SSH short for Secure SHell is cryptographic network protocol. It is widely used in UNIX/Linux(but not limited to) world to allow clients to securely connect to a server. It is replacing older and insecure protocols like rsh and telnet. In addition to security it add tunneling for other protocols.
And since it is widely used it is often exploited to get unauthorized access to the system.
Enough general information. Back to the topic.
There are few simple rules on how to protect:
- If you do not need it do not enable it
- Restrict access
- Change listening port
- Use version 2 (if possible)
- Disallow root access
- Use strong passwords
- Block access
- Use key authentication
- Use “One time passwords”
- Show Warning message
Your comments are welcome.
If you finally decided to add protection to your valuable data by using software RAID 1 – congrats. You are on the right path. But do not forget that you still need good backup.
If you have only 1 additional drive the procedure is more difficult, but still possible.
Note1: Try following procedure on your own risk. Preferably testing it on non-prod machine.
Note2: /dev/sdb is secondary disk it could vary for you.
First you create degraded RAID 1
mdadm –create /dev/md0 -l raid1 -f -n 1 /dev/sdb1
Add it to mdadm.conf
mdadm –detail –scan >> /etc/mdadm.conf
Inform it the there is second disc
mdadm –grow /dev/md0 -n 2
Here you create partition on degraded drive and copy data from first disk
Repartition first disk if needed and add it to the array.
mdadm –manage /dev/md1 –add /dev/sda1
Note that this is just skeleton of steps and not full step by step tutorial.
Recently Shorewall (Shoreline Firewall) released new version 4.5.0.
This version introduced new packing. From this version you have follwoing packages:
- Shorewall Core – Core libraries installed in /usr/share/shorewall/
- Shorewall – Requires Shorewall Core. Together with Shorewall Core, provides IPv4 firewalling.
- Shorewall6 – Requires Shorewall. Provides IPv6 firewalling.
- Shorewall Lite – Requires Shorewall Core. As before.
- Shorewall6 Lite – Requires Shorewall Core. As before.
- Shorewall Init – As before.
Since we have Core package now to upgrade from 4.4.x version you need to update at least 2 packages – core and shorewall.
To do that in CentOS 5 the spteps are follwoing (in your case probably versions will be different):
1. Download new packages
wget http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-126.96.36.199-1.el5.noarch.rpm http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-188.8.131.52-1.el5.noarch.rpm.
2. Upgrade shorewall
rpm -Uvh shorewall-core-184.108.40.206-1.el5.noarch.rpm shorewall-220.127.116.11-1.el5.noarch.rpm
error: Failed dependencies:
perl(Digest::SHA1) is needed by shorewall-18.104.22.168-1.el5.noarch
In my case additional package was required so I have to install it:
yum install perl-Digest-SHA1
and update again
3. Check configuration
4. Restart shorewall
First what is IPMI?
IPMI stands for Intelligent Platform Management Interface standardized computer interface for administrators to manage computer system and monitor its operation.
It is supported by most major providers – Intel (of course), Dell, HP…
Installation is really simple:
yum install OpenIPMI OpenIPMI-tools chkconfig ipmi on service ipmi start
If you see error at last command check system log – it is possible that your hardware does not support IPMI.
To to see what you can do with it:
ipmitool help man ipmitool
Recently I had to create a bash script to copy some files based on date.
The rule was copy yesterday’s files to …
But How to determine what was the yesterdays date?
The answer was in date man page.
Here are the parts from the script related to yesterday date:
$date -d '1 day ago' +'%Y/%m/%d' 2011/06/02
on Internet I’ve found also:
date --date='yesterday' Thu Jun 2 14:01:28 EDT 2011
And (Bonus!!) if you want to go in future 😉
date --date='tomorrow' Sat Jun 4 14:04:29 EDT 2011
After release of Debian 6.0 (squeeze) the question of how to upgrade from previous version to the latest.
It appears to be fairly simple process:
1. Edit sources.list
2. Replace distribution name (I appeared to have Lenny) with Squeeze.
Note: DebianVolatile has been superseded by squeeze-updates since Debian Squeeze.
To use squeeze-updates just add
deb http://mirrors.kernel.org/debian squeeze-updates main contrib
Then as usual:
When working from Linux to a windows machine via remote desktop the obvious choice is tsclient.
In windows you just move your cursor at the top of the screen to the control bar and there you can click the button for windowed mode.
But tsclient does not have that instead you can use following keyboard combination: “Ctrl-Alt-Enter”.
Tip: To improve tsclient performance just go to performance tab and check enable bitmap caching.
Recently I had to check DNS records on specific server from Debian.
Excellent tool for this job is dig – it allows you to see all DNS records like: A, MX, TXT…
Unfortunately the tool was not installed.
The proper way of installing it is:
apt-get update && apt-get install dnsutils
In case you did update recently you can skip the first command.
From long time I did not update KompoZer page, but there was no stable version.
Anyway I’ve decided to publish an updated (even it is considered
And for those of you who do not know the program:
KompoZer is a complete web authoring system that combines web file management and easy-to-use WYSIWYG web page editing.
KompoZer is designed to be extremely easy to use, making it ideal for non-technical computer users who want to create an attractive, professional-looking web site without needing to know HTML or web coding.
Visit my Kompozer RPM package page to download.
I love screen – it allows you to detach you console and still have the program running.
For more info:
Recently I experienced following error:
$ screen -r
Cannot open your terminal '/dev/pts/0' - please check.
After searching for solution I found several instructing to change permissions etc.
But different solution, almost “hack” is the one I like.
Before starting screen type:
And after that you can type:
Only drawback is that you need to type one additional exit for script to terminate.
Credits for this to Harry Jackson. Unfortunately the resource was not available so i did to put a link to the site.