route -r
This command shows default gateway of the network. The row with UG flag is the default gateway of network
cat /proc/cpuinfo
This command shows CPU information
cat /proc/meminfo
This command show memory (RAM) info
finger
This command shows the IP address from where people have accessed the server.
Saturday, February 27, 2010
Thursday, February 18, 2010
How to disable Direct Root access on Linux server.
In this article I will show you how to disable direct root access on your Linux server. I will also a good idea to secure your server form hacker as hacker first has to login to server using ordinary (non-root) user and then gain root access (su -) from there. So hacker has to undergo two security checks. Please find below steps to disable direct root access.
Step 1
You must create a user to access the server. Let suppose I want to create user 'zaeem'. Following commands are used.
[root@Localhost]# groupadd zaeem
[root@Localhost]# useradd zaeem –gzaeem
[root@Localhost]# passwd zaeem
Enter password that you want to set against user 'zaeem'. So now you are done with user creation. You must test connecting to server using this user before root access is disabled because many people disable root access and either they forget to define user or defined user is unable to connect. Use following command to test the connection.
ssh zaeem@192.168.0.121
if it is successful then use following process to disable direct root access.
Step 2
open the file /etc/ssh/sshd_config and find line '#Protocol 2,1' so modify it to look like as 'Protocol 2'.
After that locate 'PermitRootLogin yes' so un-comment it and change it to look like 'PermitRootLogin no'. Save the file and restart sshd (service sshd restart)
That's it. Cheers!
Step 1
You must create a user to access the server. Let suppose I want to create user 'zaeem'. Following commands are used.
[root@Localhost]# groupadd zaeem
[root@Localhost]# useradd zaeem –gzaeem
[root@Localhost]# passwd zaeem
Enter password that you want to set against user 'zaeem'. So now you are done with user creation. You must test connecting to server using this user before root access is disabled because many people disable root access and either they forget to define user or defined user is unable to connect. Use following command to test the connection.
ssh zaeem@192.168.0.121
if it is successful then use following process to disable direct root access.
Step 2
open the file /etc/ssh/sshd_config and find line '#Protocol 2,1' so modify it to look like as 'Protocol 2'.
After that locate 'PermitRootLogin yes' so un-comment it and change it to look like 'PermitRootLogin no'. Save the file and restart sshd (service sshd restart)
That's it. Cheers!
How to change SSH port.
Running a Linux server on default SSH port 22 is risky as there may be some brute force attack. So it is always good idea to change default SSH port. It is very simple to change ssh port as you just need to edit sshd_config and reload the new configuration and you're done with it. Please find below steps in achieving that.
Step 1:
Edit sshd_config normally placed at /etc/ssh/. Open it and there is variable "Port 22" so change it with new desired port as "Port 2222"
Step 2
You've with the configuration so you just need to reload sshd service so that changes can take effect. Use following command to achieve that.
root@localhost> service sshd reload
I hope you find this article helpful.
Step 1:
Edit sshd_config normally placed at /etc/ssh/. Open it and there is variable "Port 22" so change it with new desired port as "Port 2222"
Step 2
You've with the configuration so you just need to reload sshd service so that changes can take effect. Use following command to achieve that.
root@localhost> service sshd reload
I hope you find this article helpful.
Wednesday, February 3, 2010
How to perform database recovery with a corrupt control file in Oracle
How can I perform a database recovery with a corrupt control file in Oracle?
You'll have to manually create the control file. First, take a backup of your database's files so that you can always start over should something go wrong. Then, STARTUP NOMOUNT the database and issue the CREATE CONTROLFILE command.
You will have to know things like where your datafiles are. Once you have successfully issued the CREATE CONTROLFILE command, then you can do the following:
RECOVER DATABASE USING BACKUP CONTROLFILE UNTIL CANCEL;
Specify CANCEL when you have applied all of your redo logs for recovery. Then specify:
ALTER DATABASE OPEN RESETLOGS;
SHUTDOWN IMMEDIATE
Next, take a backup of your database. If you have succeeded, you do not want to go through this again.
You'll have to manually create the control file. First, take a backup of your database's files so that you can always start over should something go wrong. Then, STARTUP NOMOUNT the database and issue the CREATE CONTROLFILE command.
You will have to know things like where your datafiles are. Once you have successfully issued the CREATE CONTROLFILE command, then you can do the following:
RECOVER DATABASE USING BACKUP CONTROLFILE UNTIL CANCEL;
Specify CANCEL when you have applied all of your redo logs for recovery. Then specify:
ALTER DATABASE OPEN RESETLOGS;
SHUTDOWN IMMEDIATE
Next, take a backup of your database. If you have succeeded, you do not want to go through this again.
Shell script to monitor Hard disk space
It is very critical that you keep monitoring disk spaces so you can install additional hard disk or remove the un-necessary file from hard disk in order to free up some space.
Below given script will monitor hard disk space and when it detects that hard disk is used around 70 % then it generate an email alert at specified email address.
df -h | grep -v ‘Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/diskfile
for i in `cut -f 1 -d : /tmp/diskfile`
do
if [ $i -ge "70" ];
then
echo partition `grep $i /tmp/diskfile| cut -f 2 -d :` Critical disk space on `hostname` >> /tmp/disk-overusage
fi
done
if [ -f /tmp/disk-overusage ];
then
mail -s “URGENT `hostname` running out of disk space” test@test.com < /tmp/disk-overusage
fi
rm -f /tmp/disk-overusage /tmp/diskfile
Below given script will monitor hard disk space and when it detects that hard disk is used around 70 % then it generate an email alert at specified email address.
df -h | grep -v ‘Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/diskfile
for i in `cut -f 1 -d : /tmp/diskfile`
do
if [ $i -ge "70" ];
then
echo partition `grep $i /tmp/diskfile| cut -f 2 -d :` Critical disk space on `hostname` >> /tmp/disk-overusage
fi
done
if [ -f /tmp/disk-overusage ];
then
mail -s “URGENT `hostname` running out of disk space” test@test.com < /tmp/disk-overusage
fi
rm -f /tmp/disk-overusage /tmp/diskfile
How to change Time Zone of Linux server
In this article I will try to briefly explain about how you can change Time Zone of your Linux box. Please following below mentioned points and you are done with it.
1. Logged in as root, check which timezone your machine is currently using by executing `date`. You'll see something like Mon 17 Jan 2005 12:15:08 PM PST, PST in this case is the current timezone.
2. Go to the directory /usr/share/zoneinfo here you will find a list of time zone regions. Choose the most appropriate region, if you live in Canada or the US this directory is the "America" directory.
3. If you wish, backup the previous timezone configuration by copying it to a different location. Such as
mv /etc/localtime /etc/localtime-old
4. Create a symbolic link from the appropiate timezone to /etc/localtime. Example:
ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
5. If you have the utility rdate, update the current system time by executing
/usr/bin/rdate -s time.nist.gov
6. Set the ZONE entry in the file /etc/sysconfig/clock file (e.g."America/Los_Angeles")
7. Set the hardware clock by executing:
/sbin/hwclock --systohc
That's it. I hope you will find this article helpful.
1. Logged in as root, check which timezone your machine is currently using by executing `date`. You'll see something like Mon 17 Jan 2005 12:15:08 PM PST, PST in this case is the current timezone.
2. Go to the directory /usr/share/zoneinfo here you will find a list of time zone regions. Choose the most appropriate region, if you live in Canada or the US this directory is the "America" directory.
3. If you wish, backup the previous timezone configuration by copying it to a different location. Such as
mv /etc/localtime /etc/localtime-old
4. Create a symbolic link from the appropiate timezone to /etc/localtime. Example:
ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
5. If you have the utility rdate, update the current system time by executing
/usr/bin/rdate -s time.nist.gov
6. Set the ZONE entry in the file /etc/sysconfig/clock file (e.g."America/Los_Angeles")
7. Set the hardware clock by executing:
/sbin/hwclock --systohc
That's it. I hope you will find this article helpful.
How to disable or turn off Security Enhanced Linux (SElinux)
SELinux is a collection of extra security implementations/restrictions on top of the normal Linux security tools. It gives the systems administrator a deeper control than what the kernel typically provides.
Sometimes SElinux get in your way. Let me give you an example of that, I have webservices which used Apache and I'd installed it on my linux server. So when I start it, it starts correctly without any issue but it still inaccessible from outside world because I forgot to give apache user rights to open the ports. You can disable SElinux but you must be sure of what you are doing and what threats are then on the way if you disable it.
You can disable it in /etc/selinux/config file and modify it as follows
SELINUX=disabled
I hope this article helps you to understand about how to disable SElinux feature.
Sometimes SElinux get in your way. Let me give you an example of that, I have webservices which used Apache and I'd installed it on my linux server. So when I start it, it starts correctly without any issue but it still inaccessible from outside world because I forgot to give apache user rights to open the ports. You can disable SElinux but you must be sure of what you are doing and what threats are then on the way if you disable it.
You can disable it in /etc/selinux/config file and modify it as follows
SELINUX=disabled
I hope this article helps you to understand about how to disable SElinux feature.
Tuesday, February 2, 2010
How to install and configure VPN with PPTP (Poptop)
VPN (Vitual Private Network) is extensively used to access workplace with security. So Let me briefly go through installation and configuration settings.
Potop is a package by using which you can creates VPN. You can download package from web or you can install it by using yum commands on shell.
yum install pptp
Once the installation is completed, you can find Poptop's configuration files located in /etc directory. There are four configurations which we need to take care in order to work with pptp.
* /etc/ppp/chap-secrets
* /etc/pptp.conf
* /etc/modules.conf
* /etc/ppp/options.pptp
So Lets go through the each file and I will briefly explain about what each file contains.
/etc/pptp.conf
It contains the default configurations of the pptp, like the executable name etc. The default settings of this file work and no change is required except any exceptional scenario.
/etc/modules.conf
It contains the list of installed Poptop modules. You shold not modify this file.
/etc/ppp/chap-secrets
This is the main file that you need to modify. Basically you need to define username and password in this file which will be used to connect to VPN. I have created a test user 'sheraxi'.
——————-
# Secrets for authentication using CHAP
# client server secret IP addresses
sherazi * sherazi *
—————————–
Once changes are completed, run the pptp service by following command:
service pptp restart
Now you can connect to VPN using the user defined in chap-secret file on the main IP address of the server.
Potop is a package by using which you can creates VPN. You can download package from web or you can install it by using yum commands on shell.
yum install pptp
Once the installation is completed, you can find Poptop's configuration files located in /etc directory. There are four configurations which we need to take care in order to work with pptp.
* /etc/ppp/chap-secrets
* /etc/pptp.conf
* /etc/modules.conf
* /etc/ppp/options.pptp
So Lets go through the each file and I will briefly explain about what each file contains.
/etc/pptp.conf
It contains the default configurations of the pptp, like the executable name etc. The default settings of this file work and no change is required except any exceptional scenario.
/etc/modules.conf
It contains the list of installed Poptop modules. You shold not modify this file.
/etc/ppp/chap-secrets
This is the main file that you need to modify. Basically you need to define username and password in this file which will be used to connect to VPN. I have created a test user 'sheraxi'.
——————-
# Secrets for authentication using CHAP
# client server secret IP addresses
sherazi * sherazi *
—————————–
Once changes are completed, run the pptp service by following command:
service pptp restart
Now you can connect to VPN using the user defined in chap-secret file on the main IP address of the server.
Subscribe to:
Posts (Atom)