Thursday, December 25, 2014

sed command use in linux

"sed" Command in Linux:

sed is short for "stream editor" that allows you to filter and modifying text of any file.


Use of  "sed" command:

For examples first i'm creating here a file:

#cat > sample.txt
this is a package test file.
this is a script test file.

Press Ctrl+D after you finish entering the text.
 
Now read the file:

#cat sample.txt
this is a package test file.
this is a script test file.


Now, let's see the uses of "sed" command:

1. Replacing or substituting string:

"Sed" command is mostly used to replace the text in a file (sample.txt). The below simple "sed" command replaces the word "file" with "directory" in the file.

#sed 's/file/folder/' sample.txt
this is a package test directory.
this is a script test directory.

Here the "s" specifies the substitution operation. The "/" are delimiters. The "file" is the search pattern and the "directory" is the replacement string.

2. Replacing all the occurrence of the pattern in a line:

The substitute flag /g (global replacement) specifies the "sed" command to replace all the occurrences of the string in the line.

#sed 's/file/directory/g' sample.txt
this is a package test directory.
this is a script test directory.

3. Replacing the nth occurrence of a pattern in a line:

Use the /1, /2, /3 etc flags to replace the first, second, third occurrence of a pattern in a line. The below command replaces the second occurrence of the word "file" with "directory" in a line.

#sed 's/file/directory/2' sample.txt
this is a package test file.
this is a script test directory.

4. Duplicating the replaced line with /p flag:

The /p print flag prints the replaced line twice on the terminal. If a line does not have the search pattern and is not replaced, then the /p prints that line only once.

#sed 's/file/directory/p' sample.txt
this is a package test directory.
this is a script test directory.
this is a package test directory.
this is a script test directory.


Posted by at No comments:
Labels: , , ,

Wednesday, December 24, 2014

nagios installation and configuration in linux

                             NAGIOS

Nagios is an open software that can used for networkl monitoring and infrastructure monitoring.
Nagios wil monitoring servers, switches, applications, and services. it alerts the system administrator when something went wrong and also alert back when the issues has been rectified.

with the help of Nagios you can do the following things:
1. Detect security braches.
2. Know immediately when problem arise.
3. Identify problems before they occur.
4. Share availability data with stackholders, hypothetical question.
5. Reduce downtime and business losses.
6. Plan and budget for IT upgrades.
7. And most important that Monitor your entire IT infrastructure.

Installation of Nagios Server in RHEL:

Before installing Nagios make sure that you have a properly installed and configured LAMP stack in your server.

Run the following command as root user for installing required package:

      #yum install gd gd-devel gcc glibc-common

 Nagios will not be found in yum repositories, so let us add the EPEL repository to install Nagios.
Install Nagios with all plugins and nagios agents (nrpe-agent) using command:

               #yum install nagios

 If you got any error relating SELinux or IP tables then:
Add the following line in /etc/sysconfig/iptables
      
               #vim /etc/sysconfig/iptables
                -A INPUT -m state NEW -m tcp -p tcp --dport 80 -j ACCEPT
                 #service iptables restart

 Configuration of Nagios:

Add the Admin mail Address in the nagios contact file to receive alerts from nagios server. To do that edit file:

                 #vim /etc/nagios/objects/contacts.cfg
                  email          server.nagios@example.com
Save it.
                  #vim /etc/httpd/conf.d/nagios.conf
comment lines 15,16 and uncomment and change lines 17,18,19 :
                        #order allow,deny
                   #Allow for all
                   order deny,allow
                   Deny from all
                   Allow from 127.0.0.1  192.168.1.0/24 (network address)

 Save it.

 Set Nagios admin Password:

 Run the following command to set the password of nagios administrator:

                   #htpasswd /etc/nagios/passwd nagiosadmin
            New Password:
            Re-Type new Password:
            updating password for user nagiosadmin.

 start nagios and httpd services:
                    #service nagios restart
            #chkconfig nagios on

             #service httpd restart
            #chkconfig httpd on

How to access Nagios Admin Console:

 Open Nagios admin console with server ip.
              If server ip is 192.168.0.220 then open browser and go to:

              http://192.168.0.220/nagios

 and enter the username and password as administrator.
Posted by at No comments:
Labels: , ,

Tuesday, December 23, 2014

encrypt and decrypt files in linux

GnuPG:


GnuPG stands for GNU Privacy Guard. GnuPG is an open implementation of OpenPGP ( Pretty Good Privacy ) standard as defined in RFC 4880. it is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility.
Using GnuPG gpg command you can generate public and private keys. To encrypt and decrypt files with a password, use gpg command.

How to check Gnu PG Package On Linux:

Most Linux distributions today include GnuPG by default. To find out if this is the case, open a command prompt and type
                                            #gpg --version
If output is GnuPG x.y.z or some later version, then GnuPG package already installed.

How to install GnuPG on Linux:

use the following command to install GnuPg tool.
                                           #yum install gnupg

Encrypting a file in linux:

To encrypt a single file, use command gpg as follows:
                                     #gpg -c filename

For example:
To encrypt anshuamn.txt file, type the command:

                                     #gpg -c anshuman.txt
                     Enter passphrase:<Password For Encrypt the File>
                     Repeat passphrase:<Password For Encrypt The File>

if you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

Decrypt a file in linux:

To decrypt file use the gpg command as follow:
                                       #gpg <encrypt file name>

For example:
To decrypt anshuamn.txt.gpg file, type the command:

                                     #gpg -c anshuman.txt.gpg
                     gpg anshuman.txt.gpg
                     gpg: CAST5 encrypted data
                  Enter passphrase:<enter encrypt password for decrypt the file>

Decrypt file and write output to file linux.txt you can run command:
                                       #gpg anshuman.gpg –o linux.txt

Posted by at No comments:
Labels: , , ,

Monday, December 22, 2014

Nmap (network Mapper)

Nmap Commands for Linux:
The Nmap ( Network Mapper ) is an open source and a very versatile tool for Linux system/network administrators. It is a security tool for network exploration, security scanning and auditing.
Nmap security tool scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.
Significant effort has been put into decent nmap performance  for  non- root  users.   Unfortunately,  many critical kernel interfaces (such as raw sockets) require root privileges.  nmap should be run as root when-ever possible (not setuid root, of course).

The Nmap command syntax is:
                         # nmap [Scan Type(s)] [Options] {target specification}
How To install Nmap :
To install Nmap on distribution specific use the following command.
                        # yum install nmap
1. Scan using IP Address:
 #nmap 192.168.0.0/24
 Starting Nmap 5.21 ( http://nmap.org ) at 2014-09-18 11:44 EST
 Nmap scan report for 192.168.0.1
 Host is up (0.0043s latency).
 Not shown: 998 closed ports
 PORT STATE SERVICE
 80/tcp open http
 443/tcp open https

2. Scan using “-v” command:

# nmap -v 192.168.0.1
Starting Nmap 4.11 ( http://nmap.org/ ) at 2014-06-14 15:43 EST
Initiating ARP Ping Scan against 192.168.0.1 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.1) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.1
Discovered open port 80/tcp on 192.168.0.1
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.1) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.1):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind

Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
               Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)

3. Scan a whole Subnet:

[root@server1 ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://nmap.org ) at 2013-11-11 16:11 EST
Interesting ports on test1.example.com (192.168.0.1):
Not shown: 1677 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
851/tcp open  unknown
Interesting ports on test2.example.com (192.168.0.2):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root

4. Scan a Host to check its protected by Firewall:
To scan a host if it is protected by any packet filtering software or Firewalls.

[root@server1 ~]# nmap -PN 192.168.0.1
Starting Nmap 4.11 ( http://nmap.org ) at 2013-11-11 16:30 EST
Interesting ports on test2.tecmint.com (192.168.0.1):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind

Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds

5. Enable OS Detection with Nmap:

Use the option “-O” and “-osscan-guess” also helps to discover OS information.

[root@test1 ~]# nmap -O server2.tecmint.com
Starting Nmap 4.11 ( http://nmap.org ) at 2014-11-11 17:40 EST
Interesting ports on server2.tecmint.com (192.168.0.1):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
No exact OS matches for host (If you know what OS is running on it, see http://nmao.org).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)
TSeq(Class=TR%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OS
R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.221 days (since Mon Nov 11 12:22:16 2014)

Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds
You have new mail in /var/spool/mail/root


6. Find Nmap version:

[root@server1 ~]# nmap -V
Nmap version 4.11 ( http://nmap.org )
You have new mail in /var/spool/mail/root
Posted by at No comments:
Labels:

Sunday, December 21, 2014

linux file structure

Linux File Structure:

In the Linux file structure files are grouped according to purpose. The Linux system contains thousand of files located within many directories. All directories are organized in a tree-structure like manner.

  • The 'trunk' of the tree is the root directory.
  • The root directory is simply identified as a "/".
  • All other directories 'branch' off from the trunk.



/bin/

This is where all your programs that are accessible to all users will be stored once installed. If you search this directory, you will find that both ls and pwd reside here. The cd command is actually built into the shell we are using (bash), which is in this directory too.

/dev/

This is a virtual directory where your devices are 'stored.' Devfs allows Linux to list devices (hard drives, input devices, modems, sound cards, etc.) as 'files.' For instance, for a device that represents a hard drive, like /dev/sda, you can mount it to the filesystem to access it. On the other hand, if you have a file that represents a line printer like /dev/lpr, you can write directly to it to send the information to the printer.

/etc/

This is where you'll find all your global settings. Daemons such as ssh, telnet, and smtp/pop3 mail servers find their configuration files here. Also in /etc/ is the system's password file, group lists, user skeletons, and cron jobs.

/home/

This is the default directory where non-root users' homes are created. When you add a user, the default home directory is created as /home/username. You can change this default in the proper file in /etc/.

/lib/

This is where shared libraries (perl, python, C, etc.) are stored. Also in /lib/ are your kernel modules.

/mnt/

This is the default location for mounting cdroms, floppy disk drives, USB memory sticks, etc. You can mount anything anywhere, but by default there is a /mnt/floppy (if you have a floppy drive) and /mnt/cdrom.

/proc/

This virtual folder contains information about your system. You can view processor statistics/specifications, PCI bus information, ISA bus information, and pretty much anything else you want to know about the hardware on your system.

/root/

This is the home directory of the administrative user (called "root"). It functions exactly like the normal home directories, but is housed here instead.

/sbin/

This is where system programs are installed. These include fdisk, tools to make partitions, certain network tools, and other things that normal users shouldn't have a need for.

/tmp/

This is the default location to place files for temporary use. When you install a program, it uses /tmp/ to put files during installation that won't be needed once the program is installed.

/usr/

This contains various programs, non-daemon program settings and program resources.

/var/

This is where your log files, system mail messages and database of installed programs are stored.


At the time a new file is created, it gets a free inode. In that inode is the following information:
·         Owner and group owner of the file.
·         File type (regular, directory, ...)
·         Permissions on the file 
·         Date and time of creation, last read and change.
·         Date and time this information has been changed in the inode.
·         Number of links to this file (see later in this chapter).
·         File size
·         An address defining the actual location of the file data.



# ls -l
total 80
-rw-rw-r--   1 root   root   31744 Feb 21 17:56 intro.doc
-rw-rw-r--   1 root   root   41472 Feb 21 17:56 Linux.doc
drwxrwxr-x   2 root   root    4096 Feb 25 11:50 course



File types in a long list:







 


   

    Symbol


   

   Meaning


  


 


  

   -


  

 Regular
  file


 



  

   d


  

 Directory


 



  

   l


  

 Link


 



  

   c


  

 Special
  file


 



  

   s


  

 Socket


 



  

   p


  

 Named
  pipe


 



  

   b


  

 Block
  device
Posted by at No comments:
Labels: , ,

Saturday, December 20, 2014

how to works with SSH?

In my previous post we learnt about what is ssh? now in this post we know that how to works with ssh?
so lets start:

The key characteristics that makes a remote login program an efficient one is pointed out in the below list.

The first and the foremost is the privacy of the communication. This means the connection, which provides a remote shell login, must be encrypted to prevent eaver dropping.

There must be a mechanism to check whether the data send by either party is not altered, or tampered with. In short, integrity check is a must.
Identity of both the server and the client must be provided to each other, to establish a proper authentication.

there are some added features apart from the secure authentication and data encryption provided by ssh. Some of the well known features of SSH are mentioned below.

                          1.  SSH Tunneling
                          2. TCP port forwarding

When we discuss encryption and data security, there are two types of primarily used cryptographic systems:

1.    One is Public Key cryptography(or sometimes called as asymmetric cryptography)
2.     Secret key cryptography (or sometimes called as symmetric cryptography).

How Do SSH Keys Work?

An SSH server can authenticate clients using a variety of different methods. The most basic of these is password authentication, which is easy to use, but not the most secure.

SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. Each key pair consists of a public key and a private key.

The private key is retained by the client and should be kept absolutely secret. Any compromise of the private key will allow the attacker to log into servers but public key can be shared freely without any negative consequences. The public key is uploaded to a remote server that you want to be able to log into with SSH. The key is added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys.

When a client attempts to authenticate using SSH keys, the server can test the client on whether they are in possession of the private key. If the client can prove that it owns the private key, a shell session is active for client.

Working with SSH:

A connection is always initiated by the client to the server.
If the client is communicating with the server for the first time. The client will get a warning on his screen which will be something like the below.

[root@example.com ~]# ssh 192.168.0.254
The authenticity of host '192.168.0.254 (192.168.0.254)' can't be established.
RSA key fingerprint is c7:14:f4:85:5f:52:cb:f9:53:56:9d:b3:0c:1e:a3:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com' (RSA) to the list of known hosts.

it will prompt you for your password on the remote system. If the username that you specified exists and you type in the remote password for it correctly then the system should let you in. If it doesn't, try again and if it still fails, you might check with the administrator that you have an account on that machine and that your username and password is correct.

How to Create SSH Keys:

The command 'ssh-keygen -t dsa'.

[root@example.com ~]#ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/localuser/.ssh/id_dsa.
Your public key has been saved in /home/localuser/.ssh/id_dsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 localuser@example.com

It will prompt you for the location of the keyfile. Unless you have already created a keyfile in the default location, you can accept the default by pressing 'enter'.

Next it will ask you for a passphrase and ask you to confirm it. The idea behind what you should use for a passphrase is different from that of a password.

The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

How to Embed your Public Key when Creating your Server:

If you do not have the ssh-copy-id program available, then you must use this manual method for installing your ssh key on the remote host. Now copy your public key which is in ~/.ssh/id_dsa.pub to the remote machine.

[root@example.com ~]#scp ~/.ssh/id_dsa.pub 192.168.0.254@example.com:.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNqqi1mHL
nryb1FdbePrSZQdmXRZxGZbo0gTfglysq6KMNUNY2VhzmYN
9JYW39yNtjhVxqfW6ewc+eHiL+IRRM1P5ecDAaL3V0ou6ecSurU
+t9DR4114mzNJ5SqNxMgiJzbXdhR+j55GjfXdk0FyzxM3a5qpVcGZEXiAzG
zhHytUV51+YGnuLGaZ37nebh3UlYC+KJev4MYIVww0tWmY+9GniRSQlgLLUQZ+F
BUjaqhwqVqsHe4F/woW1IHe7mfm63GXyBavVc+llrEzRbMO111MogZUcoWDI9w7UIm
8ZOTnhJsk7jhJzG2GpSXZHmly/a/buFaaFnmf username@example.com

When you create your Droplet, the public SSH keys that you selected will be placed in the ~/.ssh/authorized_keys file of the root user's account. This will allow you to log into the server from the computer with your private key.

How To Copy a Public Key to your Server:

To use the utility, you simply need to specify the remote host that you would like to connect to and the user account that you have password SSH access to. This is the account where your public SSH key will be copied.

[root@example.com ~]#ssh-copy-id root@example.com
The authenticity of host '111.111.11.111 (111.111.11.111)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@111.111.11.111's password:

Type in the password (your typing will not be displayed for security purposes) and press ENTER. The utility will connect to the account on the remote host using the password you provided. It will then copy the contents of your ~/.ssh/id_rsa.pub key into a file in the remote account's home ~/.ssh directory called authorized_keys.
your id_rsa.pub key has been uploaded to the remote account. You can continue onto the next section.

For close the session of SSH:

 192.168.0.254@example.com# exit
logout
Connection to localhost closed.


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)