Sunday, May 4, 2014

CentOS Linux 5/6: Change OpenSSH Port Number Gorvam saddar

Iam a new CentOS Linux user. How do I change default sshd tcp port # 22 to 2022 on CentOS Linux version 5/6?

You can set or specifies the port number that sshd server listens on. The default is TCP port # 22.
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
Estimated completion time5m

Syntax: Change SSH port on a CentOS Linux

You can use any one of the following option in/etc/ssh/sshd_config file:
Read more »
Posted by at No comments:
Labels:

CentOS / RHEL: Yum Lock Package Version At a Particular Version gorvam saddar


Iam a new CentOS / RHEL 6.x server user and DevOP. I need to lock a package called nginx on a server being updated via yum command. How do I lock package version at a particular version on CentOS / Red Hat Enterprise Linux (RHEL) 6.x or Fedora Linux?

You have two options as follows:
Tutorial details
DifficultyIntermediate (rss)
Root privilegesYes
RequirementsNone
Estimated completion time10m
  1. Pass the --exclude directive to the yum command to define list of packages to exclude from updates or installs.
  2. yum versionlock command - Version lock rpm packages command.

Method # 1: yum versionlock command

You need to install yum-plugin-versionlock plugin. It takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions.

Install yum-plugin-versionlock on a CentOS/RHEL server

To install yum-plugin-versionlock package, enter:
# yum -y install yum-versionlock
OR
# yum -y install yum-plugin-versionlock
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package                  Arch     Version         Repository              Size
================================================================================
Installing:
 yum-plugin-versionlock   noarch   1.1.30-14.el6   rhel-x86_64-server-6    27 k
 
Transaction Summary
================================================================================
Install       1 Package(s)
 
Total download size: 27 k
Installed size: 0
Downloading Packages:
yum-plugin-versionlock-1.1.30-14.el6.noarch.rpm          |  27 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1
  Verifying  : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1
 
Installed:
  yum-plugin-versionlock.noarch 0:1.1.30-14.el6
 
Complete!
 

Syntax

The basic syntax is as follows:
 
yum versionlock package-name-here
yum versionlock package1 package2
yum versionlock add package-wildcard
yum versionlock add package1\*
yum versionlock [command] package1\*
 

To lock the nginx packages at current versions, type:

# yum versionlock nginx
OR
# yum versionlock add nginx

To list all current versionlock entries, run:

# yum versionlock list

To remove/delete versionlock entry for nginx package, enter:

# yum versionlock delete nginx

To remove all versionlock entries:

# yum versionlock clear
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
versionlock cleared

Add a exclude (within versionlock) for the latest versions of the packages in the available repos

# yum versionlock exclude pakage1 package2
# yum versionlock exclude pakage-wildcard-here

Demo: Locking ethtool package using yum lock version commands

First, check ethtool package has updates on the server:
# yum check-update
# yum check-update ethtool
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
ethtool.x86_64               2:3.5-1.2.el6_5                rhel-x86_64-server-6
Lock down ethtool, enter:
# yum versionlock add ethtool
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Adding versionlock on: 2:ethtool-3.5-1.el6
versionlock added: 1
List entries in versionlock, enter:
# yum versionlock list
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
2:ethtool-3.5-1.el6.*
versionlock list done
Try to update ethtool package, enter:
# yum update ethtool
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
No Packages marked for Update
Delete ethtool versionlock so that yum can apply an update:
# yum versionlock delete '2:ethtool-3.5-1.el6.*'
Sample outputs:
Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Deleting versionlock for: 2:ethtool-3.5-1.el6.*
versionlock deleted: 1

Tip: List/view history of package?

Use the following command:
# yum --showduplicates list packageNameHere
# yum --showduplicates list ethtool
The yum command has history option. It allows an admin to access detailed information on the history of yum transactions that have been run on a system. You can see what has happened in past transactions. You can use various command line options to view what happened, undo/redo/rollback to act on that information and start a new history file.

Method # 2: yum --exclude command to lock package version from yum update

Edit /etc/yum.conf
# vi /etc/yum.conf
Append the following line under [main] section to lock php and nginx, enter:
exclude=php* nginx*
Save and close the file. See how to exclude packages when I use "yum update" commandtutorial for more information.
Posted by at No comments:
Labels:

Linux / Unix: Check Last Time User Logged In On gorvam saddar

Iam a new Unix system admin. How do I find ouw who has recently use the Linux or Unix-like server? Which terminals they used, and when they logged in and out of the my server?

You need to use last command. This command displays last logins of users and ttys.

Listing the Last times a user logged in on server

The syntax is as follows:
Tutorial details
DifficultyEasy (rss)
Root privilegesNo
RequirementsNone
Estimated completion time1m
last
OR
last [UserNameHere]
OR
last [option] [UserNameHere]

Example: Display Linux user last login

To display when a user named 'vivek' last logged in to the system, type:
$ last vivek
$ last vivek | less
Sample outputs:
Fig.01: last command in action on my Debian base nas server
Fig.01: last command in action on my Debian base nas server

The output in this example tell us when user vivek last logged in. The output will go back for several months or more as last command searches back through the file /var/log/wtmp and displays a list of all users logged in (and out) since that file was created.

Display a list of recent system use for all users

Simply type the last command:
$ last
OR
$ last | less
Sample outputs taken from my RHEL based server:
oot     pts/0        10.1.6.120       Mon Jan 27 06:26   still logged in
root     pts/0        10.1.6.120       Mon Jan 27 03:37 - 06:26  (02:48)
root     pts/0        10.1.6.120       Sun Jan 26 02:47 - 09:28  (06:40)
root     pts/4        10.1.6.120       Sat Jan 25 11:02 - 11:02  (00:00)
root     pts/0        10.1.6.120       Sat Jan 25 10:15 - 13:12  (02:56)
root     pts/4        10.1.6.120       Sat Jan 25 06:01 - 06:32  (00:31)
root     pts/0        10.1.6.120       Sat Jan 25 03:08 - 09:04  (05:55)
root     pts/4        10.1.6.120       Sat Jan 25 01:06 - 03:18  (02:11)
root     pts/0        10.1.6.120       Fri Jan 24 23:59 - 02:11  (02:12)
root     pts/0        10.1.6.120       Fri Jan 24 05:30 - 08:39  (03:08)
root     pts/0        10.1.6.120       Thu Jan 23 04:22 - 05:41  (01:19)
....
...
...
root     pts/1        10.1.6.120       Sun Jan  5 11:09 - 14:29  (03:20)
root     pts/0        10.1.6.120       Sun Jan  5 10:05 - 12:19  (02:14)
reboot   system boot  2.6.32-431.3.1.e Sun Jan  5 10:02 - 06:52 (21+20:50)
root     pts/0        10.1.6.120       Sun Jan  5 09:58 - down   (00:00)
root     pts/0        10.1.6.120       Sun Jan  5 03:33 - 05:45  (02:12)
root     pts/1        10.1.6.120       Sat Jan  4 15:06 - 17:28  (02:21)
root     pts/0        10.1.6.120       Sat Jan  4 13:46 - 15:58  (02:11)
root     pts/0        10.1.6.120       Sat Jan  4 05:05 - 07:16  (02:11)
root     pts/1        10.1.6.120       Fri Jan  3 14:29 - 15:44  (01:15)
root     pts/0        10.1.6.120       Fri Jan  3 13:20 - 15:32  (02:11)
root     pts/0        10.1.6.120       Thu Jan  2 05:19 - 05:32  (00:13)
root     pts/0        10.1.6.120       Tue Dec 31 13:57 - 16:06  (02:09)
 
wtmp begins Tue Dec 31 13:57:23 2013
 
SEE ALSO
Posted by at No comments:
Labels:

Unix / Linux: Check New Files In File System /var/www/uploads/

Recently, I switched from MS-Windows based web-server to CentOS Linux based Apache web-server. All user uploaded files are stored in /var/www/uploads/ directory. Is there command that can give me a list of files that have been added to the filesystem at /var/www/uploads/ in last 7 days on Linux/Unix-like oses?

You need to use the following commands:
Tutorial details
DifficultyIntermediate (rss)
Root privilegesNo
RequirementsNone
Estimated completion time5m
  1. date command - Get the system date.
  2. touch command - Create a file and set file timestamps using date command.
  3. find command - Search for files in file system as per given condition.
Read more »
Posted by at No comments:
Labels:

HowTo: Linux Check Password Strength With Cracklib-check Command


Using the same password on different servers allows attackers to access your accounts if cracker manage to steal your password from a less secure server. This is true for online website accounts too. So solution is to create unique passwords for server accounts like your email, sftp and ssh accounts. General guideline to create a strong and unique password is as follows:
  1. Create a password with mix of numbers, special symbols, and alphabets.
  2. Make sure your password is hard to guess. You can use tool such as makepasswd to create hard to guess password.
  3. Do not use simple words like "password", "123456", "123abc" or "qwerty".
  4. Use a unique password for all your server accounts.
  5. A minimum password length of 12 to 14 characters should be used. See how to configure CentOS / RHEL / Fedora Linux based server password quality requirements.
  6. Generating passwords randomly where feasible. You can do this with a simple shell scriptfunction.
  7. If possible use two-factor authentication.
  8. Use pam_crack to ensure strong passwords and to check passwords against a dictionary attack.....
Read more »
Posted by at No comments:
Labels:

HowTo: Linux Hard Disk Encryption With LUKS [ cryptsetup Command Gorvam Saddar


I carry my Linux powered laptop just about everywhere. How do I protect my private data stored on partition or removable storage media against bare-metal attacks where anyone can get their hands on my laptop or usb pen drive while traveling?
Sincerely,
Worried about my data.

Dear Worried Linux user,
That's actually a great question. Many enterprises, small business, and government users need to encrypt their laptop to protect confidential information such as customer details, files, contact information and much more. Linux supports the following cryptographic techniques to protect a hard disk, directory, and partition. All data that is written on any one of the following techniques will automatically encrypted, and decrypted on the fly.

Linux encryption methods......read more...

Read more »
Posted by at No comments:
Labels:

Top 30 Nmap Command Examples For Sys/Network Admins Gorvam saddar


Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users.
The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

More about nmap......

Read more »
Posted by at No comments:
Labels:

10 Linux/Unix Bash and KSH Shell Job Control Examples Gorvam saddar


Linux and Unix are multitasking operating systems i.e. a system that can run multiple tasks (process) during the same period of time. In this new blog series, I am going to list the Linux and Unix job control commands that you can use for multitasking with the Bash or Korn or POSIX shell.

What is a job control?

Job control is nothing but the ability to stop/suspend the execution of processes (commands) and continue/resume their execution as per your requirements. This is done using your operating system and shell such as bash/ksh or POSIX shell.

Who provides a facility to control jobs?

The Bash / Korn shell, or POSIX shell provides a facility to control jobs.
Read more »
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)