create swap partition using swapfile

  1. On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
  2. Now the existing swap partition is created in lvm and there is no scope to increase the size
    
    
  3. To overcome this problem create a swapfile using dd command with permission 0600
    
  4. Change the file permission to 0600
  5. Set the file as swap area
  6. Test by enabling the swap on swapfile
  7. Make this boot persistent by adding the entry in fstab
  8. Always run mount -a command to check if any error in fstab file
  9. Now disable swap on /swapfile which we have enabled manually and check swap partitions
    
    
  10. Now check boot persistence by swapon command 

ssh jailing with all commands

Steps for ssh jailing

  1. Create a user for jailing environment and set password if user doesn't exist.
    
    #useradd -m testuser
    #passwd testuser 
  2. Create a Directory Structure for Secure environment.
    
    ( In our case we are creating secure environment in /home directory. You can change it according to requirement)
    #cd /home
    #mkdir -p secure/home
    #cd /home/secure/home
    #mkdir testuser
    #chown testuser:testuser testuser
    
    
  3. Enable commands for the user in chrooted environment.
    
    #cp -pr /bin /home/secure/
    #cp -fr /lib /home/secure/
    #cp -fr /lib64 /home/secure/
    #mkdir /home/secure/usr
    #cp -pr /usr/lib /home/secure/usr/
    #cp -pr /usr/bin /home/secure/usr/
    #mkdir -p /home/secure/etc/
    #cp -p /etc/environment /home/secure/etc/ 
  4. Configuration for jailing.
    
    Edit the file sshd_config
    #vi /etc/ssh/sshd_config
    
      #SSH JAILING                     
      Match User testuser
      chrootdirectory /home/secure
      #ForceCommand internal-sftp   (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed )
    
    
  5. # service sshd reload 
    
    
  6. After logging in from another server /home/secure will become your / partition over ssh connection.
           #ssh testuser@<ip>
Chroot Configuration for Group:
  1. Suppose there are multiple users which needs to be restricted using chroot. 
    Then create a group chroot and add users to the group
     #groupadd chroot
     #usermod -aG chroot testuser
    
  2. change sshd config like given below
     #SSH JAILING                     
     Match Group chroot 
     chrootdirectory /home/secure 
       #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed ) # service sshd reload 
  3. # service sshd reload 

Things to remember:
  1. The chroot directory should alway have root ownership and permission 755 
    otherwise you will get below error
    packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
     
  2. Don't forget to copy /etc/environment
    otherwise you will get below error while changing shell to bash
    bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)

					

Enabling usb wifi on CentOS 7

Enabling usb wifi  on Centos is really a difficult job. most of the times it requires drivers compilation and adding /removing modules which may be time consuming.

Its better to upgrade kernel to the latest release

To upgrade the kernel without kernel compilation follow below steps

Step 1: Install elrepo to your CentOS 7 system

# rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

# rpm -ivh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

# yum –enablerepo=elrepo-kernel list available |grep kernel

# yum –enablerepo=elrepo-kernel install kernel-ml*  (select kernel-ml as they are the stable release kernels)

# grub2-set-default “CentOS Linux (4.18.1-1.el7.elrepo.x86_64) 7 (Core)”

reboot your system and configure network to the wireless usb card.

 

Encrypting a shell script

Go to the link https://www.datsi.fi.upm.es/~frosal/sources/ and download latest stable source for shc
in this case the latest source is  shc-3.8.9b.tgz

#cd /usr/local 
#sudo wget  https://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9b.tgz
#sudo tar -zxvf shc-3.8.9b.tgz
#cd shc-3.8.9
#make
#make test
#make strings
#make expiration
#mkdir -p /usr/local/man/man1
#make install

now shc in installed on your system in /usr/local/bin

to encrypt the script

#shc -help gives the complete information about how we can use the package

shc -help
shc Version 3.8.9b, Generic Script Compiler
shc Copyright (c) 1994-2015 Francisco Rosales <frosal@fi.upm.es>
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

 -e %s Expiration date in dd/mm/yyyy format [none]
 -m %s Message to display upon expiration ["Please contact your provider"]
 -f %s File name of the script to compile
 -i %s Inline option for the shell interpreter i.e: -e
 -x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
 -l %s Last shell option i.e: --
 -r Relax security. Make a redistributable binary
 -v Verbose compilation
 -D Switch ON debug exec calls [OFF]
 -T Allow binary to be traceable [no]
 -C Display license and exit
 -A Display abstract and exit
 -h Display help and exit

 Environment variables used:
 Name Default Usage
 CC cc C compiler command
 CFLAGS <none> C compiler flags

 Please consult the shc(1) man page.


###### simple encryption ####
write a test script like below

#!/bin/bash 
echo Test Script

#shc -f test
This will create 2 files test.x (executable binary) and test.x.c(C source code) 

test.x is an executable file
test.x may or may not run on system depending upon kernel as it is non traceable

to overcome this problem we must compile our script as traceable and redistributable 
so that it can run on any system by any user.

#shc -Tf test (or you can write it in simple way shc -T -f test)

***** Encryption with expiration date and message *****

provide expiration date with -e in dd/mm/yyyy format and with -m type a message which you want to display after script expiration

#shc -e 01/01/2000 -m "This script expired.Contact your admin" -Tf test

Since the date is in past the encrypted script is already expired and after running ./test.x it will give message "This script expired.Contact your admin"

### The one more thing you can do with this is compile the C source code into the binary by below command.##

#gcc -o <binary-file-name> test.x.c

This will create c compiled binary file of your script. 
The only difference between the shc compiled binary and c compiled binary is shc compiled binary is stripped while the c compiled binary is not stripped. (non stripped binaries have debugging information built into it)
This is something different that you should try. 

create tar archive from the list of files

If you want to create tar file from the list (The list may contain files from different folders).

then use below command

#tar -zcvf  mytar.tar.gz -T list

This command will read list line by line and keep adding the file mentioned in list to the tar file 

How to Setup Wpad Auto Proxy to your network

The Web Proxy Auto-Discovery Protocol (WPAD) is a method used by clients to locate a URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete it can be executed to determine the proxy for a specified URL. The WPAD protocol only outlines the mechanism for discovering the location of this file.

Create a file wpad.dat with following contain :-

function FindProxyForURL(url, host) {
return "PROXY 192.168.100.1:3128; DIRECT";
}

 

For the another requirement like two proxy servers or one proxy  with one vpn servers like configuration please refer my this post.

How to install flash player plugin in mozilla firefox

Step 1
go to http://get.adobe.com/flashplayer/
select .tar.gz for other linux
and then click on download to download it

Step 2
open the terminal and go to the Downloads folder
extract the source by command
#tar -zxvf install_flash_player_some-version_linux_i386.tar.gz
a file libflashplayer.so will be extracted from source
copy that file to the mozilla plugins folder by following command
#sudo cp libflashplayer.so /usr/lib/mozilla/plugins

done.

 

ssmtp program to send emails

This is the program who sends email. it takes 8,192B of disk space after installation
its quit simple to use.

for that we have to edit /etc/ssmtp/ssmtp.conf like below
——————————————————————————-/etc/ssmtp/ssmtp.conf——————–
FromLineOverride=YES
root=your_username@your_domain
mailhub=smtp.your_domain.com:587
#$hostname=sysadmins —-> this line doesn’t affect after commenting
rewriteDomain=your_domain
AuthUser=your_username
AuthPass=your_password
FromLineOverride=YES
UseSTARTTLS=YES

—————————————————————————————————————————–

The normal command to send email via command line is
ssmtp recepient_name@gmail.com
To: recipient_name@gmail.com
From: username@gmail.com
Subject: Sent from a terminal!
Ctrl+D
——————————————————————————————————————————

script to send message using text file
—————————————————————————————————————————–
function welcome_mail
{
echo enter user name
read username
echo enter full name
read FULL_NAME

USER=$username
FULL_NAME=$FULLNAME
cat > /tmp/welcome-reciepent << welcome1
To: $USER@your_domain
From: System Administrator
Subject: Welcome! Please read the instructions

Hi $FULL_NAME,
Welcome , Please go through the instructions given below
welcome1

cat /file_path/instructions >> /tmp/welcome-reciepent

echo “Sending Welcome-mail”
ssmtp $USER@neuralit.com < /tmp/welcome-reciepent
echo “OK”
}

welcome_mail
———————————————————————————————————————————–
and the /file_path/instruction is a simple file in which instructions are written.
like this.

this is instruction1
this is instruction2
this is instruction3
this is instruction4
(Please don’t revert back. This is a system generated email)

merits: 1) simple to use and can be used to mail newly joined user.
2) the mail can be sent by using any mail account as the sender will not be shown (it will show the name we choose.)
3) user cant reply back as there is no emailid in sender

demerits : 1) we can not attach the file.(searching the solution)
2) we will have to install the software for it

Different sites through different ISP or VPN

Suppose I am running squid server with port 3218 and port 8080 is mapped with 3128 port of other squid server / VPN 

and I want the websites microsoft.com 411.com and tlo.com  and whatismyip.com shoud run through VPN then have to write a wpad.dat file like given below

function FindProxyForURL(url, host) {

if (dnsDomainIs(host, "tlo.com") ||
        shExpMatch(host, "(*.tlo.com|tlo.com)"))
        return "PROXY 192.168.100.1:8080";

if (dnsDomainIs(host, "www.411.com") ||
        shExpMatch(host, "(*.411.com|411.com)"))
        return "PROXY 192.168.100.1:8080";

if (dnsDomainIs(host, "www.microsoft.com") ||
        shExpMatch(host, "(*.microsoft.com|microsoft.com)"))
        return "PROXY 192.168.100.1:8080";



if (dnsDomainIs(host, "whatismyip.com") ||
        shExpMatch(host, "(*.whatismyip.com|whatismy.p.com)"))
        return "PROXY 192.168.100.1:8080";


else
return "PROXY 192.168.100.1:3128; DIRECT";      <-- This line can be replaced  by return "DIRECT";    if  the ip is bypassed

 }

 

 and in browser  for example in firefox  in network settings Automatic proxy Configuration url i hav to add the line http://IP web server where wpad file is kept >/wpad.dat