Live as if you were to die tomorrow. Learn as if you were to live forever.

Friday 9 October 2015

iptables in Linux


  • iptables is implemented at lowest level of kernel which is called as netfilters.
  • iptables does not operation on application layer
  • iptables helps to block some type of DDOS attacks
  • iptables is nothing but the collection of tables which are further divided into chains
  There are three types of iptables
  1. filter table
  2. nat table
  3. mangle table
 Syntax

#[root@server Desktop]# iptables -t <table_name> <commands> <target>

 1) Filter Table

The filter table is mainly used for packet filtering.

There are 3 types of chains in filter table
(i) INPUT chain
(ii) OUTPUT chain
(iii) FORWARD chain
 
2) NAT Table

This table is used only when a packets that creates a new connection. It is responsible for NAT(Network Address Translation).

There are 3 types of chains in nat table
(i) PREROUTING chain
(ii)POSTROUTING chain
(iii)OUTPUT chain

3) MANGLE Table

This table is used for specialized packets alteration.

There are 5 chains in mangle table
(i) INPUT chain
(ii) OUTPUT chain
(iii) FORWARD chain
(iv) PREROUTING chain
(v) POSTROUTING chain


Thursday 2 July 2015

Audit Policy Tracking in Linux

In some situations we need to monitor some files and wants to know when the files has been updated, which action has been take on the file and which user have made the changes on it.

To get such information we use audit policy tracking in linux.

Make sure that auditd service is running on the server.

If the daemon is not installed install it using below command

#yum install audit
#/etc/init.d/auditd start

Once you start the system fire the below command

#auditctl -w /etc/shadow -p rwxa -k shadowfile

Here,
auditctl : This command which is used to set the audit
w : Used to insert watch for file, here we are watching /etc/shadow file
p : set permission for file system watch (read, write, execute and watch)
k : Its used to set filter key on watch file. It is used while searching audit records

Once you done with above steps, you can use the below command to check who changed the file using below command

#ausearch -f /etc/shadow -i

Here,
f : Use this option along with file name
i : To make uid, pid in human readable form


Guys, Please comment if you have any query or feedback… J

Friday 13 March 2015

Examples of cron job


1.       Set a cron job that will be run at 4:30 am on the 1st and 15th of each month and should execute on every Friday.

30           4              1,15        *             5              command/script

2.       Set a cron job that will run at 1:30 on first day of every month

30           2              1              *             *             command/script

3.       Set a cron that will run at 18:45 on every Friday, but every 3rd month i.e every Fri in Jan, Apr,...

45           18           *             */3         5              command/script

4.       Explain the below cron job

23             0-23/2     *            *          *            command/Script

Above cron will run at 23 mins after midnight, 2 am, 4am, 6am…. everyday.

5.       Explain the blow cron job

5              4              *             *             sun         command/script
It will execute at 4:05am on every Sunday.

6.       Explain the blow cron job

20   1   *   *  *   find /tmp -atime +3 -exec  rm -i {} ';'

Run at 1:20 am each morning and removes all files in the /tmp dir that have not been accessed in 3 days.

7.       Explain below command

1        0       *       *     *                                                                                                            
\ cd /tmp; find . ! -name lost+found -type -d -mtime +3 -exec rm -f {} ';'

At one past midnight, everyday, remove all subdirectories of /tmp which have not been accessed from last 72 hrs but don’t remove the directory lost+found in /tmp.

8.       Where would you find the crontab file for user pramod?

/var/spool/cron/pramod is the crontab file for user pramod

9.       What command is used to modify the crontab?

crontab -e

10.   What command is used to modify the crontab for use pramod?
crontab -e -u pramod

11.   What command is used to list the crontab?
crontab -l

12.   What command is used to list the crontab of the user pramod?
crontab -l -u pramod

13.   What command is used to delete the crontab?
crontab -r

14.   What command is used to delete the crontab of the user pramod?
crontab -r -u pramod

15.   How would you prevent user pramod from creating his own personal crontab file ?

Add the entry of user in file /etc/cron.deny

Sunday 22 February 2015

Information about crontab in Linux

Crontab stands for corn table. Crontab is used to perform the specific task at given time. Using crontab we can schedule the job to run on particular time. Crontab runs the jobs in the background.

The three mains things in crontab server are

    1)      The crontab contains crond daemon
    2)      The /etc/init.d/crond contains the initscript to start or stop the crond server
    3)      The system crontab file is /etc/crontab

The crontab contains 6 fields

        *             *             *             *             *             script_name/command               
1              2              3            4              5                              6

column
Field
Allowed Values
1
Minute
0-59
2
Hour
0-23
3
Day of Month
1-31
4
Month
1-12 or Names
5
Day of Week
0-7(0 or 7 is Sunday) or Names
6
Script
Path of script or command

Time related fields contains

(i)                  *     which matches any value
(ii)                A single integer which matches exactly
(iii)               Two integers separated by dash (-) matches the range of value
Suppose, the value is 4-6 in hour field which match 4am, 5am and 6am
(iv)              A comma (,) separated by series of integers or ranges matches any listed value i.e. 3,5,7-9 matches 3am, 5am, 7am, 8am and 9am
(v)                */2 in hour field which means cron job execute at midnight, 2am, 4am and so forth. i.e. cron executes at after every 2 hours
(vi)              0-10/2 in hour field which means cron job executes at midnight, 2am, 4am, 6am, 8am and 10am

Note:    Any line that begins with # is the comment

Cron access Permissions

There are two important files for cron access

(i)                  cron.allow
(ii)                cron.deny  

(i)                  cron.allow: If this file is present then only users listed in it can use crontab and all other users are denid.

(ii)                cron.deny: If this file is present then only users listed in it cannot use the crontab and all other users are allowed and can use the crontab

Note:    If cron.deny or cron.allow is touched (created a blank file), then no users are allowed to create a crontab except root user.

Some other files in crontab are

/etc/cron.hourly             
/etc/cron.daily                                  run-parts script executes the scripts in 
/etc/cron.weekly                              these directory on hourly, daily, weekly and monthly basis.
/etc/cron.monthly

See the Examples of cron job.

Guys… Please comment if you have any query or feedback…. :)

Thursday 19 February 2015

Some important questions on users and groups




How to disable/lock the user with the help of command and using shadow file ?

Lock account using command

We can lock the user using usermod command with the help of L to lock option and U to unlock the account.

#usermod -L test
It will lock the user test

#usermod -U test
It will unlock the user test

Lock and Unlock account using file

#vi /etc/shadow

test:$6$xb7FL2gXeJ9VbVP1$dRbWMmySxrDR8Kb8VQCfIg9IYlf1h72I84/cjqAiy2gR.VcWZeia4J/RzZXEHYNCAsPq4xDBmlgLo31Qsi2aP/:16461:0:99999:7:::

change file as shown below
#vi /etc/shadow

test:!$6$xb7FL2gXeJ9VbVP1$dRbWMmySxrDR8Kb8VQCfIg9IYlf1h72I84/cjqAiy2gR.VcWZeia4J/RzZXEHYNCAsPq4xDBmlgLo31Qsi2aP/:16461:0:99999:7:::
:wq

In this way you can lock the user account with the help of file. In the same way you can unlock the account for that you have to remove the ! in second column.

How to remove the password of the user using command and using shadow file?

We can use passwd command with -d option to remove the password of the user.
#passwd -d test

Remove password using file

Open file /etc/shadow in vi editor and remove the second column
#vi /etc/shadow

test:$6$xb7FL2gXeJ9VbVP1$dRbWMmySxrDR8Kb8VQCfIg9IYlf1h72I84/cjqAiy2gR.VcWZeia4J/RzZXEHYNCAsPq4xDBmlgLo31Qsi2aP/:16461:0:99999:7:::

Change as shown below
#vi /etc/shadow

test::16461:0:99999:7:::
:wq

Here, we have just removed the second column. So the system will not prompt for password for that user.

How to change the login shell of the user?

You can use the usermod command to change the login shell of the user with the help of -s option

#usermod -s /sbin/nologin

We can also edit the /etc/passwd file and add /sbin/nologin instead of /bin/bash

How to check total number users in the system?

[root@server Desktop]# cat /etc/passwd  | wc -l
43

It will show the count of all the users in the system.

Use below command to see the users having login shell bash

[root@server Desktop]# cat /etc/passwd  | grep bash$
root:x:0:0:root:/root:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
test:x:500:500::/home/test:/bin/bash
dnyaneshwar:x:501:500::/home/dnyaneshwar:/bin/bash
pramod:x:502:500::/home/pramod:/bin/bash
vinod:x:503:500::/home/vinod:/bin/bash

Here, we have used grep command to check the bash shell. $ is used to check the bash word at the end of the line. So it will print all the lines which contains bash at end of each line.

Guys, Please comment if you have any query or feedback…. :)