How to test open ports w/o telnet or nc

Found this out of necessity when a security team didn’t allow the installation of either telnet or nc. I initially thought ssh would work, but it doesn’t really work.

The command is simple. Just do this:

/dev/tcp/<host>/<port>

Replace the <host> and <port>. Here’s how it would look if successful:

SV-LT-1361:~ altonyu$ > /dev/tcp/192.168.0.11/2049
SV-LT-1361:~ altonyu$ echo $?
0

Here’s how it would look if unsuccessful:

SV-LT-1361:~ altonyu$ > /dev/tcp/192.168.0.11/2047
-bash: connect: Connection refused
-bash: /dev/tcp/192.168.0.11/2047: Connection refused
SV-LT-1361:~ altonyu$ echo $?
1

Obviously if the command hangs, it probably means it won’t work either.

Hope this helps someone!

Use update-ca-trust! Or update-ca-certificates.

Don’t just append the /etc/ssl/certs/ca-certificates.crt or the /etc/ssl/certs/ca-bundle.crt.

Not long ago, I thought that it didn’t matter. I figured since the update-ca-trust command just updated the bundle, I might as well skip a step and go directly. I was wrong. Don’t do it. I guess that’s why people actually have processes and directions to follow.

The reason why you want to put the certificate issuers in /etc/pki/ca-trust/source/anchors/ or /etc/ssl/certs/ and use the update-ca-trust enable/extract commands is so that it can survive an update. If someone decides to patch the machine and there are other certificates being updated, the one that you appended to the bundle will get deleted.

Follow the process! For me, that’s basically:

cp <filename>.pem /etc/pki/ca-trust/source/anchors/
cp <filename>.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust

How to clear the filesystem buffer cache in Linux

You would probably want to do this if you’re suspecting that there’s an issue where you’re falling short on memory, diagnosing performance issues, etc. It’s much faster than a reboot and if it solves your problem, you’ll know what to do in the future. It’s not likely that you’ll need to do this. Just good to know how.

If you’re interested in more information regarding your memory, you can go look at: https://www.linuxatemyram.com/

Taken from: https://stackoverflow.com/questions/29870068/what-are-pagecache-dentries-inodes

With some oversimplification, let me try to explain in what appears to be the context of your question because there are multiple answers.

It appears you are working with memory caching of directory structures. An inode in your context is a data structure that represents a file. A dentries is a data structure that represents a directory. These structures could be used to build a memory cache that represents the file structure on a disk. To get a directly listing, the OS could go to the dentries–if the directory is there–list its contents (a series of inodes). If not there, go to the disk and read it into memory so that it can be used again.

The page cache could contain any memory mappings to blocks on disk. That could conceivably be buffered I/O, memory mapped files, paged areas of executables–anything that the OS could hold in memory from a file.

The commands flush these buffers.

Every Linux System has three options to clear cache without interrupting any processes or services.

  1. Clear PageCache only.
    • # sync; echo 1 > /proc/sys/vm/drop_caches
  2. Clear dentries and inodes.
    • # sync; echo 2 > /proc/sys/vm/drop_caches
  3. Clear PageCache, dentries and inodes.
    • # sync; echo 3 > /proc/sys/vm/drop_caches

Explanation of above commands. sync will flush the file system buffer. Commands separated by “;” run sequentially. The shell wait for each command to terminate before executing the next command in the sequence. As mentioned in kernel documentation, writing to drop_cache will clean cache without killing any application/service, command echo is doing the job of writing to file. If you have to clear the disk cache, the first command is safest in enterprise and production as “…echo 1 > ….” will clear the PageCache only. It is not recommended to use third option above “…echo 3 >” in production until you know what you are doing, as it will clear PageCache, dentries and inodes. Is it a good idea to free Buffer and Cache in Linux that might be used by Linux Kernel? When you are applying various settings and want to check, if it is actually implemented specially on I/O-extensive benchmark, then you may need to clear buffer cache. You can drop cache as explained above without rebooting the System i.e., no downtime required. Linux is designed in such a way that it looks into disk cache before looking onto the disk. If it finds the resource in the cache, then the request doesn’t reach the disk. If we clean the cache, the disk cache will be less useful as the OS will look for the resource on the disk. Moreover it will also slow the system for a few seconds while the cache is cleaned and every resource required by OS is loaded again in the disk-cache. Now we will be creating a shell script to auto clear RAM cache daily at 2am via a cron scheduler task. Create a shell script clearcache.sh and add the following lines. #!/bin/bash # Note, we are using “echo 3”, but it is not recommended in production instead use “echo 1” echo “echo 3 > /proc/sys/vm/drop_caches” Set execute permission on the clearcache.sh file. # chmod 755 clearcache.sh Now you may call the script whenever you required to clear ram cache. Now set a cron to clear RAM cache everyday at 2am. Open crontab for editing. # crontab -e Append the below line, save and exit to run it at 2am daily. 0 2 * * * /path/to/clearcache.sh For more details on how to cron a job you may like to check our article on 11 Cron Scheduling Jobs. Is it good idea to auto clear RAM cache on production server? No! it is not. Think of a situation when you have scheduled the script to clear ram cache everyday at 2am. Everyday at 2am the script is executed and it flushes your RAM cache. One day for whatsoever reason, may be more than expected users are online on your website and seeking resource from your server. At the same time scheduled script run and clears everything in cache. Now all the user are fetching data from disk. It will result in server crash and corrupt the database. So clear ram-cache only when required,and known your foot steps, else you are a Cargo Cult System Administrator. How to Clear Swap Space in Linux? If you want to clear Swap space, you may like to run the below command. # swapoff -a && swapon -a Also you may add above command to a cron script above, after understanding all the associated risk. Now we will be combining both above commands into one single command to make a proper script to clear RAM Cache and Swap Space. # echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a && printf ‘\n%s\n’ ‘Ram-cache and Swap Cleared’ OR $ su -c “echo 3 >’/proc/sys/vm/drop_caches’ && swapoff -a && swapon -a && printf ‘\n%s\n’ ‘Ram-cache and Swap Cleared'” root After testing both above command, we will run command “free -h” before and after running the script and will check cache. Clear RAM Cache and Swap Space That’s all for now, if you liked the article, don’t forget to provide us with your valuable feedback in the comments to let us know, what you think is it a good idea to clear ram cache and buffer in production and Enterprise? Sharing is Caring…

What’s NonRootPortBinding? I just want to run my web server on port 443!

In the Unix world, privileged ports are 1-1024. As a non-root user, you’re not allowed to start a service and listen on them.

So, how do web servers work then? They usually use ports 80 and 443.

There are a few ways around this. The most common is that the process is started as root and then downgraded.

If you want to start a process without ever having root access though, the way to do it is with NonRootPortBinding. You can find information about it using Apache here.

Basically, for any process you want to start on a port under 1025, you can run:

setcap cap_net_bind_service=+ep <path to binary> 

Following that, you can confirm that you’ve set the correct permission by running:

getcap <path to binary> 

It should return with: cap_net_bind_service+ep

When you patch or update the binary, you will need to rerun the setcap command.

Hope this helps!

Using 2 ISPs at the same time, any routers!

I have another blog posting where I talk about how to use 2 ISPs at the same time and the router load balances the outbound connections.

Since then, I’ve upgraded my other Internet connection such that it’s not even worth keeping the other one. I now have one WAN link that’s over 500mbps and another that’s 20mbps. How do we load balance that? Why bother with the 20mbps? For that reason, I just unplugged it for months…

Then I thought about it and turned it back on. It was initially to be used as a backup, in case my primary goes down, which always does and comes back up again, but now, I use them both concurrently. Since I have an older router that was laying around, so it made my decision easy. If I didn’t have the extra router, I may not have gone out to buy another one.

Basically, the way I’m using it is like this:

192.168.0.1 is my primary router. It has my primary WAN link and all of my Internet traffic goes through it, with the exception of some DNS traffic.

Just a screenshot of my primary router settings. Why am I not using ASUS-Merlin? I don’t know. It didn’t support AImesh when I first set up the mesh. Merlin does now, but I keep thinking that I’ll be giving something up. Maybe I’ll do Merlin someday soon. I’ll be sure to blog about it if I do.

192.168.0.6 is my secondary router. This is where my hosts go to get Internet access if my primary goes down. Hopefully, the primary link doesn’t go down for an extended period of time. If it does, this is what I will use. I do need to manually configure my clients. Basically, just change it from automatic DHCP to manual and instead of using 192.168.0.1 as the default gateway, switch it to 192.168.0.6. I use the same DNS servers. I turn off DHCP on this router.

Very simple DD-WRT secondary router setup

DNS server – I have a separate caching DNS server that runs just to cache DNS requests. On it, I use forwarders to resolve DNS requests to avoid full recursive lookups if possible. To get to those forwarders, I put 1/2 of them through my primary ISP and 1/2 of them through the secondary.

My bind configuration options look like this:

forwarders {
    9.9.9.9;
    208.67.220.220;
    1.1.1.1;
    8.8.8.8;
    208.67.222.222;
};

My routing table looks like this:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 ens160
8.8.8.8 192.168.0.6 255.255.255.255 UGH 0 0 0 ens160
68.87.20.6 192.168.0.6 255.255.255.255 UGH 0 0 0 ens160
96.114.157.81 192.168.0.6 255.255.255.255 UGH 0 0 0 ens160
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
208.67.220.220 192.168.0.6 255.255.255.255 UGH 0 0 0 ens160

With this configuration, basically I’m just using 1 ISP for everything, with the small exception of DNS. When my primary ISP goes down, I don’t really think about DNS. Maybe I’ll check next time to see if DNS is still working. Usually when it goes down, I look at my router and see that my modem is likely rebooting.

Anyway, when I want to fail over to my 2nd ISP, I do it simply on the device like this:

When configuring manually, you’ll need to configure the DNS as well.

Hope this helps! Please leave any comments or questions below!

Don’t skip inutoc . !!! (AIX)

I’m not an AIX expert. I’ve only been on an AIX command line probably 3-4 hours at the most in my entire career.

I just know that when you’re installing AIX packages, make sure you run inutoc . I have some notes on AIX here.

Basically, after you copy an ipfl file into a directory, say /tmp, you will need to run the 2 commands like this:

inutoc .
installp -ac -gXY -d. ipfl

Otherwise the install will fail with some message that I can’t remember.

Rebroadcast your neighbor’s wifi for yourself (wifi extender) with Tomato firmware

My parents recently swapped Internet providers and since they didn’t know that it would take a week for the application to be completed, they were out of Internet service for about a week. The neighbors graciously allowed them to use theirs, but the signal didn’t reach the entire house. To make it reach, we configured the router to rebroadcast their wifi. If you’re going to be doing this, please make sure you get permission first!

The easiest way to do this is to just get one of those wifi extenders. We just didn’t happen to have any at the time. Since the router was Tomato compatible, I first flashed the router with tomato. The screenshots you’re seeing are Tomato by Shibby, just with a custom skin.

To do this, you first need to find out what IP address range you can use. I did this just by connecting a laptop to their wifi. Turned out that the IP address their DHCP server gave me was 192.168.7.x. I tried to ping 192.168.7.253 to make sure it wasn’t taken and sure enough, it wasn’t. I assigned 192.168.7.253 to my router.

Next, I needed to disable DHCP. You don’t want your DHCP competing with the neighbor’s. Lastly, use the default gateway that you get from their DHCP server. In my case, it was 192.168.7.1. You can use the DNS server from them also or you can use others. I like Quad9’s 9.9.9.9 or Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8.

After that, you can match up your wifi settings with theirs’ so that it can connect. Use the exact same SSID, shared key, and use “Wireless Ethernet Bridge” for the Wireless Network Mode.

Lastly, optionally, you can put up any your own wifi settings as virtual wifi settings so that you don’t need to reconfigure any of your own devices.

The virtual setting is the wl0.1. Just add it and that’s it!

That’s all you need to do to make your own Tomato Wireless Extender. This has much better range than a regular wifi extender and was available at the time.

What in the hell is zypper!?

Had an issue recently with SUSE Linux where I saw this:

warning: /var/cache/zypper/RPMS/rpmname-9.3.0-6104.s12.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 7baa810c: NOKEY
Checking directory paths.

2019-11-16T10:29:00-05:00 Package installation failed

If you run into this, I would recommend:

  1. Run the command “zypper ref -s” to see if it would refresh the cache and service.
  2. Check if the quota exceeded on the server by reviewing the SUSE knowledge base article: https://www.suse.com/support/kb/doc/?id=7017376

Don’t travel without an adapter with USB ports!

If you’re ever going overseas, you’ll need an adapter converter for any electronics, probably your iphone/ipad/laptop. I would highly recommend a travel adapter converter that includes some USB charging ports. Most hotels nowadays will have these things, but most airports don’t and probably most airbnbs don’t either.

There are other kinds. The ones you want to avoid are the ones with many parts. I was embarrassed when I was in Singapore and had a travel adapter that didn’t fit! One end was literally made to fit in another and it didn’t fit! This one is one piece, so besides the cords, there’s not much that can break. Additionally, there’s a USB-C port. Many tablets and phones now are exclusively usb-c, so this one works great for that use case!

The adapter/charger I got is the Achoro one. I don’t know if there’s a named brand one of these, but this one has served me well for a few uses. I plug this one into the wall where I get a nightlight builtin and charge my iphone/ipad/watch/laptop overnight at the same time with it. https://usgiftgiant.com/achoro-4-usb-ports-travel-adapter/

For just $20, I would say this is a great deal. I would recommend putting one in the suitcase and one in the backpack just in case – these things can easily be lost and unless you’re in Asia, they’re pretty expensive to buy when you need them immediately.

Trip to China … what I learned, what to expect, what to do.

China was a wonderful trip and I’d definitely recommend it to anyone. I wasn’t introduced to much that was unexpected – at least not at the level at which people who I’ve talked to have overly exaggerated about. It could have been due to the protection of the tour guides or what people have told me to watch out for, but seems to me that Beijing and Shanghai are just regular cities, differing very little from San Francisco. Well, they’re unique in their own ways, but the “culture shock” that people have talked about, isn’t really didn’t hit me. Well, this is the list of the expected:

  1. Don’t drink tap water
  2. Toilets could be just a hole in the ground with a lid. (Squatting toilets)
  3. Some toilets don’t have toilet paper – bring your own.
  4. Traffic is pretty crazy – rules are different.
    That’s about it. I think the rest is pretty much the same.

So what was unexpected? If you go on a tour, it’s likely that the service you get anywhere you go, is much better than that in the United States. Of course you pay for what you get, but I assure you that service in China is among the best in the world – maybe not the way they speak, but the way they act for sure. There were times where I felt disrespected, but those are only because I had based them on American values. Pushing and shoving, spitting on the sidewalk (I do it too by the way), and much of the way people say things in China can be offensive to Americans. I’m a firm believer that actions speak louder than words and that it’s just the way you see things. You choose your point of view and will be offended only when you choose to. It’s just a different culture. I bought an apple pear for 2.5 Yuan. For the 2.5 Yuan, the lady peeled it for me. In the States, I don’t ever see this happening. 2.5 Yuan is currently about $0.30 USD. You can’t buy an apple pear for $0.30 and it’s not likely that you can buy one peeled for you and ready to eat, for $3.00. When buying a belt in a store in Guangzhou, I talked to the salesperson for twenty minutes before deciding on the belt I wanted and even after that, I had him agree to adjust the belt size for me. Total cost for the belt was 29 Yuan. In American dollars, it’s less than $4.00. Another thing is that I haven’t heard very many “thanks” after purchases. I think it’s just another example of the Chinese “show me, don’t tell me” culture.

What did I learn? Well, I was told a lot (kind of like lecture in class). What did I learn due to my own curiosity? I learned that little kids instead of using diapers, have pants with holes in them – the just change pants. I learned that some people here are not nearly as fortunate as we are in the States. Well, I already knew that, but had a massage today and talking to the lovely young lady that gave it to me, I learned that she had just a high school education (maybe just junior high) and that she had no chance to go to college because she had two other sisters that she had to take care of in one way or another that wasn’t clear to me. Sounded very sad and I was thinking about what I could do to help her and give her some opportunity. Unfortunately, I was too shy to ask questions that might be too personal and was afraid to take responsibility for any promises I could make. I just left her a bigger than recommended tip. Her job is very hard although she doesn’t have to do it much. It’s usage of a lot of energy and is very damaging on her fingers.

Some advice for those that will be visiting China:

  1. Try squatting on a western style toilet seat (just put your feet up on the seat and try using the toilet that way and get the experience).
  2. Bring your own water, buy bottled water, or boil before drinking – never drink tap water.
  3. Bring your vitamins. Bring your medicine. Bring stomach medicine. Bring mouthwash.
  4. Always have extra toilet paper or tissues.
  5. Check the foreign exchange rate before exchanging currencies. Do not exchange it with people from the street (don’t want counterfeit money) – be sure to do it in a hotel or a bank or just withdraw money from an ATM.
  6. Don’t give money to beggars. The people in the country that work hard deserve more for working. Also, if you give to beggars, you might see a swarm of them come after you after you give to one.
  7. You don’t have to tip in most cases – if you follow a tour, it’s likely that the tip was already included in your meal. You may want to ask your guide before tipping. I like tipping though. In the States, you’d pay a lot more in tips. I think that people in China deserve a lot more also. By their standards, I over tip them by a lot.
  8. Always bargain when purchasing any goods on the street. Also, there are many little stands that sell the same stuff. It might be good to do comparison-shopping. Here’s my template for bargaining:
    a. Buyer: How much?
    b. Seller: Some number
    c. Buyer: (No matter how reasonable) That much!?
    d. Seller: Yes.
    e. Buyer: I want cheaper.
    f. Seller: How much are you willing to pay?
    g. Buyer: How much lower can you go?
    h. And from here, you decide on how you can play. You may want to ask for quantity discounts, etc. As a rule of thumb, I would shoot for 1/4 to 3/4 the amount originally stated. Use your common sense of course. If you’d shopped around and someone offers something to you for less than you’d paid before, it’s not likely you’d get a discount. Also, if it’s a really cheap item like a bottle of water for 3 Yuan, it’s not likely you’ll get a discount either.
  9. Buy stuff away from the tourist areas and places where the locals shop also. You’ll get a better deal that way.
  10. Don’t buy too much if you will be flying in China domestically. There’s a fee for going over a certain weight limit when carrying cargo. Buy most of what you want at your last stop in China.
  11. Bring your 240-110 volt converter if you have one. If not, make sure that the one you borrow from the hotel is a real converter – it should be heavy. You don’t want to blow out any of your devices.
  12. Bring extra batteries and a camera with a flash. 400mm film or a digital camera was recommended to me. Bring a camcorder if you have one.
  13. Don’t bring too much clothing. One or two sets of warm clothing should suffice. (So that you have a smaller load to carry). You could buy more warm clothing on the street should you need it. It’s much cheaper to buy in China than anywhere in the States.
  14. Try to learn as much Mandarin as you can. That’s China’s national language.
  15. Work out and get in shape. Walking the Great Wall and up the mountains in Guilin is quite exhausting.
  16. Buy foot massages whenever you can. You probably won’t get them anywhere else in the world for a similar price. It’s well worth it. (Also remember to tip)

I think that the best way to learn is this. Teach your children their history and let them take a tour of the place of where it happened. Of course, you’ll have to have a good tour guide that knows the history. We were immensely blessed with having accomplished tour guides that were courteous and easy to understand.

We had a wonderful tour guide by the name of Lisa Lee. We had initially met on bad terms however. At the time we arrived at the airport, there was no one there to pick us up! There were 18 of us in the group and it turned out that we had waited 3 hours before anyone had arrived to greet us! What the heck did we do for the 3 hours? Not surprisingly, the first stage was obviously shock. Interestingly (and luckily), we’d all found each other (the rest of the group of tourists). Then again, we would’ve all found each other anyways because until the next plane arrived, we were practically the only ones in the airport! Some of us wondered if we’d been had – if this tour was really just a scam. I don’t think any of us had ever bothered to check with any of the hotels to see if reservations had ever really been made. The next thing we did was try contacting them. Funny thing was, their phone number was changed and that they were no longer at that number. To keep the story short, we probably didn’t know until an hour and a half later whether or not someone was really coming (or not!). A lot of things were going through our minds as we waited. Whether we should take a taxi to the hotel and whether or not the touring company would pay for the ride, what we were going to do if they didn’t show up – there’s a lot that goes through just one person’s mind when puzzled; just imagine 18 minds. Meeting Lisa was an immediate relief. Her enthusiasm and friendliness easily overcame all barriers that I may have put up and she had instantly left me a good impression. The following days had only strengthened this notion, as I was extremely impressed with her knowledge of Beijing. She explained a lot of the tour sites and the events that occurred there. With over 5000 years of Chinese history and over 3000 years of written Chinese history, you can imagine there’s quite a lot to talk about. I think that my lack of vocabulary really limits the amount of good things I can say about her. She really took care of us as to talking about how China differs from more developed countries. She also brought us to the more developed areas. For instance, she told us which restrooms to use – showing us where the cleaner ones were. She protected us from the locals – not to say that the locals are bad, but she made us aware of what could happen. She told us to watch our purses and wallets at least twice before entering WongFuJing. She told us to avoid any political talk before entering the Forbidden City. Furthermore, her mastery of the English language was also impressive. I did not expect anyone to speak English at her level.

In the 2 days, we’ve visited the monumental sites of Beijing and have the pictures to prove it. First was the Temple of Heaven. This is the main site for Beijing tourism – being there, you could really imagine and admire and appreciate the work. Buildings erected at times where there were no bulldozers even cars for that matter. The main building in the temple of heaven is a pagoda with 3 roofs and was built without nails or cement. Our tour guide explained how it was built – having the many different pillars and the way it was supported. Unfortunately, like many of the different magnificent treasures of China, the lights were not on in the building. Not that it’s a big deal, but my guess is they didn’t want tourists to mess the place up. Wonder what would happen if the tourists decided to step over the line. If they just decided to walk on in. They were blocked off by nothing but one thick wire. Anybody can easily go over or under. For that matter, I would think the same as on a plane – one that I will be on in a couple of hours – what would happen. It’s quite a sick thought.

Tiananmen Square. After a long walk and a tour around the outside of the Forbidden City, the first sight of the inside was breathtaking to say the least. Seeing it on television or in print is one thing, but being there, I can tell you, it’s different. The size and complexity of it requires a map to navigate (unless it’s familiar territory – luckily for us, we had a guide) .The king must’ve had a really great life – the servants, the view, the perks! You can really admire the piece of art. If you look, you won’t think there are windows in the buildings. As a matter of fact, there are no transparent glass or plastic windows. So how do the buildings get oxygen? You can see the windows in the little designed cuts in the walls. Also, if you have the good fortune of touring on a rainy day, you could see water coming out of the dragons’ mouths. It wasn’t a sight that I’d witnessed first hand, but it’s quite a concept. The reason for design is in event of a fire. Since the dragons’ mouths could hit practically every part of the landmark, if there ever is a fire, firefighting would be a relatively easy task. It’s no wonder that they could make such a landmark with so much wood. By the way, this was all built just less than a century before Columbus sailed the Ocean Blue in 1492! I think the documented date is 1430.

The Great Wall – the pride of China. While taking pictures on the bus, another tourist said to me, “Why? You have plenty of places to take pictures – look at how long the wall is!”

The rest of Beijing was pretty simple compared to the first two sites. We had remarkable lunch at what used to be Yuan May Yuan – it was at a very pretty place with awesome service. The Summer Palace. A Tea House. A massage. Dinner. Watched an Acrobat show. Ming Tombs. Peking Roast Duck. WongFuJing

The three key areas for me in this trip was Beijing for man-made sights, Guilin for natural sights, and Guangzhou for food. The rest was icing on the cake. It’s really difficult to be impressed by anything after seeing the Great Wall and Tiananmen Square. Not to say that I wouldn’t have loved to live along the lake in Suchou or have tea in the gardens, but I think that just walking through the Forbidden City is a magical experience in itself. If you think about it, it’d be extremely difficult to build the Great Wall even today with all the great technology we have, let alone centuries ago.