Linux 系統管理與安全：進階系統管理系統防駭與資訊安全

Although GnuPG 2 has been around for nearly 15 years, the old 1.4 version was still in wide use. With Debian and others making 2.1 the default, many interesting things can now be done. In this talk he will explain the advantages of modern key algorithms, like ed25519, and why gpg relaxed some of its more paranoid defaults. The new –quick commands of gpg for easily scriptable key management will be described as well as the new key discovery methods. Finally hints for integration of gpg into other programs will be given. Werner Koch, g10code

Apresentação na Pós-Graduação em Segurança da Informação: - Sniffer de senhas em plain text; - Ataque de brute-force no SSH; - Proteção: Firewall, IPS e/ou TCP Wrappers; - Segurança básica no sshd_config; - Chaves RSA/DSA para acesso remoto; - SSH buscando chaves no LDAP; - Porque previnir o acesso: Fork Bomb

Getting started with RDO on Fedora 19. A presentation on installing and configuring OpenStack using RDO Havana

The document describes setting up Hadoop in pseudo-distributed mode on a CentOS virtual machine instance. It details steps like creating a user account, installing Java and Hadoop, formatting the namenode, starting HDFS and YARN daemons, creating HDFS directories, and running a sample Pi estimation MapReduce job.

The document summarizes an analysis of compromised Linux servers. The author detected intrusion after logging in and seeing a previous login from an Italian IP address. Further investigation revealed unauthorized login attempts from other countries. Logs showed the intruder accessed the servers repeatedly over weeks. Processes and open ports indicated the presence of rootkits and backdoors. User accounts for the intruder were also found on the servers.

This document discusses the crash reporting mechanism in Tizen. It describes the crash client, which handles crash signals and generates crash reports. It covers Samsung's crash-work-sdk and Intel's corewatcher crash clients. It also discusses the crash server that receives reports and the CrashDB web interface. Finally, it mentions crash reason location algorithms.

This document provides a summary of basic Linux commands including: - ls lists files and directories - cp copies files and directories - mv moves or renames files and directories - rm removes files or directories - touch creates empty files - cat outputs the contents of files - mkdir creates directories - grep searches for patterns in files - ps displays currently running processes - top displays active processes and system resources

This document describes the network configuration and management scripts used in Scientific Linux release 6.1. It discusses the main scripts and files used like /etc/rc.d/init.d/network, /etc/sysconfig/network, and /etc/sysconfig/network-scripts. It provides details on how the network script starts and stops network interfaces, and brings interfaces up at boot time using files in /etc/sysconfig/network-scripts. It also summarizes some of the functions available in the network-functions file.

The document provides instructions for deploying Red Hat OpenStack on Red Hat Enterprise Linux using PackStack. It describes starting two virtual machines for the RDO control and compute nodes. It then discusses using PackStack to install OpenStack on the nodes in an interactive or automated way. Finally, it outlines exploring the OpenStack dashboard and services like Keystone, Glance, Nova, Cinder, and Swift after installation.

SSHFP records provide a secure method of distributing host public keys via DNS. The document discusses: 1) How SSHFP records store fingerprints of host public keys in DNS to validate connections, rather than distributing keys directly. 2) The process of generating fingerprints from router public keys, creating SSHFP records, and configuring DNS to distribute them securely via DNSSEC. 3) How an SSH client can validate connections to a host by looking up its SSHFP records and fingerprints in DNS, preventing man-in-the-middle attacks.

SSHFP records provide a secure method of distributing host public keys via DNS. The document discusses: 1) How SSHFP records store the fingerprint of a host's public key in DNS, allowing clients to validate the key via DNS lookup rather than trusting the host directly. 2) Instructions for generating SSHFP records for network devices that may not support all SSH commands, including extracting public keys and generating fingerprints. 3) Configuration details for distributing the SSHFP records in DNS and validating them during SSH connections using DNSSEC, avoiding the need to manually accept host keys.

Talk by Brendan Gregg at Kernel Recipes 2017 (Paris): "The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix. Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime). This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more."

The document discusses using proxy ARP to allow multiple containers and VMs to share a single network interface on the host machine. It notes some limitations of alternative approaches like Linux bridges, Open vSwitch, and MACVLAN. It also describes some issues with proxy ARP like stealing MAC addresses and requiring static routing. The proposed solution is to use arptables to selectively allow ARP requests from specific IP addresses to prevent MAC address conflicts while enabling network access for containers and VMs.

Aman Gupta's presentation about debugging ruby systems. To view the full recording of his talk, visit: http://www.engineyard.com/video/16710570

This document provides information on various debugging and profiling tools that can be used for Ruby including: - lsof to list open files for a process - strace to trace system calls and signals - tcpdump to dump network traffic - google perftools profiler for CPU profiling - pprof to analyze profiling data It also discusses how some of these tools have helped identify specific performance issues with Ruby like excessive calls to sigprocmask and memcpy calls slowing down EventMachine with threads.

This document discusses building a Linux IPv6 DNS server. It includes shell scripts and C source code files to perform tasks like checking system details, ensuring root user privileges, cleaning directories, building kernel images, backing up source directories, and adding members to a server via a GUI. The scripts and programs work together to configure, build, and run an IPv6-enabled Linux DNS server.

To know more, Register for Online Hadoop Training at WizIQ. Click here : http://www.wiziq.com/course/21308-hadoop-big-data-training A complete guide to Hadoop Installation that will help you when ever you face problems while installing Hadoop !!

The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.

Presented at LISA18: https://www.usenix.org/conference/lisa18/presentation/babrou This is a technical dive into how we used eBPF to solve real-world issues uncovered during an innocent OS upgrade. We'll see how we debugged 10x CPU increase in Kafka after Debian upgrade and what lessons we learned. We'll get from high-level effects like increased CPU to flamegraphs showing us where the problem lies to tracing timers and functions calls in the Linux kernel. The focus is on tools what operational engineers can use to debug performance issues in production. This particular issue happened at Cloudflare on a Kafka cluster doing 100Gbps of ingress and many multiple of that egress.

This document provides a summary of common Linux network tools including ifconfig, netstat, route, ping, traceroute, iptables, netcat, rinetd, tcpdump, and tcpreplay. It describes what each tool is used for at a high level, such as configuring network interfaces, displaying network status, manipulating network routes, testing network connectivity, implementing firewalls, and capturing/replaying network traffic. The document also provides basic introductions to IPv4 and IPv6 addressing and routing concepts.

The document discusses various Linux performance analysis tools including lsof to list open files, strace to trace system calls, tcpdump to dump network traffic, perftools from Google for profiling CPU usage, and a Ruby library called perftools.rb for profiling Ruby code. Examples are provided for using these tools to analyze memory usage, slow queries, Ruby interpreter signals, thread scheduling overhead, and identifying hot spots in Ruby web applications.

A low-interaction honeypot was deployed in multiple cloud environments. Various malware samples were captured, including Conficker and other viruses. Analysis of IP addresses and packet captures revealed attempts to exploit Microsoft SQL Server, Windows shares, and RDP ports. The diverse environments allowed collection of malware from around the world.

The document discusses hacking the Swisscom modem by exploiting default credentials to gain access. Upon login, the author runs commands to investigate the system such as viewing configuration files and mapping the internal network. Various system details are discovered including the Linux kernel version and software components.

Nowadays system administrators have great choices when it comes down to Linux performance profiling and monitoring. The challenge is to pick the appropriate tools and interpret their results correctly. This talk is a chance to take a tour through various performance profiling and benchmarking tools, focusing on their benefit for every sysadmin. More than 25 different tools are presented. Ranging from well known tools like strace, iostat, tcpdump or vmstat to new features like Linux tracepoints or perf_events. You will also learn which tools can be monitored by Icinga and which monitoring plugins are already available for that. At the end the goal is to gather reference points to look at, whenever you are faced with performance problems. Take the chance to close your knowledge gaps and learn how to get the most out of your system.

Step by Step look into bottlenecks and performance affecting in porting IDS/IPS application to run with DPDK multi-core VNF environment.

One of the great challenges of of monitoring any large cluster is how much data to collect and how often to collect it. Those responsible for managing the cloud infrastructure want to see everything collected centrally which places limits on how much and how often. Developers on the other hand want to see as much detail as they can at as high a frequency as reasonable without impacting the overall cloud performance. To address what seems to be conflicting requirements, we've chosen a hybrid model at HP. Like many others, we have a centralized monitoring system that records a set of key system metrics for all servers at the granularity of 1 minute, but at the same time we do fine-grained local monitoring on each server of hundreds of metrics every second so when there are problems that need more details than are available centrally, one can go to the servers in question to see exactly what was going on at any specific time. The tool of choice for this fine-grained monitoring is the open source tool collectl, which additionally has an extensible api. It is through this api that we've developed a swift monitoring capability to not only capture the number of gets, put, etc every second, but using collectl's colmux utility, we can also display these in a top-like formact to see exactly what all the object and/or proxy servers are doing in real-time. We've also developer a second cability that allows one to see what the Virtual Machines are doing on each compute node in terms of CPU, disk and network traffic. This data can also be displayed in real-time with colmux. This talk will briefly introduce the audience to collectl's capabilities but more importantly show how it's used to augment any existing centralized monitoring infrastructure. Speakers Mark Seger

Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.

This document provides an overview of common Linux networking commands including ifconfig, route, ping, traceroute, nslookup, arp, dig, netstat, and dmesg. It describes what each command is used for and provides examples of basic syntax and usage. Key points covered include using ifconfig to configure network interfaces, route to view and manage routing tables, and netstat to view network connections and traffic.

Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: " Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."

This document provides an overview of Linux performance monitoring tools including mpstat, top, htop, vmstat, iostat, free, strace, and tcpdump. It discusses what each tool measures and how to use it to observe system performance and diagnose issues. The tools presented provide visibility into CPU usage, memory usage, disk I/O, network traffic, and system call activity which are essential for understanding workload performance on Linux systems.

Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.

Trying to figure out why your application is responding late can be difficult, especially if it is because of interference from the operating system. This talk will briefly go over how to write a C program that can analyze what in the Linux system is interfering with your application. It will use trace-cmd to enable kernel trace events as well as tracing lock functions, and it will then go over a quick tutorial on how to use libtracecmd to read the created trace.dat file to uncover what is the cause of interference to you application.

Talk for PerconaLive 2016 by Brendan Gregg. Video: https://www.youtube.com/watch?v=CbmEDXq7es0 . "Systems performance provides a different perspective for analysis and tuning, and can help you find performance wins for your databases, applications, and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes six important areas of Linux systems performance in 50 minutes: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events), static tracing (tracepoints), and dynamic tracing (kprobes, uprobes), and much advice about what is and isn't important to learn. This talk is aimed at everyone: DBAs, developers, operations, etc, and in any environment running Linux, bare-metal or the cloud."