分类目录归档:Linux

Linux

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are widely open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection. 继续阅读

Linux: TMOUT To Automatically Log Users Out

How do I auto Logout my shell user in Linux after certain minutes of inactivity?

Linux bash shell allows you to define the TMOUT environment variable. Set TMOUT to automatically log users out after a period of inactivity. The value is defined in seconds. For example,

export TMOUT=120

export TMOUT=120

The above command will implement a 2 minute idle time-out for the default /bin/bash shell. You can edit your ~/.bash_profile or /etc/profile file as follows to define a 5 minute idle time out:

# set a 5 min timeout policy for bash shell
TMOUT=300
readonly TMOUT
export TMOUT

# set a 5 min timeout policy for bash shell TMOUT=300 readonly TMOUT export TMOUT

Save and close the file. The readonly command is used to make variables and functions readonly i.e. you user cannot change the value of variable called TMOUT.

How Do I Disable TMOUT?

To disable auto-logout, just set the TMOUT to zero or unset it as follows:
$ export TMOUT=0
or
$ unset TMOUT
Please note that readonly variable can only be disabled by root in /etc/profile or ~/.bash_profile.

A Note About TCSH SHELL and OpenSSH Server/Client

SSH allows administrators to set an idle timeout interval in /etc/ssh/sshd_config file. TCSH user should use autologout variable. Please see our previous FAQ “Linux / UNIX Automatically Log BASH / TCSH / SSH Users Out After a Period of Inactivity” for more information.

Auditd – Linux 服务器安全审计工具

安全防护是首先要考虑的问题。为了避免别人盗取我们的数据,我们需要时刻关注它。安全防护包括很多东西,审计是其中之一。

我们知道Linux系统上有一个叫 auditd 的审计工具。这个工具在大多数Linux操作系统中是默认安装的。那么auditd 是什么?该如何使用呢?下面我们开始介绍。

继续阅读

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are widely open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection.

1. Preliminary Note

For this tutorial, I am using CentOS 6.4 in the 32bit version. The same steps will work on CentOS 7 as well. The tutorial result will show how a client can be provided with access to the SFTP server but unable to login to the server itself by SSH.

继续阅读

pdo_informix

1. Installing Informix Client SDK for Linux x86_64

1.1 Download Informix Client SDK 3.70 for Linux x86_64 from IBM website, https://www-01.ibm.com/marketing/iwm/tnd/search.jsp?rs=ifxdl

1.2 Extract the file, `cd /opt/informix; tar -xvf clientsdk.3.70.FC8DE.LINUX.tar`

1.3 Start installation, `./installclientsdk`, install all

2. Installing PDO Informix

2.1 Download PDO Informix 1.3.1, `wget https://pecl.php.net/get/PDO_INFORMIX-1.3.1.tgz`

2.2 Extract the file, `tar -xvf PDO_INFORMIX-1.3.1.tgz`

2.3 `cd PDO_INFORMIX-1.3.1` and compiling

2.3.1 `phpize`

2.3.2 `./configure –with-pdo-informix=/opt/informix`, if getting error `configure: error: Cannot find php_pdo_driver.h`, do `ln -s /usr/include/php5 /usr/include/php` and try again.

2.3.3 `make`

2.3.4 `make install`

3. Include pdo_informix.so in php.ini

Other reference: http://stackoverflow.com/questions/19909075/php-and-informix-on-debian-how-to-install-configure-the-pdo

Sample Code:

<?php

$db = new PDO("informix:host=hostname_or_ipaddr; service=port;database=dbname; server=instancename; protocol=onsoctcp;EnableScrollableCursors=1;", "username", "password");

print "Connection Established!\n\n";

$stmt = $db->query("select * from tablename");
$res = $stmt->fetch( PDO::FETCH_BOTH );
$rows = $res[0];
echo "Table contents: $rows.\n";

?>

设置linux系统history相关变量

一、设置历史记录的时间

# vi /etc/profile    //在文件末尾添加以下内容,然后保存退出重新登陆即可
HISTTIMEFORMAT='%F %T '     //注意有个空格,为了显示时日期与命令之间有空格分割。
HISTSIZE="3000"    //默认保留1000条。

 

export HISTTIMEFORMAT='%F %T '
2015-07-27 10:33:58 echo from1
如果是
export HISTTIMEFORMAT='%F %T'   //%T少了个空格,日期与命令就连在一起了
2015-07-27 10:33:58echo from1

继续阅读

CIB not supported: validator ‘pacemaker-2.4’, release ‘3.0.10’

[root@a2 ~]# crm configure show
ERROR: CIB not supported: validator ‘pacemaker-2.4’, release ‘3.0.10’
ERROR: You may try the upgrade command
ERROR: configure: Missing requirements

If you look at the first line/tag in your Pacemaker configuration (# cibadmin –query > /tmp/cib.xml) you should see something like the following:
<cib crm_feature_set=”3.0.10″ validate-with=”pacemaker-2.4″ epoch=”6″ num_updates=”8″ …> 继续阅读

Manage the Root User Password on Linux

# https://gist.github.com/jeffmccune/2360984
# = Class: site::root_user
#
# This is a simple class to manage the root user password.
# The shadow hash of an existing password can be easily obtained
# by running `puppet resource user root` on a Linux system
# that has the desired root password already set.
# Puppet will then manage this password everywhere.
#
# First, I set the password to “puppet” on one Linux node and then get back the
# shadow hash.
#
# root@pe-centos6:~# passwd root
# Changing password for user root.
# New password:
# BAD PASSWORD: it does not contain enough DIFFERENT characters
# BAD PASSWORD: is too simple
# Retype new password:
# passwd: all authentication tokens updated successfully.
# root@pe-centos6:~# puppet resource user root
# user { ‘root’:
# ensure => ‘present’,
# comment => ‘root’,
# gid => ‘0’,
# groups => [‘root’, ‘bin’, ‘daemon’, ‘sys’, ‘adm’, ‘disk’, ‘wheel’],
# home => ‘/root’,
# password => ‘$6$7pe0INu/$Uxsn.lb/mJjd9394DIJx5JS9a1NVhrpWDpXRtPGS78/BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0’,
# password_max_age => ‘99999’,
# password_min_age => ‘0’,
# shell => ‘/bin/bash’,
# uid => ‘0’,
# }
#
# = Sample Usage
#
# include site::root_user
#
# (MARKUP: http://links.puppetlabs.com/puppet_manifest_documentation)
class site::root_user {
# This will enforce the root password of “puppet”
user { root:
ensure => present,
password => ‘$6$7pe0INu/$Uxsn.lb/mJjd9394DIJx5JS9a1NVhrpWDpXRtPGS78/BfyShhOf1G0ft7mRHspXDZo6.ezyqpqIXHQ8Tl8ZJt0’,
}
}

How to enforce password complexity on Linux

On most Linux systems, you can use PAM (the “pluggable authentication module”) to enforce password complexity. If you have a file named /etc/pam.d/system-auth on RedHat (/etc/pam.d/common-password on Debian systems), look for lines that look like those shown below.

$ grep password /etc/pam.d/system-auth
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

That’s what you should expect to see on a new system.

By default, passwords must have at least six characters (see /etc/login.defs for possible changes). This is hardly long enough by current standards to consider passwords to be secure. You will have a much stronger password complexity policy if you change the first line to something like this, requiring longer passwords and ensuring a degree of complexity as well.

password requisite pam_cracklib.so try_first_pass retry=3 minlength=12 lcredit=1
ucredit=1 dcredit=1 ocredit=1 difok=4

Here’s what each of the available parameters does:

try_first_pass = sets the number of times users can attempt setting a good
  password before the passwd command aborts
minlen = establishes a measure of complexity related to the password length
  (more in a moment on this)
lcredit = sets the minimum number of required lowercase letters
ucredit = sets the minimum number of required uppercase letters
dcredit = sets the minimum number of required digits
ocredit = sets the minimum number of required other characters
difok = sets the number of characters that must be different from those in the
   previous password

That said, minlen is actually a measure of complexity, not simply length. It specifies a complexity score that must be reached for a password to be deemed as acceptable. If each character in a password added one to the complexity count, then minlen would simply represent the password length but, if some characters count more than once, the calculation is more complex. So let’s see how this works.
继续阅读

如何在 Linux 上设置密码策略

用户帐号管理是系统管理员最重要的工作之一。而密码安全是系统安全中最受关注的一块。在本教程中,我将为大家介绍如何在 Linux 上设置密码策略

假设你已经在你的 Linux 系统上使用了 PAM (Pluggable Authentication Modules,插入式验证模块),因为这些年所有的 Linux 发行版都在使用它。 继续阅读