分类目录归档:Linux

Linux

CentOS / RHEL 7 : How to modify Network Interface names

On CentOS / RHEL 7, a new naming scheme is introduced.
For instance:

# ip addr show
.....
eno1: [BROADCAST,MULTICAST,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 6c:0b:84:6c:48:1c brd ff:ff:ff:ff:ff:ff
inet 10.10.10.11/24 brd 10.10.10.255 scope global eno1
inet6 2606:b400:c00:48:6e0b:84ff:fe6c:481c/128 scope global dynamic
valid_lft 2326384sec preferred_lft 339184sec
inet6 fe80::6e0b:84ff:fe6c:481c/64 scope link
valid_lft forever preferred_lft forever

This post describes how to revert to legacy naming scheme with Network Interface names as eth0, eth1, etc. 继续阅读

Linux audit files to see who made changes to a file

How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux?

The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.

In order to use audit facility you need to use following utilities
=> auditctl – a command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system. Setting a watch on a file is accomplished using this command:

=> ausearch – a command that can query the audit daemon logs based for events based on different search criteria.

=> aureport – a tool that produces summary reports of the audit system logs.

Note that following all instructions are tested on CentOS 4.x and Fedora Core and RHEL 4/5 Linux. 继续阅读

HOWTO configure the auditing of the system (auditd)

Introduction

The audit service is provided for system auditing. By default, this service audits about SELinux AVC denials and certain types of security-relevant events such as system logins, account modifications, and authentication events performed by programs such as sudo.

Under its default configuration, auditd has modest disk space requirements, and should not noticeably impact system performance. The audit service, configured with at least its default rules, is strongly recommended for all sites, regardless of whether they are running SELinux. Networks with high security level often have substantial auditing requirements and auditd can be configured to meet these requirements:

  • Ensure Auditing is Configured to Collect Certain System Events
  • Information on the Use of Print Command (unsuccessful and successful)
  • Startup and Shutdown Events (unsuccessful and successful)
  • Ensure the auditing software can record the following for each audit event:
    • When the event appears
    • Who initiated the event
    • Type of the event
    • Success or failure of the event
    • Origin of the request (example: terminal ID)
    • For events that introduce an object into a user’s address space, and for object deletion events, the name of the object, and in MLS systems, the objects security level.
  • Ensure daily of the audit logs
  • Ensure that the audit data files have restrictive permissions (at least 640).

继续阅读

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are widely open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection. 继续阅读

Linux: TMOUT To Automatically Log Users Out

How do I auto Logout my shell user in Linux after certain minutes of inactivity?

Linux bash shell allows you to define the TMOUT environment variable. Set TMOUT to automatically log users out after a period of inactivity. The value is defined in seconds. For example,

export TMOUT=120

export TMOUT=120

The above command will implement a 2 minute idle time-out for the default /bin/bash shell. You can edit your ~/.bash_profile or /etc/profile file as follows to define a 5 minute idle time out:

# set a 5 min timeout policy for bash shell
TMOUT=300
readonly TMOUT
export TMOUT

# set a 5 min timeout policy for bash shell TMOUT=300 readonly TMOUT export TMOUT

Save and close the file. The readonly command is used to make variables and functions readonly i.e. you user cannot change the value of variable called TMOUT.

How Do I Disable TMOUT?

To disable auto-logout, just set the TMOUT to zero or unset it as follows:
$ export TMOUT=0
or
$ unset TMOUT
Please note that readonly variable can only be disabled by root in /etc/profile or ~/.bash_profile.

A Note About TCSH SHELL and OpenSSH Server/Client

SSH allows administrators to set an idle timeout interval in /etc/ssh/sshd_config file. TCSH user should use autologout variable. Please see our previous FAQ “Linux / UNIX Automatically Log BASH / TCSH / SSH Users Out After a Period of Inactivity” for more information.

Auditd – Linux 服务器安全审计工具

安全防护是首先要考虑的问题。为了避免别人盗取我们的数据,我们需要时刻关注它。安全防护包括很多东西,审计是其中之一。

我们知道Linux系统上有一个叫 auditd 的审计工具。这个工具在大多数Linux操作系统中是默认安装的。那么auditd 是什么?该如何使用呢?下面我们开始介绍。

继续阅读

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are widely open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection.

1. Preliminary Note

For this tutorial, I am using CentOS 6.4 in the 32bit version. The same steps will work on CentOS 7 as well. The tutorial result will show how a client can be provided with access to the SFTP server but unable to login to the server itself by SSH.

继续阅读

pdo_informix

1. Installing Informix Client SDK for Linux x86_64

1.1 Download Informix Client SDK 3.70 for Linux x86_64 from IBM website, https://www-01.ibm.com/marketing/iwm/tnd/search.jsp?rs=ifxdl

1.2 Extract the file, `cd /opt/informix; tar -xvf clientsdk.3.70.FC8DE.LINUX.tar`

1.3 Start installation, `./installclientsdk`, install all

2. Installing PDO Informix

2.1 Download PDO Informix 1.3.1, `wget https://pecl.php.net/get/PDO_INFORMIX-1.3.1.tgz`

2.2 Extract the file, `tar -xvf PDO_INFORMIX-1.3.1.tgz`

2.3 `cd PDO_INFORMIX-1.3.1` and compiling

2.3.1 `phpize`

2.3.2 `./configure –with-pdo-informix=/opt/informix`, if getting error `configure: error: Cannot find php_pdo_driver.h`, do `ln -s /usr/include/php5 /usr/include/php` and try again.

2.3.3 `make`

2.3.4 `make install`

3. Include pdo_informix.so in php.ini

Other reference: http://stackoverflow.com/questions/19909075/php-and-informix-on-debian-how-to-install-configure-the-pdo

Sample Code:

<?php

$db = new PDO("informix:host=hostname_or_ipaddr; service=port;database=dbname; server=instancename; protocol=onsoctcp;EnableScrollableCursors=1;", "username", "password");

print "Connection Established!\n\n";

$stmt = $db->query("select * from tablename");
$res = $stmt->fetch( PDO::FETCH_BOTH );
$rows = $res[0];
echo "Table contents: $rows.\n";

?>

设置linux系统history相关变量

一、设置历史记录的时间

# vi /etc/profile    //在文件末尾添加以下内容,然后保存退出重新登陆即可
HISTTIMEFORMAT='%F %T '     //注意有个空格,为了显示时日期与命令之间有空格分割。
HISTSIZE="3000"    //默认保留1000条。

 

export HISTTIMEFORMAT='%F %T '
2015-07-27 10:33:58 echo from1
如果是
export HISTTIMEFORMAT='%F %T'   //%T少了个空格,日期与命令就连在一起了
2015-07-27 10:33:58echo from1

继续阅读

CIB not supported: validator ‘pacemaker-2.4’, release ‘3.0.10’

[root@a2 ~]# crm configure show
ERROR: CIB not supported: validator ‘pacemaker-2.4’, release ‘3.0.10’
ERROR: You may try the upgrade command
ERROR: configure: Missing requirements

If you look at the first line/tag in your Pacemaker configuration (# cibadmin –query > /tmp/cib.xml) you should see something like the following:
<cib crm_feature_set=”3.0.10″ validate-with=”pacemaker-2.4″ epoch=”6″ num_updates=”8″ …> 继续阅读