big update

cloud/provider/cloud-provider-comparison.md

@@ -0,0 +1 @@
+# Cloud-Provider Comparison

cloud/what-is-cloud-computing.md

@@ -0,0 +1 @@
+# What is Cloud-Computing?

databases/mariadb.md

@@ -0,0 +1,33 @@
+# MariaDB Cheat-Sheet
+
+## Install MariaDB on Ubuntu 20.04 LTS
+```bash
+sudo apt update
+sudo apt install mariadb-server
+sudo mysql_secure_installation
+```
+
+## Access Database from outside
+Open `/etc/mysql/mariadb.conf.d/50-server.cnf` and change the `bind-address` to:
+```
+...
+
+bind-address = 0.0.0.0
+
+...
+```
+## Create Administrative User
+1. Create a new user `newuser` for the host `localhost` with a new `password`:
+```mysql
+CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
+```
+
+2. Grant all permissions to the new user
+```mysql
+GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
+``` 
+
+3. Update permissions
+```mysql
+FLUSH PRIVILEGES;
+```

linux/linuxbasics.md

@@ -0,0 +1,26 @@
+# Linux Basics
+
+## Change Hostname
+
+```bash
+hostnamectl set-hostname newhostname
+```
+## Change IP Address in Ubuntu 20.04 LTS
+1. Create a new file `/etc/netplan/01-netcfg.yaml`
+```yaml
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    ens3:
+      dhcp4: no
+      addresses:
+        - 192.168.121.221/24
+      gateway4: 192.168.121.1
+      nameservers:
+          addresses: [8.8.8.8, 1.1.1.1]
+```
+2. Apply changes
+```bash
+netplay apply
+```

misc/ssl-certs.md

@@ -33,7 +33,7 @@ echo extendedKeyUsage = serverAuth >> extfile.cnf
 ```
 4. Create the certificate
 ```bash
-openssl x509 -req -sha256 -days 365 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf
+openssl x509 -req -sha256 -days 365 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
 ```
 
 ## Certificate Formats

misc/ssl-security.md

@@ -0,0 +1,10 @@
+# SSL Security Cheat-Sheet
+
+... TBD
+
+## TLS Version and Ciphers
+Scanning for TLS Version and supported Ciphers: `nmap --script ssl-enum-ciphers <target>`
+
+Tool | Link | Description
+---|---|---
+Qualys SSL Labs | https://www.ssllabs.com/projects/index.html | SSL Security Tools by Qualys

networking/create-dkim-keypair.md

@@ -0,0 +1,7 @@
+# Generate a DKIM Keypair
+We use the tool OpenSSL ([[openssl]]]) to generate a DKIM private and public keypair.
+
+`openssl genrsa -out dkim_private.pem 2048`
+
+`openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A`
+

networking/dns-record-types.md

@@ -0,0 +1,33 @@
+# DNS Record Types
+## Most common types of DNS Records
+Type | Description
+---|---
+A|The record that holds the IP address of a domain.
+AAAA|The record that contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address).
+CNAME|Forwards one domain or subdomain to another domain, does NOT provide an IP address.
+MX|Directs mail to an email server.
+TXT|Lets an admin store text notes in the record. These records are often used for email security.
+NS|Stores the name server for a DNS entry.
+SOA|Stores admin information about a domain.
+SRV|Specifies a port for specific services.
+PTR|Provides a domain name in reverse-lookups.
+
+## Less commonly used DNS Records
+Type | Description
+---|---
+AFSDB|This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells.
+APL|The ‘address prefix list’ is an experiment record that specifies lists of address ranges.
+CAA|This is the ‘certification authority authorization’ record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains.
+DNSKEY|The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.
+CDNSKEY|This is a child copy of the DNSKEY record, meant to be transferred to a parent.
+CERT|The ‘certificate record’ stores public key certificates.
+DCHID|The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks.
+DNAME|The ‘delegation name’ record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of ‘example.com’ bought the domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains.
+HIP|This record uses ‘Host identity protocol’, a way to separate the roles of an IP address; this record is used most often in mobile computing.
+IPSECKEY|The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).
+LOC|The ‘location’ record contains geographical information for a domain in the form of longitude and latitude coordinates.
+NAPTR|The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URI’s to point to based on a regular expression.
+NSEC|The ‘next secure record’ is part of DNSSEC, and it’s used to prove that a requested DNS resource record does not exist.
+RRSIG|The ‘resource record signature’ is a record to store digital signatures used to authenticate records in accordance with DNSSEC.
+RP|This is the ‘responsible person’ record and it stores the email address of the person responsible for the domain.
+SSHFP|This record stores the ‘SSH public key fingerprints’; SSH stands for Secure Shell and it’s a cryptographic networking protocol for secure communication over an unsecure network.

networking/mail-dns.md

@@ -0,0 +1,63 @@
+# Mail Server DNS Records Cheat-Sheet
+If you want to run a mail server on the public internet, you need to set up your DNS records correctly. While some DNS Records ([[dns-record-types]]) are necessary to send and receive emails, others are recommended to build a good reputation.
+
+## Required Mail Server DNS Records
+### A Record
+DNS A Record that will resolve to the public IP address of your mail server. This is also needed when your web server has a different IP address than your mail server.
+
+**Recommended Settings Example:**
+
+Type | Host | Points to | TTL
+---|---|---|---
+`A`|`mail`|`your-mail-servers-ipv4`|`1 hour`
+
+### MX Record
+The MX record is important when you want to receive emails. This tells everyone which IP address to contact.
+
+If you have multiple Mail Servers that need to be load-balanced use the same **priority**. Lower numbers are prioritized. Higher numbers can be used as backup servers.
+
+**Recommended Settings:**
+
+Type | Host | Points to | Priority | TTL
+---|---|---|---|---
+`MX`|`@`|`mail.your-domain`|`0`|`1 hour`
+
+### RDNS or PTR Record
+The reverse DNS record or also called PTR (Pointer Resource Record) is important when you want to send mails. Almost all mail servers check the RDNS record to perform simple anti-spam checks. RDNS is just like a DNS query, just backward.
+
+>Your RDNS record is not configured on your DNS server, instead, it’s configured on your hosting provider where you got your public IP address from.
+
+## (Optional but recommended) DNS Records
+
+### SFP Record
+The SPF (Sender Policy Framework) is a TXT record on your DNS server that specifies which hosts are allowed to send mails for a given domain. When a mail server receives a mail that seems to come from your domain it can check if it’s a valid message. Some mail servers reject mails if they can’t validate that the message comes from an authorized mail server.
+
+**Recommended Settings:**
+
+Type | Host | TXT Value | TTL
+---|---|---|---
+`TXT`|`@`|`v=spf1 ip4:your-mail-servers-ipv4 -all`|`1 hour`
+
+### DKIM Record
+DKIM (Domain Keys Identified Mail) allows the receiving mail server to check that an email was indeed sent by the owner of that domain. The sending mail server adds a digital signature to every mail that is sent. This signature is added as a header and secured with encryption. These signatures are not visible to the end-user.
+
+>If you want to add DKIM to your mail server you first need to create a private and a public keypair ([[create-dkim-keypair]])
+ 
+**Recommended Settings:**
+
+Type | Host | TXT Value | TTL
+---|---|---|---
+`TXT`|`dkim._domainkey`|`v=DKIM1;k=rsa;p=public-dkim-key`|`1 hour`
+
+### DMARC Record
+DMARC (Domain-based Message Authentication, Reporting, and Conformance) extends your existing SPF and DKIM records. It makes sure that the sender's emails are protected by SPF and DKIM and tells the receiving mail server what to do if these checks fail.
+ 
+**Recommended Settings:**
+
+Type | Host | TXT Value | TTL
+---|---|---|---
+`TXT`|`_dmarc`|`v=DMARC1;p=quarantine`|`1 hour`
+
+## (Optional) DNS Records
+### Autoconfiguration DNS Records
+If you’re using mail clients like Outlook, Thunderbird on your Computer, or Mobile devices they offer the ability to do an “autoconfiguration” also called “Autodiscover”. That means you just need to enter your email address and password and the mail client tries to resolve the mail server IP addresses, used ports, and encryption settings for IMAP and SMTP. You can achieve this by adding SRV DNS records that are defined in the [RFC 6186 standard](https://tools.ietf.org/html/rfc6186) and some specific records that are used in Outlook clients.

networking/tcp-vs-udp.md

@@ -0,0 +1,11 @@
+# TCP vs UDP
+
+Some notes:
+
+Each frame goes through several buffers as you send it: The application buffer, The Protocol Buffer, The Software interface buffer and the Hardware interface buffer. As you start stressing the stack by sending high speed data you will fill up these buffers and either block or lose data. You also have strategies for timeliness and polling that can impact your performance. For example, by using a larger buffer and poll less often you can get much better performance while sacrificing latency.
+
+TCP is optimized for high speed bulk transfers while UDP is optimized for low latency in the Linux kernel. This has an impact on buffer sizes and how data is polled and handed over. In addition to this, you frequently have offloading to hardware for TCP. I would expect considerably better performance for TCP compared to UDP.
+
+Note that sending high speed data over UDP is usually a bad idea, unless you implement your own congestion control. TCP protects your network from congestion collapses. Use UDP when you have small amounts of data or high timeliness requirements.
+
+setset `code block` tes set

tools/openssh.md

@@ -0,0 +1,19 @@
+# OpenSSH Cheat-Sheet
+
+## Using the SSH Config File
+If you are regularly connecting to multiple remote systems over SSH, you can configure your remote servers with the `.ssh/config` file.
+
+**Example:***
+```ini
+Host dev
+    HostName dev.your-domain
+    User xcad
+	Port 7654
+    IdentityFile ~/.ssh/targaryen.key
+
+Host *
+    User root
+    Compression yes
+```
+
+Connect to a host (like *dev* , eg.) with `ssh dev`.