Showing posts from December, 2018
- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
BASICS OF BASH SCRIPTING variables Script file ends/extension with sh. Creating a script file below Vim #!/bin/bash ##Write she-bang sentence (it informs the shell what kind of programming lang it contains) #!/bin/php #!/bin/perl #!/bin/python ### so on #Comments – very imp to write what your program execute for/created for # for ex This script is created to do blah blah # this script is created by #Variables: these are executed by bash programming lang as of other lang(common concept) Var=value (string,no,char etc) Echo $Var # $ -used to execute variable or command #end Now make the file excutable Chmod +x Sh ## execute using sh Ex2: Take backup from /etc #!/bin/bash #this scri...
- Get link
- X
- Other Apps
CHANGE PASSWORD AND ADJUST PASSWORD POLICES FOR SINGLE USER AND ALL USERS AT A TIME: vim /etc/login.defaults which allows to set specific parameters for passwords of the users like pwd length, include special chars, no’s and password expiry, etc… password hashes are located in /etc/shadow(password policy info). Ex: root:$6$neBVcz0K$7zTq20kWszOZKaqRO.4KOgLkwNQPjEi0/xatTa9h2tjfdnWUuv/QaWnt44DqZjMz5YHoc1hcPTgCJiYn5tRd5.:17266:0:99999:7::: <user>:<passwordhash>:<last pwd date>:<min days before pwd can be changed >:<max no of days before pwd can be changed>:<no of days one should get warning to change pwd>:<no of days account remains active after pwd has expired if it exceeds your account is locked>:<expiration date(yyyy-mm-dd)> How to we manage above By using (usermod,passwd,chage) commands. ...
- Get link
- X
- Other Apps
MANAGE USERS AND GROUPS id - gives the info about the user u logged in. +++++++++++++++++ uid=0(root) gid=0(root) groups=0(root) ++++++++++++++++ Root user always having user id 0 1-200 user id – system users for specific redhat process’s /for redhat file owned process’s. 201-999 - system users for specific redhat process’s but they won’t files on the system. Ex: apache (/usr/sbin/nologin) From 1000 : id’s will be assigned when we create new user accounts. You can see users in /etc/passwd neelu:x:1001:1001::/home/neelu:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin ##user can’t ssh because /sbin/nologin <user_name>:<pwd linked to some where /etc/shadow>:uid:gid:<arbitrary field,user defined>:<home_dire>:<shell to use> Each user exactly have 1 primary group. Whenever user crea...
- Get link
- X
- Other Apps
INSTALL AND CONFIGURE WEBSERVER yum search apache yum search apache | grep "server" it provide list of the packages and now install apache or http server by following cmnd's yum install httpd systemctl start httpd systemctl status httpd root of the apache web server located in /var/www cgi-bin html folders are there intially. you can put html pages in html folder DocumentRoot=/var/www/html (cmd to connect internet using dhcp - dhclient) now connect the server ex in windows machinf open browser and type - if u r not getting. ping ip from windows machine (if it is connected then there is problem with polices) now in server give iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT or iptables -A INPUT -p tcp --dport 80 -j ACCEPT to check policy iptables _L | grep 80 to delete policy iptables -D INPUT 1 or iptables -D INPUT -p tcp --dport 80 -j ACCEPT now connect to http server it's working config file of http /et...
- Get link
- X
- Other Apps
CONFIGURING KEY BASED SSH AUTHENTICATION yum search ssh yum install openssh-server.x86_64 failed (if yum is locked then update it yum update) - need to check bcz yum packet manager actually occupied with package git ps -aux | grep -i packge now allow port iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT firewall-cmd --permanent --add-port=22/tcp systemctl start sshd now connect in linux ssh username@ip -p <portno> in windows connect using putty password less login secure bcz if someone know username and pwd they connect the server easily pwdlesslogin provide connecting server with keys edit config file vi /etc/ssh/sshd_config PermitRootLogin no (by default it is yes with #) RSAAuthentication yes - insert it PubkeyAuthentication yes - uncomment it PasswordAuthentication no(by default it is yes) after changes systemctl restart sshd now go to client and make preparations for pwd less login and attemp the login by generating key ssh-keygen ...
- Get link
- X
- Other Apps
ALL ABOUT SELINUX: it stands for security enhanced linux it is neither a fw nor antivirus it is implementation of manadatory access control mechanism in the linux kernal this is 2 nd ry check of access controls in addition to the DIC(discreasnory access control) DIC ex: ls -l d--------- --->file permissions -rwxr--r-- ---> (authorised users can do) --root use may not have all the permissions in some cases these DIC permissions are checked 1 st later anything selinux dictates are checked(selinux polices are applied) selinux can enforce rules on files and process's in linux sys. and it can also enforce rules on their actions based on certain defined polices selinux wil treat all files in linux as object's and process's wheter user or system generated as subjiects most os's are lay on DIC for access management selinux in linux os provide fine grain contorl(with DIC it is not possible) (bcz individual users can c...
- Get link
- X
- Other Apps
CONFIGURING LVMS fdisk /dev/sdb t - to change partition id(system id) - to lvm choose part no - 1 to n L - to see hex codes 8e - Linux LVM then w changes. if you want to do it in mounted file system it will through a warning ++++++++++++++++++++++++++++++++++++++++++++ Re -reading the partition table failed with error 16: Device or resource busy. The kernal still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) syncking disks. +++++++++++++++++++++++++++++++++++ to see the changes fdisk -l unmount the file system umount /mnt/udemy fdisk /dev/sdb t 2 8e w no warning's lvm - allow us to dynamically resize the space on the drive we don't need to know in advance how much drive we need for partition used for hot plug options(defected drive-hint) layers of abstraction: ## ###### FILE SYSTEM ...
- Get link
- X
- Other Apps
CONFIGURATION OF LUKS it provides extra layer of security to disks. Linux unified key ststem ex: add a disk reboot system check wheter it is added or not fdisk -l or fdisk /dev/sdc sdc- 8G now create vg vgcreate luks-group /dev/sdc now create lv lvcreate -n lv-luks -L 7G luks-group check above created once with vgs lvs creating passphrase: CRYPTSETUP:- CMD cryptsetup: manage plain dm-crypt and LUKS encrypted volumes once encrypted. if u forget the key then 99.99% u can not retrieve back. EX: cryptsetup -v -y luksFormat /dev/mapper/luks--group-lv--luks v- verbose y - verify the passphrase by asking for it twice luksFormat - format a luks device enter passphrase, now i have given DIVYAMD450 it asks again for verification. NOW OPEN IT (WITH ALIAS): crypysetup luksOpen /dev/mapper/luks--group-lv--luks LUKS (open with LUKS) asks for passphrase enter it NOW FORMAT FILESYSTEM: mkfs.xfs /dev/mapper/LUKS NOW CREATE MOUNT POINT: mkdir /mnt/L...
- Get link
- X
- Other Apps
INSTALL,CONFIGURE AND TEST FTP install vsftpd -ftp sever yum install vsftpd systemctl start vsftd inorder to work this 1 st disable selinux - edit file vim /etc/selinux/config SELINUX=disabled rebbot the machine to apply selinx changes now edit vsftdd conf file vim /etc/vsftpd/vsftd.conf anonymous_enable means login anonymous users to download whatever they want from ftp server local_umask=022 which sets the permission for users anon_upload_enable means anonymous upload from the users.u should not allow logs stored: /var/log/xferlog - by default listen=NO listen_ipv6=YES by default it listens on ipv4 sockets. in this ex used all the conf as it is but added below lines as a part of trouble shoting bcz had lot of problem with ftp,with fw for time being add below pasv_enable=YES means passive mode for ftp is enabled pasv_max_port=40000 maximum port to be 40000 pasv_min_port=40000 minimum port to be 40000 whic...