Pages

Wednesday, August 14, 2019

Fedora 30 : First steps with Fedora firewall.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.[1] A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.[2], see the wikipedia. In this short tutorial about the Fedora firewall subject, I will show you how you can use firewall commands to set it. The install is simple with dnf tool:
[root@desk mythcat]# dnf install firewalld firewall-config 
Let's start with the status of your firewall:
[root@desk mythcat]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
...
You can use start , restart or stop it.

[root@desk mythcat]# systemctl start firewalld
[root@desk mythcat]# systemctl restart firewalld
[root@desk mythcat]# systemctl stop firewalld
Let's see active zones:
[root@desk mythcat]# firewall-cmd --get-active-zones
We can see all active for public zone with:
[root@desk mythcat]# firewall-cmd --zone=public --list-all
We can see all ports for public zone:
[root@desk mythcat]# firewall-cmd --zone=public --list-ports 
These commands are used for add and remove ports:
[root@desk mythcat]# firewall-cmd --permanent --zone=public --add-port=80/tcp
[root@desk mythcat]# firewall-cmd --permanent --zone=public --remove-port=80/tcp
Let's see services:
[root@desk mythcat]# firewall-cmd --get-services 
RH-Satellite-6 amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client 
bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine cockpit 
condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns docker-registry docker-swarm 
dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-ldap freeipa-ldaps 
freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git gre high-availability 
http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kerberos 
kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls lightning-network llmnr 
managesieve matrix mdns minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql 
nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole 
plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio
 puppetmaster quassel radius redis rpc-bind rsh rsyncd rtsp salt-master samba samba-client 
samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid 
ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tftp 
tftp-client tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http 
wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent 
zabbix-server
Let's add and remove one service named ftp:
[root@desk mythcat]# firewall-cmd --zone=public --add-service=ftp
[root@desk mythcat]# firewall-cmd --zone=public --remove-service=ftp
Let's see all running services:
[root@desk mythcat]# firewall-cmd --zone=public --list-services
If you want to block/unblock any incoming or outgoing connections then use this:
[root@desk mythcat]# firewall-cmd --panic-on
[root@desk mythcat]# firewall-cmd --panic-off 
For example, after you use panic-on then you can check with this:
[root@desk mythcat]# ping google.com -c 1
[root@desk mythcat]# firewall-cmd --query-panic
[root@desk mythcat]# firewall-cmd --panic-off
You can masquerade your IP address with:
[root@desk mythcat]# firewall-cmd --zone=external --query-masquerade
Another example: we can forward all tcp port 80 connections to IP 6.6.6.6 :
[root@desk mythcat]# firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toaddr=6.6.6.6
Let's see ICMP:
[root@desk mythcat]# firewall-cmd --get-icmptypes
address-unreachable bad-header beyond-scope communication-prohibited destination-unreachable 
echo-reply echo-request failed-policy fragmentation-needed host-precedence-violation 
host-prohibited host-redirect host-unknown host-unreachable ip-header-bad 
neighbour-advertisement neighbour-solicitation network-prohibited network-redirect 
network-unknown network-unreachable no-route packet-too-big parameter-problem 
port-unreachable precedence-cutoff protocol-unreachable redirect reject-route 
required-option-missing router-advertisement router-solicitation source-quench 
source-route-failed time-exceeded timestamp-reply timestamp-request tos-host-redirect 
tos-host-unreachable tos-network-redirect tos-network-unreachable 
ttl-zero-during-reassembly ttl-zero-during-transit unknown-header-type 
unknown-option
We can use it for block or not the echo:
[root@desk mythcat]# firewall-cmd --zone=external --query-icmp-block=echo-reply
[root@desk mythcat]# firewall-cmd --zone=external --add-icmp-block=echo-reply
[root@desk mythcat]# firewall-cmd --direct --get-rules ipv4 filter IN_public
[root@desk mythcat]# firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 
...
I cannot show you a magic rule because this depends by your network and your software. You can use this command to see all into a graphic interface.
[root@desk mythcat]# firewall-config
This will give a good image of your firewall settings.

Monday, August 12, 2019

Fedora 30 : First step with Ionic.

My laptop is crash and is hard for me to write tutorials for me.
The last tutorial I created with Fedora 30 is about Ionic.
You can read this tutorial here.

Friday, August 9, 2019

Fedora 30 : The VS Code on Fedora.

The Visual Studio Code editor is officially distributed as a Snap package in the Snap Store.
It runs well on the Fedora distro, but with my Window operating system is crash often.
I like to develop my python projects like Flask and Django with this editor.
You can install it very easy on Fedora with the dnf tool:
[mythcat@desk ~]# dnf check-update
[mythcat@desk ~]# dnf update
[mythcat@desk ~]# exit
[mythcat@desk ~]$ sudo dnf install code
[sudo] password for mythcat: 
...
Is this ok [y/N]: y
...
Installed:
  code-1.37.0-1565228125.el7.x86_64
For Snap install you can use this command:
sudo snap install --classic code
Let's run it with:
[mythcat@desk ~]$ code
You can find many videos about this editor at official YouTube channel.
The result of my installation on Fedora 30 distro can be seen at this screenshot:

Tuesday, August 6, 2019

Fedora 30 : The gpg tool.

GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. see the official webpage.
Today I test it with Fedora 30 distro and works well.
You can find this tool in many Linux distros.
Let's install it with dnf tool.
[root@desk mythcat]# dnf install gnupg
Last metadata expiration check: 0:18:30 ago on Tue 06 Aug 2019 11:07:20 AM EEST.
Package gnupg2-2.2.17-1.fc30.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@desk mythcat]# exit
exit
This tool can be run with the gpg command and arguments: Let's see some example:
[mythcat@desk ~]$ gpg --list-secret-keys
[mythcat@desk ~]$ gpg --list-keys
[mythcat@desk ~]$ gpg --full-generate-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Catalin George Festila
Email address: catafest@yahoo.com
Comment: test gpg key 
You selected this USER-ID:
...
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

Enter password for protection

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
... 
This command is normally only used interactive to generate a new key pair.
[mythcat@desk ~]$ gpg --gen-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: 
... 
Let's see the list with the keys:
[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
--------------------------------
The key can be exported in a binary format with this command:
[mythcat@desk ~]$ gpg --output mythcat --export catafest@yahoo.com
When the key is to be sent through email or published on a web page will can use a command-line option --armor.
[mythcat@desk ~]$ gpg --armor --export catafest@yahoo.com > catafest.key
Let's see this key:
[mythcat@desk ~]$ cat catafest.key 
...
Now If you can see the new key:
[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
-------------------------------- 
I can edit this key:
[mythcat@desk ~]$ gpg --edit-key catafest@yahoo.com
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.
...
gpg> ?
quit        quit this menu
save        save and quit
help        show this help
fpr         show key fingerprint
grip        show the keygrip
...
enable      enable key
disable     disable key
showphoto   show selected photo IDs
clean       compact unusable user IDs and remove unusable signatures from key
minimize    compact unusable user IDs and remove all signatures from key
...
The key can be import and export it:
[mythcat@desk ~]$ gpg --export -a catafest >  catafest_public.key
[mythcat@desk ~]$ gpg --import -a catafest_public.key 
...
gpg: Total number processed: 1
gpg:              unchanged: 1
Let's see one example with encrypt and decrypt feature:
[mythcat@desk ~]$ echo "test gpg encrypt" >> gpgtest.txt
[mythcat@desk ~]$ gpg -e -r "catafest" gpgtest.txt 
[mythcat@desk ~]$ gpg -d  gpgtest.txt.gpg 
...
test gpg encrypt
Another example is encrypt and decrypt using aditional arguments like --batch and --passphrase-file:
[mythcat@desk ~]$ gpg --export --armor --output catafest.asc catafest@yahoo.com
[mythcat@desk ~]$ gpg --import catafest.asc 
...
gpg: Total number processed: 1
gpg:              unchanged: 1
[mythcat@desk ~]$ echo "this text will be encrypt and decrypt" | gpg --passphrase-file catafest.asc 
--batch --symmetric --cipher-algo AES256 > testgpg_001.txt
[mythcat@desk ~]$ gpg --batch --passphrase-file catafest.asc -d testgpg_001.txt
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
this text will be encrypt and decrypt

Monday, July 8, 2019

Fedora 30 : Using the python-wikitcms.

This python module named python-wikitcms can be used for interacting with the Fedora wiki.
The Fedora wiki used Fedora's Wikitcms.
Today I test it and works great with Fedora distro version 30.
First, the install of the fedora package with DNF tool:
[root@desk mythcat]# dnf install python3-wikitcms.noarch
...
Downloading Packages:
(1/8): python3-mwclient-0.9.3-3.fc30.noarch.rpm 186 kB/s |  61 kB     00:00    
(2/8): python3-fedfind-4.2.5-1.fc30.noarch.rpm  314 kB/s | 105 kB     00:00    
(3/8): python3-cached_property-1.5.1-3.fc30.noa  41 kB/s |  20 kB     00:00    
(4/8): python3-requests-oauthlib-1.0.0-1.fc29.n 313 kB/s |  40 kB     00:00    
(5/8): python3-jwt-1.7.1-2.fc30.noarch.rpm      112 kB/s |  42 kB     00:00    
(6/8): python3-oauthlib-2.1.0-1.fc29.noarch.rpm 293 kB/s | 153 kB     00:00    
(7/8): python3-simplejson-3.16.0-2.fc30.x86_64. 641 kB/s | 278 kB     00:00    
(8/8): python3-wikitcms-2.4.2-2.fc30.noarch.rpm 264 kB/s |  84 kB     00:00
I used this simple example to get information about the Fedora wiki:
[mythcat@desk ~]$ python3
Python 3.7.3 (default, May 11 2019, 00:38:04) 
[GCC 9.1.1 20190503 (Red Hat 9.1.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from wikitcms.wiki import Wiki
>>> my_site = Wiki()
>>> event = my_site.current_event
>>> print(event.version)
31 Rawhide 20190704.n.1
>>> page = my_site.get_validation_page('Installation','23','Final','RC10')
>>> for row in page.get_resultrows():
...     print(row.testcase)
... 
QA:Testcase_Mediakit_Checksums
QA:Testcase_Mediakit_ISO_Size
QA:Testcase_Mediakit_Repoclosure
QA:Testcase_Mediakit_FileConflicts
QA:Testcase_Boot_default_install
...
>>> dir(my_site)
I used this source code to login with my account.
>>> my_site.login()
A webpage is open to get access to the account and show this info:
The OpenID Connect client Wiki Test Control Management System is asking to authorize access for mythcat. this allow you to access it 
After I agree with this the page tells me to close it:
You can close this window and return to the CLI
The next examples show you how to get and show information from the wiki:
>>> print(my_site.username)
Mythcat
>>> result = my_site.api('query', titles='Mythcat')
>>> for page in result['query']['pages'].values():
...             print(page['title'])
... 
Mythcat
>>> for my_contributions in my_site.usercontributions('Mythcat'):
...     print(my_contributions)
...
This python module comes with low documentation.

Sunday, June 30, 2019

Fedora 30 : The Pythonic tool.

The tutorial for today is about Pythonic tool.
Named Pythonic is a graphical programming tool that makes it easy for users to create Python applications using ready-made function modules.
This tool providing the consistent features and characteristics of a trading bot with just a few clicks.
The Pythonic tool is currently available in four languages: English, German, Spanish, and Chinese. 
The tool comes with basic functions such as a scheduler, if-branches, connectivity, and logging functions are available out of the box and can be parameterized using a corresponding GUI.
Each graphical element is functionally processed individually.
The base idea is: A unique graphical input mask to carry out the parameterization necessary for processing, then after a process completes successfully, the returned result can be transferred to a subsequent process for further use.
You can use server processes can be placed in parallel in the background as listener applications that wait for external events and initiate the creation of a process when the event arrives.
Pythonic's data type list makes it easy to utilize different access techniques (push, pop, insert, append).
The install of this tool is easy on Fedora 30 distro:
[mythcat@desk ~]$ python3.7 -m pip install Pythonic --user
Collecting Pythonic
...
Successfully installed PyQt5-5.8.2 Pythonic-0.12 pandas-0.24.2 pythonic-binance-0.7.2
This is a screenshot with this tool.

Tuesday, June 4, 2019

Fedora 30 : About HTTPie.

From the official website we can get this info about this tool.
HTTPie consists of a single http command designed for painless debugging and interaction with
  • HTTP servers, RESTful APIs, and web services:
  • Sensible defaults;
  • Expressive and intuitive command syntax;
  • Colorized and formatted terminal output;
  • Built-in JSON support;
  • Persistent sessions;
  • Forms and file uploads;
  • HTTPS, proxies, and authentication support;
  • Support for arbitrary request data and headers;
  • Wget-like downloads;
  • Extensions;
  • Linux, macOS, and Windows support;
  • And more…
Let's install this tool:
[root@desk mythcat]# dnf install httpie
...
Installed:
  httpie-0.9.4-13.fc30.noarch       python3-pygments-2.2.0-16.fc30.noarch 
Let's try a simple example:
[mythcat@desk ~]$ http httpie.org
HTTP/1.1 301 Moved Permanently
CF-RAY: 4e18f3613c36acf4-OTP
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 04 Jun 2019 09:41:22 GMT
Expires: Tue, 04 Jun 2019 10:41:22 GMT
Location: https://httpie.org/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
The tool can also be tested online here.