-
On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
-
Now the existing swap partition is created in lvm and there is no scope to increase the size
-
To overcome this problem create a swapfile using dd command with permission 0600
-
Change the file permission to 0600
-
Set the file as swap area
-
Test by enabling the swap on swapfile
-
Make this boot persistent by adding the entry in fstab
-
Always run mount -a command to check if any error in fstab file
-
Now disable swap on /swapfile which we have enabled manually and check swap partitions
-
Now check boot persistence by swapon command
Month: January 2020
ssh jailing with all commands
Steps for ssh jailing
-
Create a user for jailing environment and set password if user doesn't exist. #useradd -m testuser #passwd testuser
-
Create a Directory Structure for Secure environment. ( In our case we are creating secure environment in /home directory. You can change it according to requirement) #cd /home #mkdir -p secure/home #cd /home/secure/home #mkdir testuser #chown testuser:testuser testuser
-
Enable commands for the user in chrooted environment. #cp -pr /bin /home/secure/ #cp -fr /lib /home/secure/ #cp -fr /lib64 /home/secure/ #mkdir /home/secure/usr #cp -pr /usr/lib /home/secure/usr/ #cp -pr /usr/bin /home/secure/usr/ #mkdir -p /home/secure/etc/ #cp -p /etc/environment /home/secure/etc/
-
Configuration for jailing. Edit the file sshd_config #vi /etc/ssh/sshd_config #SSH JAILING Match User testuser chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed )
-
# service sshd reload
-
After logging in from another server /home/secure will become your / partition over ssh connection.
#ssh testuser@<ip>
Chroot Configuration for Group:
-
Suppose there are multiple users which needs to be restricted using chroot. Then create a group chroot and add users to the group #groupadd chroot #usermod -aG chroot testuser
-
change sshd config like given below #SSH JAILING Match Group chroot chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed ) # service sshd reload
-
# service sshd reload
Things to remember:
-
The chroot directory should alway have root ownership and permission 755 otherwise you will get below error packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
-
Don't forget to copy /etc/environment otherwise you will get below error while changing shell to bash bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)