Active Directory and Active Directory Domain services ports

 

Protocol and Port AD and AD DS Usage Type of traffic
TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP
TCP 636 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP SSL
TCP 3268 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC
TCP 3269 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC SSL
TCP and UDP 88 User and Computer Authentication, Forest Level Trusts Kerberos
TCP and UDP 53 User and Computer Authentication, Name Resolution, Trusts DNS
TCP and UDP 445 Replication, User and Computer Authentication, Group Policy, Trusts SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
TCP 25 Replication SMTP
TCP 135 Replication RPC, EPM
TCP Dynamic Replication, User and Computer Authentication, Group Policy, Trusts RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS
TCP 5722 File Replication RPC, DFSR (SYSVOL)
UDP 123 Windows Time, Trusts Windows Time
TCP and UDP 464 Replication, User and Computer Authentication, Trusts Kerberos change/set password
UDP Dynamic Group Policy DCOM, RPC, EPM
UDP 138 DFS, Group Policy DFSN, NetLogon, NetBIOS Datagram Service
TCP 9389 AD DS Web Services SOAP
UDP 67 and UDP 2535 DHCP

noteNote
DHCP is not a core AD DS service but it is often present in many AD DS deployments.
DHCP, MADCAP
UDP 137 User and Computer Authentication, NetLogon, NetBIOS Name Resolution
TCP 139 User and Computer Authentication, Replication DFSN, NetBIOS Session Service, NetLogon

Source: https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

Web-Based Guacamole tool

Guacamole website: https://guacamole.incubator.apache.org/

Create database for Guacamole: (DB name is guacamole_db)

$ mysql -u root -p

mysql> create database guacamole_db;
mysql> grant all privileges on guacamole_db.* to guacamole_user@localhost identified by 'secure password';
mysql> flush  privileges;

Initializing the MySQL database

$ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql

$ mysql -u guacamole_user -p guacamole_db < initdb.sql

Create my-guacd docker container

$ docker run --name my-guacd -d guacamole/guacd

Create my-guacamole docker container

docker run --name my-guacamole \
  --link my-guacd:guacd \
  -e MYSQL_HOSTNAME=${DB_HOST} \
  -e MYSQL_PORT=${DB_PORT} \
  -e MYSQL_DATABASE=${DB_NAME} \
  -e MYSQL_USER=${DB_USER} \
  -e MYSQL_PASSWORD=${DB_PASS} \
  -d -p 8080:8080 guacamole/guacamole

Test:

http://<server ip>:8080/guacamole/

Logs:

$ docker logs my-guacamole

Behind apache proxy:

<Location /guacamole/>
    Order allow,deny
    Allow from all
    ProxyPass http://HOSTNAME:8080/guacamole/ flushpackets=on
    ProxyPassReverse http://HOSTNAME:8080/guacamole/
</Location>

<Location /guacamole/websocket-tunnel>
    Order allow,deny
    Allow from all
    ProxyPass ws://HOSTNAME:8080/guacamole/websocket-tunnel
    ProxyPassReverse ws://HOSTNAME:8080/guacamole/websocket-tunnel
</Location>

Magento database log cleaning

Log tables:

log_customer
log_visitor
log_visitor_info
log_url
log_url_info
log_quote
report_viewed_product_index
report_compared_product_index
report_event
catalog_compare_item

Cleaned by script:

php -f shell/log.php clean

Cleaned by Magento Admin (By default, it is disabled.):

From the Magento Admin Panel, select System > Configuration 
On the left, locate the Advanced menu and click System
From the System panel, click Log, and from the Enable Log Cleaning drop-down list, select Yes
In the Save Log Days field, enter 15 (The value is based on how much the traffics are)
Click Save Config

Clean those tables manually with Mysql client or phpMyAdmin (NOT recommend)

 

Source: https://docs.nexcess.net/article/how-to-perform-magento-database-maintenance.html

Docker USER and named volume

To secure docker, we use a specific user instead of root. We add the following code in Dockerfile.

RUN useradd -u 2000 wwwuser
USER wwwuser

Those code create user with uid=2000.
Since host volume is mounted as root user, all files and folders is readonly for user wwwuser. If the wwwuser needs to write files to volume, we can create a named volume for it.

docker volume create --driver local --opt type=tmpfs --opt device=tmpfs  --opt o=uid=2000,gid=2000,size=2g,mode=0750 myHomeVolume

Use the following command to run container

docker run -d -v myHomeVolume:/home/wwwuser --name myapps <image>

TO backup the data, taring all files at ‘/var/lib/docker/volumes/myHomeVolume/_data’ with root.

Using AWK

//print the first column
awk -F":" ' { print $1 } ' /etc/passwd  
// print 1st column and last column
awk -F":" ' { print $1, $NF} ' /etc/passwd 
//print 1st column of 1st ten records
awk -F":" ' NR==1,NR==10 { print $1 } ' /etc/passwd
//print 1st column length of 1st ten records 
awk -F":" ' NR==1,NR==10 { print length($1) } ' /etc/passwd 
// using printf to format output
awk -F":" ' NR==1,NR==10 { printf "%-8s %3d\n" , $1,$3 } ' /etc/passwd 
// add header and footer for output
awk -F":" '
BEGIN { printf "%-8s %-3s\n" , "User", "UID" }
NR==1,NR==10 { printf "%-8s %3d\n" , $1,$3 } 
END { print "============== END ============="} ' /etc/passwd
// add output filed separator between columns
awk -F":" ' { OFS="|";print $1, $NF } ' /etc/passwd
// condition
awk -F":" ' /^root/ { print $1, $NF } ' /etc/passwd
awk -F":" ' { if($1 ~ /root/) { print $1, $NF } }' /etc/passwd

 

Linux Job Interview Questions

  1. How can you see which kernel version a system is currently running?
uname -a  // Show hostname, current version, current release

uname -v  //Show current version

uname -r  // Show current release

2.How can you check a system’s current IP address?

ifconfig
ip addr show
ip addr show eth0

3. How do you check for free disk space?

df -ah

4. How dow you manage services on a system?

service <service name> status
systemctl status <service name>

5. How would you check the size of a directory’s contents on disk?

du -sh <directory name>

6. How would you check for open ports on a Linux machine?

netstat
sudo netstat  -tulpn

7. How do you check CPU usage for a process?

ps aux |grep <process name> 
top
htop

8. Dealing with Mounts

ls /mnt
mount <device/network drive> <mount point>
/etc/fstab

9. How do you look up something you don’t know?

man <command>
<command> --h
google