diff --git a/14_interrogate_resources/CGROUPS.md b/14_interrogate_resources/CGROUPS.md new file mode 100644 index 0000000..11b886a --- /dev/null +++ b/14_interrogate_resources/CGROUPS.md @@ -0,0 +1,54 @@ +# README + +Demonstrate how to work with `cgroups` + +TODO: + +* Demonstrate sshing into a cgroup to stop starvation + +## cgroups + +```sh +# man pages +man cgroups + +# list filesystems and look at cgroups +# nodev cgroup +# nodev cgroup2 +cat /proc/filesystems + +# see where they a virtually mounted +mount +``` + +## Install tooling + +```sh +# install tooling +sudo apt install cgroup-tools + +# list cgroup tools +dpkg -L cgroup-tools | grep bin +``` + +## Walk the filesystem + +```sh +# cgroups v1 +ls /sys/fs/cgroup/ + +# cgroups v2 (not on my ubuntu docker image on macosx) +ls /sys/fs/cgroup/unified +``` + + +## Resources + +* The current adoption status of cgroup v2 in containers [here](https://medium.com/nttlabs/cgroup-v2-596d035be4d7) +* Managing resources with cgroups in systemd [here](https://opensource.com/article/20/10/cgroups) +* Everything You Need to Know about Linux Containers, Part I: Linux Control Groups and Process Isolation [here](https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-i-linux-control-groups-and-process) +* Everything You Need to Know about Linux Containers, Part II: Working with Linux Containers (LXC) [here](https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-ii-working-linux-containers-lxc) +* How to ensure ssh via cgroups on centos? SSH into a cgroup [here](https://unix.stackexchange.com/questions/209199/how-to-ensure-ssh-via-cgroups-on-centos) +* controlling priority of applications using cgroups [here](https://unix.stackexchange.com/questions/56538/controlling-priority-of-applications-using-cgroups) +* cgroupsv2 [here](https://unix.stackexchange.com/questions/471476/how-do-i-check-cgroup-v2-is-installed-on-my-machine) + diff --git a/14_interrogate_resources/DISK.md b/14_interrogate_resources/DISK.md index 4f4a991..c8ebbe3 100644 --- a/14_interrogate_resources/DISK.md +++ b/14_interrogate_resources/DISK.md @@ -1,9 +1,13 @@ # DISK +Demonstrate disk operations and resource usage. + The df utility displays statistics about the amount of free disk space on the specified filesystem or on the filesystem of which file is a part. Values are displayed in 512-byte per block counts. If neither a file or a filesystem operand is specified, statistics for all mounted filesystems are displayed. - + +## Drives + ```sh -# free space +# free space on devices df -h # include inodes @@ -15,5 +19,31 @@ Display disk usage statistics ```sh # disk usage (depth 1)q du -h -d1 ./ + +# disk usages +du -sh ../ +``` + +## Files + +```sh +# file size in bytes +stat --printf="%s" DISK.md + +du -b ./DISK.md +``` + +## IO + +```sh +sudo apt-get install sysstat +sudo apt-get install iotop + +iostat -d +sudo iotop ``` +## Resources + +* How to Monitor Disk IO in a Linux System [here](https://www.baeldung.com/linux/monitor-disk-io) + diff --git a/14_interrogate_resources/README.md b/14_interrogate_resources/README.md index 8d11ccf..f108714 100644 --- a/14_interrogate_resources/README.md +++ b/14_interrogate_resources/README.md @@ -15,10 +15,11 @@ TODO: ## Areas -[Disk](./DISK.md) -[Memory](./MEMORY.md) -[Network](./NETWORK.md) -[Processes](./PROCESSES.md) +* [cgroups](./CGROUPS.md) +* [Disk](./DISK.md) +* [Memory](./MEMORY.md) +* [Network](./NETWORK.md) +* [Processes](./PROCESSES.md) ## Boot Image diff --git a/21_iptables/README.md b/21_iptables/README.md new file mode 100644 index 0000000..59127f9 --- /dev/null +++ b/21_iptables/README.md @@ -0,0 +1,77 @@ +# README + +Demonstrate linux networking commands. + +TODO: + +* +https://www.nginx.com/blog/websocket-nginx/ + + +* iptables + * use iptables to test sockets. +* What network interfaces exist? +* What routes exist? +* ping? +* Ports bound to processes on interfaces? + * Is it possible to open the same port on different interaces? + + + +Is it inefficient to bind to all interfaces 0.0.0.0? +List veth. + + +lo interface is the loopback. + +cat /etc/services + + +python3 -m http.server +ss -plantu +curl http://0.0.0.0:8000/ + +ip addr + +ip route + +ip route show table local + +ip -4 addr show dev lo + +ip route get 142.250.179.238 + + + + +https://askubuntu.com/questions/247625/what-is-the-loopback-device-and-how-do-i-use-it + +https://tldp.org/LDP/nag/node66.html + +https://askubuntu.com/questions/181041/how-is-the-loopback-device-implemented + +https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking + + +https://www.kernel.org/doc/Documentation/networking/ipvlan.txt + +Can I use iptables to create a faulty websocket? +https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ + +https://spin.atomicobject.com/2012/10/01/useful-iptables-port-forwarding-patterns/ + +iptables protection for websockets +https://gist.github.com/valeriansaliou/9632580178e83da1dabce1bbe2cb6a76 + + +hardening docker networking +https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/docker/docker-hardening-guide/docker-network-hardening + +https://docs.docker.com/network/iptables/ + + +https://www.reddit.com/r/docker/comments/uqado4/need_assistance_with_docker_macvlan/?utm_medium=android_app&utm_source=share + + +websocket nginx proxy +https://mpolinowski.github.io/devnotes/2021-09-09--websocket-NGINX/ diff --git a/21_iptables/docker-compose.yaml b/21_iptables/docker-compose.yaml new file mode 100644 index 0000000..38bede5 --- /dev/null +++ b/21_iptables/docker-compose.yaml @@ -0,0 +1,26 @@ +services: + nginx: + image: "nginx:1.20.1" + environment: + - VERSION=nginx:1.20.1 + ports: + - "8080:80" + networks: + - service_bridge + profiles: [all, backend] + + podinfo_a: + image: "stefanprodan/podinfo:6.1.4" + environment: + - VERSION=0.0.1 + - PODNAME=info_a + ports: + - "9001:9898" + command: [ "./podinfo", "--level=debug" ] + networks: + - service_bridge + +networks: + service_bridge: + driver: bridge +