Unix: find open port/process

To view all open network connections:

sudo netstat -nlp

To list all processes using tcp port 43796:

lsof -i tcp:43796

To list the pids using tcp port 43796:

fuser 1723/tcp
Read More

Oracle: Configure Oracle to be used with SSL

1. Run the docker image with Oracle EE

docker run -t -p 1532:1532 -p 1521:1521 -e ORACLE_SID=APP -e ORACLE_PWD=pswd -v /local/docker/mounts/oracle:/opt/oracle/oradata oracle/database:12.1.0.2-ee 

2. Connected to the instance:

docker exec -it friendly_khorana /bin/bash

3. Create a wallet

orapki wallet create -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123 -auto_login_local
orapki wallet add -wallet /opt/oracle/admin/APP/xdb_wallet  -pwd WalletPasswd123   -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
orapki wallet display -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123
orapki wallet export -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/`hostname`-certificate.crt

4. Edit configuration

4.1 listener.ora

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /opt/oracle/admin/APP/xdb_wallet)
    )
  )

LISTENER =
(DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
  )
  (DESCRIPTION =
     (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
   )
)

DEDICATED_THROUGH_BROKER_LISTENER=ON
DIAG_ADR_ENABLED = off

4.2 sqlnet.ora

WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /opt/oracle/admin/APP/xdb_wallet)
     )
   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

4.3 tnsnames.ora

APP=
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
  (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = APP)
  )
)

5. Connect with SQLDeveloper

keytool -import -trustcacerts -alias oracle3 -file 15e31b633912-certificate.crt -keystore /u01/keystore/OracleTrustStore.jks

Update SqlDeveloper.conf /Applications/SQLDeveloper.app/Contents/Resources/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf

AddVMOption -Djavax.net.ssl.trustStore=/u01/keystore/OracleTrustStore.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1234
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
To connect from sqldevloper restart sqldeveloper and use the advanced option in sqldeveloper:
Connection string:

jdbc:oracle:thin:@(DESCRIPTION =  (ADDRESS = (PROTOCOL = TCPS)(HOST = server_ip_addr)(PORT = 1532))(CONNECT_DATA =(SERVER = DEDICATED) (SERVICE_NAME = ORCLCDB)))
Read More

Docker: Run activeMQ and remap ports

Get the latest build:

docker pull webcenter/activemq:latest

Then run the image with the following command:

docker run --name='activemq' -d \
-v /data/activemq:/data \
-v /var/log/activemq:/var/log/activemq \
-p 8162:8161 \
-p 61617:61616 \
-p 61614:61613 \
webcenter/activemq:5.14.3
Read More

Ubuntu: Force clock to update using ntp

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

Further editing of /etc/ntp.conf can be useful in case you want to add other servers to the ntp pool and other various settings.

You might also want to allow the UDP traffic on the respective port.

sudo ufw allow 123/udp
Read More

Docker cheatsheet

## List Docker CLI commands
docker
docker container --help

## Display Docker version and info
docker --version
docker version
docker info

## Execute Docker image
docker run hello-world

## List Docker images
docker image ls

## List Docker containers (running, all, all in quiet mode)
docker container ls
docker container ls --all
docker container ls -aq


docker build -t friendlyhello .  # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyhello  # Run "friendlyname" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyhello         # Same thing, but in detached mode
docker container ls                                # List all running containers
docker container ls -a             # List all containers, even those not running
docker container stop <hash>           # Gracefully stop the specified container
docker container kill <hash>         # Force shutdown of the specified container
docker container rm <hash>        # Remove specified container from this machine
docker container rm $(docker container ls -a -q)         # Remove all containers
docker image ls -a                             # List all images on this machine
docker image rm <image id>            # Remove specified image from this machine
docker image rm $(docker image ls -a -q)   # Remove all images from this machine
docker login             # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag  # Tag <image> for upload to registry
docker push username/repository:tag            # Upload tagged image to registry
docker run username/repository:tag                   # Run image from a registry

docker stack ls                                            # List stacks or apps
docker stack deploy -c <composefile> <appname>  # Run the specified Compose file
docker service ls                 # List running services associated with an app
docker service ps <service>                  # List tasks associated with an app
docker inspect <task or container>                   # Inspect task or container
docker container ls -q                                      # List container IDs
docker stack rm <appname>                             # Tear down an application
docker swarm leave --force      # Take down a single node swarm from the manager
Read More

Java keystore – certificate request and self-sign with openssl

Generate a private key

openssl genrsa -aes256 -out demo.key.pem 2048 

Generate a certificate request
Use the private key to generate a certificate signing request (CSR). The CSR details can be whatever you wish, but they must not exactly match the root CA. For web server certificates, the Common Name must be a fully qualified domain name (eg, www.example.com), whereas for client certificates it can be any unique identifier (eg, an e-mail address). Note that the Common Name cannot be the same as the root certificate.

openssl req -config config/openssl.cnf -key demo.key.pem -new -sha256 -out demo.csr.pem

Sign the certificate

openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -in demo.csr.pem -out denoc.cert.pem -days 900 -CAcreateserial

Create a fullchain certificate
The new certificate will only be trusted if the root CA is also trusted. Some applications require the CA certificate to be imported before the new certificate. Others require the CA certificate to be appended to the new certificate.

cat demo.cert.pem config/ca/certs/ca.cert.pem > demo.cert.fullchain.pem

Create a .p12 keystore with openssl.

openssl pkcs12 -export -in demo.cert.fullchain.pem -inkey demo.key.pem -out demo.keystore.p12 -name DEMO

Convert from a .p12 to a java keystore .jks

keytool -importkeystore -srckeystore application.keystore.p12 -srcstoretype PKCS12 -destkeystore application.keystore.jks -alias DEMO

Import the CA certificate in the keystore

keytool -import -alias ROOT -keystore application.keystore.jks -trustcacerts -file ca.cert.pem
Read More

tcpdump commands

Listen on all interfaces

tcpdump

Listen on all interfaces and specific port(s)

tcpdump port 22 or port 1234

Listen on a specific interface

tcpdump -i eth0

Listen and print packets

tcpdump -i eth0 -A port 80
Read More

PostgreSQL: Delete/drop a database

First check the pg_stat_activity view to see what type of activity is currently taking place against your database, including all idle processes.

SELECT * FROM pg_stat_activity WHERE datname='database name';

Then:

select pg_terminate_backend(procpid) from pg_stat_activity where datname='YourDatabase';
#for psql 9.2 and above replace procid with pid

DROP DATABASE "YourDatabase";
Read More

PostgreSQL: Backup and restore

1)Backup data with pg_dump

pg_dump -U postgres -F c -b -v -f "/usr/local/backup/10.70.0.61.backup" old_db

To list all of the available options of pg_dump , please issue following command.

pg_dump -?
-p, –port=PORT database server port number
-h, –host=HOSTNAME database server host or socket directory
-U, –username=NAME connect as specified database user
-W, –password force password prompt (should happen automatically)
-d, –dbname=NAME connect to database name
-v, –verbose verbose mode
-F, –format=c|t|p output file format (custom, tar, plain text)
-c, –clean clean (drop) schema prior to create
-b, –blobs include large objects in dump
-v, –verbose verbose mode
-f, –file=FILENAME output file name

2) Restore data with pg_restore

pg_restore -U postgres -d old_db -v "/usr/local/backup/10.70.0.61.backup"

To list all of the available options of pg_restore , please issue following command.

pg_restore -?
-p, –port=PORT database server port number
-i, –ignore-version proceed even when server version mismatches
-h, –host=HOSTNAME database server host or socket directory
-U, –username=NAME connect as specified database user
-W, –password force password prompt (should happen automatically)
-d, –dbname=NAME connect to database name
-v, –verbose verbose mode

Read More

Unix: Manually set the date from the command line

In case you do not have a time synchronization with NTP, then you can manually set the date with the date command:

date -s "22 FEB 2017 13:13:00"

Otherwise, verify your NTP service and servers in /etc/ntp.conf

Read More