Monday, August 10, 2020

Linux Cent OS Network Handy commands

 

Linux Cent OS Network Handy commands


tcp connection details:

sof -i

COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME

ssh     15465 shgeorge    3r  IPv4 628118962      0t0  TCP 172.21.1.100:42329->sdc-f5-dmz-ltm-01-ve.aim.local:ssh (ESTABLISHED)

lsof -i :ssh

COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME

ssh     15465 shgeorge    3r  IPv4 628118962      0t0  TCP 172.21.1.100:42329->sdc-f5-dmz-ltm-01-ve.aim.local:ssh (ESTABLISHED)


 netstat -an | grep LISTEN

tcp        0      0 192.168.100.1:53            0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:58811               0.0.0.0:*                   LISTEN      

tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      

tcp        0      0 127.0.0.1:5900              0.0.0.0:*                   LISTEN      

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      

tcp        0      0 :::22                       :::*                        LISTEN      

tcp        0      0 :::111                      :::*                        LISTEN      

tcp        0      0 :::58992                    :::*                        LISTEN      

unix  2      [ ACC ]     STREAM     LISTENING     17044  /var/lib/libvirt/qemu/sdc-securid-vm.deerfield.aim.local.monitor

unix  2      [ ACC ]     STREAM     LISTENING     221367479 /var/run/salt/minion/minion_event_942f3619a7_pull.ipc

unix  2      [ ACC ]     STREAM     LISTENING     14014  /var/run/rpcbind.sock


biggest top 10 directories

du -hs */ | sort -nr | head


biggest file

ls -lS | head


 ls -lS | head


Linux Firewall

eg. permit udp/69

iptables -D INPUT -p udp –dport 69 -j ACCEPT


# Allows connections to SSH/SFTP/SCP

-A INPUT -j ACCEPT -p tcp --dport 22

# Allow ping 

-A INPUT -p icmp -j ACCEPT


openssl

open key file 

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr



search a file *.xml


find . -name *.xml

  find files bigger than 10,000 bytes


find . -size +10000c -size -50000c -print

 

 Top 10 directories

biggest top 10 directories

du -hs */ | sort -nr | head


Server Performance Using vmstat Command

vmstat -a

ZIP  a file


gzip -ztf archive.tar.gz


unzip tar file

tar:

tar -tf archive.tar

Saturday, August 8, 2020

Vue Prometric online exam Tips

 

Pearson Vue Prometric online exam:

I tried to take one of the online exam offers by Vue Prometric

During the sign-in process using my Windows 10 laptop, it failed

When I tried to download the Vue software file OnVue-3.25.24.exe, anti-virus software made it an unsafe file and could not run the .exe file. I had to switch it to Macbook pro and able to run the file. Please do the following to run the file

Windows 10:

Turn off the anti-virus software, instead of click download, open the download link in another tab.

Install the .exe file

MacBook Pro

Unzip and install the file, give allow permission to run

During the Mic test, speak loudly to pass.

Also; turn on facetime, otherwise webcam won’t pass.

I had to wait 30 minutes to get the online proctor even though Vue screen says 15 Minutes.

Tuesday, August 4, 2020

PALO ALTO Firewall Handy Commands PAN-OS 9.1

show routing route   >> route

ping source 203.0.11.1 host 8.8.8.8  > ping a host

show system statistics application

show log system subtype equal HA    > HA
show log system subtype equal HA




Time                Severity Subtype Object EventID ID Description
===============================================================================
2016/07/01 00:24:55 info     ha             ha1-lin 0  HA1 link up
2016/07/01 00:25:12 info     ha             state-c 0  HA Group 1: Moved from state Initial to state Active-P

show system disk-space

show running resource-monitor

show system resource followsho 
show log [ system | traffic | threat ] direction equal backward –   >> log

show log system direction equal backward 

show log system severity equal critical

show log system subtype equal LACP start-time equal 2019/05/13@18:20:00   > specific date and time


show system info –provides the system’s management IP, serial number and code version
show system statistics – shows the real-time throughput on the device
show system software status – shows whether various system processes are running
show jobs processed – used to see when commits, downloads, upgrades, etc. are completed
show system disk--space-- show percent usage of disk partitions
show system logdb--quota – shows the maximum log file sizes
debug dataplane internal vif link – show management interface (eth0) counters
show system resources -- shows processes running in the management plane similar to “top” command
show running resource--monitor – used to see the resource utilization in the data plane, such as dataplane CPU utilization

NAT
show running nat--policy-- shows current NAT policy table
show running ippool-- use to see if NAT pool leak
test nat--policy--match – simulate traffic going through the device, what NAT policy will it match?

Routing
show routing route – displays the routing table
test routing fib--lookup virtual--router <VR_name> ip <IP_addr_trying_reach> -- finds which route in the routing table will be used to reach the IP address that you are testing

Policies
show running security--policy – shows the current policy set
test security--policy--match from trust to untrust destination <IP>-- simulate a packet going through the system, which policy will it match?


URL
test url <url or IP> – used to test the categorization of a URL on the FW

Agent
show pan--agent user--IDs -- used to see if the FW has pulled groups from the PANAgent
show user ip--user--mapping – used to see IP to username mappings on the FW
clear user--cache all – clears the user--ID cache

show user user-id-agent statistics
show user group name "AD\name-of-the-group"

LOG

show log [ system | traffic | threat ] direction equal backward – will take you to the end of the specified log
show log [ system | traffic | threat ] direction equal forward – will take you to beginning of the specified log

Update / Downgrade

request content upgrade install file <filename>
request content downgrade install previous –downgrade to the previous content version

License

request license info – shows the license installed on the device

IPSec
To view detailed debug information for IPSec tunneling:
          1. debug ike global on debug
          2. less mp--log ikemgr.log


TCPDUMP
tcpdump filter “src net <ip/netmask>”
tcpdump snaplen 1500 filter “src net <ip/netmask>”

view-pcap filename.pcap


VPN

show vpn flow Shows encap/decap counters
show vpn gateway Shows list of IKE gateway configurations.
show vpn ike-sa Shows IKE Phase 1 SA
show vpn ipsec-sa Shows IPSEC Phase 2 SA.
show vpn tunnel Shows list of auto-key IPSec tunnel configurations.
show log system subtype equal vpn direction equal backward
clear vpn ike-sa gateway <value>
clear vpn ipsec-sa tunnel <value>
test vpn ike-sa gateway <value>
test vpn ipsec-sa tunnel <value


System details

show system info                   //shows the uptime of the device
show system environmentals         //e.g. power supply failures
show ntp
show session info                  //packet rate, number of sessions, fastpath active, etc.
show session id <id>
show interface { all | <interface-name> }
show routing route                 //routing table (all routes)
show routing fib                   //forwarding table (only used routes)
show routing protocol <protocol> ...
show arp { all | <interface-name> }
show neighbor interface { all | <interface-name> }   //IPv6 neighbor cache
show mac all                       //only with layer 2 interfaces
show jobs all
show jobs id <id>
show running resource-monitor      //resource statistics
show system resource follow        //="top", CPU usage and processes
show system disk-space             //="df -h"
debug software restart <service>   //Restart a certain process
request restart system             //Reboot the whole device


HA

show high-availability all
show high-availability state
show high-availability link-monitoring
show high-availability path-monitoring
show high-availability control-link statistics
show high-availability state-synchronization
request high-availability state suspend
request high-availability state functional
request high-availability state peer suspend
request high-availability state peer functional

SCP


scp export log system to username@host://ip address of the server/home/username/filename
scp import software from username@host://ip address of the server/home/username/file name




Turn off pop notifications in chrome browser from major news outlets

 On Chrome browser, go to settings select privacy and security select site settings select Java Script Select Don't allow sites to use J...