Very often you may develop or host online project with a private information sitting on your filesystem available only for authorized access only. Simple way to disable direct file download for know URLs is to use .htaccess file. Within your DocumentRoot create a directory to contain your data:
# mkdir data # cd data
Move your data across to this new directory and create a .htaccess file with the following content:
<FilesMatch ".*"> Order Allow,Deny Deny from All </FilesMatch>Read more...
How do I find and replace all string occurrences within entire text file using vim editor?
Answer Vi editor is based on ex the original ex editor written back in 1976. One of the features inherited from this editor is a way simply search and replace any string withing either single line, first occurrences or in entire text. Here are few examples: Replace a first occurrence of word vim for the word vi on the current line.
Substitute first occurrence on each line of the word vim for the word vi
Lastly, substitute every occurrence of the word vim for the word vim on all linesRead more...
How can I find all files and directories with write permission turned on? I need to perform a recursive search also for all subdirectories.
The best tool for this job is find command. Find command allows you to search files and directories based on their permissions and various other factors. For example to find files and directories which have writable permissions turned on for user, group and other use the following command:
$ find /bin/ -perm /222
The above will recursively search entire /bin/ directory. If for instance we need to search only for a files which have writable permissions turned on only for others we modify our find command as follows:
$ find /bin/ -perm /002Read more...
getenforcecommand. This command without any options or arguments will simply print a current status SELinux operational mode.
# getenforce Permissive
Furthermore, the current status of SELinux operational mode can be set permanently or temporarily. The above
getenforce command only show current status however to see whether the status was set temporarily by
setenforce or by SELinux configuration file
cat /etc/selinux/config the
sestatus command should be used.
# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29Read more...
setenforceor directly by editing SELinux configuration file.
disabled operational mode does not enforce any security rules or policies as it is simply disable and security checks are done only by traditional Discretionary Access Controls.
Permissive mode allows for testing new deployments as in effect it simply behaves like
disabled operational mode, however it logs any potentially denied access to a relevant log files thus allowing further testing and troubleshooting before the operational mode is switched to
enforcing. Lastly, the
enforcing mode all security policy rules a enforced. To change SELinux operaitonal mode from enforcing to permissive and vice versa use
setenforce command. Check current operational mode status:
# getenforce PermissiveRead more...
There may be a time that you wish to clear a Memory on your server. Normally you do not want to fiddle with it so do it only you are sure that it is necessary and that it would not affect your server's performance. For this we can use sysctl command which allows linux admins to configure kernel parameters at runtime.
This command will clear pagecache:
To clear dentries and inodes you can use:
To free memory of the all above use a following command:
What the above commands will do is that they will sync your memory and edit a following file with appropriate number entry. :
Do not edit this file directly !Read more...
At this point, we can say that using telnet as a means of accessing servers is effectively dead. It took awhile, but the security concerns associated with it were finally elevated to the point where everyone finally made the choice to move to SSH. Why did we stop there? SSH provides one of the most secure methods of accessing a system and its services that is available anywhere. In addition, as you will see in this article, it can be used to access services that are traditionally not secure and should really never be used without it. Let’s dive in.
If you have not installed wireless firmware to support your wireless network card during Debian wheezy installation you can do so later by enabling debian's non-free repository. Here is how you do it. First open your /etc/apt/sources.list file and change line ( your repository mirror may be different ):
deb http://http.debian.net/debian/ wheezy main
deb http://http.debian.net/debian/ wheezy main non-free
Once done update packages list with a command:
# apt-get updateRead more...
Debian by default comes with Iceweasel web browser instead of firefox. Although it is recommended to use Iceweasel you may have a need to install firefox are here is a simple way how to install firefox on Debian wheezy by using Linux mint's debian import repository. First edit your /etc/apt/sources.list file and add the following line:
deb http://packages.linuxmint.com debian import
Update your package list:
# apt-get update
The above command will fetch mint package repository list. As a last step install firefox browser:Read more...
We all ‘know’ what an IP address is and what it’s significance in the age of the internet is. What remains a mystery to a large number of people however (surprisingly even those in the technology industry) is exactly what an IP address is, in detail, and what the component parts represent and the significance of each. Today, we are going to define those components and talk a bit about each in an effort to make things a bit clearer as well as prepare you for the eventual (and inevitable) move to IPv6 (the subject of a series of later articles).