Archive for the tag 'linux'

Password Aging under Red Hat Enterprise Linux

Password aging is another technique used by system administrators to defend against bad passwords within an organization. Password aging means that after a specified period (usually 90 days), the user is prompted to create a new password. The theory behind this is that if a user is forced to change his password periodically, a cracked password is only useful to an intruder for a limited amount of time. The downside to password aging, however, is that users are more likely to write their passwords down.

There are two primary programs used to specify password aging under Red Hat Enterprise Linux: the chage command or the graphical User Manager (system-config-users) application. The -M option of the chage command specifies the maximum number of days the password is valid. For example, to set a user’s password to expire in 90 days, use the following command:

chage -M 90 [username]

In the above command, replace with the name of the user. To disable password expiration, it is traditional to use a value of 99999 after the -M option (this equates to a little over 273 years). You can also use the chage command in interactive mode to modify multiple password aging and account details. Use the following command to enter interactive mode:

chage [username]

The following is a sample interactive session using this command:

[root@buddy ~]# chage buddy

How to find open sockets on your Linux server

Here we will look into lsof - list open file, and Nmap (“Network Mapper”)

Nmap is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

There are a number of methods that you can use to show open sockets at least:

lsof -U will list open sockets

nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports

$ sudo nmap -sT -sU localhost

Starting Nmap 4.68 ( http://nmap.org ) at 2010-11-15 06:54 IST
Interesting ports on localhost (127.0.0.1):
Not shown: 3201 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 4.003 seconds

netstat -a | grep LISTEN will show all listening sockets.

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS
TCP SYN scan
-O
Enable Operating System detection

SBDavid

IPV6 Network Configuration in Linux

IPV6 Network Configuration in Linux

Add nameserver to resolv.config

vi /etc/resolv.conf

Add line for ipv6 nameserver

nameserver 1407:f800::113:23:133:101

vi /etc/sysconfig/network

Add a line at the bottom

NETWORKING_IPV6=”yes”

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Add lines at the bottom

IPV6INIT=yes
IPV6ADDR=
IPV6_DEFAULTGW=

Example:

IPV6INIT=yes
IPV6ADDR=2407:f800:101::2
IPV6_DEFAULTGW=2407:f800:101::1

Restart network services:

service network restart

How to upgrade Mysql on Plesk with CentOS Linux

The procedure for upgrade of Mysql is quite simple.

wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh

How to upgrade:

yum –enablerepo=atomic-testing upgrade mysql

–enablerepo=repoidglob
Enables specific repositories by id or glob that have been disabled in the configuration file using the enabled=0 option.

To upgrade php run ‘yum upgrade php

With the above methods mysql will be upgraded to latest release.

SBDavid

The Linux Kernel

When the kernel loads, it immediately initializes and configures the computer’s memory. Next it configures the various hardware attached to the system, including all processors and I/O subsystems, as well as any storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers. Next it initializes file system-related virtual devices, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory it once occupied.

After the kernel has initialized all the devices on the system, it creates a root device, mounts the root partition read-only, and frees unused memory.

At this point, with the kernel loaded into memory and operational. However, with no user applications to give the user the ability to provide meaningful input to the system, not much can be done with it.

To set up the user environment, the kernel starts the /sbin/init command.

« Prev - Next »