Skip to main content

Posts

Showing posts from 2019

RHCSA Training Day - 2

RHCSA Training Day - 2

Introduction - Day -1

We will start this training on RHEL7.3 Normally there are 3 ways to interact with any OS- 1. GUI(graphical user interface) - In simple words we can say interacting with OS using mouse. This the same way you are interacting with Windows. 2. CLI(Command line interface) - In this way user can't use mouse because there we don't have any graphics(icons/buttons) so that you can double click and open the things and select etc. 3. API(Application programming interface) - Normal user don't this, it is specially for developers Here I'll talk about CLI, whatever things you do in GUI, 99% of them you can do from CLI as well. The beauty of CLI is that we can do the things very fastly and also it requires very limited/less resource(compute unit or we can say RAM/CPU etc..). Let's take an example how CLI is faster than GUI- Use case: Open 100 terminals - This task can be completed in two way (A) - GUI(Right Click on home screen and then select open terminal, same thi...

How to setup your own technical lab?

If you are doing some technical training and for practice depended on institute's lab. Then this post would be very much helpful for you. I've prepared two videos for this and both are available on my  you tube channel , I've explained each and every step in detail. Please check and feel free to comment and revert in case of issue and suggestions. PART -1 -  https://www.youtube.com/watch?v=9j4KvjHyzxc&t=96s PART -2 -  https://www.youtube.com/watch?v=T4ljH9dYfNY&t=68s Download ISO -  https://drive.google.com/uc?id=0B9ZGwX0D1ZA1UmJFWEYyamRMLTQ&export=download

Thank you All! I've a surprise for you :)

Many thanks to all of my followers and those who have commented on my posts, and/or replied to my comments. It means a lot. Everyone is so kind, helpful and welcoming, making this blogging journey even more amazing! It's so awesome to see my hobby grow into something even more amazing, Thank you so so much! hope this blog continues to grow!  I received so many request to start writing on Linux from basic so that they can learn Linux. The topics I covered in previous posts were only helpful for more than a years experienced Linux Administrator but not for the those who are new on Linux and planning to learn Linux. So on demand I am starting a series of posts and writing on Linux Administration but won't be able to give very much time on it due to some other priorities. I will try to post at least two posts in a week, requesting you to please practice and let me know if there are any issues/concerns. If you do so I guarantee that at the end of series you will be very...

AIDE(Advanced Intrusion Detection Environment)

Context:- IPS( Intrusion Prevention System ) - A mechanism which help us to prevent intrusions IDS( Intrusion Detection System ) - A mechanism which help us to detect intrusions. Here I will discuss about Intrusion Detection System for file system (files/directories). Normally we listen IDS/IPS this at network and firewall level but this post is for file system. There are some very critical and sensitive files and directories in our system, a small change in these type file may change the system functionality completely and also might compromised with security. Let's have some example. [root@localhost ~]# ll /etc/shadow ----------. 1 root root 1023 Jan 22 16:36 /etc/shadow [root@localhost ~]# ll /etc/passwd -rw-r--r--. 1 root root 1615 Jan 22 14:28 /etc/passwd If some how I have removed 'x'(password link to shadow file for root user)  from /etc/passwd file root user configuration, system won't ask for password when you try to access with root user, and if s...

LVM - Logical Volume Manager

This post will help you to know about below, What is the use of LVM? What is LVM? How to create LVM? How to do LVM resize? Why by default root partition is create using LVM? How to diagnosis and troubleshoot LVM issues? Let's suppose you have three hard disk of below size- Hard disk1 - 100GB Hard disk2 - 200GB  Few usage of LVM(use cases)? 1. Total available storage in your system is 300GB, and you have a requirement to store a file of size 250GB without split/cut. However total space is available in the system but you can't store that file because you don't have a single slot of 250GB. 2. Let's suppose you have a 250 GB file and want to store in your system, but 250GB space is not available in the system, so that you need to increase your partition size. 3. Let's suppose you have two partitions in your system /dev/sda1 and /dev/sda2, due to some requirement you want to reduce the size of /dev/sda2 and want to increase the size of /dev/sd...

Search files which have special permission.

If you want to search files which have some special permission. SUID or SGID [root@localhost rpm]# find /sbin/ -perm /6000 -ls 630385   12 -rwsr-xr-x   1 root     root        11224 Jul 19  2016 /sbin/pam_timestamp_check 630387   36 -rwsr-xr-x   1 root     root        36280 Jul 19  2016 /sbin/unix_chkpwd 1155906   40 -rws--x--x   1 root     root        40312 Jan 28  2014 /sbin/userhelper 1261593   12 -rwx--s--x   1 root     lock        11208 Jan 26  2014 /sbin/lockdev 1225816   12 -rwxr-sr-x   1 root     root        11224 Sep 12  2016 /sbin/netreport 1225821   12 -rwsr-xr-x   1 root     root        11288 Sep 12  2016 /sbin/u...

How to find a file in Linux/Unix?

If you forgot the path of file but know the file name, how to find? We can do this using  find  command- [root@localhost rpm]# find /etc -name passwd /etc/passwd /etc/pam.d/passwd [root@localhost rpm]# find /etc -name pass* /etc/openldap/certs/password /etc/passwd /etc/selinux/targeted/active/modules/100/passenger /etc/passwd- /etc/pam.d/passwd /etc/pam.d/password-auth-ac /etc/pam.d/password-auth [root@localhost rpm]#

How to check rpm integrity?

This post will help you to get answers of below questions- How to check rpm integrity? How to check rpm authenticity? How to check rpm digital signature? What is gpgcheck? Let's take an example of below rpm package and see, how to verify if it is a genuine package? [root@localhost tmp]# ls -l vsftpd-2.2.2-11.el6.x86_64.rpm -r--r--r--. 1 root root 154392 Jan 27 10:27 vsftpd-2.2.2-11.el6.x86_64.rpm [root@localhost tmp]# There are multiple way to verify. 1. Verify using rpm [root@localhost tmp]# rpm -q vsftpd package vsftpd is not installed [root@localhost tmp]# [root@localhost tmp]# rpm -K vsftpd-2.2.2-11.el6.x86_64.rpm vsftpd-2.2.2-11.el6.x86_64.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#fd431d51) [root@localhost tmp]# If you want to see more details then use below options [root@localhost tmp]# rpm -vvK vsftpd-2.2.2-11.el6.x86_64.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/...

How to make a file immutable(read-only)

Assign Special attributes to a file using "chattr". If you want to restrict all the operation on a file except readonly including root user,  chattr can help to achieve this. [root@localhost rpm]# touch /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt -rw-r--r--. 1 root root 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# chgrp harry /tmp/my.txt [root@localhost rpm]# chown natasha /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt -rw-r--r--. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# chmod 000 /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt ----------. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# root user doesn't have any permission on /tmp/my.txt file, still it can do all the file operation on this file. [root@localhost rpm]# cat >> /tmp/my.txt root user added some data [root@localhost rpm]# cat /tmp/my.txt root user added some data [root@localhost rpm]# How to restrict root user so that...

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

What is SUID and how to set SUID in Linux/Unix?

# ls -l /etc/shadow ---------- 1 root root 5218 Oct   8 08:42 /etc/shadow This is one of the most critical file in any Linux system in which user passwords are being stored. Please have a look on permission part, you can see that permission section is empty that means none of user can do any operation(read/write/execute) on this file, but as root is absolute(super) user in Linux/Unix systems so it can perform file operations. If I am root user I can read this file but if I run same command or program(every command is a program in background) with normal user I can't read this file- [root@localhost ~]# whoami root [root@localhost ~]# tail -n 2 /etc/shadow tcpdump:!!:17868:::::: suid:!!:17918:0:99999:7::: [root@localhost ~]# su - suid [suid@localhost ~]$ whoami suid [suid@localhost ~]$ tail -n 2 /etc/shadow tail: cannot open `/etc/shadow' for reading: Permission denied [suid@localhost ~]$ It is a small myth that user only decide if he can access a part...