Open source tools are what everyone dreams of. Here are some of the best open source tools for practicing DevOps
1. Development tools
Version control & collaborative development
01 Version control system Git
Git is an open source distributed version control system that is used to effectively and quickly handle version management of projects from small to very large projects.
02 Code hosting platform GitLab
GitLab is an open source application developed using Ruby on Rails to implement a self-hosted Git project warehouse that can access public or private projects through a web interface.
03 Code review tool Gerrit
Gerrit is a free, open source code review software that uses a web interface. Using a web browser, software programmers on the same team can review each other's modified program codes and decide whether to submit, return or continue modifications. It uses Git as the underlying version control system.
04 Version control system Mercurial
Mercurial is a lightweight distributed version control system implemented in Python language, which is easy to learn and use and has strong scalability.
05 Version control system Subversion
Subversion is a version control system. Compared with RCS and CVS, it adopts a branch management system. Its design goal is to replace CVS. Most free version control services on the Internet are based on Subversion.
2. Automated build and testing
01 Apache Ant
Apache Ant is a tool that links and automates software compilation, testing, deployment and other steps. It is mostly used for software development in Java environments.
02 Maven
In addition to featuring program building capabilities, Maven also provides advanced project management tools that Ant lacks. Since Maven's default build rules are highly reusable, simple projects can often be built with two or three lines of Maven build scripts, while using Ant requires more than a dozen lines. In fact, many Apache Jakarta projects now use Maven due to its project-oriented approach, and the adoption of Maven by corporate projects continues to grow.
03 Selenium (SeleniumHQ)
A powerful tool for integration testing from thoughtworks.
04 PyUnit
The Python unit testing framework, referred to as PyUnit, is the Python version of JUnit designed by two smart guys, Kent Beck and Erich Gamma.
05 PHPUnit
PHPUnit is a lightweight PHP testing framework. It is a complete port of the JUnit3 series version under PHP5 and is a member of the xUnit test framework family (they are all based on the design of pattern pioneer Kent Beck).
3. Continuous integration & delivery
01 Jenkins
Jenkins, formerly known as Hudson, is a scalable continuous integration engine.
02 Capistrano
Capistrano is a tool used to execute the same command on multiple machines in parallel. It is used to install an entire batch of machines. It was originally developed for publishing Rails applications.
03 BuildBot
BuildBot is a system most needed software to automate the compile/test cycle to verify code changes. Reduce unnecessary failures by automatically rebuilding and testing every time something changes, before building quickly pinpoints it.
04 Fabric
fabric8 is an open source Java Containers (JVMs) in-depth management integration platform. With fabric8, it is very convenient to automate, configure and manage from a central location with consistent UI and UX. fabric8 also provides some non-functional requirements, such as configuration management, service discovery failover, centralized monitoring, automation, etc.
05 Go
Go is a compiled, concurrent, and garbage-collected programming language developed by Google.
4. Deployment tools
(1) Container platform
01 Docker
Docker is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish it to any popular Linux machine, which can also be virtualized.
02 Rocket
Rocket (also called rkt) is a container engine launched by CoreOS. Similar to Docker, it helps developers package applications and dependency packages into portable containers, simplifying deployment tasks such as environment setup.
03 Ubuntu(LXC)
LXD is a reconstruction of ubuntu based on LXC technology. The container naturally supports non-privileged and distributed. LXD and Docker have different ideas. Docker is PAAS and LXD is IAAS. The LXC project consists of a Linux kernel patch and some userspace tools. These userspace tools use new kernel features added by patches to provide a simplified set of tools for maintaining containers.
(2) Configuration management
01 Chef
Chef is a system integration framework that provides configuration management capabilities for the entire architecture.
02 Puppet
With Puppet, you can centrally manage every important aspect of your system using a cross-platform specification language, managing all the individual elements that are usually clustered in separate files like users, cron jobs, and hosts together with apparently discrete elements like Packaging, service and documentation.
03 CFengine
Cfengine (Configuration Engine) is a Unix management tool whose purpose is to automate simple management tasks and make difficult tasks easier. Cfengine is suitable for managing various environments, ranging from one host to a cluster of tens of thousands of hosts.
04 Bash
Bash is the default shell for most Linux systems and Mac OS . In addition, it has also been ported to MS-DOS by the DJGPP project.
05 RunDeck
RunDeck is an open source tool written in Java/Grails that helps users automate various operations and processes in data centers or cloud environments. Through the command line or web interface, users can operate any number of servers, greatly lowering the threshold for server automation.
06 Saltstack
Saltstack can be seen as an enhanced version of func + a weakened version of Puppet. Written in Python. Very easy to use and can be deployed quickly based on EPEL. Salt is an open source tool for managing your infrastructure and can easily manage thousands of servers.
07 Ansible
Ansible provides the easiest way to deploy, manage, and orchestrate computer systems in a matter of minutes. Ansible is a model-driven configuration manager that supports multi-node publishing and remote task execution. By default, SSH is used for remote connections. There is no need to install additional software on managed nodes and it can be extended using a variety of programming languages.
5. Maintenance
01 Logstash
Logstash is a platform for the transmission, processing, management, and search of application logs and events. You can use it to collect and manage application logs in a unified manner, and provide a web interface for query and statistics.
02 CollectD
collectd is a daemon process that collects system performance and provides various storage methods to store different values. For example, in the form of RRD files.
03 StatsD
StatsD is a simple network daemon based on the Node.js platform that listens to various statistical information, including counters and timers, through UDP or TCP, and sends aggregated information to backend services, such as Graphite.
6. Monitoring, warning & analysis
01 Nagios
Nagios is a monitoring system that monitors system running status and network information. Nagios can monitor specified local or remote hosts and services, and also provides exception notification functions.
02 Ganglia
Ganglia is a cross-platform scalable, distributed monitoring system for high-performance computing systems, such as clusters and grids. It is based on layered design, which uses a wide range of technologies such as XML data representation, portable data transfer, RRDtool for data storage and visualization.
03 zabbix
zabbix is an enterprise-level open source solution based on Web interface that provides distributed system monitoring and network monitoring functions.
04 Kibana
Kibana is a log analysis web interface for Logstash and ElasticSearch. It can be used to perform various operations such as efficient search, visualization, and analysis of logs.
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.