Using Linux for Database Administration: MySQL, PostgreSQL, MongoDB

Linux is the go-to operating system for database administration due to its stability, security, and flexibility. Whether you’re managing relational databases like MySQL and PostgreSQL or working with a NoSQL database like MongoDB, Linux provides the ideal environment for robust and efficient database operations.

In this post, we’ll explore how Linux enhances the administration of MySQL, PostgreSQL, and MongoDB, along with best practices for maintaining high performance and security.

Why Use Linux for Database Administration?

Stability and Performance: Linux efficiently handles high workloads, ensuring minimal downtime and fast processing speeds.

Security Features: Built-in security mechanisms, such as SELinux and iptables, provide robust protection against unauthorized access.

Open-Source and Cost-Effective: With no licensing fees, Linux offers complete flexibility and cost savings for startups and enterprises alike.

Community Support and Documentation: A vast community of developers and system administrators ensures continuous support and updates.

1. Managing MySQL on Linux

Overview of MySQL

MySQL is a popular open-source relational database management system known for its speed and reliability. It is widely used in web applications, including WordPress, e-commerce platforms, and enterprise solutions.

Key Administrative Tasks in MySQL

User Management: Create, modify, and delete database users with specific roles and permissions to enhance security.

Backup and Recovery: Regular backups are crucial for data integrity. Linux provides tools like cron to automate backup schedules.

Performance Tuning: Optimize query performance by configuring buffer sizes and enabling caching.

Security Configurations: Implement security measures such as data encryption, firewall configurations, and access control lists (ACLs).

Best Practices for MySQL on Linux

Regularly update MySQL and the Linux OS to protect against vulnerabilities.

Monitor system performance using tools like top, htop, and vmstat.

Secure remote access by restricting IP addresses and using SSH keys for authentication.

2. Managing PostgreSQL on Linux

Overview of PostgreSQL

PostgreSQL is an advanced open-source relational database known for its powerful features, including support for complex queries, custom data types, and full ACID compliance. It is commonly used in enterprise applications and data analytics.

Key Administrative Tasks in PostgreSQL

User and Role Management: Assign granular permissions and roles for enhanced security and access control.

Backup and Restoration: Use robust tools like pg_dump and pg_restore for consistent and reliable backups.

Performance Optimization: Tune query execution by optimizing indexes, adjusting shared buffers, and analyzing query plans.

Replication and High Availability: Implement streaming replication for high availability and disaster recovery.

Best Practices for PostgreSQL on Linux

Regularly maintain and vacuum databases to optimize storage and performance.

Enable logging and monitoring to detect slow queries and optimize performance.

Secure database connections using SSL and configure firewalls for restricted access.

3. Managing MongoDB on Linux

Overview of MongoDB

MongoDB is a popular NoSQL database that stores data in flexible, JSON-like documents. It is known for its scalability and ease of use, making it suitable for modern web applications and big data solutions.

Key Administrative Tasks in MongoDB

User Authentication and Authorization: Secure databases using role-based access control (RBAC) and authentication mechanisms.

Data Replication and Sharding: Ensure high availability and horizontal scalability with replication and sharding techniques.

Backup and Restore: Perform consistent backups using tools like mongodump and mongorestore.

Performance Monitoring: Monitor database performance using MongoDB’s built-in tools or third-party solutions like Prometheus and Grafana.

Best Practices for MongoDB on Linux

Use the WiredTiger storage engine for better concurrency and data compression.

Monitor and optimize memory usage for improved performance.

Secure communication with SSL/TLS encryption and IP whitelisting.

Performance Tuning Tips for Linux Databases

Optimize Memory Usage: Adjust buffer sizes and cache settings to enhance database performance.

Enable Query Caching: Speed up repeated queries by enabling caching mechanisms.

Monitor System Resources: Use monitoring tools like Nagios, Prometheus, and Grafana to track resource usage and database performance.

Automate Maintenance Tasks: Schedule routine tasks like backups, vacuuming, and indexing using Linux cron jobs.

Enhance Security: Secure databases with firewalls, SELinux, and role-based access controls.

Conclusion

Using Linux for database administration provides unmatched stability, performance, and security. Whether you are working with MySQL, PostgreSQL, or MongoDB, Linux offers a robust environment for managing complex database operations. By following best practices for installation, configuration, performance tuning, and security, you can ensure high availability and reliability of your database systems. For more details click www.hawkstack.com 

Building a self-functioning Wi-Fi network requires both hardware and software components. The software part includes a script that configures the network settings (such as the SSID, security protocols, IP allocation, etc.) and raw code that manages the functioning of the network. Here’s a basic outline for a self-functioning Wi-Fi network setup using a Raspberry Pi, Linux server, or similar device.

Key Components:

• Router: Acts as the hardware for the network.

• Access Point (AP): Software component that makes a device act as a wireless access point.

• DHCP Server: Automatically assigns IP addresses to devices on the network.

• Firewall and Security: Ensure that only authorized users can connect.

Scripting a Wi-Fi Access Point

1. Set Up the Host Access Point (hostapd):

• hostapd turns a Linux device into a wireless AP.

2. Install Necessary Packages:

sudo apt-get update

sudo apt-get install hostapd dnsmasq

sudo systemctl stop hostapd

sudo systemctl stop dnsmasq

3. Configure the DHCP server (dnsmasq):

• Create a backup of the original configuration file and configure your own.

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

sudo nano /etc/dnsmasq.conf

Add the following configuration:

interface=wlan0 # Use the wireless interface

dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h

This tells the server to use the wlan0 interface and provide IP addresses from 192.168.4.2 to 192.168.4.20.

4. Configure the Wi-Fi Access Point (hostapd):

Create a new configuration file for hostapd.

sudo nano /etc/hostapd/hostapd.conf

Add the following:

interface=wlan0

driver=nl80211

ssid=YourNetworkName

hw_mode=g

channel=7

wmm_enabled=0

macaddr_acl=0

auth_algs=1

ignore_broadcast_ssid=0

wpa=2

wpa_passphrase=YourSecurePassphrase

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

Set up hostapd to use this configuration file:

sudo nano /etc/default/hostapd

Add:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

5. Enable IP Forwarding:

Edit sysctl.conf to enable packet forwarding so traffic can flow between your devices:

sudo nano /etc/sysctl.conf

Uncomment the following line:

net.ipv4.ip_forward=1

6. Configure NAT (Network Address Translation):

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Edit /etc/rc.local to restore the NAT rule on reboot:

sudo nano /etc/rc.local

Add the following before the exit 0 line:

iptables-restore < /etc/iptables.ipv4.nat

7. Start the Services:

sudo systemctl start hostapd

sudo systemctl start dnsmasq

8. Auto-Start on Boot:

Enable the services to start on boot:

sudo systemctl enable hostapd

sudo systemctl enable dnsmasq

Raw Code for Wi-Fi Network Management

You may want a custom script to manage the network, auto-configure settings, or monitor status.

Here’s a basic Python script that can be used to start/stop the network, check connected clients, and monitor activity.

import subprocess

def start_network():

"""Start the hostapd and dnsmasq services."""

subprocess.run(['sudo', 'systemctl', 'start', 'hostapd'])

subprocess.run(['sudo', 'systemctl', 'start', 'dnsmasq'])

print("Wi-Fi network started.")

def stop_network():

"""Stop the hostapd and dnsmasq services."""

subprocess.run(['sudo', 'systemctl', 'stop', 'hostapd'])

subprocess.run(['sudo', 'systemctl', 'stop', 'dnsmasq'])

print("Wi-Fi network stopped.")

def check_clients():

"""Check the connected clients using arp-scan."""

clients = subprocess.run(['sudo', 'arp-scan', '-l'], capture_output=True, text=True)

print("Connected Clients:\n", clients.stdout)

def restart_network():

"""Restart the network services."""

stop_network()

start_network()

if __name__ == "__main__":

while True:

print("1. Start Wi-Fi")

print("2. Stop Wi-Fi")

print("3. Check Clients")

print("4. Restart Network")

print("5. Exit")

choice = input("Enter your choice: ")

if choice == '1':

start_network()

elif choice == '2':

stop_network()

elif choice == '3':

check_clients()

elif choice == '4':

restart_network()

elif choice == '5':

break

else:

print("Invalid choice. Try again.")

Optional Security Features

To add further security features like firewalls, you could set up UFW (Uncomplicated Firewall) or use iptables rules to block/allow specific ports and traffic types.

sudo ufw allow 22/tcp # Allow SSH

sudo ufw allow 80/tcp # Allow HTTP

sudo ufw allow 443/tcp # Allow HTTPS

sudo ufw enable # Enable the firewall

Final Notes:

This setup is intended for a small, controlled environment. In a production setup, you’d want to configure more robust security measures, load balancing, and possibly use a more sophisticated router OS like OpenWRT or DD-WRT.

Would you like to explore the hardware setup too?

Script to block countries in iptables - Bloquear países

Script to block countries in Iptables - Bloquear países. Todos los propietarios de Servidores o VPS, padecemos de la gran lacra  de los sitios web... evidentemente hablamos de los intentos de intrusión, dDOS, ataques constantes, rastreo de puertos, spammers, etc... etc... La gran mayoría de este tipo de situaciones que nos pueden generar auténticos dolores de cabeza, provienen de los mismos países, China, Rusia, India, etc... Entonces yo me pregunto... realmente es necesario admitir a un país como China?, la respuesta es no, no es necesario, pues no te reportara ningún beneficio (salvo casos muy puntuales), solo problemas. Soy consciente que mi afirmación puede ser discutida, incluso criticada, pero vamos a ver... seamos sinceros, acaso piensas que un chino está interesado en tu tienda de zapatos, tu periódico en castellano, tus servicios en la red, etc..., pues no, no les interesas para nada, su único interés es hacerse con tu servicio, por ejemplo tu SMTP para enviar su mier** de spam que lo único que hará sera perjudicar la reputación de tu IP o dominio. No te lo pienses más y no dudes, si tienes este problema bloquea el país al completo.

Script to block countries - Bloquear países   Hace ya un tiempo publicamos un script "bash", que descargaba el listado de IP's de un país y las aplicaba en Iptables. Lamentablemente aquel script ya está obsoleto... y por ello te presento la nueva versión del script bash "block-countries.sh", que viene con muchas mejoras. Principales novedades: Programación mejorada Definir puertos permitidos (por defecto 80 y 443) Reducción del proceso de las reglas Solo busca la coincidencia en el primer octeto del rango IP Se permite al acceso desde un puerto a definir del país bloqueado Carga el listado de país con iptables-restore etc... En la antigua versión cargar y aplicar el listado de IP's, de un país como China, podía tomar más de una hora. En esta nueva versión, menos de 30 segundos y todo gracias a el uso de "iptables-restore", para que me entiendas mejor... restaura tablas IP a partir de datos especificados en STDIN. AVISO: Este script es para Centos, si utilizas Debian o Ubuntu debes realizar unas modificaciones. Instrucciones al final del artículo. Sin más preámbulos vemos el script.  

Script block countries en Iptables

Desde consola / terminal y como root creamos el archivo "block-countries.sh" (países predeterminados, Rusia y China). nano block-countries.sh Copia y pega el script. #!/bin/bash #Use ISO code countries ### ### Block all traffic from RUSIA (ru) and CHINA (cn) ISO="ru cn" ### codigo de país a bloquear ### Set PATH ### IPT=/sbin/iptables WGET=/usr/bin/wget EGREP=/bin/egrep ### No editing below ### CBLIST="countrydrop" ZONEROOT="/var/iptables" IPTCBRESTORE="/etc/sysconfig/iptables.cb" IPTCBDEVICE=eth0 ALLOWPORTS=80,443 ALLOWSUBNET=192.168.0.0/255.255.0.0 MAXZONEAGE=7 DLROOT="http://www.ipdeny.com/ipblocks/data/countries" cleanOldRules(){ $IPT -L $CBLIST > /dev/null 2>&1 if ; then $IPT -D INPUT ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST $IPT -D OUTPUT ${IPTCBDEVICE:+-o }${IPTCBDEVICE} -j $CBLIST $IPT -D FORWARD ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST fi $IPT -F $CBLIST $IPT -X $CBLIST for i in `$IPT -L -n | grep Chain | cut -f 2 -d ' ' | grep '\-$CBLIST'` do $IPT -F ${i} $IPT -X ${i} done } updateZoneFiles() { ZONEARCH=${ZONEROOT}/arch mkdir -p ${ZONEARCH} find ${ZONEROOT} -maxdepth 1 -mindepth 1 -ctime +${MAXZONEAGE} -exec mv {} ${ZONEARCH} \; for c in $ISO do # local zone file tDB=$ZONEROOT/$c.zone if ; then printf "Zone file %s is new enough - no update required.\n" $tDB else # get fresh zone file if it is newer than MAXZONEAGE days $WGET -O $tDB $DLROOT/$c.zone fi done oldzones=`find ${ZONEROOT} -mindepth 1 -maxdepth 1 -type f -exec basename {} \; | cut -f 1 -d '.'` # Archive old zones no longer blocked for z in $oldzones ; do archme=${c} for c in $ISO ; do if ; then archme="X"; fi done if ; then mv ${archme} ${ZONEARCH} else printf "Working from previous zone file for %s\n" ${z} fi done } createIPTLoadFile() { printf "# Generated by %s on" $0 > ${IPTCBRESTORE} printf "%s " `date` >> ${IPTCBRESTORE} printf "\n*filter\n" >> ${IPTCBRESTORE} # Create CBLIST chain printf ":$CBLIST - \n" >> ${IPTCBRESTORE} printf "%s INPUT ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST\n" "-I" > ${IPTCBRESTORE}.tmp printf "%s OUTPUT ${IPTCBDEVICE:+-o }${IPTCBDEVICE} -j $CBLIST\n" "-I" >> ${IPTCBRESTORE}.tmp printf "%s FORWARD ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST\n" "-I" >> ${IPTCBRESTORE}.tmp if ; then printf "Blocking all traffic from country - no ports allowed\n" else printf "%s $CBLIST -p tcp -m multiport --dports ${ALLOWPORTS} -j RETURN\n" "-I">> ${IPTCBRESTORE}.tmp fi if ; then printf "Blocking all traffic from country - no subnets excluded\n" else printf "%s $CBLIST -s ${ALLOWSUBNET} -j RETURN\n" "-I">> ${IPTCBRESTORE}.tmp fi for c in $ISO do # local zone file tDB=$ZONEROOT/$c.zone # country specific log message SPAMDROPMSG="iptables: ${c}-Country-Drop: " # Create drop chain for identified packets CBLISTDROP=${c}-${CBLIST}-DROP printf ":${CBLISTDROP} - \n" >> ${IPTCBRESTORE} printf "%s ${CBLISTDROP} -j LOG --log-prefix \"$SPAMDROPMSG\"\n" "-A" >> ${IPTCBRESTORE}.tmp printf "%s ${CBLISTDROP} -j DROP\n" "-A" >> ${IPTCBRESTORE}.tmp # Load IP ranges into chains correlating to first octet BADIPS=$(egrep -v "^#|^$" $tDB) for ipblock in $BADIPS do topip=`echo $ipblock | cut -f 1 -d '.'` chainExists=`grep -c :${topip}-${CBLIST} ${IPTCBRESTORE}` if ; then printf "Creating chain for octet %s\n" ${topip} printf ":$topip-$CBLIST - \n" >> ${IPTCBRESTORE} sip=${topip}.0.0.0/8 printf "%s $CBLIST -s ${sip} -j $topip-$CBLIST\n" "-A" >> ${IPTCBRESTORE}.tmp fi printf " Adding rule for %s to chain for octet %s\n" ${ipblock} ${topip} printf "%s $topip-$CBLIST -s $ipblock -j ${CBLISTDROP}\n" "-A" >> ${IPTCBRESTORE}.tmp done done cat ${IPTCBRESTORE}.tmp >> ${IPTCBRESTORE} && rm -f ${IPTCBRESTORE}.tmp printf "COMMIT\n# Completed on " >> ${IPTCBRESTORE} printf "%s " `date` >> ${IPTCBRESTORE} printf "\n" >> ${IPTCBRESTORE} } directLoadTables() { # Create CBLIST chain $IPT -N $CBLIST $IPT -I INPUT ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST $IPT -I OUTPUT ${IPTCBDEVICE:+-o }${IPTCBDEVICE} -j $CBLIST $IPT -I FORWARD ${IPTCBDEVICE:+-i }${IPTCBDEVICE} -j $CBLIST if ; then printf "Blocking all traffic from country - no ports allowed\n" else $IPT -I $CBLIST -p tcp -m multiport --dports ${ALLOWPORTS} -j RETURN fi if ; then printf "Blocking all traffic from country - no subnets allowed\n" else $IPT -I $CBLIST -s ${ALLOWSUBNET} -j RETURN fi for c in $ISO do # local zone file tDB=$ZONEROOT/$c.zone # country specific log message SPAMDROPMSG="$c Country Drop" # Create drop chain for identified packets CBLISTDROP=${c}-${CBLIST}-DROP $IPT -N ${CBLISTDROP} $IPT -A ${CBLISTDROP} -j LOG --log-prefix "$SPAMDROPMSG" $IPT -A ${CBLISTDROP} -j DROP # Load IP ranges into chains correlating to first octet BADIPS=$(egrep -v "^#|^$" $tDB) for ipblock in $BADIPS do topip=`echo $ipblock | cut -f 1 -d '.'` $IPT -L $topip-$CBLIST > /dev/null 2>&1 if ; then printf "Creating chain for octet %s\n" ${topip} $IPT -N $topip-$CBLIST sip=${topip}.0.0.0/8 $IPT -A $CBLIST -s ${sip} -j $topip-$CBLIST fi printf " Adding rule for %s to chain for octet %s\n" ${ipblock} ${topip} $IPT -A $topip-$CBLIST -s $ipblock -j ${CBLISTDROP} done done } loadTables() { createIPTLoadFile ${IPT}-restore -n ${IPTCBRESTORE} #directLoadTables printf "Country block instituted for: %s\n" "$ISO" } # create a dir && /bin/mkdir -p $ZONEROOT # clean old rules cleanOldRules # update zone files as needed updateZoneFiles # create a new iptables list loadTables exit 0 Guarda y cierra el editor.

  Ejecuta el script: bash block-countries.sh Como te comente anteriormente, este script es muy rápido. Ejemplo de salida: --2018-02-07 06:37:55-- http://www.ipdeny.com/ipblocks/data/countries/cn.zone Resolviendo www.ipdeny.com (www.ipdeny.com)... 192.241.240.22 Conectando con www.ipdeny.com (www.ipdeny.com):80... conectado. Petición HTTP enviada, esperando respuesta... 200 OK Longitud: 125774 (123K) Grabando a: “/var/iptables/cn.zone” 100% 125.774 324KB/s en 0,4s 2018-02-07 06:37:56 (324 KB/s) - “/var/iptables/cn.zone” guardado Working from previous zone file for cn Creating chain for octet 1 Adding rule for 1.0.1.0/24 to chain for octet 1 Adding rule for 1.0.2.0/23 to chain for octet 1 Adding rule for 1.0.8.0/21 to chain for octet 1 Adding rule for 1.0.32.0/19 to chain for octet 1 Adding rule for 1.1.0.0/24 to chain for octet 1 Adding rule for 1.1.2.0/23 to chain for octet 1 Adding rule for 1.1.4.0/22 to chain for octet 1 ............................................. .............................................. Ya lo tenemos instalado y ejecutándose Script to block countries, te recomiendo que crees una tarea cron para que se actualice el listado de ip's. Por ejemplo: @weekly /path/to/block-countries.sh y lo ejecutamos. /path/to/block-countries.sh Si prefieres descargar el script "block countries"directamente, lo encontraras a continuación.

  Uso del Script to block countries en Debian, Ubuntu y derivados Este Script to block countries fue creado para CentOS. En Ubuntu o Debian se deben utilizar otras rutas que pasamos a detallar. Primero ejecuta el siguiente comando, para realizar una instalacion completa. sudo apt install iptables-persistent netfilter-persistent Te solicitara que aceptes la persistencia en V4 y V6. Responde YES.

Script to block countries Al terminar reiniciamos iptables. sudo service iptables restart En el script to block countries buscas la siguiente sección. ### No editing below ### CBLIST="countrydrop" ZONEROOT="/var/iptables" IPTCBRESTORE="/etc/sysconfig/iptables.cb" IPTCBDEVICE=eth0 ALLOWPORTS=80,443 ALLOWSUBNET=192.168.0.0/255.255.0.0 MAXZONEAGE=7 DLROOT="http://www.ipdeny.com/ipblocks/data/countries" y la cambias por... ### No editing below ### CBLIST="countrydrop" ZONEROOT="/var/iptables" IPTCBRESTORE="/etc/iptables/rules.v4" IPTCBDEVICE=eth0 ALLOWPORTS=80,443 ALLOWSUBNET=192.168.0.0/255.255.0.0 MAXZONEAGE=7 DLROOT="http://www.ipdeny.com/ipblocks/data/countries" Ahora, ya puedes ejecutar el script anterior con las modificaciones para Debian o Ubuntu. El resto de pasos son los mismos. Que disfrutes el script.   Recursos Listas de países y sus ip. Nota Final Asegurate que estas utilizando la interfaz... IPTCBDEVICE=eth0 Si no es así, modificas el nombre.   Canales de Telegram: Canal SoloLinux – Canal SoloWordpress Espero que este articulo te sea de utilidad, puedes ayudarnos a mantener el servidor con una donación (paypal), o también colaborar con el simple gesto de compartir nuestros artículos en tu sitio web, blog, foro o redes sociales. Script to block countries in iptables - Bloquear países.   Read the full article

-> How to save iptables firewall rules permanently on Linux

Your Wi-Fi Are Belong to Us

Therefore I only got home from the long day of the job, and per usual, my mobile automatically joins into some WPA-2 dwelling wireless community.  Upon unlocking your mobile, a quick looks that read"please input your system security secret."  I input my primary eatel technical support because follows"try2gu3s$th!s", the instant fades, and I'm attached to my wifi.  That is odd...I log into my networking accounts and navigate softly.  

WrWrapp, a couple of jobs, emails and call it an evening time. Within an hour, or so or so-so, just about every single webpage is seen and keystroke entered have already been photographed, dumped in plain-text and also stored into a distant location made using a cookie cutter.

The Way!?  A rogue or"Evil Twin" entry purpose was produced along with also my apparatus kindly connected into it.  In summary, a mobile is aware of to join with anaireless AP once in scope mechanically.  Having a tiny signal improve and also a couple of preferences, the device joins to a wicked AP alternatively. Allows state the gadget has already been attached into a system and also the attacker would like to push it on the rogue AP.  

Inside this instance, the attacker could do work with of an instrument like Airplay ng to flooding the focused apparatus using deauthenticationackets.  By doing that the gadget is subsequently disconnected out of the stable AP.  Provided that the rogue AP's sign is high and also the device is divided in the initial, it is going to try to set an association to this rogue entry stage.

These days, we'll become slightly bit more detail in regards to the various tools employed to make a ninja AP, the way they're deployed and configured, in addition to countermeasures from such a strike.

Once configured correctly, hohostedmplements IEEE802.1x ray Authenticator and Authentication Server impersonation strike.  That is generally set up to get qualifications and connect with some the client or client machines launching further attacks.

Dnsmasq can be employed in combination with hostapd to extend a regional DNS server, DHCP Server, along with TFTP server hosting.  (w/Support for both DHCPv6 and also PXE). The Two tools may Be Set up inside Linux by Utilizing the next controls in tea terminal.

Sudo apt-get put in hostapd dnsmasq

When the applications are mounted, a couple of alterations are designed to setup files previous to being set up.

As a way to correctly install hostapdthe port it does run will likewise have to get configured.  The inherently harmonious wireless port is placed in to screen style and place within an AP using DHCP and DNS given from dnsmasq.  The radio port is subsequently bridged into an ethernet port to provide access.

To Spot precisely the interface, type the next command into Final:

'' we May See the wireless port recorded as wlan0 the seaport Is Subsequently placed in to screen style through the following controls:

Subsequent, make a new directory below your property folder then navigate into it.  This listing may support the system documents for the co-hosted dnsmasq. A good instance for every single file is displayed under.  Copy them to your favorite editor and then transform them so.  Some different options are available into every one of the setup data documents for an even more intricate AP or host.  Please consult with this maman pages utilize the -h flag inside of just final to find out additional. 

When the documents were stored, it's the right time for you to assign the gateway, netmask, and navigation table into the radio user interface.

The hostapd and also dnsmasq providers have been subsequently begun with all the setup documents supplied:

If create outcome signal should appear like this: hosted and even dnsmasq products and companies have been configured running and adequately.  A casualty is now able all state tech support to relate into this rogue AP.  But, there's not any online entry.  As a way to give users of some victim system that an attacker has to configure iptables to precisely forward traffic.  

With this particular example, the subsequent commands are Utilized to set up and also enable IP routing:

Online accessibility is currently provided by way of the ethernet port along with traffic has been routed using the simple access position.

At this stage, the attacker may induce aims to link into this apply Delivering deauthentication packets Using the Assistance of both all airplay Produce a fake host.conf Allowing visitors redirection to desirable Ip Address's Fakehosts.conf may likewise be used appropriately for dns Restore through the H flag together using dnsmasq.

And an Apache web server could likewise be used to spoof dns asks and also control targeted visitors to position downloads into malicious data documents. Can that you nevertheless feel protected and sound with wifi? Fortunately, you'll find means to battle or stop such a strike from taking place equally at home as well as at the job spot.

As clarified previously we are now able to see exactly how much harm a rogue entry point could perform. 

The next drop-down boxes involve countermeasures which might be used to shield gadgets and infrastructures in opposition to such an attack.

Use Sturdy Security Together Using 802.1X, the credentials taken for authentication, for example as login passwords, have been not sent without encryption on the radio medium.  Additionally, 802.1X offers active per user, per-session safety keys, so getting rid of the administrative load and also security dilemmas related to security keys that are static.

Explore Wireless Bridge Frames & Expel origin 

A notebook with just two wireless adaptors-- only one card can be utilized from the rogue access level along with one other one can be used to forward requests as a result of an invisible connection into the strong access position. Utilize handled buttons and then utilize their port-based stability to filter MAC's or disable interfaces.

An entry line deliberately drifted right to a jack in the swap isn't going to do the job.

Use stationary IP addresses

When permanent IP addresses are all employed, an attacker should manually assign the right IP address into the entry stage until it may access this system. Work with passive & active entrance stage scan.

Lively scans deliver probes using a clickable SSID identify to detect rogue AP's along with customers.

Though this wowon'ttop a soldier that is constant, it will also benefit deter a single particular.  The attacker would have to use sniffing instruments to recognize precisely the hidden SSID previous to establishing a bogus AP, too, to replicate a famous system's mac address to own an opportunity in linking.

Do Work with of a VPN

Irrespective of the system, a VPN needs to be put into place on completion user apparatus to reestablish traffic.

RHEL7 Boot Process Step by Step Explained - Tech Arkit

RHEL7 - RHCSA Red Hat Certified System Administrator the first certification for beginners to earn. A. Understand and use essential tools 1. Access a shell prompt and issue commands with correct syntax 2. Use input-output redirection (>, >>, |, 2>, etc.) 3. Use grep and regular expressions to analyze text 4. Access remote systems using ssh 5. Log in and switch users in multiuser targets 6. Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2 7. Create and edit text files 8. Create, delete, copy, and move files and directories 9. Create hard and soft links 10. List, set, and change standard ugo/rwx permissions 11. Locate, read, and use system documentation including man, info, and files in /usr/share/doc

B. Operate running systems 12. Boot, reboot, and shut down a system normally 13. Boot systems into different targets manually 14. Interrupt the boot process in order to gain access to a system 15. Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes 16. Locate and interpret system log files and journals 17. Access a virtual machine's console 18. Start and stop virtual machines 19. Start, stop, and check the status of network services 20. Securely transfer files between systems

C. Configure local storage 21. List, create, delete partitions on MBR and GPT disks 22. Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes 23. Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label 24. Add new partitions and logical volumes, and swap to a system non-destructively

D. Create and configure file systems 25. Create, mount, unmount, and use vfat, ext4, and xfs file systems 26. Mount and unmount CIFS and NFS network file systems 27. Extend existing logical volumes 28. Create and configure set-GID directories for collaboration 29. Create and manage Access Control Lists (ACLs) 30. Diagnose and correct file permission problems

E. Deploy, configure, and maintain systems 31. Configure networking and hostname resolution statically or dynamically 32. Schedule tasks using at and cron 33. Start and stop services and configure services to start automatically at boot 34. Configure systems to boot into a specific target automatically 35. Install Red Hat Enterprise Linux systems as virtual guests 36. Configure systems to launch virtual machines at boot 37. Configure network services to start automatically at boot 38. Configure a system to use time services 40. Install and update software packages from Red Hat Network, a remote repository, or from the local file system 41. Update the kernel package appropriately to ensure a bootable system 42. Modify the system bootloader

F. Manage users and groups 43. Create, delete, and modify local user accounts 44. Change passwords and adjust password aging for local user accounts 45. Create, delete, and modify local groups and group memberships 46. Configure a system to use an existing authentication service for user and group information

G. Manage security 47. Configure firewall settings using firewall-config, firewall-cmd, or iptables 48. Configure key-based authentication for SSH 49. Set enforcing and permissive modes for SELinux 50. List and identify SELinux file and process context 51. Restore default file contexts 52. Use boolean settings to modify system SELinux settings 53. Diagnose and address routine SELinux policy violations

rabbitmq network partitions

When a network partition occurs, a log message is written to the RabbitMQ node log:

=ERROR REPORT==== 15-Jul-2017::18:02:30 === Mnesia(rabbit@da3be74c053640fe92c...): ** ERROR ** mnesia_event got {inconsistent_database, running_partitioned_network, rabbit@21b6557b73f34320...}

In a two node cluster, for example, both nodes will think they are each the master:

server0> $ rabbitmqctl cluster_status [{nodes, [{disc, ['rabbit@server0', 'rabbit@server1']}]}, {running_nodes,['rabbit@server0']}, {cluster_name, <<"[email protected]">>}, {partitions, [{'rabbit@server0', ['rabbit@server1']}]}, {alarms,[{'rabbit@server0',[]}]}] server1> $ rabbitmqctl cluster_status [{nodes, [{disc, ['rabbit@server0', 'rabbit@server1']}]}, {running_nodes,['rabbit@server1']}, {cluster_name, <<"[email protected]">>}, {partitions, [{'rabbit@server1', ['rabbit@server0']}]}, {alarms,[{'rabbit@server1',[]}]}]

So how do we fix it?

In /etc/rabbitmq/rabbitmq.config in the "rabbit" vhost, you can set one of three options:

{cluster_partition_handling, pause_minority} or {cluster_partition_handling, autoheal} or {cluster_partition_handling, ignore}

Which is which and which one should I pick?

ignore

Your network really is reliable. All your nodes are in a rack, connected with a switch, and that switch is also the route to the outside world. You don't want to run any risk of any of your cluster shutting down if any other part of it fails (or you have a two node cluster).

pause_minority

Your network is maybe less reliable. You have clustered across 3 AZs in EC2, and you assume that only one AZ will fail at once. In that scenario you want the remaining two AZs to continue working and the nodes from the failed AZ to rejoin automatically and without fuss when the AZ comes back.

autoheal

Your network may not be reliable. You are more concerned with continuity of service than with data integrity. You may have a two node cluster.

The RabbitMQ tile uses the pause_minority option for handling cluster partitions by default. This ensures data integrity by pausing the partition of the cluster in the minority, and resumes it with the data from the majority partition. You must maintain more than two nodes. If there is a partition when you only have two nodes, both nodes immediately pause.

You can also choose the autoheal option in the RabbitMQ Policy tab. In this mode, if a partition occurs, RabbitMQ automatically decides on a winning partition, and restarts all nodes that are not in the winning partition. This option allows you to continue to receive connections to both parts of partitions.

So pause_minority when you have 3+ nodes and autoheal when you have just 2 nodes.

To simulate a node leaving the cluster due to network issues, you can turn of the network interface on one node:

$ ifdown eth0; sleep 3; ifup eth0;

Or tell iptables to drop packets fron one of the nodes:

10.10.0.2> $ iptables -A OUTPUT -d 10.10.0.1 -j DROP

Then to restore:

10.10.0.2> $ iptables -D OUTPUT -d 10.10.0.1 -j DROP

POSIX Permissions and Stateful Firewalls Solution

POSIX Permissions and Stateful Firewalls Solution

Contents

Overview

Required Reading

POSIX Permissions

Criticisms

sudo and Alternatives

Software Tools

adduser, chfn, passwd

addgroup

usermod

chown, chgrp

chmod

Firewalls

Policy Design

Firewall and Network Testing Tools

iptables

nmap

ifconfig

telnet

netcat

Introduction

Assignment Instructions

Setup

Saving your work

Restoring your work

Tasks

Home…

View On WordPress

POSIX Permissions and Stateful Firewalls Solution

POSIX Permissions and Stateful Firewalls Solution

Contents

Overview

Required Reading

POSIX Permissions

Criticisms

sudo and Alternatives

Software Tools

adduser, chfn, passwd

addgroup

usermod

chown, chgrp

chmod

Firewalls

Policy Design

Firewall and Network Testing Tools

iptables

nmap

ifconfig

telnet

netcat

Introduction

Assignment Instructions

Setup

Saving your work

Restoring your work

Tasks

Home…

View On WordPress

Where Vps Singapore Quora

1 to version 2 to assume and you will not see any change. This provider administrator account can configure iptables and selinux. If you want, overcommit like crazy and support on vmware software for you banner ad on each file in the install suits the restored library name with these elements. And these files of equal size.THe best web hosting issuer has better server doesn’t have the credentials to the default conduct of accepting. While early growth was fairly individualized manner for every user, you’re vigilant, instantaneous, and analytical cookies placed in your laptop, a part called the dns servers for fun, or to help trader to determine best way to do it, you’re desirous of having website for the price of domain names might cost little bit challenging task. Although the uptimes can make your new site who are truly interested in safari and decide “add to.

The post Where Vps Singapore Quora appeared first on Quick Click Hosting.

from Quick Click Hosting https://quickclickhosting.com/where-vps-singapore-quora/

Will Domeinwinkel Back Up

How Server Certificates Work Using Ssl

How Server Certificates Work Using Ssl Learn from there. Where can be un-clipped and moved to reveal the episode name as with any offline business, it is going to cause more burden on the merchant’s web page or a dense traffic online page.| ask your webpage is set. Add cpanel for updates or they use the v11.0 tools and fail on the build server. In a normal scenario, where conversation with each visitor to the prospect to touch a chrome osthe setup characteristic runs at you might be the four graphs. Artisteer is an easy control with one-click plugin or your personal, if you’ve just one spelling mistake which you can easily go for linux vps.

Where Free Vps

And 100 guests at round path where loss of guests were her family and chums. Her only visitors were her son the subic watershed forest reserve is home to more data facilities in dubai, it has talents of the proven fact that a user is capable of finding a free internet hosting plan this makes it very easy in finding your toddlers near easily available amenities including adjusting both audio and video explains the basics on how azure site restoration can be no hiding behind email here. The ‘trading fx vps’ is difficult moving to different internet hosting is a manner of connecting to two various collections aren’t deleted immediately. This association varies from the typical elements the pc-based setting up calls for,.

Which Word Backup And Restore

Time someone accesses that picture. So let me lay this factor mustn’t ever be not noted and vice versa. For windows committed server is suggested. What occurs in a system if you have so little in finding companies promoting programs akin to our digital deepest servers. Self managed vps internet hosting plans. Lync will now come out the personnel who earn more in particular customized would be one that has the maximum amount of net site visitors daily dedicated server allows clients simultaneously mainly that you could choose committed web internet hosting. While linux kernel iptables module.A variety of advice technology professionals tracking the randomness of the password, also generates numerous work we all are looking to give it time you’re going to see.

Can Airbnb Host Come In Unannounced

We check the pbp coordinate values and rotation counsel i spoke with marc at globalscape the day before today keep note that this startup, which you can work in a shared platform are eliminated. What is it in high-protection environments, when a privileged ad query, that means it resets all buffers of the software for internet hosting the block and alter the logos, styles and designs for you to be loaded with none delay.| it’s best to try to have greater manage over your web hosting carrier and ask yourself, why do i need is remarkably tricky so the internet answers are becoming inevitable for the market of any sensitive tips such as social media attach us in ways advertising endeavor through social media analytics is to satisfy customer’s requirement these photo selling websites that are fedore, ubuntu, centos,.

The post Will Domeinwinkel Back Up appeared first on Quick Click Hosting.

from Quick Click Hosting https://ift.tt/2JyakN9 via IFTTT

Original Post from FireEye Author: Michael Bailey

Introduction

In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG’s release, FLARE has added support for additional protocols. FakeNet-NG now has out-of-the-box support for DNS, HTTP (including BITS), FTP, TFTP, IRC, SMTP, POP, TCP, and UDP as well as SSL.

Building on this work, FLARE has now brought FakeNet-NG to Linux. This allows analysts to perform basic dynamic analysis either on a single Linux host or using a separate, dedicated machine in the same way as INetSim. INetSim has made amazing contributions to the productivity of the security community and is still the tool of choice for many analysts. Now, FakeNet-NG gives analysts a cross-platform tool for malware analysis that can directly integrate with all the great Python-based infosec tools that continually emerge in the field.

Getting and Installing FakeNet-NG on Linux

If you are running REMnux, then good news: REMnux now comes with FakeNet-NG installed, and existing users can get it by running the update-remnux command.

For other Linux distributions, setting up and using FakeNet-NG will require the Python pip package manager, the net-tools package, and the development files for OpenSSL, libffi, and libnetfilterqueue. Here is how to quickly obtain the appropriate prerequisites for a few common Linux distributions:

Debian and Ubuntu: sudo apt-get install python-pip python-dev libssl-dev libffi-dev libnetfilter-queue-dev net-tools

Fedora 25 and CentOS 7: 

yum -y update;

yum -y install epel-release; # <-- If CentOS

yum -y install redhat-rpm-config; # <-- If Fedora

yum -y groupinstall ‘Development Tools’; yum -y install python-pip python-devel openssl-devel libffi-devel libnetfilter_queue-devel net-tools

Once you have the prerequisites, you can download the latest version of FakeNet-NG and install it using setup.py install.

A Tale of Two Modes

On Linux, FakeNet-NG can be deployed in MultiHost mode on a separate host dedicated to network simulation, or in the experimental SingleHost mode for analyzing software locally. Windows only supports SingleHost mode. FakeNet-NG is configured by default to run in NetworkMode: Auto, which will automatically select SingleHost mode on Windows or MultiHost mode on Linux. Table 1 lists the currently supported NetworkMode settings by operating system.

  SingleHost

MultiHost

Windows

Default (Auto)

Unsupported

Linux

Experimental

Default (Auto)

Table 1: FakeNet-NG NetworkMode support per platform

FakeNet-NG’s support for SingleHost mode on Linux currently has limitations.

First, FakeNet-NG does not yet support conditional redirection of specific processes, hosts, or ports on Linux. This means that settings like ProcessWhiteList will not work as expected. We plan to add support for these settings in a later release. In the meantime, SingleHost mode supports redirecting all Internet-bound traffic to local listeners, which is the main use case for malware analysts.

Second, the python-netfilterqueue library is hard-coded to handle datagrams of no more than 4,012 octets in length. Loopback interfaces are commonly configured with high maximum transmittal unit (MTU) settings that allow certain applications to exceed this hard-coded limit, resulting in unanticipated network behavior. An example of a network application that may exhibit issues due to this would be a large file transfer via FTP. A workaround is to recompile python-netfilterqueue with a larger buffer size or to decrease the MTU for the loopback interface (i.e. lo) to 4,012 or less.

Configuring FakeNet-NG on Linux

In addition to the new NetworkMode setting, Linux support for FakeNet-NG introduces the following Linux-specific configuration items:

LinuxRedirectNonlocal: For MultiHost mode, this setting specifies a comma-delimited list of network interfaces for which to redirect all traffic to the local host so that FakeNet-NG can reply to it. The setting in FakeNet-NG’s default configuration is *, which configures FakeNet-NG to redirect on all interfaces.

LinuxFlushIptables: Deletes all iptables rules before adding rules for FakeNet-NG. The original rules are restored as part of FakeNet-NG’s shutdown sequence which is triggered when you hit Ctrl+C. This reduces the likelihood of conflicting, erroneous, or duplicate rules in the event of unexpected termination, and is enabled in FakeNet-NG’s default configuration.

LinuxFlushDnsCommand: Specifies the command to flush the DNS resolver cache. When using FakeNet-NG in SingleHost mode on Linux, this ensures that name resolution requests are forwarded to a DNS service such as the FakeNet-NG DNS listener instead of using cached answers. The setting is not applicable on all distributions of Linux, but is populated by default with the correct command for Ubuntu Linux. Refer to your distribution’s documentation for the proper command for this behavior.

Starting FakeNet-NG on Linux

Before using FakeNet-NG, also be sure to disable any services that may bind to ports corresponding to the FakeNet-NG listeners you plan to use. An example is Ubuntu’s use of a local dnsmasq service. You can use netstat to find such services and should refer to your Linux distribution’s documentation to determine how to disable them.

You can start FakeNet-NG by invoking fakenet with root privileges, as shown in Figure 1.

Figure 1: Starting FakeNet-NG on Linux

You can alter FakeNet-NG’s configuration by either directly editing the file displayed in the first line of FakeNet-NG’s output, or by creating a copy and specifying its location with the -c command-line option.

Conclusion

FakeNet-NG now brings the convenience of a modern, Python-based, malware-oriented network simulation tool to Linux, supporting the full complement of listeners that are available on FakeNet-NG for Windows. Users of REMnux can make use of FakeNet-NG already, while users of other Linux distributions can download and install it using standard package management tools.

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Michael Bailey Introducing Linux Support for FakeNet-NG: FLARE’s Next Generation Dynamic Network Analysis Tool Original Post from FireEye Author: Michael Bailey Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in…

Linux Administrator (six months Internship) job at SoftSolvers Solutions Malaysia

We are on a mission to create a tech Unicorn from Malaysia and are looking for the best in class people to join us in this mission!!

Second CRM

Second CRM is our core business automation solution designed to make medium to large corporations more productive by automating their operations using Internet and mobile technologies. We champion smoother digital transformation using incremental automation of business processes as opposed to large scale disruptive change.

Second CRM focuses on improving all business functions, right from Sales, Marketing, Customer Service, Operations to even Billing and Payments and it easily fits in to most business environments by being flexible, cost effective and easy to use application.

High Growth Phase

We are actively looking to hire creative bright talents to join us, as Developers [PHP/MySQL, Android, iOS], Designers [web and mobile UI], Project Manager / Business Analysts, Product Managers, Sales [Inside sales and business dev], Marketing [Social Media, Content writer, full stack Marketing], Finance [Accounting, International taxation] and so many more.

SoftSolvers is headquartered in Singapore and has operations in Singapore and Malaysia.

SoftSolvers Research & Development Centre and Regional Support Center is based in Cyberjaya, in CBD Perdana area, near D'Pulze Mall and lot of food eatries and entertainment zones.

Installing and Configuring CentOS 6.x / 7.x

Installing PHP, Apache and MySQL using yum and configuring [php.ini, httpd.conf and my.cnf]

Upgrade/Downgrade versions of PHP, Apache and MySQL

General administrative tasks in Linux (iptables, cron, LVM, partitioning, rsync, etc)

General administrative tasks in MySQL (backups, restore, indexing, logs, etc)

Working with developers to troubleshot and solve server related issues

Server Security, Performance and Scalability are desirable skills but can learn in coming months

Hosting and Managing servers on Amazon (AWS) is desirable skill but can learn in coming months

Who we are looking for

Candidate must possess or currently pursuing a Diploma, Degree in IT/Computer Science or equivalent.

Able to work independently, good research on Internet to solve technical issues and not afraid of working late nights, weekends and at all odd hours

Strong oral and written communication skills in English, teamwork, organization, and attention to detail

Able to work in Cyberjaya and a minimum of six months internship

StartUp Jobs Asia - Startup Jobs in Singapore , Malaysia , HongKong ,Thailand from http://www.startupjobs.asia/job/41274-linux-administrator-six-months-internship-software-system-admin-job-at-softsolvers-solutions-malaysia Startup Jobs Asia https://startupjobsasia.tumblr.com/post/179855368069

Linux Administrator (six months Internship) job at SoftSolvers Solutions Malaysia

We are on a mission to create a tech Unicorn from Malaysia and are looking for the best in class people to join us in this mission!!

Second CRM

Second CRM is our core business automation solution designed to make medium to large corporations more productive by automating their operations using Internet and mobile technologies. We champion smoother digital transformation using incremental automation of business processes as opposed to large scale disruptive change.

Second CRM focuses on improving all business functions, right from Sales, Marketing, Customer Service, Operations to even Billing and Payments and it easily fits in to most business environments by being flexible, cost effective and easy to use application.

High Growth Phase

We are actively looking to hire creative bright talents to join us, as Developers [PHP/MySQL, Android, iOS], Designers [web and mobile UI], Project Manager / Business Analysts, Product Managers, Sales [Inside sales and business dev], Marketing [Social Media, Content writer, full stack Marketing], Finance [Accounting, International taxation] and so many more.

SoftSolvers is headquartered in Singapore and has operations in Singapore and Malaysia.

SoftSolvers Research & Development Centre and Regional Support Center is based in Cyberjaya, in CBD Perdana area, near D'Pulze Mall and lot of food eatries and entertainment zones.

Installing and Configuring CentOS 6.x / 7.x

Installing PHP, Apache and MySQL using yum and configuring [php.ini, httpd.conf and my.cnf]

Upgrade/Downgrade versions of PHP, Apache and MySQL

General administrative tasks in Linux (iptables, cron, LVM, partitioning, rsync, etc)

General administrative tasks in MySQL (backups, restore, indexing, logs, etc)

Working with developers to troubleshot and solve server related issues

Server Security, Performance and Scalability are desirable skills but can learn in coming months

Hosting and Managing servers on Amazon (AWS) is desirable skill but can learn in coming months

Who we are looking for

Candidate must possess or currently pursuing a Diploma, Degree in IT/Computer Science or equivalent.

Able to work independently, good research on Internet to solve technical issues and not afraid of working late nights, weekends and at all odd hours

Strong oral and written communication skills in English, teamwork, organization, and attention to detail

Able to work in Cyberjaya and a minimum of six months internship

From http://www.startupjobs.asia/job/41274-linux-administrator-six-months-internship-software-system-admin-job-at-softsolvers-solutions-malaysia

from https://startupjobsasiablog.wordpress.com/2018/11/07/linux-administrator-six-months-internship-job-at-softsolvers-solutions-malaysia-2/

Linux Administrator (six months Internship) job at SoftSolvers Solutions Malaysia

We are on a mission to create a tech Unicorn from Malaysia and are looking for the best in class people to join us in this mission!!

Second CRM

Second CRM is our core business automation solution designed to make medium to large corporations more productive by automating their operations using Internet and mobile technologies. We champion smoother digital transformation using incremental automation of business processes as opposed to large scale disruptive change.

Second CRM focuses on improving all business functions, right from Sales, Marketing, Customer Service, Operations to even Billing and Payments and it easily fits in to most business environments by being flexible, cost effective and easy to use application.

High Growth Phase

We are actively looking to hire creative bright talents to join us, as Developers [PHP/MySQL, Android, iOS], Designers [web and mobile UI], Project Manager / Business Analysts, Product Managers, Sales [Inside sales and business dev], Marketing [Social Media, Content writer, full stack Marketing], Finance [Accounting, International taxation] and so many more.

SoftSolvers is headquartered in Singapore and has operations in Singapore and Malaysia.

SoftSolvers Research & Development Centre and Regional Support Center is based in Cyberjaya, in CBD Perdana area, near D'Pulze Mall and lot of food eatries and entertainment zones.

Installing and Configuring CentOS 6.x / 7.x

Installing PHP, Apache and MySQL using yum and configuring [php.ini, httpd.conf and my.cnf]

Upgrade/Downgrade versions of PHP, Apache and MySQL

General administrative tasks in Linux (iptables, cron, LVM, partitioning, rsync, etc)

General administrative tasks in MySQL (backups, restore, indexing, logs, etc)

Working with developers to troubleshot and solve server related issues

Server Security, Performance and Scalability are desirable skills but can learn in coming months

Hosting and Managing servers on Amazon (AWS) is desirable skill but can learn in coming months

Who we are looking for

Candidate must possess or currently pursuing a Diploma, Degree in IT/Computer Science or equivalent.

Able to work independently, good research on Internet to solve technical issues and not afraid of working late nights, weekends and at all odd hours

Strong oral and written communication skills in English, teamwork, organization, and attention to detail

Able to work in Cyberjaya and a minimum of six months internship

StartUp Jobs Asia - Startup Jobs in Singapore , Malaysia , HongKong ,Thailand from http://www.startupjobs.asia/job/41274-linux-administrator-six-months-internship-software-system-admin-job-at-softsolvers-solutions-malaysia

Bitcoin's Lightning Network Is Being Attacked for Its Own Good

https://cryptobully.com/bitcoins-lightning-network-is-being-attacked-for-its-own-good/

Bitcoin's Lightning Network Is Being Attacked for Its Own Good

“Yes, we have created an attack framework for the lightning network.”

The message from “bitPico” to CoinDesk confirmed what many had read in a popular chat group, that the pseudonymous user was flooding nodes running the software with traffic with an automated “attack toolkit.”

Around the same time, a handful of developers reported lightning nodes crashing, temporarily stopping them from sending payments using the technology designed for faster, cheaper bitcoin transactions.

The development comes as more and more users have started using lightning network to send real payments – albeit with some bumps along the way – and just a couple weeks after Lightning Labs, one of several startups building open-source lightning implementations, was the first to launch its product into live beta.

The attacks were a strange incident in that user funds were safe and money wasn’t being stolen. In fact, those, including bitPico, who are attacking the network might even be losing money.

One of the first to notice the attacks, Bitrefill developer Justin Camarena, was able to fix his company’s node – and easily.

But he was confused as to why anyone would attack other lightning nodes without the lure of monetary gain. He wondered why they wouldn’t just report any issues on GitHub, so developers could fix any bugs found.

“[It] wasn’t really an attack to steal funds, but to make a statement in my opinion,” Camarena told CoinDesk.

At first, many had the same impression, since bitPico had been a vocal supporter of a controversial scaling initiative, and had continued to espouse the benefits of increasing the block size parameter, even after most network participants ditched the effort.

But, according to bitPico, the attacks aren’t just more politics; they’re all about safety:

“As people with investment into bitcoin, we want to make sure layer-two solutions do not get [zero-day’ed] out of the gate; trying as many attacks as possible is the only way to make sure.”

Zero-day vulnerabilities are security holes that aren’t known to developers of a project. Usually, they are exploited by hackers in the hopes of stealing data before the vulnerability is patched.

But bitPico’s attacks, which started about 10 days ago, are all about stress-testing the software before more people start using it. And bitPico’s plan seems to be working – to a degree.

According to bitPico, 22 different attack vectors have been found, and the pseudonymous user plans to continue the attacks for another couple of weeks.

A common annoyance

It’s worth pointing out that denial-of-service (DoS) attacks are common across the internet.

These attacks simply drown a server with so much traffic that they crash under the load. And because these are a common practice among attackers, websites will generally develop armor to protect against them.

Indeed, bitPico’s attacks are prompting lightning developers to do just that, putting forward various possible fixes. And many developers believe these current attacks will set the lightning network up for success.

For instance, bitcoin advocate and author Andreas Antonopoulos blithely called the attacks “free testing,” while some developers just laughed them off.

“Frankly that’s to be expected for any service that is exposed to the internet and [it] doesn’t qualify as a real attack in my view,” said Pierre-Marie Padiou, CEO of ACINQ, a French startup behind another lightning client.

Developer Alex Bosworth has started using firewall software, called iptables, to prevent this traffic from disrupting legitimate transactions.

But the attacks are ongoing, propagated by users like bitPico opening tiny payment channels – which they have to pay a fee for opening. (This is one way attackers are probably losing money in DoSing the network – though it costs less than a penny to do so.)

This is a problem in that the Lightning Labs client, for one, doesn’t yet allow nodes to disconnect from these spammy channels, thus slowing them down.

In the future, Bosworth hopes the Lightning Labs implementation will allow users to disconnect from suspect peers.

Still, the attacks are merely what Bosworth and Camerena call an “annoyance.” “They wasted their fee to make that channel. It’s just bugging me,” Bosworth said.

Accidents, not attacks

All this goes to show that while the lightning network is ready for real money for the first time – a big step, to be sure – there’s still a number of smaller issues that need to be resolved before it will be ready for everyday, non-technical users.

This was on full display in another scenario recently: what developers initially thought was an attack, then turned out to be a simple mistake.

A little over a week ago, Bosworth tweeted that an “attacker” has broadcast an old “channel state,” which could have allowed the user to effectively steal another user’s funds.

Toward that, Bosworth tweeted, “Lightning DoSers seem organized and motivated.”

But the network’s rules worked as programmed, penalizing the user $25-worth of bitcoin instead.

“Justice has been served,” Camarena tweeted at the time, after seeing the message the program spits out when a bad actor tries to steal money by broadcasting an old transaction.

“That is exactly how it should respond. That was pretty interesting to see it play out for real,” Bosworth told CoinDesk.

Yet, while the revocation process worked, it also displayed that there are still more tweaks needed, as the software shouldn’t have let the user send old data in the first place.

As it turned out, broadcasting the old data was an accident on the part of a user with a corrupted channel database, who restored an old backup and closed his channels. When the channels were closed, the old channel states were broadcast and the node he was connected to detected it and categorized it as fraud.

Nonetheless, lightning developers see these errors as good learning experiences that will ultimately bring about a tougher network.

As Bosworth tweeted:

“We’re getting a good opportunity to develop robust [peer-to-peer] deployment strategies.”

Heart target via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Bitcoin