Administration
How to start or stop or restart a service in Fedora/RHEL/Ubuntu/Debian Linux
Oct 11th
The following examples show how to start or stop or restart a service in different flavours of Linux. In all these examples, the service name “httpd” is used. You can replace it with name of the service you want to start or stop or restart.
Starting a serviceIn RHEL or Fedora:
[root@techpulp ~]# service httpd start
or
[root@techpulp ~]# /etc/init.d/httpd start
In Debian Linux:
[root@techpulp ~]# /etc/init.d/httpd start
In Ubuntu Linux:
[root@techpulp ~]# sudo /etc/init.d/httpd startStopping a service
In RHEL or Fedora:
[root@techpulp ~]# service httpd stop
or
[root@techpulp ~]# /etc/init.d/httpd stop
In Debian Linux:
[root@techpulp ~]# /etc/init.d/httpd stop
In Ubuntu Linux:
[root@techpulp ~]# sudo /etc/init.d/httpd stopRestarting a service
In RHEL or Fedora:
[root@techpulp ~]# service httpd restart
or
[root@techpulp More >
How to change/set/reset MySQL root password using mysqladmin
Oct 10th
After installing MySQL service, administrator should set a reasonably strong password using mysqladmin utility. In MySQL, user name of administrator is “root”. To change/set/reset password, you need to run two commands. The following shows the syntax of the commands.
[root@techpulp ~]# mysqladmin -u root password NEWPASSWORD [root@techpulp ~]# mysqladmin -u root -h HOSTNAME password NEWPASSWORD
The following commands show example usage.
[root@techpulp ~]# mysqladmin -u root password y5FxEtrh [root@techpulp ~]# mysqladmin -u root -h localhost password y5FxEtrh
As the commands you executed are stored in history file (~/.bash_history), you can avoid it by running following command before running mysqladmin utility.
[neo@techpulp ~]# echo $HISTFILE /home/neo/.bash_history More >
How to scan a host for open ports in Linux
Sep 23rd
It is better to scan the server once to detect any unwanted services. It helps in harden the security of the server and minimizes security threats. Linux provides a command nc command to scan the open ports on a host. Typically it comes with default installation. If not, you can use following command to install it.
yum -y install nc
To scan a host with IP address “172.16.5.20″ for ports ranging from 1 to 1023, use the following command.
[neo@techpulp ~]# nc -z 172.16.5.20 1-1023 Connection to 172.16.5.20 80 port [tcp/http] succeeded! Connection to 172.16.5.20 443 port [tcp/ssh] succeeded! Connection to 172.16.5.20 904 More >
How to find open or listening TCP/UDP ports in Linux
Sep 22nd
It is always advised to disable unnecessary network services running in the system to increase security. Otherwise it poses unwanted threats.
To find all open TCP ports:
[root@techpulp ~]# netstat -ntl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN [root@techpulp ~]#
To find all open UDP ports:
[root@techpulp ~]# netstat -nul Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* [root@techpulp ~]#
You can also use “nc” command to scan open ports in More >
How to allow or deny SSH server access to certain users and groups
Sep 21st
It is always advisable to restrict the server access to those who really need them and use them regularly. The OpenSSH provides a configuration file “/etc/ssh/sshd_config“ in which one can specify user or group restrictions. The OpenSSH provides two types of directives to control access to users. They are “DenyUsers” and “AllowUsers”. As their names suggest they are exactly opposite to each other. Each of these directives should be followed by a list of user name patterns, separated by spaces. The syntax of these directives is as below:
DenyUsers PATTERNS AllowUsers PATTERNS
Similarly for controlling the access to specific user groups, OpenSSH provides More >
How to recover a corrupted RPM database
Sep 19th
If the previous installation attempt is terminated abruptly or failed due to unexpected error, the rpm tool fails to remove database locks. Then on, attempt of a new rpm installation fails due to the stale database locks.
In the worst case scenario, rpm command misbehaves like hangs, segmentation faults. In all these cases, you should first manually remove any stale locks present in “/var/lib/rpm” directory.
[root@techpulp ~]# rm -f /var/lib/rpm/__db*
If you still face the same problem, your rpm database is corrupted and it is time to rebuild or repair your database. However beforeyou attempts to rebuild the database, you must first take More >
How to mount file system using SSH in Linux
Sep 18th
Here is a cool way of mounting file system from the remote SSH server in the local system. The user space file system implementation “Fuse” makes it possible.
You need to install package “sshfs” in your system as shown below.
[root@techpulp ~]# yum -y install sshfs fedora | 2.8 kB 00:00 updates | 3.4 kB 00:01 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package fuse-sshfs.i386 0:2.2-5.fc10 set to be updated --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================== Package Arch Version Repository Size ====================================================================================================== Installing: fuse-sshfs i386 2.2-5.fc10 updates 49 k Transaction Summary ====================================================================================================== Install More >
How to disable HTTPS or SSL in Apache server
Sep 17th
If your web server is not hosted using a dedicated IP address and doesn’t have a security certificate, it is implicit that you can’t host HTTPS service. In such cases, it is always better to disable HTTPS service so that there won’t be any unwanted service running in the server.
Use the following command to find if Apache is listening on HTTPS port.
[root@techpulp ~]# netstat -ntl | grep 43 tcp 0 0 :::443 :::* LISTEN [root@techpulp ~]#
To disable Apache from enabling HTTPS service, you need to comment the following line in /etc/httpd/conf.d/ssl.conf file.
#Listen 443
You need to restart the service to make the More >
How to know when my password is going to expire in Linux
Sep 7th
Typically organizations implement periodic password expire policy to harden the security. If you want to know when your password is going to expire by yourself, the command “chage” can give you the information. This command is actually meant for super user (root user). However a normal will be able to retrieve information about himself if not about other users.
Use the following command to information about your password.
[neo@techpulp ~]# chage -l neo Last password change : Jun 20, 2010 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum More >
How to bind my mysql server to a specific IP address
Sep 6th
MySQL server contains a file my.cnf in /etc direcory of Linux. This file contains configuration of MySQL server as well as the configuration parameters of the MySQL client.
To make MySQL server listen on a specific IP address, you need to add a line similar to the following with IP address of your choice under mysqld section.
[root@techpulp ~]# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1 # To allow mysqld to connect to a MySQL Cluster management daemon, uncomment # these lines More >
Recent Comments