Showing posts from 2013

How can I chroot sftp-only SSH users into their homes?

All this pain is thanks to several security issues as detailed here . Basically the chroot directory has to be owned by root and can't be any group-write access. Lovely. So you essentially need to turn your chroot into a holding cell and within that you can have your editable content.   sudo chown root /home/bob sudo chmod go-w /home/bob sudo mkdir /home/bob/writeable sudo chown bob:sftponly /home/bob/writeable sudo chmod ug+rwX /home/bob/writeable And bam, you can log in and write in /writeable . found at:

selinux blocks access via sftp for chrooted user

you may want to install setroubleshoot. audit2allow is installed as part of that install. If selinux blocks access via sftp for chrooted user try: grep denied /var/log/audit/audit.log | audit2allow -M postgreylocal this is how postgrey will looks like and give permission to remove, rename, delete, create file/directory module postgreylocal 1.0; require {         type user_home_t;         type chroot_user_t;         class dir { rename write rmdir remove_name create add_name };         class file { write create unlink link setattr }; } #============= chroot_user_t ============== #!!!! This avc can be allowed using one of the these booleans: #     ssh_chroot_rw_homedirs, ssh_chroot_full_access allow chroot_user_t user_home_t:dir { rename rmdir }; #!!!! This avc is allowed in the current policy allow chroot_user_t user_home_t:dir { write remove_name create add_name }; #!!!! This avc can be allowed using one of the these booleans: #     ssh_chroot_rw_h

Find and kill a process in one line using bash and regex

      How can I extract the process id automatically and kill it in the same line? In bash , you should be able to do: kill $(ps aux | grep '[p]ython' | awk '{print $2}') Details on its workings are as follows: The ps gives you the list of all the processes. The grep filters that based on your search string, [p] is a trick to stop you picking up the actual grep process itself. The awk just gives you the second field of each line, which is the PID. The $(x) construct means to execute x then take its output and put it on the command line. The output of that ps pipeline inside that construct above is the list of process IDs so you end up with a command like kill 1234 1122 7654 . Here's a transcript showing it in action: pax> sleep 3600 & [1] 2225 pax> sleep 3600 & [2] 2226 pax> sleep 3600 & [3] 2227 pax> sleep 3600 & [4] 2228 pax> sleep 3600 & [5] 2229 pax> kill $(ps aux | g

Centos 6.4 how to check if sshd is infected with Fokirtor

Centos 6.4 how to check if sshd is infected with Fokirtor At first you need to install yum install python-psutil after that cp /sbin/pidof /bin/pidof and download and execute this script #!/bin/sh # # A simple check to see if running ssh processes contain any string that have # been designated an indication of Fokirtor by Symantec. # # More info here: # # # (c) 2013, Kumina bv, [email protected] # # You are free to use, modify and distribute this check in any way you see # fit. Just don't say you wrote it. # # This check is created for Debian Squeeze/Wheezy, no idea if it'll work in # other distros. You'll need gdb-minimal (for gcore) installed. # We need to be root if [ ` /usr/bin/id -u ` -ne 0 ] ; then

Bash: Timestamp in bash history

Bash: Timestamp in bash history The bash history is a useful thing to remember commands which were entered on a system. But it’s not only useful to help your mind – you can also keep track of the entered commands. This is especially interesting on multi user systems. You are able to check the executed commands after the user logs out. That is extra interesting when you spotted some problems like missing files on a system – you would be able to check if someone removed that file. But by default you can only track the commands entered and you won’t know when they were entered. This could be very important. Thankfully there is a way to add timestamps to the bash history since Bash version 3.0. See how to configure your bash to save the timestamp for each command execution… It is quite easy to configure. You just need to set one environment variable HISTTIMEFORMAT . The HISTTIMEFORMAT variable needs to be added to your bashrc scripts. I prefer to add it

A bunch of commands to change UIDS and GIDS

A bunch of commands to change UIDS and GIDS Here's the commands to run as root to change the UID and GID for a user.  Simply change the variables in angled brackets to match your settings:   usermod -u <NEWUID> <LOGIN> groupmod -g <NEWGID> <GROUP> find / -user <OLDUID> -exec chown -h <NEWUID> {} \; find / -group <OLDGID> -exec chgrp -h <NEWGID> {} \; usermod -g <NEWGID> <LOGIN> usermod and groupmod simply change the UID and GID for their respective named counterpart usermod also changes the UID for the files in the homedir but naturally we can't assume the only place files have been created is in the user's homedir. The find command recurses the filesystem from / and changes everything with uid of OLDUID to be owned by NEWUID and them changes the group for the files owned by the OLDGROUP The final usermod command changes the login group for the user found at :  https://muffinr

Reset “Use Secure in Front End or Admin” in Database – Magento

Reset “Use Secure in Front End or Admin” in Database – Magento by Nick Cron I ran into an issue this week where I switched on SSL on a development site and then realized the SSL cert was not installed correctly.  This is a big issue in Magento because there is no way to get back to the admin to switch it back off. If this ever happens do the following to switch back: 1. Open up your admin panel (cPanel or other) 2. Go to phpMyAdmin (if MySql) 3. Find your Magento Database 4. Find table “core_config_data” 5. Look for the columns “web/secure/use_in_frontend” and “web/secure/use_in_adminhtml” 6. Edit both values, make them equal to “0″ After this is done you will be back in action. found at

Measure Hard Disk Data Transfer Speed

Measure Hard Disk Data Transfer Speed Login as the root and enter the following command: $ sudo hdparm -tT /dev/sda OR $ sudo hdparm -tT /dev/hda Sample outputs:   /dev/sda: Timing cached reads: 7864 MB in 2.00 seconds = 3935.41 MB/sec Timing buffered disk reads: 204 MB in 3.00 seconds = 67.98 MB/sec For meaningful results, this operation should be repeated 2-3 times . This displays the speed of reading directly from the Linux buffer cache without disk access. This measurement is essentially an indication of the throughput of the processor, cache, and memory of the system under test.  Here is a for loop example, to run test 3 time in a row: for i in 1 2 3; do hdparm -tT /dev/hda; done Where, -t :perform device read timings -T : perform cache read timings /dev/sda : Hard disk device file To find out SATA hard disk speed, enter: sudo hdparm -I /dev/sda | grep -i speed Output: * Gen1 signaling speed (1.5Gb/s) * Gen2 signalin

Wake on Lan in Centos 6

      Start a computer from a remote machine by Wake on Lan. [1]     Configuration of the computer you'd like to turn on from remote machine.  yum -y install ethtool ethtool -s eth0 wol g or: vi /etc/sysconfig/network-scripts/ifcfg-eth0 # add at the last line ETHTOOL_OPTS="wol g " check for MAC ifconfig eth0 | grep HWaddr | awk '{print $5}' 00:22:68:5E:34:06 # take a memo shutdown -h now [2]     Operation on the computer at a remore place. yum -y install net-tools # ether-wake [MAC address of the computer you'd like to turn on] ether-wake 00:22:68:5E:34:06  # send magic packets ***correction If have more than one interface need to specify it, for example: ether-wake -i eth0 00:22:68:5E:34:06 found at:

How to Increase the size of a Linux LVM by expanding the virtual machine disk

How to Increase the size of a Linux LVM by expanding the virtual machine disk This post will cover how to increase the disk space for a VMware virtual machine running Linux that is using logical volume manager (LVM). Firstly we will be increasing the size of the actual disk on the VMware virtual machine, so at the hardware level – this is the VM’s .vmdk file. Once this is complete we will get into the virtual machine and make the necessary changes through the operating system in order to take advantage of the additional space that has been provided by the hard drive being extended. This will involve creating a new partition with the new space, expanding the volume group and logical group, then finally resizing the file system. As there are a number of different ways to increase disk space I have also posted some different methods here: Use GParted to increase disk size of a Linux native partition – In this article the virtual disk is expanded, however there is

Raspberry PI - How to change desktop wallpaper?

Problem: When I right click on the desktop, a submenu pops up with these choices: terminal emulator, web browser, desktops, obconf, reconfigure, restart, exit. How can I change the desktop wallpaper? I don't see an option to do this with this submenu? Normally when you are using Raspbian "wheezy" with the LXDE Desktop Environment Right clicking should pop up: Create New Paste Selact All Invert Selection Sort Files Desktop Preferences If not ? Solution: Open a terminal and enter pcmanfm --desktop-pref . When the desktop preferences window pops up, click on the "Advanced" tab and deselect "Show menus provided by window managers when desktop is clicked." That's it and PCManFM File Manager that we had by default is back!

Cisco how to check interface index using snmp

Try command $ snmpwalk -v2c -c community-string HOST Outcome will be: IF-MIB::ifName. 1 = STRING: Fa0 IF-MIB::ifName. 2 = STRING: Fa1              This -^- is the interface-number so when using for example nagios plugin check_itraffic use this number as interface parameter

[SOLVED ]Nagios / Cenreon This plugin must be either run as root or setuid root.

Problem:  Warning: This plugin must be either run as root or setuid root.    To run as root, you can use a tool like sudo.    To set the setuid permissions, use the command:    chmod u+s yourpluginfile Example: 1. chown root:nagios check_dhcp 2. chmod u+s check_dhcp    some plugins needs chown apache:nagios  (otherwise plugin`s outcome is out of bounds 255)

Colored bash in CentOS

The following is ripped from the ​ Gentoo /etc/bash/bashrc with minor modifications for slight differences in ​ CentOS : use_color = false # Set colorful PS1 only on colorful terminals. # dircolors --print-database uses its own built-in database # instead of using /etc/DIR_COLORS. Try to use the external file # first to take advantage of user additions. Use internal bash # globbing instead of external grep binary. safe_term = ${ TERM //[^[: alnum :]]/? } # sanitize TERM match_lhs = "$(<${COLORS})" [[ -z ${ match_lhs } ]] \ && type -P dircolors >/dev/null \ && match_lhs = $( dircolors --print-database ) [[ $'\n' ${ match_lhs } == * $'\n' "TERM " ${ safe_term } * ]] && use_color = true if ${ use_color } ; then if [[ ${ EUID } == 0 ]] ; then PS1 = '\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else PS1 = '\[\033[01;32m\]\u@\h\[\033[01;34m

Disable Ads on YouTube With This Simple Command

There are a lot of ways to block ads , but with a simple command in the developer console, you can disable all ads on YouTube via an experiment. Google frequently tries out new features with experiments via TestTube . A less advertised experiment can disable all ads on the site. Here's how to turn it on: Open up a YouTube video (any will do). Open up the developer console (Ctrl-Shift-J for Chrome, Ctrl-Shift-K for Firefox) Enter the following code: document.cookie="VISITOR_INFO1_LIVE=oKckVSqvaGw; path=/;";window.location.reload(); Boom. No more ads. Since this is something that Google is allowing, it's possible it could go away in the future, but while it works, you get a lovely ad-free viewing experience without any plugins. It even works on those pesky video ads.

Unable to load dynamic library '/usr/lib/php/modules/'

When I run command   php -v this error come up PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/' - /usr/lib/php/modules/ cannot open shared object file: No such file or directory in Unknown on line 0 PHP 5.3.3 (cli) (built: Feb 22 2013 02:37:06) solution: This is cause by mcrypt extension. Edit /etc/php.d/mcrypt.ini and change ; Enable mcrypt extension module to this ; Enable mcrypt extension module     found at

Increasing the size of a virtual disk vmware on guest CentOS

Power off the virtual machine. Edit the virtual machine settings and extend the virtual disk size.  Power on the virtual machine. Identify the device name, which is by default /dev/sda , and confirm the new size by running the command: # fdisk -l Create a new primary partition: Run the command: # fdisk /dev/sda (depending the results of the step 4)   Press p to print the partition table to identify the number of partitions. By default there are 2: sda1 and sda2. Press n to create a new primary partition.  Press p for primary. Press 3 for the partition number, depending the output of the partition table print. Press Enter two times. Press w to write the changes to the partition table. Restart the virtual machine. Run this command to verify that the changes were saved to the partition table and that the new partition has an 83 type: # fdisk -l Run this command to convert the new partition to a physical volume: # pvcreate /dev/sda3 Run

How to find out which process is listening upon a port?

To discover the process name, ID (pid), and other details you need to run: lsof -i : port So to see which process is listening upon port 80 we can run: root@mystery:~# lsof -i :80 This gives us the following output: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache2 10437 root 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10438 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10439 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10440 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10441 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10442 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 25966 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 25968 www-data 3u IPv6 22890556 TCP *:www (LISTEN) Here you can see the command running ( apache2 ), the username it is running as www-data , and some other details. Similarly we can see which process is bound to

How To Autocomplete Commands Preceded By 'sudo'

When writing a command in the terminal, you can autocomplete it by pressing the TAB key. Example: type "nau" in the terminal and press TAB -> "nautilus" should show up (if you have Nautilus installed, obviously). However, the autocomplete doesn't work if you are trying to run a command with "sudo". For example, typing "sudo nau" and then pressing the TAB key will not autocomplete the command to "sudo nautilus". Here is how to get autocomplete to work in the Terminal while using "sudo". Simply open the ".bashrc" hidden file from your home folder. If you use GNOME, paste this in a terminal to open it: sudo gedit ~/.bashrc Then paste this at the bottom of the file: if [ "$PS1" ]; then complete -cf sudo fi Then type this in a terminal to reload: bash Now try the example in the beginning of the file "sudo nau" and press TAB. It should now work. found at

How do I change bash history completion to complete what's already on the line?

edit:   # ~/.inputrc "\e[A": history-search-backward "\e[B": history-search-forward or equivalently,   # ~/.bashrc bind '"\e[A": history-search-backward' bind '"\e[B": history-search-forward'   Normally, Up and Down are bound to the Readline functions previous-history and next-history respectively. I prefer to bind PgUp/PgDn to these functions, instead of displacing the normal operation of Up/Down.   # ~/.inputrc "\e[5~": history-search-backward "\e[6~": history-search-forward After you modify ~/.inputrc , restart your shell or use Ctrl + X , Ctrl + R to tell it to re-read ~/.inputrc . found at
Installing NFS on CentOS 6.2 This is a how to install the NFS service on a Linux CentOS 6.2 box and making it accessible to others. The scenario is the following: Grant read-only access to the /home/public directory to all networks Grant read/write access to the /home/common directory to all networks  At the end of this guide you will get: A running NFS server with various LAN shared directories A active set of firewall rules allowing the access to NFS ports A permanently mounted NFS shared on a CentOS / Ubuntu client      I assume you already have: a fresh running Linux CentOS 6.2 server  a sudoer user, named bozz on this guide an accessible RPM repository / mirror a Linux client with CentOS / Ubuntu Steps Login as bozz user on the server Check if rpcbind is installed: $ rpm -q rpcbind rpcbind-0.2.0-8.el6.x86_64 if not, install it: $ sudo yum install rpcbind Install NFS-related packages: $ sudo yum install nfs-utils nfs-utils-lib O

How To Break Into A Cisco ASA If You Do Not Have The Enable Password

From time to time, I get a service call asking me to break into a Cisco router or an ASA or a PIX. In most cases, the device was deployed a long time ago and nobody remembers the password. Or they have a copy of the config but the password was stored in the encrypted format. If you have the password in encrypted format, you might luck out if it is a commonly-used value such as 8Ry2YjIyt7RRXU24 (password is blank) or 2KFQnbNIdI.2KYOU (password is “cisco”). You can try to brute force it with John the Ripper, or Cain and Abel, or some precomputed rainbow table. The time required to brute force a complex password will depend on the character set used in the password, the length of the password, and the speed of the computer that is running Cain & Abel. Might take an ice age to brute force it. Would it be worth the time? You might have better luck with a bit of lateral thinking. Just paste the encrypted password into Google and see if anyone has posted their own config

QOS Priority Levels

One of the most feared technologies by CCIE candidates is QOS (Quality of Service). This is understandably because most first world countries seldom have problems with bandwidth or getting more if needed. So the necessity for juggling traffic around, by means of QOS strategies is almost non existent. On the other hand, engineers in developing countries tend to be familiar with various QOS technologies, because of frequent bandwidth shortages as a result of the high bandwidth costs. Here is a concise table listing the all the values for both BYTE fields: TOS-BYTE = (3bits IP PREC + 5bits legacy) IP Precedence  Description IP PREC Binary (3 bits) IP PREC Decimal Value ROUTINE 000 0 PRIORITY 001 1 IMMEDIATE 010 2 FLASH 011 3 FLASHOVERRIDE 100 4 CRITICAL 101 5 INTERNETWORK CONTROL 110 6 NETWORK CONTROL 111 7 . DiffServ Field = (6bits DSCP + 2bits ECN) DSCP PHB Groups (8x + 2y) DSCP-Field Binary (6

ASA Smart Call Home common uses and periodic monitoring

ASA Smart Call Home common uses and periodic monitoring   Purpose of this document Smart Call Home is a feature introduced into the ASA firewalls in version 8.2 that allows for periodic monitoring of the firewall device. This document how to leverage this feature to monitor and troubleshoot network issues. Configuring Smart Call Home To configure Smart Call Home, use the following document: Common Uses Configuration Backups Gathering configuration backups  periodically is useful in case of device replacement or change control.  It helps to identify the last working configuration and archives changes  made to the firewall. hostname (config)# service call-home hostname (config)# call-home hostname (cfg-call-home)# contact-email-addr [email protected] hostname (cfg-call-home)# mail-server priority 1 hostname (cfg-call-home)# profile ConfigBackup-1 hostname (cfg-call-home-profile)# dest