opsschool · nicolaisalien · Dec 8, 2015 · Dec 8, 2015 · Dec 8, 2015 · Dec 8, 2015
diff --git a/loadbalancing_101.rst b/loadbalancing_101.rst
@@ -112,6 +112,18 @@ connections). It supports health checks using the method built into AJP protocol
 Nginx
 -----
 
+Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.
+
+Nginx is one of a handful of servers written to address the C10K problem. Unlike traditional servers, Nginx doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. Even if you don’t expect to handle thousands of simultaneous requests, you can still benefit from Nginx’s high-performance and small memory footprint. Nginx scales in all directions: from the smallest VPS all the way up to large clusters of servers.
+
+Many famous sites make use of Nginx. For example Netflix, Github, WordPress, etc.
+
+Some people either choose for Apache or Nginx. These two are the most common used. Both of them are alternative web server softwares which serve web pages in response to browser requests. Nginx is better as in that it's more secure than apache and because Nginx doesn't need to spawn new processes or threads for each request that is being received, which is the case for Apache. Also, it's very ideal for high traffic websites. Also, Nginx is compatible with most platforms, for example WordPress, which is a platform that is used very often. 
+
+Ofcourse there's not only advantages about Nginx, but there's also a few downsides to it. It's known that it is very difficult to create modules using Nginx. Apache doesn't have this disadvantage, but Nginx has no function such as the Apache Portable Runtime. Therefore the creator needs to find the function needed for creating the module within the internal code of Nginx.
+
+When you don't have Nginx installed yet, you can install it by using the command ``yum install nginx``. Once installed, you can apply certain actions with the ``nginx -s signal`` where the signal paramter can be one of the following: ``stop``, ``quit``, ``reload``, ``reopen``. Once Nginx is installed, it can be configured in the following configuration file: ``/etc/nginx/nginx.conf``.
+
 HAProxy
 -------
 

diff --git a/security_201.rst b/security_201.rst
@@ -103,8 +103,14 @@ pf: Adding and deleting rules
 Public Key Cryptography
 =======================
 
-.. todo::
-   What is PKI? What uses it? Why is it important?
+A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party. When PKI is not being used, sensitive information can be easily encrypted. Any form of sensitive data exchanged over the Internet is reliant on PKI for its security. 
+
+A PKI consists out of 4 elements. First there's the trusted party, also known as the certificate authority (CA). This certificate acts as the root of trust and provides services that authenticate the identity of individuals, computers and others. Next there's the policies that govern the operation of the PKI. The third element are the digital certificates themselves and the last element are the applications that are written to use the PKI. 
+
+When we ask the question, where is PKI being used? Basically, it's very often being used when there's sensitive information that has to cross between two places. For example, customers expect their bank to verify their identity before allowing them to view account balances or transfer funds via an online application.  This authentication is often accomplished using user names and passwords, but PKI provides an attractive alternative. SSL has the optional ability to require a client-side certificate before establishing a secure and encrypted connection. A big advantage of authentication using PKI is that the server does not need to have access to a database of user passwords.  Users may still need to supply a password to unlock their private key in their certificate, but that password is stored and managed locally on the client. This is inherently more secure and easier to manage than server password databases.
+
+Now we know the most important things about PKI its concept, but we might still be wondering, why are PKI's so important? Well, the answer is that almost all security controls come down to authentication and access controls. Encryption is a powerful tool, but unless that data can be decrypted, it might not be very useful. If a company cares about the integrity of its data and systems, it must either deploy a PKI with an appropriate set of checks and balances or use a third party service it can trust. Failure to do so leaves an organization exposed and increasingly vulnerable compared to other potential victims.
+
 
 Using public and private keys for SSH authentication
 ----------------------------------------------------
@@ -113,6 +119,15 @@ Using public and private keys for SSH authentication
 Two factor authentication
 =========================
 
+Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. The three types are:
+
+- Something you know, such as a personal identification number (PIN), password or a pattern
+- Something you have, such as an ATM card, phone, or fob
+- Something you are, such as a biometric like a fingerprint or voice print
+
+Although many may think that 2FA is something new, it's actually not new at all. For example when you use your credit card and you must enter in your ZIP code to confirm a charge (online banking), that's 2FA in action. There's the physical factor (the card), and the knowledge factor (the ZIP code). But just because it's been around for a long time doesn't mean that it's easy to set up and use. It adds an extra step to your log-in process, meaning it can take some time to set up. Of course, alot depends on your patience and your willingness to spend some time on ensuring a higher level of security. 
+
+2FA isn't protected against hackers just because 2FA requires an extra credential. But then again, hackers will definitely have a harder time of intercepting or receiving your credentials.
 
 Building systems to be auditable
 ================================

diff --git a/shell_tools_101.rst b/shell_tools_101.rst
@@ -239,12 +239,60 @@ Further documentation on either can be found in the ``man`` pages.
 stat
 ----
 
-.. todo:: stat command
+The ``stat [OPTION] ... FILE...`` will display the detailed status of a particular file or a file system. 
+
+At the option parameter, we can use the following options.
+
+- ``-f, --filesystem`` = display filesystem status instead of file status
+- ``-c, --format=FORMAT`` = use the specified FORMAT instead of the default 
+- ``-L, --dereference`` = follow links 
+- ``-Z, --context`` = print the SELinux security context  
+- ``-t, --terse``	= print the information in terse form   
+- ``--help``	= display this help and exit  
+- ``--version``	= output version information and exit 
+
 
 vmstat
 ------
 
-.. todo:: vmstat command
+The ``vmstat [OPTION] [delay [count]]`` will display the report on virtual memory statistics, and is used to help identify performance bottlenecks. 
+
+For example, executing the vmstat command ( ``vmstat`` ) will provide an output with abbreviations. For each variable, a number will be given. 
+
+The variables at the top of the output mean the following:
+
++---------------------+---------------------------------------------------------------------+
+| Abbreviation        | Meaning                                                             | 
++=====================+=====================================================================+
+| swpd                | the amount of virtual memory used.                                  | 
++---------------------+---------------------------------------------------------------------+ 
+| free                |    the amount of idle memory.                                       | 
++---------------------+---------------------------------------------------------------------+
+| buff                | the amount of memory used as buffers.                               |
++---------------------+---------------------------------------------------------------------+
+| cache               | the amount of memory used as cache.                                 | 
++---------------------+---------------------------------------------------------------------+
+| si                  | Amount of memory swapped in from disk (per second).                 | 
++---------------------+---------------------------------------------------------------------+
+| so                  | Amount of memory swapped to disk (per second).                      | 
++---------------------+---------------------------------------------------------------------+
+| bi                  | Blocks received from a block device (blocks per second).            | 
++---------------------+---------------------------------------------------------------------+
+| bo                  | Blocks sent to a block device (blocks/s).                           | 
++---------------------+---------------------------------------------------------------------+
+| in                  | The number of interrupts per second, including the clock.           | 
++---------------------+---------------------------------------------------------------------+
+| cs                  | The number of context switches per second.                          | 
++---------------------+---------------------------------------------------------------------+
+| us                  | Time spent running non-kernel code. (user time, including nice time)| 
++---------------------+---------------------------------------------------------------------+
+| sy                  | Time spent running kernel code. (system time)                       | 
++---------------------+---------------------------------------------------------------------+
+| id                  | Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time. | 
++---------------------+---------------------------------------------------------------------+
+| wa                  | Time spent waiting for IO. Prior to Linux 2.5.41, included in idle. | 
++---------------------+---------------------------------------------------------------------+
+
 
 strace
 ------