Start to look at iptables and how I can use it for testing and hardening services.

14_interrogate_resources/CGROUPS.md

@@ -0,0 +1,54 @@
+# README
+
+Demonstrate how to work with `cgroups`
+
+TODO:
+
+* Demonstrate sshing into a cgroup to stop starvation
+
+## cgroups
+
+```sh
+# man pages
+man cgroups
+
+# list filesystems and look at cgroups 
+# nodev   cgroup
+# nodev   cgroup2
+cat /proc/filesystems  
+
+# see where they a virtually mounted
+mount
+```
+
+## Install tooling
+
+```sh
+# install tooling
+sudo apt install cgroup-tools  
+
+# list cgroup tools
+dpkg -L cgroup-tools | grep bin
+```
+
+## Walk the filesystem
+
+```sh
+# cgroups v1
+ls /sys/fs/cgroup/
+
+# cgroups v2 (not on my ubuntu docker image on macosx)
+ls /sys/fs/cgroup/unified     
+```
+
+
+## Resources
+
+* The current adoption status of cgroup v2 in containers [here](https://medium.com/nttlabs/cgroup-v2-596d035be4d7)
+* Managing resources with cgroups in systemd [here](https://opensource.com/article/20/10/cgroups)
+* Everything You Need to Know about Linux Containers, Part I: Linux Control Groups and Process Isolation [here](https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-i-linux-control-groups-and-process)
+* Everything You Need to Know about Linux Containers, Part II: Working with Linux Containers (LXC) [here](https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-ii-working-linux-containers-lxc)
+* How to ensure ssh via cgroups on centos? SSH into a cgroup [here](https://unix.stackexchange.com/questions/209199/how-to-ensure-ssh-via-cgroups-on-centos)
+* controlling priority of applications using cgroups [here](https://unix.stackexchange.com/questions/56538/controlling-priority-of-applications-using-cgroups)
+* cgroupsv2 [here](https://unix.stackexchange.com/questions/471476/how-do-i-check-cgroup-v2-is-installed-on-my-machine)  
+

14_interrogate_resources/DISK.md

@@ -1,9 +1,13 @@
 # DISK
 
+Demonstrate disk operations and resource usage.  
+
 The df utility displays statistics about the amount of free disk space on the specified filesystem or on the filesystem of which file is a part.  Values are displayed in 512-byte per block counts.  If neither a file or a filesystem operand is specified, statistics for all mounted filesystems are displayed.
-
+
+## Drives
+
 ```sh
-# free space
+# free space on devices
 df -h
 
 # include inodes
@@ -15,5 +19,31 @@ Display disk usage statistics
 ```sh
 # disk usage (depth 1)q
 du -h -d1 ./        
+
+# disk usages
+du -sh ../    
+```
+
+## Files
+
+```sh
+# file size in bytes 
+stat --printf="%s" DISK.md  
+
+du -b ./DISK.md         
+```
+
+## IO
+
+```sh
+sudo apt-get install sysstat    
+sudo apt-get install iotop   
+
+iostat -d 
+sudo iotop  
 ```
 
+## Resources 
+
+* How to Monitor Disk IO in a Linux System [here](https://www.baeldung.com/linux/monitor-disk-io)
+

14_interrogate_resources/README.md

@@ -15,10 +15,11 @@ TODO:
 
 ## Areas
 
-[Disk](./DISK.md)  
-[Memory](./MEMORY.md)  
-[Network](./NETWORK.md)  
-[Processes](./PROCESSES.md)  
+* [cgroups](./CGROUPS.md)  
+* [Disk](./DISK.md)  
+* [Memory](./MEMORY.md)  
+* [Network](./NETWORK.md)  
+* [Processes](./PROCESSES.md)  
 
 ## Boot Image
 

21_iptables/README.md

@@ -0,0 +1,77 @@
+# README
+
+Demonstrate linux networking commands.  
+
+TODO:
+
+* 
+https://www.nginx.com/blog/websocket-nginx/
+
+
+* iptables
+    * use iptables to test sockets.  
+* What network interfaces exist?
+* What routes exist?
+* ping?  
+* Ports bound to processes on interfaces?
+    * Is it possible to open the same port on different interaces?  
+
+
+
+Is it inefficient to bind to all interfaces 0.0.0.0?
+List veth.
+
+
+lo interface is the loopback.
+
+cat /etc/services 
+
+
+python3 -m http.server 
+ss -plantu
+curl http://0.0.0.0:8000/    
+
+ip addr
+
+ip route 
+
+ip route show table local
+
+ip -4 addr show dev lo
+
+ip route get 142.250.179.238
+
+
+
+
+https://askubuntu.com/questions/247625/what-is-the-loopback-device-and-how-do-i-use-it
+
+https://tldp.org/LDP/nag/node66.html
+
+https://askubuntu.com/questions/181041/how-is-the-loopback-device-implemented
+
+https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking
+
+
+https://www.kernel.org/doc/Documentation/networking/ipvlan.txt
+
+Can I use iptables to create a faulty websocket?
+https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
+
+https://spin.atomicobject.com/2012/10/01/useful-iptables-port-forwarding-patterns/
+
+iptables protection for websockets
+https://gist.github.com/valeriansaliou/9632580178e83da1dabce1bbe2cb6a76
+
+
+hardening docker networking
+https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/docker/docker-hardening-guide/docker-network-hardening
+
+https://docs.docker.com/network/iptables/
+
+
+https://www.reddit.com/r/docker/comments/uqado4/need_assistance_with_docker_macvlan/?utm_medium=android_app&utm_source=share
+
+
+websocket nginx proxy
+https://mpolinowski.github.io/devnotes/2021-09-09--websocket-NGINX/

21_iptables/docker-compose.yaml

@@ -0,0 +1,26 @@
+services:
+    nginx:
+        image: "nginx:1.20.1"
+        environment:
+            - VERSION=nginx:1.20.1
+        ports:
+            - "8080:80"
+        networks:
+            - service_bridge
+        profiles: [all, backend]
+
+    podinfo_a:
+        image: "stefanprodan/podinfo:6.1.4"
+        environment:
+            - VERSION=0.0.1   
+            - PODNAME=info_a                    
+        ports:
+            - "9001:9898"
+        command: [ "./podinfo", "--level=debug" ]            
+        networks:
+            - service_bridge
+
+networks:
+    service_bridge:
+        driver: bridge
+