Databases, Systems & Networks

Shell is used for various purposes under Linux. Linux user environment is made of the following components:

• Kernel – The core of Linux operating system.
• Shell – Provides an interface between the user and the kernel.
• Terminal emulator – The xterm program is a terminal emulator for the X Window System. It allows user to enter commands and display back their results on screen. 
• Linux Desktop and Windows Manager – Linux desktop is collection of various software apps. It includes the file manger, the windows manager, the Terminal emulator and much more. KDE and Gnome are two examples of the complete desktop environment in Linux.

Login

User can login locally into the console when in runlevel # 3 or graphically when in runlevel # 5 (the level numbers may differ depending on the distribution). In both cases you need to provide username and password. Bash uses the following initialization and start-up files:

1. /etc/profile – The systemwide initialization file, executed for login shells.
2. /etc/bash.bashrc – The systemwide per-interactive-shell startup file. This is a non-standard file which may not exist on your distribution. Even if it exists, it will not be sourced unless it is done explicitly in another start-up file.
3. /etc/bash.logout – The systemwide login shell cleanup file, executed when a login shell exits.
4. $HOME/.bash_profile – The personal initialization file, executed for login shells.
5. $HOME/.bashrc – The individual per-interactive-shell startup file.
6. $HOME/.bash_logout – The individual login shell cleanup file, executed when a login shell exits.
7. $HOME/.inputrc – Individual readline initialization file.

Bash Startup Scripts

Script of commands executed at login to set up environment. For example, setup JAVA_HOME path.

Login Shell

Login shells are first shell started when you log in to the system. Login shells set environment which is exported to non-login shells. Login shell calls the following when a user logs in:

• /etc/profile runs first when a user logs in runlevel # 3 (the level numbers may differ depending on the distribution).
  • /etc/profile.d
• $HOME/.bash_profile, $HOME/.bash_login, and $HOME/.profile, runs second when a user logs in in that order. $HOME/.bash_profile calls $HOME/.bashrc, which calls /etc/bashrc (/etc/bash.bashrc).

Non-Login Shell

• When an  interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc or /etc/bashrc and $HOME/.bashrc, if these files exist. First, it calls $HOME/.bashrc. This calls /etc/bash.bashrc, which calls /etc/profile.d.

Bash Logout Scripts

• When a login shell exits, bash reads and executes commands from the file $HOME/.bash_logout, if it exists.

Source: Cybercitiz

Source: osxdaily.com

Though Mac users don’t usually have to worry excessively about “camfecting” malware and spyware, some security conscious users may find it nice to know if a process or application is attempting to access their computers web camera or microphone. 

With the help of a free third party security utility called Oversight, you can have your Mac alert you anytime an application or process tries to activate either recording device on the computer. 

The developer of Oversight explains why a tool like Oversight could be valuable to some users:

“One of the most insidious actions of malware, is abusing the audio and video capabilities of an infected host to record an unknowing user. Macs, of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, OSX/Mokes, and others, all attempt to spy on OS X users. OverSight constantly monitors a system, alerting a user whenever the internal microphone is activated, or the built-in webcam is accessed. And yes, while the webcam’s LED will turn on whenever a session is initially started, new research has shown that malware can surreptitious piggyback into such existing sessions (FaceTime, Sykpe, Google Hangouts, etc.) and record both audio and video – without fear of detection.” 

Sound good? If so, it’s a free download that is easy to install on a Mac with either macOS or Mac OS X:

• Grab Oversight from developer Objective-See here

If you’re interested in this app, simply download Oversight and run the installer (it can be just as easily uninstalled later if you decide you do not need it).

Once installed, Oversight is small and lightweight running quietly in the background, and it will alert you anytime the Mac microphone or webcam FaceTime camera are attempting to be activated. You can then directly intervene and either allow the webcam or microphone access (for legitimate use), or deny it (for theoretical illegitimate use).

Keep in mind that Oversight does not differentiate between legitimate and illegitimate use of the webcam and microphone on your Mac, that is up to you. For example, you will get a notification alert that the microphone and FaceTime camera are trying to be accessed when you open an app like Skype, Photo Booth, FaceTime, or are recording a video on your Mac with the webcam, but since those applications legitimately use the computers microphone and camera they are probably nothing to be concerned about (assuming you have launched them yourself anyway). On the other hand, if out of the blue and with no provocation if you see a process has attempted to access your microphone, that could potentially be an unauthorized attempt to use the microphone and you could choose to reject it and block the device access with Oversight. Whenever possible, Oversight will attempt to notify you of the process name and PID, but sometimes you will see blank notifications of access anyway – again just think about what apps you are using and if they have any reason to use your camera or microphone, similar to how you can control this type of access in iOS for Photos, camera, and microphone. 

This is a software solution which is quite a bit more fancy than the low-tech solution of putting tape on your web camera like the FBI Director does and many security professionals do. You could always use Oversight along with some tape too if you’re extra concerned about your Mac webcam or microphone access and want to be sure nothing fishy is going on from camfecting or otherwise. 

While apps like Oversight could be considered overboard and unnecessary for many Mac users, others who are privacy conscious or in fields where higher security matters may find them to be helpful. I’ve personally noticed a particular web browser will occasionally attempt to access the microphone on my Mac from time to time without an obvious reason which I find to be… curious… and Oversight notified me each time. It’s not for everyone, but if you want to be notified when something is trying to use your Mac camera or microphone, check out the app yourself. 

Well folks its time that my old home hosted server is retired. Which means I have to migrate all of my 5 websites to a new server. Thanks to the way apache, MySQL WordPress and Drupal work, its easy.

1. Copy Apache Config Files

# ssh username@oldserver
# scp /etc/apache2/sites-available/ user@newserver:/etc/apache2/sites-available/

This will copy all the apache config files over to the new server. Now enable all the sites you copied by creating a symbolic link for each .config file you copied in sites-enabled.

# ln -s /etc/apache2/sites-available/yourwebsite.com.conf /etc/apache2/sites-enabled/yourwebsite.com.conf

or use the command a2ensite which does the same thing for you

# a2ensite yourwebsite.com

Restart apache for the changes to take effect.

# /etc/init.d/apache2 restart

2. Copy Your Websites

# scp -r /var/www/ username@newserver:/var/www

Default WordPress and Drupal installs are just files and we have now copied them across. However all the content, comments etc are stored within MySQL so lets migrate that now.

3. Migrate MySQL

Start by being logged into the old server.

# mysqldump --all-databases -u root -p > backup.sql
# scp backup.sql username@newserver:/home/username/
# ssh username@newserver
# mysql -u root -p < backup.sql

What we did here was use mysqldump to script every database and its contents into several sql commands. Then we copied them to the new server and piped them into the new sql server. All our databases, users and table contents have been imported. Magic.

4. DNS Migration

Now all you need to do is reconfigure your DNS servers to point to the new IP address. Chances are your not hosting your own DNS server so you will have to update them using your provider’s web interface. A word of advice though, create a new entry like test.yourdomain.com and point it to the new server first to make sure everything works.

If you read our previous article Easy Ubuntu Server Firewall, then you may have noted that on Ubuntu 16.04 the described method no longer works. This is due to systemd. In the article below we will walk through creating a persistent IPTables based firewall on Ubuntu 16.04 LTS. First we need to install some required software packages. As seen in the command below, install iptables-persistent. Next we will make netfilter-persistent run at boot. This is the most important step as it will ensure your rules are reloaded at boot time.

# Install IPTables Persistent Package
apt-get install -y iptables-persistent
# Add netfilter-persistent Startup
invoke-rc.d netfilter-persistent save
# Stop netfilter-persistent Service
service netfilter-persistent stop

Once the packages above are installed and the service is stopped, you will have a new directory at /etc/iptables/. This directory holds the IPTables filter rules that will be reloaded at boot time. These files are named rules.v4 and rules.v6 respectively. IPV4 rules are loaded into rules.v4 and IPV6 rules are loaded into rules.v6. For the purpose of this article we will focus on IPV4 rules. Next we will want to copy the rules below into our rules.v4 file. Of course the rules will need to be modified to fit your environment.

# Generated by iptables-save v1.3.3 on Wed Apr 9 10:51:08 2008
# Flush out any rules that are already in there
*filter
:INPUT ACCEPT [146:11332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [104:9831]
 
# Allow internal loopback connections
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
 
# Allow pinging
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
# Allow any outbound data, and any inbound data related to a connection that is already in use
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
 
# =========BEGIN SERVER SPECIFIC PORT OPEN RULES=========
# Allow SCP/SSH Access from Green & Blue Subnet
-A INPUT -s 172.16.12.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 10.10.12.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
 
# Allow HTTP Access from Red Subnet/Internet
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 80 -j ACCEPT
 
# Allow HTTPS Access from Red Subnet/Internet
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 443 -j ACCEPT
 
# Allow MySQL Access from Red Subnet/Internet
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 3306 -j ACCEPT
 
# Allow FTP Access from Red Subnet/Internet
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 58000:58010 -j ACCEPT
# =========END SERVER SPECIFIC PORT OPEN RULES=========
 
# Drop everything that hasn't been picked up by one of the rules above
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j DROP
 
COMMIT
# Completed on Wed Apr 9 10:51:08 2008

Lastly, in order for our new rules to take affect, we simply need to start the netfilter-persistent service as seen below. That’s it, you now have a fully functional IPTables based firewall.

# Start netfilter-persistent Service
service netfilter-persistent start

# Check if IPTables were applied
iptables -L

This tutorial will guide you through your very first configuration of an SSL website with Let’s Encrypt certification. Let’s Encrypt is a new SSL authority that provides free SSL certificates. We are going to use two existing tutorials (“How to setup an intermediate compatible SSL website with Let’s Encrypt certificate” and “The Perfect Server – Ubuntu 15.10 (Wily Werewolf) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3”).

The setup described here is compatible with any Ubuntu LAMP server, so you can use this one as the basis setup too.

This tutorial will show you how to setup Let’s Encrypt on Servers without ISPConfig 3 as there will be a direct implementation of the Let’s Encrypt service in the next ISPConfig 3 release (version 3.1) soon. So if you plan to use ISPConfig, wait for the 3.1 release and also a new tutorial.

Creating the website

The 1st step is to create the website configuration and directory and enable SSL (Apache mod_ssl) for it. It’s up to you if you use the default configuration for one website on a server or you plan to use multiple vhosts to host more than one domain. For more reliable and scalable usage, I’ll create a vhost configuration for my “lab” domain isp1.cloudapp.net from Azure.

Lire la suite…