Monday, November 15, 2010

Create your own social network site like Facebook :)

Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Organizations with networks powered by Elgg include:

#yum install mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin

#service httpd start
#service mysqld start
#mysql_secure_installation (set up root password)

open firefox http://localhost/phpmyadmin and create a elgg-db database.

#wget http://elgg.org/getelgg.php?forward=elgg-1.7.4.zip

#unxip elgg-1.7.4.zip -d /var/www/html/
#mv elgg-1.7.4/ elgg/ #cd elgg/engine/
#cp settings.example.php settings.php
#vi settings.php
// Database username
$CONFIG->dbuser = 'root';
// Database password
$CONFIG->dbpass = 'password';
// Database name
$CONFIG->dbname = 'elgg-db';
// Database server // (For most configurations, you can leave this as 'localhost')
$CONFIG->dbhost = 'localhost';
// Database table prefix // If you're sharing a database with other applications, you will want to use this // to differentiate Elgg's tables.
$CONFIG->dbprefix = 'elgg';

#mkdir /uploads
#chmod 777 /uploads

open firefox http://yourdomain.com/elgg follow the screen

#vi /var/www/html/elgg/.htaccess copy paste from 1st screen and save after reload page follow the screen

  :)
Posted by at 1 comment:

Friday, November 12, 2010

To Lock Users To Their Home Directories Only CentOS /RedHat


rssh support chrooting option. If you want to chroot users, use chrootpath option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/rajat normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

Configuring rssh chroot

=> Chroot directory: /users.
Tip: If possible mount /users filesystem with the noexec/nosuid option to improve security.

=> Required directories in jail:

/users/dev - Device file
/users/etc - Configuration file such as passwd
/users/lib - Shared libs
/users/usr - rssh and other binaries
/users/bin - Copy default shell such as /bin/csh or /bin/bash
=> Required files in jail at /users directory (default for RHEL / CentOS / Debian Linux):

/etc/ld.so.cache
/etc/ld.so.cache.d/*
/etc/ld.so.conf
/etc/nsswitch.conf
/etc/passwd
/etc/group
/etc/hosts
/etc/resolv.conf
/usr/bin/scp
/usr/bin/rssh
/usr/bin/sftp
/usr/libexec/openssh/sftp-server OR /usr/lib/openssh/sftp-server
/usr/libexec/rssh_chroot_helper OR /usr/lib/rssh/rssh_chroot_helper (suid must be set on this binary)
/bin/sh or /bin/bash (default shell)
Tip: Limit the binaries which live in the jail to the absolute minimum required to improve security. Usually /bin/bash and /bin/sh is not required but some system may give out error.

A note about jail file system

Note: The files need to be placed in the jail directory (such as /users) in directories that mimic their placement in the root (/) file system. So you need to copy all required files. For example, /usr/bin/rssh is located on / file system. If your jail is located at /users, then copy /usr/bin/rssh to /users/usr/bin/rssh. Following instuctions are tested on:

FreeBSD
Solaris UNIX
RHEL / Redhat / Fedora / CentOS Linux
Debian Linux
Building the Chrooted Jail

Create all required directories:
# mkdir -p /users/{dev,etc,lib,usr,bin}
# mkdir -p /users/usr/bin
# mkdir -p /users/libexec/openssh

Create /users/dev/null:
# mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:
# cd /users/etc
# cp /etc/ld.so.cache .
# cp -avr /etc/ld.so.cache.d/ .
# cp /etc/ld.so.conf .
# cp /etc/nsswitch.conf .
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/resolv.conf .

Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:
# cd /users/usr/bin
# cp /usr/bin/scp .
# cp /usr/bin/rssh .
# cp /usr/bin/sftp .
# cd /users/usr/libexec/openssh/
# cp /usr/libexec/openssh/sftp-server .

OR
# cp /usr/lib/openssh/sftp-server .
# cd /users/usr/libexec/
# cp /usr/libexec/rssh_chroot_helper

OR
# cp /usr/lib/rssh/rssh_chroot_helper
# cd /users/bin/
# cp /bin/sh .

OR
# cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:
ldd /usr/bin/sftp

Output:

linux-gate.so.1 => (0x00456000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)
libutil.so.1 => /lib/libutil.so.1 (0x008ba000)
libz.so.1 => /usr/lib/libz.so.1 (0x00110000)
libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00656000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00271000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00304000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00777000)
libdl.so.2 => /lib/libdl.so.2 (0x00123000)
libnss3.so => /usr/lib/libnss3.so (0x00569000)
libc.so.6 => /lib/libc.so.6 (0x00b6c000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00127000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00130000)
/lib/ld-linux.so.2 (0x00525000)
libplc4.so => /usr/lib/libplc4.so (0x008c9000)
libplds4.so => /usr/lib/libplds4.so (0x00133000)
libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)
libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00341000)
libsepol.so.1 => /lib/libsepol.so.1 (0x00964000)
You need to copy all those libraries to /lib and other appropriate location. However, I recommend using my automated script called l2chroot:
# cd /sbin
# wget -O l2chroot http://www.yeswedeal.biz/files/l2chroot.txt
# chmod +x l2chroot

Open l2chroot and set BASE variable to point to chroot directory (jail) location:
BASE="/users"

Now copy all shared library files
# l2chroot /usr/bin/scp
# l2chroot /usr/bin/rssh
# l2chroot /usr/bin/sftp
# l2chroot /usr/libexec/openssh/sftp-server

OR
# l2chroot /usr/lib/openssh/sftp-server
# l2chroot /usr/libexec/rssh_chroot_helper

OR
# l2chroot /usr/lib/rssh/rssh_chroot_helper
# l2chroot /bin/sh

OR
# l2chroot /bin/bash

Modify syslogd configuration

The syslog library function works by writing messages into a FIFO file such as /dev/log. You need to pass -a /path/to/chroot/dev/log option. Using this argument you can specify additional sockets from that syslogd has to listen to. This is needed if you’re going to let some daemon run within a chroot() environment. You can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"

Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"

Save and close the file. Restart syslog:
# /etc/init.d/syslog restart

If you are using Debian / Ubuntu Linux apply changes to /etc/default/syslogd file.

Set chroot path

Open configuration file /etc/rssh.conf:
# vi /etc/rssh.conf

Set chrootpath to /users
chrootpath=/users

Save and close the file. If sshd is not running start it:
# /etc/init.d/sshd start

Add user to jail
Now rssh is installed. Next logical step is configure user to use rssh. All you have to do is set a user account shell to /usr/bin/rssh. The following examples adds user bidi to system with /usr/bin/rssh.

Create a new user with /usr/bin/rssh

Login as the root user
Type the following command to create a new user called bidi:# useradd -m -d /home/bidi -s /usr/bin/rssh bidi
# passwd bidi

Change existing user shell to /usr/bin/rssh

You don't have to edit /etc/passwd file to change your shell. You need to use chsh command. It changes the user login shell. This determines the name of the users initial login command. A normal user may only change the login shell for his/her own account, the super user i.e. root user may change the login shell for any account. Following is syntax of chsh command:chsh -s {shell-name} {user-name}
Where,
  • -s {shell-name} : Specify your login shell name. You can obtained list of avialble shell from /etc/shells file.
  • User-name: It is optional, useful if you are a root user.
First, find out available shell list:# less /etc/shells
Output:
/bin/ash
/bin/csh
/bin/sh
/usr/bin/es
/bin/ksh
/bin/tcsh
/bin/sash
/bin/zsh
/bin/dash
/usr/bin/screen
/bin/bash
/bin/rbash
Now change your shell name to /bin/tcsh:# chsh -s /bin/tcsh
Password:
When promoted for password, type your own password. If you just type chsh command, it will prompt for shell name interactively:# chsh
Output:
Password:
Changing the login shell for tv
Enter the new value, or press ENTER for the default
       Login Shell [/bin/bash]:


# usermod -s /usr/bin/rssh old-user-name
# usermod -s /usr/bin/rssh rajat
# chsh -s /usr/bin/rssh rajat

Try login via ssh or sftp

Now try login via ssh or sftp using username bidi:# sftp bidi@my.backup.server.com
OR# ssh bidi@my.backup.server.com
Output:
bidi@my.backup.server.com's password: TYPE-THE-PASSWORD
Linux my.backup.server.com 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2010 i686

Last login: Thu Nov 10 16:35:04 2010 from localhost

This account is restricted by rssh.
This user is locked out.

If you believe this is in error, please contact your system administrator.

Connection to my.backup.server.com closed.
By default rssh configuration locks down everything including any sort of access.

Grant access to sftp and scp for all users

The default action for rssh to lock down everything. To grant access to scp or sftp open /etc/rssh.conf file:# vi /etc/rssh.conf
Append or uncomment following two linesallowscp
allowsftp
Save and close the file. rssh reads configuration file on fly (there is no rssh service exists). Now user should able to run scp and sftp commands, but no shell access is granted:# scp /path/to/file bidi@my.backup.server.com:/.
OR# sftp bidi@my.backup.server.com:/.
Output:
Connecting to lmy.backup.server.com...
bidi@my.backup.server.com's password:
sftp> pwd
Remote working directory: /home/bidi
sftp>

Understanding command configuration options

You need to add following keywords / directives to allow or disallow scp / sftp and other commands:
  • allowscp : Tells the shell that scp is allowed.
  • allowsftp : Tells the shell that sftp is allowed.
  • allowcvs : Tells the shell that cvs is allowed.
  • allowrdist : Tells the shell that rdist is allowed.
  • allowrsync : Tells the shell that rsync is allowed.
Tip: Create a group for rssh users, and limit executable access to the binaries to users in that group to improve security. Please use standard file permissions carefully and appropriately.

# useradd -m -d /users/rajat -s /usr/bin/rssh rajat
# passwd rajat

Now rajat can login using sftp or copy files using scp:

sftp rajat@my-server.com
rajat@my-server.com's password:
sftp> ls
sftp> pwd
Remote working directory: /rajat
sftp> cd /tmp
Couldn't canonicalise: No such file or directory
User rajat is allowed to login to server to trasfer files, but not allowed to browse entier file system.
Posted by at 1 comment:

Thursday, November 4, 2010

How to install unity in ubuntu 10.04/10.10

Install unity in ubuntu 10.04/10.10

Open the terminal and run one of the following command
$sudo apt-get install ubuntu-netbook
or
$sudo apt-get install unity
after logging out you will be able to choose Ubuntu Netbook Edition

Apart from this you can expect unity in Ubuntu 11.04 alpha1
Posted by at No comments:

Speed Up Firefox web browser for Fedora / Ubuntu /CentOS /Windows

Mozilla Firefox is a graphical web browser developed by the Mozilla Corporation. Started as a fork of the browser component (Navigator) of the Mozilla Application Suite, Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, stewarded by the Mozilla Foundation and a large community of external contributors.
Mozilla Firefox is a cross-platform browser, providing support for various versions of Microsoft Windows, Mac OS X, and Linux. Although not officially released for certain operating systems, the freely available source code works for many other operating systems, including FreeBSD,OS/2, Solaris, SkyOS, BeOS and more recently, Windows XP Professional x64 Edition.
I am providing some Very Useful Tips to speedup your Firefox.
In your location bar, type about:config
Once it Opens You should see similar to the following screen

Tip1
In the filter bar type network.http.pipelining
You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip2
In the filter bar again and type network.http.pipelining.maxrequests
Once it Opens You should see the following screen

Default it says 4 under value field and you need to change it to 8
Once you finished this you should see the following screen.

Tip3
Go to the filter bar again and type network.http.proxy.pipelining
Once it Opens You should see similar to the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip4
Go to the filter bar again and type network.dns.disableIPv6
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip5
Go to the filter bar again and type plugin.expose_full_path
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip6
Now you need to Create new Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type nglayout.initialpaint.delay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Tip7
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type content.notify.backoffcount and click ok

Now you need to enter 5 in value filed and click ok

Once you finished this you should see the following screen.

Tip8
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type ui.submenuDelay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Some more Tweaks
Enable the spellchecker for inputfields and textareas (default is textareas only)
layout.spellcheckDefault=2
Open lastfm://-links directly in amarok
network.protocol-handler.app.lastfm=amarok
network.protocol-handler.external.lastfm=true
Firefox Memory Leak Fix
Open a new tab. Type “about:config” without quotes into the address bar and hit enter/click Go.
Right-click anywhere, select New, then Integer. In the dialog prompt that appears, type:
browser.cache.memory.capacity
Click OK. Another dialog prompt will appear. This is where you decide how much memory to allocate to Firefox. This depends on how much RAM your computer has, but generally you don’t want to allocate too little (under 8MB), but if you allocate too much, you might as well not do this. A good recommended setting is 16MB. If you want 16MB, enter this value into the dialog prompt:
16384
(Why 16384 instead of 16000? Because computers use base-12 counting. Thus 16 megabytes = 16384 bytes. Likewise, if you want to double that and allocate 32MB, you’d enter 32768.)
Click OK to close the dialog box, then close all instances of Firefox and restart. If your Firefox still uses the same amount of memory, give it a few minutes and it should slowly clear up. If that fails, try a system reboot.
Now your Firefox will now be 3 - 30 times faster in loading pages.


Posted by at No comments:
Subscribe to: Posts (Atom)