Centos 6 – IPTables – Allow incoming/outgoing network traffic to only specific servers

This script can be used for example when you want to create a script server and you wish this login server to allow incoming/outgoing traffic to specific servers. You may want for example your users to be able to access only the servers in your Lab and nothing else. This script assumes you first jump to a login server and then you just to your script server. The script server allows for specific IPs to connect to it. In turn the script server allows users to connect to specific remote servers. The script is executed on the script server.

Continue reading

Share Button

Bash – IPtables SSH root logins protection.

Please be aware. This script was created for excersice reasons only. Using this script in a production/home system can lead to problems if the attacker is smart enough. This is NOT a sophisticated tool to protect your system.

The script captures IPs from log files where a root SSH connection has been attempted. It then blacklists those IPs by creating a firewall for them. All the blacklisted IPs are inserted into a master file. The master file is being updated with new unique IPs each time the script is run. There are tools that already do this type of tasks in a much more elaborate manner….but hey…I like scripting 🙂

 

Continue reading

Share Button

CentOS 6 – Setup a Transparent Squid proxy Server

“In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers”  Wikipedia link.  In other words machine XYZ that is located within your network, instead of connecting directly to the internet to request a web page   it will go through the proxy server. With a more advanced setup you can control access to  SSH , FTP and so on.  This adds a layer of security because you can control what type of requests your users are allowed to use and you can also impose rules as to what your users can do with already allowed requests.  In addition you can create a cache of web pages that will reside in your proxy server. This reduces the overhead on the network because the contents of web pages do not have to fetched from the Internet each time your users request it.

Continue reading

Share Button

How to upgrade Postgresql from 8x to 9.2.6 – Centos 5.9 and Centos 6.4

These upgrades retain the old database engine while installing the new version as well. However, in order to have both engines running you will need to change the port on which each engine is listening to. Remember, two applications cannot use the same port over the network for incoming connections.  The directory structure of the Postgresql 8x is

  • /var/lib/pgsql/data

Once you upgrade to version 9.2.6 the directory structure for your new engine will be

  • /var/lib/pgsql/9.2
Share Button

The Linux Kernel Source Code comment shennanigans :)

Downloaded the Linux source code of the Linux and searched for a specific keyword. Even though this is old news, it is always fun to see programmers blowing a gasket. I remember a friend of mine that she wrote code for the Linux kernel, she would often be this close in pulling her teeth out.

[gmastrokostas@localhost linux-2.6.10]$ grep -ir “fuck” /home/gmastrokostas/linux-2.6.10

Continue reading

Share Button

NFS – Script to setup NFS automatically.

This script sets up NFS automatically. However, it sets up a very basic NFS. Due to security reasons it is not recommended to use this specific script. It needs more “intelligence” added to it.  This script is just an exercise from my own sake. I try to code whatever idea comes to mind. 🙂  It works in my environment but feel free to test it out. Things this script does:

  • Detects if you have NFS already installed. If not, it will install it for you and proceed with the setup
    • If NFS is installed then it detects if there is a basic setup for it. If there is then it will abort it self.
  • The script will create the NFS directory. It will prompt the user for the location and name of the directory to be created.
  • Once the directory is created it will adjust the permissions for that directory. It will prompt the user for the set of permissions to be assigned.
  • It will export the NFS directory and prompt the user to enter a network that is allowed to access this NFS drive.
  • It will enable the appropriate options in the NFS config file. Note: It will disable SELinux
  • It will adjust the hosts.allow and hosts.deny config files to allow NFS connections.
  • It will NOT adjust the firewall to allow incoming connections to NFS. IPTables rules need to be put into this script. 
  • Once completed it will restart the NFS service
  • It will give a summary of your setup for review.

REMINDER: NFS can become a complicated service when deployed in a complex environment. This script was created so I can better understand how NFS works.

Continue reading

Share Button

CentOS – RedHat: A “systeminfo” like script for Linux

Windows has a nice command called “systeminfo” which provides a collection of general information for the Operating System. I created a Bash script that does something similar.

Note 1) this is part of a larger script I am creating which will import Operating System data into a Database.

Note 2) In order to view the network connection called in one of the functions in this script, you will have to be logged in as root to run this script. Unless of course you have setup sudo to run the “lsof” command.

Continue reading

Share Button

Create a Windows 2012 Cluster.

Assumptions:

A) You already have a SAN or iSCSI. Please note that my hardware is not supported and such this particular Cluster could not find a storage device that meets the requirements for a cluster. However I was able to create a Windows Cluster made out of two virtual nodes. The only issue is that there is no storage device available in my environment  that my Windows servers will accept 🙁

B) The servers that will be used as a cluster are part of a Windows Domain. See here  how to create  an Active Directory and how to join a machine to a Windows Domain 

Continue reading

Share Button

Linux: Inodes – Soft/Hard Links

INODES

An inode is a datastructrure that is associated with objects in Linux. Each object in Linux is associated with an object. Inodes do not show us metadata (results of an ls -l command). The following are objects that inodes are associated with.

  • User/Group owner.
  • File permissions.
  • Access – Modification – Change – Deletion times
  • Size
  • Blocks
  • Number of hard/soft links
  • How to get object information for a file:

Continue reading

Share Button

Centos 6.3 – How to create a Samba share for individual Windows users.

Samba allows, among other things, for Windows machines to access a shared drive on a Linux server as if it was a normal Windows Network share. In this post I will show how to create a Samba share for individual users.  The share is not a public share. Each share is assigned to a user that requires a password.

Continue reading

Share Button