From f72a283e3d345312be4af991b076151032ca6afa Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Sun, 22 Jan 2023 16:59:38 +0000 Subject: [PATCH 1/7] Adding to fiewalld cheat sheet --- .../Linux-and-BSD-firewalls-cheat-sheet.adoc | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc b/cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc index fbf7d56..498093a 100644 --- a/cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc +++ b/cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc @@ -4,7 +4,37 @@ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ == Firewalld daemon management (Red Hat based distributions) -.firewall-cmd commands + +=== Enable, disable, reload the daemon +[cols=2, options="header"] +|=== +|Command +|Description + +|*systemctl disable/enable firewalld* +|Disable/enable firewalld, survives reboot. + +|*systemctl stop firewalld* +|Stop firewalld until started manually or reboot. + + +|*firewall-cmd --reload* +|Reload firewall rules to make your changes active, keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`. + +|*systemctl restart firewalld* +|Restart the daemon, without resetting the active connections. Use in case of +problems with the daemon. + +|*firewall-cmd --complete-reload* +|Reload firewall completely, disconnecting the active connections. When nothing +else helps. + + + + +|=== +=== List rules, status, additional info + [cols=2, options="header"] |=== |Command @@ -16,8 +46,6 @@ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ |*firewall-cmd --list-all* |List currently active rules -|*firewall-cmd --reload* -|Reload firewall keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`. |*firewall-cmd --get-default-zone* | Show the default zone for interfaces. From 3f16611cf0f0f4c4e971e0a4808d8e2359c8d94c Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 23 Jan 2023 10:25:12 +0000 Subject: [PATCH 2/7] Added AWS CLI Route53 cheat sheet --- cheat-sheets/Route53-AWS-CLI-examples.adoc | 144 +++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 cheat-sheets/Route53-AWS-CLI-examples.adoc diff --git a/cheat-sheets/Route53-AWS-CLI-examples.adoc b/cheat-sheets/Route53-AWS-CLI-examples.adoc new file mode 100644 index 0000000..4bfd395 --- /dev/null +++ b/cheat-sheets/Route53-AWS-CLI-examples.adoc @@ -0,0 +1,144 @@ += Route53 AWS CLI examples cookbook +:homepage: https://yurisk.info +:toc: +Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ + + +== Short Introduction +* AWS ROute53 is the only service with 100% SLA. +* Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the + rest are registered via _Gandi SAS_ + + + +== List all hosted zones (private and public) +[source, bash] +---- +aws route53 list-hosted-zones +---- + +If you are using configuration profiles: + +[source, bash] +---- +aws route53 list-hosted-zones --profile +---- + +This command returns _zone-id_ you will need in future queries. + +== Show all records of a zone + +[source, bash] +---- +aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT --profile +awsadmin +---- + + +=== Filter output for specific records +Show all and only A records from a zone: + +---- +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile +awsadmin --query "ResourceRecordSets[?Type == 'A'] " +---- + +Show only records matching the given record value (_here _www.yurisk.info_): + +---- +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile +awsadmin --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " +---- + +NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToen` +if you expect to get more results. + +== Create a new public zone + +Create a new public zone named _example334455.com_: + +---- +aws route53 create-hosted-zone --name example334455.com --caller-reference +some-text-for-me-for-reference +---- + +On success returns zone's ID, request status (e.g. `Pending`), allocated name +servers. The `caller-reference` you set is used for identifying this request in +logs etc. and can be arbitrary string. + +== Add A record to a zone +While mainly expected to store the A record in JSON format in a local file, we +can specify the record(s) to add explicitly with `--change-batch`. Let's add A +record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_: + +---- +aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW +--change-batch ' +{ +"Comment": "Adding A record", +"Changes": [ +{ +"Action": "CREATE", +"ResourceRecordSet": { +"Name": "www.example334455.com", +"Type": "A", +"TTL": 600, +"ResourceRecords": [ +{ +"Value": "1.2.3.4" +} +] +} +} +] +} +' +---- + +== Delete a record from a zone +Let's delete the A record just created _www.example334455.com_ (we use +`Action:DELETE`): + +---- +aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW +--change-batch ' +{ +"Comment": "Adding A record", +"Changes": [ +{ +"Action": "DELETE", +"ResourceRecordSet": { +"Name": "www.example334455.com", +"Type": "A", +"TTL": 600, +"ResourceRecords": [ +{ +"Value": "1.2.3.4" +} +] +} +} +] +} +' +---- + +== Delete a zone completely +NOTE: You cannot delete a non-empty zone, have to 1st delete all records except +NS. + +Trying to delete a zone with other than NS records gives this error: + +---- +An error occurred (HostedZoneNotEmpty) when calling the DeleteHostedZone +operation: The specified hosted zone contains non-required resource record +sets and so cannot be deleted +---- + +We delete the empty zone _example334455.com_: + +---- +aws route53 delete-hosted-zone --id Z0967968IADGHN5TI3WW +---- + + From 991d6db9240a2f7f158b4b9c0ad07434950ef9b4 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 23 Jan 2023 10:27:34 +0000 Subject: [PATCH 3/7] ongoing additions, changes, and fixes --- cheat-sheets/Route53-AWS-CLI-examples.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cheat-sheets/Route53-AWS-CLI-examples.adoc b/cheat-sheets/Route53-AWS-CLI-examples.adoc index 4bfd395..18affab 100644 --- a/cheat-sheets/Route53-AWS-CLI-examples.adoc +++ b/cheat-sheets/Route53-AWS-CLI-examples.adoc @@ -5,7 +5,7 @@ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/ == Short Introduction -* AWS ROute53 is the only service with 100% SLA. +* AWS Route53 is the only service with 100% SLA. * Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the rest are registered via _Gandi SAS_ @@ -43,14 +43,14 @@ aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile awsadmin --query "ResourceRecordSets[?Type == 'A'] " ---- -Show only records matching the given record value (_here _www.yurisk.info_): +Show only records matching the given record value (here _www.yurisk.info_): ---- aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile awsadmin --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " ---- -NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToen` +NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken` if you expect to get more results. == Create a new public zone From a150119eab36a546e0dd3feea1945f25ace15f97 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 23 Jan 2023 10:28:36 +0000 Subject: [PATCH 4/7] Added AWS CLI Route53 cheat sheet --- cheat-sheets/Route53-AWS-CLI-examples.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cheat-sheets/Route53-AWS-CLI-examples.adoc b/cheat-sheets/Route53-AWS-CLI-examples.adoc index 18affab..ccb4987 100644 --- a/cheat-sheets/Route53-AWS-CLI-examples.adoc +++ b/cheat-sheets/Route53-AWS-CLI-examples.adoc @@ -67,7 +67,7 @@ servers. The `caller-reference` you set is used for identifying this request in logs etc. and can be arbitrary string. == Add A record to a zone -While mainly expected to store the A record in JSON format in a local file, we +While mainly expected to store the record in JSON format in a local file, we can specify the record(s) to add explicitly with `--change-batch`. Let's add A record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_: From 3d65070aaf7e7d6c99c121708ab554ee87075b7d Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 23 Jan 2023 10:36:00 +0000 Subject: [PATCH 5/7] Added AWS CLI Route53 cheat sheet --- cheat-sheets/Route53-AWS-CLI-examples.adoc | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cheat-sheets/Route53-AWS-CLI-examples.adoc b/cheat-sheets/Route53-AWS-CLI-examples.adoc index ccb4987..8f07bc1 100644 --- a/cheat-sheets/Route53-AWS-CLI-examples.adoc +++ b/cheat-sheets/Route53-AWS-CLI-examples.adoc @@ -30,8 +30,7 @@ This command returns _zone-id_ you will need in future queries. [source, bash] ---- -aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT --profile -awsadmin +aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT ---- @@ -39,15 +38,13 @@ awsadmin Show all and only A records from a zone: ---- -aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile -awsadmin --query "ResourceRecordSets[?Type == 'A'] " +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --query "ResourceRecordSets[?Type == 'A'] " ---- Show only records matching the given record value (here _www.yurisk.info_): ---- -aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --profile -awsadmin --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " ---- NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken` From 6f8240cfacf4603aad5f1be96e1a63b54a08bee4 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Mon, 23 Jan 2023 10:38:39 +0000 Subject: [PATCH 6/7] Added AWS CLI Route53 cheat sheet --- cheat-sheets/Route53-AWS-CLI-examples.adoc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/cheat-sheets/Route53-AWS-CLI-examples.adoc b/cheat-sheets/Route53-AWS-CLI-examples.adoc index 8f07bc1..fe1c021 100644 --- a/cheat-sheets/Route53-AWS-CLI-examples.adoc +++ b/cheat-sheets/Route53-AWS-CLI-examples.adoc @@ -38,13 +38,15 @@ aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT Show all and only A records from a zone: ---- -aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --query "ResourceRecordSets[?Type == 'A'] " +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \ +--query "ResourceRecordSets[?Type == 'A'] " ---- Show only records matching the given record value (here _www.yurisk.info_): ---- -aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " +aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \ + --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] " ---- NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken` @@ -55,8 +57,8 @@ if you expect to get more results. Create a new public zone named _example334455.com_: ---- -aws route53 create-hosted-zone --name example334455.com --caller-reference -some-text-for-me-for-reference +aws route53 create-hosted-zone --name example334455.com \ +--caller-reference some-text-for-me-for-reference ---- On success returns zone's ID, request status (e.g. `Pending`), allocated name @@ -69,7 +71,7 @@ can specify the record(s) to add explicitly with `--change-batch`. Let's add A record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_: ---- -aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW +aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \ --change-batch ' { "Comment": "Adding A record", @@ -97,7 +99,7 @@ Let's delete the A record just created _www.example334455.com_ (we use `Action:DELETE`): ---- -aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW +aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \ --change-batch ' { "Comment": "Adding A record", From b3e386f2a97d65d282b439d3572daf346c12b619 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Fri, 27 Jan 2023 16:47:09 +0000 Subject: [PATCH 7/7] Added to Fortigate dia debug CLI 8 --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index 4b347a2..0978fee 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -928,6 +928,11 @@ proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-al |*diagnose debug application sshd -1* |Debug SSH administrator session. +|*dia debug cli 8* +|Nice trick: this will print CLI commands the Fortigate runs when you do +something in the GUI. This way we can find CLI commands without long search in +Google or documentation. + |===