Chef online book

http://maintao.qiniudn.com/book/Learning_Chef.pdf
http://www.tecmint.com/

FTP
https://www.unixmen.com/install-vsftpd-server-on-centos-rhel-scientific-linux-6-4/

SSL Certificates Installation

https://www.akadia.com/services/ssh_test_certificate.html

Vi Editor —> Replace text with other word (:%s/pattern/replace/)

Jenkins Setup —>https://www.tutorialspoint.com/jenkins/

Docker Setup —>https://tecadmin.net/tutorial/docker/docker-introduction/
—>https://tecadmin.net/tutorial/docker/docker-data-volumes/
—>https://docs.docker.com/get-started/part2/#prerequisites
Shell Scripting —>https://www.tutorialspoint.com/unix/unix-file-system.htm
Chef —>https://www.tutorialspoint.com/chef/chef_pdf_version.htm
Linux —>https://www.thegeekstuff.com/2009/03/15-practical-unix-grep-command-
examples
Static IP
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV$_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s3
UUID=”WHAT EVER IS YOUR COMPUTER’s UUID”
ONBOOT=yes
HWADDR=”WHATEVER IS YOUR COMPUTER’S MAC ADDRESS”
IPADDR=192.168.1.2
PREFIX=24
GATEWAY=192.168.1.1
DNS=192.168.1.1
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes

Restarting the networking service

You may have to restart the network adapter or the machine. To restart the
network adapter use the following command:service network restart.
Using ifconfig
If you wish to install the common networking tools you can now install the net-tools package
using the following command:yum install net-tools
#################################################

(:APACHE:)
very very IMP command (dispatcher not working)

/usr/sbin/setsebool httpd_can_network_connect true

apache not working

Error:
httpd dead but pid file exists
http://linuxamination.blogspot.in/2014/06/httpd-dead-but-pid-file-exists.html
Indusind Monitoring Sheet
https://docs.google.com/spreadsheets/d/15gOeSc8_u7D2VJPJmmusYdCTO2suNjHEhsKsFLuU
Qes/edit?usp=sharing
ssl configuration
http://www.akadia.com/services/ssh_test_certificate.html

Dispatcher Configuration:)
Dispatcher settings
<IfModule disp_apache2.c>
DispatcherConfig conf/dispatcher.any
DispatcherLog logs/dispatcher.log
DispatcherLogLevel 3
DispatcherNoServerHeader 0
DispatcherDeclineRoot 0
DispatcherUseProcessedURL 0
DispatcherPassError 0
</IfModule>
<Directory />
 <IfModule disp_apache2.c>
SetHandler dispatcher-handler
</IfModule>
Options FollowSymLinks
AllowOverride None
</Directory>
----------------------------------------
Virtual host settings
<VirtualHost *:80>
ServerAdmin aravind.yadav@icfi.com
ServerName access.inside7.com.au
UseCanonicalName Off
TraceEnable Off
<Directory />
ServerSignature Off
AllowOverride None
<IfModule disp_apache2.c>
SetHandler dispatcher-handler
ModMimeUsePathInfo On
</IfModule>
</Directory>
</VirtualHost>
----------------------------------------
Rewrite options
<IfModule mod_rewrite.c>
RewriteEngine on
Include /etc/httpd/conf.d/rewrite.conf
RewriteOptions Inherit
</IfModule>
##################################
USA
<VirtualHost *:80>
ServerName dev-register.zebra.com
ServerAlias dev-register.zebra.com
DocumentRoot /vol2/adobe/dispatcher/dev-register.zebra.com
CustomLog logs/dev-register.zebra.com_access_log combined
ErrorLog logs/dev-register.zebra.com_error_log
DispatcherUseProcessedURL 1
<Directory "/vol2/adobe/dispatcher/dev-register.zebra.com">

# <IfModule disp_apache2.c>
# SetHandler dispatcher-handler
# </IfModule>
 #Options -MultiViews +FollowSymLinks

<IfModule disp_apache2.c>
SetHandler dispatcher-handler
ModMimeUsePathInfo On
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
RewriteEngine On
# Handle request that starts with /content/userreg
RewriteCond %{HTTP_HOST} ^dev-register.zebra.com$ [OR]
RewriteCond %{HTTPS_HOST} ^dev-register.zebra.com$
RewriteCond %{REQUEST_URI} ^/content/userreg*
RewriteCond %{REQUEST_URI} .*.html
RewriteRule ^/content/userreg/(.*)$ /$1 [R,QSA]
# Handle requests that does not contain /content/userreg/
RewriteCond %{HTTP_HOST} ^dev-register.zebra.com$ [OR]
RewriteCond %{HTTPS_HOST} ^dev-register.zebra.com$
RewriteCond %{REQUEST_URI} !^/content/userreg/
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteCond %{REQUEST_URI} !^/libs
RewriteCond %{REQUEST_URI} !^/etc
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteCond %{REQUEST_URI} .*.(html|json)
RewriteCond %{REQUEST_URI} !^/$
RewriteRule ^/(.*).(html|json)$ /content/userreg/$1.$2 [PT,L,QSA]
# Handle requests to root with a trailing slash
RewriteCond %{HTTP_HOST} ^dev-register.zebra.com$ [OR]
RewriteCond %{HTTPS_HOST} ^dev-register.zebra.com$
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*)/$ /register.html [R,QSA]

# Handle requests to index.html

RewriteCond %{HTTP_HOST} ^dev-register.zebra.com$ [OR]
RewriteCond %{HTTPS_HOST} ^dev-register.zebra.com$
RewriteCond %{REQUEST_URI} !^/content/dam
 RewriteCond %{REQUEST_URI} ^/index.html$
RewriteRule ^/index.html$ /register.html [R,QSA]
RewriteLog /etc/httpd/logs/rewrite-dev-register.zebra.com.log
RewriteLogLevel 9
</VirtualHost>

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@
Leverage cache and Enable compression
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

#mod_deflate
<FilesMatch "\\.(js|css|html|htm|php|xml)$">
SetOutputFilter DEFLATE
</FilesMatch>

#mod_gzip
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
 mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-
Encoding:.*gzip.*
</IfModule>
…………………………………………………………….

/libs/granite/operations/config/maintenance/granite:daily/granite:RevisionGC

LINUX
http://www.techsupportpk.com/2016/10/protect-your-server-against-the-
dirty-cow-linux-vulnerability.html

Crontab
https://crontab.guru/#1_07_2_3_2

Mac dns cache flush : sudo dscacheutil -flushcache;sudo killall -HUP

mDNSResponder;say cache flushed

MY SQL Step by Installation.

Reference link :- http://www.tecmint.com/install-latest-mysql-on-rhel-

centos-and-fedora/

For downloading SQL package:

# wget http://dev.mysql.com/get/mysql57-community-release-el7-
7.noarch.rpm

Step 1: Installing dependencies

# yum localinstall mysql57-community-release-el7-7.noarch.rpm

# yum repolist enabled | grep "mysql.*-community.*"

Step 2: Installing Latest MySQL Version

# yum install mysql-community-server

Step 3: Installing MySQL Release Series

# yum-config-manager --disable mysql57-community

# yum-config-manager --enable mysql56-community

Step 4: Starting the MySQL Server

#service mysqld start

#service mysqld status
#mysql --version

Step 5: Securing the MySQL Installation

#grep 'temporary password' /var/log/mysqld.log

A temporary password is generated for root@localhost:
IkuV5A7ddd*D

Permanent password for DB root user : Payb@ck@123*

Step 6: Connecting to MySQL Server

#mysql_secure_installation

Step 6: Connecting to MySQL Server

# mysql -u root -p

Step 7: Updating MySQL with Yum

If You need to update the SQL

#rorate logs

Using include to override defaults

When a file is read by /etc/logrotate.conf, the rotation
parameters specified in the include will override the
parameters specified in the logrotate file. An example
of /etc/logrotate.conf being overridden is shown below:
#Log rotation parameters for linuxconf
/var/log/htmlaccess.log
{ errors jim
notifempty
nocompress
weekly
prerotate
/usr/bin/chattr -a /var/log/htmlaccess.log
endscript
postrotate
/usr/bin/chattr +a /var/log/htmlaccess.log
endscript
}
/var/log/netconf.log
{ nocompress
monthly
}

DAILY

/var/log/httpd/*log {

rotate 7
daily
 missingok
notifempty
sharedscripts
compress
create 644 root root
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}

Rewrite rule generator

http://www.visiospark.com/mod-rewrite-rule-generator/

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://domain.com [R=301,L]

Dispatcher Setup

1.We have download dispatcher module first depending on Apache

version
https://www.adobeaemcloud.com/content/companies/public/adobe/d
ispatcher/dispatcher.html

2.extract the module using tar command

move that dispatcher.so file to /etc/httpd/modules

3.ln -s (do the soft link for that)

after load the modules in httpd.conf

LoadModule dispatcher_module modules/mod_dispatcher.so
4.After Extracting the file you will conf directory

in that directory dispatcher.any file will be available you have to move

that file to /etc/httpd/conf

5.in dispatcher.any you have to mention /render ip (publisher IP)

6.cache directory as well

7.create a cache directory and give ownership to that file (
apache.apache)

8.give below lines in httpd.conf ending

# LoadModule foo_module modules/mod_foo.so

# LoadModule mime_module modules/mod_mime.so

<IfModule disp_apache2.c>
SetHandler dispatcher-handler
DispatcherConfig conf/dispatcher.any
DispatcherLog logs/dispatcher.log
DispatcherLogLevel 3
DispatcherNoServerHeader 0
DispatcherDeclineRoot 0
DispatcherUseProcessedURL 1
DispatcherPassError 0
</IfModule>

<Directory />
<IfModule disp_apache2.c>
SetHandler dispatcher-handler
ModMimeUsePathInfo On
 Options +FollowSymLinks
AllowOverride None
</IfModule>
</Directory>

<Directory />
ServerSignature Off
Options +FollowSymLinks
AllowOverride None
UseCanonicalName Off
Options +FollowSymLinks
AllowOverride None
</Directory>

Self signed certificates

https://www.akadia.com/services/ssh_test_certificate.html

If you run into another incompatibility like this in the future, use yum
search all. For example:
yum search all mod_ssl
Returns:
mod_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server
mod24_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server
Checking .csr file info in linux
#openssl x509 -inform der -in certnew.cer -noout -text
##########

Mod page module TO avoid white spaces.

wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm

################################################

Yum configuration

vi /etc/yum.repos.d/rhcelab.repo
[rhcerepo]
name=rhcerepo
baseurl=file:///rhcelab/repo
enabled=1
gpgcheck=0

:wq!

########################################################

Mount ISO Image under Linux RHEL/CentOS:

Syntax : # mount -o loop iso-file Mount-Point

Cores info
#lscpu (Cores information)

SSL Generation:
https://www.akadia.com/services/ssh_test_certificate.html

Remove white spaces in html pages - ModPagespeedEnableFilters

collapse_whitespace
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-
stable_current_x86_64.rpm

Date Changing
1. date —> check the date and time
2. date -s "20 may 2015 17:17:17" —> Set the local time
3. hwclock -r or hwclock —> check
4. hwclock -s or hwclock --hctosys -> to sync h/w to localhwclock --systohc --localtime -> to
sync local to h/w

How to Scp using port

scp -r -P 58012 /Users/ICF2025287/Downloads/java-1.7.0-openjdk-1.7.0.141-

2.6.10.1.el7_3.x86_64.rpm root@dev-apl-web.cloudapp.net:/tmp
##################################################

1. Enable compression
2. Leverage browser caching
# Enable Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
</IfModule>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

# Leverage Browser Caching

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
 ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
<IfModule mod_headers.c>
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=2678400, public"
</filesmatch>
<filesmatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, private, must-revalidate"
</filesmatch>
<filesmatch "\.(pdf)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
<filesmatch "\.(js)$">
Header set Cache-Control "max-age=2678400, private"
</filesmatch>
</IfModule>
###########################################

########Jenkins SETUP ###########

https://www.digitalocean.com/community/tutorials/how-to-set-up-jenkins-for-continuous-
development-integration-on-centos-7

CPU AND MEMORY UTILISATION

CPU: #grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage
"%"}’
Memory: #top -n 1 | grep “Mem"

###################################
Wild card

Symbol Description Examples

^ Matches the beginning of a string ^index (the URL
should begin with index)
$ Matches the end of a string php$ (the URL
should end with php)
\ Escape a symbol \.php$ (the URL should end
with .php)
[0-9] Matches a number ^index[0-9] (the URL should
begin with index0, index1, … index9)
[A-Za-z] Matches a letter A-Z irrespective of the case [A-Za-z] (the letter C
would match this pattern)
{0,4} Matches the previous group 0 – 4 times [A-Za-z]{0,4} (the word
CarD would match this pattern)
? Matches the previous group 0 – 1 times [A-Za-z]? (the word
E would match this pattern)
+ Matches the previous group 1 or more times [A-Za-z]+ (the
word CarD would match this pattern)
() Back references (extracting parts of the old URL to be used for the new URL) [see
Pretty URLs section below]
———————————————————————————————————————
————————————————————————
• %{QUERY_STRING} captures the matched query string into % variable.
• %1 will carry the matched content of the first group of brackets.
• The second part ^(.*)$ is the pattern you want to match.
• ^ means “start with”
• $ means “end”
• Like regular expressions, the dot in (.*) matches any characters.
• The asterisk * inside the brackets is a quantifier that match 0 occurrence to infinite
occurrences.
• Therefore, combining them, (.*) matches any characters
• So, clearly, in this example, it matches the whole query string part.
———————————————————————————————————————
————————————————————————
301 permanent The resource has permanently moved
302 temp The resource has temporarily moved
303 seeother The resource has been replaced and refer to new resource
305 UseProxy Use proxy to access site
307 Temp The resource has temporarily moved
410 Tegone The resource has permanently removed
———————————————————————————————————————
————————————————————————
\ Use before any of the following characters to escape or null the meaning or it. \* \. \$
\+ \[ \]
^ Start matching at this point
$ End point of the match
. Any character
[] Starts a class
| Starts alternative match this|that would mean match this or that
() starts a back reference point
? match 0 or 1 time Quantifier
+ match atleast 1 or more times Quantifier
* match 0 to infinite times Quantifier
{} match minimum to maximum Quantifier {0,3} match up to 3 times
———————————————————————————————————————
————————————————————————
[R] Redirect you can add an =301 or =302 to change the type.
[F] Forces the url to be forbidden. 403 header
[G] Forces the url to be gone 401 header
[L] Last rule. (You should use this on all your rules that don't link together)
[N] Next round. Rerun the rules again from the start
[C] Chains a rewrite rule together with the next rule.
[T] use T=MIME-type to force the file to be a mime type
[NS] Use if no sub request is requested
[NC] Makes the rule case INsensitive
[QSA] Query String Append use to add to an existing query string
[NE] Turns of normal escapes that are default in the rewriterule
[PT] Pass through to the handler (together with mod alias)
[S] Skip the next rule S=3 skips the next 3 rules
[E] E=var sets an enviromental variable that can be called by other rules
———————————————————————————————————————
————————————————————————
%{QUERY_STRING} captures the matched query string into % variable.
%1 will carry the matched content of the first group of brackets.
The second part ^(.*)$ is the pattern you want to match.
^ means “start with”
$ means “end”
Like regular expressions, the dot in (.*) matches any characters.
The asterisk * inside the brackets is a quantifier that match 0 occurence to infinite
occurences.
Therefore, combining them, (.*) matches any characters
So, clearly, in this example, it matches the whole query string part.
———————————————————————————————————————
————————————————————————
• . (any character)
• * (zero of more of the preceding)
• + (one or more of the preceding)
• {} (minimum to maximum quantifier)
• ? (ungreedy modifier)
• ! (at start of string means "negative pattern")
• ^ (start of string, or "negative" if at the start of a range)
• $ (end of string)
• [] (match any of contents)
• - (range if used between square brackets)
• () (group, backreferenced group)
• | (alternative, or)
• \ (the escape character itself)

Flags
Flags are added to the end of a rewrite rule to tell Apache how to interpret and handle
the rule. They can be used to tell apache to treat the rule as case-insensitive, to stop
processing rules if the current one matches, or a variety of other options. They are
comma-separated, and contained in square brackets. Here's a list of the flags, with their
meanings (this information is included on the cheat sheet, so no need to try to learn
them all).
• C (chained with next rule)
• CO=cookie (set specified cookie)
• E=var:value (set environment variable var to value)
• F (forbidden - sends a 403 header to the user)
• G (gone - no longer exists)
• H=handler (set handler)
• L (last - stop processing rules)
• N (next - continue processing rules)
• NC (case insensitive)
• NE (do not escape special URL characters in output)
• NS (ignore this rule if the request is a sub request)
• P (proxy - i.e., apache should grab the remote content specified in the substitution
section and return it)
• PT (pass through - use when processing URLs with additional handlers, e.g.,
mod_alias)
• R (temporary redirect to new URL)
• R=301 (permanent redirect to new URL)
• QSA (append query string from request to substituted URL)
• S=x (skip next x rules)
• T=mime-type (force specified mime type)

Limit the requests size

You can limit the requests size by using the Apache directive LimitRequestBody in combination
with the Directory tag. This can help protect your web server from a denial of service (DOS)
attack.
Suppose you have a site (www.example.com), where you allow uploads, and you want to limit
the upload size on this site.
You can set value from 0 (unlimited) to 2147483647 (2GB) in the main Apache config file.
For example, to limit the request size for the /var/www/html/www.example.com directory
to 200K:
sudo nano /etc/httpd/conf/httpd.conf
Add the following line:
<Directory /var/www/html/www.example.com>
LimitRequestBody 204800
</Directory>

Save the file and restart Apache.

sudo apachectl restart

IPTABLES FLOW
https://www.quora.com/Do-you-know-of-any-book-videos-and-websites-where-I-could-learn-to-
use-iptables-Linux-program/answer/Djas-Djati-1

APACHE Server Signature OFF

Step1 : First we have to install mod_security
Step2 :
#ServerTokens Full
SecServerSignature “ “
It will disable server Information
ServerRoot "/etc/httpd"
#Listen 12.34.56.78:80
Listen 80
#Listen 443
#Listen 8080
Include conf.modules.d/*.con
User apache
Group apache
ServerAdmin root@localhost

#ServerName 172.18.29.51:80
ServerName stage.kotak.com
ServerSignature Off
ServerTokens Prod
TraceEnable Off
#ServerTokens Full
SecServerSignature “ “

How to break Linux Root Password

—> rd.break
—> First we have only ro permissions we have make it (RW) read write
—>#mount -o remount.rw /sysroot/
—>chroot /sysroot/
—>#password
—>touch /.autorelable

Ramsize # cat /proc/meminfo

Swap size # free -m or free -g

Install Desktop Packages

# yum -y groupinstall "Desktop" "Desktop Platform" "X Window System"
“Fonts”

How to assign user permissions to the particular User

#setfacl -m u:username:rwx myfolder
#sudo chmod g+w myfolder

Apache / httpd not starting automatically on boot

#chkconfig httpd on

#chkconfig --level 2345 httpd on It will run as service

Permission For Users

#visudo -f /etc/sudoers
jradmin1 All = /usr/sbin/useradd, /usr/sbin/userdel

https://www.suse.com/documentation/sles11/singlehtml/book_sle_ad
min/book_sle_admin.html

Syntax: For SED Command

#sed -n '/ Beginning date & time / , /Ending date & time/p' log type >>
Output log name
Command

#sed -n '/30.01.2017 14:20/ , /30.01.2017 16:20/p' scd.log >>

/AEM/scd.log

Stop Oracle service in UNIX/Linux

To stop Oracle service type following two commands:

$ lsnrctl stop

$ dbshut

If above failed login as sysdba user:

$ sqlplus '/ as sysdba'

At SQL> type shutdown command:

SQL> shutdown

[ Set environment variables for "oracle" user like follows.

1
]
[oracle@db01 ~]$
vi /etc/oratab
# end line: change

db01:/usr/oracle/app/product/11.2.0/dbhome_1:
Y
[oracle@db01 ~]$
vi ~/.bash_profile
# add follows to the end

export ORACLE_SID=db01

[
2 Create an init Script with the root user.
]
[root@db01 ~]#
vi /etc/rc.d/init.d/oracle
# it's an example, edit it you like.

#!/bin/bash

# oracle: Start/Stop Oracle Database 11g R2

#
# chkconfig: 345 90 10
# description: The Oracle Database is an Object-Relational Database Man
System.
#
# processname: oracle

. /etc/rc.d/init.d/functions

LOCKFILE=/var/lock/subsys/oracle
ORACLE_HOME=/usr/oracle/app/product/11.2.0/dbhome_1
ORACLE_USER=oracle

case "$1" in
'start')
if [ -f $LOCKFILE ]; then
echo $0 already running.
exit 1
fi
echo -n $"Starting Oracle Database:"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/lsnrctl start"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/emctl start dbconsole"
touch $LOCKFILE
;;
'stop')
if [ ! -f $LOCKFILE ]; then
echo $0 already stopping.
exit 1
fi
echo -n $"Stopping Oracle Database:"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/lsnrctl stop"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/dbshut"
su - $ORACLE_USER -c "$ORACLE_HOME/bin/emctl stop dbconsole"
rm -f $LOCKFILE
;;
'restart')
$0 stop
$0 start
 ;;
'status')
if [ -f $LOCKFILE ]; then
echo $0 started.
else
echo $0 stopped.
fi
;;
*)
echo "Usage: $0 [start|stop|status]"
exit 1
esac

exit 0

[root@db01 ~]#
chmod 755 /etc/rc.d/init.d/oracle

[root@db01 ~]#
chkconfig --add oracle

[root@db01 ~]#
chkconfig oracle on

HTTP/2.0
Note : Apache version more than 2.4.20
Step1: First we need to update epel release
step2: yum update && yum install epel-release
step3: yum install http://rpms.remirepo.net/enterprise/remi-release-
7.rpm
Step4: yum update
Step5: yum install httpd
cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el`rpm -q --
qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo
Step6: yum install httpd -y
cd /etc/httpd/modules
#ls -ltr
#mod_http2.so
Step7 : yum install php71
Step8 : cd /etc/httpd/conf.modules.d/
Step9 : vim 10.h2.conf ( to check module has been loaded or not )
Step10: yum install php71—php-tmp ( to download )
https://www.rpmfind.net/linux/rpm2html/search.php?query=php71-php-
fpm%28x86-64%29

Step11: service php71—php-tmp start

Step12 : systemctl enable php71—php-fmp
Step13 : systemctl enable httpd

Note : It will work with https only Not with http so that we need to
install ssl certificates on the Machine.

To Install SSL certificates please fallow below Link

https://www.akadia.com/services/ssh_test_certificate.html
Add below lines in httpd.conf
<VirtualHost *:443>
LogLevel http2:info
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
ServerAdmin root@localhost.com
ServerName localhost
</VirtualHost>

EX:
<VirtualHost 192.168.1.1:443>
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP
SSLCertificateFile /etc/ssl/star.example.com.crt
SSLCertificateKeyFile /etc/ssl/star.example.com.key
ServerName "one.example.com"
DocumentRoot "/var/www/html/one"
Protocols h2 http/1.1
CustomLog "/var/log/httpd/one-access.log" combined
ErrorLog "/var/log/httpd/one-error.log"
<Directory /var/www/html>
AllowOverride none
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>

Linux File System :

https://www.tecmint.com/find-linux-filesystem-type/

Mac DNS Flush

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder; say cache
flushed

IPTABLES LINUX
https://www.cyberciti.biz/tips/linux-iptables-examples.html

Replace ACCEPT with DROP to block port:

## open port ssh tcp port 22 ##
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
## open cups (printing service) udp/tcp port 631 for LAN users ##
iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT
## allow time sync via NTP for lan users (open udp port 123) ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
## open tcp port 25 (smtp) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT
# open dns server ports for all ##
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
## open http/https (Apache) server port to all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
## open tcp port 110 (pop3) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 110 -j ACCEPT
## open tcp port 143 (imap) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 143 -j ACCEPT
## open access to Samba file server for lan users only ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
## open access to proxy server for lan users only ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT
## open access to mysql server for lan users only ##
iptables -I INPUT -p tcp --dport 3306 -j ACCEPT