## run java.jar daily
10 4 * * * /opt/my.sh > /opt/logs/dailylog.log
2>&1
# script to run a jar file
my.sh
#! /bin/bash
echo $(date) > /opt/logs/dailylog.log
java -jar /opt/my/MyOpenSDK.jar
Wednesday, September 30, 2015
Tuesday, September 29, 2015
openLDAP log
OpenLDAP Log:
To get a summary on OpenLDAP Log files, openLDAP is using the Linux system log as log.
To get a summary on OpenLDAP Log files, openLDAP is using the Linux system log as log.
:/opt/openldap-production/var/openldap-slurp/replica
(replicate log, not sys log)
config file:
/opt/openldap-production/etc/config/master-sldap.conf (loglevel 256)
syslog file:
/etc/syslog.conf
# For slapd.log
local4.*
/var/log/slapd.log (log file location)
grep "BIND
dn=\"uid" slapd.log > log.txt
grep "BIND
dn=\"uid=" slapd.log | sort -k8 -u
Friday, September 25, 2015
Java Singleton
Singleton is a POJO java class which is just having a nice name. It is used when one resource is shared within one application.
Example: write an access code in a singleton class then call it from other class
1. Singleton class
public class DirectorySingleton {
private static DirectorySingleton authSingleton = new DirectorySingleton();
public static Directory dir= null;
/* A private Constructor prevents any other class from instantiating. */
static{
if (dir == null){
try{
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setClientSecrets(GmailConstants.CLIENT_ID, GmailConstants.CLIENT_SECRET)
.setJsonFactory(jsonFactory).setTransport(httpTransport).build()
.setRefreshToken(GmailConstants.REFRESH_TOKEN).setAccessToken(GmailConstants.ACCESS_TOKEN);
Directory service = new Directory.Builder(httpTransport, jsonFactory, credential)
.setApplicationName(GmailConstants.APPLICATION_NAME)
.build();
// System.out.println("called once");
dir = service;
}catch(Exception e){
}
}
}
}
2, used it from other class:
Boolean userExisted = DirectoryUtils.validateUser(DirectorySingleton.dir,
GmailConstants.DOMAIN_NAME, primaryGmailID);
Example: write an access code in a singleton class then call it from other class
1. Singleton class
public class DirectorySingleton {
private static DirectorySingleton authSingleton = new DirectorySingleton();
public static Directory dir= null;
/* A private Constructor prevents any other class from instantiating. */
static{
if (dir == null){
try{
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setClientSecrets(GmailConstants.CLIENT_ID, GmailConstants.CLIENT_SECRET)
.setJsonFactory(jsonFactory).setTransport(httpTransport).build()
.setRefreshToken(GmailConstants.REFRESH_TOKEN).setAccessToken(GmailConstants.ACCESS_TOKEN);
Directory service = new Directory.Builder(httpTransport, jsonFactory, credential)
.setApplicationName(GmailConstants.APPLICATION_NAME)
.build();
// System.out.println("called once");
dir = service;
}catch(Exception e){
}
}
}
}
2, used it from other class:
Boolean userExisted = DirectoryUtils.validateUser(DirectorySingleton.dir,
GmailConstants.DOMAIN_NAME, primaryGmailID);
Linux Script
[oracle@oidm-dev1 bin]$ lsb_release -i -r
Distributor ID: RedHatEnterpriseServer
Release: 6.6
Check running tasks: ps -elf | grep oracle
#netstat -an |grep 443 (to check if the port if open)
#netstat -an | egrep 'Proto|LISTEN'
#service iptables status
computer IP: nslookup computer.name.com
find file contains some text: find / -type f -name *.xml | xargs grep -l "looking for text"
find some files: find . -name 'conf*'
Last modified file summarized into one file:
#find *csv -mtime -10 -exec cat {} >> today.csv \;
Grep the content of a log file and sort the result, no repeat record
#grep "BIND dn=\"uid=" slapd.log | sort -k8 -u
Books:
http://www.freeos.com/guides/lsst/
http://www.codecoffee.com/tipsforlinux/articles/030.html?sudo
Distributor ID: RedHatEnterpriseServer
Release: 6.6
Check running tasks: ps -elf | grep oracle
#netstat -an |grep 443 (to check if the port if open)
#netstat -an | egrep 'Proto|LISTEN'
#service iptables status
osearch in vi: /searchtext
osudo su - (to work as root)
onetstat -an |grep 443 (to check if the port if
open)
otail -f catalina.out (tail the content of a
file)
o./file to run a local file
· show port:
onetstat -an | egrep 'Proto|LISTEN'
oservice iptables status
find file contains some text: find / -type f -name *.xml | xargs grep -l "looking for text"
find some files: find . -name 'conf*'
Last modified file summarized into one file:
#find *csv -mtime -10 -exec cat {} >> today.csv \;
Grep the content of a log file and sort the result, no repeat record
#grep "BIND dn=\"uid=" slapd.log | sort -k8 -u
How do I find the most recently changed files in a set of subdirectories on Unix or Linux?
Answer 1: This will show the most recent 10 files in current directory and below.
It supports filenames with spaces. And can be slow with lots of files http://stackoverflow.com/a/7448828
sudo find . -type f -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head2015-08-03 13:59:49.000000000 -0700 files/CV_Smith_1July2015.pdf 2014-12-05 09:46:33.000000000 -0800 files/CV_Smith_1Dec2014.pdf 2013-03-04 10:23:16.000000000 -0800 files/Thumbs.db 2013-03-04 10:16:57.000000000 -0800 files/CV_Smith_March2013.pdf 2013-01-07 11:44:11.000000000 -0800 files/CV_Smith_5Jan2013.pdf
Answer 2: This will show all files modified in last day, in current directory and below
find . -mtime -1 -ls
This version will just print the filenames, without the file sizes or times.
find . -mtime -1 -printBooks:
http://www.freeos.com/guides/lsst/
http://www.codecoffee.com/tipsforlinux/articles/030.html?sudo
Wednesday, September 16, 2015
Xming set up on windows
And then I can run
export DISPLAY=localhost:10.0 on
a non putty ssh session
And then
Xclock and other X windows
applications run.
After install Xming
1)
Run “xhost +” on
your desktop xming window
modify the X0.host file on windows machine
X0.host
localhost
oidm-dev1.csun.edu
130.166.5.152
2)
Execute “export
DISPLAY=:0” on linux machine
3)
Run “xclock” on
linux machine and see if you see a clock on your laptop
Will encounter following error if X0.host file not modified
[root@oidm-dev1 /]# xhost +
130.166.10.225
No protocol specified
xhost: unable to open
display "it-d73-0813.csun.edu:0.0"
At the Linux side, open all firewall,
# service iptables save
# service iptables stop
# chkconfig iptables off
# service iptables stop
# chkconfig iptables off
Download and Resource:
Thursday, September 10, 2015
terminology
ESB: Enterprise Service Bus, acts as the single message exchange between applications - See more at: http://www.j2eebrain.com/java-J2ee-enterprise-service-bus.html#sthash.3WPT0JtH.dpuf
ESB principles and practices: An Enterprise Service Bus (ESB) is a modular and component based architecture and a key enabler used for implementing the infrastructure for service oriented architecture (SOA). For building a comprehensive service oriented infrastructure (SOI), an ESB is only one of many components used. An ESB allows the interaction between heterogeneous service and interface that might be mismatched or that may change over time. - See more at: http://www.j2eebrain.com/java-J2ee-enterprise-service-bus.html#sthash.2Ec8PKsE.dpuf
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology
Service Oriented Architecture (SOA): SOA makes it easier for software components on computers connected over a network to cooperate
Jboss Fuse: lightweight communication service hub, JBoss Fuse is an open source, lightweight Enterprise Service Bus (ESB)
PaaS: Platform as Service
Web Service: a software system designed to support interoperable machine-to-machine interaction over a network
Subversion, CVS, file sharing and version control software
ANT: Apache Ant is a software tool for automating software build processes. It originally came from the Apache Tomcat project in early 2000. It was a replacement for the unix make build tool, and was created due to a number of problems with the unix make.
Used it in Shibbleth
Maven: Apache Maven software project management and comprehension tool
Servlets,
REST,
SOAP: Simple Object Access Protocol
XML-RPC
ESB principles and practices: An Enterprise Service Bus (ESB) is a modular and component based architecture and a key enabler used for implementing the infrastructure for service oriented architecture (SOA). For building a comprehensive service oriented infrastructure (SOI), an ESB is only one of many components used. An ESB allows the interaction between heterogeneous service and interface that might be mismatched or that may change over time. - See more at: http://www.j2eebrain.com/java-J2ee-enterprise-service-bus.html#sthash.2Ec8PKsE.dpuf
A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology
Service Oriented Architecture (SOA): SOA makes it easier for software components on computers connected over a network to cooperate
Jboss Fuse: lightweight communication service hub, JBoss Fuse is an open source, lightweight Enterprise Service Bus (ESB)
PaaS: Platform as Service
Web Service: a software system designed to support interoperable machine-to-machine interaction over a network
Subversion, CVS, file sharing and version control software
ANT: Apache Ant is a software tool for automating software build processes. It originally came from the Apache Tomcat project in early 2000. It was a replacement for the unix make build tool, and was created due to a number of problems with the unix make.
Used it in Shibbleth
Maven: Apache Maven software project management and comprehension tool
Servlets,
A servlet is a Java programming language class that is used to extend the capabilities of servers that host applications accessed by means of a request-response programming model. Although servlets can respond to any type of request, they are commonly used to extend the applications hosted by web servers. For such applications, Java Servlet technology defines HTTP-specific servlet classes.
The javax.servlet and javax.servlet.http packages provide interfaces and classes for writing servlets. All servlets must implement the Servlet interface, which defines life-cycle methods. When implementing a generic service, you can use or extend the GenericServlet class provided with the Java Servlet API. The HttpServlet class provides methods, such as doGet and doPost, for handling HTTP-specific services.
This chapter focuses on writing servlets that generate responses to HTTP requests.
Struts: Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON
Tiles: a java frameword
MVC: Model–view–controller (MVC) is a software architectural pattern for implementing user interfaces. Traditionally used for desktop graphical user interfaces, this architecture has become extremely popular for designing web applications.
JMS, is a part of the Java Platform, Enterprise Edition, and is defined by a specification developed under the Java Community Process as JSR 914. It is a messaging standard that allows application components based on the Java Enterprise Edition (Java EE) to create, send, receive, and read messages.
Spring Framework: Eclipse Spring Framework
AJAX, AJAX is the art of exchanging data with a server, and updating parts of a web page - without reloading the whole page, Asynchronous JavaScript and XML.
Apache CFX (SOAP): is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.(spring, struts)
JMeter. application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions.
JavaScript, HTML, CSS,
REST,
SOAP: Simple Object Access Protocol
XML-RPC
Tuesday, September 8, 2015
XPRESS language
http://docs.oracle.com/cd/E19225-01/820-5821/bvbps/index.html
http://docs.oracle.com/cd/E19225-01/820-5821/bvbyj/index.html
http://docs.oracle.com/cd/E19225-01/820-5821/bvbyj/index.html
Wednesday, September 2, 2015
setup SSL standalone tomcat server
Steps to set up SSL on a test Linux server
· Before set up a https security connection, there
are a few steps:
omake sure the port that you will be use is open
throught the firewall by telnet server port.
omake sure either you use apache+tomcat or tomcat
alone. there are different approaches
omake sure this server is not behind load balancer,
load balancer got its own ssl approach
· following steps is for set up https connection
on tomcat standalone server
· steps that we did on one standalone tomcat
server
oJAVA_HOME/bin/keytool -genkey -alias
yourkeyalias -keyalg RSA -keystore yourkeystore -keypass yourpass -keysize 2048
(generate a private key and store it on your keystore)
okeytool -certreq -keyalg RSA -alias yourkeyalias
-file yourcert.csr -keystore yourkeystore (get a private certificate signed
request based on your key, alias is your key alias in your keystore)
osend the private csr file to CA get a trusted
certificate (get the root csr file, the intermidiate csr file together with the
domain certificate)
oimport the trusted root csr file, then
intermidiate csr file, then your domain csr file into yourkeystore
§ keytool -import -alias root -trustcacerts -file
yourroot.csr -keystore yourkeystore (each cert need a new alias)
oset up tomcat server.xml file. sample connector
setting:
§
· tips
otry a private signed key to make sure your
server is up ready for everything.
okeep no extra space for any certificate. you may
get a lengh too long error if your certificate got extra space.
ochain certificate is root certificate, but you
got to have a root certificate and a intermidiate certificate to make a chain
omake sure CN = your domain name even it asks you
for first name and last name
owhen you import the SSL certificate, the last
one should be the same alias with your key
· how to convert keytool certificate/key to
openssl readable key/crt
oonly need to pay attention the algorithm is rsa,
not dsa
=========================================
About SSL
Knowledge base
https://sites.google.com/site/amitsciscozone/home/security/ssl-connection-setup
https://technet.microsoft.com/en-us/library/cc785811(WS.10).aspx
http://searchsecurity.techtarget.com/answer/The-SSL-handshake-process-Public-and-privates-keys-explained
SSLshopper
https://www.sslshopper.com/certificate-decoder.html
About SSL
Knowledge base
https://sites.google.com/site/amitsciscozone/home/security/ssl-connection-setup
https://technet.microsoft.com/en-us/library/cc785811(WS.10).aspx
http://searchsecurity.techtarget.com/answer/The-SSL-handshake-process-Public-and-privates-keys-explained
SSLshopper
SSL TLS HTTPS process explained in 7 minutes
https://www.youtube.com/watch?v=4nGrOpo0Cuc
SSH handshake process explained
Key and Algorithms
1. SSH uses common asymmetric (or Public) key algorithms: RSA (Rivest-
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).
Key Exchange
- The client has a public & private key pair. The server has a public & private key pair.
- The client and server exchange their public keys.
- The client now has its own key pair plus the public key of the server.
- The server now has its own key pair plus the public key of the client.
- This exchange of keys is done over an insecure network.
- The client takes its private key and the server’s public key and passes it
through a mathematical equation to produce the shared secret (session key). - The server takes its private key and the client’s public key and passes it
through a mathematical equation to produce the shared secret (session key).
Both these shared secrets are identical! This is an asymmetrical key. - This encrypted tunnel is used for the remainder of the session, including the next phase: User Authentication.
Subscribe to:
Comments (Atom)