Skip to main content

Posts

Showing posts from January, 2019

How to check rpm integrity?

This post will help you to get answers of below questions- How to check rpm integrity? How to check rpm authenticity? How to check rpm digital signature? What is gpgcheck? Let's take an example of below rpm package and see, how to verify if it is a genuine package? [root@localhost tmp]# ls -l vsftpd-2.2.2-11.el6.x86_64.rpm -r--r--r--. 1 root root 154392 Jan 27 10:27 vsftpd-2.2.2-11.el6.x86_64.rpm [root@localhost tmp]# There are multiple way to verify. 1. Verify using rpm [root@localhost tmp]# rpm -q vsftpd package vsftpd is not installed [root@localhost tmp]# [root@localhost tmp]# rpm -K vsftpd-2.2.2-11.el6.x86_64.rpm vsftpd-2.2.2-11.el6.x86_64.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#fd431d51) [root@localhost tmp]# If you want to see more details then use below options [root@localhost tmp]# rpm -vvK vsftpd-2.2.2-11.el6.x86_64.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/...

How to make a file immutable(read-only)

Assign Special attributes to a file using "chattr". If you want to restrict all the operation on a file except readonly including root user,  chattr can help to achieve this. [root@localhost rpm]# touch /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt -rw-r--r--. 1 root root 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# chgrp harry /tmp/my.txt [root@localhost rpm]# chown natasha /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt -rw-r--r--. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# chmod 000 /tmp/my.txt [root@localhost rpm]# ll /tmp/my.txt ----------. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt [root@localhost rpm]# root user doesn't have any permission on /tmp/my.txt file, still it can do all the file operation on this file. [root@localhost rpm]# cat >> /tmp/my.txt root user added some data [root@localhost rpm]# cat /tmp/my.txt root user added some data [root@localhost rpm]# How to restrict root user so that...

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

What is SUID and how to set SUID in Linux/Unix?

# ls -l /etc/shadow ---------- 1 root root 5218 Oct   8 08:42 /etc/shadow This is one of the most critical file in any Linux system in which user passwords are being stored. Please have a look on permission part, you can see that permission section is empty that means none of user can do any operation(read/write/execute) on this file, but as root is absolute(super) user in Linux/Unix systems so it can perform file operations. If I am root user I can read this file but if I run same command or program(every command is a program in background) with normal user I can't read this file- [root@localhost ~]# whoami root [root@localhost ~]# tail -n 2 /etc/shadow tcpdump:!!:17868:::::: suid:!!:17918:0:99999:7::: [root@localhost ~]# su - suid [suid@localhost ~]$ whoami suid [suid@localhost ~]$ tail -n 2 /etc/shadow tail: cannot open `/etc/shadow' for reading: Permission denied [suid@localhost ~]$ It is a small myth that user only decide if he can access a part...

LUKS Encryption on RHEL6 and RHEL7

With the help of this post you will be able to fix below issue- How to configure LUKS encryption on a partition? How to setup LUKS on top of a logical volume? How to encrypt physical volumes with LUKS? How to encrypt a filesystem with LUKS? LUKS (Linux Unified Key Setup) is the standard for Linux Partitions(file system) encryption , I am not talking about hard disk. Normally we heard that encryption of hard disk using LUKS but the reality is that we can't save data in hard disk directly . Before saving data in hard disk we have to create some partitions after that only data can be stored in hard disk. To achieve this LUKS can help us to protect our data if somehow our hard disk has stolen. Below are the steps to setup LUKS- First of all find your hard disk which you want to protect. [root@localhost ~]# fdisk -cul In my case it is /dev/sdb hard disk, where empty space is available. Let's create /dev/sdb1 partition. [root@localhost ~]# fdisk -cu /de...