Monday, 24 December 2012

DNS Master and Slave Configuration

-->

DNS Server

DNS server is part of a global network of server that translate host name like www.facebook.com into numeraical IP address like 119.82.69.202 which computer on the Net use to communicate with each other. This is allow us to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

Types of DNS Server.

A master DNS server for your domain(s), which stores authoritative records for your domain.
A slave DNS server, which relies on a master DNS server for data.
A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers.
A forwarding-only DNS server, which refers all requests to other DNS servers.

Master DNS ( Primary DNS Server )

The authoritative server that contains the master zone file, which can be modified to update DNS information about the zone, is called the primary master server, or just master server.

Slave DNS ( Secondary DNS Server )

The additional name servers for the zone are called secondary servers or slave servers. Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server.

Here I am using RHEL 5.5 64 bit operating System.

Domain name is = facebook.com

Master IP = 10.64.10.1 and host name is = server.example.com

Slave IP = 10.64.10.2 and host name is = slave.example.com

client IP = 10.64.10.3 and host name is = client.example.com

How to Setup Master DNS ( Primary DNS) Server.

First we check some file.

[root@server ~]# cat /etc/sysconfig/network

[root@server ~]# cat /etc/resolv.conf

[root@server ~]# cat /etc/hosts

Install Required RPMs.

[root@server ~] # yum install bind* caching-nameserver

[root@server ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@server ~]# cd /var/named/chroot/etc/

[root@server etc]# cp -p named.caching-nameserver.conf named.conf

[root@server etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@server etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@server etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options {
listen-on port 53 { 127.0.0.1; 10.64.10.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 10.64.10.0/24; };
allow-query-cache { localhost; 10.64.10.0/24; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; 10.64.10.0/24; };
match-destinations { localhost; 10.64.10.0/24; };
recursion yes;
include "/etc/named.rfc1912.zones";
};

include “/etc/rndc.key”;

Now mention the zone files in.

[root@server etc]# vim named.rfc1912.zones

zone "facebook.com" IN {
type master;
file "facebook.com.zone";
allow-update { none; };
allow-transfer { 10.64.10.2; };
};

zone "10.64.10.in-addr.arpa" IN {
type master;
file "rev-facebook.com.zone";
allow-update { none; };
allow-transfer { 10.64.10.2; };
};

Now create fowared zones files.

[root@server ~]# cd /var/named/chroot/var/named/

[root@server named]# cp -p localhost.zone facebook.com.zone

$TTL 86400
@ IN SOA master.facebook.com. root.facebook.com. (
                                                          42 ; serial (d. adams)
                                                          3H ; refresh
                                                        15M ; retry
                                                          1W ; expiry
                                                         1D ) ; minimum
                   IN NS master.facebook.com.
                      IN NS slave.facebook.com.

master       IN    A 10.64.10.1
slave          IN    A   10.64.10.2
client          IN    A 10.64.10.3

Now create reverse zone file.

[root@server named]# cp -p named.local rev-facebook.com.zone

$TTL 86400
@ IN SOA master.facebook.com. root.master.facebook.com. (
                                                                              42 ; Serial
                                                                         28800 ; Refresh
                                                                          14400 ; Retry
                                                                       3600000 ; Expire
                                                                        86400 ) ; Minimum
                 IN NS master.facebook.com.
                IN NS slave.facebook.com.
1 IN    PTR    master.
2               IN PTR     slave.
3               IN   PTR    client.

Now Restart service.

[root@server named]# /etc/init.d/named restart

Stopping named: [ OK ]

Starting named: [ OK ]

Now check Master is running file.

[root@server named]# nslookup 10.64.10.1
Server: 10.64.10.1
Address: 10.64.10.1#53

1.10.64.10.in-addr.arpa name = master.

[root@server named]# nslookup master.facebook.com
Server: 10.64.10.1
Address: 10.64.10.1#53

Name: master.facebook.com
Address: 10.64.10.1

[root@server named]# dig -x 10.64.10.1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17417
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;1.10.64.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
1.10.64.10.in-addr.arpa. 86400 IN PTR master.

;; AUTHORITY SECTION:
10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com.
10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com.

;; ADDITIONAL SECTION:
slave.facebook.com. 86400 IN A 10.64.10.2
master.facebook.com. 86400 IN A 10.64.10.1

;; Query time: 1 msec
;; SERVER: 10.64.10.1#53(10.64.10.1)
;; WHEN: Tue Dec 25 06:04:19 2012
;; MSG SIZE rcvd: 146

That means master is running fine.

How to Setup Slave DNS ( Secondary DNS) Server.

Install Required RPMs.

[root@slave ~] # yum install bind* caching-nameserver

[root@slave ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# cp -p named.caching-nameserver.conf named.conf

[root@slave etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@slave etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@slave etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options {
listen-on port 53 { 127.0.0.1; 10.64.10.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;

allow-query { localhost; 10.64.10.0/24; };
allow-query-cache { localhost; 10.64.10.0/24; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; 10.64.10.0/24; };
match-destinations { localhost; 10.64.10.0/24; };
recursion yes;
include "/etc/named.rfc1912.zones";
};

include “/etc/rndc.key”;

Now mention zone files.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# vim named.rfc1912.zones

zone "facebook.com" IN {
type slave;
file "slaves/facebook.com.zone";
masters { 10.64.10.1; };
};

zone "10.64.10.in-addr.arpa" {
type slave;
file "slaves/facebook.com.zone";
masters { 10.64.10.1; };
};

Now create the zones file.

[root@slave ~]# cd /var/named/chroot/var/named/slaves

[root@slave slaves]# vim facebook.com.zone

T$TL 86400
@ IN SOA master.facebook.com. root.facebook.com. (

2010031200 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum

[root@slave slaves]# vim rev-facebook.com.zone

$TTL 86400
@ IN SOA master.facebook.com. root.facebook.com. (
                                                                         42 ; serial (d. adams)
                                                                        3H ; refresh
                                                                      15M ; retry
                                                                         1W ; expiry
                                                                        1D ) ; minimum

Create the Symbol link

[root@slave ~]# ln -s /var/named/chroot/var/named/slaves/facebook.com.zone /var/named/slaves/facebook.com.zone

[root@slave ~]# ls -la /var/named/slaves/facebook.com.zone

lrwxrwxrwx 1 root root 52 Dec 25 06:27 /var/named/slaves/facebook.com.zone -> /var/named/chroot/var/named/slaves/facebook.com.zone

Now change the permission

[root@slave ~]# chown named.named /var/named/chroot/var/named/slaves/rev-facebook.com.zone

[root@slave ~]# ls -l /var/named/chroot/var/named/slaves/rev-facebook.com.zone

-rw-r----- 1 named named 175 Dec 24 15:00 /var/named/chroot/var/named/slaves/rev-facebook.com.zone

Now Restart the service.

[root@slave ~]# /etc/init.d/named restart

Stopping named: [ OK ]

Starting named: [ OK ]

Now check the slave is working file.

[root@slave ~]# nslookup 10.64.10.2
Server: 10.64.10.2
Address: 10.64.10.2#53

2.10.64.10.in-addr.arpa name = slave.

[root@slave ~]# nslookup slave.facebook.com
Server: 10.64.10.2
Address: 10.64.10.2#53

Name: slave.facebook.com
Address: 10.64.10.2

[root@slave ~]# dig -x 10.64.10.2

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23303
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;2.10.64.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
2.10.64.10.in-addr.arpa. 86400 IN PTR slave.

;; AUTHORITY SECTION:
10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com.
10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com.

;; ADDITIONAL SECTION:
slave.facebook.com. 86400 IN A 10.64.10.2
master.facebook.com. 86400 IN A 10.64.10.1

;; Query time: 2 msec
;; SERVER: 10.64.10.2#53(10.64.10.2)
;; WHEN: Tue Dec 25 06:38:56 2012
;; MSG SIZE rcvd: 145

Now check the client side.

[root@client ~]# nslookup 10.64.10.1
Server: 10.64.10.1
Address: 10.64.10.1#53

1.10.64.10.in-addr.arpa name = master.

[root@client ~]# nslookup 10.64.10.2
Server: 10.64.10.1
Address: 10.64.10.1#53

2.10.64.10.in-addr.arpa name = slave.

Thanks & Regards

Manish Singh Bhandari

Friday, 21 December 2012

How to install a looback interface in Ubuntu 12.04

                    How to install a looback interface in Ubuntu 12.04

After successful installation of GNS3, we will install loopback adapter on our Ubuntu,Centos, Redhat and Fedora systems, so that we can telnet into your routers.

Loopback tap installation on Ubuntu 12.04

$ sudo –i
#apt-get install uml-utilities
#modprobe tun
#tunctl                                       ( This will create loopback interface tap0 )
#ifconfig tap0 10.64.10.100 netmask 255.0.0.0 up
#ifconfig

If you want to add one more loopback interface

#tunctl                                       ( This will create loopback interface tap1 )
#ifconfig tap1 10.64.10.100 netmask 255.0.0.0 up

Loopback tap installation on Centos/Redhat/Fedora.We need tunctl which is not available in our local repositories. So we’ll have to add RPMForge
repository. Steps to add this repo is given here

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge (Steps are the same for other 2 distros as well)

Ok lets install tunctl

$ su -
Password:                                       (Type in your root password here)
# yum install tunctl
# modprobe tun
# cd /usr/sbin
#./tunctl                                     ( This will create loopback interface tap0 )
# /sbin/ifconfig tap0 10.100.100.100 netmask 255.255.255.0 up
# /sbin/ ifconfig                ( verify that tap0 is up and given ip is assigned.)

If you want to add one more loopback interface

#./tunctl                                        ( This will create loopback interface tap1 )
# /sbin/ifconfig tap1 10.100.101.100 netmask 255.255.255.0 up

Important: Add these lines to iptables

sudo iptables -I INPUT -j ACCEPT -i tap0
sudo iptables -I OUTPUT -j ACCEPT -o tap0

Thursday, 29 November 2012

How to configure the DNS Server in RHEL5.5

DNS Server

The Domain Name Server plays an important role in making Internet traffic possible. A DNS server is part of a global network of servers that translate host names, like www.facebook.com, into numerical IP (Internet Protocol) addresses, like 208.20.202.20, which computers on the Net use to communicate with each other. This allows us to use easy to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

The advantage of having your own DNS server is it can process requests for traffic on your internal network without having to rely on another DNS server outside of your network. All the traffic is localized on your secure and internal network. Basically, this is a security feature because your LAN is essentially "hidden" from the outside world.

Real Time's DNS Servers run on Linux, giving them the stability and reliability everyone needs. It's also very cost effective because, like other Linux servers, a Linux DNS server can run on less expensive hardware than other operating systems.

As part of the installation, Real Time will also configure the server to your needs and specifications while keeping security as a top priority. Since it is built and designed in house, the server can be completely customized.

-->

How to configure the DNS Server in RHEL5.5

[root@node1 ~]# yum install bind* caching-nameserver

[root@node1 ~]# /etc/init.d/named restart;chkconfig named on

[root@node1 ~]# cd /var/named/chroot/etc/

[root@node1 ~]# cp -p named.caching-nameserver.conf named.conf

[root@node1 ~]# vim named.rfc1912.zones

Copy two zone in this file;

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

[root@node1 ~]# vim named.conf

Change few things in this file:

// named.caching-nameserver.conf

// Provided by Red Hat caching-nameserver package to configure the

// ISC BIND named(8) DNS server as a caching only nameserver

// (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

// DO NOT EDIT THIS FILE - use system-config-bind or an editor

// to create named.conf - edits to this file will be lost on

// caching-nameserver package upgrade.

options {

listen-on port 53 { 127.0.0.1; 10.64.10.1; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

allow-query { 10.64.10.1; };

};

##############################################

zone "node1.example.com" IN {

type master;

file "node1.fow.zone";

allow-update { none; };

};

zone "10.64.10.in-addr.arpa" IN {

type master;

##############################################

[root@node1 ~]# cd /var/named/chroot/var/named

[root@node1 ~]# cp -p localhost.zone node1.fow.zone

[root@node1 ~]# cp -p named.zero node1.rev.zone

[root@node1 ~]# vim node1.fow.zone

Before change in this file:

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

After change in this file:#####################################

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

NS node1.example.com

A 10.64.10.1

[root@node1 ~]# vim node1.rev.zone

Befor chane in this file.

$TTL 86400

@ IN SOA localhost. root.localhost. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost.

###################################################

After chage in this file:

$TTL 86400

@ IN SOA node1.example.com root.node1.example.com (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1 IN NS node1.example.com

[root@node1 ~]# vim /etc/resolve.conf

nameserver 10.64.10.1

root@node1 ~]# /etc/init.d/named restart

Stopping named: . [ OK ]

Starting named: [ OK ]

How to check DNS Server is working

[root@node1 ~]# nslookup 10.64.10.1

Server: 10.64.10.1

Address: 10.64.10.1#53

1.10.64.10.in-addr.arpa name = node1.example.com.10.64.10.in-addr.arpa.

[root@node1 ~]# nslookup node1.example.com

Server: 10.64.10.1

Address: 10.64.10.1#53

Name: node1.example.com

Address: 10.64.10.1

Name: node1.example.com

Address: 127.0.0.1

Thanks & Regards

Manish Bhandari

Monday, 27 August 2012

rsync and Scp command in Linux

How to use Scp command in Linux Operating System.

With the scp (secure copy) command you can easily copy from and to a remote computer or between remote computers.

root@manish.bhadnari#] scp <Source> <destibation>

How to use rsynce command in Linux Operating System.

rsync is a program that behaves in much the same way that scp does, but has many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file already exists.

The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using an efficient checksum-search algorithm described in the technical report that accompanies this package.

@ How to Install rsync command in Linux.

#yum install rsync

@Comman rsync command options

    --delete : delete files that don't exist on sender (system)
    -v : Verbose (try -vv for more detailed information)
    -e "ssh options" : specify the ssh as remote shell
    -a : archive mode
    -r : recurse into directories
    -z : compress file data

For more details for rsync read mention link:

http://linux.about.com/library/cmd/blcmdl1_rsync.htm

Saturday, 25 August 2012

How to configure rssh on RHEL 5.5

Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only

If you want to chroot users, then use rssh support chrooting option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/manish normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

First download the rssh rpm (rssh-2.3.3-1.fc16.x86_64.rpm)

Configuring rssh chroot

chroot directory : /users

root@mansh.bhandari#] wget -c

Another url is wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm

ftp://ftp.univie.ac.at/systems/linux/fedora/releases/16/Everything/x86_64/os/Packages/rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] rpm -ivh rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] mkdir /users

root@mansh.bhandari#] mkdir -p /users/{dev,etc,lib,usr,bin}

root@mansh.bhandari#] mkdir -p /users/usr/bin

root@mansh.bhandari#] mkdir -p /users/usr/libexec/openssh/

root@mansh.bhandari#] mkdir -p /users/libexec/openssh

Create /users/dev/null:

root@mansh.bhandari#] mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:

root@mansh.bhandari#] cd /users/etc

root@mansh.bhandari#] cp /etc/ld.so.cache .

root@mansh.bhandari#] cp /etc/ld.so.conf .

root@mansh.bhandari#] cp /etc/nsswitch.conf .

root@mansh.bhandari#] cp /etc/passwd .

root@mansh.bhandari#] cp /etc/group .

root@mansh.bhandari#] cp /etc/hosts .

root@mansh.bhandari#] cp /etc/resolve.conf .

Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:

root@mansh.bhandari#] cd /users/usr/bin

root@mansh.bhandari#] cp /usr/bin/scp .

root@mansh.bhandari#] cp /usr/bin/rssh .

root@mansh.bhandari#] cp /usr/bin/sftp .

root@mansh.bhandari#] cd /users/usr/libexec/openssh/

root@mansh.bhandari#] cp /usr/libexec/openssh/sftp-server .

root@manish.bhandari#] cp /usr/lib/openssh/sftp-server . (not found)

root@manish.bhandari#] cd /users/usr/libexec/

root@manish.bhandari#] cp /usr/libexec/rssh_chroot_helper .

OR
root@manish.bhandari#] cp /usr/lib/rssh/rssh_chroot_helper (not found)

root@manish.bhandari#] cd /users/bin/

root@manish.bhandari#] cp /bin/sh .
OR
root@manish.bhandari#] cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:

ldd /usr/bin/sftp

Output:

linux-gate.so.1 => (0×00456000)

libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)

libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)

libutil.so.1 => /lib/libutil.so.1 (0x008ba000)

libz.so.1 => /usr/lib/libz.so.1 (0×00110000)

libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)

libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)

libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0×00656000)

libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0×00271000)

libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0×00304000)

libcom_err.so.2 => /lib/libcom_err.so.2 (0×00777000)

libdl.so.2 => /lib/libdl.so.2 (0×00123000)

libnss3.so => /usr/lib/libnss3.so (0×00569000)

libc.so.6 => /lib/libc.so.6 (0x00b6c000)

libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0×00127000)

libkeyutils.so.1 => /lib/libkeyutils.so.1 (0×00130000)

/lib/ld-linux.so.2 (0×00525000)

libplc4.so => /usr/lib/libplc4.so (0x008c9000)

libplds4.so => /usr/lib/libplds4.so (0×00133000)

libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)

libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)

libselinux.so.1 => /lib/libselinux.so.1 (0×00341000)

libsepol.so.1 => /lib/libsepol.so.1 (0×00964000)

You need to copy all those libraries to /lib and other appropriate location. However, I recommend using this automated script called l2chroot:

root@manish.bhandari#] cd /sbin

root@manish.bhandari#] wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt

root@manish.bhandari#] chmod +x l2chroot

Open l2chroot and set BASE variable to point to chroot directory (jail) location:

BASE=”/users”

Now copy all shared library files

root@manish.bhandari#] l2chroot /usr/bin/scp

root@manish.bhandari#] l2chroot /usr/bin/rssh

root@manish.bhandari#] l2chroot /usr/bin/sftp

root@manish.bhandari#] l2chroot /usr/libexec/openssh/sftp-server
OR
root@manish.bhandari#] l2chroot /usr/lib/openssh/sftp-server (not found)

root@manish.bhandari#] l2chroot /usr/libexec/rssh_chroot_helper
OR
root@manish.bhandari#] l2chroot /usr/lib/rssh/rssh_chroot_helper

root@manish.bhandari#] l2chroot /bin/sh
OR
root@manish.bhandari#]l2chroot /bin/bash

Modify syslogd configuration

root@mansh.bhandari#] vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS=”-m 0″
Append -a /users/dev/log
SYSLOGD_OPTIONS=”-m 0 -a /users/dev/log”
Save and close the file. Restart syslog:

root@manish.bhandari#] /etc/init.d/syslog restart

Set chroot path

Open configuration file /etc/rssh.conf:

root@manish.bhandari#] vi /etc/rssh.conf

Set chrootpath to /users

chrootpath=/users

user=manish:022:00010:”/users”
Save and close the file. If sshd is not running start it:

root@manish.bhandari#] /etc/init.d/sshd restart

Set chroot path:

root@manish.bhandari3] vim /etc/rssh.conf

chrootpath=/users

Subsystem sftp internal-sftp

root@manish.bhandari#] /etc/init.d/sshd restart

Add user to jail

root@manish.bhandari#] useradd -m -d /users/manish -s /usr/bin/rssh manish

root@manish.bhandari#] passwd manish

Now vivek can login using sftp or copy files using scp:

root@manish.bhandari#] sftp manish@192.168.100.xx

manish@192.168.100.x password

sftp>

sftp> ls

sftp > pwd

Remote working directory : /users/manish

sftp > cd /tmp

Couldn't canonicalise: No such file or directory

User manish is allowed to login to server to trasfer files, but not allowed to browse entier file system.

http://pensacola-tech.com/pensacola/2010/05/05/configure-rssh/

Manish Bhandari

Tuesday, 24 July 2012

Process Monitoring Scripts in Linux

#!/bin/bash
#set -x
#
#Variable secetion
#=====================================================
#list process to monitor in the variable below;
PROGRAM1="firefox"
#Variabele check to see if $PROGRAM1
#is running
APPCHK=$(ps aux | grep -c $PROGRAM1 )
#$Company & Site variable are for populating the alert email
COMPANY="Hungama"
SITE="JMX"
# $SUPPORTSTAFF is the recipient of our alert email
SUPPORTSTAFF="manish.bhandari@fosteringlinux.com"
#=======================================================
# The ‘if’ statement below checks to see if the process is running
# with the ‘ps’ command. If the value is returned as a ’0′ then
# an email will be sent and the process will be safely restarted.
#
echo "COUNT IS " $APPCHK

if [ $APPCHK -eq '1' ];then
echo mail -s "Manish PBX at $COMPANY $SITE may be down " $SUPPORTSTAFF >> notrunning.log
else
echo "$PROGRAM1 is running $APPCHK processes" >> manish-check.log
fi
echo $APPCHK
exit

Tuesday, 5 June 2012

How to create new partition on Linux

Here i create new partition on 4 setps:

Step #1 For create new partition used fdisk command;

Following command will list all detected hard disks:
root@manish.bhandari#] fdisk -l | grep '^Disk'

Output:

Disk /dev/sda: 251.0 GB, 251000193024 bytes
Disk /dev/sdb: 251.0 GB, 251000193024 bytes

To partition the disk - /dev/sdb, enter:
root@manish.bhandari#] fdisk /dev/sdb

The basic fdisk commands you need are:

m - print help
p - print the partition table
n - create a new partition
d - delete a partition
q - quit without saving changes
w - write the new partition table and exit

for avoid to reboot the system type this command;

root@manish.bhandari#] partprobe

Step #2 Format the new disk partition using mkfs.ext3 or mkfs.ext4 command;

root@manish.bhandari#] mkfs.ext4 /dev/sdb1

Step #3 Mount the new partition using command but first you create mount point /manish and mount command to mount /dev/sdb1;

root@manish.bhandari#] mkdir /manish

root@manish.bhandari#] mount /dev/sdb1 /manish

root@manish.bhandari#] df -h

Step #4 Update /etc/fstab file for parment mount;

root@manish.bhandari#] vim /etc/fstab

/dev/sdb1 /manish ext4 defaults 1 2

Thanks & Regards
Manish Bhandari