Monday, 27 August 2012

rsync and Scp command in Linux

How to use Scp command in Linux Operating System.

With the scp (secure copy) command you can easily copy from and to a remote computer or between remote computers.

root@manish.bhadnari#] scp <Source> <destibation>



How to use rsynce command in Linux Operating System.

rsync is a program that behaves in much the same way that scp does, but has many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file already exists.

The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using an efficient checksum-search algorithm described in the technical report that accompanies this package.



@ How to Install rsync command in Linux.

#yum install rsync


@Comman rsync command options

    --delete : delete files that don't exist on sender (system)
    -v : Verbose (try -vv for more detailed information)
    -e "ssh options" : specify the ssh as remote shell
    -a : archive mode
    -r : recurse into directories
    -z : compress file data


For more details for rsync read mention link:

http://linux.about.com/library/cmd/blcmdl1_rsync.htm
Posted by at No comments:

Saturday, 25 August 2012

How to configure rssh on RHEL 5.5


Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only

If you want to chroot users, then use rssh support chrooting option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/manish normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.
First download the rssh rpm (rssh-2.3.3-1.fc16.x86_64.rpm)
Configuring rssh chroot
chroot directory : /users


root@mansh.bhandari#] rpm -ivh rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] mkdir /users
root@mansh.bhandari#] mkdir -p /users/{dev,etc,lib,usr,bin}
root@mansh.bhandari#] mkdir -p /users/usr/bin
root@mansh.bhandari#] mkdir -p /users/usr/libexec/openssh/

root@mansh.bhandari#] mkdir -p /users/libexec/openssh
Create /users/dev/null:
root@mansh.bhandari#] mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:
root@mansh.bhandari#] cd /users/etc
root@mansh.bhandari#] cp /etc/ld.so.cache .
root@mansh.bhandari#] cp /etc/ld.so.conf .
root@mansh.bhandari#] cp /etc/nsswitch.conf .
root@mansh.bhandari#] cp /etc/passwd .
root@mansh.bhandari#] cp /etc/group .
root@mansh.bhandari#] cp /etc/hosts .
root@mansh.bhandari#] cp /etc/resolve.conf .
Open /usres/group and /users/passwd file and remove root and all other accounts.
Copy required binary files, as described above to your jail directory /users/bin and other locations:
root@mansh.bhandari#] cd /users/usr/bin
root@mansh.bhandari#] cp /usr/bin/scp .
root@mansh.bhandari#] cp /usr/bin/rssh .
root@mansh.bhandari#] cp /usr/bin/sftp .
root@mansh.bhandari#] cd /users/usr/libexec/openssh/
root@mansh.bhandari#] cp /usr/libexec/openssh/sftp-server .
or
root@manish.bhandari#] cp /usr/lib/openssh/sftp-server . (not found)

root@manish.bhandari#] cd /users/usr/libexec/
root@manish.bhandari#] cp /usr/libexec/rssh_chroot_helper .
OR
root@manish.bhandari#] cp /usr/lib/rssh/rssh_chroot_helper (not found)

root@manish.bhandari#] cd /users/bin/
root@manish.bhandari#] cp /bin/sh .
OR
root@manish.bhandari#] cp /bin/bash .
Copy all shared library files
The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:
ldd /usr/bin/sftp

Output:
linux-gate.so.1 =>  (0×00456000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)
libutil.so.1 => /lib/libutil.so.1 (0x008ba000)
libz.so.1 => /usr/lib/libz.so.1 (0×00110000)
libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0×00656000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0×00271000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0×00304000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0×00777000)
libdl.so.2 => /lib/libdl.so.2 (0×00123000)
libnss3.so => /usr/lib/libnss3.so (0×00569000)
libc.so.6 => /lib/libc.so.6 (0x00b6c000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0×00127000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0×00130000)
/lib/ld-linux.so.2 (0×00525000)
libplc4.so => /usr/lib/libplc4.so (0x008c9000)
libplds4.so => /usr/lib/libplds4.so (0×00133000)
libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)
libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)
libselinux.so.1 => /lib/libselinux.so.1 (0×00341000)
libsepol.so.1 => /lib/libsepol.so.1 (0×00964000)
You need to copy all those libraries to /lib and other appropriate location. However, I recommend using this automated script called l2chroot:
root@manish.bhandari#] cd /sbin
root@manish.bhandari#] wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
root@manish.bhandari#] chmod +x l2chroot
Open l2chroot and set BASE variable to point to chroot directory (jail) location:
BASE=”/users”
Now copy all shared library files

root@manish.bhandari#] l2chroot /usr/bin/scp
root@manish.bhandari#] l2chroot /usr/bin/rssh
root@manish.bhandari#] l2chroot /usr/bin/sftp
root@manish.bhandari#] l2chroot /usr/libexec/openssh/sftp-server
OR
root@manish.bhandari#] l2chroot /usr/lib/openssh/sftp-server (not found)
root@manish.bhandari#] l2chroot /usr/libexec/rssh_chroot_helper
OR
root@manish.bhandari#] l2chroot /usr/lib/rssh/rssh_chroot_helper
root@manish.bhandari#] l2chroot /bin/sh
OR
root@manish.bhandari#]l2chroot /bin/bash
Modify syslogd configuration
root@mansh.bhandari#] vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS=”-m 0″
Append -a /users/dev/log
SYSLOGD_OPTIONS=”-m 0 -a /users/dev/log”
Save and close the file. Restart syslog:
root@manish.bhandari#] /etc/init.d/syslog restart
Set chroot path
Open configuration file /etc/rssh.conf:
root@manish.bhandari#] vi /etc/rssh.conf
Set chrootpath to /users
chrootpath=/users
user=manish:022:00010:”/users”
Save and close the file. If sshd is not running start it:
root@manish.bhandari#] /etc/init.d/sshd restart
Set chroot path:
root@manish.bhandari3] vim /etc/rssh.conf

chrootpath=/users
Subsystem sftp internal-sftp
root@manish.bhandari#] /etc/init.d/sshd restart
Add user to jail
root@manish.bhandari#] useradd -m -d /users/manish -s /usr/bin/rssh manish
root@manish.bhandari#] passwd manish
Now vivek can login using sftp or copy files using scp:


sftp>
sftp> ls
sftp > pwd
Remote working directory : /users/manish
sftp > cd /tmp

 
Couldn't canonicalise: No such file or directory
User manish is allowed to login to server to trasfer files, but not allowed to browse entier file system.


http://pensacola-tech.com/pensacola/2010/05/05/configure-rssh/

                                                                                                                                  Manish Bhandari
Posted by at 1 comment:
Subscribe to: Posts (Atom)