Disable Users to login into the server

Suppose we want to take a backup of user’s account. So for that first of all we have to block the user to login into their account to maintain data integrity of user’s backup files. So using below technique we can do that very easily.enjoy !!!

Edit the pam file located in /etc/pam.d/ directory for the service you want to control.

 Example : Suppose you want to do control  ssh service

Step 1: Add below line in /etc/pam.d/sshd file if it is not available.

account required pam_nologin.so

Step 2: Create the /etc/nologin file,

# touch /etc/nologin

This should disable the login from ssh for every user except administrator user(root).

Step 3: To re-enable the login just remove /etc/nologin

# rm –rf /etc/nologin

Split the Large files

Split on a 300mb example.zip file:

#split -b 100mb example.zip

It will generate 3 files with the following file sizes:

100MB xaa
100MB xab
100MB xac

After split use: cat to combine a file

#cat xa* > example-new.zip 

 

Open port using iptables

To open a required port you have to know the basic information. 

1) Service name ( ssh,ftp,etc…)

2) port number ( 22,25, etc…)

3) tcp port or udp port (tcp or udp)

Example : To enable ssh access to your Server from anywhere

#iptables -A allowed -p tcp -dport 22 -s 0/0 -j ACCEPT

#iptables -A allowed -p udp -dport 22 -s 0/0 -j ACCEPT

Time bases iptables rules

If you want to restrict/allow access to certain service on timely basis using iptables. 

Use : iptables patch-o-matic extension (pom or p-o-m)

That allows us to match a packet based on its arrival or departure  timestamp.

Syntax : iptables RULE -m time –timestart TIME –timestop TIME –days DAYS -j ACTION

                –timestart TIME: Time start value (format is 00:00-23:59)

               –timestop TIME: Time stop value (the same format)

               –days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

Example :  We want to  restrict access to SSH between 10:00 pm – 8:00am on weekdays.

#iptables -A INPUT -p tcp -d 192.168.10.1 –dport 22 -m time –timestart 22:00 –timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP

Enjoy !!!!!!!!!!!!

Disable a User Account in Linux

Technique 1 : Using /etc/shadow file

Linux systems use /etc/shadow to store the encrypted user passwords.

Active user account will have one line in /etc/shadow 

username:$2$eF7dafdsf$4kfdsm$3Fkm6nl.:13852:0:99999:7:::

Here second field is the encrypted password.

If we replace the password with “*” or “!” this will make the account unusable, and it means that no login is permitted for that user.

username:*:13852:0:99999:7:::

But disadvantage of this technique is password will be loss and we have to generate a new password for this user.

Technique 2 : Using passwd -l

It will lock the user account. After type passwd -l it will give you “password changed” message. This command will do the changes in the /etc/shadow file and add the “!” in the second field of that user.

username:!$2$eF7dafdsf$4kfdsm$3Fkm6nl.:13852:0:99999:7:::

if we want to unlock the user account then we can do that after removing “!” from /etc/shadow file. We can also do that mannual by using passwd -u command.

change the login banner/message

The login banner is essential to legal actions taken against people who misuse and illegally hack into your box. 

 To change the login banner/welcome message, Edit the /etc/issue file and put whatever you want into this file and save the file and exit.

 #vi /etc/issue

Duplicating a disk

If you have two IDE drives that are of identical size, and provided that you are sure they contain no bad sectors and provided neither are mounted, you can run

dd if=/dev/hda of=/dev/hdb

To copy the entire disk and avoid having to install an operating system from scratch. It doesn’t matter what is on the original (Windows, LINUX, or whatever) since each sector is identically duplicated; the new system will work perfectly.

How to Prevent the reuse of old passwords

For RHEL/Fedora distribution 

To remember the last 5 passwords, add the line below to the file /etc/pam.d/system-auth file:

password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=5

For Debian/ubuntu distribution

To remember the last 5 passwords, add the line below to the file /etc/pam.d/common-password file:

password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=5

BackUp and Restore MBR after Windows Crash

Step 1 : Login as a root user.

# dd if=/dev/hda of=/dev/fd0 bs=512 count=1

This makes an exact copy of the MBR of the first hard drive (hda – you need to replace this), copying it to a floppy disk. You can boot directly from this floppy, and see your old boot menu. You can restore it by switching the “if=” and “of=” (input file, output file) parameters.

 

If you don’t have a floppy drive, you can back it up to a file using below command.

# dd if=/dev/hda of=/home/Username/boot.mbr bs=512 count=1

Use your Linux distribution’s installation CD to boot into rescue mode and restore it with below command.

 # dd if=/mnt/hda5/Username/boot.mbr of=/dev/hda bs=512 count=1

How to Use MD5 Sum

Full Name : Message-Digest algorithm 5

Usage : Using an MD5 checksum you can  verify the integrity of data

Algorithm : cryptographic hash function with a 128-bit value 

 

MD5 sum first identify the the data which is backup and then create a MD5 checksum which is combination of unique string of letters and numbers put together string like : 3dfsdjl2342ldkfjkdf32k. MD5 checksums are very useful for the verification of data and for passwords

 

Check MD5 sum usage

Step 1 : Generate a MD5 checksum:

 Go to in Shell console

#md5sum filename > filename.md5″

Step 2: Verify a MD5 checksum:

#md5sum -c filename.md5″