linux – Page 4 – Bogdan Ulea

connection using ssh

# ssh localhost – connect to localhost
accept keyFingerprint. This is because the key cannot be verified.
# exit – exit from ssh connection
# ssh -p 2022 user@server.com
Key fingerprint is stored into:
# ~/.ssh/known_hosts
If the key fingerprint is wrong, there will be: Add correct host key in …… this is happening because the server has been installed on same IP address and key fingerprint from computer don’t match the key fingerprint from server. In order to restore the error, delete the key fingerprint from client. Identify the line from
# ~/.ssh/known_hosts
and delete it using dd from vim.
On server check the settings from:
# vim /etc/ssh/sshd_config

Create public/private key pair.
# ssh-keygen
The private key /home/user/.ssh/id_rsa will be created. Enter the passphrase in order to use this key.
The public key is created:
/home/user/.ssh/id_rsa.pub.
Copy public key to server:
# ssh-copy-id localhost
Use the password for remote user.
In order to copy to a remote host:
# ssh-copy-id -p 9822 user@domain.com
The option -i is useful when the file.pub is not located and have to manually insert the path to that file.
Test it:
# ssh -p 9822 user@domain.com
scp is for secure copy. Is used for copy files:
# scp -P 9822 /local/filename nameOfServer:/path/to/file
Is using “P” for port and not “p” because “p” is used for preserve the files attributes

test it:
1. Open a console and login as root.
ctrl+alt+F2 and login as root.
ctrl+alt+F1 – return to console.
2. from console login to localhost.
# ssh localhost
3. exit to close the session
# exit
4. create a ssh key pair.
# ssh-keygen > file for private > password (could be none)
5. use the key pair in order to login.
# ssh-copy-id localhost

working with cut, translate, sed, awk

# cut -f 1 filename – filter a file.
Cut is using a separator for fields.
# cut -f 1 -d : /etc/passwd

# tr – translate is replace characters. It works with pipe | in order to work with the output from other command.
# echo hello | tr a-z A-Z
This command is show all uppercase.
This is working ok if there are not different letters.
# echo hello | tr [:lower:] [:upper:]
# man tr
and awk was for file processing. Now there are not used anymore.
# sed 2q /etc/passwd
show the first 2 lines from file
# sed -n /^root/p /etc/passwd
Sed is not using anymore because there are other commands which are nice: grep.
# cp /etc/passwd ~
Replace an user with something else:
# sed -i ‘s/linda/julia/g’ passwd
awk is doing many things which can be done with other tools. Cutting information:
# ps aux | grep apache
# ps aux | grep apache | cut -f 2
or
# ps aux | grep apache | awk ‘{ print $2 }’

1. Use head and tail to display the 5th line of file /etc/passwd
# head -n 5 /etc/passwd | tail -n 1
2. use sed to do the same.
# sed -n ‘5p’ /etc/passwd
3. use awk to filter the first column out of the results of command ps aux
# ps aux | awk ‘{ print $1 }’
4. use grep to show the names of all files in /etc that have lines starting with the text ‘root’
# cd /etc
# grep ^root * 2> /dev/null

work with tar

tar is tape archive
c- create
v – verbose
f – name of file
# tar cvf /home/user.tar /directoryToBeCreated
# file fileName (show shich kind of file is)
z is for compression to tgz
# tar czf /home/user.tar /directoryToBeCreated
Before check what is in side:
# tar tvf filename
The directory names are relative.
Extract:
# tar xvf
Ordering is important !!!!
-C switch to specific directory:
# tar xvf archiveName.tar -C /tmp
I’m backup the configuration files and after that If I’m removing a configuration file, I can restore it like this:
# tar xvf /root/etc.tar -C / etc/wgetrc
(I’m using etc/wgetrc in order to extract only a file from archive).

links

# ls -il /etc/hosts
-l long listing and -i is inode
# ln sourceFile destinationFile
# ln /etc/hosts computers
symbolic:
# ls -s sourceFile destinationFile
# ls -s /etc/hosts computers
On soft links the permissions are differents and in pointing to another inode.
Normal user cannot create hard links for /etc/shadow.
Can link to files where you have at least READ permissions.

Install Oracle Virtualbox Additions on Centos 7 Guest VM

Update and install dependencies
yum -y update kernel*
reboot -r now
yum install -y gcc kernel-devel kernel-headers dkms make bzip2 perl
export KERN_DIR=/usr/src/kernels/`uname -r`

or Install dependencies
# sudo yum groupinstall “Development Tools”
# sudo yum install kernel-devel

Mount the Virtualbox Additions CD ISO

# su –
# mkdir /media/cdrom/
# mount /dev/cdrom /media/cdrom/
# cd /media/cdrom/
# ./VBoxLinuxAdditions.run

# yum install VirtualBox-4.1

https://wiki.centos.org/HowTos/Virtualization/VirtualBox
https://www.gaggl.com/2014/07/install-virtualbox-additions-on-centos-7-guest-vm/

CentOS 7 VirtualBox Guest Additions Installation

SSH without password using Putty

Those to links are useful:
http://www.howtoforge.com/how-to-configure-ssh-keys-authentication-with-putty-and-linux-server-in-5-quick-steps
http://www.tonido.com/blog/index.php/2009/02/20/ssh-without-password-using-putty/#.VcMLSvmqpn8

Force User to Change Password at First Login

Create user “user”:
# useradd user

Create password for the user
# passwd user
Set the password to expiry:
#chage -d 0 user

Setting it default for all new Users:
#vi /etc/default/useradd
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=0 #(need to add zero “0”)
SHELL=/bin/bash
SKEL=/etc/skel
GROUPS=video
CREATE_MAIL_SPOOL=no
UMASK=022
This file contains the details, what all settings will be applied to the new users created into the system with useradd command.
Just set the value of EXPIRE=0 in this file, and every time when a new user will be created, will be forced to change the password at first login.

password duration:
for new accounts default settings are in /etc/login.defs
settings for current accounts are in /etc/shadow but we edit by command chage
chage -l [user] #check settings for user
chage -E “YYYY-MM-DD” [user] #set date when account expire, -1 means never
chage -M [nr] [user] #set maximum number of days between password change from last password change, -1 means never expire
chage -d “YYYY-MM-DD” [user] #set last password change
chage -W [nr] [user] #number of days of warning before password expires
chage -i [nr] [user] #set password inactive, when account is blocked after password expire

Thanks to:
http://studyhat.blogspot.be/2011/12/force-user-to-change-password-at-first.html

another way:
# yum install chage
List the password and its related details for an user
# chage –-list username
(or)
# chage -l username
!!!Is not working for same user.

Set Password Expiry Date for an user using chage option -M
# chage -M number-of-days userName
# chage –list userName
Set the Account Expiry Date for an User:
# chage -E “2015-11-29” userName
# chage -l userName

Force the user account to be locked after X number of inactivity days:
# chage -I 10 userName
# chage -l userName

Disable password aging for an user account:
# chage -m 0 -M 99999 -I -1 -E -1 userName
# chage –list userName

Thanks to:
http://www.thegeekstuff.com/2009/04/chage-linux-password-expiration-and-aging/
http://www.cyberciti.biz/faq/rhel-debian-force-users-to-change-passwords/

Deny hosts

Simply removing th IP from /etc/hosts.deny does not work since DenyHosts keeps track of the attempts in the /usr/share/denyhosts/data directory.
Procedure:
Stop DenyHosts
# /etc/init.d/denyhosts stop
Remove Your IP From /etc/hosts.deny
# vi /etc/hosts.deny
Delete IP address. Save and close the file.
Remove the IP from /usr/share/denyhosts/data Directory
# cd /usr/share/denyhosts/data
You need to edit the following files using vi and remove the lines containing the IP address. Save the file.

hosts hosts-restricted hosts-root hosts-valid users-hosts
If the IP is static, add it to allowed-hosts file.
Any IP address that appears in this file will not be blocked by default (consider this as a whilelist):
# echo ‘x.x.x.x’ >> allowed-hosts
or put the IP directly here: ./var/lib/denyhosts/allowed-hosts
Start DenyHosts
# /etc/init.d/denyhosts start

httpd access control

Insert into section of an Apache configuration file or into .htaccess file or in a virtual host configuration section:

# AuthType Basic
# AuthUserFile /srv/auth/.htpasswd
# AuthName “Sign In Here To Gain Access To the Site”
# Require valid-user

Generating HTTP AUTH Passwords:
# yum install apache2-utils
# htpasswd -mcb /srv/auth/.htpasswd username password
c – create file, m – crypt with md5, b – insert the password in same line, -n – add new user

Access Control Lists with Groups
Insert into section of an Apache configuration file or into .htaccess file or in a virtual host configuration section:
# AuthType Basic
# AuthUserFile /srv/auth/.htpasswd
# AuthGroupFile /srv/auth/.htpgroup
# Require group Authorized

https://www.linode.com/docs/websites/authbased-access-control-with-apache

Install and Configure phpMyAdmin

yum -y install phpmyadmin
Install MySQL server on a CentOS/RHEL
You need download and install MySQL server on CentOS/RHEL using the following yum command:
# yum install mysql-server mysql

Turn on and start the mysql service, type:
# chkconfig mysqld on
# service mysqld start

Set root password and secure mysql installation by running the following command:
# mysql_secure_installation
Step #3: Configure phpMyAdmin

You need to edit /etc/httpd/conf.d/phpMyAdmin.conf file, enter:
# vi /etc/httpd/conf.d/phpMyAdmin.conf

It allows only localhost by default.
For HTTPD SSL enable (mod_ssl) and allow LAN / WAN users or DBA user to manage the database over www.

Require ip 127.0.0.1
Replace with your workstation IP address:
Require ip x.x.x.x
Again find the following line:
Allow from 127.0.0.1
Replace as follows:
Allow from x.x.x.x
Save and close the file. Restart Apache / httpd server:
# service httpd restart

type the following url in browser:
https://your-server-ip/phpMyAdmin/
OR
http://your-server-ip/phpMyAdmin/
# vi /etc/phpMyAdmin/config.inc.php

………

http://www.cyberciti.biz/faq/centos-fedora-redhat-linux-installing-phpmyadmin-webtool/

HTTPD SSL as described here (mod_ssl):
http://www.cyberciti.biz/faq/rhel-apache-httpd-mod-ssl-tutorial/