of the host that sent the message to syslog-ng OSE (that is, the DNS hostname of the last hop). In this case the $HOST and $HOST_FROM macros will have the same value.

maprangzth

# GROK Custom Patterns (add to patterns directory and reference in GROK filter for iptables events):
# GROK Patterns for iptables Logging Format
#
# Created 6 Aug 2016 by Brian Turek <brian.turek@gmail.com>
# Most of this was taken from another source but now I cannot find it for credit
#
# Usage: Use the IPTABLES pattern

NETFILTERMAC %{MAC:dest_mac}:%{MAC:src_mac}:%{ETHTYPE:ethtype}
ETHTYPE (?:(?:[A-Fa-f0-9]{2}):(?:[A-Fa-f0-9]{2}))

maprangzth

#!/bin/bash
#Step 1
#Generate server keystore and client keystore
keytool -keystore kafka.server.keystore.jks -alias localhost -validity 365 -genkey
keytool -keystore kafka.client.keystore.jks -alias localhost -validity 365 -genkey
#Step 2
#Create CA
openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
#Add generated CA to the trust store
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert

maprangzth

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096

maprangzth

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

maprangzth

#!/bin/bash
# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

maprangzth

# -*- mode: shell-script; -*-
#
#   Coova-Chilli Default Configurations.
#   To customize, copy this file to /etc/chilli/config
#   and edit to your liking. This is included in shell scripts
#   that configure chilli and related programs before file 'config'.

HS_LOC_ID="1"
HS_LOC_NAME="xxxxxx"
HS_NASID="xxxxx"

maprangzth

apt-get update

apt-get install -y g++ automake autoconf libtool libltdl-dev gengetopt make cmake libssl-dev libjson-c2 libjson-c-dev

git clone https://github.com/coova/coova-chilli

./bootstrap

./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info \
--sysconfdir=/etc --localstatedir=/var --enable-largelimits \

maprangzth

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.