Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Linux System Troubleshooting

102 views

Published on

Linux System Troubleshooting Tutorial from LISA 2019

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Linux System Troubleshooting

  1. 1. http://bit.ly/33NpWEk Linux SystemsLinux Systems TroubleshootingTroubleshooting Thomas UphillThomas Uphill thomas@uphillian.comthomas@uphillian.com
  2. 2. http://bit.ly/33NpWEk MeMe consulting@uphillian.comconsulting@uphillian.com
  3. 3. http://bit.ly/33NpWEk ResourcesResources tutorial.mdtutorial.md https://github.com/uphillian/lisa2019https://github.com/uphillian/lisa2019 https://github.com/uphillian/troubleshootinglinuxhttps://github.com/uphillian/troubleshootinglinux
  4. 4. http://bit.ly/33NpWEk A storyA story
  5. 5. http://bit.ly/33NpWEk
  6. 6. http://bit.ly/33NpWEk DB
  7. 7. http://bit.ly/33NpWEk DB ⇨
  8. 8. http://bit.ly/33NpWEk DB ⇨ gethostname
  9. 9. http://bit.ly/33NpWEk DB ⇨ gethostname
  10. 10. http://bit.ly/33NpWEk DB ⇨ gethostname Backup
  11. 11. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨
  12. 12. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨ gethostname
  13. 13. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨ gethostname
  14. 14. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨ gethostname
  15. 15. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨ gethostname
  16. 16. http://bit.ly/33NpWEk DB ⇨ gethostname Backup ⇨ gethostname
  17. 17. http://bit.ly/33NpWEk Where to start?Where to start?
  18. 18. http://bit.ly/33NpWEk ltraceltrace
  19. 19. http://bit.ly/33NpWEk ltraceltrace Why?
  20. 20. http://bit.ly/33NpWEk ltraceltrace
  21. 21. http://bit.ly/33NpWEk ltraceltrace Because UNIX is old
  22. 22. http://bit.ly/33NpWEk
  23. 23. http://bit.ly/33NpWEk
  24. 24. http://bit.ly/33NpWEk
  25. 25. http://bit.ly/33NpWEk Love KenLove Ken
  26. 26. http://bit.ly/33NpWEk Love KenLove Ken KISSKISS
  27. 27. http://bit.ly/33NpWEk How it all worksHow it all works
  28. 28. http://bit.ly/33NpWEk KernelKernel
  29. 29. http://bit.ly/33NpWEk KernelKernel
  30. 30. http://bit.ly/33NpWEk KernelKernel hardware
  31. 31. http://bit.ly/33NpWEk KernelKernel ⇳ driver/module ⇳ hardware
  32. 32. http://bit.ly/33NpWEk KernelKernel application ⇳ driver/module ⇳ hardware
  33. 33. http://bit.ly/33NpWEk KernelKernel application ⇳ system calls ⇳ ⇳ driver/module ⇳ hardware
  34. 34. http://bit.ly/33NpWEk KernelKernel application user ⇳ system calls ⇳ ⇳ driver/module ⇳ hardware
  35. 35. http://bit.ly/33NpWEk KernelKernel application user ⇳ system calls ⇳ kernel ⇳ driver/module ⇳ hardware
  36. 36. http://bit.ly/33NpWEk System CallsSystem Calls
  37. 37. http://bit.ly/33NpWEk DocumentationDocumentation
  38. 38. http://bit.ly/33NpWEk DocumentationDocumentation
  39. 39. http://bit.ly/33NpWEk DocumentationDocumentation man syscallsman syscalls
  40. 40. http://bit.ly/33NpWEk DocumentationDocumentation man syscallsman syscalls ⇒⇒
  41. 41. http://bit.ly/33NpWEk Shared LibrariesShared Libraries
  42. 42. http://bit.ly/33NpWEk Shared LibrariesShared Libraries glibcglibc
  43. 43. http://bit.ly/33NpWEk Shared LibrariesShared Libraries glibcglibc libc.solibc.so
  44. 44. http://bit.ly/33NpWEk ltraceltrace
  45. 45. http://bit.ly/33NpWEk ltraceltrace ... nally... nally
  46. 46. http://bit.ly/33NpWEk [root@localhost ~]# ltrace hostname _libc_start_main(0x401230, 1, 0x7ffd4a91dd48, 0x401ea0 <unfinished .. rindex("hostname", '/') = ni strcmp("hostname", "domainname") = 4 strcmp("hostname", "ypdomainname") = -1 strcmp("hostname", "nisdomainname") = -6 getopt_long(1, 0x7ffd4a91dd48, "aAdfbF:h?iIsVy", 0x4028a0, nil) = -1 __errno_location() = 0x malloc(128) = 0x gethostname("localhost.localdomain", 128) = 0 memchr("localhost.localdomain", '0', 128) = 0x puts("localhost.localdomain"localhost.localdomain) = 22 +++ exited (status 0) +++
  47. 47. http://bit.ly/33NpWEk [root@localhost ~]# ltrace -S hostname brk@SYS(nil) mmap@SYS(nil, 4096, 3, 34, -1, 0) access@SYS("/etc/ld.so.preload", 04) open@SYS("/etc/ld.so.cache", 524288, 01) fstat@SYS(3, 0x7ffcfb5c0830) mmap@SYS(nil, 22425, 1, 2, 3, 0) close@SYS(3) open@SYS("/lib64/libnsl.so.1", 524288, 022033410520) read@SYS(3, "177ELF002001001", 832) fstat@SYS(3, 0x7ffcfb5c0890) mmap@SYS(nil, 2202232, 5, 2050, 3, 0) mprotect@SYS(0x7f28902ba000, 2097152, 0) mmap@SYS(0x7f28904ba000, 8192, 3, 2066, 3, 90112) mmap@SYS(0x7f28904bc000, 6776, 3, 50, -1, 0) close@SYS(3) open@SYS("/lib64/libc.so.6", 524288, 022033410520) read@SYS(3, "177ELF002001001003", 832) fstat@SYS(3, 0x7ffcfb5c0860) mmap@SYS(nil, 3981792, 5, 2050, 3, 0) mprotect@SYS(0x7f2890099000, 2097152, 0) mmap@SYS(0x7f2890299000, 24576, 3, 2066, 3, 1843200) mmap@SYS(0x7f289029f000, 16864, 3, 50, -1, 0) close@SYS(3)
  48. 48. http://bit.ly/33NpWEk # file /bin/hostname /bin/hostname: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), d
  49. 49. http://bit.ly/33NpWEk
  50. 50. http://bit.ly/33NpWEk ExecutableExecutable and LinkableLinkable FormatFormat
  51. 51. http://bit.ly/33NpWEk LinkerLinker ld.sold.so /etc/ld.so.conf/etc/ld.so.conf /lib64/ld-linux-x86_64.so.2/lib64/ld-linux-x86_64.so.2 man ld.soman ld.so
  52. 52. http://bit.ly/33NpWEk # ldd /bin/hostname linux-vdso.so.1 => (0x00007ffcda7dd000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f43c4f06000) libc.so.6 => /lib64/libc.so.6 (0x00007f43c4b39000) /lib64/ld-linux-x86-64.so.2 (0x00007f43c5120000) # objdump -R /bin/hostname /bin/hostname: file format elf64-x86-64 DYNAMIC RELOCATION RECORDS OFFSET TYPE VALUE ... 0000000000603140 R_X86_64_JUMP_SLOT gethostname@GLIBC_2.2.5 # man ld.so
  53. 53. http://bit.ly/33NpWEk man ld.soman ld.so LD_PRELOADLD_PRELOAD A list of additional, user-specified, ELF shared libraries to be loaded before all others.
  54. 54. http://bit.ly/33NpWEk man ld.soman ld.so LD_DEBUGLD_DEBUG # LD_DEBUG=help /bin/true Valid options for the LD_DEBUG environment variable are: libs display library search paths reloc display relocation processing files display progress for input file ... # LD_DEBUG=versions /bin/true checking for version `GLIBC_2.3' in file /lib64/libc.so.6 [0] checking for version `GLIBC_2.3.4' in file /lib64/libc.so.6 [0 checking for version `GLIBC_2.14' in file /lib64/libc.so.6 [0]
  55. 55. http://bit.ly/33NpWEk man ld.soman ld.so LD_DEBUGLD_DEBUG ⇒ ⇒⇒ ⇒ # LD_DEBUG=help /bin/true Valid options for the LD_DEBUG environment variable are: libs display library search paths reloc display relocation processing files display progress for input file ... # LD_DEBUG=versions /bin/true checking for version `GLIBC_2.3' in file /lib64/libc.so.6 [0] checking for version `GLIBC_2.3.4' in file /lib64/libc.so.6 [0 checking for version `GLIBC_2.14' in file /lib64/libc.so.6 [0]
  56. 56. http://bit.ly/33NpWEk Terminal
  57. 57. http://bit.ly/33NpWEk You cannot escapeYou cannot escape wikipedia.org
  58. 58. http://bit.ly/33NpWEk getip.cgetip.c #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/types.h> #include <arpa/inet.h> int main() { char hostname[256]; char *IPbuffer; struct hostent *hostStruct; int h; gethostname(hostname, sizeof(hostname)); hostStruct = gethostbyname(hostname);
  59. 59. http://bit.ly/33NpWEk gethostnamegethostname #include <unistd.h> int gethostname(char *name, size_t len);
  60. 60. http://bit.ly/33NpWEk gethostname_wrap.cgethostname_wrap.c #include <unistd.h> #include <string.h> #include <stdio.h> #include <stdlib.h> int gethostname (char *name, size_t len) { char newname[] = "getip_hostname"; int name_len = strlen(newname); memcpy(name,newname, name_len < len ? name_len : len); return 0; }
  61. 61. http://bit.ly/33NpWEk SolutionSolution ⇐⇐
  62. 62. http://bit.ly/33NpWEk SolutionSolution ⇐⇐
  63. 63. http://bit.ly/33NpWEk It's a machine, Skroeder. It doesn't get pissed off. It doesn't get happy, it doesn't get sad, it doesn't laugh at your jokes. It just runs programs. Short Circuit
  64. 64. http://bit.ly/33NpWEk More backgroundMore background
  65. 65. http://bit.ly/33NpWEk Booting processBooting process
  66. 66. http://bit.ly/33NpWEk Booting processBooting process BIOS
  67. 67. http://bit.ly/33NpWEk Booting processBooting process BIOS Bootsector 0
  68. 68. http://bit.ly/33NpWEk Booting processBooting process BIOS Bootsector 0 Bootloader 512
  69. 69. http://bit.ly/33NpWEk Booting processBooting process BIOS Bootsector 0 Bootloader 512 Kernel [0]
  70. 70. http://bit.ly/33NpWEk Booting processBooting process BIOS Bootsector 0 Bootloader 512 Kernel [0] init 1
  71. 71. http://bit.ly/33NpWEk ProcessesProcesses
  72. 72. http://bit.ly/33NpWEk ProcessesProcesses forkfork
  73. 73. http://bit.ly/33NpWEk ProcessesProcesses forkfork
  74. 74. http://bit.ly/33NpWEk parent/childparent/child $ ps -eo "ppid pid stat cmd" |sort -n |less $ psx $ psk
  75. 75. http://bit.ly/33NpWEk parent/childparent/child ⇒⇒ $ ps -eo "ppid pid stat cmd" |sort -n |less $ psx $ psk
  76. 76. http://bit.ly/33NpWEk fake lesystemsfake lesystems
  77. 77. http://bit.ly/33NpWEk fake lesystemsfake lesystems
  78. 78. http://bit.ly/33NpWEk fake lesystemsfake lesystems /proc
  79. 79. http://bit.ly/33NpWEk fake lesystemsfake lesystems /proc /sys
  80. 80. http://bit.ly/33NpWEk fake lesystemsfake lesystems /proc /sys ⇒⇒
  81. 81. http://bit.ly/33NpWEk File DescriptorsFile Descriptors
  82. 82. http://bit.ly/33NpWEk File DescriptorsFile Descriptors STDIN 0
  83. 83. http://bit.ly/33NpWEk File DescriptorsFile Descriptors STDIN STDOUT 0 1
  84. 84. http://bit.ly/33NpWEk File DescriptorsFile Descriptors STDIN STDOUT STDERR 0 1 2
  85. 85. http://bit.ly/33NpWEk File DescriptorsFile Descriptors everything is a le...everything is a le... STDIN STDOUT STDERR 0 1 2
  86. 86. http://bit.ly/33NpWEk File DescriptorsFile Descriptors everything is a le...everything is a le... STDIN STDOUT STDERR 0 1 2 ⇒⇒
  87. 87. http://bit.ly/33NpWEk ProcessesProcesses
  88. 88. http://bit.ly/33NpWEk ProcessesProcesses fork
  89. 89. http://bit.ly/33NpWEk ProcessesProcesses fork double fork
  90. 90. http://bit.ly/33NpWEk ProcessesProcesses fork double fork
  91. 91. http://bit.ly/33NpWEk ProcessesProcesses fork double fork
  92. 92. http://bit.ly/33NpWEk ProcessesProcesses fork double fork zombie
  93. 93. http://bit.ly/33NpWEk fork #!/usr/bin/env python import os import time pid = os.fork() if pid == 0: print("Child") while True: time.sleep(10) else: print("Parent, Child PID: %s" % pid) while True: time.sleep(10)
  94. 94. http://bit.ly/33NpWEk doublefork #!/usr/bin/env python import os import time pid = os.fork() if pid == 0: pid = os.fork() if pid == 0: print("I am the Grandchild(%s)n" % os.getpid()) while True: time.sleep(10) else: print("I am the Child(%s), Grandchild(%s)n" % (os.getpid(),pid)) else: print("I am the Parent(%s), my Child(%s)n" % (os.getpid(),pid))
  95. 95. http://bit.ly/33NpWEk zombie #!/usr/bin/env python import os import sys import time import signal def sigalrm(signum, frame): print("Received %d" % signum) signal.signal(signal.SIGALRM, sigalrm) pid = os.fork() if pid == 0: print("Child exiting") sys.exit(0) else: print("Parent PID %s, Child PID: %snWaiting for Signal" % (os.getp signal.pause() os.wait() print("Zombie is gonen") sys.exit(0)
  96. 96. http://bit.ly/33NpWEk ⇒⇒
  97. 97. http://bit.ly/33NpWEk ThreadsThreads $ ./thread.py $ pst thread PPID PID STAT CMD SPID 4671 6760 - /usr/bin/python ./thread.py - - - Tl - 6760 - - Tl - 6761 - - Tl - 6762 - - Tl - 6763 - - Tl - 6764 - - Tl - 6765 - - Tl - 6766 - - Tl - 6767 - - Tl - 6768 - - Tl - 6769 - - Tl - 6770 $ ls /proc/6760/task 6760 6761 6762 6763 6764 6765 6766 6767 6768 6769 6770
  98. 98. http://bit.ly/33NpWEk LimitsLimits ⇒⇒
  99. 99. http://bit.ly/33NpWEk PAMPAM PluggablePluggable AuthenticationAuthentication ModulesModules
  100. 100. http://bit.ly/33NpWEk PAMPAM PluggablePluggable AuthenticationAuthentication ModulesModules man pamman pam
  101. 101. http://bit.ly/33NpWEk Terminal
  102. 102. http://bit.ly/33NpWEk Another storyAnother story
  103. 103. http://bit.ly/33NpWEk
  104. 104. http://bit.ly/33NpWEk inodesinodes
  105. 105. http://bit.ly/33NpWEk inodesinodes $ stat /lib64/libc.so.6 File: /lib64/libc.so.6 -> libc-2.29.so Size: 12 Blocks: 0 IO Block: 4096 symbolic link Device: fd01h/64769d Inode: 2268443 Links: 1 Access: (0777/lrwxrwxrwx) Uid:(0/root) Gid:(0/root) Context: system_u:object_r:lib_t:s0 Access: 2019-10-24 20:01:01.282015177 -0700 Modify: 2019-09-04 12:33:47.000000000 -0700 Change: 2019-09-08 19:57:02.255027798 -0700 Birth: 2019-09-08 19:57:02.254027799 -0700
  106. 106. http://bit.ly/33NpWEk UnlinkUnlink
  107. 107. http://bit.ly/33NpWEk UnlinkUnlink # man 2 unlink DESCRIPTION unlink() deletes a name from the filesystem. If that name was the last link to a file and no processes have the file open, the file is deleted and the space it was using is made available for reuse. If the name was the last link to a file but any processes still have the file open, the file will remain in existence until the last file descriptor referring to it is closed.
  108. 108. http://bit.ly/33NpWEk
  109. 109. http://bit.ly/33NpWEk gdbgdb
  110. 110. http://bit.ly/33NpWEk gdbgdb
  111. 111. http://bit.ly/33NpWEk ... /usr/include/fcntl.h ... /usr/include/bits/fcntl.h # man open SYNOPSIS #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> /* Get the definitions of O_*, F_*, FD_*: all the numbers and flag bits for `open', `fcntl', et al. */ #include <bits/fcntl.h> #define O_RDWR 02 #ifndef O_CREAT # define O_CREAT 0100 /* Not fcntl. */ #endif
  112. 112. http://bit.ly/33NpWEk # man dup2 int dup2(int oldfd, int newfd); dup2() The dup2() system call performs the same task as dup(), but instead of using the lowest-numbered unused file descriptor, it uses the file descriptor number specified in newfd. If the file descriptor newfd was previ‐ ously open, it is silently closed before being reused.
  113. 113. http://bit.ly/33NpWEk ⇐⇐
  114. 114. http://bit.ly/33NpWEk ⇐⇐
  115. 115. http://bit.ly/33NpWEk TroubleshootingTroubleshooting
  116. 116. http://bit.ly/33NpWEk TroubleshootingTroubleshooting ... nally... nally
  117. 117. http://bit.ly/33NpWEk Have a PlanHave a Plan What is broken? Did it ever work? How do I know when it's fixed? What are the requirements? How can I test the requirements? When did it last work?
  118. 118. http://bit.ly/33NpWEk Troubleshooting StepsTroubleshooting Steps Make a backupMake a backup Read LogsRead Logs Just one thing.Just one thing.
  119. 119. http://bit.ly/33NpWEk Troubleshooting StepsTroubleshooting Steps Make a backupMake a backup Read LogsRead Logs Just one thing.Just one thing.
  120. 120. http://bit.ly/33NpWEk
  121. 121. http://bit.ly/33NpWEk change one thing
  122. 122. http://bit.ly/33NpWEk change one thing verify status
  123. 123. http://bit.ly/33NpWEk change one thing verify status if unfixed, undo change
  124. 124. http://bit.ly/33NpWEk change one thing verify status if unfixed, undo change repeat
  125. 125. http://bit.ly/33NpWEk TraceTrace ltrace man <call> SEE ALSO
  126. 126. http://bit.ly/33NpWEk TraceTrace ltrace man <call> SEE ALSO ...keep reading
  127. 127. http://bit.ly/33NpWEk
  128. 128. http://bit.ly/33NpWEk imdb.com
  129. 129. http://bit.ly/33NpWEk
  130. 130. http://bit.ly/33NpWEk Processes
  131. 131. http://bit.ly/33NpWEk Processes Users/Groups
  132. 132. http://bit.ly/33NpWEk Processes Users/Groups Permissions
  133. 133. http://bit.ly/33NpWEk Processes Users/Groups Permissions runuser
  134. 134. http://bit.ly/33NpWEk Processes Users/Groups Permissions runuser Space
  135. 135. http://bit.ly/33NpWEk Processes Users/Groups Permissions runuser Space NSS
  136. 136. http://bit.ly/33NpWEk Processes Users/Groups Permissions runuser Space NSS Network
  137. 137. http://bit.ly/33NpWEk Always check permissionsAlways check permissions runuserrunuser
  138. 138. http://bit.ly/33NpWEk Please check permissionsPlease check permissions Hokey religions and ancient weaponsHokey religions and ancient weapons are no match forare no match for
  139. 139. http://bit.ly/33NpWEk Please check permissionsPlease check permissions Hokey religions and ancient weaponsHokey religions and ancient weapons are no match forare no match for BASIC UNIX PERMISSIONSBASIC UNIX PERMISSIONS
  140. 140. http://bit.ly/33NpWEk runuserrunuser # cat /var/www/html/index.html Hello World! # runuser apache -s /bin/bash -c 'cat /var/www/html/index.html' cat: /var/www/html/index.html: Permission denied
  141. 141. http://bit.ly/33NpWEk NetworkingNetworking
  142. 142. http://bit.ly/33NpWEk NetworkingNetworking
  143. 143. http://bit.ly/33NpWEk nssnss name service switchname service switch
  144. 144. http://bit.ly/33NpWEk nssnss name service switchname service switch /etc/hosts/etc/hosts
  145. 145. http://bit.ly/33NpWEk nssnss name service switchname service switch /etc/hosts/etc/hosts /etc/nsswitch.conf/etc/nsswitch.conf
  146. 146. http://bit.ly/33NpWEk
  147. 147. http://bit.ly/33NpWEk hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
  148. 148. http://bit.ly/33NpWEk hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname passwd: db sss files systemd
  149. 149. http://bit.ly/33NpWEk ⇐ ⇐⇐ ⇐
  150. 150. http://bit.ly/33NpWEk # ltrace tar cf lisa2019:f.tar /etc/hosts 2>&1 |grep gethost gethostbyname("lisa2019" <unfinished ...=""> </unfinished>
  151. 151. http://bit.ly/33NpWEk # ltrace tar cf lisa2019:f.tar /etc/hosts 2>&1 |grep gethost gethostbyname("lisa2019" <unfinished ...=""> </unfinished> # ltrace -S ping -w1 -c1 lisa2019 2>&1 |grep nss open@SYS("/etc/nsswitch.conf", 524288, 0666) = 4 read@SYS(4, "#n# /etc/nsswitch.confn#n# An ex"..., 4096) = open@SYS("/lib64/libnss_files.so.2", 524288, 020165240000) = 4
  152. 152. http://bit.ly/33NpWEk ncnc
  153. 153. http://bit.ly/33NpWEk ncnc
  154. 154. http://bit.ly/33NpWEk ⇐ ⇐ ⇐⇐ ⇐ ⇐
  155. 155. http://bit.ly/33NpWEk tcpdump / wiresharktcpdump / wireshark mtr / traceroutemtr / traceroute
  156. 156. http://bit.ly/33NpWEk Encryption / Certi catesEncryption / Certi cates x509x509 large primeslarge primes
  157. 157. http://bit.ly/33NpWEk
  158. 158. http://bit.ly/33NpWEk CA / verifyCA / verify $ openssl verify -CAfile ca.pem getip.example.com.pem getip.example.com.pem: OK
  159. 159. http://bit.ly/33NpWEk CA / verifyCA / verify $ openssl verify -CAfile ca.pem getip.example.com.pem getip.example.com.pem: OK $ cat ca.pem crl-revoked.pem >ca_crl.pem $ openssl verify -CAfile ca_crl.pem -crl_check getip.example.c getip.example.com.pem: CN = getip.example.com error 11 at 0 depth lookup:CRL is not yet valid CN = getip.example.com error 23 at 0 depth lookup:certificate revoked
  160. 160. http://bit.ly/33NpWEk $ openssl x509 -in getip.example.com.pem -noout -modulus Modulus=ACCBE50557F389F778505BD8C147FAD75A91DDA346D6CB4D006496 ... $ openssl x509 -in getip.example.com.pem -noout -modulus |sha2 2688b20c253241e1e291f4cab938d6a1b43a68ac158da47ebba60cfa48e641
  161. 161. http://bit.ly/33NpWEk $ openssl x509 -in getip.example.com.pem -noout -modulus Modulus=ACCBE50557F389F778505BD8C147FAD75A91DDA346D6CB4D006496 ... $ openssl x509 -in getip.example.com.pem -noout -modulus |sha2 2688b20c253241e1e291f4cab938d6a1b43a68ac158da47ebba60cfa48e641 $ openssl rsa -in private_keys/getip.example.com.pem -noout 2688b20c253241e1e291f4cab938d6a1b43a68ac158da47ebba60cfa48e641
  162. 162. http://bit.ly/33NpWEk $ gnutls-cli -p <port> <host> $ openssl s_client <host>:<port> </port></host></host></port>
  163. 163. http://bit.ly/33NpWEk SummarySummary
  164. 164. http://bit.ly/33NpWEk SummarySummary Trust no oneTrust no one
  165. 165. http://bit.ly/33NpWEk SummarySummary Trust no oneTrust no one Check permissions (runuser)Check permissions (runuser)
  166. 166. http://bit.ly/33NpWEk SummarySummary Trust no oneTrust no one Check permissions (runuser)Check permissions (runuser) Read: Logs, DocsRead: Logs, Docs
  167. 167. http://bit.ly/33NpWEk SummarySummary Trust no oneTrust no one Check permissions (runuser)Check permissions (runuser) Read: Logs, DocsRead: Logs, Docs One thingOne thing
  168. 168. http://bit.ly/33NpWEk Questions?Questions?
  169. 169. http://bit.ly/33NpWEk Questions?Questions? Thank-youThank-you
  170. 170. http://bit.ly/33NpWEk Questions?Questions? Thank-youThank-you consulting@uphillian.comconsulting@uphillian.com
  171. 171. http://bit.ly/33NpWEk

×