Linuxsecurity.com

Continue Reading >>>

Troubleshooting in Linux

I should not forget the basic of troubleshooting. Walang kwenta kung marunong kang gumamit ng mga open source operating system kung hindi mo naman alam mag troubleshoot.

sa rpm-based distro.

## rpm -qa | grep
kung may hinahanap kang package name na dapat nakainstall

## netstat -tunap
tignan ung net status mo. nakalagay ung mga nakaconnect sa mga port mo.


Generic troubleshooting tips

1) Use tail –f to watch log file in real time, advantage is simple you can spot error or warning message in real time.
tail –f /path/to/log/file
Example(s):
# tail –f /var/log/maillog

2) Use telnet command to see if you get response or not. Sometime you will also see some informative message:
telnet ip port

Example(s):
# telnet localhost 53
# telnet localhost 25

3) Make sure you can see PID of your service.
pidof service-name
cat /var/run/service.pid
Example(s):
# pidof sshd
# cat /var/run/sshd.pid

4) You need to make sure that your DNS server or third party DNS server (ISP) is accessible. This is an important step, as many network services depend upon DNS; especially sendmail/postfix or Squid etc for example. Run dig or nslookup. No timeout should occurred.

# dig your-domain.com
# nslookup gw.isp.com
# more /etc/resolv.conf

5) For networking troubleshooting, make sure your ip address configuration is right, gateway, routine, hostname etc all configured. Here is list of tools on RedHat Linux to verify or modify information:

Hostname verification or setup tools

hostname : To get hostname of server.
hostname –s : To get FQDN hostname of server
more /etc/sysconfig/network : To setup hostname and networking can enabled or disabled.
dnsdomainname : List or setup domainname.
more /etc/hosts :Make sure at least localhost entry do exist.
Ethernet configuration tools

ifconfig : To see running network card information.
ifconfig eth0 up|down : To enable|disable network interface
service network reload|restart|stop|start : To reload (after changed made in ip config file)|restart|stop|start network interface with all properties.
route|netstat –rn : To print routing table
ping ip-address : To see if host is alive or dead
more /etc/modules.conf : To see your network card configuration alias for eth0 exists or not.
lsmod : To list loaded modules (read as drivers), here you need to see that eth0 module is loaded or not, if not loaded then use insmod to insert (load) driver.
dhclient : Dynamic Host Configuration Protocol Client, run this if your Ethernet card is not getting ip from DHCP box on startup; this command does by default shows useful information.
To see if service blocked because of access control

iptables –n –L : To list all iptable rules; useful to see if firewall blocks service or not.
service iptables stop|start : To start|stop iptables
more /etc/xinetd.conf
OR

more /etc/xinetd.conf/SERVICENAME = To list configuration of xinetd server. Again useful to see if firewall xinetd based security blocks service or not (xinetd includes host-based and time-based access control)
more /etc/hosts.allow : To see list of hosts allowed to access service.
more /etc/hosts.deny : To see list of hosts NOT allowed to access service. NOTE first TCP wrappers (hosts.allow|hosts.deny) checked and then xinetd-based access control checked.
more /etc/path/to/application.conf : See your application configuration file for access control. For example smb.conf and many other applications/services got own access control list in application. You need to check that as well.
Read man pages of all above command for more details on syntax and usage.

Continue Reading >>>

C-A-C-T-I

Here are the dependencies of CACTI
-httpd
-net-snmp
-mysql-server
-msyql
-php
-rrdtool

yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP httpd net-snmp-utils net-snmp-libs perl-rrdtool rrdtool net-snmp

configure php
configure snmp
configure mysql
configure cacti

MAKE SURE services is running

Apply Patches..

Continue Reading >>>

Things I still need to learn

Server Configuration

DNS Server
DHCP Server
LDAP Server
File Server


Application Configuration

Apache
Mysql
MySql Cluster

Scripting

PHP and Perl

NETWORKING Basic-Intermdediate-Expert

Continue Reading >>>

One time conversation with myself..

Hey Shittymind,

It's been a while since you posted. Never heard much from you anymore. How is it going? As for me nothing much. Hey gratz for the gift, if you know what i mean. It's a blessing bro. Now you've got someone to have your motivation. Would it be like you? Or Would it be a princess? Anyways man, good luck. What are your plans for next week? the next month? I keep calling you but you never answered my calls. Hmmm, i think your preoccupied right now. Give me a ring when you need to talk alright?
How is your girl doin? Seems like you two are havin' a hard time eh? your both different man. you may have fights but it's what keeps you from knowing each other deeper. Don't give up bro. You know those challenges are just things that builds the foundation of your relationship so don't go wasting your time arguing who's wrong or who's right. you know what i mean? peace!

P.S.
What the fuck are you up to posting linux shit in your blog?

Cheers,
--WEL--



Hey Wel,

Nice to here from you! It's a relief you gave me buzz or somethin..yeah, We never got to talk and hang out lately, i'm sorry man. I feel like i'm so alone carrying an invisible 2 tons of weight, if you know what i mean. I don't know where to start. You know, my family is killing me. They are so hard on me man. I don't know their issues or something. They wouldn't let me face this kind of trouble. Although i already told them that i can handle it. They are just freakin' afraid i'm not gonna be the man they want to be. But hey!! its my LIFE.. it was done, all i can do is to face it. right? I don't know what's up with them. Would that be a hindrance to me for being successful? nah!! They are just flaring me up. Whew! It's hard to explain to them that i have my own life now and its time for me to experience the so called "life". Uhm, I know you're always there for me an will be there for me.

Who told you about that? yeah, i'm having my first child, and i am so excited. Well, i guess i am the only one excited about it. yeah, yeah. i know it's a blessing and it's true its going to be my main motivation for my life. Can't wait for that day, I always pray to God he/she is goin to be healthy. That's all i can ask for Him for now. Hmmmm.. since when you had the authority to ask me about my girl huh!? hehehe..My girl, she's staying with her sibling for the moment, as my family was "packed" in that small room of mine. Even I can't sleep well in that room. Whenever close my eyes i can hear their noise. Aww. stress for me. She's been moody lately, what do i know about harmones anyway. Well, for now. she's not missing me, if you know what i mean. I've been reading all of her facebook status and her blogs. If you read it man, there's something into it. It's like uhm she's tired of me or something like that. I don't know. I guess she's still into him you know. She wants to patch things up with him, i guess. Hmm.. It's like before huh, i ended up being ALONE. I shouldn't be sayin this to you, lol. But how would i know she was never open to me. How i wish she would. Thanks man for the buzz. till next time.

P.S.
Mind your own business asshole. It's for future references.

Peace,

Shittymind

Continue Reading >>>

A bunch o f How-to's

View Specs of you linux pc

If you want to view the hardware spec of your pc, you can use this command
--> lshw
By default, this command is installed on ubuntu linux but not installed on Centos. You can use you tools like yum to install it
--> yum install lshw

Mounting cdrom

If you are using a pc with linux that does not have automount feature, here are the steps that you can do to mount it on linux terminal.

* After inserting the cd, create a folder. Usually we create a folder inside folder /mnt. Type --> mkdir /mnt/cdrom.
* To mount it, type --> mount /dev/cdrom /mnt/cdrom. This step will mount the content of the cdrom to the folder /mnt/cdrom
* After you finish, just type --> umount /mnt/cdrom to unmount it from the folder.

You can also use this steps for other devices such as flash drive. To check where is the folder containing the device, type --> df.

how to check your kernel version

Sometimes you want to know the particulars about the kernel of your linux. This can be done using uname command.
To check kernel version:
->uname -v
To check kernel release:
->uname -r
To check kernel name:
->uname -s

Using crontab scheduler

Crontab is a tool for scheduling tasks for the computer to run. It will automate the jobs that needs to be done but will be difficult to be done by human because of time limitation. There are only 4 options for crontab which are -u, -e, -l and -r and the usage is described below:

* crontab -l - list all the crontab on standard output
* crontab -e - edit the current crontab using the editor specified by the VISUAL or EDITOR environment variables
* crontab -r - remove the current crontab
* crontab -u - specify the user
o example: $ crontab -u username -l - this command will list the crontab belongs to the username

Crontab is set by running the crontab -e command and add the necessary time and the command to be run on that particular time. Crontab scheduling format are as below:

* * * * * command to be run

1st * is for minutes (0-59)
2nd * is for hour (0-23)
3rd * is for day of month (1-31)
4th * is for month of year (1-12)
5th * is for day of the week (0-7) where 0=Sunday and 7=Sunday

Example:
To backup your pc using rsnapshot everyday at 7.30 a.m.;

1. $ crontab -e
2. 30 7 * * * /usr/local/bin/rsnapshot daily
3. save your crontab setting

SSH without password

Using the below steps, you can ssh to the server from client without the entering any password.
The machine which run the ssh command is the client
The machine that the client access using ssh is the server

1. Run the following command on the client
* -> ssh-keygen -t dsa
2. File id_dsa and id_dsa.pub will be created inside $HOME/.ssh
3. Copy id_dsa.pub to the server's .ssh directory
* -> scp $HOME/.ssh/id_dsa.pub user@server:/home/user/.ssh
4. Change to /root/.ssh and create file authorized_keys containing id_dsa content
* -> cd /home/user/.ssh
* -> cat id_dsa >> authorized_keys
5. Change "StrictModes yes" in /etc/ssh/sshd_config to "StrictModes no"
6. Restart ssh server
7. You can try ssh to the server from the client and no password will be needed
* -> ssh user@server

Another alternative to the above steps is to use ssh-copy-id command. The steps are:

1. Run the following command on the client
* -> ssh-keygen -t dsa
2. File id_dsa and id_dsa.pub will be created inside $HOME/.ssh
3. Copy the id_dsa.pub to the server's .ssh directory
* -> ssh-copy-id -i ~/.ssh/id_dsa.pub user@server
4. Change "StrictModes yes" in /etc/ssh/sshd_config to "StrictModes no"
5. Restart ssh server
6. You can try ssh to the server from the client and no password will be needed
* -> ssh user@server

Resetting mysql root password

Sometimes you have to access a mysql database and you somehow does not know the password or the user of the database. The last resort is you have to use the root password but the password is unknown. There is always the way to solve anything and the way to reset the root password is described below. Enjoy!

1. Open a terminal and stop mysqld daemon if it has been started: $ /etc/init.d/mysqld stop
2. Type this command: $ mysqld_safe --skip-grant-tables
3. Open a new terminal, and access mysql database using root:
$ mysql -u root mysql
4. Change root password to new password: mysql> update user set password=password('newpassword') where user='root';
5. flush mysql privileges: mysql> flush privileges;
6. Exit mysql: mysql> exit
7. Close the terminal with the mysqld_safe command
8. Restart mysql: $ /etc/init.d/mysqld start

Backup using tar and ssh

Doing backup is important. You do not want to store your backup at the same machine where the data is stored. It is to avoid data loss when the machine broke down. To do this job, you can use tar paired with ssh to archive your important data and transfer it through network to another machine. Below are the steps:

1. Make sure the backup machine is installed with ssh server and the service is running
# yum install openssh-server
# service sshd start

2. Go to the folder where you want to backup. Use tar to archive and send it though network to backup machine
# tar -cvjf - /path/to/backup | ssh user@backupmachine "cat > /home/backup.tar.bz2"

3. Finish. Congatulations, your backup file is now safely kept in the backup machine


Setting up samba with password protection

To easily share your files to linux and windows clients, samba is still the preferred choice. In this guide I will show how to setup a samba server on centos 5 machine, that can be accessed only by certain people protected by password.

1. Install samba on the server
* # yum install samba
2. Create the group that all the samba users will be contained in, for example 'samba'
* # groupadd samba
3. Create samba users and add it to the above group, which is in this example is 'samba'. Below is the example to create a user named 'user1' and add it to group 'samba'. Set the password for user1
* # useradd user1 -g samba
* # passwd user1
4. Create the directory to be shared. In this example, i will use /home/shared. Change the ownership to root and group ownership to the 'samba' group. Change permission so that only user and group can read write and execute
* # mkdir /home/shared
* # chown -R root.samba /home/shared
* # chmod -R 775 /home/shared
5. Below is a simple setting of samba
* [global] workgroup = samba
server string = Samba Server
security = user [shared_folder]
comment = Sharing place
path = /home/shared
public = no
writable = yes
printable = no
write list = @samba
create mask = 0755
force create mode = 0755
directory mask = 0775
force directory mode = 0775
* What the above setting does basically is to setup /home/shared as samba shared directory but can only be accessed by user from group samba
6. Add user/users to samba
* # smbpasswd -a user1
7. Start smb service, restart if it has already been started
* # /etc/init.d/smb start
8. 'user1' can now access the samba server using address 'smb://samba_server_ip_address/shared_folder' at any nautilus address bar. For windows client, you can see at your 'My Network Places' and find a workgroup named 'samba'

Ubuntu forgotten password

What to do when you forgot your password for your ubuntu machine?? Here are some simple steps on how to change the password using single user mode.

1. Reboot the machine
2. When grub is loading, press 'Esc'
3. Choose 'Ubuntu kernel...........(recovery mode)'
* Press 'e' to edit the kernel parameter
* Append 'single init=/bin/bash' to the kernel parameter
4. Press 'b' to boot from that particular kernel
5. You will enter single user mode
6. Your hard drive will be in read-only mode. Remount it in read-write mode
* # mount -o remount,rw /dev/sda1
7. Change your passwd
* # passwd user
8. Reboot your machine
9. Access your machine using your new password

Congratulations, you just changed you user password using single user mode

CentOS/Fedora forgotten password

What to do if you forgot the password for your CentOS/Fedora/Redhat machine?? Here are some simple steps to change back the password by entering into single user mode of your machine provided you do not forgotten your grub password if you have set it ;)

1. Reboot your machine
2. Press 'Esc' key once grub starts loading
3. Select your kernel press 'e' on one of the kernel to edit the kernel parameter
4. Press 'e' on the line that starts with 'kernel /vmlinuz...'
5. Append ''single" or "1" at the end of the line
6. Press 'Enter'
7. Press 'b' to boot from the appended kernel
8. You are now in the single user mode of your linux machine once you get to the shell. You can now change the password of your account using command passwd
9. Reboot back your machine normally
10. You can now log in to your machine using your new password

Suse forgotten root password

In suse, if you forgot your root password, you can go to the single mode as usual. Steps are explained below:

1. Reboot the machine
2. When Startup Options(blue background in SLES) appear, choose Failsafe mode
3. In the Boot Options, append init=/bin/sh at the end of the line
4. Press Enter to boot
5. You will be presented with a shell. Change your password using command passwd root
6. Reboot the machine. root is now can be accessed using your new password

Restore GRUB

GRUB is a boot loader commonly used with linux operating system. It can be used to managed dual boot environment where linux and windows can coexist easily in a same machine without problem provided you install the windows OS first so that when you install linux, GRUB will overwrite Windows boot loader and automatically detect and manage both operating system the next time you boot your computer. Problems will happen if you alter your partitions outside the knowledge of GRUB, for example, you create new partition in your hard drive using windows. This will cause GRUB to automatically go into GRUB shell when boot. To restore back your GRUB is very simple, just follow easy steps below:

1. find in which partition does GRUB store its configuration file, which is your /boot partition. (hd0,2) means third partition of the first hard drive
grub> find /boot/grub/stage1
(hd0,2)

2. set the root for GRUB to be (hd0,2)
grub> root (hd0,2)

3. write GRUB to the Master boot record(MBR) of your hard drive. Change (hd0) to (hd0,2) to write GRUB to your /boot partition instead
grub> setup (hd0)

4. Reboot machine
grub> reboot

All those steps can also be used using livecd, if let say the grub shell did not come out but you cannot boot your machine or you cannot boot your linux due to messed up GRUB. just boot from livecd, open a terminal, and type "grub" as a superuser to go to GRUB shell

Logging your terminal activity

When typing on the terminal, sometimes we need to record what commands we have typed for later reference. Sure, we can simply copy the .bash_history file, but that file only shows what you have typed and not the result of the commands that you have typed. To do these kind of jobs, there are two applications that you can use:


1. script

To use script, simply run script before you start using your terminal

# script -f logfile.log

where -f is to flush output after each write, and logfile.log is the file to write whatever script has recorded.

After finish using script, simply type exit or logout to quit script


2. rootsh

Please install rootsh first if it is not installed. To use rootsh, run rootsh before start using your terminal similar to script

# rootsh -f logfile.log --no-syslog

where -f is to show which file will be used to record the session, in this case logfile.log and --no-syslog is to tell rootsh not to log to /var/log/messages. To quit from rootsh, type exit or logout. All the commands and output will be written to logfile.log.closed to show that rootsh has closed the session.

To view the output file of rootsh and script, more command can be used.

Continue Reading >>>

Send message to a user

To send message to a particular user, you have to know what is the user tty. You can do this by typing:

# w

This command is used to show who is logged on and what they are doing. The output of the above command is usually like below(Click to see the image clearly):



To send message to a specific user:

$ write username tty

Example, to send message to user user1:

$ write user1 pts/3

Write you messages, and then press Ctrl-d to exit 'write'

To send message to all connected user, use wall command:

$ wall

Type your message and Ctrl-d to exit 'wall'

Continue Reading >>>

Send email in linux terminal

To be able to do as the above mentioned, a tool named mutt is needed. Mutt is a mail user agent (MUA) and a very excellent one in my opinion. To install mutt:

* # yum install mutt

To send email, you can use this commands (Choose whichever you like):

* # echo "your messages" | mail -s "your subject" johndoe@yahoo.com
o where -s is for subject and johndoe@yahoo.com is your recipient name
* # echo "your messages" | mutt -s "your subject" johndoe@yahoo.com
o where -s is for subject and johndoe@yahoo.com is your recipient name

To send email with attachment

* # echo "your messages" | mutt -s "your subject" -a /path/to/attachment johndoe@yahoo.com
o where -s is for subject, johndoe@yahoo.com is the recipient name and /path/to/atachment is the path to attachment file

Continue Reading >>>