🛡️ Suricata Cheatsheet

1️⃣ Rule Structure

action protocol src_ip src_port -> dst_ip dst_port (options)

alert tcp $EXTERNAL_NET any -> $HOME_NET 80
(msg:"HTTP test"; sid:1000001; rev:1;)

2️⃣ IP Address Keywords & Lists

Tình hình là bữa giờ có một số bạn học viên nhờ hướng dẫn triển khai Zabbix 8.0 trên Docker.

Sau khi tôi tìm hiểu qua thì phiên bản Zabbix 8.0 này có nhiều tính năng hay ho quá. Thôi nay tranh thủ quất thử luôn :))

Bài viết này sẽ hướng dẫn các bạn triển khai Zabbix 8.0 trên Docker, việc cài đặt Zabbix Server trở nên cực kỳ dễ dàng, nhanh chóng chỉ trong vòng vài phút.

Zabbix 8.0 LTS (dự kiến phát hành vào Q2 năm 2026) là một phiên bản rất được mong đợi, đánh dấu bước mở rộng quan trọng của Zabbix từ hệ thống giám sát truyền thống sang nền tảng quan sát toàn diện (full observability). Phiên bản này mang đến hỗ trợ OpenTelemetry, khả năng giám sát logs real time, Core hệ thống được thiết kế lại và khả năng mở rộng được cải thiện. Các nâng cấp đáng chú ý khác bao gồm ứng dụng di động, xử lý sự kiện theo kiểu SIEM, giám sát mạng dựa trên NetFlow, tăng cường kiểm soát bảo mật và hệ thống dashboard mới trực quan với các báo cáo chi tiết hơn. Phiên bản này định vị Zabbix như một giải pháp observability mã nguồn mở toàn diện.

>>> Tham khảo chi tiết: https://www.zabbix.com/roadmap#v8_0_LTS

Zabbix là một trong những giải pháp giám sát mã nguồn mở đã được kiểm chứng, đáng tin cậy, cung cấp khả năng giám sát cho máy chủ, ứng dụng, mạng và môi trường đám mây.

Docker cung cấp các môi trường cô lập, cập nhật đơn giản và kiểm soát phiên bản dễ dàng.

Khi kết hợp với Docker + Zabbix, toàn bộ hệ thống Zabbix (server, frontend, database(PostgreSQL/MySQL) và agent) có thể được triển khai chỉ với vài lệnh. 

Việc kết hợp này mang đến một giải pháp giám sát nhẹ, linh hoạt và dễ triển khai, giúp cung cấp khả năng giám sát có thể mở rộng mà không phải đau đầu với việc cài đặt thủ công.

Hướng dẫn này sẽ mô tả Zabbix Docker là gì, cách triển khai Zabbix Docker bằng Docker Compose, và cách Zabbix Docker giúp việc giám sát trở nên dễ dàng hơn trong các môi trường được container hóa.

In real Linux/DevOps interviews, you are NOT judged by

how many commands you remember…

You are judged by how you THINK during production issues.

This poster covers real-world scenarios like:

• High load but CPU idle

• Disk space not freeing

• Zombie processes

• OOM killer issues

• Cron & network failures

💡 Interview Tip:

1. What is an inode in Linux?

-An inode (index node) is a data structure that stores metadata about a file  such as file size, permissions, ownership, timestamps, and disk block locations — but not the file name or its path.

- Each file has one unique inode, and file names are stored in directory entries that map names to inode numbers.

#ls -i filename (Example command)

Shows the inode number of a file.

2. How can you check disk space usage on a Linux system?

- df -h (You can use this commands)

-Displays disk space usage for all mounted file systems in human-readable form.

du -sh /path/to/dir

- Shows total disk usage of a directory.

- Real-time tip: Use du -h --max-depth=1 to find which directories consume the most space.

3. What happens when a file is deleted in Linux while a process is still using it?

 - The file’s directory entry is removed, but the data remains on disk until the process releases the file descriptor.

- You can identify such files using:

lsof | grep deleted

- If you need to reclaim space

Network Pinger - Ping it

A simple command-line tool to ping a single IP address or a range of IP addresses to check their availability.

Features

• Ping a single IP address.
• Ping a range of IP addresses.
• Display results in a user-friendly format.
• Export data to excel.

Requirements

• Python 3.x
• Required libraries: requirements.txt

Installation

1. Clone the repository:

   git clone https://github.com/cuongitl/pyNetworkPinger.git
   cd pyNetworkPinger

1. Install the required libraries:

   pip install -r requirements.txt

Usage

Quick mode

Ping a Single IP Address

To ping a single IP address, run the following command:

python pingit.py <IP_ADDRESS>

Replace <IP_ADDRESS> with the actual IP address you want to ping.

Ping a Range of IP Addresses

This is a note; I'll write more fully later!

Install NetBox under 10 Minutes or less?

All steps are automated 100% by Python!

1. preparing_data: upload on config files to target host.

2. environment_setup: Installing Docker and Docker-Compose

3. Deploy containers: netbox, nginx, postgresql, redis, rq_worker...

4. Create new createsuperuser (Optional)

Details:

1.Upload config files:

- .env

- docker-compose.yml

- docker_install.sh

- netbox_full_setup.sh

- nsteam.it.crt

- nsteam.it.key

2. Installing Docker and Docker-Compose

- by docker_install.sh

3. Deploy docker containers: netbox, nginx, postgresql, redis, rq_worker...

- by netbox_full_setup.sh

4. Create new createsuperuser (Optional)

- by python code.

#!/bin/bash
:: Filename: docker_install.sh
:: Modified: 2025-05-02
:: Purpose: Quick install Docker on RHEL system.

# Built with ❤️ by Cuongitl (https://infra.lecuong.info)
# Reset color
RESET='\033[0m'

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
MAGENTA='\033[0;35m'
CYAN='\033[0;36m'

# Update the system packages
echo -e "${YELLOW}Updating system packages...${RESET}"
sudo dnf update -y || { echo -e "${RED}Error updating system packages. Exiting.${RESET}"; exit 1; }

# Install the necessary packages
echo -e "${YELLOW}Installing necessary packages...${RESET}"
sudo dnf install -y dnf-utils || { echo -e "${RED}Error installing dnf-utils. Exiting.${RESET}"; exit 1; }

# Add the Docker repository
echo -e "${YELLOW}Adding Docker repository...${RESET}"
sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo || { echo -e "${RED}Error adding Docker repository. Exiting.${RESET}"; exit 1; }

# Install Docker
echo -e "${YELLOW}Installing Docker...${RESET}"
sudo dnf install docker-ce docker-ce-cli containerd.io -y || { echo -e "${RED}Error installing Docker. Exiting.${RESET}"; exit 1; }

# Start the Docker service
echo -e "${YELLOW}Starting Docker service...${RESET}"
sudo systemctl start docker || { echo -e "${RED}Error starting Docker service. Exiting.${RESET}"; exit 1; }

# Enable the Docker service to start automatically on system boot
echo -e "${YELLOW}Enabling Docker service to start automatically on system boot...${RESET}"
sudo systemctl enable docker || { echo -e "${RED}Error enabling Docker service. Exiting.${RESET}"; exit 1; }

# Verify the Docker installation
echo -e "${YELLOW}Verifying Docker installation...${RESET}"
sudo docker --version || { echo -e "${RED}Error verifying Docker installation. Exiting.${RESET}"; exit 1; }

# Install Docker Compose
echo -e "${YELLOW}Installing Docker Compose...${RESET}"
sudo curl -L "https://github.com/docker/compose/releases/download/v2.35.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose || { echo -e "${RED}Error downloading Docker Compose. Exiting.${RESET}"; exit 1; }
sudo chmod +x /usr/local/bin/docker-compose || { echo -e "${RED}Error making Docker Compose executable. Exiting.${RESET}"; exit 1; }

# Verify the Docker Compose installation
echo -e "${YELLOW}Verifying Docker Compose installation...${RESET}"
if [ -x "/usr/local/bin/docker-compose" ]; then
    echo -e "${GREEN}Docker Compose installed successfully.${RESET}"
else
    echo -e "${RED}Error verifying Docker Compose installation. Exiting.${RESET}"
    exit 1
fi

# (Optional) Create a symlink for easier access
echo -e "${YELLOW}Creating symlink for Docker Compose...${RESET}"
if [ ! -L "/usr/bin/docker-compose" ]; then
    sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose || { echo -e "${RED}Error creating symlink for Docker Compose. Exiting.${RESET}"; exit 1; }
else
    echo -e "${CYAN}Symlink for Docker Compose already exists. Skipping.${RESET}"
fi

# Verify the Docker Compose version
echo -e "${YELLOW}Verifying Docker Compose version...${RESET}"
docker-compose --version || { echo -e "${RED}Error verifying Docker Compose version. Exiting.${RESET}"; exit 1; }

echo -e

To block a wildcard domain on Windows:

We can use Acrylic DNS Proxy (free and open source). It creates a proxy DNS server on your computer with its own hosts file, which supports wildcards.

1. Download and Install Acrylic DNS Proxy

Download Acrylic DNS Proxy from the official website and install it: https://infra.lecuong.info/acrylic-dns-proxy

2. Edit Network Adapter Settings to Point to Acrylic DNS Proxy (127.0.0.1)

Set the Preferred DNS server to 127.0.0.1

IPv4 or IPv6

By completing this step, your system will route all DNS queries through Acrylic DNS Proxy.

3. Configuring Acrylic DNS Proxy to Block a Wildcard Domain

To block a wildcard domain, such as *.youtube.com, follow these steps:

With so many out there, it can get overwhelming—so let’s break down some of the most common and important ones in simple terms:  

𝗧𝗖𝗣/𝗜𝗣 – The backbone of the internet! TCP ensures data is split into packets and delivered correctly, while IP handles addressing and routing. Without them, the internet wouldn't work as we know it.  

𝗗𝗡𝗦 – Think of this as the internet’s phonebook. It translates domain names (like 𝚐𝚘𝚘𝚐𝚕𝚎.𝚌𝚘𝚖) into IP addresses, so computers know where to connect.  

PowerShell script is to automate the process of copying a file  from a source directory to a destination directory

Purpose of the Script 

The purpose of this PowerShell script is to automate the process of copying a file (abc.xlsx) from a source directory to a destination directory, ensuring that: 

1.  The source file exists before attempting any further actions. 
2. The destination directory exists or is created if it doesn't. 
3. No overwriting of existing files occurs in the destination directory. If a file with the same name already exists, the script appends a numeric counter (-1, -2, etc.) to the filename to ensure that each copied file has a unique name. 
4. Safe file operations are ensured by checking for file existence and automatically generating a unique file name when necessary. 

Main Use Case:

 This script is useful when automating tasks like backing up files, copying reports, logs, or other documents, where the filenames may need to be adjusted based on the date or incremented to avoid conflicts with existing files. 

It ensures that the latest copy of the file is always transferred to the destination directory without any risk of overwriting existing files. 

 In summary, this script is designed to automate the process of file copying, making it safe, efficient, and organized, especially in environments where files with the same name (but potentially different versions) need to be handled daily or periodically.

backupfile.ps1