Thursday, May 6, 2010
How To Use IPtables to Block ICMP (Internet Control Message Protocol) Requests?
How To Use IPtables to Block ICMP (Internet Control Message Protocol) Requests?
How to use IPtables to block ICMP (Internet Control Message Protocol) requests?
Ans : To do this we have understand why we require this thing should be done.
When Hackers try to hack in to any machine first thing they will do is a basic ping test.
Code :
#ping target-machine
If this is succeed they will come to a conclusion that system is up and they can go forward and they can do DDOS attacks or try to find some other open ports using NMAP command.
Code :
#nmap target-machine
So if you are exposing a machine to outer world from your network, first disable incoming ping requests to your machine as follows.
So this can be done by two ways through IPtables
1. Reject the ICMP packets.
2. Drop the ICMP packets.
In the above mentioned methods best thing is to drop the ICMP packets, by doing this we are not giving any clue to hacker whether the system is alive or not. Where as if we do reject definitely hacker will come to know that ICMP packets are blocked and the system is live.
Step1 : Executing following command to drop all the incoming ICMP packets
#iptables –A INPUT –p icmp --icmp-type echo-request –j DROP
Let me explain this command
-A is to append this rule to already existing one.
INPUT specifies that it’s a
Step2 : Save this changes to IPtables file (/etc/sysconfig/iptables), restart the IPtables service and check your IPtables status whether your IPtables chain is updated or not.
#service iptables save
#service iptables restart
#iptables –L
How to allow icmp ping request in case you want them,First we have to remove the rule which we created for blocking the icmp ping.
#iptables –D INPUT –p icmp --icmp-type echo-request –j DROP
Then execute the following commands
#iptables –A INPUT –p icmp --icmp-type echo-request –j ACCEPT
#service iptables save
#service iptables restart
Some points to be noted
What are the methods used by hackers using this ICMP ping?
Though these are old denial-of-service attack (DoS attack), worth to learn them
Ping flood
Smurf attack
Ping to death
How to use IPtables to block ICMP (Internet Control Message Protocol) requests?
Ans : To do this we have understand why we require this thing should be done.
When Hackers try to hack in to any machine first thing they will do is a basic ping test.
Code :
#ping target-machine
If this is succeed they will come to a conclusion that system is up and they can go forward and they can do DDOS attacks or try to find some other open ports using NMAP command.
Code :
#nmap target-machine
So if you are exposing a machine to outer world from your network, first disable incoming ping requests to your machine as follows.
So this can be done by two ways through IPtables
1. Reject the ICMP packets.
2. Drop the ICMP packets.
In the above mentioned methods best thing is to drop the ICMP packets, by doing this we are not giving any clue to hacker whether the system is alive or not. Where as if we do reject definitely hacker will come to know that ICMP packets are blocked and the system is live.
Step1 : Executing following command to drop all the incoming ICMP packets
#iptables –A INPUT –p icmp --icmp-type echo-request –j DROP
Let me explain this command
-A is to append this rule to already existing one.
INPUT specifies that it’s a
Step2 : Save this changes to IPtables file (/etc/sysconfig/iptables), restart the IPtables service and check your IPtables status whether your IPtables chain is updated or not.
#service iptables save
#service iptables restart
#iptables –L
How to allow icmp ping request in case you want them,First we have to remove the rule which we created for blocking the icmp ping.
#iptables –D INPUT –p icmp --icmp-type echo-request –j DROP
Then execute the following commands
#iptables –A INPUT –p icmp --icmp-type echo-request –j ACCEPT
#service iptables save
#service iptables restart
Some points to be noted
What are the methods used by hackers using this ICMP ping?
Though these are old denial-of-service attack (DoS attack), worth to learn them
Ping flood
Smurf attack
Ping to death
Getting mulitple files from ftp server with out any prompt
Getting mulitple files from ftp server with out any prompt
How to get lot of multiple file from server I am using
FTP command(mget ...), but each file asked "yes/no", every file should be put 'yes'
then 'Enter'?
we can resolve this issue in two ways
1)when you are accessing FTP server use -i option which is nothing but interactive way to get files from FTP server, actually this -i option will disable iteractive download of files from server.
Syntax:ftp -i server-ip/servername
#ftp -i 222.1.89.1
2)This is used when you are middle of the transaction you can use prompt command in ftp mode to get multiple files with out any prompt, here is the example and this is for that session
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file1.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file2.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file3.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file4.txt
226 Directory send OK.
ftp> prompt
Interactive mode off.
ftp> mget *
local: file1.txt remote: file1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file1.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (72.1 kB/s)
local: file2.txt remote: file2.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file2.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (88.3 kB/s)
local: file3.txt remote: file3.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file3.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (136.2 kB/s)
local: file4.txt remote: file4.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file4.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (136.6 kB/s).
How to get lot of multiple file from server I am using
FTP command(mget ...), but each file asked "yes/no", every file should be put 'yes'
then 'Enter'?
we can resolve this issue in two ways
1)when you are accessing FTP server use -i option which is nothing but interactive way to get files from FTP server, actually this -i option will disable iteractive download of files from server.
Syntax:ftp -i server-ip/servername
#ftp -i 222.1.89.1
2)This is used when you are middle of the transaction you can use prompt command in ftp mode to get multiple files with out any prompt, here is the example and this is for that session
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file1.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file2.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file3.txt
-rw-r--r-- 1 1005 0 47 Apr 11 19:37 file4.txt
226 Directory send OK.
ftp> prompt
Interactive mode off.
ftp> mget *
local: file1.txt remote: file1.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file1.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (72.1 kB/s)
local: file2.txt remote: file2.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file2.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (88.3 kB/s)
local: file3.txt remote: file3.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file3.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (136.2 kB/s)
local: file4.txt remote: file4.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file4.txt (47 bytes).
226 File send OK.
47 bytes received in 0.00 secs (136.6 kB/s).
Disabling SELinux
Disabling SELinux
Some basics of SELinux :
How to disable SElinux?
SElinux is a security feature which was shipped with RHEL5, it is much secure than any other security priviously such as PAM and Initd
Here we are going to see some basics of SElinux.
Step1:Seeing whether SELinux is enabled or not ?
#getenforce
Step2:To see SELinux status in elaborated way you can use sestatus
#sestatus
SElinux status : enabled
SELinux mount : /selinux
Current mode : enforcing
Mode from config file : enforcing
Policy version : 21
Policy from config file : targeted
From the above output we can see that SElinux is enabled and its in enforced mode.
and to see detailed status you can use -b option, this will give which service are SElinux enabled and which services are disabled.
setenforce
/etc/grub.conf and /etc/selinux/config
Step3:disabling SElinux
We can do it in two ways
1)Perminant way : edit /etc/selinux/config
change the status from enable to disable and selinux type from strict to targeted, after changes are made we have to restart, if the server's are in production and don't want to restart the server follow the temporary way of disabling it.
2)Temporary way : echo 0 > /selinux/enforceFor your info if you want to enable it again, try below command
echo 1 > /selinux/enforce.
Some basics of SELinux :
How to disable SElinux?
SElinux is a security feature which was shipped with RHEL5, it is much secure than any other security priviously such as PAM and Initd
Here we are going to see some basics of SElinux.
Step1:Seeing whether SELinux is enabled or not ?
#getenforce
Step2:To see SELinux status in elaborated way you can use sestatus
#sestatus
SElinux status : enabled
SELinux mount : /selinux
Current mode : enforcing
Mode from config file : enforcing
Policy version : 21
Policy from config file : targeted
From the above output we can see that SElinux is enabled and its in enforced mode.
and to see detailed status you can use -b option, this will give which service are SElinux enabled and which services are disabled.
setenforce
/etc/grub.conf and /etc/selinux/config
Step3:disabling SElinux
We can do it in two ways
1)Perminant way : edit /etc/selinux/config
change the status from enable to disable and selinux type from strict to targeted, after changes are made we have to restart, if the server's are in production and don't want to restart the server follow the temporary way of disabling it.
2)Temporary way : echo 0 > /selinux/enforceFor your info if you want to enable it again, try below command
echo 1 > /selinux/enforce.
CREATING FILES IN LINUX
CREATING FILES IN LINUX
Cmd1 : Use touch command to create empty file's
to create file's
SYNTAX: # touch filename
Example:
#touch test
To create multiple files at a time..
#touch {filename1 filename2 filename3}
#touch {1,2,3}{4,5,6}
The above command will create files with 14,15,16,24,25,26,34,35,36 as names by using this you can create n number of files at a time.
For checking weather your files/folders are created you can use ls command.
Cmd2 : Creating files using cat command in combination of output redirecting operator(>)
#cat > filename
Once enter this command you have to enter the content of the file and once you finish it just press Ctrl+d this will save the file. Use again ls command to display the files created.
Cmd3 : Creating a file with any editor(either VI,emacs etc)
#vi filename
Once you execute this command the file will be opened and in order to enter any data we have to first press i to go in to insert mode. Once you type the content in to the file just press esc and :wq to save and quit the file.
Cmd1 : Use touch command to create empty file's
to create file's
SYNTAX: # touch filename
Example:
#touch test
To create multiple files at a time..
#touch {filename1 filename2 filename3}
#touch {1,2,3}{4,5,6}
The above command will create files with 14,15,16,24,25,26,34,35,36 as names by using this you can create n number of files at a time.
For checking weather your files/folders are created you can use ls command.
Cmd2 : Creating files using cat command in combination of output redirecting operator(>)
#cat > filename
Once enter this command you have to enter the content of the file and once you finish it just press Ctrl+d this will save the file. Use again ls command to display the files created.
Cmd3 : Creating a file with any editor(either VI,emacs etc)
#vi filename
Once you execute this command the file will be opened and in order to enter any data we have to first press i to go in to insert mode. Once you type the content in to the file just press esc and :wq to save and quit the file.
Commands On Commands in Linux
Commands On Commands in Linux
With my knowledge i tried to gather below commands, please share your thoughts/experiences through comments.
1.strace -- very much handy when debugging a command/script which will struck in middle of execution. This command will be tough when you start using it initially, but will come hand when start using excessively. And there are some more sister commands for this ie ltrace mtrace which i never used, please give some inputs on these.
For example if we want to see how ls command is executed and want to see what actually ls command is doing? you can check that out by using strace
#strace ls
2.watch --used to see a command executino at a regular intervels(by default 2 sec)
Some valuable examples
a.Monitoring a copy activity of CD/DVD, which will show the progress.
#cp -ar /dev/cdrom /mnt &
#watch ls -l /mnt
b.Watching who are connecting to a system and disconnecting
#watch lsof -i
3.time --To see how much time a command taken to execute, This a handy tool when you want to check how much time your shell script taken to execute.
#time ls
#time shellscript.sh
4.whereis --to find where a command located
#whereis ls
5.whatis --to get one line info on a command
#whatis ls
And a well known man command and info commands to see the details of a command what it can do.
#man ls
#info ls.
With my knowledge i tried to gather below commands, please share your thoughts/experiences through comments.
1.strace -- very much handy when debugging a command/script which will struck in middle of execution. This command will be tough when you start using it initially, but will come hand when start using excessively. And there are some more sister commands for this ie ltrace mtrace which i never used, please give some inputs on these.
For example if we want to see how ls command is executed and want to see what actually ls command is doing? you can check that out by using strace
#strace ls
2.watch --used to see a command executino at a regular intervels(by default 2 sec)
Some valuable examples
a.Monitoring a copy activity of CD/DVD, which will show the progress.
#cp -ar /dev/cdrom /mnt &
#watch ls -l /mnt
b.Watching who are connecting to a system and disconnecting
#watch lsof -i
3.time --To see how much time a command taken to execute, This a handy tool when you want to check how much time your shell script taken to execute.
#time ls
#time shellscript.sh
4.whereis --to find where a command located
#whereis ls
5.whatis --to get one line info on a command
#whatis ls
And a well known man command and info commands to see the details of a command what it can do.
#man ls
#info ls.
BASH_History_Capabalities in Linux
BASH_History_Capabalities in Linux
Though this is a basic topic known to many of you, But I want to share so that some one will get new things.
BASH(Broune Again Shell) is the default shell in Linux, which will act as a communicator between Kernel and user. Its having so many capabilities such as
a.Short cuts
b.Command chaining
c.History
As I mention we will see all about BASH shell history capabilities here. And I have divided this BASH capabilities in to three parts like basics, medium and advanced.
Basic capabilities of BASH History:
1.To see all the commands what we executed previously
#history
2.To check the history size of your system
#echo $HISTSIZE
3.To check where is your history file, which stores all your previous commands
#echo $HISTFILE
4.To browse history.
Just press up/down arrow to browse history
5.To see all the commands which have particular word
#history | grep string
Example:
#history | grep cd
Medium capabilities of Bash history:
6.Some times browsing history is very tedious job and some times we are executing some big big commands so there is a capability in Bash to over come this ie search-i-reverse. For doing this press ctrl+r and type a string in previous command which you want to execute.
Lets see it with an example
root@satish:~#(reverse-i-search)`se': service winbind restart
if you see above I just pressed ctrl+r and then started to type se, it is showing service winbind restart command, so I no need to type entire command and I have to justent press enter
root@satish:~# service winbind restart
* Stopping the Winbind daemon winbind [ OK ]
* Starting the Winbind daemon winbind [ OK ]
root@satish:~#
7.Changing the size of history. Most of the Linux machines by default it can store up to 500 previously executed commands. Some people likes to change it to some value, here i want to keep my previously executed 3000 commands.
#HISTSIZE=3000
8.to execute previous command
#!!
or
!-1
9.To execute 25 command in bash history
#!25
10.To execute a recent command which start with a string
#!string
11.To clear all the history
#HISTSIZE=0
or
#history –c
12.In Linux when we execute some command there will be no output of the command, for example useradd or mount -a commands will not give you output saying that command is executed successfully or not at that time we can used the below command to see whether the previous command is executed successfully or not
#echo $?
If the out put of the above command is "0", that indicates previous command executed successfully, for any other values the command is not executed successfully(total there are 256 values, 0-255).
Advanced capabilities of Bash history:
History Modifiersreferences:
http://linux.about.com/od/commands/l/blcmdl3_history.htm
http://www.linuxtopia.org/online_books/redhat_linux_debugging_with_gdb/using-history-interactively.html
http://docstore.mik.ua/orelly/linux/lnut/ch08_06.htm
http://www.catonmat.net/blog/the-definitive-guide-to-bash-command-line-history/
Though this is a basic topic known to many of you, But I want to share so that some one will get new things.
BASH(Broune Again Shell) is the default shell in Linux, which will act as a communicator between Kernel and user. Its having so many capabilities such as
a.Short cuts
b.Command chaining
c.History
As I mention we will see all about BASH shell history capabilities here. And I have divided this BASH capabilities in to three parts like basics, medium and advanced.
Basic capabilities of BASH History:
1.To see all the commands what we executed previously
#history
2.To check the history size of your system
#echo $HISTSIZE
3.To check where is your history file, which stores all your previous commands
#echo $HISTFILE
4.To browse history.
Just press up/down arrow to browse history
5.To see all the commands which have particular word
#history | grep string
Example:
#history | grep cd
Medium capabilities of Bash history:
6.Some times browsing history is very tedious job and some times we are executing some big big commands so there is a capability in Bash to over come this ie search-i-reverse. For doing this press ctrl+r and type a string in previous command which you want to execute.
Lets see it with an example
root@satish:~#(reverse-i-search)`se': service winbind restart
if you see above I just pressed ctrl+r and then started to type se, it is showing service winbind restart command, so I no need to type entire command and I have to justent press enter
root@satish:~# service winbind restart
* Stopping the Winbind daemon winbind [ OK ]
* Starting the Winbind daemon winbind [ OK ]
root@satish:~#
7.Changing the size of history. Most of the Linux machines by default it can store up to 500 previously executed commands. Some people likes to change it to some value, here i want to keep my previously executed 3000 commands.
#HISTSIZE=3000
8.to execute previous command
#!!
or
!-1
9.To execute 25 command in bash history
#!25
10.To execute a recent command which start with a string
#!string
11.To clear all the history
#HISTSIZE=0
or
#history –c
12.In Linux when we execute some command there will be no output of the command, for example useradd or mount -a commands will not give you output saying that command is executed successfully or not at that time we can used the below command to see whether the previous command is executed successfully or not
#echo $?
If the out put of the above command is "0", that indicates previous command executed successfully, for any other values the command is not executed successfully(total there are 256 values, 0-255).
Advanced capabilities of Bash history:
History Modifiersreferences:
http://linux.about.com/od/commands/l/blcmdl3_history.htm
http://www.linuxtopia.org/online_books/redhat_linux_debugging_with_gdb/using-history-interactively.html
http://docstore.mik.ua/orelly/linux/lnut/ch08_06.htm
http://www.catonmat.net/blog/the-definitive-guide-to-bash-command-line-history/
All About info, man, whatis, whereis, --help Commands
All About info, man, whatis, whereis, --help Commands
Do you know what dmidecode command will do?
Ans : Are you going to search in google about dmidecode? No need to search boss. No need to go any where. Linux provied many help tools to know more about a command. This post is all about these commands they are as follows.
1.info command
2. man command
3. --help option
4. whatis command
5. whereis command
First command in this list is info
1. info command(Information command) :
info is a good command which will describe all about the command in detail. Its like lots and lots of pages of information will be there for a single command.
Example :
info ls
The above command will show full help about ls command which is of 10 pages. This will give full information.
2. man command(manual command)
This will give little bit less descriptive but will provied information which you require, and most of the times each option of a command will be described in one sentence and some times in paragraphs.
Example :
man ls
3. --help option
This option is to give one line discription to each option of the command
Example :
ls --help
Please remember --help may present or not present to a command.
4. whatis command
This will show one line description to a give command,
whatis ls
5.Last but not least
whereis this is not a help command but i feel describing this here. This command will show the location of any command.
whereis ls
Do you know what dmidecode command will do?
Ans : Are you going to search in google about dmidecode? No need to search boss. No need to go any where. Linux provied many help tools to know more about a command. This post is all about these commands they are as follows.
1.info command
2. man command
3. --help option
4. whatis command
5. whereis command
First command in this list is info
1. info command(Information command) :
info is a good command which will describe all about the command in detail. Its like lots and lots of pages of information will be there for a single command.
Example :
info ls
The above command will show full help about ls command which is of 10 pages. This will give full information.
2. man command(manual command)
This will give little bit less descriptive but will provied information which you require, and most of the times each option of a command will be described in one sentence and some times in paragraphs.
Example :
man ls
3. --help option
This option is to give one line discription to each option of the command
Example :
ls --help
Please remember --help may present or not present to a command.
4. whatis command
This will show one line description to a give command,
whatis ls
5.Last but not least
whereis this is not a help command but i feel describing this here. This command will show the location of any command.
whereis ls
Installing YUM server in RHEL4
Installing YUM server in RHEL4
If you are looking for YUM server in RHEL5 you can clickhere other wise just read on..
Recently I came across a strange issue.. ie implementing YUM(Yellow dog Updater and Modifier) server in RHEL4 :(. By the time of RHEL4 released there is no YUM server implementation..
so I did some research and collected some documentation on net and implemented YUM server in RHEL4
configuring YUM server in RHEL4 as follows..
Step1:Download following packages
sqlite-2.8.16-1.2.el4.rf.i386.rpm
python-sqlite-0.5.0-1.2.elr4.rf.i386.rpm
python-urlgrabber-2.9.6-1.2.el4.rf.noaarch.rpm
pytyhon-elementtree-1.26-1.2.el4.rf.noarch.rpm
python-celementtree-1.0.2-1.2.el4.rf.i386.rpm
yum-2.4.2-1.noarch.rpm
yum-utils-0.3.1-1.fc4.noarch.rpm ( we need for repository)
createrepo-0.3.1-1.noarch.rpm
Step2: Install the above mention packages in the same sequence once you download them.
rpm -Uvh sqlite-2.8.16-1.2.el4.rf.i386.rpm
rpm -Uvh python-sqlite-0.5.0-1.2.elr4.rf.i386.rpm
rpm -Uvh python-urlgrabber-2.9.6-1.2.el4.rf.noaarch.rpm
rpm -Uvh pytyhon-elementtree-1.26-1.2.el4.rf.noarch.rpm
rpm -Uvh python-celementtree-1.0.2-1.2.el4.rf.i386.rpm
rpm -Uvh yum-2.4.2-1.noarch.rpm
rpm -Uvh yum-utils-0.3.1-1.fc4.noarch.rpm
rpm -Uvh createrepo-0.3.1-1.noarch.rpm
Step3:Now dump your rpms from your RHEL4 cds/dvd
cp -ar * /var/ftp/pub/Server/
Step4: Create repository
#createrepo -v /var/ftp/pub/Server/
Here yum server will create a repository and metadata once creation of metadata is done we can configure yum client on the same mechine.. as follows
Step5:Creating a repo file and updating with the repository details
#vi /etc/yum.repo.d/server.repo
[server]
name= Redhat repository
baseurl=file:///var/ftp/pub/Server
gpgcheck=0
save the file and exit and start using yum to install packages in RHEL4.
If you are looking for YUM server in RHEL5 you can clickhere other wise just read on..
Recently I came across a strange issue.. ie implementing YUM(Yellow dog Updater and Modifier) server in RHEL4 :(. By the time of RHEL4 released there is no YUM server implementation..
so I did some research and collected some documentation on net and implemented YUM server in RHEL4
configuring YUM server in RHEL4 as follows..
Step1:Download following packages
sqlite-2.8.16-1.2.el4.rf.i386.rpm
python-sqlite-0.5.0-1.2.elr4.rf.i386.rpm
python-urlgrabber-2.9.6-1.2.el4.rf.noaarch.rpm
pytyhon-elementtree-1.26-1.2.el4.rf.noarch.rpm
python-celementtree-1.0.2-1.2.el4.rf.i386.rpm
yum-2.4.2-1.noarch.rpm
yum-utils-0.3.1-1.fc4.noarch.rpm ( we need for repository)
createrepo-0.3.1-1.noarch.rpm
Step2: Install the above mention packages in the same sequence once you download them.
rpm -Uvh sqlite-2.8.16-1.2.el4.rf.i386.rpm
rpm -Uvh python-sqlite-0.5.0-1.2.elr4.rf.i386.rpm
rpm -Uvh python-urlgrabber-2.9.6-1.2.el4.rf.noaarch.rpm
rpm -Uvh pytyhon-elementtree-1.26-1.2.el4.rf.noarch.rpm
rpm -Uvh python-celementtree-1.0.2-1.2.el4.rf.i386.rpm
rpm -Uvh yum-2.4.2-1.noarch.rpm
rpm -Uvh yum-utils-0.3.1-1.fc4.noarch.rpm
rpm -Uvh createrepo-0.3.1-1.noarch.rpm
Step3:Now dump your rpms from your RHEL4 cds/dvd
cp -ar * /var/ftp/pub/Server/
Step4: Create repository
#createrepo -v /var/ftp/pub/Server/
Here yum server will create a repository and metadata once creation of metadata is done we can configure yum client on the same mechine.. as follows
Step5:Creating a repo file and updating with the repository details
#vi /etc/yum.repo.d/server.repo
[server]
name= Redhat repository
baseurl=file:///var/ftp/pub/Server
gpgcheck=0
save the file and exit and start using yum to install packages in RHEL4.
SAMBA Server Configuration
SAMBA Server Configuration
SAMBA(SMB server) is a file sharing server. Which is used to share files between Windows, Linux and Unix Systems. SMB(Server Message Block) is a proprietary protocol which is developed by Microsoft
Lets see how we can configure SAMBA in Linux.
Step1 : Create a directory where you want to keep data and share with other remote systems(either windows/Solaris/in fact any unix flavor etc).
#mkdir /share1
Step2 : Installing Samba server
#yum install samba
Step3 : Once we install Samba server, configure it using its main configuration file(/etc/samba/smb.conf)
Step3(a) : Open smb.conf file and specify the work group where this server belongs
#vi /etc/samba/smb.conf
search for workgroup word and specify your work group name
workgroup = windows-group.
Why we require this workgroup?
Ans : When windows user try to access any network resource they first try to access my network places and then search for workgroup then to server. So definitly we have to specify this workgroup entry in smb.conf file.
Step3(b) : So now we have to give a name to this samba server, search for "server string" with out quotes then provide the samba server name(here that name is linux-share)
server string = linux-share
Step3(c):Now specify the share details, which folder you want to share. To whom you want to share? Goto last line of the smb.conf file specify your shared folder details as follows.
[myshare]
comment = "This is my Linux data want to share with my windows users"
path = /share1
valid users = user1 user2
writable = no
privatable = no
browsable =yes.
After giving this seven entries just save and exit the file.
Let me explain each and every thing what we used here.
a.[myshare] --This is my share name, so when ever any user accessed my samba server through network this will be visible as folder shared.
b.comment -- This is just a comment, which will help to know what is this share for.
c.path -- This is used to specify which folder on my samba machine to share.
d.valid users --This will specifies which user is having access on this folder.
e.writable --This will specify whether users are able to write or not, In this example the can just read the folder and copy.
f.Privatable --This will indicate whether this folder is private or not.
g.browsable -- This is used to specify whether the folder content is browsable or not.
Step4 : Now create passwords for the users who are going to access this samba share remotely.
#smbpasswd -a user1
#smbpasswd -a user2
Please specify the passwords for this 2 users and this passwords will be stored in /etc/samba/smbpasswd
Step5 : check for the syntax for your smb.conf file if in case you did any mistake
#testparm
Step6 : Restart the samba service
#service smb restart
Step7 : Permanently on the smb service, So that after rebooting the system too our server will start running.
#chkconfig smb on
Please check my other post how to mount or see the SAMBA shares here.
SAMBA(SMB server) is a file sharing server. Which is used to share files between Windows, Linux and Unix Systems. SMB(Server Message Block) is a proprietary protocol which is developed by Microsoft
Lets see how we can configure SAMBA in Linux.
Step1 : Create a directory where you want to keep data and share with other remote systems(either windows/Solaris/in fact any unix flavor etc).
#mkdir /share1
Step2 : Installing Samba server
#yum install samba
Step3 : Once we install Samba server, configure it using its main configuration file(/etc/samba/smb.conf)
Step3(a) : Open smb.conf file and specify the work group where this server belongs
#vi /etc/samba/smb.conf
search for workgroup word and specify your work group name
workgroup = windows-group.
Why we require this workgroup?
Ans : When windows user try to access any network resource they first try to access my network places and then search for workgroup then to server. So definitly we have to specify this workgroup entry in smb.conf file.
Step3(b) : So now we have to give a name to this samba server, search for "server string" with out quotes then provide the samba server name(here that name is linux-share)
server string = linux-share
Step3(c):Now specify the share details, which folder you want to share. To whom you want to share? Goto last line of the smb.conf file specify your shared folder details as follows.
[myshare]
comment = "This is my Linux data want to share with my windows users"
path = /share1
valid users = user1 user2
writable = no
privatable = no
browsable =yes.
After giving this seven entries just save and exit the file.
Let me explain each and every thing what we used here.
a.[myshare] --This is my share name, so when ever any user accessed my samba server through network this will be visible as folder shared.
b.comment -- This is just a comment, which will help to know what is this share for.
c.path -- This is used to specify which folder on my samba machine to share.
d.valid users --This will specifies which user is having access on this folder.
e.writable --This will specify whether users are able to write or not, In this example the can just read the folder and copy.
f.Privatable --This will indicate whether this folder is private or not.
g.browsable -- This is used to specify whether the folder content is browsable or not.
Step4 : Now create passwords for the users who are going to access this samba share remotely.
#smbpasswd -a user1
#smbpasswd -a user2
Please specify the passwords for this 2 users and this passwords will be stored in /etc/samba/smbpasswd
Step5 : check for the syntax for your smb.conf file if in case you did any mistake
#testparm
Step6 : Restart the samba service
#service smb restart
Step7 : Permanently on the smb service, So that after rebooting the system too our server will start running.
#chkconfig smb on
Please check my other post how to mount or see the SAMBA shares here.
VSFTP SSL Server Configuration
FTPS Server Configuration
vsftpd which abrivated to Very Secure File Transfer Demon(vsftpd). But when we see the security prospective of this package there is no much security included with this package. I mean when you login to server the credentials are transfered in plain text. So by defalut root user is not allowed to login to ftp server.
To eliminate transfering data in plain text and to encrypt the entire transmission we can take help from open ssl to generate a certificate and use SSL certificate when communicating with FTP server. This is nothing but a FTPS server.
Some file transfers you should know are.
1. TFTP(Trivial File Transfer Protocol which uses UDP for transmission) –high data rates/not secure
2. (This protocol uses SSH in backend, so you no need to run an FTP server) –secure
3. FTP(This is normal ftp transfer which uses TCP) –not secure
4. FTPS(FTP+SSL certificate to encrypt data transmission)
5. Over SSH(this is a kind of ftp tunnel on SSH protocol)
In this post we will see how you can configure SSL certificate for VSFTPD.
Step1 : Check the following packages on the server and if they are not install please install them.
#yum install openssl
#yum install vsftpd
Step2 : Generate rsa key in /etc/vsftpd folder as below.
#cd /etc/vsftpd
#/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
The clipped output for your reference
[root@v-itig42 vsftpd]# /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
Generating a 1024 bit RSA private key
....................................................++++++
..........................................++++++
writing new private key to 'vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated.
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Andhra Pradesh
Locality Name (eg, city) [Newbury]:Vijaywada
Organization Name (eg, company) [My Company Ltd]:Linuxnix Systems Limited
Organizational Unit Name (eg, section) []: IT admin Group
Common Name (eg, your name or your server's hostname) []:ftp2.linuxnix.co.in
Email Address []:surendra@linuxnix.co.in
Step3 : Once the Certificate is generated, certificate is kept in /etc/vsftpd folder. We have to provide this entry in vsftpd.conf along some ssl configurations.
Step4 : Edit vsftpd.conf and give enteris at the last of the file.
#vi /etc/vsftpd/vsftpd.conf
#For SSL on specify yes to below option.
ssl_enable=YES
# To allow anonysonomous users to use SSL
allow_anon_ssl=YES
# if you want local users to use both ssl as well unsecure way of transmission of data plz specify no to below option.
force_local_data_ssl=NO
#If you want to allow all the login credentials which are transmitted should be sent with encryption #pleas use below option to force them to use only ssl connection at the time of login.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
#Please pecifies the location of the RSA certificate to use for SSL encrypted connections
, which we #created some time back.
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Now save and exit the vsftpd file
Step5 : Restart the vsftpd service.
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
Start accessing the ftp server with user name credentials with filezila or some other FTP clients which will support SSL/TSL. If you want to access ftps sites through browsers its not possible. We have to have addon called fireftp. Then only we can access ftps:// site. Here in this example I used filezila.
vsftpd which abrivated to Very Secure File Transfer Demon(vsftpd). But when we see the security prospective of this package there is no much security included with this package. I mean when you login to server the credentials are transfered in plain text. So by defalut root user is not allowed to login to ftp server.
To eliminate transfering data in plain text and to encrypt the entire transmission we can take help from open ssl to generate a certificate and use SSL certificate when communicating with FTP server. This is nothing but a FTPS server.
Some file transfers you should know are.
1. TFTP(Trivial File Transfer Protocol which uses UDP for transmission) –high data rates/not secure
2. (This protocol uses SSH in backend, so you no need to run an FTP server) –secure
3. FTP(This is normal ftp transfer which uses TCP) –not secure
4. FTPS(FTP+SSL certificate to encrypt data transmission)
5. Over SSH(this is a kind of ftp tunnel on SSH protocol)
In this post we will see how you can configure SSL certificate for VSFTPD.
Step1 : Check the following packages on the server and if they are not install please install them.
#yum install openssl
#yum install vsftpd
Step2 : Generate rsa key in /etc/vsftpd folder as below.
#cd /etc/vsftpd
#/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
The clipped output for your reference
[root@v-itig42 vsftpd]# /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
Generating a 1024 bit RSA private key
....................................................++++++
..........................................++++++
writing new private key to 'vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated.
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Andhra Pradesh
Locality Name (eg, city) [Newbury]:Vijaywada
Organization Name (eg, company) [My Company Ltd]:Linuxnix Systems Limited
Organizational Unit Name (eg, section) []: IT admin Group
Common Name (eg, your name or your server's hostname) []:ftp2.linuxnix.co.in
Email Address []:surendra@linuxnix.co.in
Step3 : Once the Certificate is generated, certificate is kept in /etc/vsftpd folder. We have to provide this entry in vsftpd.conf along some ssl configurations.
Step4 : Edit vsftpd.conf and give enteris at the last of the file.
#vi /etc/vsftpd/vsftpd.conf
#For SSL on specify yes to below option.
ssl_enable=YES
# To allow anonysonomous users to use SSL
allow_anon_ssl=YES
# if you want local users to use both ssl as well unsecure way of transmission of data plz specify no to below option.
force_local_data_ssl=NO
#If you want to allow all the login credentials which are transmitted should be sent with encryption #pleas use below option to force them to use only ssl connection at the time of login.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
#Please pecifies the location of the RSA certificate to use for SSL encrypted connections
, which we #created some time back.
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Now save and exit the vsftpd file
Step5 : Restart the vsftpd service.
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
Start accessing the ftp server with user name credentials with filezila or some other FTP clients which will support SSL/TSL. If you want to access ftps sites through browsers its not possible. We have to have addon called fireftp. Then only we can access ftps:// site. Here in this example I used filezila.
Vi Editor Commands
Notes For Vi Editor
VI editor is the default file editor in most of the Linux/Nix machines. It is having great capabilities to edit a file with in few key strokes.
Lets start with some general information and then move on to some good things what vi editor can do for you while editing a file.
1. Vi stands for visual.
2. Vi have its variants like vim which stands for Vi IMproved, VimX11 for gui and winvi for MS windows.
3. Vi is the most popular editor and next most popular editor is gedit.
4. Do you know there is a book on VI editor from orally which is of 600+ pages.
5. Some other editors which will do the work of editing files are neno, pico, gedit, emacs, joe, nedit, ed etc.
Learning vi editor and remembering them is a very a easy task if you learn it in a systematic way.
a. Modes of VI
b. Navigational commands
c. Editing commands.
d. Search and Replace
e. Save and quiting a file.
a. Modes of VI :
Vi have two mode of operation.
1. Command mode
2. Inserting mode
Command mode :
Vi editor begins in command mode, where cursor movement(navigation in the file) and editing occur. To enter in to command mode from Inserting mode press esc button.
Inserting mode :
Used for entering text, this is similar to notepad in Windows. To enter in to inserting mode you can use any of the following.
i or I => present line
o => one line down the present line
O => one line above
Note : All comments will work in command mode only.
b. Navigational commands :
1. Character navigation k, h, l and j
h => To move one character left.
j => To move one line down.
k => To move one line up.
l => To move one character right.
How to use above commands in clever way?
Examples :
6j => to move 6 lines down from the present courser.
7k => to move 7 lines above from the present courser.
2. Word Navigation
w => word forward.
e =>word forward, but end of the word.
b => one word backward.
Examples :
32w => To move 32 words forward
6b => To move 6 words back.
3. Setting (nu) mbering to lines
:set nu
Removing of (nonu)mbering to lines
:set nonu
4. Moving paragraphs
move one paragraph up => {{
move one paragraph down => }}
5. Moving page up/down
For up => ctrl+b
For down => ctrl+f
6. Moving start/end of the file
Starting of the file(first line => [[
End of the file(last line) => ]]
7. Going to any line :
:lineno
Example :
If we want to go to 56 line then type
:56
c. Editing commands
8. Replace one letter
Replace one letter => r
Delete one letter => x
9. Editing one word
Edit one word => cw
Delete one word => dw
10. Editing one line
Editing a line from courser to the end of that line => d$
11. Cutting
deleting(cutting) one line => dd
Examples :
2dd(deleting/cutting two lines)
12. Pasting
Pasting a line below the courser => p
Pasting a line above the courser => P
13. Coping
Copying one line => yy
Copying n lines => nyy
14. Special commands
joining lines => J
undoing things => u
repeating previous command => .
d. Search and replace
15. Search for a term /term
Example : If you want to search for suresh then press /suresh enter
/suresh
Moving to next occurrence, press "n" with out quotes moving to previous occurrence, press "N" with out quotes.
16. Searching and replacing a term(here separator is / )
:%s/searchterm/replaceterm/g
change default separator
:%s_/home/surya/grade_/home/testing/dest_g
To search and replace particular term from given line to other given line.
:%s294,304/sahana/xyz/g
e)Save and quiting a file
:w => save the file
:q => quit the file
:wq => save and quit
:w! => force save the file
:q! => force quit with out save
:wq => save and quit forcefully.
VI editor is the default file editor in most of the Linux/Nix machines. It is having great capabilities to edit a file with in few key strokes.
Lets start with some general information and then move on to some good things what vi editor can do for you while editing a file.
1. Vi stands for visual.
2. Vi have its variants like vim which stands for Vi IMproved, VimX11 for gui and winvi for MS windows.
3. Vi is the most popular editor and next most popular editor is gedit.
4. Do you know there is a book on VI editor from orally which is of 600+ pages.
5. Some other editors which will do the work of editing files are neno, pico, gedit, emacs, joe, nedit, ed etc.
Learning vi editor and remembering them is a very a easy task if you learn it in a systematic way.
a. Modes of VI
b. Navigational commands
c. Editing commands.
d. Search and Replace
e. Save and quiting a file.
a. Modes of VI :
Vi have two mode of operation.
1. Command mode
2. Inserting mode
Command mode :
Vi editor begins in command mode, where cursor movement(navigation in the file) and editing occur. To enter in to command mode from Inserting mode press esc button.
Inserting mode :
Used for entering text, this is similar to notepad in Windows. To enter in to inserting mode you can use any of the following.
i or I => present line
o => one line down the present line
O => one line above
Note : All comments will work in command mode only.
b. Navigational commands :
1. Character navigation k, h, l and j
h => To move one character left.
j => To move one line down.
k => To move one line up.
l => To move one character right.
How to use above commands in clever way?
Examples :
6j => to move 6 lines down from the present courser.
7k => to move 7 lines above from the present courser.
2. Word Navigation
w => word forward.
e =>word forward, but end of the word.
b => one word backward.
Examples :
32w => To move 32 words forward
6b => To move 6 words back.
3. Setting (nu) mbering to lines
:set nu
Removing of (nonu)mbering to lines
:set nonu
4. Moving paragraphs
move one paragraph up => {{
move one paragraph down => }}
5. Moving page up/down
For up => ctrl+b
For down => ctrl+f
6. Moving start/end of the file
Starting of the file(first line => [[
End of the file(last line) => ]]
7. Going to any line :
:lineno
Example :
If we want to go to 56 line then type
:56
c. Editing commands
8. Replace one letter
Replace one letter => r
Delete one letter => x
9. Editing one word
Edit one word => cw
Delete one word => dw
10. Editing one line
Editing a line from courser to the end of that line => d$
11. Cutting
deleting(cutting) one line => dd
Examples :
2dd(deleting/cutting two lines)
12. Pasting
Pasting a line below the courser => p
Pasting a line above the courser => P
13. Coping
Copying one line => yy
Copying n lines => nyy
14. Special commands
joining lines => J
undoing things => u
repeating previous command => .
d. Search and replace
15. Search for a term /term
Example : If you want to search for suresh then press /suresh enter
/suresh
Moving to next occurrence, press "n" with out quotes moving to previous occurrence, press "N" with out quotes.
16. Searching and replacing a term(here separator is / )
:%s/searchterm/replaceterm/g
change default separator
:%s_/home/surya/grade_/home/testing/dest_g
To search and replace particular term from given line to other given line.
:%s294,304/sahana/xyz/g
e)Save and quiting a file
:w => save the file
:q => quit the file
:wq => save and quit
:w! => force save the file
:q! => force quit with out save
:wq => save and quit forcefully.
Subscribe to Posts [Atom]