How does SSL works?

Step 1: A customer makes a connection to domain.com on an SSL port, typically 443. This connection is denoted with https instead of http.

Step 2: domain.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is al-right to proceed.

  • The domain.com public key must NOT be expired
  • The domain.com public key must be for domain.com only
  • The client must have the public key for Third Party SSL issuer, installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the most of the Third Party SSL issuer’s root certificate. If the customer has hird Party SSL issuer’s trusted public key, then they can trust that they are really communicating with Domain, Inc.

Step 3: If the customer decides to trust the certificate, then the customer will be sent to domain.com his/her public key.

Step 4: domain.com will next create a unique hash and encrypt it using both the customer’s public key and domain.com‘s private key, and send this back to the client.

Step 5: Customer’s browser will decrypt the hash. This process shows that the domain.com sent the hash and only the customer is able to read it.

Step 6: Customer and website can now securely exchange information.

Linux Admins Command Line Tools

1. Top

The top program provides a dynamic real-time view of a running system. It can display system summary information as

well as a list of tasks currently being managed by the Linux kernel. The types of system summary information shown and

the types, order and size of information displayed for tasks are all user configurable and that configuration can be

made persistent across restarts.

The program provides a limited interactive interface for process manipulation as well as a much more extensive inter-

face for personal configuration encompassing every aspect of its operation. And while top is referred to through-

out this document, you are free to name the program anything you wish. That new name, possibly an alias, will then be

reflected on tops display and used when reading and writing a configuration file.

2. Atop

The program atop is an interactive monitor to view the load on a Linux system. It shows the occupation of the most

critical hardware resources (from a performance point of view) on system level, i.e. cpu, memory, disk and network.

It also shows which processes are responsible for the indicated load with respect to cpu- and memory load on process

level. Disk load is shown if per process storage accounting is active in the kernel or if the kernel patch cnt has

been installed. Network load is only shown per process if the kernel patch has been installed.

3. Iftop

iftop listens to network traffic on a named interface, or on the first interface it can find which looks like an exter-

nal interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts. iftop must be

run with sufficient permissions to monitor all network traffic on the interface, on most systems this means that it must be run as root.

By default, iftop will look up the hostnames associated with addresses it finds in packets. This can cause substantial

traffic of itself, and may result in a confusing display. You may wish to suppress display of DNS traffic by using fil-

ter code such as not port domain, or switch it off entirely, by using the -n option or by pressing n when the program

is running.

By default, iftop counts all IP packets that pass through the filter, and the direction of the packet is determined

according to the direction the packet is moving across the interface. Using the -F option it is possible to get iftop

to show packets entering and leaving a given network. For example, iftop -F 10.0.0.0/255.0.0.0 will analyse packets

flowing in and out of the 10.* network

4. Mytop

mytop display MySQL server performance info like `top

In order for mytop to function properly, you must have the following:

* Perl 5.005 or newer

* Getopt::Long

* DBI and DBD::mysql

* Term::ReadKey from CPAN

Most systems are likely to have all of those installed except for Term::ReadKey. You will need to pick that up from

the CPAN.

Enter into cpan shell and install the module

[root@dev-01 ~]# cpan

cpan> install Term::ReadKey

Install the packages using cpan shell interface

5. Htop

This program is a free (GPL) ncurses-based process viewer.

It is similar to top, but allows to scroll the list vertically and horizontally to see all processes and their full

command lines.

Tasks related to processes (killing, renicing) can be done without entering their PIDs

What is a fork bomb and how can it be prevented?

– Definition of a Fork bomb:

This is a bash function. It gets called recursively (recursive function).

This is often used by system administrators to test user processes limitations .Once a successful fork bomb has been activated in a system it may not be possible to resume back to normal operation without rebooting, as the only option to a fork bomb is to destroy all instances of it.

Continue reading…