Wednesday, August 17, 2011

Linux password policy

Linux password lockout policy can be configured using PAM "Pluggable Authentication Modules" to lock a user’s account temporarily if they attempt to bruteforce into an account by trying various password combinations. This configuration uses the module. Bruteforce hacking is a method to find a user’s password by trying to login with various password combinations. By having a password lockout policy such users can be locked out of their account if a certain number of incorrect passwords are entered. While trying this tutorial in your system make sure you have the file /lib/security/ if it isn’t there trying this out will lock all user accounts even if you enter the correct password.
Using a text editor open the following file
add the following text to the second line.
auth required deny=3 unlock_time=3600
The above statement will lock an user account if incorrect passwords are entered three or more times as specified in the deny option. The account will be unlocked after 3600 seconds as specified in the unlock_time option. Choose the number of incorrect attempts and unlock time wisely. There is also another option which will enforce this policy for the root user.
auth required deny=3 unlock_time=3600 even_deny_root
The even_deny_root will lockout the root user also. So use this option with caution. After this is done add another line in the account section in the same file
account required
Save the /etc/pam.d/system-auth file, before testing your configuration open another terminal and try to login as any user with a CORRECT password, if you’re unable to login at this stage there is something wrong with the /etc/pam.d/system-auth file. If you’re able to login successfully try by logging in using the correct username and wrong password. Each time you try execute the following command as root to find the number of authentication failure attempts.
pam_tally2 -u username
to see information regarding a specific user (Replace username with the actual user).
If you enter the incorrect password for certain number of times the following message will appear as soon as the username is entered
Account locked due to 4 failed login attempts
To manually unlock the account before the unlock_time use the following command
pam_tally2 -u username -r
A more conservative usage of the above command is to deduct the number of times the user has logged in unsuccessfully. For example, if the password retries is 3 and user Alice has tried logging in with an incorrect password 4 times, using the above command to unlock the account will give another 3 tries for the username Alice which might give more attempts for a potential hacker. Instead the incorrect attempts counter value can be set to 2 so that Alice has just one more attempt.
pam_tally2 -u username --reset=2
will set the incorrect password counter for the user to 2.
In case the root user is locked out and you immediately need to login as root, boot your system into single user mode and execute the following command.
pam_tally2 -u root -r

Monday, May 9, 2011

Disable the fsck on boot

  1. Boot the system from boot disc 1 or an ISO image of the installation media
  2. Once the system has successfully booted from the ISO image and the Red Hat Enterprise Linux boot screen will appears, type: "linux rescue" without the quotes, and hit enter at the prompt.
  3. Select "Continue" when prompted to allow the rescue environment to mount Red Hat Enterprise Linux installation under /mnt/sysimage directory.
  4. Type "chroot /mnt/sysimage"
  5. Then edit /etc/fstab
  6. In this file, in the very last column for each mount point, there is a number.  Changing this number to a 0 (zero) will make it so that it does not try to fsck that mount point on boot.
  7. Save the file
  8. Reboot or CTRL+D

Saturday, April 2, 2011

Set Up A Feng Office Suite Web Server Fedora /Centos / RedHat

Feng Office allows businesses to manage project tasks, billing, documents, communication with co-workers, customers and vendors, schedule meetings and events, and share every kind of electronic information.

#yum install  mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin

#service httpd start
#service mysqld start
#mysql_secure_installation (set up root password)
#unzip -d /var/www/html/

Open Firefox http://localhost/feng_community

[root@rajat feng_community]# chmod 777 config/
[root@rajat feng_community]# chmod 777 cache/
[root@rajat feng_community]# chmod 777 upload/
[root@rajat feng_community]# chmod 777 tmp/

your Office online have fun

Sunday, March 27, 2011

How to Rollback Package Updates/Installation on Fedora /RedHat/ CentOS

Fedora 14, like FC14, uses yum for package management. yum is built on top of rpm, and pirut, pup, and yumex are graphical interfaces built on top of yum. Together, these tools provide a simple-to-use, powerful package management system.

One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it's worthwhile enabling this feature on most systems.

Here's cut-to-the-chase directions on using this feature:

  1. To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.

  2. To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.

  3. Install, erase, and update packages to your heart's content, using pup, pirut, yumex, yum, rpm, and the yum automatic update service.

  4. If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier. Some examples: rpm -Uhv --rollback '3:00 pm', rpm -Uhv --rollback '4 hours ago', rpm -Uhv --rollback 'March 25'.