Secure your MySQL installation and set the root password
sudo mysql_secure_installation
From here, you can just press Y and then ENTER to accept the defaults for all the subsequent questions.
Fix authentication issue caused by Ubuntu using auth_socket plugin by default for the root user.
You can set the root user to use the mysql_native_password instead to fix this issue, and we will have to set the root password again to correct this.
log in as sudo to mysql using the username and password set before.
sudo mysql -u root
in MySQL enter the following
USE mysql;
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Note:
For security make this password different than your server's password, and dont use the root user in any application that requires a database to store and pull data from.
FLUSH PRIVILEGES;
exit;
File /etc/mail.rc
File /etc/mail.rc
set smtp=10.1.1.1:587
set from=user@example.com
set smtp-use-starttls
set ssl-verify=ignore
set smtp-auth=login
set smtp-auth-user=user@example.com
set smtp-auth-password=Password
set smtp=10.1.1.1:587
set from=user@example.com
set smtp-use-starttls
set ssl-verify=ignore
set smtp-auth=login
set smtp-auth-user=user@example.com
set smtp-auth-password=Password
Copy AD group
$Source_Group = "CN=Group,OU=Unity,DC=example,DC=com"
$Destination_Group = "CN=Group,OU=Unity,DC=example,DC=com"
$Target = Get-ADGroupMember -Identity $Source_Group
foreach ($Person in $Target) {
Add-ADGroupMember -Identity $Destination_Group -Members $Person.distinguishedname
}
Send desktop notification from shell scripts
Install packages
sudo apt-get install libnotify-bin
send some notification
notify-send "rsnapshot done :)"
#another example
...
alert=18000
live=$(lynx --dump http://money.rediff.com/ | grep 'BSE LIVE' | awk '{ print $5}' | sed 's/,//g;s/\.[0-9]*//g')
[ $notify_counter -eq 0 ] && [ $live -ge $alert ] && { notify-send -t 5000 -u low -i "BSE Sensex touched 18k"; notify_counter=1; }
...
-t 5000: Specifies the timeout in milliseconds ( 5000 milliseconds = 5 seconds)
-u low : Set the urgency level (i.e. low, normal, or critical).
-i gtk-dialog-info : Set an icon filename or stock icon to display (you can set path as -i /path/to/your-icon.png).
A Note About GUI Tools and Cronjob
You need to request local display/input service using export DISPLAY=[user’s machine]:0 command if you are using cronjob to call your scripts. For example, call /home/vivek/scripts/monitor.stock.sh as follows which uses zenity tool:
@hourly DISPLAY=:0.0 /home/vivek/scripts/monitor.stock.sh
sudo apt-get install libnotify-bin
send some notification
notify-send "rsnapshot done :)"
#another example
...
alert=18000
live=$(lynx --dump http://money.rediff.com/ | grep 'BSE LIVE' | awk '{ print $5}' | sed 's/,//g;s/\.[0-9]*//g')
[ $notify_counter -eq 0 ] && [ $live -ge $alert ] && { notify-send -t 5000 -u low -i "BSE Sensex touched 18k"; notify_counter=1; }
...
-t 5000: Specifies the timeout in milliseconds ( 5000 milliseconds = 5 seconds)
-u low : Set the urgency level (i.e. low, normal, or critical).
-i gtk-dialog-info : Set an icon filename or stock icon to display (you can set path as -i /path/to/your-icon.png).
A Note About GUI Tools and Cronjob
You need to request local display/input service using export DISPLAY=[user’s machine]:0 command if you are using cronjob to call your scripts. For example, call /home/vivek/scripts/monitor.stock.sh as follows which uses zenity tool:
@hourly DISPLAY=:0.0 /home/vivek/scripts/monitor.stock.sh
SSH timeout interval
A user can log in to the server via ssh, and you can set an idle timeout interval to avoid unattended ssh session. Open sshd_config and make sure following values are configured:
ClientAliveInterval 300
ClientAliveCountMax 0
You are setting an idle timeout interval in seconds (300 secs == 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out).
ClientAliveInterval 300
ClientAliveCountMax 0
You are setting an idle timeout interval in seconds (300 secs == 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out).
Find and fix World-Writable Files
Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files:
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
You need to investigate each reported file and either set correct user and group permission or remove it.
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
You need to investigate each reported file and either set correct user and group permission or remove it.
Linux partitions security
Create separate partitions for Apache and FTP server roots.
Edit /etc/fstab file and make sure you add the following configuration options:
noexec – Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
nodev – Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
nosuid – Do not set SUID/SGID access on this partition (prevent the setuid bit).
Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
Edit /etc/fstab file and make sure you add the following configuration options:
noexec – Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
nodev – Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
nosuid – Do not set SUID/SGID access on this partition (prevent the setuid bit).
Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):
/dev/sda5 /ftpdata ext3 defaults,nosuid,nodev,noexec 1 2
Assinar:
Postagens (Atom)