How To Unblock IP address from command line in CSF Firewall
In order Unblock IP address from CSF Firewall at command line you need to execute below mentioned commands.
Login into the server via shell access and go to the path of CSF firewall.
Edit the file csf.deny.
Remove the IP address from the list and save the file.
Once the IP address removed we need to restart the Firewall.
To Restart Firewall one need to execute below mentioned command.
The su Command
Upon typing the su command, the user is prompted for the root password and, after authentication, given a root shell prompt.
Once logged in via the su command, the user is the root user and has absolute administrative access to the system. In addition, once a user has attained root, it is possible in some cases for them to use the su command to change to any other user on the system without being prompted for a password.
Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.
One of the simplest ways to do this is to add users to the special administrative group called wheel. To do this, type the following command as root:
In the previous command, replace with the username being added to the wheel group.
Next open the PAM configuration file for su, /etc/pam.d/su, in a text editor and remove the comment [#] from the following line:
auth required /lib/security/pam_wheel.so use_uid
Doing this will permit only members of the administrative group wheel to use the program.
The root user is part of the wheel group by default.
Using find Command for security check
The ‘find’ command is usually used to find filenames which have specific patterns. However, we can also use it to find the files modified/accessed within a specific time period.
For example we can find all files in /etc owned by root that have been modified within the last 2 days:
find /etc -user root -mtime -2
The options we can use here are:
-atime: when the file was last accessed
-ctime: when the file’s permissions were last changed
-mtime: when the file’s data was last modified
You may have noticed that we have a minus sign in front of ‘2′ in the last example. The ‘time’ options for the find command are expressed in 24-hour increments, and the sign in front of the number can indicate ‘less than’ or ‘greater than’. Thus ‘-2′ means we want to find files which were modified within the last two days. If we wanted to find files that were modified more than 2 days ago, we would need to put a plus sign in front of the 2:
find /etc -user root -mtime +2
There are also versions of the atime, ctime, and mtime arguments that measure time in minutes:
-amin: when (in minutes) the file was last accessed
-cmin: when (in minutes) the file’s permissions were last changed
-mmin: when (in minutes) the file’s data was last modified
To match -atime +1, a file has to have been accessed at least two days ago. More example in the find man pages.
How do I restrict the use of su command?
The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser. The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly.
You can SSH using a regular user account, then use the su command to obtain root access. This is true for any user that enters the su command and enters the root password. Root access means absolute access, thus, it is recommended that you limit the usernames that can use the su command and get root access.
We have a group called ‘wheel’ on the Linux system that we can utilize for this a special purpose. We can add usernames that you want to have su access to become a member of the wheel group and then restrict su so that only the members of the wheel group can use the su command.
Add a user with the id buddy to the wheel group:
Now we need to go to the directory /etc/pam.d
/etc/pam.d$ ls -l su
-rw-r–r– 1 root root 2303 May 26 19:53 su
Edit the PAM configuration file for su, /etc/pam.d/su, in a text editor and remove the comment (#) from the line shown below:
# auth required /lib/security/pam_wheel.so use_uid
So that is looks like this:
auth required /lib/security/pam_wheel.so use_uid
Doing this will permit only members of the group wheel to use the su command.
Below is the debian configuration file:
# The PAM configuration file for the Shadow `su’ service
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su’. You can also add “group=foo”
# to the end of this line if you want to use a group other
# than the default “root” (but this may have side effect of
# denying “root” user, unless she’s a member of “foo” or explicitly
# permitted earlier by e.g. “sufficient pam_rootok.so”).
# (Replaces the `SU_WHEEL_ONLY’ option from login.defs)
auth required pam_wheel.so
Understanding the dig command
dig will let you perform any valid DNS query, the most common of which are A (the IP address), TXT (text annotations), MX (mail exchanges), and NS nameservers.
The command dig is a tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.
This tool can be used from any Linux (Unix) or Macintosh OS X operating system. The most typical use of dig is to simply query a single host.
$ dig serverbuddies.com
; <> DiG 9.5.1-P3 <> serverbuddies.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39970
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;serverbuddies.com. IN A
;; ANSWER SECTION:
serverbuddies.com. 14043 IN A 67.228.43.85
A quick way to just get the answer only is to run the following command:
dig serverbuddies.com +short
Use the following command to get a list of all the mailservers for mt-example.com:
dig serverbuddies.com MX +noall +answer
Use the following command to get a list of authoritative DNS servers for mt-example.com:
dig serverbuddies.com NS +noall +answer
