Log to a remote system using SSH without having to type the password.
This has few different names, such as: passwordless, RSA key authentication, key based auth etc.
Recently i was trying to implement a mechanism to save all logs under /var/log/ to a central server, just for keeping a record daily of these logs, in case we need to check things out at later date (security).
You will need to make some changes to the remote SSH server and the local SSH client.
To start with lets name two Linux Servers: Linux01 and Linux02.
You want to lot to Linux02 from Linux01 without having to type the password for a specific user, let's call it "user01".
Make sure the user exists on both Linux servers or at least on the remote Server (Linux02).
# adduser user01
# passwd user01
# su - user01
~ ssh-keygen
cat .ssh/id_rsa.pub | ssh user01@linux02 'cat >> .ssh/authorized_keys'
chmod 600 authorized_keys
by Renato de Oliveira
Wednesday, 23 July 2014
Sunday, 25 May 2014
Send Users Commands typed in the SHELL to Syslog
# cd /etc
# vi profile
Add the lines below:
function history_to_syslog
{
declare command
command=$(fc -ln -0)
if [ "$command" != "$old_command" ]; then
logger -p local1.notice -t bash -i -- $USER : "$command"
fi
old_command=$command
}
trap history_to_syslog DEBUG
# vi rsyslog.conf
Add the lines below:
# Logging users BASH commands to syslog
local1.notice /var/log/cmd.log
By Renato
# vi profile
Add the lines below:
function history_to_syslog
{
declare command
command=$(fc -ln -0)
if [ "$command" != "$old_command" ]; then
logger -p local1.notice -t bash -i -- $USER : "$command"
fi
old_command=$command
}
trap history_to_syslog DEBUG
# vi rsyslog.conf
Add the lines below:
# Logging users BASH commands to syslog
local1.notice /var/log/cmd.log
By Renato
Thursday, 22 May 2014
Juniper SRX web-management not loading or working (Security)
Today I was trying to do some work on one of our Juniper Firewalls and I tried and tried to access the web interface and no luck.
I could access the firewall over SSH but I wanted to visually check the configuration using HTTP.
I tried resetting logs
I tried removing old traceoptions
I did not want to reboot the firewall and I did not! Happy days
In the end what did the trick was easy option, to restart the web-management
admin@firewall> edit
admin@firewall# run restart web-management
Web management gatekeeper process started, pid 75995
{primary:node0}[edit]
admin@ccpsrx240-01#
I could access the firewall over SSH but I wanted to visually check the configuration using HTTP.
I tried resetting logs
I tried removing old traceoptions
I did not want to reboot the firewall and I did not! Happy days
In the end what did the trick was easy option, to restart the web-management
admin@firewall> edit
admin@firewall# run restart web-management
Web management gatekeeper process started, pid 75995
{primary:node0}[edit]
admin@ccpsrx240-01#
And that is it!
If you come across this problem next time.
by Renato de Oliveira
Tuesday, 6 May 2014
Give root privileges without giving root shell (Security)
Give root privileges without giving root shell
If you have a team of Linux Sysadmins, and would like the team to have root privileges, but would not want to give a shell to them, this is what you need to do.
You will need to familiarise yourself with a package called sudo. Let's say you have a sysadmin named admin1.
All you need to do is:
Create an account for admin1 then edit the sudo configuration file called sudoers.
Create new user
# adduser admin1
Set the new users password
# passwd admin1
Change to etc folder
# cd /etc
Edit sudo config file
# vi sudoers
Add the lines below to sudoers
## Shell and SU
Cmnd_Alias NSHELLS = /bin/sh,/bin/bash
Cmnd_Alias NSU = /bin/su
admin1 ALL=(ALL) ALL
It is that simple. Does not take too long and now you can keep the root password separate and do not need to disclose it to other sys admins.
by Renato de Oliveira
If you have a team of Linux Sysadmins, and would like the team to have root privileges, but would not want to give a shell to them, this is what you need to do.
You will need to familiarise yourself with a package called sudo. Let's say you have a sysadmin named admin1.
All you need to do is:
Create an account for admin1 then edit the sudo configuration file called sudoers.
Create new user
# adduser admin1
Set the new users password
# passwd admin1
Change to etc folder
# cd /etc
Edit sudo config file
# vi sudoers
Add the lines below to sudoers
## Shell and SU
Cmnd_Alias NSHELLS = /bin/sh,/bin/bash
Cmnd_Alias NSU = /bin/su
admin1 ALL=(ALL) ALL
It is that simple. Does not take too long and now you can keep the root password separate and do not need to disclose it to other sys admins.
by Renato de Oliveira
Monday, 5 May 2014
Rushing Around by Renato de Oliveira
Rushing around
Trying to do everything
There is a feeling
Something I am missing
So many hours in a day
How many things can I do?
Even if I don't sleep
I can't do much too
Rushing around
This is how I am feeling
Never enough time
For what I need
From one thing to another
Jumping from here to there
Why should I even bother
Or even really care
Frustration builds up
Never finishing what I started
goal post is a moving target
Rushing around
is the new world we live in
There is never enough time
for you or for me
I like writing and I am exercising my writing in English. If you like this lyric and would like to make a song just get in touch.
My Days Are Counted
My Days Are Counted by Renato de Oliveira
I have this feeling
What’s the meaning of all of that
Is it really worth it
I go home, what do I have
My days are counted
How many I don’t know
My days are counted
I just have to go
I just have this feeling
And it won’t go away
It is so unfulfilling
I just can’t stay
My days are counted
1, 2 , 3 I really don’t know
My days are counted
I just have to go
It is not that easy
To live this way
A life without meaning
Dragging day by day.
Counting my days
How far can I go?
Counting my days
It is sad though
My days are counted…..
If you find this lyric interesting or good and are interested in making a song of it, just get in touch and I have some ideas.
by Renato de Oliveira
Saturday, 5 October 2013
Crete Partitions larger than 2TB
Crete Partitions larger than 2TB
Create a partition on Linux using parted and labelling
it with gpt
1.dmesage |grep sd
2.parted /dev/sdb3.(parted) mklabel gpt
4.(parted) unit TB
5.(parted) mkpart primary 0.00 4.95TB
6.(parted) print
7.(parted) quit
8.mkfs.ext4 /dev/sdb1
9.vi /etc/fstab (add)
/dev/sdb1 /local ext4 defaults 1 2
Add New Volume
1. Added physical disks
2. Created RAID 1 Volume3. umount /local/
5. # vgdisplay
6. dmesg | grep sd
sd 0:0:0:2: [sdb]
1172058032 512-byte logical blocks: (600 GB/558 GiB)
7. # pvcreate /dev/sdb8. # pvdisplay – check if it has been created
"/dev/sdb" is a new physical volume of "558.88 GiB"
--- NEW Physical volume ---
PV Name /dev/sdb
VG Name
PV Size 558.88 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID SX1ekz-o4Aj-5yXO-QbIF-AdPw-L3Iq-kewNFQ
9. find out the existing name for the existing volume
group:
# vg_local
# vgdisplay
11. check if group
has been created:
#
vgdisplay | grep 60012. lvcreate -L 550G -n lv0_local600 vg_local600
13. Find the File
system type:
# cat /etc/fstab | grep ext = ext4
15. # mount new file system
mount /dev/vg_local600/lv0_local600 /local
Subscribe to:
Posts (Atom)