Implement SSH port knocking IN linux

Port Knocking is a technique to secure services behind a firewall until a specific knock sequence is given. Once that sequence is given, the IP address that initiated the knock may be allowed to access the service for a short period of time. A knocking server listens to all traffic on an Ethernet (or PPP) interface, looking for special “knock” sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.

This is a bit paranoid, but it add another layer of security, an attacker will have either to try all ports combinations or know the secret combination (knock) to be able to connect to your SSH daemon for example.

First, you’ll have to be sure to have a port knocking client, or you will be kick out forever of your own server!

Cygwin/Win32 Knock Client
Native Win32 Client
MacOS Client
You can find of information and a nice list of other knock clients and servers over at http://www.portknocking.org/

Docker essential tools: Dive to navigate docker image content

If you want to explore the content of a docker image, Dive is THE tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker image.

Note that we will be exploring the image not the container: viewing the container and the image are not the same thing. You can get most of the time a bash access to a running container with

docker run -it image_name sh

Or following for images with an entrypoint

docker run -it --entrypoint sh image_name

NOTE: there is no guarantee that an image will have any sort of interactive shell. many minimal images contain only the binaries necessary to support a service.

An image is not running, consider it like a definition of a future container. You can still view the content, this is possible since each “layerid” directory contains json file describing layer property and filesystem associated with that layer. Docker stores Container images as layers to optimize storage space by reusing layers across images.

Beside Dive, you can also use docker inspect

docker image inspect image_id

But Dive is a lot better as it allow to navigate and see the filesystem changes in a nice norton commander interface.

Features

Show Docker image contents broken down by layer

As you select a layer on the left, you are shown the contents of that layer combined with all previous layers on the right. Also, you can fully explore the file tree with the arrow keys.

Indicate what’s changed in each layer

Files that have changed, been modified, added, or removed are indicated in the file tree. This can be adjusted to show changes for a specific layer, or aggregated changes up to this layer.

Estimate “image efficiency”

The lower left pane shows basic layer info and an experimental metric that will guess how much wasted space your image contains. This might be from duplicating files across layers, moving files across layers, or not fully removing files. Both a percentage “score” and total wasted file space is provided.

Quick build/analysis cycles

You can build a Docker image and do an immediate analysis with one command: dive build -t some-tag .

You only need to replace your docker build command with the same dive build command.

CI Integration

Analyze and image and get a pass/fail result based on the image efficiency and wasted space. Simply set CI=true in the environment when invoking any valid dive command.

To install it:

docker pull wagoodman/dive

then just provide your image tag/id/digest

docker run –rm -it -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive:latest <your-image>

Get more by visiting the project page https://github.com/wagoodman/dive

Review: Getting Started with Apache Maven by Russell Gold

Some time ago I was asked if I would like to write a review about one of the new video courses from Packt Publishing. It was “Getting Started with Apache #Maven” http://bit.ly/1fycmpP by Russell Gold and since I have been using Maven for some years now (since 2007) and did publish some articles myself, I thought it would be nice to help them promote Apache #Maven.

The course is organized in eight chapters, forty videos with a length between two and five minutes, for a total length of two hours. The aim of the course is to provide the shortest path to use effectively Maven

You can download the course as a single zip file. After unpacking the file to a local hard disk you find a user guide, support information, a reference to the code examples and the video files. As you may notice I said “reference to the code examples”. Even if the name of the file “Code Bundle.zip” it contains only a file with the link to the source code on github.

Continue reading Review: Getting Started with Apache Maven by Russell Gold

Become a supporter of KDE!

YOU WANT

Beautiful, flexible, functional Desktop Software.
The Freedom to use, share, and modify your software.
Full control over your data and privacy.
All This and more isdone by KDE.

Become a supporter of KDE

I was fighting today against Apache Maven release plugin with multi modules projects

I was fighting today against the maven-release-plugin of #maven, solving complicated errors in a row. As I am convince I made all possible errors, I think it is worse to compile my findings here to help others 🙂

Maven Release Plugin

This plugin is used to release a project with #Maven, saving a lot of repetitive, manual work. Releasing a project is made in two steps: prepare and perform.

My approach to speed up things is always to define a small project (in a sandbox SVN root) that is compiling and running in 10 seconds to make some test before trying to make it run on our bigger Innoveo Skye(tm) product (35 modules)

I always have 2 projects prepared:

One TestSimpleProject: one #Maven project with no code
One TestComplexProject: one #maven project and 2 #Maven sub modules

For the reader that can not wait here is the running command line from TeamCity to be put in Build Runner Goals

release:clean release:prepare release:perform -Dusername=xxxxxxx -Dpassword=yyyyyy

Code generation from XSD with JAXB and Maven

What you will learn in this small post

How to create JAXB proxies at build time using maven-jaxb2-plugin in a continuous build environment (TeamCity / Bamboo)
How to generate from an XSD file (XML-Schema-Definitions) #Java code.

Requirements

We will use JAXB2 (see JSR 222 and JAXB 2.x).
We use #Maven 2.2.1, the latest available version

Status of the ContinuousBuild4Joomla framework

I put some effort the last few days in this new framework.

Done:

I did document some part of it at http://wiki.waltercedric.com/index.php?title=ContinuousBuildforJoomla
TeamCity is installed/configured/documented (windows only)
XAMPP is installed/configured/documented (windows only)
I also at the same time configured a Puppy #Linux VMWare image that will permit to anybody to have a running environment in no time.
I am able to unpack all #Joomla! versions that are committed in any repository (CVS, SVN, Clearcase)
They can be unpacked anywhere on file system (config in setEnv.xml), ideally they are unpacked in the root htdocs of XAMPP
Code is committed at #Joomla forge in SVN http://joomlacode.org/gf/project/continbuild4j/

Issues

Selenium test suite do not accept a baseurl (or only a part of it) so I have a full path like /Joomla1.5.7/installation/index.php in a selenium test case instead of /installation/index.php in test case and baseurl= http://localhost/Joomla1.5.7)

Architecture

3rd Party

I use antelope for some advance ANT operations: substring, indexof, loop
I use selenium java server on port 4444 (default)

Cluster

All cluster operations are in cluster.xml these basic functions are

cluster.init

cluster.remove remove all instances of #Joomla! in checkout directory
joomla.unpack.all unpack all #Joomla! versions that are checked in another SVN root
joomla.install.all run the same selenium test case joomla.install.html on all #Joomla! instance
joomla.remove.all.installation remove all #Joomla! installation directories
joomla.check.all check all #Joomla! installations for correctness

cluster.start
cluster.remove
cluster.stop

Joomla!

All #Joomla specific operations are in joomla.library.xml

Unpack a #Joomla! version
Remove the installation directory form a version
Apply a selenium test suite install.joomla.html that can use the regular #Joomla! installer
Is also able to do all of the above on all #Joomla! versions found (regular expression) in checkout directory

Selenium

All selenium operations are in selenium.xml
All test suite and test cases are in /selenium/joomla/

PHPUnit

All PHPUnit operation are in phpunit.xml

Settings

Settings are in setEnv.xml, in future I will lazy load a file if it exist as environment variable

If you know ANT, the code is quite readable…

Setting up your workstation for Joomla! development

Joomla! Doc has a great documentation online that explains how to set up your development environment

This article provides detailed instructions for setting up your workstation for #Joomla! development. Note that there are many possible configurations for doing #Joomla! development. Any environment that supports Apache, MySql, PHP, and Subversion should work for writing #Joomla! code and extensions.

This document provides step-by-step instructions for setting up and working with the #Eclipse IDE. The example used and screen shots are for Windows XP, but the basic steps are the same for #Linux.

The part 1 mainly explains how to install technical components

The part 2 is even better as it explains how to create patches for #Joomla! along with some eclipse tips and tricks.

Continuous Build for Joomla

Continuous Integration is a software development practice where members of a team integrate their work frequently, usually each person integrates at least daily – leading to multiple integrations per day. Each integration is verified by an automated build (including test) to detect integration errors as quickly as possible. Many teams find that this approach leads to significantly reduced integration problems and allows a team to develop cohesive software more rapidly. This article is a quick overview of Continuous Integration summarizing the technique and its current usage. Martin Fowler about continuous integration

Things get clearer in my mind…I will use a set of Open Sources software to reach this ambitious goal.

Brainstorming

Maintain a Single Source Repository.

Either Subversion running locally on windows/Linux, but I will stay with www.joomlaCode.org at the beginning

Automate the Build

I am currently evaluation Maven for PHP but already have ANT script to build components and plugin for #Joomla 1.5 (they are not generic enough at the moment)

Make Your Build Self-Testing

PHP UNIT tests if available with be run at this stage using PHP command line.
Selenium to automate components testing across many platforms, as it runs in many browsers and operating systems, and can be controlled by many programming languages and testing frameworks.
Some standard utilities to perform standard #Joomla! processes: login, logout for Apache ANT or Selenium
I will develop either a ANT plugin or a set of Selenium test cases for deploying and removing
- component: install, publish, remove
- plugin: install, publish, remove
All these utilities will be available under GPL v3 and as such free to reuse, and improve.

Everyone Commits Every Day

This is reserved to developer having a www.joomlaCode.org account and part of the development team.

Every Commit Should Build the Mainline on an Integration Machine

I will use TeamCity continuous build server as it is free for personal use (limited to 20 concurrent build), run on Windows and #Linux but require a java VM to run (may not be wanted in a PHP environment). Anyway with ANT, it will be possible to use another build server like Cruise Control or PHP Under Control.

Keep the Build Fast

That is an objective 🙂

Test in a Clone of the Production Environment

Joomla! Build farm

I can imagine a set of #Joomla instances, ideally 5 of each version, aka #Joomla! 1.5.3 to #Joomla! 1.5.8 and #Joomla! 1.0.10 to 1.0.15
Joomla instances will be recreated at build time (files and databases), that mean #Joomla! will get newly installed and removed in case of successful build
All #Joomla! instances will be running with XAMPP, ideally on port not available to the outside world for security reasons

Make it Easy for Anyone to Get the Latest Executable

Successful build (Artifacts) are only available if build is successful. Team City provide this with less effort (configuration)

Everyone can see what’s happening

A guest account will be available or a free public area with limited access to see the result of builds.
RSS feeds, emails and Instant messaging (Jabber) out of the box for end users or developers!

Automate Deployment

That will be, auto publish to some demo site in a configurable way. At the moment, at http://demo.waltercedric.com and http://demo2.waltercedric.com for me 🙂

Final words

I will provide a ready to use package for Windows and #Linux and all scripts, so anybody will be able to run it also on your own.
Critical part will be documented in my WIKI at http://wiki.waltercedric.com direct link HERE

It seem that nobody is providing such a package as I am after only one day at the top of search results in Google “continuous build joomla”

Continuous build server for Joomla!

Starting from now on, in order to

Increase quality of my components and other (JoomlaComment :-))
Reduce time between releases,
Avoid subtle or recurrent issues

I will set up a continuous integration build server at

http://continuousbuildserver.waltercedric.com

Continuous integration describes a set of software engineering practices that speed up the delivery of software by decreasing integration times.

Maintain a code repository, the code will stay at JoomlaCode.org subversion
Automate the build, with Maven for PHP/Ant and either teamcity or phpundercontrol.org
Make my build self-testing with PHP Unit and Selenium IDE
Everyone commits every day,
Every commit (to mainline) will be built with the help of triggers,
The build will be fast,
Test are done in production environment, by deploying code to old and new version of #Joomla! 1.0 and 1.5 “not web accessible” (for obvious security reasons),
It will be easy to get the latest deliverables by visiting http://continuousbuildserver.waltercedric.com
Everyone will see the results of the latest build by visiting http://continuousbuildserver.waltercedric.com
Deliverables will be automatically deployed.

In short (for all non developer), this program will

Monitor any changes of code
Trigger a build,
Deploy the build to different versions of #Joomla! 1.5 (5 versions should be enough)
Run a set of tests against these #Joomla! versions and
Make the result available to all of you.

Soon as there is enough test cases, it will be safe to download any new release from there.