Monday, 4 November 2013

How to connect SFTP server from Linux

SFTP is similar to FTP. SFTP stands for Secure File Transfer Protocol and is the encrypted version of FTP. SFTP is more secure and tends to be more reliable than FTP.

To Connect SFTP server


#sftp -oport= "Port no" user@sftp server IP/sftp directory name
Example:

#sftp -oport= 2222 rahul@10.10.10.11/home

Wednesday, 3 July 2013

Running an SSH Server on Multiple Ports (Without restarting service)

There are a lot of reasons you could need to run sshd (the ssh server) on a port other than the standard port 22.  Sometimes you have too many hack attempts on port 22,  I moved my sshd to a high port number on one server for the first reason.It's pretty easy to do on your Linux box.
 On the machine that's running sshd, the ssh server,

 edit /etc/ssh/sshd_config.

                                     SSH-Secure Shell


Since 22 is the default value for Port, sshd will behave the same if you have no Port directive at all or if you have this comment.The lines that have no # in front of them are directives. 


If you want to have sshd listen on
ports 22, 8081 and 2013 you need lines like this
Port 22 
Port 8081
Port 2222

Reload the service (note: this command  will not restart the service) 
# /etc/init.d/sshd reload     
Or
#service sshd reload 

To log into a system that is running ssh on an unusual port, include the port number 
in the ssh command like this:
# ssh -p 8081 user@your-ip
OR
# ssh -p 2222 user@you.homenetwork.com

Tuesday, 11 June 2013

linux booting process step by step

In this topic we will discuss indepth of Linux Boot Sequence.How a linux system boots?
How computer startup?
Booting is a bootstrapping process that starts operating systems when the user turns on a computer system
A boot sequence is the set of operations the computer performs when it is switched on that load an operating system

 
Booting sequence

1.Turn on

2.CPU jumps to address of BIOS (0xFFFF0)

3.BIOS runs POST (Power-On Self Test)

4.Find bootable devices

5.Loads and executes boot sector form MBR

6.Load OS
   BIOS (Basic Input/OutputSystem)


BIOS refers to the software code run by a computer when first powered on
The primary function of BIOS is code program embedded on a chip that recognizes and controls various devices that make up the computer.

 Boot loader

MBR (Master Boot Record) 

OS is booted from a hard disk, where the Master Boot Record (MBR) contains the primary boot loader

The MBR is a 512-byte sector, located in the first sector on the disk (sector 1 of cylinder 0, head 0)

After the MBR is loaded into RAM, the BIOS yields control to it. 
 The first 446 bytes are the primary boot loader, which contains both executable code and error message text

 Other boot loader (Several OS)
bootman
GRUB
LILO
NTLDR
XOSL
BootX
loadlin
who are responsible for the booting process.
       1.BIOS(Basic Input/Output System)
        2.MBR(Master Boot Record)
        3.LILO or GRUB
             LILO:-LInux LOader
             GRUB:-GRand Unified Bootloader
        4.Kernel
        5.init
        6.Run Levels
1.BIOS:
      i.When we power on BIOS performs a Power-On Self-Test (POST) for all of the different hardware components in the system to make sure everything is working properly
2.MBR
     i. Normally we use multi-level boot loader.Here MBR means I am referencing to DOS MBR
ii.Afer BIOS executes a valid DOS MBR,the DOS MBR will search for a valid primary partition marked as bootable on the hard disk.
3.LILO
     i.LILO is a linux boot loader which is too big to fit into single sector of 512-bytes.
GRUB
     i.GRUB MBR consists of 446 bytes of primary bootloader code and 64 bytes of the partition table.
4.Kernel
     i.Once GRUB or LILO transfers the control to Kernel,the Kernels does the following tasks
  • Intitialises devices and loads initrd module
  • mounts root filesystem 
5.Init
     i.The kernel, once it is loaded, finds init in sbin(/sbin/init) and executes it.

6.Runlevel
     i.There are 7 run levels in which the linux OS runs and different run levels serves for different purpose.The descriptions are
given below.
  • 0  – halt (shut down)
  • 1  – Single user mode
  • 2  – Multiuser, without NFS (The same as 3, if you don’t have networking)
  • 3  – Full multiuser mode
  • 4  – unused
  • 5  – X11
  • 6  – Reboot

Friday, 7 June 2013

How to configure NFS server in Linux

What is NFS?
  A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network. The Network File System (NFS) is the standard for sharing files on a directory with Linux and Unix computers. It was originally developed by Sun Microsystems in the mid-1980s.
  You can create shared NFS directories directly by editing the /etc/exports configuration file, or you can create them with Red Hat's NFS Configuration tool.
NFS:-  Benefits and Problems 
Benefits:
-> DFS that allows local access to remote files.
-> Uses standard client/server architecture.
-> Using NFS the server “export” his data to other clients.
-> Provide centralize storage solution.
-> Users get their data irrespective of physical location.
Problems:
-> Network congestion.
-> Heavy disk activity on NFS server.
-> Its design assume a trusted environment, not a hostile environment.
-> NFS is based on RPC (Remote Procedural Call) which is easy to     exploit.
-> For Security reasons – NFS cannot be used over Internet. 


NFS Services

portmap   : Map calls made from other machines
nfs  : Translates NFS requests in requests on the local     system
rpc.mountd  : Mounts and Unmounts  filessystems
Server Configuration : Sharing Files 
Exported files are defined in main configuration file 

/etc/exports 

Examples : -
vi    /etc/exports
/data  *.example.com(ro,sync) station1.example.com(rw,sync)‏
/data  192.168.0.0/255.255.255.0(ro,sync)‏
Then After Exporting Files
service    portmap     start
service   nfs   start
chkconfig      --level  35   portmap   on
chkconfig      --level  35   nfs    on
Client Configuration : Mounting Shares 
Mounting can be done by using following methods
Mount command [ Temporary ]
mount    -t   nfs  192.168.0.254:/data   /mnt
/etc/fstab  file  [ Permanent ]
192.168.0.254:/data      /mnt    nfs     defaults    0   0 
Mounting NFS share on two directories on same system 
First mount to /home/data
mount   -t   nfs   x.x.x.x:/data   /home/data

Now bind /home/data to /backup
  mount   --bind   /home/data   /backup


NFS Commands  
showmount    -e     :shows the available shares
exportfs  -v     :Displays a list of shares files  and options on a server
exportfs   -a     :Exports all shares listed in  /etc/exports ,or given name
exportfs   -u     :Unexports all shares listed in  /etc/exports ,or given    name
exportfs   -r    :Refresh the server’s list after modifying  /etc/exports
NFS & TCP Wrappers:
Two services are required for TCP wrappers -
mountd 
portmap

How to configure FTP Server in Linux

What is FTP?

  FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971.  FTP set out to solve the need to publish documents and software so that people could get them easily from other computer systems. On the FTP server, files were organized in a directory structure; users could connect to the server over the network ,and download files from (and possibly upload files to) the server. 
 What is vsftpd?

The Very Secure FTP Server (vsFTPd) is the only FTP server software included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks. 
    Configuration Files

/etc/vsftpd/vsftpd.conf  : Main Configuration File
/etc/vsftpd/ftpusers  : Contains Users list to deny permanently
/etc/vsftpd/user_list  : Contains Users list to allow or deny
FTP uses TCP ports 20 (for ftp data) & 21 (ftp program). 
Starting vsftpdservice
service    vsftpd    start
chkconfig    --level   345   vsftpd  on  
Client Side Commands 
  For Connecting to FTP Server 
ftp     10.10.10.101
For Installing Packages from FTP  server 
rpm  -ivh  ftp://x.x.x.x/pub/Server/package.rpm
 Hardening FTP

Limit users to their “home directory” only.   vi /etc/vsftpd/vsftpd.conf
  chroot_local_user=YES
Allowing “anonymous” upload to FTP
STEP – 1:   vi /etc/vsftpd/vsftpd.conf 
anon_upload_enable=YES] 
chown_uploads=YES   
chown_username=daemon 
anon_umask=077  
STEP -2: Create a directory under – mkdir /var/ftp/incoming 
chmod   730  /var/ftp/incoming
chown   root:ftp   /var/ftp/incoming

STEP – 3: Set the Boolean value: 
setsebool   -P   allow_ftpd_full_access   on
service vsftpd restart