FDF
- -This is the content of my super blog post.1 -We will be witnessing such thing is unimaginable to me.
-1 -2 -3 | #!/usr/bin/python3
-
-print("Hello")
- |
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c7620df
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.pyc
+*.pid
+__pycache__
+__pycache__/.*
diff --git a/__pycache__/pelicanconf.cpython-34.pyc b/__pycache__/pelicanconf.cpython-34.pyc
deleted file mode 100644
index 3fdaa1c..0000000
Binary files a/__pycache__/pelicanconf.cpython-34.pyc and /dev/null differ
diff --git a/cache/ArticlesGenerator-Readers b/cache/ArticlesGenerator-Readers
deleted file mode 100644
index 5718b7f..0000000
Binary files a/cache/ArticlesGenerator-Readers and /dev/null differ
diff --git a/cache/PagesGenerator-Readers b/cache/PagesGenerator-Readers
deleted file mode 100644
index 28413ea..0000000
Binary files a/cache/PagesGenerator-Readers and /dev/null differ
diff --git a/content/blog/Interviewing_gaffes.md b/content/blog/Interviewing_gaffes.md
new file mode 100644
index 0000000..c290d60
--- /dev/null
+++ b/content/blog/Interviewing_gaffes.md
@@ -0,0 +1,81 @@
+title: Central SSH Key management using CA
+Date: 2014-12-15 13:02
+Category: Server
+Tags: Security, SSH
+Slug: Central-SSH-key-management-CA-1
+Status: draft
+Authors: Unixer
+Summary: Part 1 of Managing OpenSSH keys on large scale Securely.
+
+
+{% img center /images/openssh.gif 600px 400px "Ping1" %}
+
+## Intro
+It's always challenge in itself to handle SSH private keys, Managing authentication ( Without-password ) and keeping it upto date. Things like taking control of the keys plus revoking the keys as needed is formidable challenge for any senior admin.
+One can do it via traditional `authorized_keys` file but overtime it becomes messy to maintain and more prone to errors. This becomes all the more important when you can't handle key management to you users whom you deem undesirable to be able to comprehend .
+
+Menta ike
+
+So, Decided to move to CA based authentication with OpenSSH with OpenLDAP. In this part we will cover just CA based key management later parts we will do it with OpenLDAP integration and how does one maintain the whole ssh keys management via ansible.
+
+It doesn't really matter which methods you adopt as long as you have prior policy to deal with regular management of keys.
+
+## Lab Topology
+{% img center /images/sshca_topology1.png 600px 400px "SSHCA_Topology" %}
+** *Fig1*- Strong SSH manta:** Scopus SSH lie manteld. Mentali menta so.
+
+> CA server will only be used to generate CA key and Sign and generate certificates for public keys that you have received from various users.
+
+> Remember: At no point in time private key of user is supposed to leave his/her computer, Only public keys are required to generate certs.
+
+
+## Configure Host certificates
+Utility: `ssh-keygen`
+
+We will start by configurign our host certificates. Host certificates replaces public keyfiles of users's know_host files. It will replace it with CA's public key in users known_host file.
+To avoid confusion here are the files required on various machines for Host certificates.
+
+| Machine | Files | Purpose |
+| -------- | :-----: | |
+| CA | CA Private KEY ( server_ca ) - Hosted | For signing certificate that will certify the host's authenticity |
+| | CA Public KEY (server_ca.pub) | This will go to every host that we want to trust this CA |
+| | | |
+| Client | known_hosts | Only file that changes on client, Here the file `server_ca.pub` will come as `@cert-authority`. |
+| | | |
+| Server | sshd_config | Server's sshd_config file will be changed with appropriate configuration for that server to 'trust' that particular authority |
+
+
+---
+
+
+> Note: Don't confuse `Server` and `Client` here, they interchangeable terms, Mostly depends upon where you need authentication done.
+
+### Generate CA keys
+```bash
+ #Generate CA for our infrastructure.
+ ssh-keygen -f server_ca
+```
+Now You should have two files in your CWD.
+```bash
+ #!sh
+ ls
+ server_ca server_ca.pub
+```
+
+### Signing Host keys
+Now that we have our CA keys, We can sign our host keys.
+
+#### Example:
+Start by signing any example key for trial:
+```bash
+ ssh-keygen -s server_ca.pub -I "Identifier" -h -n "HOST_NAME" -V +52w host_rsa_key
+```
+
+Let's have look at what each of these options means:
+
+| -s | Private key of CA that we just created server_ca |
+| -I | This is identifier, This name will show up in logs when this certificate is used for authentication. It can be name of host |
+| -h | Generate certificate for host as oppose to client |
+
+
+
diff --git a/content/blog/Interviewing_gaffes_1.md b/content/blog/Interviewing_gaffes_1.md
new file mode 100644
index 0000000..0907420
--- /dev/null
+++ b/content/blog/Interviewing_gaffes_1.md
@@ -0,0 +1,18 @@
+title: Interviewer's Gaffe-1
+Date: 2015-6-15 16:02
+Category: Art
+Tags: Polity
+Slug: avoid-doing-interviews-1
+Status: published
+Authors: Unixer
+Summary: While interviewing someone, Don't freak out!
+
+
+{% img center /images/bring_star1.png 800px 600px "Bring it!" %}
+
+
+{% img center /images/bring_star2.png 800px 600px "2" %}
+{% img center /images/bring_star4.png 800px 600px "4" %}
+
+
+> Plight of every Interviewer
diff --git a/content/blog/Mail-server-with-OpenSMTPD-1.md b/content/blog/Mail-server-with-OpenSMTPD-1.md
new file mode 100644
index 0000000..464281b
--- /dev/null
+++ b/content/blog/Mail-server-with-OpenSMTPD-1.md
@@ -0,0 +1,21 @@
+Title: Building Enterprize Mail server
+Date: 2015-8-15 17:02
+Category: Server
+Tags: Mail, Unix
+Slug: OpenSMTPD-as-Mail-server-1
+Authors: Unixer
+Summary: Mail server with Various Open-source components
+Status: draft
+
+
+
+## Why?
+Blaming mail server is very easy when your mail goes to SPAM or mail server doesn't work at all.
+
+Mail servers are so important in our lives that it's very hard to imagine life without them. They have outlived many systems such as Chat clients and Social Media netwoks - Still going ever stong.
+
+* **Relevant inline math**: $e=mc^2\pi$
+
+$\pi$
+
+
diff --git a/content/blog/Unix/lsof.md b/content/blog/Unix/lsof.md
new file mode 100644
index 0000000..8027b2d
--- /dev/null
+++ b/content/blog/Unix/lsof.md
@@ -0,0 +1,15 @@
+Title: Guide lsof
+Date: 2011-12-03 13:02
+Modified: 2011-12-05 13:30
+Category: Unix
+Tags: Unix, Monitor
+Slug: Munging LSOF
+Authors: Unixer
+Status: draft
+Summary: Unix OS analysis using `lsof` utility
+
+## Primer on `lsof`
+- `lsof` is my go to tool for troubleshooting problems I am facing on my unix boxes.
+* attempted version is of spice = $\pi/3$
+ * Max much and planted whichever morese like molte mine. $\pi/\alpha$
+ * Whichever much is most valer
diff --git a/content/blog/Unix/pf.md b/content/blog/Unix/pf.md
new file mode 100644
index 0000000..1cce727
--- /dev/null
+++ b/content/blog/Unix/pf.md
@@ -0,0 +1,148 @@
+Title: Firewall PF
+Date: 2014-12-04 13:02
+Modified: 2014-12-06 13:30
+Category: Unix
+Tags: Unix, Firewall
+Slug: pf-firewall-1
+Authors: Unixer
+Summary: Securing your environment via `PF`
+
+## FreeBSD and OpenBSD
+PF (Packet filter) is default firewall for OpenBSD and included in other OS's like [FreeBSD](http://www.freebsd.org) and [Apple](http://www.apple.com "Apple") IOS operating systems. Many other "Commercial firewall" appliances are inspired by PF.
+
+##History of PF
+
+PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's CVS tree due to OpenBSD developers' problems with its license. Specifically, Reed distributed some versions of his software with the license clause, "Derivative or modified works are not permitted without the author's prior consent." Due to this, the OpenBSD team decided to replace the software. This decision became the subject of wrangling among the parties involved, degenerating into a discussion that failed to reach mutual understanding. On the subject, OpenBSD project leader Theo de Raadt wrote, "Software which OpenBSD uses and redistributes must be free to all... for any purpose including... modification."
+
+PF has since evolved quickly and now has several advantages over other available firewalls. Network Address Translation (NAT) and Quality of Service (QoS) have been integrated into PF, QoS by importing the ALTQ queuing software and linking it with PF's configuration. Features such as pfsync and CARP for failover and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult FTP protocol, have also extended PF.
+
+One of the many innovative feature is PF's logging. Logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called pflog. Logs may be monitored using standard utilities such as tcpdump, which in OpenBSD has been extended especially for the purpose, or saved to disk in a modified tcpdump/pcap binary format using the pflogd daemon.
+
+> For more info, **Read - [History of pf](http://en.wikipedia.org/wiki/PF_%28firewall%29)**
+
+## PF setup
+Usually `PF` is deployed in conjuction with other tools provided by OpenBSD ecosystem.
+These includes:
+* HFSC Queuing system for QoS
+* FTP-Proxy
+* Application proxies such as Relayd ( Mainly used as HTTPs termination point )
+* OS detection using fingerprint - `pf.os`
+* CARP firewall failover for HA environments ( UCARP for FreeBSD users )
+
+### How to deploy PF firewall in your environment
+
+> Note: Both OpenBSD and FreeBSD OS uses different syntax for maintaining `PF` firewall.
+> We will mainly focus on OpenBSD OS but there are benefits of using `PF` with FreeBSD OS since it provides multi-processing capable version of `PF`.
+
+
+
+File - `/etc/rc.conf.local`
+
+```language-bash
+ pf=YES
+ pf_rules=/etc/pf.conf
+ pflogd_flags="-s 1500" # Ex. Snaplen, Log filename
+```
+
+File - `/etc/pf.conf`
+
+```language-bash
+ ### My master pf.conf
+
+ ### Interfaces
+ EXTIF ="em0"
+ INTIF ="em1"
+ DMZ = "em2"
+ EXTRAIF ="em3"
+
+ ### Hosts
+ ADMIN ="10.0.11.1"
+ ADMIN1 ="10.0.11.31"
+ BOTHADMIN ="{" $ADMIN $ADMIN1 "}"
+ EXTDNSSERVER ="4.2.2.2"
+ INTDNSSERVER ="$INTIF:0"
+ #DNSSERVERS ="{' $INTDNSSERVER $EXTDNSSERVER '}"
+ DNSSERVER ="{$INTDNSSERVER}"
+ LOGSERVER = "{ 10.0.11.22, 10.0.11.31 }"
+```
+
+* All these variable defined are called MACROS inside `pf.conf` file.
+* These are used for convinience and ease of use
+* Defining nested macros are possible as well.
+* Take a look at `INTIF` macro, If you want to include that whole internal network in your rules then `INTIF:network` in your rule.
+
+Now, We will have a look at some of the rules itself.
+
+```language-bash
+ #External Interface
+ #Block all on External interface
+ block log on $EXTIF
+
+ ## Network address translation with outgoing source
+ #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0)
+ match out log on $EXTIF from $INTIF:network to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0)
+ #If you have difficulties with any box with static port forwarding then you should use
+ #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0) static-port
+
+ #Traffic generated from firewall it self will be tagged as EGRESS
+ match out log on $EXTIF from $EXTIF to any tag EGRESS
+ #More on these later on.
+
+ #EXTIF inbound
+ pass in log (to pflog1) on $EXTIF inet proto tcp from any to any port 22
+ pass in on $EXTIF inet proto tcp from any to $EXTIF port >10000
+
+ #External interface outbound
+ pass out log on $EXTIF inet from ($EXTIF) to any $TCPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
+ #pass out log on $EXTIF inet proto udp from ($EXTIF) to any $UDPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
+ pass out log on $EXTIF inet proto tcp from ($EXTIF) to any port $TCPPORTS $TCPSTATE $EXTIFSTO queue (web, ack) tagged EGRESS
+ pass out log on $EXTIF inet proto udp from ($EXTIF) to any port 53 $UDPSTATE $EXTIFSTO queue (dns, ack) tagged EGRESS
+```
+
+
+* These are some of the rules that I have defined in my DMZ firewall to prevent other users from coming in from outside.
+* After deploying this ruleset only SSH is allowed from outside interface of firewall.
+* From inside essential end-user services such as Internet browsing, DNS are enabled.
+* Take a look at `match out` rules on `EXTIF` to have a look at how nat rules are working.
+
+### Turning on routing
+To turn on routing functionality of the box, You need to make sure you have enabled ip forwarding in `sysctl`
+
+```language-bash
+ # To check the ip forwarding status
+ sysctl net.inet.ip.forwarding
+ # If it's 0 then turn it on
+ sysctl net.inet.ip.forwarding=1
+
+ #To make it permanent
+ ### /etc/sysctl.conf
+ net.inet.ip.forwarding = 1
+```
+
+### PFCTL utility
+After making changes inside `pf.conf` file, rules are not automatically loaded. To load the rules We need to use `pfctl`
+
+To load rules - Assuming rule file is `/etc/pf.conf`
+
+```language-bash
+ pfctl -vf /etc/pf.conf
+```
+
+
+To see which rules are currently loaded, It will also show related counters.
+
+```language-bash
+ pfctl -vsr
+```
+{% img center /images/pf_rules.png 600px 400px "pf.conf" %}
+
+
+## Conclusions
+PF is one of the most popular and powerful firewall for managing your network traffic. We have barely even scratched surface of what PF can provide. It's functionality is much more then many of the commercial offerings offers.
+We will also cover some extended functionality such as usage of Anchors, Preventing torrent traffic, Blacklisting and preventing brute-forcing attack etc.
+Being open-source it places no restrictions on usage. Users can use it any which way they would prefer.
+
+Having used PF and OpenBSD for nearly 10 years in all of my setups I can say PF is most secure firewall there is and With combination of OpenBSD and PF you can be pretty sure you are one step ahead then rest in process of being NSA proof.
+
+
+
diff --git a/content/blog/Unix/unix-essentials--1-find.md b/content/blog/Unix/unix-essentials--1-find.md
new file mode 100644
index 0000000..623b004
--- /dev/null
+++ b/content/blog/Unix/unix-essentials--1-find.md
@@ -0,0 +1,169 @@
+Title: Find - Looking for things
+Date: 2010-1-03 18:02
+Category: Unix
+Tags: Unix, Essentials
+Slug: practical-find
+Authors: Unixer
+Status: Published
+Summary: Everyday usage of `find` utility
+
+
+The `Find` utility in Linux is very useful in the sense that it quickly locates and searches through list of files and directories.
+It can do so based on condition that you pass through arguments.
+`Find` can find files using different conditions like:
+
+ * Permissions
+ * Users
+ * Groups
+ * File type
+ * Date
+ * Size and more.
+
+## Basic Usage
+- Find file in current directory
+
+```language-bash
+ # Find by filename in Current dir
+ find . -name unixtech.txt
+
+ #Output
+ ./unixtech.txt
+```
+
+- Find file in current directory Case insensitive
+
+```language-bash
+ # Find by filename in Current dir
+ find . -iname unixtech.txt
+
+ #Output
+ ./unixtech.txt
+```
+
+- Recursively searching file in all in whole system
+```language-bash
+# Recurse through whole file system
+find / -name $FILENAME
+```
+
+## Find files based on permissions
+
+- Find files certain permissions
+```language-bash
+# Find only files with full 777 permissions
+find / -perm 0777 -print
+# Find files with SGID bit set
+find / -perm 2644
+# Or
+find / -perm /g+s
+```
+
+- Find all files based on user permissions
+```language-bash
+#Find all files with READ permission
+find / -perm /u=r -print
+
+# Find all files with executable bit set
+find / -perm /a=x -print
+```
+
+> **Note:** Find can also execute command on found files based on given criterion.
+> In addition to just printing list of files, You can modify, change permission and also delete files using `-exec` flag in find command.
+
+So, If you want to change all the files that have permission set to `777` to something that only you can modify in your home directory, You may execute following variation of `find`
+
+- Find all files with `777` permission and change it to `644` inside your home directory
+```language-bash
+#Find and exec
+find ~USERNAME -perm 777 -print -exec chmod 644 {} \;
+```
+
+| | |
+| :---: | :--- |
+| \{\} | Shell expander which will put current file name from list in `-exec`|
+| \; | '\' is Shell escape and ';' is Unix chaining symbol |
+
+
+> **Note:** Here thing to remember is You have to put \{\} symbol where you want INPUT filename to be, and chain it with \; symbol.
+
+- Same thing if you want to remove or list files
+```language-bash
+#List files that matches certain crieteria
+find / -perm 777 -print -exec ls -la {} \;
+
+#Removing files that matches certain crieteria
+find / -perm 777 -print -exec rm -rf {} \;
+```
+
+## Finding files based on user/group ownership
+```language-bash
+#Find files owned by particular user
+find / -user unixtech -print
+
+#Find files owned by group
+find / -group unixgroup -print
+
+```
+
+
+## Finding files based on modification/changed/accessed date time
+
+- Find files modified 3 days back
+```language-bash
+
+find / -mtime 3
+
+```
+
+- find all the files those are changed last hour
+```language-bash
+#Will return all the files changed in last 60 mins
+find / -cmin -60
+```
+
+> **Note:** '-' sign in front of 60 includes all the files that changed within that timeframe, Ex. It will include files that are changed 3, 5, 10 mins back and so on.
+> Notice different criterion for finding files such as `-mmin`, `cmin`, `amin`
+
+
+| | |
+| ------------- |:-------------:|
+| Access time | If you list/delete/open this file then `atime` will be modified |
+| Changed time | Modifying data of the file changes `ctime` parameter of file |
+| Modification time | Same as Changed time but will also be changed upon changes in meta data of the file. |
+
+
+## Use `find` to search files based on size
+
+This one is quite useful in case you want to find largest files in your home directory, files that are eating away space on hard drive.
+
+- Find all the files between 10 MB - 100 MB
+
+```language-bash
+find /home -size +10M -size -100M
+```
+
+- Find all the files larger then 1GB and delete em
+
+```language-bash
+#Find larger files and list them first
+find /home -size +1G -exec ls -la {} \;
+
+# If you see desired files then remove them
+find /home -size +1G -exec rm -rf {} \;
+
+```
+
+- Find all the movie files larger then 100MB and delete
+```language-bash
+# Find and list files first
+find /home -size +100M -print -iname "*mp4|wmv|mov";
+
+# After listing them just press `UP` arrow, change the CMD and delete
+find /home -size +100M -iname "*mp4|wmv|mov" -exec rm -rf {} \;
+#Be careful while executing that command.
+```
+
+> **Note:** Find supports extended regular expressions too.
+>Regular expressions are swiss army knife for solving many kind of problem but they also come with added difficulty of maintaining and generating them. If none> of the above meets your requirement then as last resort only you should use Re>gExes in `find` utility.
+
+
diff --git a/content/blog/super1.md b/content/blog/super1.md
index 4e000d0..d141716 100644
--- a/content/blog/super1.md
+++ b/content/blog/super1.md
@@ -1,11 +1,13 @@
-Title: y super titsle
-Date: 2015-12-03 12:20
+Title: super titsle
+Date: 2010-12-03 13:03
Modified: 2010-12-05 13:30
-Category: Super
+Category: Super1
Tags: pelican, publishing
-Slug: mjy-super-p2ost
+Slug: mys-super-p2ost
Authors: Unixer
+Status: draft
Summary: Short version for index and feeds
+LATEX:
FDF
###
@@ -13,4 +15,20 @@ FDF
This is the content of my super blog post.1
We will be witnessing such thing is unimaginable to me.
-{% include_code hello1.py %}
+
+
+
+
+
+{% img center /images/2.png 600px 400px "Ping1" %}
+
+##Title 2
+
+$$x^2$$
+mulcha
+
+
+$x^2$ - This is inline math
+$e=mc^2$ - This is perfect. :D
+
+In normal series In-line math is working but in reveals you can't use In line math if you are doing some sort of Markdown presentations.
diff --git a/content/blog/super2.md b/content/blog/super2.md
index d6b15a4..46cf87b 100644
--- a/content/blog/super2.md
+++ b/content/blog/super2.md
@@ -6,5 +6,12 @@ Tags: pelican, publishing
Slug: mjy-super-post
Authors: Unixer
Summary: Short version for index and feeds
+Status: draft
This is the content of my super blog post.
+
+This is [an $\pi/\alpha$][1] reference-style link.
+
+This is [an example](http://example.com/ "Title") inline link.
+[1]: http://example.com/ "Optional Title Here"
+
diff --git a/content/blog/understanding_sql-1.md b/content/blog/understanding_sql-1.md
new file mode 100644
index 0000000..896f1b4
--- /dev/null
+++ b/content/blog/understanding_sql-1.md
@@ -0,0 +1,95 @@
+Title: Relational Algebra - SQL
+Date: 2015-12-06 10:20
+Modified: 2015-12-07 19:30
+Category: Server
+Tags: Essentials
+Authors: Unixer
+Slug: understanding-sql-1
+Summary: Understanding SQL SELECT and Relational algebra
+Latex:
+Status: published
+
+
+
+In the age of ORMs so many developers today doesn't know about very fundamental and basic algorithms that runs SQL. Despite being one of easiest and much useful language many people run away from using SQL directly and take shelter in using some 'wrapper' tool which is not always as good as `raw` SQL.
+
+Let's start by defining very basic relation in SQL.
+
+1. Database as Collection of relations ( Tables or Schemas )
+2. Being first class predicate - State of database is final state of all relations
+3. By *joining*, *aggregating* data from different relations one can filter out data as desired.
+
+#### Relation
+
+Relation in SQL language is defined by several terms.
+
+| | |
+| -- | -- |
+| Tuple | One Row in SQL Relation |
+| Attribute | Column in Relation |
+| Unknown | `Null` in Domain |
+
+> **Note:-** Tuple is represented by (a, b), Attribute(Column) here will have unique domain(name - Relation name) within relation.
+
+
+### Relational Algebra
+Relational algebra is superset of *set* algebra which defines formal language of relations in Database domain.
+Each operation done here on relations will return new valid Relation.
+
+This algebra has mainly two groups of operations, One it shares with *set* theory and other one is specific to *Relational* model.
+
+| | SET operations | Relation specific operations |
+| | -------- | ------------ |
+| 1 | UNION | SELECT |
+| 2 | INTERSECTION | PROJECT |
+| 3 | SET DIFFERENCE | |
+| 4 | CARTESIAN PRODUCT \ CROSS PRODUCT | |
+
+Any operations in Relational algebra can be classified mathematically as binary and unary, this fundamental operators have all the power needed to construct complex queries as needed.
+The main operators are:
+
+- SELECT ( $\sigma$ ) Can be described as below
+ $$ \sigma_\psi RO $$
+
+Where:
+
+| | |
+| ------- | ----------- |
+| R | Tupels sets in SQL |
+| $\psi$ | Predicate in selection retries from Tuples in R |
+
+- PROJECT ( $\pi$ ) Operation which returns columnar structure in vertical dimention, If you remember this is slicing by attributes can be described as
+
+$$ \pi _{a1,a2...an} RO $$
+
+> $_{a1,a2..an}$ are set of attributes names.
+
+- CARTESIAN\CROSS PRODUCT ( $\times$ ) This is binary operation as oppose to unary like previous two, Can be used to generate complex relations by joining each tuple operands together.
+
+$R \times S = {r1, r2...rn,s1,s2...sn}$
+
+- UNION ($\cup$) Appends two relations together.
+
+> To be successful in this binary operations both relation needs to have same set of attributes.
+
+
+$$ R \cup S = (_{r1, r2...rn}) \cup (_{s1, s2...sn}) $$
+
+> Assuming, $S \, \Sigma \, (_{s1,s2...sn}) \quad and \quad R \, \Sigma \, (_{r1,r2...rn})$
+
+- DIFFERENCE ( $\setminus or \, -$ ) A binary operation, as you may have guessed - $\cup$ only but in reverse.
+Set difference can be described as
+
+$$ R\setminus S = (_{r1,r2...rn}) \quad where \quad (_{r1,r2...rn}) \, \Sigma\, R \quad but \quad (_{r1,r2...rn}) \, \notin \, S $$
+
+
+- REMAME($\rho$) A unary operation that works on attributes and returns new value of attribute, This is mainly used for JOIN operations to differantiate the attributes, can be expressed as
+
+$$ \rho_{a\setminus b}R$$
+
+With this essential building blocks in place we can now move forward and take a look at more complex queries such as mixing many of these premitives to perform *left joins*, *right-joins* etc. In addition to these we can also add few more such as *sum*, *multiplication* to these operations on set of tuples or attributes.
+These algebric math provides fundamental building block of any SQL algorithm which guarantess ACID standards are followed hence understanding them all the more important.
+
+
+
+
diff --git a/content/code/pf.conf b/content/code/pf.conf
new file mode 100644
index 0000000..c4a405d
--- /dev/null
+++ b/content/code/pf.conf
@@ -0,0 +1,180 @@
+### My master pf.conf
+
+### Interfaces
+EXTIF ="em0"
+INTIF ="em1"
+DMZ = "em2"
+EXTRAIF ="em3"
+
+
+### Hosts
+ADMIN ="10.0.11.1"
+ADMIN1 ="10.0.11.31"
+BOTHADMIN ="{" $ADMIN $ADMIN1 "}"
+EXTDNSSERVER ="4.2.2.2"
+INTDNSSERVER ="$INTIF:0"
+#DNSSERVERS ="{" $INTDNSSERVER $EXTDNSSERVER "}"
+DNSSERVER ="{$INTDNSSERVER}"
+LOGSERVER = "{ 10.0.11.22, 10.0.11.31 }"
+
+### states, Types
+ICMPTYPE = "icmp-type 8 code 0"
+ICMPMTUD = "icmp-type 3 code 4"
+SYNSTATE = "flags S/SA synproxy state"
+TCPSTATE = "flags S/SA modulate state"
+#FLOWSTATE = "keep state (pflow)"
+UDPSTATE = "keep state"
+
+# Ports
+TCPPORTS = "{ 80, 443 }"
+SSHPORT = "22"
+FTPPORT = "8021"
+
+## Statefule tracking options
+FTPSTO ="(tcp.established 7200)"
+EXTIFSTO ="(max 2000, source-track rule, max-src-conn 1000, max-src-nodes 10)"
+INTIFSTO ="(max 250, source-track rule, max-src-conn 60, max-src-nodes 10, max-src-conn-rate 200/10)"
+#SMTPSTO ="(max 200, source-track rule, max-src-states 50, max-src-conn-rate 50/30, overload Have a word with me @:
+Unixer
+This too is part of it. We are timed outTHE END
+
+$$x^2$$
+- Try the online editor
+- Source code & documentation
+
+This too is part of it.
+$$x^2$$
+- Try the online editor
+- Source code & documentation
+
We are timed out
+ +
+This too is part of it.
+$$x^2$$
+- Try the online editor
+- Source code & documentation
+
We are timed out
+ +
+This too is part of it.
+$$x^2$$
+- Try the online editor
+- Source code & documentation
+
We are timed out
+ +FDF
- -This is the content of my super blog post.1 -We will be witnessing such thing is unimaginable to me.
-1 -2 -3 | #!/usr/bin/python3
-
-print("Hello")
- |
This is the content of my super blog post.
Follow @abhaytrivedi
-Follow @abhaytrivedi
-Follow @abhaytrivedi
-The Find utility in Linux is very useful in the sense that it quickly locates and searches through list of files and directories.
+It can do so based on condition that you pass through arguments.
+Find can find files using different conditions like:
# Find by filename in Current dir
+ find . -name unixtech.txt
+
+ #Output
+ ./unixtech.txt
+
+
+ # Find by filename in Current dir
+ find . -iname unixtech.txt
+
+ #Output
+ ./unixtech.txt
+
+
+# Recurse through whole file system
+find / -name $FILENAME
+
+
+# Find only files with full 777 permissions
+find / -perm 0777 -print
+# Find files with SGID bit set
+find / -perm 2644
+# Or
+find / -perm /g+s
+
+
+#Find all files with READ permission
+find / -perm /u=r -print
+
+# Find all files with executable bit set
+find / -perm /a=x -print
+
+
+++Note: Find can also execute command on found files based on given criterion. +In addition to just printing list of files, You can modify, change permission and also delete files using
+-execflag in find command.
So, If you want to change all the files that have permission set to 777 to something that only you can modify in your home directory, You may execute following variation of find
777 permission and change it to 644 inside your home directory#Find and exec
+find ~USERNAME -perm 777 -print -exec chmod 644 {} \;
+
+
+| + | + |
|---|---|
| {} | +Shell expander which will put current file name from list in -exec |
+
| \; | +'\' is Shell escape and ';' is Unix chaining symbol | +
++Note: Here thing to remember is You have to put {} symbol where you want INPUT filename to be, and chain it with \; symbol.
+
#List files that matches certain crieteria
+find / -perm 777 -print -exec ls -la {} \;
+
+#Removing files that matches certain crieteria
+find / -perm 777 -print -exec rm -rf {} \;
+
+
+#Find files owned by particular user
+find / -user unixtech -print
+
+#Find files owned by group
+find / -group unixgroup -print
+
+
+
+
+find / -mtime 3
+
+
+
+#Will return all the files changed in last 60 mins
+find / -cmin -60
+
+
+++Note: '-' sign in front of 60 includes all the files that changed within that timeframe, Ex. It will include files that are changed 3, 5, 10 mins back and so on. +Notice different criterion for finding files such as
+-mmin,cmin,amin
| + | + |
|---|---|
| Access time | +If you list/delete/open this file then atime will be modified |
+
| Changed time | +Modifying data of the file changes ctime parameter of file |
+
| Modification time | +Same as Changed time but will also be changed upon changes in meta data of the file. | +
find to search files based on sizeThis one is quite useful in case you want to find largest files in your home directory, files that are eating away space on hard drive.
+find /home -size +10M -size -100M
+
+
+#Find larger files and list them first
+find /home -size +1G -exec ls -la {} \;
+
+# If you see desired files then remove them
+find /home -size +1G -exec rm -rf {} \;
+
+
+
+# Find and list files first
+find /home -size +100M -print -iname "*mp4|wmv|mov";
+
+# After listing them just press `UP` arrow, change the CMD and delete
+find /home -size +100M -iname "*mp4|wmv|mov" -exec rm -rf {} \;
+#Be careful while executing that command.
+
+
++Note: Find supports extended regular expressions too.
+
+Regular expressions are swiss army knife for solving many kind of problem but they also come with added difficulty of maintaining and generating them. If none> of the above meets your requirement then as last resort only you should use Re>gExes infindutility.

+
+Plight of every Interviewer
+
PF (Packet filter) is default firewall for OpenBSD and included in other OS's like FreeBSD and Apple IOS operating systems. Many other "Commercial firewall" appliances are inspired by PF.
+PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's CVS tree due to OpenBSD developers' problems with its license. Specifically, Reed distributed some versions of his software with the license clause, "Derivative or modified works are not permitted without the author's prior consent." Due to this, the OpenBSD team decided to replace the software. This decision became the subject of wrangling among the parties involved, degenerating into a discussion that failed to reach mutual understanding. On the subject, OpenBSD project leader Theo de Raadt wrote, "Software which OpenBSD uses and redistributes must be free to all... for any purpose including... modification."
+PF has since evolved quickly and now has several advantages over other available firewalls. Network Address Translation (NAT) and Quality of Service (QoS) have been integrated into PF, QoS by importing the ALTQ queuing software and linking it with PF's configuration. Features such as pfsync and CARP for failover and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult FTP protocol, have also extended PF.
+One of the many innovative feature is PF's logging. Logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called pflog. Logs may be monitored using standard utilities such as tcpdump, which in OpenBSD has been extended especially for the purpose, or saved to disk in a modified tcpdump/pcap binary format using the pflogd daemon.
+++For more info, Read - History of pf
+
Usually PF is deployed in conjuction with other tools provided by OpenBSD ecosystem.
+These includes:
+ HFSC Queuing system for QoS
+ FTP-Proxy
+ Application proxies such as Relayd ( Mainly used as HTTPs termination point )
+ OS detection using fingerprint - pf.os
+* CARP firewall failover for HA environments ( UCARP for FreeBSD users )
++ + +Note: Both OpenBSD and FreeBSD OS uses different syntax for maintaining
+PFfirewall. +We will mainly focus on OpenBSD OS but there are benefits of usingPFwith FreeBSD OS since it provides multi-processing capable version ofPF.
File - /etc/rc.conf.local
pf=YES
+ pf_rules=/etc/pf.conf
+ pflogd_flags="-s 1500" # Ex. Snaplen, Log filename
+
+
+File - /etc/pf.conf
### My master pf.conf
+
+ ### Interfaces
+ EXTIF ="em0"
+ INTIF ="em1"
+ DMZ = "em2"
+ EXTRAIF ="em3"
+
+ ### Hosts
+ ADMIN ="10.0.11.1"
+ ADMIN1 ="10.0.11.31"
+ BOTHADMIN ="{" $ADMIN $ADMIN1 "}"
+ EXTDNSSERVER ="4.2.2.2"
+ INTDNSSERVER ="$INTIF:0"
+ #DNSSERVERS ="{' $INTDNSSERVER $EXTDNSSERVER '}"
+ DNSSERVER ="{$INTDNSSERVER}"
+ LOGSERVER = "{ 10.0.11.22, 10.0.11.31 }"
+
+
+pf.conf file.INTIF macro, If you want to include that whole internal network in your rules then INTIF:network in your rule.Now, We will have a look at some of the rules itself.
+ #External Interface
+ #Block all on External interface
+ block log on $EXTIF
+
+ ## Network address translation with outgoing source
+ #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0)
+ match out log on $EXTIF from $INTIF:network to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0)
+ #If you have difficulties with any box with static port forwarding then you should use
+ #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0) static-port
+
+ #Traffic generated from firewall it self will be tagged as EGRESS
+ match out log on $EXTIF from $EXTIF to any tag EGRESS
+ #More on these later on.
+
+ #EXTIF inbound
+ pass in log (to pflog1) on $EXTIF inet proto tcp from any to any port 22
+ pass in on $EXTIF inet proto tcp from any to $EXTIF port >10000
+
+ #External interface outbound
+ pass out log on $EXTIF inet from ($EXTIF) to any $TCPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
+ #pass out log on $EXTIF inet proto udp from ($EXTIF) to any $UDPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
+ pass out log on $EXTIF inet proto tcp from ($EXTIF) to any port $TCPPORTS $TCPSTATE $EXTIFSTO queue (web, ack) tagged EGRESS
+ pass out log on $EXTIF inet proto udp from ($EXTIF) to any port 53 $UDPSTATE $EXTIFSTO queue (dns, ack) tagged EGRESS
+
+
+match out rules on EXTIF to have a look at how nat rules are working. To turn on routing functionality of the box, You need to make sure you have enabled ip forwarding in sysctl
# To check the ip forwarding status
+ sysctl net.inet.ip.forwarding
+ # If it's 0 then turn it on
+ sysctl net.inet.ip.forwarding=1
+
+ #To make it permanent
+ ### /etc/sysctl.conf
+ net.inet.ip.forwarding = 1
+
+
+After making changes inside pf.conf file, rules are not automatically loaded. To load the rules We need to use pfctl
To load rules - Assuming rule file is /etc/pf.conf
pfctl -vf /etc/pf.conf
+
+
+To see which rules are currently loaded, It will also show related counters.
+ pfctl -vsr
+
+
+
PF is one of the most popular and powerful firewall for managing your network traffic. We have barely even scratched surface of what PF can provide. It's functionality is much more then many of the commercial offerings offers.
+We will also cover some extended functionality such as usage of Anchors, Preventing torrent traffic, Blacklisting and preventing brute-forcing attack etc.
+Being open-source it places no restrictions on usage. Users can use it any which way they would prefer.
Having used PF and OpenBSD for nearly 10 years in all of my setups I can say PF is most secure firewall there is and With combination of OpenBSD and PF you can be pretty sure you are one step ahead then rest in process of being NSA proof.
In the age of ORMs so many developers today doesn't know about very fundamental and basic algorithms that runs SQL. Despite being one of easiest and much useful language many people run away from using SQL directly and take shelter in using some 'wrapper' tool which is not always as good as raw SQL.
Let's start by defining very basic relation in SQL.
+Relation in SQL language is defined by several terms.
+| + | + |
|---|---|
| Tuple | +One Row in SQL Relation | +
| Attribute | +Column in Relation | +
| Unknown | +Null in Domain |
+
++Note:- Tuple is represented by (a, b), Attribute(Column) here will have unique domain(name - Relation name) within relation.
+
Relational algebra is superset of set algebra which defines formal language of relations in Database domain.
+Each operation done here on relations will return new valid Relation.
This algebra has mainly two groups of operations, One it shares with set theory and other one is specific to Relational model.
+| + | SET operations | +Relation specific operations | +
|---|---|---|
| 1 | +UNION | +SELECT | +
| 2 | +INTERSECTION | +PROJECT | +
| 3 | +SET DIFFERENCE | ++ |
| 4 | +CARTESIAN PRODUCT \ CROSS PRODUCT | ++ |
Any operations in Relational algebra can be classified mathematically as binary and unary, this fundamental operators have all the power needed to construct complex queries as needed.
+The main operators are:
Where:
+| + | + |
|---|---|
| R | +Tupels sets in SQL | +
| \(\psi\) | +Predicate in selection retries from Tuples in R | +
++\(_{a1,a2..an}\) are set of attributes names.
+
\(R \times S = {r1, r2...rn,s1,s2...sn}\)
+++To be successful in this binary operations both relation needs to have same set of attributes.
+
++Assuming, \(S \, \Sigma \, (_{s1,s2...sn}) \quad and \quad R \, \Sigma \, (_{r1,r2...rn})\)
+
With this essential building blocks in place we can now move forward and take a look at more complex queries such as mixing many of these premitives to perform left joins, right-joins etc. In addition to these we can also add few more such as sum, multiplication to these operations on set of tuples or attributes.
+These algebric math provides fundamental building block of any SQL algorithm which guarantess ACID standards are followed hence understanding them all the more important.
Follow @abhaytrivedi
-
It's always challenge in itself to handle SSH private keys, Managing authentication ( Without-password ) and keeping it upto date. Things like taking control of the keys plus revoking the keys as needed is formidable challenge for any senior admin.
+One can do it via traditional authorized_keys file but overtime it becomes messy to maintain and more prone to errors. This becomes all the more important when you can't handle key management to you users whom you deem undesirable to be able to comprehend .
Menta ike
+So, Decided to move to CA based authentication with OpenSSH with OpenLDAP. In this part we will cover just CA based key management later parts we will do it with OpenLDAP integration and how does one maintain the whole ssh keys management via ansible.
+It doesn't really matter which methods you adopt as long as you have prior policy to deal with regular management of keys.
+
+ Fig1- Strong SSH manta: Scopus SSH lie manteld. Mentali menta so.
++CA server will only be used to generate CA key and Sign and generate certificates for public keys that you have received from various users.
+Remember: At no point in time private key of user is supposed to leave his/her computer, Only public keys are required to generate certs.
+
Utility: ssh-keygen
We will start by configurign our host certificates. Host certificates replaces public keyfiles of users's know_host files. It will replace it with CA's public key in users known_host file.
+To avoid confusion here are the files required on various machines for Host certificates.
| Machine | +Files | +Purpose | +
|---|---|---|
| CA | +CA Private KEY ( server_ca ) - Hosted | +For signing certificate that will certify the host's authenticity | +
| + | CA Public KEY (server_ca.pub) | +This will go to every host that we want to trust this CA | +
| + | + | + |
| Client | +known_hosts | +Only file that changes on client, Here the file server_ca.pub will come as @cert-authority. |
+
| + | + | + |
| Server | +sshd_config | +Server's sshd_config file will be changed with appropriate configuration for that server to 'trust' that particular authority | +
++Note: Don't confuse
+ServerandClienthere, they interchangeable terms, Mostly depends upon where you need authentication done.
#Generate CA for our infrastructure.
+ ssh-keygen -f server_ca
+
+
+Now You should have two files in your CWD.
+ #!sh
+ ls
+ server_ca server_ca.pub
+
+
+Now that we have our CA keys, We can sign our host keys.
+Start by signing any example key for trial:
+ ssh-keygen -s server_ca.pub -I "Identifier" -h -n "HOST_NAME" -V +52w host_rsa_key
+
+
+Let's have look at what each of these options means:
+| -s | +Private key of CA that we just created server_ca | +
|---|---|
| -h | +Generate certificate for host as oppose to client | +
lsoflsof is my go to tool for troubleshooting problems I am facing on my unix boxes.Blaming mail server is very easy when your mail goes to SPAM or mail server doesn't work at all.
+Mail servers are so important in our lives that it's very hard to imagine life without them. They have outlived many systems such as Chat clients and Social Media netwoks - Still going ever stong.
+\(\pi\)
+This is the content of my super blog post.
+This is an \(\pi/\alpha\) reference-style link.
+This is an example inline link.
+FDF
+ +This is the content of my super blog post.1 +We will be witnessing such thing is unimaginable to me.
+ + + + + + + + +
+mulcha
+\(x^2\) - This is inline math +\(e=mc^2\) - This is perfect. :D
+In normal series In-line math is working but in reveals you can't use In line math if you are doing some sort of Markdown presentations.
+Thank you for visiting. Welcome!
-Understanding SQL SELECT and Relational algebra
While interviewing someone, Don't freak out!
Securing your environment via PF
A Better PostgreSQL with psqlrc
This is my About me page
-
I study popular tech across wide range of spectrums - Programming languages, Graphical illustrations and more. In doing so I try to uncover some of the best practices of doing certain things.
+Here, I share it with world!
Have a word with me @: +Unixer
+ + + + + + +This is my Contact me page
+Contact 2 +1
+Mart the clkddf for the man lips tal creek
+
- pelican (2)
- publishing (2)
+ Essentials (3)
+ Firewall (1)
+ Polity (1)
+ Unix (2)
Follow @abhaytrivedi
-+You have to run Live mode on a web server. +
+