Month: January 2020

create swap partition using swapfile

Akash Advanced Linux, Debian / Ubuntu, Misc, RHEL / CentOS, Server Configurations, shorty, SUSE/openSUSE, Uncategorized, Utils 
  1. On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
  2. Now the existing swap partition is created in lvm and there is no scope to increase the size


  3. To overcome this problem create a swapfile using dd command with permission 0600

  4. Change the file permission to 0600
  5. Set the file as swap area
  6. Test by enabling the swap on swapfile
  7. Make this boot persistent by adding the entry in fstab
  8. Always run mount -a command to check if any error in fstab file
  9. Now disable swap on /swapfile which we have enabled manually and check swap partitions


  10. Now check boot persistence by swapon command

ssh jailing with all commands

Akash Misc, Server Configurations, shorty, Utils

Steps for ssh jailing 

  1. Create a user for jailing environment and set password if user doesn't exist.

#useradd -m testuser
#passwd testuser 
  2. Create a Directory Structure for Secure environment.

( In our case we are creating secure environment in /home directory. You can change it according to requirement)
#cd /home
#mkdir -p secure/home
#cd /home/secure/home
#mkdir testuser
#chown testuser:testuser testuser


  3. Enable commands for the user in chrooted environment.

#cp -pr /bin /home/secure/
#cp -fr /lib /home/secure/
#cp -fr /lib64 /home/secure/
#mkdir /home/secure/usr
#cp -pr /usr/lib /home/secure/usr/
#cp -pr /usr/bin /home/secure/usr/
#mkdir -p /home/secure/etc/
#cp -p /etc/environment /home/secure/etc/ 
  4. Configuration for jailing.

Edit the file sshd_config
#vi /etc/ssh/sshd_config

  #SSH JAILING                     
  Match User testuser
  chrootdirectory /home/secure
  #ForceCommand internal-sftp   (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed )


  5. # service sshd reload 


  6. After logging in from another server /home/secure will become your / partition over ssh connection.
           #ssh testuser@<ip>
Chroot Configuration for Group:

  1. Suppose there are multiple users which needs to be restricted using chroot. 
Then create a group chroot and add users to the group
 #groupadd chroot
 #usermod -aG chroot testuser

  2. change sshd config like given below
 #SSH JAILING                     
 Match Group chroot 
 chrootdirectory /home/secure 
   #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed ) # service sshd reload 
  3. # service sshd reload 

Things to remember:
  1. The chroot directory should alway have root ownership and permission 755 
otherwise you will get below error
packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
 
  2. Don't forget to copy /etc/environment
otherwise you will get below error while changing shell to bash
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)