Any UNIX process, by default, will have three file I/O streams open. Each opened file of the UNIX process is denoted with a number called file number. The default opened three files streams are called stdin, stdout and sterr. Their file numbers are 0, 1 and 2 respectively. Of these stdin stands for standard input and meant for reading input from user or from another file. The stdout stands for standard output and any messages printed by the process get written to this file. Typically this file is console, so the user can use the messages printed by the process. More >
It is better to scan the server once to detect any unwanted services. It helps in harden the security of the server and minimizes security threats. Linux provides a command nc command to scan the open ports on a host. Typically it comes with default installation. If not, you can use following command to install it.
yum -y install nc
To scan a host with IP address “172.16.5.20″ for ports ranging from 1 to 1023, use the following command.
[neo@techpulp ~]# nc -z 172.16.5.20 1-1023 Connection to 172.16.5.20 80 port [tcp/http] succeeded! Connection to 172.16.5.20 443 port [tcp/ssh] succeeded! Connection to 172.16.5.20 904 More >
It is always advised to disable unnecessary network services running in the system to increase security. Otherwise it poses unwanted threats.
To find all open TCP ports:
[root@techpulp ~]# netstat -ntl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN [root@techpulp ~]#
To find all open UDP ports:
[root@techpulp ~]# netstat -nul Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* [root@techpulp ~]#
You can also use “nc” command to scan open ports in More >
It is always advisable to restrict the server access to those who really need them and use them regularly. The OpenSSH provides a configuration file “/etc/ssh/sshd_config“ in which one can specify user or group restrictions. The OpenSSH provides two types of directives to control access to users. They are “DenyUsers” and “AllowUsers”. As their names suggest they are exactly opposite to each other. Each of these directives should be followed by a list of user name patterns, separated by spaces. The syntax of these directives is as below:
DenyUsers PATTERNS AllowUsers PATTERNS
Similarly for controlling the access to specific user groups, OpenSSH provides More >
There is command called “tac” that does exactly opposite to what “cat” command does. The “tac” command concatenates and prints all files in reverse order. The following example shows how tac command behaves.
[neo@techpulp ~]# cat data.txt line 1 line 2 line 3 line 4 line 5 [neo@techpulp ~]#
Let us use “tac” command to reverse all lines:
[neo@techpulp ~]# tac data.txt line 5 line 4 line 3 line 2 line 1 [neo@techpulp ~]#
If the previous installation attempt is terminated abruptly or failed due to unexpected error, the rpm tool fails to remove database locks. Then on, attempt of a new rpm installation fails due to the stale database locks.
In the worst case scenario, rpm command misbehaves like hangs, segmentation faults. In all these cases, you should first manually remove any stale locks present in “/var/lib/rpm” directory.
[root@techpulp ~]# rm -f /var/lib/rpm/__db*
If you still face the same problem, your rpm database is corrupted and it is time to rebuild or repair your database. However beforeyou attempts to rebuild the database, you must first take More >
Here is a cool way of mounting file system from the remote SSH server in the local system. The user space file system implementation “Fuse” makes it possible.
You need to install package “sshfs” in your system as shown below.
[root@techpulp ~]# yum -y install sshfs fedora | 2.8 kB 00:00 updates | 3.4 kB 00:01 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package fuse-sshfs.i386 0:2.2-5.fc10 set to be updated --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================== Package Arch Version Repository Size ====================================================================================================== Installing: fuse-sshfs i386 2.2-5.fc10 updates 49 k Transaction Summary ====================================================================================================== Install More >
If your web server is not hosted using a dedicated IP address and doesn’t have a security certificate, it is implicit that you can’t host HTTPS service. In such cases, it is always better to disable HTTPS service so that there won’t be any unwanted service running in the server.
Use the following command to find if Apache is listening on HTTPS port.
[root@techpulp ~]# netstat -ntl | grep 43 tcp 0 0 :::443 :::* LISTEN [root@techpulp ~]#
To disable Apache from enabling HTTPS service, you need to comment the following line in /etc/httpd/conf.d/ssl.conf file.
You need to restart the service to make the More >
This was a weird problem that I faced when I installed Fedora 12 on my Intel 2140 Dual Core pc. The installtion went fine and Linux was working properly. But I discovered that Linux did not actually detect second CPU core when I examined /proc/cpuinfo. Earler I had used Fedora 10 which detected both the cores properly and worked well.
After doing some googling in the Internet, I found that Fedora 12 had disabled SMP mode during boot up and the problem can be rectified by placing “noapic acpi=off” in the Linux kernel command line options. Hmm.. The solution did work. More >
Typically organizations implement periodic password expire policy to harden the security. If you want to know when your password is going to expire by yourself, the command “chage” can give you the information. This command is actually meant for super user (root user). However a normal will be able to retrieve information about himself if not about other users.
Use the following command to information about your password.
[neo@techpulp ~]# chage -l neo Last password change : Jun 20, 2010 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum More >