Category Archives: SysAdmin

In-depth Crytography Book Available for FREE!

Screen Shot 2017-09-08 at 9.37.36 AM

As I have mentioned before, I routinely listen to the Security Now podcast. In episode #600 Steve Gibson talked about the book “A Graduate Course in Applied Cryptography“. This book is being compiled by noted Cyber Security researchers Stanford University Professor Dan Boney and New York University Professor Victor Shoup.

While the book is still in development, you can download the most recent version (December 9, 2016 version 0.3) as  PDF file. The book provides high level overviews of many cryptography subject areas, as well as a deep-dive into the technology. As the authors say in their Preface:

A beginning reader can read though the book to learn how cryptographic systems work and why they are secure. Every security theorem in the book is followed by a proof idea that explains at a high level why the scheme is secure. On a first read one can skip over the detailed proofs without losing continuity. A beginning reader may also skip over the mathematical details sections that explore nuances of certain definitions.

An advanced reader may enjoy reading the detailed proofs to learn how to do proofs in cryptog- raphy. At the end of every chapter you will find many exercises that explore additional aspects of the material covered in the chapter. Some exercises rehearse what was learned, but many exercises expand on the material and discuss topics not covered in the chapter.

If you are interested in computer security, you may want to add this 710 page book to add to your library.


See my other Cyber Security articles


 

Advertisements

Podcast – Security Now

Security_Now_cover_art

Podcasts – I have been listening to the Security Now podcast since it began. It has been published weekly now for over 10 years. The latests episode as of this writing is #626. While they began as short programs of under 30 minutes, they have rapidly grown to around two hours per episode.

The show is presented on the TWiT Network and features Leo Laporte and Steve Gibson. While, as the name implies, the focus is on computer security, they also will talk about Tech in general and Science Fiction from time to time. The more recent episodes cover the security news that has occurred over the past week (almost always something new). They sometimes address questions from their large international audience, with occasional deep-dives into an issue of computer technology or security.

The program is well done and I recommend it to anyone interested in computer security, or who simply uses a computer, tablet or smart phone.


See my other Cyber Security articles


 

macOS New App Release – Server Ranger 1.5

Server_Ranger

Product Announcement – LibertyApp Ltd. of Belfast, United Kingdom has released Server Ranger 1.5, the latest version of the company’s website and server monitoring solution for the macOS platform. Server Ranger 1.5 brings brand new features and other enhancements. Get alerts when things go wrong with your devices. No subscriptions, no monthly fees, no in-app purchases and no adverts. Powerful yet easy-to-use, Server Ranger can check any number of servers or devices, whether that be 1 device or 1000.

* Smart Interface: Nodes performing properly are in green. Yellow indicates the node is online but slow. Red is for offline. Only interested in 1 device? Switch to Single Server Mode to reduce on-screen clutter.

* Checks: Choose how often Server Ranger checks your servers, from as little as every 30 seconds to once an hour. Or switch off the automatic monitoring and manually check your devices when you choose.

* Alerts: Don’t wait for your customers, Twitter followers or users to tell you that your site is down. Be the first to know! Server Ranger alerts you if the performance is slow or if the server has gone offline. Get alerted by emails, on-screen alerts, notifications and more.

* Big Screen mode: Open the Overview window and get a glance at all your servers. Put the window on another monitor, a screen on the wall or even Airplay it to your Apple TV.

* Statistics: Server Ranger logs every response from your devices. Spot patterns of poor latency and print or export the evidence to a CSV file. The log file updates live, no need to refresh.

Key features:

  • Monitor any type of server or site – file servers, routers, web servers, email servers and more
  • Define alerts for slow and offline devices
  • Emails, Mac notifications, sounds, and visual alerts
  • Eliminate false positives – alerts are only sent after a user-definable number of checks
  • Single Server Mode
  • Overview window – perfect for a screen on the wall or Airplaying to an Apple TV
  • Detailed log file with export and print
  • One simple price – no adverts or monthly subscription fees
  • Built for macOS Sierra (10.12), OS X El Capitan (10.11) and OS X Yosemite (10.10)

As well as bug fixes, version 1.5 offers some brand new features:

  • Modern integrated main window: The server log now has its own pane on the main window
  • New filters on the server logs: Logs can now be filtered to show ‘Everything’ (all checks), ‘Alerts’ (Warning or Offline) or just ‘Offline’
  • Just want to run manual checks? Automated checks can now be switched off in Preferences – Check as and when you choose
  • Middle detail pane now shows the average latency for the selected server
  • New menu bar icon for fast checking of your servers

Server Ranger 1.5 is available as a one-time purchase of $39.99 USD (or equivalent) from the Mac App Store. It has no in-app purchases and requires no subscriptions or other monthly fees. It is a free upgrade for all current customers.

macOS New App Release – Pretty Regular Expressions 1.0

screenshot

Product Announcement – Independent developer Christopher Hannah of Hemel Hempstead, United Kingdom has released Pretty Regular Expressions 1.0 for macOS. The app allows users to create and test regular expressions, which they can then fine tune with multiple options. It features a simple design, which two themes, minimal distraction, and well enough room for any type of pattern matching scenario.

It was made with developers and programmers in mind, that use regular expressions often. A lot of the time when working with regular expressions, the process in which you design the pattern, it is hard to visualise the results. With this app, users can not only tune the pattern matching engine to the best fit, but they also see what text is matched, and it makes it very easy to use and understand the results.

In Pretty Regular Expressions, users can make use of # comments, so when they are writing a more complex pattern, they can make it easier to understand. This is an option available in the settings. There’s also a strike through option, which users can enable, which displays all non-matching text with a strike-through. It seems like a simple feature, but the visual difference it makes is huge.

The other options you can use in the app are:
* Case Insensitive – Match letters in the pattern independent of case.
* Ignore Meta Characters – Treat the entire pattern text as a literal string.
* Anchors Match Lines – Allow ^ and $ to match the start and end of lines.

System Requirements:
* macOS 10.12 or later
* 64-bit processor
* 4.0 MB

Pricing and Availability:
Pretty Regular Expressions 1.0 is just $0.99 and is available worldwide exclusively through the Mac App Store in the Developer Tools category. An iOS version of the app is available through the App Store.

CLI – rsync

The rsync command is a utility common to Linux, Unix, BSD and macOS. Versions of rsync are now available on Windows systems as well.

This command is used to synchronize files and directories. This can be done between locally attached storage, or between two different network connected systems. Design of the rsync algorithm minimizes the network usage, while still maintaining file synchronization.

The rsync daemon can be run on a machine to allow other remote machines to copy file to or from it. The rsync command requires arguments indicating the source and destination locations.

There are many different command line options available to rsync. The general format is: rsync options source destination

One of the nice features of rsync is that it only copies files that have changed since the last time they were transferred. Check the reference list at the bottom of this article for suggestions of the best set for your application. Some of the simplest are:

  • rsync -avh /home/usr/dir/ /media/disk/backup/
    – this copies everything in the directory /home/usr/dir/ to /media/disk/backup/
  • rsync -avh –delete /home/user/dir/ /media/disk/backup – does the same as above except that files deleted from /home/user/dir/ will also be deleted from /media/disk/backup
  • rsync –progress -avh /home/usr/dir/ /media/disk/backup/ – does the same as the first example, but show how much of the copy is remaining

When I run rsync -h on my macOS 10.11.6 system I get the following list of options:

rsync is a file transfer program capable of efficient remote update
 via a fast differencing algorithm.

Usage: rsync [OPTION]... SRC [SRC]... DEST
 or   rsync [OPTION]... SRC [SRC]... [USER@]HOST:DEST
 or   rsync [OPTION]... SRC [SRC]... [USER@]HOST::DEST
 or   rsync [OPTION]... SRC [SRC]... rsync://[USER@]HOST[:PORT]/DEST
 or   rsync [OPTION]... [USER@]HOST:SRC [DEST]
 or   rsync [OPTION]... [USER@]HOST::SRC [DEST]
 or   rsync [OPTION]... rsync://[USER@]HOST[:PORT]/SRC [DEST]

The ':' usages connect via remote shell, while '::' & 'rsync://' usages connect to an rsync daemon, and require SRC or DEST to start with a module name.

Options

-v, --verbose               increase verbosity
 -q, --quiet                 suppress non-error messages
 --no-motd               suppress daemon-mode MOTD (see manpage caveat)
 -c, --checksum              skip based on checksum, not mod-time & size
 -a, --archive               archive mode; same as -rlptgoD (no -H)
 --no-OPTION             turn off an implied OPTION (e.g. --no-D)
 -r, --recursive             recurse into directories
 -R, --relative              use relative path names
 --no-implied-dirs       don't send implied dirs with --relative
 -b, --backup                make backups (see --suffix & --backup-dir)
 --backup-dir=DIR        make backups into hierarchy based in DIR
 --suffix=SUFFIX         set backup suffix (default ~ w/o --backup-dir)
 -u, --update                skip files that are newer on the receiver
 --inplace               update destination files in-place (SEE MAN PAGE)
 --append                append data onto shorter files
 -d, --dirs                  transfer directories without recursing
 -l, --links                 copy symlinks as symlinks
 -L, --copy-links            transform symlink into referent file/dir
 --copy-unsafe-links     only "unsafe" symlinks are transformed
 --safe-links            ignore symlinks that point outside the source tree
 -k, --copy-dirlinks         transform symlink to a dir into referent dir
 -K, --keep-dirlinks         treat symlinked dir on receiver as dir
 -H, --hard-links            preserve hard links
 -p, --perms                 preserve permissions
 --executability         preserve the file's executability
 --chmod=CHMOD           affect file and/or directory permissions
 -o, --owner                 preserve owner (super-user only)
 -g, --group                 preserve group
 --devices               preserve device files (super-user only)
 --specials              preserve special files
 -D                          same as --devices --specials
 -t, --times                 preserve times
 -O, --omit-dir-times        omit directories when preserving times
 --super                 receiver attempts super-user activities
 -S, --sparse                handle sparse files efficiently
 -n, --dry-run               show what would have been transferred
 -W, --whole-file            copy files whole (without rsync algorithm)
 -x, --one-file-system       don't cross filesystem boundaries
 -B, --block-size=SIZE       force a fixed checksum block-size
 -e, --rsh=COMMAND           specify the remote shell to use
 --rsync-path=PROGRAM    specify the rsync to run on the remote machine
 --existing              skip creating new files on receiver
 --ignore-existing       skip updating files that already exist on receiver
 --remove-source-files   sender removes synchronized files (non-dirs)
 --del                   an alias for --delete-during
 --delete                delete extraneous files from destination dirs
 --delete-before         receiver deletes before transfer (default)
 --delete-during         receiver deletes during transfer, not before
 --delete-after          receiver deletes after transfer, not before
 --delete-excluded       also delete excluded files from destination dirs
 --ignore-errors         delete even if there are I/O errors
 --force                 force deletion of directories even if not empty
 --max-delete=NUM        don't delete more than NUM files
 --max-size=SIZE         don't transfer any file larger than SIZE
 --min-size=SIZE         don't transfer any file smaller than SIZ
 --partial               keep partially transferred files
 --partial-dir=DIR       put a partially transferred file into DIR
 --delay-updates         put all updated files into place at transfer's end
 -m, --prune-empty-dirs      prune empty directory chains from the file-list
 --numeric-ids           don't map uid/gid values by user/group name
 --timeout=TIME          set I/O timeout in seconds
 -I, --ignore-times          don't skip files that match in size and mod-time
 --size-only             skip files that match in size
 --modify-window=NUM     compare mod-times with reduced accuracy
 -T, --temp-dir=DIR          create temporary files in directory DIR
 -y, --fuzzy                 find similar file for basis if no dest file
 --compare-dest=DIR      also compare destination files relative to DIR
 --copy-dest=DIR         ... and include copies of unchanged files
 --link-dest=DIR         hardlink to files in DIR when unchanged
 -z, --compress              compress file data during the transfe
 --compress-level=NUM    explicitly set compression level
 -C, --cvs-exclude           auto-ignore files the same way CVS does
 -f, --filter=RULE           add a file-filtering RULE
 -F                          same as --filter='dir-merge /.rsync-filter'
 repeated: --filter='- .rsync-filter'
 --exclude=PATTERN       exclude files matching PATTERN
 --exclude-from=FILE     read exclude patterns from FILE
 --include=PATTERN       don't exclude files matching PATTERN
 --include-from=FILE     read include patterns from FILE
 --files-from=FILE       read list of source-file names from FILE
 -0, --from0                 all *-from/filter files are delimited by 0s
 --address=ADDRESS       bind address for outgoing socket to daemon
 --port=PORT             specify double-colon alternate port number
 --sockopts=OPTIONS      specify custom TCP options
 --blocking-io           use blocking I/O for the remote shell
 --stats                 give some file-transfer stats
 -8, --8-bit-output          leave high-bit chars unescaped in output
 -h, --human-readable        output numbers in a human-readable format
 --progress              show progress during transfer
 -P                          same as --partial --progress
 -i, --itemize-changes       output a change-summary for all updates
 --out-format=FORMAT     output updates using the specified FORMAT
 --log-file=FILE         log what we're doing to the specified FILE
 --log-file-format=FMT   log updates using the specified FMT
 --password-file=FILE    read password from FILE
 --list-only             list the files instead of copying them
 --bwlimit=KBPS          limit I/O bandwidth; KBytes per second
 --write-batch=FILE      write a batched update to FILE
 --only-write-batch=FILE like --write-batch but w/o updating destination
 --read-batch=FILE       read a batched update from FILE
 --protocol=NUM          force an older protocol version to be used
 -E, --extended-attributes   copy extended attributes
 --cache                 disable fcntl(F_NOCACHE)
 -4, --ipv4                  prefer IPv4
 -6, --ipv6                  prefer IPv6
 --version               print version number
 (-h) --help                  show this help (-h works with no other options)

References:

  1. How to Backup Linux? 15 rsync Command Examples
  2. Do-It-Yourself Backup System Using Rsync
  3. Back up like an expert with rsync

See my other Command Line articles


 

Happy SysAdminDay!

hqdefault

Today, July 29, is the 17th internationally recognized day to recognize computer and network System AdministratorsSysAdminDay. The last 20 years or so of my career was spent as a Unix/Linux Sys Admin, so I like to promote this day.

Just remember that the Sys Admins are those folks behind the scenes that keep your computer network secure and your servers up and running. Usually all they hear are complaints when a system goes down. Their many long hours, often in the middle of the night and on weekends, is what keeps everything working properly.

Please show your appreciation today for any Sys Admins that you know.

Unix/Linux SysAdmin Tutorials

hqdefault

As part of their celebration of SysAdminDay coming up on July 29, Linux Foundation Training  will email you a different eBook tutorial each week over the coming 22 weeks. You MUST sign up by the end of July

Each eBook will give a short overview of one topic that SysAdmins or interested users should know. Topics will include using the command line (CLI), filesystems and storage, RAID and Swap, and Security.

You macOS users should keep in mind that much of this applies to you as well.

macOS Security

Unknown

If you are interested in security on macOS, then you will want to see the presentation by Rich Trouton (his blog is Der Flounder) at X World 2016. Trouton is a long time Mac System and Server Administrator. Trouton gave a talk entitled “OS X Security – Defense in Depth”.

This delves rather deeply into how macOS handles security and tries to protect you from malware. A PDF of the 100 slide presentation can be downloaded here.

If you are a Mac user and have any interest in Security, you should read through the presentation.

Web Tools – SpeedOf.Me

Updated 12/2/15

Screen Shot 2015-12-01 at 3.14.22 PM

Have you ever been using your computer and wondered if you were really getting the bandwidth you were paying for? Well, you can easily find out your up and down speeds with this useful HTML5 web tool. SpeedOf.Me is a web site that can be used to determine those up and down data speeds, and it is done without installing any apps on your system, nor does it require Flash or Java.

The SpeedOf.Me site was created four years ago in December of 2011. In less than a minute this web page running locally in your browser will run a seven pass download test followed by a three pass upload test. This will give you a quick snapshot of the performance of your broadband connection.

Test file sizes for download passes increase with each pass until it takes longer than eight seconds to download the file. Test file sizes range from 128KB to 128MB, doubling the file size between passes. The test files are all contiguous files, similar to what you, as a user, would be doing. Test servers from which the test files are downloaded and uploaded are spread around the world.

While the test will work with any browser supporting HTML5, the SpeedOf.Me folks recommend Chrome, Firefox or Safari for the best results.

I found this to be a great took and have added it to my bookmarks for future use.

UPDATE – One of my colleagues from CapMac contacted me after reading my post. He had compared SpeedOf.Me to others web tools and found some variation in the results. I followed up with similar tests and also found different speeds being reported. My first guess is that the methods of measuring the upload/download speed differs between these tools. That said, here is a table of the tools I tried and the results. These tests were run from the same Mac Mini over a 10 minute period.

Tool Technology Browser Download Mbps Upload Mbps
SpeedOf.Me HTML5 Safari Version 9.0.1 (11601.2.7.2) 8.31 1.53
SpeedOf.Me HTML5 Chrome
Version
47.0.2526.73 (64-bit)
8.3 1.4
TestMy.net HTML5 Safari Version 9.0.1 (11601.2.7.2) 7.6 1.4
TestMy.net HTML5 Chrome Version 47.0.2526.73 (64-bit) 7.8 1.3
SpeakEasy.net/speeedtest Flash Chrome Version 47.0.2526.73 (64-bit) 7.71 1.41
speedtest.comcast.net/ Flash Chrome Version 47.0.2526.73 (64-bit) 7.61 1.46
speedtest.net Flash Chrome Version 47.0.2526.73 (64-bit) 7.60 1.46

 


See my other Web Tool articles