How to check SELinux Status
Use the command below to check the current status.
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 21
Policy from config file: targeted
We can also change the policy using setenforce command.
setenforce 0 - to disable
setenforce 1 - to enable
# setenforce –help
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
Tags: check, SELinux, status
How to find World/Group writable files and directories.
Finding world-writable files and directories
#find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
#find / -type d \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
This will create a huge file with permission of all files having either write permission set to the group or everybody. Check the permissions and eliminate world writable files to everyone, by executing /bin/chmod on the files.
To remove the permission execute.
#/bin/chmod o-w [file-name]
Tags: Directories, Files, find, World/Group, writable
Backup using the dd command
`dd’: Convert and copy a file
`dd’ copies a file (from standard input to standard output, by default)with a changeable I/O block size, while optionally performing conversions on it. Synopses:
dd [OPERAND]…
dd OPTION
The only options are `–help’ and `–version’.
For instance, to make an exact clone of the /boot partition to a backup file, you could use:
# dd if=/dev/sda1 of=/srv/boot-linux.img
We can also use bzip2 to compresses files and then bunzip2 (or bzip2 -d) decompresses all specified files.
To clone one hard disk to another first use fdisk to recreate the appropriately-sized partitions, on the new disk and then use dd to do the actual cloning.
dd –help
Usage: dd [OPERAND]…
or: dd OPTION
Copy a file, converting and formatting according to the operands.
bs=BYTES force ibs=BYTES and obs=BYTES
cbs=BYTES convert BYTES bytes at a time
conv=CONVS convert the file as per the comma separated symbol list
count=BLOCKS copy only BLOCKS input blocks
ibs=BYTES read BYTES bytes at a time
if=FILE read from FILE instead of stdin
iflag=FLAGS read as per the comma separated symbol list
obs=BYTES write BYTES bytes at a time
of=FILE write to FILE instead of stdout
oflag=FLAGS write as per the comma separated symbol list
seek=BLOCKS skip BLOCKS obs-sized blocks at start of output
skip=BLOCKS skip BLOCKS ibs-sized blocks at start of input
status=noxfer suppress transfer statistics
Tags: backup, command, dd
Find if initscripts or sysconfig has support for bonding
If you’re unsure whether your distro uses sysconfig or initscripts, or don’t know if it’s new enough, have no fear.
It will respond with a line of text starting with either “initscripts” or “sysconfig,” followed by some numbers. This is the package that provides your network initialization scripts.
Next, to determine if your installation supports bonding, issue the command:
$ grep ifenslave /sbin/ifup
If this returns any matches, then your initscripts or sysconfig has support for bonding.
Tags: Bonding, initscripts, sysconfig
suhosin.simulation
Suhosin‘s features are all configured through the php.ini configuration file. For most users the Suhosin will work out of the box without any change to the default configuration needed.
If you fear that Suhosin breaks your application, you can activate Suhosin’s simulation mode with this flag. When Suhosin runs in simulation mode, violations are logged as usual, but nothing is blocked or removed from the request.
Type: Boolean
Default: Off
When you only use the Suhosin-Patch only the logging features are supported. When you only use the Suhosin-Extension you cannot use the predefined constants for configuration. This is due to the way php.ini constant support is implemented in PHP.
Tags: Simulation, Suhosin
