Linux
pfSense Router
Other Projects
Other Subjects
Administration
Linux
pfSense Router
Other Projects
Other Subjects
Administration
Modify file /etc/selinux/config
:
SELINUX=disabled
Add repository EPEL that is provided from Fedora project.
# rpm --import http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6 # rpm -i http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
or
# wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6 # rpm --import RPM-GPG-KEY-EPEL-6 # rm -f RPM-GPG-KEY-EPEL-6
Create new entry in /etc/yum.repos.d/epel.repo
# create new [epel] name=EPEL RPM Repository for Red Hat Enterprise Linux baseurl=http://ftp.riken.jp/Linux/fedora/epel/6/$basearch/ gpgcheck=1 enabled=0
Install ssmtp with:
# yum install ssmtp
Configure:
# vi /etc/ssmtp/ssmtp.conf
root=[e-mail address of the person who gets all mail for userids < 500] mailhub=a.b.c.d Hostname=hostname.domainname AuthUser=linux AuthPass=[password]
Now modify file /etc/mail.rc
by adding at the bottom of the file:
alias root root<admin@remotemail.org>
And modify file /etc/aliases
by changing line:
# Person who should get root's mail # root: marc
into:
# Person who should get root's mail root: <email.address@domain> # email of the person who should receive root's mail.
Install proftpd
form EPEL repository:
# yum --enablerepo=epel -y install proftpd
Set proftpd
as autostart daemon:
# chkconfig proftpd on
Configure proftpd by modifying /etc/proftpd.conf
ServerName "a.b.c.d" ServerIdent on //"hostname"//
<Limit LOGIN> AllowUser [allowed username] DenyALL </Limit>
<Anonymous /var/www/html> User [allowed username] Group apache AnonRequirePassword on MaxClients 5 "The server is full, hosting %m users" DisplayLogin welcome.msg <Limit LOGIN> Allow from all Deny from all </Limit> AllowOverwrite on <Limit LIST NLST STOR STOU APPE RETR RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM PWD XPWD SIZE STAT CWD XCWD CDUP XCUP > AllowAll </Limit> <Limit NOTHING > DenyAll </Limit> </Anonymous>
Install MySQL
# yum install mysql-server mysql php-mysql
Set the MySQL service to start on boot
# chkconfig --levels 235 mysqld on
Start the MySQL service
# service mysqld start
Log into MySQL
# mysql -u root
Set the root user password for all local domains
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new-password'); SET PASSWORD FOR 'root'@'localhost.localdomain' = PASSWORD('new-password'); SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('new-password'); SET PASSWORD FOR 'root'@'hostname' = PASSWORD('new-password'); SET PASSWORD FOR 'root'@'hostname.domainname' = PASSWORD('new-password');
Drop the Any user
DROP USER ''@'localhost'; DROP USER ''@'localhost.localdomain';
Exit MySQL
exit;
Create script /usr/local/sbin/mysqlbackup.sh
:
#!/bin/sh datum=`/bin/date +%Y%m%d-%H%M` /usr/bin/mysqldump --user=root --password=[passwd] dms > /var/www/html/backup/dms-${datum}.sql /usr/bin/mysqldump --user=root --password=[passwd] glpi > /var/www/html/backup/glpi-${datum}.sql /usr/bin/mysqldump --user=root --password=[passwd] mysql > /var/www/html/backup/mysql-${datum}.sql /usr/bin/mysqldump --user=root --password=[passwd] test > /var/www/html/backup/test-${datum}.sql /usr/bin/mysqldump --user=root --password=[passwd] --lock-all-tables information_schema > /var/www/html/backup/information_schema-${datum}.sql for file in "$( /usr/bin/find /var/www/html/backup/ -type f -mtime +5 )" do /bin/rm -f $file done exit 0
Setup crontab for root:
# crontab -e
and setup schedule to run the script every Monday to Friday at 23:00:
0 23 * * 1-5 /usr/local/sbin/mysqlbackup.sh > /dev/null
Each time you change
/etc/exports
, you must inform the NFS daemon of the change, or reload the configuration file with the following command:
# /sbin/service nfs reload
# yum install nfs-utils portmap
# /etc/init.d/rpcbind start # /etc/init.d/nfs start # chkconfig nfs on
#!/usr/bin/python # import modules used here -- sys is a very standard one import sys # Gather our code in a main() function def main(): print 'Hello there', sys.argv[1] # Command line args are in sys.argv[1], sys.argv[2] .. # sys.argv[0] is the script name itself and can be ignored # Standard boilerplate to call the main() function to begin # the program. if __name__ == '__main__': main()
Cron's tasks are defined in /etc/crontab
file.
* * * * * command to be executed - - - - - | | | | | | | | | +----- day of week (0 - 6) (Sunday=0) | | | +--------- month (1 - 12) | | +------------- day of month (1 - 31) | +----------------- hour (0 - 23) +--------------------- min (0 - 59)
Add a new user called tony with no shell access:
# useradd -s /sbin/nologin tony
Debain / Ubuntu Linux user modify above command as follows:
# useradd -s /usr/sbin/nologin tony
Block shell access for user vivek (vivek user account must exits):
# usermod -s /sbin/nologin vivek
Debain Linux user modify above command as follows:
# usermod -s /usr/sbin/nologin vivek
Check:
Default run level is defined in /etc/inittab
file.
telnet <servername> 25
Trying 10.32.5.111…
Connected to <server>
Escape character is '^]'.
220 <server> ESMTP Exim 4.76 Fri, 14 Sep 2012 14:44:16 +0930
helo <some text>
250 <server> Hello ……..
mail from: <email_address>
250 OK
rcpt to: <email_address>
250 Accepted
data
354 Enter message, ending with “.” on a line by itself
<some text>
.
250 OK id=1TCOFB-0000Pl-AP
In order to resize physical partition without formatting it:
# umount /path/to/mounted/partition
# fdisk /dev/disk
Command (m for help): p
Command (m for help): d
Command (m for help): n
Command action: p
Partition number (1-4): 1
Command (m for help): w
# fdisk -l /dev/disk
# e2fsck -f /dev/partition
# resize2fs /dev/partition
# mount /path/to/mounted/partition
# df -h
Allow access:
/etc/hosts.allow ALL : localhost sshd: 192.168.0.22 proftpd: 192.168.0.22
Deny access:
/etc/hosts.deny sshd: 192.168.0.1 vsftpd: .example.com
The most secure approach will be:
first block everything from everyone:
/etc/hosts.deny ALL : ALL
then allow only for who it should be accessible:
/etc/hosts.allow ALL : localhost sshd: 192.168.0.22 proftpd: 192.168.0.22
ALL : .example.com
ALL : 192.168.
ALL : 192.168.0.0/255.255.254.0
ALL : [3ffe:505:2:1::]/64
ALL : *.example.com
in.telnetd : /etc/telnet.hosts
/etc/httpd/conf/httpd.conf
<IfModule prefork.c> StartServers 15 MinSpareServers 15 MaxSpareServers 75 ServerLimit 2048 MaxClients 2048 MaxRequestsPerChild 10000 </IfModule>
/var/www/html/backup/mysql-${datum}.sql
/usr/bin/mysqldump --user=root --password=[passwd] test
# mkfs.ext4 /dev/sdc1
or disable at creation time:
# mkfs.ext4 -O ^has_journal /dev/sdc1
# tune2fs -o journal_data_writeback /dev/sdc1
# tune2fs -O ^has_journal /dev/sdc1
# e2fsck -f /dev/sdc1
# dumpe2fs /dev/sdc1 |more
/dev/sdc1 /opt ext4 defaults,data=writeback,noatime,nodiratime 0 0
server 1: # rpm -qa > file1 server 2: # rpm -qa > file2
for p in $(cat file1) ; do grep $p file2 >/dev/null || echo $p ; done