On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
Now the existing swap partition is created in lvm and there is no scope to increase the size
To overcome this problem create a swapfile using dd command with permission 0600
Change the file permission to 0600
Set the file as swap area
Test by enabling the swap on swapfile
Make this boot persistent by adding the entry in fstab
Always run mount -a command to check if any error in fstab file
Now disable swap on /swapfile which we have enabled manually and check swap partitions
Now check boot persistence by swapon command
Steps for ssh jailing
Create a user for jailing environment and set password if user doesn't exist. #useradd -m testuser #passwd testuser
Create a Directory Structure for Secure environment. ( In our case we are creating secure environment in /home directory. You can change it according to requirement) #cd /home #mkdir -p secure/home #cd /home/secure/home #mkdir testuser #chown testuser:testuser testuser
Enable commands for the user in chrooted environment. #cp -pr /bin /home/secure/ #cp -fr /lib /home/secure/ #cp -fr /lib64 /home/secure/ #mkdir /home/secure/usr #cp -pr /usr/lib /home/secure/usr/ #cp -pr /usr/bin /home/secure/usr/ #mkdir -p /home/secure/etc/ #cp -p /etc/environment /home/secure/etc/
Configuration for jailing. Edit the file sshd_config #vi /etc/ssh/sshd_config #SSH JAILING Match User testuser chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed )
# service sshd reload
After logging in from another server /home/secure will become your / partition over ssh connection.
Chroot Configuration for Group:
Suppose there are multiple users which needs to be restricted using chroot. Then create a group chroot and add users to the group #groupadd chroot #usermod -aG chroot testuser
change sshd config like given below #SSH JAILING Match Group chroot chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed ) # service sshd reload
# service sshd reload
Things to remember:
The chroot directory should alway have root ownership and permission 755 otherwise you will get below error packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
Don't forget to copy /etc/environment otherwise you will get below error while changing shell to bash bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
1) Find out the wireless device name.
2) check wireless device status up or down
#ip link show wlan0
3) scan wireless networks
#iw wlan0 scan
Now to configure and connect wireless without GUI we will require package wpa_supplicant-0.7.3-9.el6.i686
4) Create a configuration file
#wpa_passphrase >> /etc/wpa_supplicant/wpa_supplicant.conf
5) To start the device through command line
#wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
where -B means run wpa_supplicant in the background.
-D specifies the wireless driver. wext is the generic driver.
-c specifies the path for the configuration file.
put above command in /etc/rc.local so that after booting it will automatically connect to wireless device.
rc.local is deprecated in debian 9 by default
To enable it
- create file /etc/systemd/system/multi-user.target.wants/rc.local.service
2. #systemctl daemon-reload
3. #systemcl restart rc.local.service
Hi, To create a chat server without ldap and mysql for small organization follow the steps below ( same procedure will be for CentOS but you have to install ejabberd using yum) (Prerequisites : A DNS must be configured for server otherwise you will have to use IP instead of doamin name for configuration) Install the ejabberd package on server # apt-get install ejabberd
Check the service is running or not to register a admin user
Create admin user by typing below command #ejabberdctl register admin localhost passwordforadminuser
Edit /etc/ejabberd/ejabberd.yml file for admin user access and domain for which we are creating service
Edit default entry like given below
Add host like given below Register admin user as admin for domain
Go to the browser and open the admin panel https://<your ip or domain >:5280/admin and login as user admin@localhost
Console will be like given below. click on Virtual Hosts
Select domain (in my case its geekonline.in) by clicking it.
Click on users to create / edit users
Add users like given below
Configure pidgin as below
Enabling usb wifi on Centos is really a difficult job. most of the times it requires drivers compilation and adding /removing modules which may be time consuming.
Its better to upgrade kernel to the latest release
To upgrade the kernel without kernel compilation follow below steps
Step 1: Install elrepo to your CentOS 7 system
# rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -ivh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# yum –enablerepo=elrepo-kernel list available |grep kernel
# yum –enablerepo=elrepo-kernel install kernel-ml* (select kernel-ml as they are the stable release kernels)
# grub2-set-default “CentOS Linux (4.18.1-1.el7.elrepo.x86_64) 7 (Core)”
reboot your system and configure network to the wireless usb card.
For mounting Google Drive on your server. you will require two things.
A project created and configured with OAuth client id and scecret on Google
google-drive-ocamlfuse installed and configured
Create Project 1. go to https://console.developers.google.com/apis/dashboard and create new project Click on create credentials Select OAuth Client ID Click on configure Consent Screen Provide email address and product name To Create Client ID select others and provide Name and click on create It will give you OAuth Client ID and Secret. Please note it down and keep safe. Installation of google-drive-ocamlfuse On debian 9 1. First install the required packages
apt-get install libcurl4-gnutls-dev libfuse-dev libgmp-dev libsqlite3-dev camlp4-extra debianutils libcurl4-gnutls-dev perl m4 pkg-config zlib1g-dev 2. adduser <user> fuse ( adding user to group fuse usrmod also works) 3. Set the Permissions #sudo chown root.fuse /dev/fuse #sudo chmod 660 /dev/fuse 4. Install Google Drive Ocamlfuse # su <user> # opam init # opam update # opam install depext # eval `opam config env` # opam depext google-drive-ocamlfuse # opam install google-drive-ocamlfuse # . /home/*user*/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true #/home/user/.opam/system/bin/google-drive-ocamlfuse -headless -label googledrive -id <OAuth Client ID> -secret <OAuth Client Secret> It will give you one url ask you to visit that url and get the code from the webpage and provide it Open that url in browser and copy paste the verification code to termianl create mount point # mkdir /mnt/Google-drive # /home/user/.opam/system/bin/google-drive-ocamlfuse -label googledrive /mnt/Google-drive/ Above command will enable that mount only for the user and not others not even root To enable mount point for user root edit file /etc/fuse.conf and uncomment below line #user_allow_other Then run below command #sudo -u user /home/user/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/ > /var/log/gdrive_mount.log 2>&1 & Add below line (/etc/rc.local) sudo -u user /home/user/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/ 2>$1 & Thus only user and root will be able to use mounted drive.
By implementing this setting in AWStats you can track the Geo location of visitor of your website. Follow the procedure to implement the settings #mkdir /usr/local/share/GeoIP #cd /tmp wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz #gunzip GeoIP.dat.gz mv GeoIP.dat /usr/share/GeoIP #wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz or or or #yum install mod_geoip #yum install geoipdate #yum install geoip-devel Now Edit the file configuration file for your website in /etc/awstats and search below lines #LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /pathto/GeoIPCity.dat" #LoadPlugin="geoip GEOIP_STANDARD /pathto/GeoIP.dat" and change to GeoIPCity.dat LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat" LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /usr/share/GeoIP/" It may give you error like below To Fix this error run below commands #yum install perl-CPAN #cpan YAML #cpan Geo::IP::PurePerl Geo::IP #ldconfig -v
First install epel repository #yum install epel-release Install shellinabox by below command #yum install shellinabox The shellinabox config file is located in /etc/default/shellinabox file by default in Debian/Ubuntu systems. In RHEL/CentOS/Fedora, the default location of config file is /etc/sysconfig/shellinaboxd. To change web terminal color scheme to white on black follow the following steps #vim /etc/sysconfig/shellinaboxd comment below line OPTS="--disable-ssl-menu -s /:LOGIN" uncomment below line OPTS="--user-css Normal:+black-on-white.css,Reverse:-white-on-black.css --disable-ssl-menu -s /:LOGIN" This enables right change in profile on right click on browser. restart the service note* sometimes the white-on-black.css is not installed. then service will not restart/start and will give error workaround : cd /usr/share/shellinabox/ #cp black-on-white.css white-on-black.css #sed -i s/ffffff/111111/g white-on-black.css #sed -i s/000000/ffffff/g white-on-black.css #sed -i s/111111/000000/g white-on-black.css now restart the service. (you can change colours by changing the hex colour code in css.) now for web terminal open a link https://ip-address:4200 (default port is 4200 you can change it to any by editing config file i.e. /etc/sysconfig/shellinaboxd)
Go to the link https://www.datsi.fi.upm.es/~frosal/sources/ and download latest stable source for shc in this case the latest source is shc-3.8.9b.tgz #cd /usr/local #sudo wget https://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9b.tgz #sudo tar -zxvf shc-3.8.9b.tgz #cd shc-3.8.9 #make #make test #make strings #make expiration #mkdir -p /usr/local/man/man1 #make install now shc in installed on your system in /usr/local/bin to encrypt the script #shc -help gives the complete information about how we can use the package shc -help shc Version 3.8.9b, Generic Script Compiler shc Copyright (c) 1994-2015 Francisco Rosales <email@example.com> shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script -e %s Expiration date in dd/mm/yyyy format [none] -m %s Message to display upon expiration ["Please contact your provider"] -f %s File name of the script to compile -i %s Inline option for the shell interpreter i.e: -e -x %s eXec command, as a printf format i.e: exec('%s',@ARGV); -l %s Last shell option i.e: -- -r Relax security. Make a redistributable binary -v Verbose compilation -D Switch ON debug exec calls [OFF] -T Allow binary to be traceable [no] -C Display license and exit -A Display abstract and exit -h Display help and exit Environment variables used: Name Default Usage CC cc C compiler command CFLAGS <none> C compiler flags Please consult the shc(1) man page. ###### simple encryption #### write a test script like below #!/bin/bash echo Test Script #shc -f test This will create 2 files test.x (executable binary) and test.x.c(C source code) test.x is an executable file test.x may or may not run on system depending upon kernel as it is non traceable to overcome this problem we must compile our script as traceable and redistributable so that it can run on any system by any user. #shc -Tf test (or you can write it in simple way shc -T -f test) ***** Encryption with expiration date and message ***** provide expiration date with -e in dd/mm/yyyy format and with -m type a message which you want to display after script expiration #shc -e 01/01/2000 -m "This script expired.Contact your admin" -Tf test Since the date is in past the encrypted script is already expired and after running ./test.x it will give message "This script expired.Contact your admin" ### The one more thing you can do with this is compile the C source code into the binary by below command.## #gcc -o <binary-file-name> test.x.c This will create c compiled binary file of your script. The only difference between the shc compiled binary and c compiled binary is shc compiled binary is stripped while the c compiled binary is not stripped. (non stripped binaries have debugging information built into it) This is something different that you should try.