Un jour vous pouvez resté bloqué par un mot de passe perdu pour accéder à Webmin et vous auriez besoin d’un moyen de le changer.
Voici comment: pour commencer, connectez-vous à votre système en ssh.Vous devez trouver où Webmin est installé et donc le chemin que le script utilisera pour réinitialiser le mot de passe. Lire la suite…
Récemment, je me suis aperçu que mon dernier fichier /var/log/auth.log n’avait pas été renouvelé depuis le 17/04/2011… Evidemment, ça n’aide pas à analyser sereinement les fichiers de logs, vu la taille que ça génère: 105306586 c’est-à-dire plus de 100Mo !
Je voulais conserver 26 semaines de logs pour analyser les tentatives d’intrusion et calculer leur évolution au fur et à mesure que je renforçais la protection de mon serveur.
Tout simple:
auth.log qu’on appelle /etc/logrotate.d/auth:/var/log/auth.log
{
rotate 26
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
/var/log/auth.log dans /etc/logrotate.d/authrsyslog:/etc/init.d/rsyslog restart
Source: korben.info
Les barbus du Linux le connaissent depuis longtemps, mais pour les autres, je vous explique rapidement. Tout d’abord Aria2 est sous licence GPL et tourne sans aucun souci sous Mac, Linux, Windows et même Android. L’outil est léger (il consomme peu de CPU et de mémoire), mais surtout très puissant puisqu’il gère en plus des liens classiques, les Metalink, ce qui lui permet de télécharger des fichiers en exploitant plusieurs connexions simultanées utilisant plusieurs sources et/ou protocoles différents.
Oui c’est fou ! Cela permet d’exploiter au maximum la bande passante que vous avez à votre disposition.
Aria2 supporte donc le HTTP, FTP, mais aussi Bittorrent avec toutes ses fonctionnalités (DHT, chiffrement PEX, URI magnétique, Web-Seeding, téléchargement sélectif, tracker UDP et le protocole Local Peer Discovery). Aria2 est aussi pilotable à distance (support RPC) et gère sans souci ce qui est droit d’accès, cookies, proxys…etc.
N’allez pas croire que Aria2 est un outil compliqué à prendre en main. Taratata, c’est au contraire très simple à piger, comme vous allez voir dans les exemples ci-dessous :
Pour télécharger simplement un fichier :
aria2c http://example.org/mylinux.iso
Pour télécharger un fichier à partir de 2 sources différentes (HTTP, FTP) :
aria2c http://a/f.iso ftp://b/f.iso
Pour télécharger un fichier à partir de 3 connexions de source différente (Torrent, FTP, HTTP) :
aria2c -Ttest.torrent "http://host1/file" "ftp://host2/file"
Si ça vous branche d’explorer un peu plus ses possibilités, la documentation est ici. Autrement, sachez aussi qu’il existe des interfaces graphiques pour Aria2 comme :
Source: Juan Valencia’s website
In this post I cover the basics of rsync, in preparation for a subsequent post that will cover backups and it’s use in conjunction with cronjobs to automatize the backup process. From the copying and synchronization of local files and folders, to it’s use for transfer information among computers. Itsuse as a daemon when SSH is unavailable was moved to it’s own section.
Topics
The basics of rsync
Copying local files and folders
Dealing with whitespace and rare characters
Update the contents of a folder
Synchronizing two folders with rsync
Compressing the files while transferring them
Transferring files between two remote systems
Excluding files and directories
Running rsync as a daemon (moved to it’s own section)
Some additional rsync parameters
Footnotes
rsync is a very versatile copying and backup tool that is included by default in almost every Linux distribution. It can be used as an advanced copying tool, allowing us to copy files both locally and remotely. It can also be used as a backup tool. It supports the creation of incremental backups.
rsync counts with a famous delta-transfer algorithm that allows us to transfer new files as well as recent changes to existent files, while ignoring unchanged files. Additionally to this, the behavior ofrsync can be throughly customized, helping us to automatize backups, it can also be run as a daemon to turn the computer into a host and allow rsync clients connect to it.
Besides the copying of local files and folders, rsync allow us to copy over SSH (Secure Shell), RSH (Remote Shell) and it can be run as a daemon in a computer and allow other computers to connect to it, when rsync is run as a daemon it listens to the port TCP 873.
When we use rsync as a daemon or when we use RSH, the data that is send between computers travels unencrypted, so, if you are transferring files between two computers in the same local network, this is useful, but this shouldn’t be used to transfer files over insecure networks, such as the Internet. For this purpose SSH is the way to go.
This is the main reason why I favor the use of SSH for my transfers, besides, since SSH is secure, many servers have the SSH daemon available. But the use of rsync as a daemon for transfers over fast connections, as is usually the case in a local network, is useful. I don’t have the RSH daemon running in my computers so you may find me a bit biased about SSH in the examples. The examples covering the transfer of files between two computers use SSH as the medium of transport, but in a separate post I cover the use of rsync as a daemon.
Recently the hard drive in my mac mini running Mac OSX Leopard (10.5) failed. Luckily I had time machine backing it up to an external USB disk. Now, since I had to replace the drive and rebuild my system anyway I figured, why not upgrade to Snow Leopard? Planning to just pull what I needed off the backup drive manually I went ahead with the upgrade. There aren’t too many files on this machine that I depend on. Just some ssh keys, gpg keys and random documents scattered about here and there. So I upgraded, installed my apps and copied my files from the backup. Everything was going smoothly until I tried to actually write to one of the files I copied from the backup drive. This is when I started getting permission errors.
Here’s what happened when I tried to update my ssh known_hosts file:
airbag:~ keith$ echo foo > .ssh/known_hosts -bash: .ssh/known_hosts: Permission denied
Huh? But I own this file…dont I?
airbag:~ keith$ id uid=501(keith) gid=20(staff) groups=20(staff),402(com.apple.sharepoint.group.1),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),401(com.apple.access_screensharing) airbag:~ keith$ ls -al .ssh/known_hosts -rw-r--r--@ 1 keith 502 56140 Mar 25 2009 .ssh/known_hosts
Well, as it turns out I forgot to look at the file ACLs…
airbag:~ keith$ ls -le .ssh/known_hosts -rw-r--r--@ 1 keith 502 56140 Mar 25 2009 .ssh/known_hosts 0: group:everyone deny write,delete,append,writeattr,writeextattr,chown
Well no wonder, the ACL is set to deny write,delete,append,writeattr,writeextattr and chown from everyone! Let’s get rid of that.
airbag:~ keith$ sudo chmod -N .ssh/known_hosts Password:
That ought to do it. The -N flag says get rid of all the ACL info on the file. You could also update this to be just right for your user or group but I’d rather use only the standard unix permissions.
airbag:~ keith$ ls -le .ssh/known_hosts -rw-r--r--@ 1 keith 502 56140 Mar 25 2009 .ssh/known_hosts
Seems to have removed all ACLs from the file. I wonder if we can write to it now…
airbag:~ keith$ echo foo >> .ssh/known_hosts airbag:~ keith$
And there you have it, the file is writable once again. Now its time to get some real work done!