End Dating an account in Linux

Often times we want to terminate an Linux account for security reasons. Below command can be used to do the same

/usr/sbin/usermod -e

This option (-e) can also be used when account is originally created. This gives extra security if you already know when the person will be out of the project.

Keep in mind that 70-80 % of hacking is internal in the organization.

Who rebooted the Linux system

The availability of details is depended on the syslog's settings, but in any case you can do following:

1. Get the boot time. You can get it by couple of ways, as you can type "uptime" commands and count back for how long it was on, or you can go to
/var/log and see the boot.log file, or in the same directory see "messages" file and look for "syslog started" time stamp.

2. type "last" command and see who were the uses logged in at the time when system had been rebooted

3. See these users shell history files in ~username/.bash_history for su or sudo commands.

All the aforesaid makes sense ONLY if you have proper access to root account and no one but root user knows the root's password. If you guys share the root password it is almost impossible to find who had rebooted the system. The only chance if you had systlog set to record network events. You can see in /var/log, messages and security logs for connections with a time-stamp kept alive around the reboot. Given your DHCP is long leasing or static IPs were used/or logs entries resolve DNS you can get the list of suspects. Then you proceed to step 3.

Have in mind that if someone INTENTIONALLY reboot the system and had complete root access and posses some skills, it is not only impossible to track, he/she may forge logs in any desirable way.

DO NOT SHARE ROOT ACCESS! USE "SUDO" TO PROTECT ROOT ACCOUNT!

Curtsey : http://www.unix.com/unix-for-dummies-question-and-answers/27272-how-to-identify-who-rebooted-the-linux-server.html

can chmod command be dangerous???

We all think that chmod is there just to help us and it can never do any harm to the system. But hey wait for a sec... too much of a permission can be dangerous too. I came to know about this today when one of my team member has just ran the below command on one of our Linux servers.

chmod -R 777 *

As soon as this command is executed Linux system has suspected something wrong has happened and it stopped serving any service. I was not even able to do ssh to the box. I had to change the permissions (reduce the permissions) on the files to make the system ssh working.

User permission management in Linux

We have been doing identity management and access control for a long time now but few times we don’t put much of restrictions on our development team keeping in mind that they are our friends. I believe that is true but still I feel that it is very necessary to define fine grained access control to all the people.

In this post I am going to discuss some of the very common and simple Linux user management tasks.

1) Adding a new user to Linux (useradd)

-d home directory
-s starting program (shell)
-g (primary group assigned to the users)
-G (Other groups the user belongs to)
-m (Create the user's home directory

example:

useradd -gusers -Gmgmt -s/bin/shell -d/home/roger -m roger

2) Modifying existing user (usermod)

-d home directory
-s starting program (shell)
-p password
-g (primary group assigned to the users)
-G (Other groups the user belongs to)

example:

usermod -Gothers roger

3) Deleting a user (userdel)

-r (remove home directory)

example:

userdel -r roger

4) /etc/passwd is the file which keeps User names and primary groups. Format of the file is

User name (normally all lower case)
Password (encrypted - only contains the letter 'x')
User ID (a unique number of each user)
Primary Group ID
Comment (Normally the person's full name)
Home directory (normally /home/<user name>
Default shell (normally /bin/bash)

Each field is separated by a colon.

5) Password for each user is stored in /etc/passwd file

6) Group information for the user is stored in /etc/group. Format of this file is

Group name
Group password (hardly ever used)
Group ID
User names (separated by commas)

Note: Do not edit this file directly. Edit the user using the command usermod which will directly modify this file.

Sudo

As I mentioned earlier you don’t want users to use a shared account. Sudo is there to help us achieving this task. I am going to give some simple usages by which this can be used

1) Sudo permissions are stored in the file /etc/sudoers

2) Never edit the file using vi. Use visudo to edit the file.

visudo -e -f /etc/sudoers

3) Add the users into group for which you want to assign sudo permissions. This way sudo file will look clean.

4) Enable sudo logging by putting below text in sudoers file

Defaults logfile=/var/log/sudolog

There is a lot more which can be done using sudoers but here I am to give real life usable things not to put man pages of linux. Please use man page if you want more :-)

how to configure service in Linux???

After working in windows environment for years we want to have similar kind of flexibility in Linux environments where we don't have to remember where our scripts are residing and how to start and stop the applications we want to use. Linux has a very good solution for this problem. I am going to discuss here how to configure the service in Linux and how to use that.

1) The application you want to configure as a service under linux should have a script which has start and stop option in it. for example

case "$1" in
start) --> Start the application
stop) --> Stop the application

$1 here is the argument passed with the service command. For example "service tomcat start".

here tomcat is the name of the script which has start and stop options. This script should be placed under /etc/init.d directory.

2) Script should have following three things

1) Execute permissions
2) Description comment
3) Chkconfig comment

I had a script which was missing description field which I felt is not mandatory but when I tried to add that script as a service it was failing.

3) For adding a script as a service use the chkconfig command as follows
chkconfig --add


4) For listing all the services

chkconfig --list

5) for getting the status of all the services

service --status-all

6) Setting the run level of the service

chkconfig --level 345
offon

Technorati : linux service

Advanced unix/linux commands

1) Find a file in the whole computer --> find / -type f -name
-print
2) Find a file pattern --> find . -type f -name "*
*" -print
3) Delete all cores in the system --> find / -type f -name core -exec /bin/rm -f {} \;
4) Find all files with a word in them --> find . -type f -exec grep -l
{} \;
5) Find files modified longer than a month ago --> find . -type f -ctime +30 -print
6) Use found files more then once with xargs --> find . -name "*.c" -print xargs -i cp {} {}.bak
7) Don't search in nfs mounted filesystems --> find . -local ...
8) Look for files larger than 1 megabyte --> find /path -size 1000000c -print
9) Run find but discard the "permission denied"'s find ... 2>/dev/null ( in sh/bash/ksh only)
10) How to find the disk usages --> du -S sort -n > chksize.txt
11) How to get the disk space usage --> df -h (this will show space in readable format)
12) Getting folder size in readable format --> du -hs /path/to/folder
13) Sorting the files in Linux by file size --> ls -Shl more

Technorati : linux commands

How to Make strong password in Unix

Wondering how to make a safe password ? mkpasswd is the solution.
This is normally standard in all distributions on Linux/Unix.

Example: This will produce an unique 8 letter password with minimum 2 digits and 3 letters in upper
case: $mkpasswd -l 8 -d 2 -C 3