Red Hat Example of installing Tomcat

# cd /tmp
# tar -xzf  apache-tomcat-6.0.29.tar.gz
# mv apache-tomcat-6 /usr/local
# cd /usr/local
# ln -s apache-tomcat-6
# yum install java-1.6-openjdk.i386 -> required package
# yum install httpd --> required package
# ls -l /usr/bin/java
# ls -l /etc/alternatives/java
# java -version
# cd /root
# vi .bash_profile
CATALINA_HOME = /usr/local/tomcat
export CATALINA_HOME
JAVA_HOME = /usr/lib/jvm/jre-1.6-openjdk
# . .bash_profile
# env | grep -i CATALINA
# env | grep -i JAVA
# cd /etc/init.d
vi tomcat
# this is the init script for starting up the tomcat server
# chkconfig:345 91 10
# description: start and stop tomcat deamon
# source function library
. /etc/rc.d/init.d/functions
#Get config
. /etc/sysconfig/network
# check that networking in up
[ "${NETWORKING}"="no"] && exit 0

tomcat = /usr/local/tomcat
startup=$tomcat/bin/startup.sh
shutdown = $tomcat/bin/shutdown.sh
export JAVA_HOME=/usr/lib/jvm/jre-1.6-openjdk

start(){  echo -n $"starting Tomcat service:"
#demon -c
$startup
RETVAL=$?
echo
}

stop(){  action  $"stopping Tomcat service:  "
$ shutdown
RETVAL = $?
echo}

restart(){
stop
start
}

## see how we were called

case "$1" in
start)  
start
;;
stop)
stop
;;
status)
#doesn't work
status tomcat
;;
restart)
restart
;;
*)
echo $"usuage : $0 {start|stop|status|restart}"
exit 1
;;

esac

exit 0

# chmod 755 tomcat
# vi /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -dport 80 -j ACCEPT

# service iptables restart
# chkconfig --add tomcat
# chkconfig --list | grep -i tomcat
# service tomcat start
# service httpd start --> if it has not started yet
#  ps -ef  | grep -i tomcat

Linux Crontab example

## run java.jar daily

10 4 * * * /opt/my.sh  > /opt/logs/dailylog.log 2>&1

# script to run a jar file

my.sh

#! /bin/bash

echo $(date) > /opt/logs/dailylog.log

java -jar /opt/my/MyOpenSDK.jar

openLDAP log

OpenLDAP Log:
To get a summary on OpenLDAP Log files, openLDAP is using the Linux system log as log.

:/opt/openldap-production/var/openldap-slurp/replica (replicate log, not sys log)

config file: /opt/openldap-production/etc/config/master-sldap.conf  (loglevel 256)

syslog file: /etc/syslog.conf  

# For slapd.log

local4.* /var/log/slapd.log (log file location)

 grep "BIND dn=\"uid"  slapd.log > log.txt

 grep "BIND dn=\"uid=" slapd.log | sort -k8 -u

Java Singleton

Singleton is a POJO java class which is just having a nice name. It is used when one resource is shared within one application.

Example: write an access code in a singleton class then call it from other class

1. Singleton class

public class DirectorySingleton {
    private static DirectorySingleton authSingleton = new DirectorySingleton();
    public static  Directory dir= null;

   /* A private Constructor prevents any other   class from instantiating. */
   static{

        if (dir == null){
            try{
                 HttpTransport httpTransport = new NetHttpTransport();
                JsonFactory jsonFactory = new JacksonFactory();

                GoogleCredential credential = new GoogleCredential.Builder()
                .setClientSecrets(GmailConstants.CLIENT_ID, GmailConstants.CLIENT_SECRET)
                .setJsonFactory(jsonFactory).setTransport(httpTransport).build()
                .setRefreshToken(GmailConstants.REFRESH_TOKEN).setAccessToken(GmailConstants.ACCESS_TOKEN);

                Directory service = new Directory.Builder(httpTransport, jsonFactory, credential)
                .setApplicationName(GmailConstants.APPLICATION_NAME)
                .build();
               // System.out.println("called once");

                dir = service;
            }catch(Exception e){

            }

        }

   }
}

2, used it from other class:

    Boolean userExisted = DirectoryUtils.validateUser(DirectorySingleton.dir,
                     GmailConstants.DOMAIN_NAME, primaryGmailID);

Linux Script

[oracle@oidm-dev1 bin]$ lsb_release -i -r
Distributor ID: RedHatEnterpriseServer
Release:        6.6

Check running tasks: ps -elf | grep oracle

#netstat -an |grep 443 (to check if the port if open)
#netstat -an | egrep 'Proto|LISTEN'
#service iptables status

· vi editor: http://lowfatlinux.com/linux-editor-vi.html

osearch in vi: /searchtext 

· http://www.codecoffee.com/tipsforlinux/articles/030.html

osudo su - (to work as root)

onetstat -an |grep 443 (to check if the port if open)

otail -f catalina.out (tail the content of a file)

o./file to run a local file

· show port:

ohttp://www.techrepublic.com/blog/security/list-open-ports-and-listening-services/443

onetstat -an | egrep 'Proto|LISTEN'

oservice iptables status

good book http://www.freeos.com/guides/lsst/

computer IP: nslookup computer.name.com
find file contains some text: find / -type f -name *.xml  | xargs grep -l "looking for text"

find some files: find . -name 'conf*' 


Last modified file summarized into one file:
#find *csv -mtime -10 -exec cat {} >> today.csv \;

Grep the content of a log file and sort the result, no repeat record
#grep "BIND dn=\"uid=" slapd.log | sort -k8 -u 

How do I find the most recently changed files in a set of subdirectories on Unix or Linux?

Answer 1: This will show the most recent 10 files in current directory and below.

It supports filenames with spaces. And can be slow with lots of files http://stackoverflow.com/a/7448828

sudo find . -type f -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head

2015-08-03 13:59:49.000000000 -0700 files/CV_Smith_1July2015.pdf
2014-12-05 09:46:33.000000000 -0800 files/CV_Smith_1Dec2014.pdf
2013-03-04 10:23:16.000000000 -0800 files/Thumbs.db
2013-03-04 10:16:57.000000000 -0800 files/CV_Smith_March2013.pdf
2013-01-07 11:44:11.000000000 -0800 files/CV_Smith_5Jan2013.pdf

Answer 2: This will show all files modified in last day, in current directory and below

find . -mtime -1 -ls

This version will just print the filenames, without the file sizes or times.

find . -mtime -1 -print

Books:
http://www.freeos.com/guides/lsst/
http://www.codecoffee.com/tipsforlinux/articles/030.html?sudo

Xming set up on windows

 

And then I can run

export DISPLAY=localhost:10.0 on a non putty ssh session

And then

Xclock and other X windows applications run. 

After install Xming

1)      Run “xhost +” on your desktop xming window

modify the X0.host file on windows machine 

X0.host  

localhost

oidm-dev1.csun.edu

130.166.5.152

2)      Execute “export DISPLAY=:0” on linux machine

3)      Run “xclock” on linux machine and see if you see a clock on your laptop

Will encounter following error if X0.host file not modified

[root@oidm-dev1 /]# xhost + 130.166.10.225

No protocol specified

xhost:  unable to open display "it-d73-0813.csun.edu:0.0"

At the Linux side, open all firewall, 

# service iptables save
# service iptables stop
# chkconfig iptables off

Download and Resource:

http://www.slackwiki.com/X_Windows:_Remote_X_to_Windows_with_Xming

https://www.youtube.com/watch?v=D-xV5HRBtQI

terminology

ESB: Enterprise Service Bus, acts as the single message exchange between applications - See more at: http://www.j2eebrain.com/java-J2ee-enterprise-service-bus.html#sthash.3WPT0JtH.dpuf 

ESB principles and practices: An Enterprise Service Bus (ESB) is a modular and component based architecture and a key enabler used for implementing the infrastructure for service oriented architecture (SOA). For building a comprehensive service oriented infrastructure (SOI), an ESB is only one of many components used. An ESB allows the interaction between heterogeneous service and interface that might be mismatched or that may change over time. - See more at: http://www.j2eebrain.com/java-J2ee-enterprise-service-bus.html#sthash.2Ec8PKsE.dpuf

A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology
Service Oriented Architecture (SOA): SOA makes it easier for software components on computers connected over a network to cooperate 

Jboss Fuse: lightweight communication service hub, JBoss Fuse is an open source, lightweight Enterprise Service Bus (ESB) 


PaaS: Platform as Service

Web Service: a software system designed to support interoperable machine-to-machine interaction over a network

Subversion, CVS, file sharing and version control software

ANT: Apache Ant is a software tool for automating software build processes. It originally came from the Apache Tomcat project in early 2000. It was a replacement for the unix make build tool, and was created due to a number of problems with the unix make.
Used it in Shibbleth

Maven: Apache Maven  software project management and comprehension tool 

Servlets, 

A servlet is a Java programming language class that is used to extend the capabilities of servers that host applications accessed by means of a request-response programming model. Although servlets can respond to any type of request, they are commonly used to extend the applications hosted by web servers. For such applications, Java Servlet technology defines HTTP-specific servlet classes.

The javax.servlet and javax.servlet.http packages provide interfaces and classes for writing servlets. All servlets must implement the Servlet interface, which defines life-cycle methods. When implementing a generic service, you can use or extend the GenericServlet class provided with the Java Servlet API. The HttpServlet class provides methods, such as doGet and doPost, for handling HTTP-specific services.

This chapter focuses on writing servlets that generate responses to HTTP requests.

Struts: Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON

Tiles:  a java frameword

MVC: Model–view–controller (MVC) is a software architectural pattern for implementing user interfaces. Traditionally used for desktop graphical user interfaces, this architecture has become extremely popular for designing web applications.

JMS, is a part of the Java Platform, Enterprise Edition, and is defined by a specification developed under the Java Community Process as JSR 914. It is a messaging standard that allows application components based on the Java Enterprise Edition (Java EE) to create, send, receive, and read messages.

Spring Framework: Eclipse Spring Framework 

AJAX,  AJAX is the art of exchanging data with a server, and updating parts of a web page - without reloading the whole page, Asynchronous JavaScript and XML.

Apache CFX (SOAP): is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.(spring, struts)

 JMeter.  application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions.

JavaScript, HTML, CSS, 

REST, 
SOAP: Simple Object Access Protocol
XML-RPC

1. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPSstands for 'Secure'. It means all communications between your browser and the website are encrypted.

XPRESS language

http://docs.oracle.com/cd/E19225-01/820-5821/bvbps/index.html

http://docs.oracle.com/cd/E19225-01/820-5821/bvbyj/index.html

setup SSL standalone tomcat server

Steps to set up SSL on a test Linux server

· Before set up a https security connection, there are a few steps:

omake sure the port that you will be use is open throught the firewall by telnet server port.

omake sure either you use apache+tomcat or tomcat alone. there are different approaches

omake sure this server is not behind load balancer, load balancer got its own ssl approach

· following steps is for set up https connection on tomcat standalone server

ohttp://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

ohttp://homepage.mac.com/chriswjohnson/misc/java-cert-parsing.html

ohttps://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1204

ohttp://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

· steps that we did on one standalone tomcat server

oJAVA_HOME/bin/keytool -genkey -alias yourkeyalias -keyalg RSA -keystore yourkeystore -keypass yourpass -keysize 2048 (generate a private key and store it on your keystore)

okeytool -certreq -keyalg RSA -alias yourkeyalias -file yourcert.csr -keystore yourkeystore (get a private certificate signed request based on your key, alias is your key alias in your keystore)

osend the private csr file to CA get a trusted certificate (get the root csr file, the intermidiate csr file together with the domain certificate)

oimport the trusted root csr file, then intermidiate csr file, then your domain csr file into yourkeystore

§ keytool -import -alias root -trustcacerts -file yourroot.csr -keystore yourkeystore (each cert need a new alias)

oset up tomcat server.xml file. sample connector setting:

§

· tips

otry a private signed key to make sure your server is up ready for everything.

okeep no extra space for any certificate. you may get a lengh too long error if your certificate got extra space.

ochain certificate is root certificate, but you got to have a root certificate and a intermidiate certificate to make a chain

omake sure CN = your domain name even it asks you for first name and last name

owhen you import the SSL certificate, the last one should be the same alias with your key

· how to convert keytool certificate/key to openssl readable key/crt

ohttp://www.herongyang.com/crypto/Migrating_Keys_keytool_to_OpenSSL.html

oonly need to pay attention the algorithm is rsa, not dsa

=========================================

About SSL 

Knowledge base
https://sites.google.com/site/amitsciscozone/home/security/ssl-connection-setup 

https://technet.microsoft.com/en-us/library/cc785811(WS.10).aspx 


http://searchsecurity.techtarget.com/answer/The-SSL-handshake-process-Public-and-privates-keys-explained

SSLshopper

https://www.sslshopper.com/certificate-decoder.html   

SSL TLS HTTPS process explained in 7 minutes

https://www.youtube.com/watch?v=4nGrOpo0Cuc 

SSH handshake process explained

Key and Algorithms

1. SSH uses common asymmetric (or Public) key algorithms: RSA (Rivest-
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).

Key Exchange

1. The client has a public & private key pair. The server has a public & private key pair.
2. The client and server exchange their public keys.
3. The client now has its own key pair plus the public key of the server.
4. The server now has its own key pair plus the public key of the client.
5. This exchange of keys is done over an insecure network.
6. The client takes its private key and the server’s public key and passes it
   through a mathematical equation to produce the shared secret (session key).
7. The server takes its private key and the client’s public key and passes it
   through a mathematical equation to produce the shared secret (session key).
   Both these shared secrets are identical! This is an asymmetrical key.
8. This encrypted tunnel is used for the remainder of the session, including the next phase: User Authentication.