vi /etc/postfix/main.cf

smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
relayhost =[smtpapi.yourdomain.com]:587

vi /etc/postfix/sender_relay
support@yourdomain.com [email-smtp.us-west-2.amazonaws.com]:587
user@yourdomain.com [email-smtp.us-east-1.amazonaws.com]:587


vi /etc/postfix/sasl_passwd
[smtpapi.sengridyourdomain.com]:587 usernameXXXXXXXX:passwordXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[email-smtp.us-east-1.amazonaws.com]:587 usernameXXXXXXXX:passwordXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[email-smtp.us-west-2.amazonaws.com]:587 usernameXXXXXXXX:passwordXXXXXXXXXXXXXXXXXXXXXXXXXXXX


postmap /etc/postfix/sender_relay

postmap /etc/postfix/sasl_passwd

/etc/init.d/postfix restart



As per above setup support email sent through SES west2 and specific user email id sent through SES east-1 rest all email sent through sendgrid API

email test via console & after deliver check show original of email

echo "body of email" | mail -s "subject of the email" -r sender@yourdomain.com recipeient@anotherdomain.com

echo "body of email" | mail -s "subject of the email" -r support@yourdomain.com recipeient@personalemailid

 echo "body of email" | mail -s "subject of the email" -r user@yourdomain.com recipeient@personalemailid

echo "body of email" | mail -s "subject of the email" -r anyoheremail@yourdomain.com recipeient@personalemailid
Run 4 below steps to verify

echo -n "SESUsername" | openssl enc -base64

echo -n "SESPassword" | openssl enc -base64

openssl s_client -crlf -quiet -connect email-smtp.us-east-1.amazonaws.com:465

Input txt contain
EHLO yourdomain.com
AUTH LOGIN
SESUsername output
SESpassword output
MAIL FROM: sender email id
RCPT TO: recipt email id
DATA
From: Sender Name
To: recipt email id
Subject: Amazon SES SMTP Test

This message was sent using the Amazon SES SMTP interface.
.
QUIT


openssl s_client -crlf -quiet -connect email-smtp.us-east-1.amazonaws.com:465 < input.txt
Thursday, August 23, 2018

how to setup specific network conditions for software testing

https://www.testdevlab.com/blog/2017/07/how-to-set-up-specific-network-conditions-for-software-testing/

Google Chrome

Google Chrome desktop browser has a built-in tool for testing under specific network profiles. The network throttling allows manipulating with upstream/downstream network bandwidth and latency. The tool can be found in Chrome Developer Tools under the Networking tab. You can choose from predefined profiles, tweak them or create your own network conditions.

Mozilla Firefox

To access this tool, make sure you’re running an updated version of Nightly, then open the Responsive Design Mode tool via Tools – Web Developer – Responsive Design Mode. You can then select the desired simulated speed with the drop-down menu to the right of “Responsive Design Mode”, and reload the page to see the effect of the changes.

Apple (iOS)


You can throttle network on an iOS device with Developer tools. To enable Developer tools connect iOS device to Xcode.
A quick setting of network conditions for other mobile device on iOS:
  1. Use iOS device with mobile data;
  2. Create hotspot on that device and connect a test device to hotspot;
  3. Go to iOS device Settings – Developer – Network link conditioner and enable desired condition.
Additional_Tools_for_Xcode_9.3.dmg you can search this setup and install under hardware you will find  Network Link conditioner  setup which need to install
for check server header information

curl --head http://domain name/
curl -v http://domain name/

wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz

./config --prefix=/usr --openssldir=/usr/local/openssl shared
make
make test
sudo make install

After manually install OpenSSL will not be integrated with Apache for that we have to run below.

This show all shared library information with mod_ssl.so

ldd /usr/lib64/httpd/modules/mod_ssl.so | egrep 'lib(ssl|crypto)'

ls -lh /lib64/libcrypto.so.10
cd /lib64/
rm -rf libcrypto.so.10
ln -s ../usr/lib64/libcrypto.so.1.0.0 libcrypto.so.10

rm -rf libssl.so.10
ln -s libssl.so.10 ../usr/lib64/libssl.so.1.0.0

/etc/init.d/httpd reload

check server header again which show latest OpenSSL configured with Apache.


Hide Apache version and Server Header

vi /etc/httpd/conf/httpd.conf  at end of file add below

ServerSignature Off
ServerTokens Prod

/etc/init.d/httpd reload
 
Wednesday, March 28, 2018

Dynamic-EC2-Instnace-Add

 Make shell script Dynamic-EC2-Instnace-Add.sh

#!/bin/bash
#
# Author : Arun
# Version : 1.0
# Date : 1-Dec-2017
# Description : Check EC2 instances dynamically via nagios of the Project and create non available nagios host


### Set AWS KEY of IAM user which can fetch the ELB information.
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=

### Give the AWS region name where the ELB exist
_AWS_REGION_NAME=us-east-1

### Absolute path of nagios config directory set for Autoscaling Group
_CURRENT_DIR=/usr/local/nagios/etc/autoscale

####  Absolute path of nagios Junk directory set for Autoscaling Group
_JUNK_DIR=/usr/local/nagios/libexec/autoscale

## Read all AWS account instance (name, public ip and state) ###
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Tags[?Key==`Name`].Value|[0],State.Name,PublicIpAddress]' --output text | column -t > $_JUNK_DIR/as8.txt

### Function Assigned
nagiosconfigfile () {
    echo "define host{"                                                 >> $_CURRENT_DIR/host.cfg
    echo "  host_name                 $_MY_SERVER_NAME"                 >> $_CURRENT_DIR/host.cfg
    echo "  use                       Servers-Linux"                    >> $_CURRENT_DIR/host.cfg
    echo "  alias                     $_MY_SERVER_NAME"                 >> $_CURRENT_DIR/host.cfg
    echo "  address                   $_MY_IP"                          >> $_CURRENT_DIR/host.cfg
    echo "  _HOST_ID                  101$_COUNT"                       >> $_CURRENT_DIR/host.cfg
    echo "  hostgroups                Linux-Servers,Services"   >> $_CURRENT_DIR/host.cfg
    echo "  check_command             check_host_alive_10022"           >> $_CURRENT_DIR/host.cfg
    echo "  max_check_attempts        3"                                >> $_CURRENT_DIR/host.cfg
    echo "  check_interval            1"                                >> $_CURRENT_DIR/host.cfg
    echo "  retry_interval            2"                                >> $_CURRENT_DIR/host.cfg
    echo "  check_period              24x7"                             >> $_CURRENT_DIR/host.cfg
    echo "  contact_groups           ,slackadmins"              >> $_CURRENT_DIR/host.cfg
    echo "  notification_interval     5"                                >> $_CURRENT_DIR/host.cfg
    echo "  first_notification_delay  1"                                >> $_CURRENT_DIR/host.cfg
    echo "  notification_period       24x7"                             >> $_CURRENT_DIR/host.cfg
    echo "  notification_options      d,u,r"                            >> $_CURRENT_DIR/host.cfg
    echo "  notifications_enabled     1"                                >> $_CURRENT_DIR/host.cfg
    echo "}"                                                            >> $_CURRENT_DIR/host.cfg
    echo ""                                                             >> $_CURRENT_DIR/host.cfg
}


RWR="no"

#### MK is variable ###

while read q; do
    arr=($q)
    MK1=${arr[0]}        #This will be my Server Name
    MK2=${arr[1]}        #This will show running/stoped State
    MK3=${arr[2]}        #This is Server IP Address   
   
    if grep -r "$MK3" $_CURRENT_DIR/host.cfg
    then
        # code if found
        ABC="aws"
               if [[ $MK2 != "running" ]]; then
                RWR="yes"
                fi
    else   
        if [[ $MK2 == "running" ]]; then         
        RWR="yes"
        fi
    fi
done <$_JUNK_DIR/as8.txt

F1=$(sed -n '$=' $_JUNK_DIR/as10.txt)
F2=$(sed -n '$=' $_JUNK_DIR/as8.txt)

echo $F1
echo $F2

if [[ $F1 != $F2 ]]
then
    RWR="yes"
fi



if [[ $RWR == "yes" ]]; then
    cat /dev/null > $_CURRENT_DIR/host.cfg
    cat /dev/null > $_JUNK_DIR/as10.txt
    counter=0
### AS is veriable ##

    while read s; do
        arr=($s)
        AS1=${arr[0]}
        AS2=${arr[1]}
        AS3=${arr[2]}
   
        if [[ $AS2 == "running" ]]; then     
            let counter++
            _MY_IP=$AS3
            _MY_SERVER_NAME=$AS1
            _COUNT=$counter

            ## echo "My IP $q">>host.cfg
            echo $_MY_IP >> $_JUNK_DIR/as10.txt
            nagiosconfigfile;
        fi       

    done <$_JUNK_DIR/as8.txt

    #systemctl reload nagios
    #service nagios restart
#then
fi

### Unset the variable value AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY

## End Of Line ##

Download pflogsumm
  •  wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.1.tar.gz
  •  tar -zxf pflogsumm-1.1.1.tar.gz
  • cd pflogsumm-1.1.1

Generate the statistics  :-
#  cat /var/log/maillog | ./pflogsumm.pl

 Grand Totals
------------
messages

   8596   received
   8606   delivered
      0   forwarded
      0   deferred
      0   bounced
      0   rejected (0%)
      0   reject warnings
      0   held
      0   discarded (0%)

  77044k  bytes received
  77324k  bytes delivered
      7   senders
      2   sending hosts/domains
     13   recipients
      4   recipient hosts/domains


Per-Day Traffic Summary
    date          received  delivered   deferred    bounced     rejected
    --------------------------------------------------------------------
    Mar 24 2018         3          3
    Mar 25 2018       215        208
    Mar 26 2018       302        298
    Mar 27 2018       289        307
    Mar 28 2018      7787       7790
For server configuration
 
wget https://www.stunnel.org/downloads/stunnel-5.44.tar.gz
tar -zxvf stunnel-5.44.tar.gz
cd stunnel-5.44
yum install gcc
yum install openssl openssl-devel gcc
./configure
make
make install
cd /usr/bin/
ln -s /usr/local/bin/stunnel stunnel
cd /etc/
ln -s /usr/local/etc/stunnel stunnel

cd stunnel-5.44/tools
./makecert.sh

cd /usr/local/etc/stunnel
cp stunnel-5.44/tools/stunnel.pem .

vi /etc/hosts
server ip  localhost localhost.localdomain localhost4 localhost4.localdomain4

start at server
vi /usr/local/etc/stunnel/stunnel.conf
debug = 7
output = stunnel.log
cert = stunnel.pem
[mysql]
accept = localhost:10001
connect = 127.0.0.1:3306

[apache]
accept = localhost:8080
connect = 127.0.0.1:80

/usr/bin/stunnel /usr/local/etc/stunnel/stunnel.conf

Open port 10001 & 8080 in firewall


For client configuration

wget https://www.stunnel.org/downloads/stunnel-5.44.tar.gz
tar -zxvf stunnel-5.44.tar.gz
cd stunnel-5.44
yum install gcc
yum install openssl openssl-devel gcc
./configure
make
make install
cd /usr/bin/
ln -s /usr/local/bin/stunnel stunnel
cd /etc/
ln -s /usr/local/etc/stunnel stunnel
copy paste stunnel.pem file from server
start at client end
vi /usr/local/etc/stunnel/client.conf

debug = 7
output = stunnel-server.log
cert = stunnel.pem
client = yes
[mysql]
accept = 127.0.0.1:6004
connect = EIP server ip :10001

[apache]
accept = 127.0.0.1:80
connect = EIP server ip:8080

/usr/bin/stunnel  /usr/local/etc/stunnel/client.conf

For testing
mysql -u root -p -h 127.0.0.1 -P 6004

elinks : http://127.0.0.1

Monday, February 26, 2018

redirect-http-https-on AWS ELB

Apache

The rewrite rule for an Apache backend is similar to the following in .htaccess:




RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

 
 
Nginx

The rewrite rule for an Nginx backend in the ngnix.conf file is similar to the following:
Note: Applies to versions nginx/1.10.3 (Ubuntu) and nginx/1.12.1 (Amazon Linux).


server {
      listen         80;
      server_name    www.example.org;
      if ($http_x_forwarded_proto = 'http') {            
  return 301 https://$server_name$request_uri$http_x_forwarded_proto;
        }
}
Ec2-instance-AutoEIP-Assign-for-whitelistip

#!/bin/sh
# Region in Which instance is running
EC2_REGION='us-east-1'
AWS_ACCESS_KEY='XXXXXXXXXXX'
AWS_SECRET_ACCESS_KEY='XXXXXXXXXXXXXXXXXXX'

#Instance ID captured through Instance meta data
InstanceID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id)

#Query free Elastic IP and write all allocated ID  aws ec2 describe-addresses --query 'Addresses[?AssociationId==null]' --output text | perl -lne 'print if /(\w+\-){1}\w+/'

aws ec2 describe-addresses --query 'Addresses[?AssociationId==null]' --output text | perl -lne 'print $& if /(\w+\-){1}\w+/' > /opt/EIP/output.txt
Allocate_ID=$(head -n 1 /opt/EIP/output.txt)

#Assigning Elastic IP to Instance
aws ec2 associate-address --instance-id $InstanceID --allocation-id $Allocate_ID