In this article we will look on how to automatically chroot jail selected user ssh login based on the user group. This technique can be quite useful if you what your user to be provided with a limited system environment and at the same time keep them separate from your main system. You can also use this technique to create a simple ssh honeypot. In this tutorial you will learn how to create a basic chroot environment and how to configure your main system's sshd to automatically chroot jail selected users upon the ssh login.
Creating basic chroot environment
First we need to create a simple chroot environment. Our chroot environment will consist of a bash shell. To do this, first, we need to create a chroot directory:
# mkdir /var/chroot
In the next step, we need to copy the bash binary and its all shared library dependencies.
You can see the bash's shared library dependencies by executing the ldd command:
# ldd /bin/bash
linux-vdso.so.1 => (0x00007fff9a373000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f24d57af000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f24d55ab000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f24d51eb000)
Read more ...
As a system administrator or just a backup-conscious home user, sooner or later (usually sooner) you will have to deal with backups. Disasters do happen, ranging from electrical storms to drive failures, and one needs to be prepared. We cannot stress enough the importance of having copies of important data. While the whole concept of backup is too long for this article, we will focus on rsync for what's called incremental backups.
Incremental backups are based on the idea that, once you have a copy of the data you need to backup, consequent backups of the same data should be incremental, meaning that you only update the backup copy with the differences since the last operation occurred, not create another full copy. We will detail here a setup we have at home for backing up important data, but the examples here can be used at larger facilities. Once you get started, you will know what, where and when you need.
If you have a backup server that's up 24/7, you can create a cronjob to backup your data periodically. Since our example is home-based, we have a backup server, but since it's not up all the time, we will show you how to do it manually. rsync needs to be installed on both systems, and that's about it, no other setup chores must be performed, at least in simple cases. Please remember that you are not by all means tied to Linux or other Unix platform : rsync is available also for Windows. If you are worried about security, rsync is working over SSH and can be regarded as a secure replacement for
rcp (remote copy) command, so it's all good.
Read more ...
This article at is the logical continuation of our PXE article, because after reading this you will be able to network boot AND actually install the distribution of your choice. But there are other uses of creating your own repository. For example, bandwidth. If you manage a network and all the systems (or some) are running the same distribution, it's easier for you to just rsync in conjunction with a nearby mirror and serve updates yourself. Next, maybe you have some packages created by you that your distro won't accept in the main tree, but the users find them useful. Get a domain name, set up a webserver and there you go. We will not detail the setup of a webserver here, just basic installation tasks and the basic setup of a repository for Fedora or Debian systems. Hence you are expected to have the necessary hardware (the server and the necessary network equipment, depending on the situation) and some knowledge about Linux and webservers. So, let's start. NOTE:This article was moved from our previous domain linuxcareer.com.
Creating a repository on Fedora systems
Installing the tools
Fedora has a tool called createrepo which simplifies the task at hand. So, all we need to install is that and httpd as the webserver:
# yum install createrepo httpd
Setting up the repositories
Now, after setting up your webserver, we will assume that the root directory is ar /var/www. We have to create the necessary directories in an organized matter (feel free to adjust to taste if necessary or just follow the official layout):
# cd /var/www/html
# mkdir -p fedora/15/x86_64/base
# mkdir fedora/15/x86_64/updates
Read more ...
Red Hat, and their community effort, Fedora, are more or less enterprise-oriented. That being said, it's only natural they offer enterprise-specific tools that don't quite make sense on other desktop oriented operating systems. In the enterprise environment, where the system administrator has to manage lots of machines and installations, one tool that helps a lot is one that facilitates automated installations on several computers, using the same options for each of them. Instead of installing each system separately, the administrator just boots the installation media, tells the system where to find the options for installation and comes back after an hour to check on the system. It's a tremendous advantage in terms of time and effort, especially when dealing with lots of systems. Just like HP-UX offers Ignite or OpenSUSE offers AutoYAST, Red Hat/Fedora offers Kickstart. You will learn what that is, how to get the best of it and how to use the newly created Kickstart file. We assume basic knowledge of Linux and we recommend you try this in a virtual machine first before going into production.
Beginning work with Kickstart
We want to make a few practical points before diving into the article, so you know what's available and how/when to use it. First of all, we assume you have a Fedora installation (or Red Hat, but we tested this on our Fedora 16 box), up-to-date and ready to use. You will see, if you look in root's home folder, that you have a file there called anaconda-ks.cfg. That's the Kickstart file generated by Anaconda when (or, better said, after) you installed your system. It contains your options like partitioning or package selection. We recommend you use your favorite text editor to browse it in order to get familiar with the syntax, which isn't complicated at all.
Second, Fedora offers an utility named system-config-kickstart, which is a small GUI program that takes you through each and every part of the install options and, after you're done, offers you the possibility to save the file to be used as you wish.
Now, it's obvious that, at least for starters, you'll be better off using this utility instead of manually writing ks files. However, there are some drawbacks. We usually recommend the use of the command-line, because it's bound to work without X, without local access (think about a long-distance connection with ssh - you wouldn't want to use X there), and, in the end, you will learn something new and cool that will help you a great deal when dealing with Red Hat-based systems. So, we recommend starting with the GUI and slowly migrating to a text editor and the Fedora documentation for writing your own Kickstart files. We'll focus on the latter approach for the rest of the article, for reasons exposed above, but we'll start with the GUI-generated ks.cfg and go from there.
Read more ...
If you think that you can do Linux System administration without cut command, then you are absolutely right. However, mastering this fairly simple command line tool will give you a great advantage when it comes to the efficiency of your work on a user as well administration level. To simply put, cut command is one of many text-filtering command line tools that Linux Operation System has to offer. It filters standard STDIN from another command or input file and sends the filtered output to STDOUT.
Frequently used options
Without too much talk let's start by introducing main and the most commonly used cut command line options.
- -b, --bytes=LIST
Cuts the input file using list of bytes specified by this option
- -c, --characters=LIST
Cuts the input file using list of characters specified by this option
- -f, --fields=LIST
Cuts the input file using list of field. The default field to be used TAB. The default behavior can be overwritten by use of -d option.
- -d, --delimiter=DELIMITER
Specifies a delimiter to by used as a field. As mentioned previously default field is TAB and this option overwrites this default behavior.
List in this case can consist of single or range of bytes, characters or fields. For example to display only second byte the list will include a single number 2 .
- 2 will display only second byte, character or field counted from 1
- 2-5 will display all bytes, characters or fields starting from second and finishing by 5th
- -3 will display all bytes, characters or fields before 4th
- 5- will produce all bytes, characters or fields starting with 5th
- 1,3,6 will display only 1st, 3rd and 6th byte, character or field
- 1,3- displays 1st and all bytes, characters or fields starting with 3th
Read more ...