Linux.com

Community Blogs



Open Source Security Solutions

A report on the state of security has been released today by the Sans Internet Storm Center , the two main threats posed to an organisation are the threat of targetted "spear phishing" against Client Desktops and attacks against web applications.

Most here at Linux.com would be familiar with the threat of the malware against Windows Desktops, this report highlights the fact that other client applications are being targeted; Adobe Reader and Quicktime are good examples. Of course running Linux on your desktop lowers the risk of these attack vectors considerably.

Another area where Linux based open source solutions excel is in security vulnerability assessment tools. Use of these tools will help to find security vulnerabilities within your web server and web applications. Once the vulnerabilities are found they can be fixed or remediated.

Here are some tools to get you started:

Nmap for port scanning of your system(s). Shows you open ports on your server and holes in your firewall.
OpenVas for server vulnerability scanning of your servers. It checks for listening ports / services and then tries to confirm if services are vulnerable to exploitation using a db of thousands of vulnerabilities.
Nikto is web service scanner that does a thorough analysis of your web server. Looks for scripts and server misconfigurations that are a security threat.
SQLiX performs SQL Injection Testing that can find vulnerable web application applications. This is a popular attack vector for web application attacks.
OSSEC  is a Host based intrusion detection system that is easy to setup and use.

These tools are all high quality and just a sample of the powerful open source security tools that are available.

About the Author: Peter runs the popular online open source security tool scanning site http://www.hackertarget.com. Where various security scanning tools are made available for free to assist in the securing of internet based servers.
 

Replacing faulted drive on Linux software RAID (MDTOOLS)

Here's a very quick HOWTO for Linux Software RAID, these notes are maded for replacing a faulty disk with a new one.

When you've a software RAID configuration with linux you've planned to survive to hardware failures, when these failures happen you need to replace the faulty drive with a new one and inform your RAID configuration of it.

First take a look at your current RAID config by running the command:

~# cat /proc/mdstat
Personalities : [raid1]
  md1 : active raid1 sda2[2](F) sdb2[1]
     70645760 blocks [2/1] [_U]
  md0 : active raid1 sda1[0] sdb1[1]
     9767424 blocks [2/2] [UU]
  unused devices:

 

This shows raid md1 has drive sda2 stopped with a fault.
As my config shows I've two disks with software RAID1, sda2 is marked as faulty (letter F) and block device is not present in the RAID ("_" instead of "U"). First thing to do is to replace the drive, power off the machine if you don't have hotswap drives

Then you need to inform your configuration about the new drive, first remove your previous block device (from raid md1 in my case):

~# mdadm /dev/md1 -r /dev/sda2
mdadm: hot removed /dev/sda2

Then add your new partitioned block device:

~# mdadm /dev/md1 -a /dev/sda2
mdadm: re-added /dev/sda2


Now you will see it regenerate your RAID chain in mdstat:

~# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda2[2] sdb2[1]
70645760 blocks [2/1] [_U]
[>....................] recovery = 0.3% (268800/70645760) finish=21.8min speed=53760K/sec
md0 : active raid1 sda1[0] sdb1[1]
9767424 blocks [2/2] [UU]
unused devices:

When finished you'll have a working config

 

Hope it helps

Ben 

 

 

 

Instalando y configurando LAMP en Fedora

 LAMP Fedora

Ahora que ya tenemos nuestro servidor FTP funcionando, supongo que querréis algo más. ¿Tal vez, un servidor LAMP? Pues sí. Es lo que vamos a hacer. Instalaremos y configuraremos un servidor completo con httpd, mysqld y php. Pero antes, ¿qué es un servidor LAMP?

El acrónimo LAMP se refiere a un conjunto de subsistemas de software necesarios para alcanzar una solución global, en este caso configurar sitios web o Servidores dinámicos con un esfuerzo reducido.

En las tecnologías LAMP esto se consigue mediante la unión de las siguientes tecnologías:

  • Linux, el sistema operativo;
  • Apache, el servidor web;
  • MySQL, el gestor de bases de datos;
  • Perl, PHP, o Python, lenguajes de programación.

 

Para empezar instalaremos todos los paquetes que necesitamos. Abrimos una terminal y nos logueamos como root.

su -

yum install httpd php php-gd mysql-server php-mysql phpMyAdmin

Ahora, ya con todos los paquetes instalados, empezaremos a configurar nuestro servidor. Vamos a seguir un orden, asi que empezaremos por Apache, el servidor web. En fedora viene muy bien configurado por defecto y a no ser que necesitemos optimizar al máximo nuestro equipo no lo tocaremos. De todos modos, si queréis leer el archivo de configuración, se encuentra en /etc/httpd/conf/httpd.conf

Lo siguiente será establecer una contraseña para el usuario root de mysql. Para ello abrimos una terminal y escribimos.

mysql -u root

USE Mysql;

UPDATE user SET password=password(’escribimos_aquí_la_contraseña’) WHERE user=’root’;

quit

Nota: Si te devuelve un error al internar cambiar la contraseña prueba a escribir el comando manualmente, ya que al copiar de wordpress la comilla simple (’) puede transformarla en comilla doble (”)

Ahora con los datos de mysql configuraremos PHPMyAdmin. Abrimos de nuevo una terminal y escribimos.

Si usas Gnome | su -c ‘gedit /etc/phpMyAdmin/config.inc.php’

Si usas KDE | su -c ‘kwrite /etc/phpMyAdmin/config.inc.php’

Buscaremos las líneas donde pone:

$cfg['Servers'][$i]['user']= ”;
$cfg['Servers'][$i]['password']= ”

Y lo dejaremos de la siguiente manera:

$cfg['Servers'][$i]['user']= ‘root’;
$cfg['Servers'][$i]['password']= ‘contraseña_de_mysq’

Ahora que ya tenemos todo configurado iniciaremos los servicios necesarios para que funcione nuestro servidor. A diferencia de el servidor FTP que sólo requiere uno, nuestro servidor LAMP requiere dos. Además también hay que abrir los puertos en el cortafuegos. Para ello vamos a Sistema – Administración – Cortafuegos y en servicios confiables seleccionamos WWW. Aplicamos y cerramos. Ahora abrimos una terminal y escribimos lo siguiente:

su -

service httpd start

service mysqld start

Como todos los servicios también podremos pararlos.

su .

service httpd stop

service mysqld stop

O reiniciarlos. Esto es necesarios cada vez que cambiamos algo en los archivos de configuración.

su -

service httpd restart

service mysqld restart

Por último, si queremos que estos servicios se inicien durante el arranque tan sólo tenemos que escrbir:

su -

chkconfig httpd on

chkconfig mysqld on

Con este servidor que acabamos de instalar y configurar podremos instalar cualquier CMS como Drupal o WordPress. Sólo hay que tener tres datos en cuenta, la carpeta donde deberemos crear nuestra web es en /var/www/html. Además mientras no se haya ningún archivo llamado index se mostrará una web de prueba de Fedora. Y por último, nuestro servidor será accesible localmente escribiendo en el navegador la dirección html://127.0.0.1/

Fuente | El blog de Iyan

 

Instalando y configurando VSFTPD en Fedora

 Servidor FTP

Instalar y configurar un servidor usando Fedora es una tarea sencilla y bastante entretenida. A lo largo de dos post explicaré paso a paso cómo instalar un servidor completo, tanto FTP como HTTP. Pero antes de empezar, ¿qué es un servidor?

En informática, un servidor es un tipo de software que realiza ciertas tareas en nombre de los usuarios. El término servidor ahora también se utiliza para referirse al ordenador físico en el cual funciona ese software, una máquina cuyo propósito es proveer datos de modo que otras máquinas puedan utilizar esos datos.

 

En la primera parte explicaré como instalar VSFTPD (Very Secure FTP Daemon), considerado como la opción más segura para crear un servidor de este tipo. Algunos ejemplos de servidores que usan VSFTPD:

  • ftp://ftp.redhat.com/
  • ftp://ftp.openbsd.org/
  • ftp://ftp.suse.com/

Para empezar, instalaremos los paquetes que necesitamos. Para ello nos logueamos como root y escribimos:

su -

yum install vsftpd

Ahora ya tendremos nuestro servidor FTP instalado. A continuación lo configuraremos y ya podremos empezar a compartir datos con él. Vsftpd tiene dos archivos de configuración, ambos guardados en /etc/vsftpd/

En primer lugar abriremos el archivo vsftpd.conf, donde se encuentran la mayoría de las opciones que podremos modificar.

su -

Si usas Gnome | gedit /etc/vsftpd/vsftpd.conf

Si usas KDE | kwrite /etc/vsftpd/vsftpd.conf

Os recomiendo que leáis con calma todos los parámetros y los modifiquéis para que se adpaten a vuestras necesidades. A continuación citaré los más importantes a tener en cuenta.

Parámetro anonymous_enable

Si el valor es YES cualquier persona podrá acceder al servidor. Si es NO, sólo los usuarios autentificados podrán acceder.

Parámetro local_enable

Con esta opción podemos permitir la entrada a usuarios locales o no

Parámetro write_enable

Si queremos permitir la escritura en nuestro servidor, escribiremos YES. Si por el contrario, queremos que sea de solo lectura, pondremos NO.

Parámetro ftpd_banner

Aquí escribiremos un mensaje que será mostrado cada vez que un usuarios accede al servidor.

Parámetro anon_max_rate

Se utiliza para determinar la máxima velocidad de transferencia a los usuarios anónimos. Se utilizan los bytes por segundo como unidad.

Parámetro max_clients

Aquí podremos determinar el número máximo de conexiones simultáneas a nuestro servidor FTP.

Parámetro max_per_ip

Igual que el anterios pero para limitar las conexiones que usen la misma IP. Lo lógico es poner el mismo tope que el anterior parámetro. Esto nos servirá para limitar el número de conexiones simultáneas de personas que usen un mismo Proxy, por ejemplo.

Ahora que ya tenemos todo configurado (estos son los parámetros básicos, pero hay muchos más) sólo tenemos abrir los puertos en el cortafuegos y arrancar el servidor. Para ello vamos a Sistema – Administración – Cortafuegos y en servicios confiables seleccionamos FTP. Aplicamos y cerramos.

Ahora abrimos una terminal, nos logueamos como root y escribimos:

su -

service vsftpd start

Además si querermos que arranque durante el arranque, escribimos:

su -

chkconfig vsftpd on

Listo!! Ya tenemos en marcha nuestro servidor FTP. Para comprobar que funciona, abrimos el navegador y escrbimos en la direccion:

ftp://127.0.0.1/

Ahora sólo queda empezar a compartir archivos. Para ello tened en cuenta que la carpeta en la que hay que guardar los archivos para que sean visibles en nuestro servidor es /var/ftp

Fuente | El blog de Iyan

 

 

tail -f vs less +F

When I was fist seen this command, I was thinking ohhhh god why I haven't seen this command long time back, this could have make my life much more easier.

tail -f /var/log/messages

The main advantages of tail -f is that, you can monitor logs real time it will keep on appending logs as it goes, but what if I have found one error and want to look back what went wrong, I have to quit the tail and open the file in VI or with less.
There comes the advantage of less +F, you can monitor logs real time it will keep on appending logs as it goes, and if I found error I can execute ctrl+c to stop appending real time log and can go back and check what went wrong, once I verified and can again start appending log by executing capital F
less +F /var/log/messages

This does the same thing as tail -f but it will also show the entire file, just press ctrl + c to navigate around the log file. When you want to view the log in real time again just type a capital F.
 

One shot RSync between two hosts without installing services

I was syncing two Linux hosts, just need to copy data between them. I don't need and neither don't want to install Samba as a Service for a quick sync, RSync was my preferred method.

RSync is very easy to use and quick but in this case I don't either want to install RSync service daemon as well on the destination machine (the machine with data to transfer), so I've opted for rsync through ssh tunnel without a service installed.

Here's a quick sample:

- You've to transfer data from remote host machine (name: "oldhost")
- You've to copy data into another machine (name: "newhost")
- You don't want to install/configure rsync daemon on these two machines
- You've at least ssh server access to "oldhost" from "newhost"
- You've at least rsync program installed on "newhost"

Ok, don't configure rsync daemon on these two machines, just login to "newhost", go to target directory (the directory where you'd like to have data copied) and issue a command like this:

newhost:/target# rsync --verbose --recursive --copy-links -perms --owner --group --compress --specials --stats --devices --times --delete -e "ssh -l root" oldhost:/source/ .

Please substitute /target with your target directory on newhost, /source with your source directory from oldhost, root with your favorite username on remote host

This command uses rsync through ssh shell on remote host and copies data from there to local host on specified directory (current directory as latest "."  on command reported)

You can substitute "." with local target directory as needed

 

In this way rsync is just used without the service (rsyncd), as a new blog I can create few easy steps for rsyncd configuration if you need it.
I always use this method for one shot synchronization, when your rsync operation are scheduled of programmed periodically it's better to use rsyncd service, this is my favorite backup system

Glad to read your comments

 

Andrea Ben Benini

 

Samba public users directory (quick howto)

This quick post shows you how to create a samba share for a network, every user is forced to a specific username and each file belongs to this username. This is useful when dealing with public folders for some sort of exchange between users in a network

Read/Write access  to everyone for directories and files, this is a tipical configuration for a swap area

Check it out:

[public]
comment = Public folder for my network
available = yes
browseable = yes
path = /home/public
guest ok = yes
public = yes
writable = yes
write list = *

force group = commongroup
force user = commonuser
create mask = 0644
directory mask = 0755

printable = no

 

Comments welcomed

 

Ben 

 

Transparent dynamic reverse proxy with nginx

A while back I wrote about using Apache as a dynamic reverse proxy. Anyone who has done even minimal research into web servers knows that Apache is the swiss army knife. It trys to be everything for everyone, and like a swiss army knife may not be as good as a more refined too at least as far as efficiency is concerned. (Read More)
 

Installing Oracle on Linux

Installing Oracle  on Linux


Requirements

  1. Create Users and groups

  2. Creating directories for installing oracle

  3. Change Kernel Parameters

  4. Install Oracle


  1. Create User and groups


#groupadd oinstall

#groupadd dba

#useradd –m –g oinstall –G dba oracle

#passwd oracle


  1. Creating directories for installing oracle

For Applicaiton

#Mkdir –p /u01/app/oracle

#Chown –R oracle:oinstall /u01/app/oracle

For data

#mkdir -p /u02/oradata

#chown –R oracle:oinstall /u02/


  1. Change Kernel Parameters

Sysctl file

# vi /etc/sysctl.conf

kernel.shmall = 2097152

kernel.shmmax = 536870912

kernel.shmmni = 4096

kernel.sem = 250 32000 100 128

fs.file-max = 65536

net.ipv4.ip_local_port_range = 1024 65000

net.core.rmem_default=262144

net.core.wmem_default=262144

net.core.rmem_max=262144

net.core.wmem_max=262144


Limits file

#vi /etc/security/limits.conf

oracle soft nproc 2047

oracle hard nproc 16384

oracle soft nofile 1024

oracle hard nofile 65536



Login file

#vi /etc/pam.d/login


session required /lib/security/pam_limits.so


profile file

#vi /etc/profile

if [ $USER = "oracle" ]; then

if [ $SHELL = "/bin/ksh" ]; then

ulimit -p 16384

ulimit -n 65536

else

ulimit -u 16384 -n 65536

fi

umask 022

fi



  1. Install Oracle

# cd /opt/database

#./runInstaller

  1. Advance installation

  2. Enterprise edition

  3. Application path  /u01/app/oracle/product/10.2.0/db_1

  4. Create database

  5. Transaction processing

  6. Global database (gtldev.localdomain sid gtldev)

  7. Unicode standard utf-8 AL32F8

  8. File system storage ( /u02/oradata/

  9. Do not enable backup

  10. Password

  11. Install

After installation run two scripts

  1. # cd /home/orainventory

  2. #./orainstroot.sh

  3. #cd /u01/app/oracle/product/10.2.0_db1/

  4. #./root.sh


Web Console


http://192.168.*.*/em





 

WebServices Wars: "The Phantom Menace": Creating the WebService WSDL file

WebServices Wars: "The Phantom Menace": Creating the WebService WSDL file


Now if you've followed the introduction "WebServices Wars: Creating a basic webservice using Eclipse, php and apache" you're now ready for Episode I

Intro

This webservice saga begins with the base of every good project: the planning and design phase.
Here's what I'm going to do:
  • Create a WSDL definition file for the new service, it will be called sample.wsdl, it will be accessible from the following URL: http://my.website.com/sample.wsdl
  • Create a webservice server called sample.php it will provide sample.wsdl implementation, it will act as a service for etherogeneous applications requiring for it from this url: http://my.website.com/sample.php
  • Create a webservice client file, this is just for seeing some output and understand how php can access services, it doesn't matter if you plan to use php on the backend server or not. The url could be http://my.website.com/client.php
  • Make some considerations on debugging techniques and caching in development environments and production areas

This example will use SOAP techniques, SOAP is quick and easy to use, PHP already provide native SOAP classes, they're fast and well written in low level, not an external php library for SOAP. Personally I don't like NuSoap or third party libs for PHP, native support is reliable, fast, documented and stable.

I'll assume you already know what a webservice is, what you can do with it and how to use it in a real environment, please read this intro if you need it, it's a nice starting point.

As W3C suggests you can create a webservice with or without WSDL definition file, but if you're planning a big project or you just want to make things easy and well documented I suggest you to use WSDL files from the beginning, it's more easy to understand internals and speeds up your programming

Interface

Our sample webservice will provide these methods:

Method 1

twostringinput

input:

(string) param1

input:

(string) param2

output

(boolean) reply


Method 2

noinput_stringoutput

input:

(void: nothing)

output

(string) reply


These two methods are just samples to understand how you can use them, some sort of Hello World service.

Let's start

Now we need to write the webservice definition file (sample.wsdl), this file defines these two methods and their interfaces, the webservice url and other useful things, more documentation on WSDL can be found here from the official site.
You can obviously write this sample by hand, it's not difficult but when you do it the first time you can run into roubles if you don't know W3C documentation well. If you use Eclipse you already have a powerful tool called "The WSDL Editor", this amazing toy can create your WSDL files from a GUI interface in few minutes without orrying too much about WSDL internals, it's fast, intuitive and easy.
I'll suggest you to install the Eclipse Web Standard Tools (WST plugin) as well as WSDL tools and editors (WSDL), hese packages provides you HTML validators, html code completition, debugging tools, editors (web and wsdl) and lot of other useful functions.

Next episode will require PDT (PHP Development Tools) (Eclipse PDT plugin) so if you collect eclipse and these extensions you'll have a complete PHP/WebServices development tool, check out requirements from introduction article

When you're a beginner and you want to create a WSDL file with Eclipse you're probably looking for something good, already working and editable with WSDL Editor with no hassles, when I was googling around for wsdl files the first time I've found a lot of non-W3C compliants, malformed, wrong files and I've lost a lot of time to understand where errors were located, here's my sample for you.

According to my example and the two methods planned above here's the good W3C Compliant WSDL file:



























































transport="http://schemas.xmlsoap.org/soap/http" />


soapAction="http://my.website.com/twostringinput" />









soapAction="http://my.website.com/noinput_stringoutput" />













Create a new wsdl file (Eclipse: File, New, File) and name it sample.wsdl
Save the file and close it so you've this working sample.

When WSDL Editor is installed you can directly open it in GUI mode (WSDL Editor Itself),
it's easy to read, maintain, rewrite and modify, take a look at the following picture:


Amazing, isn't it ?
With this tool you can see in a nice gui mode your webservice, easy for a newbie and for an expert as well. When you select an item you can select and modify its properties in the properties window, take a look at my sample data and see where they are located


If you click on the arrows in the right side you can open another window with input parameters for the two methods, take a look at the picture below

Here are the methods



Play with the file, it's a good starting point for future projects, it was created with Eclipse 3.4 Ganymede and latest tools synced from Eclipse central repository, you can easily open it with outdated eclipse versions or without WSDL editor as well; Eclipse doesn't have backwards compatibility issues (like other IDEs)

When finished just put this file in your webserver and make it accessible from outside, in my example this file it's located in /var/www/htdocs/sample.wsdl, according to my current Apache2 config this file is available from the following url: http://my.website.com/sample.wsdl, sample.php (webservice server) and client.php (webservice client) will refer to this url for getting WSDL properties

For a closer look at WSDL Editor take a read at the WSDL Editor Documentation, it's THE starting point for everything, refer to W3C for reliable SOAP and WSDL documentation


Stay tuned for the next episode...

Introduction: "WebServices Wars: Creating a basic webservice using Eclipse, php and apache"

Episode I "The Phantom Menace": Creating the WebService WSDL file"

Episode 2 "Attack of the Clones": Creating the WebService php Server (coming soon)

 

 

 

WebServices Wars: Creating a basic webservice using Eclipse, php and apache

Here I am,
That's a lot of time since my last blog, well, I was quite busy with something else (still have my private life ok ?) but now I'm back again with WebServices, PHP, Eclipse, Apache.

A lot of folks are asking me about some sort of short howto/sample/easy doc for dealing with webservices and php, there's a lot of information spread all around the web so I've decided to collect information from my projects and write down some notes for a quickstart howto with webservices and php.

Now if you like to write down everything from scratch you can surely do but if you're working on a big project you're surely already using an IDE of some sort.

I've tried a lot of different commercial and open source IDEs and after a lot of evaluation I've choosen Eclipse because it's mature, stable (quite), reliable, studied for big enterprise class projects ...and I've a fast and huge pc with a ton of ram on it.

Eclipse is reliable, well known and supported, one of its major drawbacks are about system resources, it eats a lot of ram but if you've a recently updated PC with a good linux distro and a good amount of ram you can surely use it and you'll never go away from it. PHP folks will surely install PDT (http://www.eclipse.org/pdt/): PHP Development Toos Project for Eclipse, it's now a mature plugin for eclipse, reliable and suited for php professional development.

I don't wanna bother you about details on configuring eclipse/pdt/apache/php and so on (maybe another blog argument ?) I'll assume you've this configuration :

  • Eclipse and PDT up and running in your workstation, don't care about operating system but of course if you're using linux it's better :-) (gentoo linux like me even better). But I really don't care, just need Eclipse up and running
  • Web Tools Platform plugin for Eclipse, not really required but useful, it provides: web page editor inside Eclipse, WSDL editor, HTML Validators. WSDL editor is very important if you wish to create webservices with a GUI interface, if you're mastering xml/soap/rpc files and you want to write them on your own you're free to do this.
  • A webserver with php extension installed, Apache2 and PHP5 are used in this sample but every webserver suitable for php is good (here again, apache2 and php5 are better than everything else)
  • Common PHP knowledge and some Object Oriented programming skills, here used for these samples
  • Basic SOAP and WebServices knowledge, at least you need to know what they can do and what is this technology for, later you'll better understand soap after reading samples

This blog is just an intro and a "bill list of materials" before getting started

 

This is an intro, next article will be the first "hands on" with eclipse and WSDL creation
As usual feel free to ask and write down some comments when needed, hope it helps


Next, featuring: Episode 1: WebServices Wars: "The Phantom Menace": Creating the WebService WSDL file


Andrea Benini (Ben)

 

 
Page 6 of 9

Upcoming Linux Foundation Courses

  1. LFS230 Linux Network Management
    06 Oct » 09 Oct - Virtual
    Details
  2. LFD331 Developing Linux Device Drivers
    13 Oct » 17 Oct - Virtual
    Details
  3. LFS430 Linux Enterprise Automation
    13 Oct » 16 Oct - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board