Friday, December 16, 2016

Install Scala in Mac OS or Linux

1) Download scala-X.XX.tgz from the official site

2) Unzip archive
       tar xzvf scala-X.XX.tgz

3) mkdir /usr/local/scala/

4) cp -R scala-X.XX/* /usr/local/scala/.

5)  vi  ~/.bash_profile

6) Add scala/bin folder to your PATH
        export PATH=/usr/local/scala/bin:$PATH

Verify the Installation

$ scala
cat: /release: No such file or directory
Welcome to Scala 2.12.1 (Java HotSpot(TM) 64-Bit Server VM, Java 1.8.0_101).
Type in expressions for evaluation. Or try :help.

scala>

Monday, December 5, 2016

PCI DSS - account data, cardholder data, SAD(Sensitive Authentication Data)

We normally think that account data and cardholder data are the same. But it is not so.
    - Cardholder data is a subset of account data

    - Account Data = Cardholder data + SAD
           - Account data includes all of the information printed on the physical card as well as data on the magnetic stripe or chip

   - Cardholder data
      - Primary Account Number(PAN)
      - Cardholder Name
      - Expiration Data
      - Service code

  - SAD
       - Full Track Data(magnetic stripe data or equivalent on a chip)
       - CAV2, CVC2, CVV2, CID
       - PINs/PIN blocks

PCI DSS Goals and Requirements

PCI DSS - has 6 goals. PCI DSS has 12 requirements to meet those 6 goals

Goal 1: Build and Maintain secure network and systems
        Req 1: Install and maintain a firewall configuration to protect cardholder data
        Req 2: Do not use vendor supplies defaults for system passwords and other security Parameters

Goal 2: Protect cardholder data
        Req 3: Protect stored cardholder data
        Req 4: Encrypt transmission of cardholder data across open, public Network

Goal 3: Maintain a Vulnerability Management Programme
        Req 5: Protect all systems against malware and regularly update anti-virus software or programs
        Req 6: Develop and maintain secure systems and applications

Goal 4: Implement Strong Access Control Measures
        Req 7: Restrict access to cardholder data by business need-to-know
        Req 8: Identify and authenticate access to system components
        Req 9: Restrict physical access to cardholder data

Goal 5: Regularly Monitor and Test Networks
        Req 10: Track and monitor all access to network resources and cardholder data
        Req 11: Regularly test security systems and processes

Goal 6: Maintain an Information Security Policy
        Req 12 : Maintain a policy that addresses Information Security for all personnel 

Wednesday, November 30, 2016

Public and Private subnets in AWS

If a subnet's traffic is routed to Internet Gateway, the subnet is known as public subnet

If a subnet doesn't have a route to the Internet gateway, the subnet is known as private subnet

The machines in private subnet can access internet through NAT gateway(instance). A NAT instance is an instance on public subnet and has a public IP address.

Can instances in private subnet have public IP addresses?

Yes, public IP address can be assigned to instances in private subnet. But it is of no use.
Inbound traffic from the Internet would hit the public IP of the instance, but the replies would try to route outward through the NAT instance, which would either drop the traffic (since it would be composed of replies to connections it's not aware of, so they'd be deemed invalid) or would rewrite the reply traffic to use its own public IP address, which wouldn't work since the external origin would not accept replies that came from an IP address other than the one they were trying to initiate communications with.

Why create subnets in AWS VPC?

When you create a VPC, it spans all of the Availability Zones in the region. After creating a VPC, you can add one or more subnets in each Availability Zone. When you create a subnet, you specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. 

Each subnet must reside entirely within one Availability Zone and cannot span zones. 

Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. We assign a unique ID to each subnet.

Thursday, February 11, 2016

Install Jenkins plugins from command line including dependencies

To install Jenkins plugins from command line, including dependencies, run the following

curl -X POST -d '<jenkins><install plugin="plugin-name@latest" /></jenkins>' --header 'Content-Type: text/xml' http://localhost:8080/pluginManager/installNecessaryPlugins

where,
        - replace plugin-name with plugin to be installed
        - http://localhost:8080 is the URL where Jenkins service is available. Replace it with your Jenkins url path
       - @latest refers to the latest version of the plugin

Alternatively, one can try the following script too

   https://gist.github.com/micw/e80d739c6099078ce0f3

How to find the Jenkins plugins installed?

Suppose Jenkins  is available under the http url, http://localhost:8080, we can determine the plugins installed for Jenkins as follows

 java -jar jenkins-cli.jar -s http://localhost:8080 list-plugins

How to download Oracle JDK rpm and install?

To install Oracle JDK, download the rpm as follows

wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u80-b15/jdk-7u80-linux-x64.rpm"

How to find the Java(JVM) version used by Tomcat?

To find the Java(JVM) version used by Tomcat, when we observe multiple jdks installed in the system

Go to Tomcat service home directory and run the following command

java -cp lib/catalina.jar org.apache.catalina.util.ServerInfo