Category Archives: Linux Administration

How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.

 

sudo: no tty present and no askpass program specified | sudo: no tty present and no askpass program specified

I was setting up automated logon with SSH, and wanted to have root access via sudo to perform certain tasks. Ended up getting these errors when I tried to run sudo commands over the ssh link.

The cause of this error is not having the correct setup on your /etc/sudoers file. Here is the fix.

Edit your sudoers file with

visudo

Ensure your usernames entry looks like this.

Ensure the NOPASSWD is present, that does the trick.

 

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog

 

RHEL and Fedora setting password expiry | bash linux password expire chage

A very common Linux administration task is to set user account to expire their password and request a new account password from the user.

To see what the current policy is set to, execute the following.

You should see output like.

You can change the password expiry with the following command

 

Howto setup Rasbian Buster with BATMAN Mesh networking | raspberry pi 3 rasbian mesh batman network

I wrote this article a while ago about setting up BATMAN mesh networking with Rasbian Jesse on a Raspberry Pi 3.

This worked well, but stopped working with the newer versions of Rasbian, since there have been changes to the operating system.

After testing for several days, I found adding one command into the original script gets it to work just fine.

How to below.

After a fresh install of Rasbian Buster, connect to the system via ssh and run the following command to install BATMAN.

Lets create the mesh startup script.

The script will contain the instructions for bring up the interfaces and get  mesh, just change the IP address at the bottom on the next hosts, increment by one. Copy and past the following into the mesh.sh file.

Now let make the script executable.

And add to crontab so that its executed at every reboot

Add the following

Reboot and mesh should be up and running.

Test by executing the following command.

Should see something like this.

 

Raspberry Pi 3 error IPTables | Raspberry pi error – iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

Was building a RPi3 machine and got the following error after an update.

Turns out nothing to worry about, just reboot the Pi.

Nextcloud 13 – 14 Error, Missing Appstore | nextcloud missing availible applications

I encountered an error yesterday which stopped the availible application being displayed on both my Nextcloud 13 and 14 installations.

It turns out to be a bug which can be fixed by inserting the following line into the installdir/config/config.php file.

The entire file should look something like this.

 

Setup a central rsyslog server Howto | Setup a central log server

This document has the instructions required to setup a centralized log server. This should be a minimum requirement for all organizations. A must have tool for intrusion prevention and detection.

Server Setup

Install rsyslog and vim text editor.

Edit the configuration file.

Ensure the configuration file has the following enabled.

Restart the service to allow the change of configuration to take effect.

The following command “netstat” will check to see which ports are open on the system and listening. Port 514 should be open and listening, waiting for logs to be shipped from the client.

If the above ports appear open, then the server configuration is operating correctly.

 

Client Setup

Let install rsyslog and vim text editor

Edit config file.

Appending the following line to the end of the configuration file. Ensure you change the IP address of the forward to the IP address of the rsyslog server configured earlier.

Restart rsyslog to allow the changes to take effect.

To test, issue the following command and tail the logs of the rsyslog server.

You should see the above quoted line appear on the servers logs.

 

 

Setup a backup job for your LAMP sites. | Setup a backup job for your LAMP sites.

I wrote a script which takes a backup of my webserver, taking a snapshot of all the website content, database, and configuration files.

Theory is if the webserver died, we would be about to result quickly using the data backed up.

On the server, put the following script and below is the cron entry which triggers every week. You will need up change the username and password for your mysql server.

This is the cron entry which fires up every friday.

Now this script will be on a linux machine somewhere else, it will connect and copy the backup archive file generated. You must first setup the ssh key so that its passwordless connection.

Simplicity it key! It works and will get you out of trouble. Well worth the 5minute investment.