Nov
25
Protect SSH logins
Filed Under Linux | Leave a Comment
SSH short for Secure SHell is cryptographic network protocol. It is widely used in UNIX/Linux(but not limited to) world to allow clients to securely connect to a server. It is replacing older and insecure protocols like rsh and telnet. In addition to security it add tunneling for other protocols.
And since it is widely used it is often exploited to get unauthorized access to the system.
Enough general information. Back to the topic.
There are few simple rules on how to protect:
- If you do not need it do not enable it
- Restrict access
- Change listening port
- Use version 2 (if possible)
- Disallow root access
- Use strong passwords
- Block access
- Use key authentication
- Use “One time passwords”
- Show Warning message
Your comments are welcome.
Nov
17
Create degraded RAID 1 array
Filed Under Linux, Uncategorized | Leave a Comment
If you finally decided to add protection to your valuable data by using software RAID 1 – congrats. You are on the right path. But do not forget that you still need good backup.
If you have only 1 additional drive the procedure is more difficult, but still possible.
Note1: Try following procedure on your own risk. Preferably testing it on non-prod machine.
Note2: /dev/sdb is secondary disk it could vary for you.
First you create degraded RAID 1
mdadm –create /dev/md0 -l raid1 -f -n 1 /dev/sdb1
Validate
cat /proc/mdstat
Add it to mdadm.conf
mdadm –detail –scan >> /etc/mdadm.conf
Inform it the there is second disc
mdadm –grow /dev/md0 -n 2
Here you create partition on degraded drive and copy data from first disk
Repartition first disk if needed and add it to the array.
mdadm –manage /dev/md1 –add /dev/sda1
Note that this is just skeleton of steps and not full step by step tutorial.
Mar
6
Upgrade Shorewall from 4.4.x to 4.5.x
Filed Under Linux | Leave a Comment
Recently Shorewall (Shoreline Firewall) released new version 4.5.0.
This version introduced new packing. From this version you have follwoing packages:
- Shorewall Core – Core libraries installed in /usr/share/shorewall/
- Shorewall – Requires Shorewall Core. Together with Shorewall Core, provides IPv4 firewalling.
- Shorewall6 – Requires Shorewall. Provides IPv6 firewalling.
- Shorewall Lite – Requires Shorewall Core. As before.
- Shorewall6 Lite – Requires Shorewall Core. As before.
- Shorewall Init – As before.
Since we have Core package now to upgrade from 4.4.x version you need to update at least 2 packages – core and shorewall.
To do that in CentOS 5 the spteps are follwoing (in your case probably versions will be different):
1. Download new packages
wget http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.0.2-1.el5.noarch.rpm http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.0.2-1.el5.noarch.rpm.
2. Upgrade shorewall
rpm -Uvh shorewall-core-4.5.0.2-1.el5.noarch.rpm shorewall-4.5.0.2-1.el5.noarch.rpm
error: Failed dependencies:
perl(Digest::SHA1) is needed by shorewall-4.5.0.2-1.el5.noarch
In my case additional package was required so I have to install it:
yum install perl-Digest-SHA1
and update again
3. Check configuration
shorewall check
4. Restart shorewall
shorewall restart
Aug
10
CentOS – install IPMI
Filed Under Command line, Howto, Linux | Leave a Comment
First what is IPMI?
IPMI stands for Intelligent Platform Management Interface standardized computer interface for administrators to manage computer system and monitor its operation.
It is supported by most major providers – Intel (of course), Dell, HP…
Installation
Installation is really simple:
yum install OpenIPMI OpenIPMI-tools chkconfig ipmi on service ipmi start
If you see error at last command check system log – it is possible that your hardware does not support IPMI.
Usage
To to see what you can do with it:
ipmitool help man ipmitool
Enjoy:)
Jun
3
Bash: Get yesterday’s date
Filed Under Command line, Howto, Linux, Unix | 2 Comments
Recently I had to create a bash script to copy some files based on date.
The rule was copy yesterday’s files to …
But How to determine what was the yesterdays date?
The answer was in date man page.
Here are the parts from the script related to yesterday date:
$date -d '1 day ago' +'%Y/%m/%d' 2011/06/02
on Internet I’ve found also:
date --date='yesterday' Thu Jun 2 14:01:28 EDT 2011
And (Bonus!!) if you want to go in future 😉
date --date='tomorrow' Sat Jun 4 14:04:29 EDT 2011
Happy scripting…
Apr
23
Debian – upgrade to Squeeze
Filed Under Howto, Linux | Leave a Comment
After release of Debian 6.0 (squeeze) the question of how to upgrade from previous version to the latest.
It appears to be fairly simple process:
1. Edit sources.list
vi /etc/apt/sources.list
2. Replace distribution name (I appeared to have Lenny) with Squeeze.
%s/lenny/squeeze/g
Note: DebianVolatile has been superseded by squeeze-updates since Debian Squeeze.
To use squeeze-updates just add
deb http://mirrors.kernel.org/debian squeeze-updates main contrib
to sources.list
Then as usual:
apt-get update
apt-get dist-upgrade
Feb
16
tsclient toggle full screen mode
Filed Under Howto, Linux | Leave a Comment
When working from Linux to a windows machine via remote desktop the obvious choice is tsclient.
In windows you just move your cursor at the top of the screen to the control bar and there you can click the button for windowed mode.
But tsclient does not have that instead you can use following keyboard combination: “Ctrl-Alt-Enter”.
Tip: To improve tsclient performance just go to performance tab and check enable bitmap caching.
Aug
22
Install dig in Debian
Filed Under Fix, Linux | Leave a Comment
Recently I had to check DNS records on specific server from Debian.
Excellent tool for this job is dig – it allows you to see all DNS records like: A, MX, TXT…
Unfortunately the tool was not installed.
The proper way of installing it is:
apt-get update && apt-get install dnsutils
In case you did update recently you can skip the first command.
Aug
1
Kompozer 0.8b3
Filed Under Linux, news | Leave a Comment
From long time I did not update KompoZer page, but there was no stable version.
Anyway I’ve decided to publish an updated (even it is considered
development) version.
And for those of you who do not know the program:
KompoZer is a complete web authoring system that combines web file management and easy-to-use WYSIWYG web page editing.
KompoZer is designed to be extremely easy to use, making it ideal for non-technical computer users who want to create an attractive, professional-looking web site without needing to know HTML or web coding.
Visit my Kompozer RPM package page to download.
Jul
31
screen -r : Cannot open your terminal ‘/dev/pts/0’ – please check.
Filed Under Fix, Linux, Unix | 3 Comments
I love screen – it allows you to detach you console and still have the program running.
For more info:
man screen
Recently I experienced following error:
$ screen -r
Cannot open your terminal '/dev/pts/0' - please check.
After searching for solution I found several instructing to change permissions etc.
But different solution, almost “hack” is the one I like.
Before starting screen type:
script /dev/null
And after that you can type:
screen -r
Only drawback is that you need to type one additional exit for script to terminate.
Credits for this to Harry Jackson. Unfortunately the resource was not available so i did to put a link to the site.