Saturday, February 11, 2012

(Howto label Linux partition)

In linux, to label a partition, there are 3 tools that can be used. The tools are e2label, tune2fs and mke2fs.

To use e2label to label the second partition of the first hardisk with label DATA:
# e2label /dev/sda2 DATA

To use tune2fs to do the similar job as above:
# tune2fs -L DATA /dev/sda2

The third tool, mke2fs is actually a tool to build ext2/ext3 filesystem. So, if you want to build the partition's filesystem as ext2/ext3 and at the same time label it, this command can be used. Be careful though, because it will delete all existing data on that particular partition
# mke2fs -L DATA /dev/sda2

To view the label that you have set, there are 3 ways which are using e2label, blkid and viewing /dev/disk/by-label.

To check using e2label:
# e2label /dev/sda2
DATA

blkid tool is even more useful, because it can list out all the partitions that you have in the machine together with their labels,uuid and filesystem type:
# blkid
/dev/sda1: LABEL="/" UUID="1CC08F13C08EF276" TYPE="ext3" 
/dev/sda2: LABEL="DATA" UUID="2063f830-fe5d-438e-b727-571b313cb89e" TYPE="ext3" 
/dev/sda3: TYPE="swap" LABEL="SWAP" UUID="3e266b53-42e0-4f09-8fe3-d1cf79cb5d37" 

To view the /dev/disk/by-label
# ls -l /dev/disk/by-label
total 0
lrwxrwxrwx 1 root root 10 2009-07-24 05:38 / -> ../../sda1
lrwxrwxrwx 1 root root 10 2009-07-24 05:38 DATA -> ../../sda2
lrwxrwxrwx 1 root root 10 2009-07-24 05:38 SWAP -> ../../sda3

Note that the label will stay with the partition although the disk is moved to another computer.

To use it in /etc/fstab:
LABEL=/ / ext3 defaults 1 1
LABEL=DATA /DATA ext3 defaults 1 2
LABEL=SWAP swap swap defaults 0 0

Renaming files (space to underscore) (rename)


###################
# Using 'rename'
###################

rename 's/\s/_/' * <--- for ubuntu
rename " " "_" *  <---- for fedora

For example, to rename all files matching "*.bak" to strip the extension, you might say
rename 's/\.bak$//' *.bak

To translate uppercase names to lower, you'd use
rename 'y/A-Z/a-z/' *

###################
# Using 'mv'
###################

for FILE in *; do mv -- "$FILE" "`echo $FILE | sed 's/ /_/g'`"; done

How to generate 100% CPU load

#!/bin/bash

while : ; do
true
done

The Best Linux Security Tools


You can never be too safe these days. Virusesspyware, rootkits, remote exploits, you just never know what security issue is going to be your downfall. That’s why it is important as a Linux administrator to have an understanding of some of the best Linux security tools available to you. In this article, you will learn about ten of the best Linux security tools, and resources on how to use them to your advantage.
  • Nmap Security ScannerNmap, which stands for “Network Mapper” is a free open source utility that allows you to explore and audit a network. From the website: “Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.”
    For Nmap installation documents, go here.
    There is a very useful tutorial here on the numerous scan types Nmap allows.
    This PDF is a great print-out reference that includes all of the major Nmap options.
  • Nessus Vulnerability ScannerNessus is a vulnerability scanner that probes your network machines against an up-to-date security vulnerability database, alerting you of security holes, with detailed analysis on how to fix each hole. From the Nessus website: “Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.”
    See an example scan report here.
    For Nessus installation documents, go here.
    A nice technical guide to Nessus can be found here.
    The Nessus knowledge base is here.
  • Clam AntiVirus
    ClamAV is a GPL anti virus toolkit. The main purpose of ClamAV is the integration with mail servers, but can also be used to scan files for viruses on the command line. It provides a flexible and scalable multi-threaded daemon, a command line scanner and a virus database that is kept up to date. The most popular use of ClamAV is on a mail server, tied in with a anti-spamapplication like Spam Assassin.
    For installation help, go here.
    The Clam AntiVirus wiki can be found here.
    This PDF document covers all you need to know about ClamAV.
  • SnortSnort is one of the greatest weapons you can have in the fight against intrusions. Snort is mainly used in three different ways: as a packet sniffer, a packet logger, or as a complete intrusion detection system (IDS). From the website: “Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety ofattacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.”
    The official Snort users manual can be found here.
    For a very complete comprehensive list of documents, go here.
  • ChkrootkitChkrootkit is a tool designed to locally check for signs of a root kit on your Linux machine. “Root kits” are basically files that can hide on your machine after a break in that allow the attacker to gain access to your computer in the future.
    This PDF explains adding chkrootkit to your auditing arsenal.
  • TripwireTripwire is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. Basically, tripwire has the ability to alert you when files have been modified on your system.
    A comprehensive guide to implementing tripwire can be found here.
    This is a nice howto on setting up tripwire.
  • Rootkit HunterRootkit Hunter is a great tool for analyzing and monitoring the security of your systems. Like Chkrootkit, this tool also checks for rootkits that may be hiding on your machine, as well as other tools on your system that may be potentially dangerous.
    A detailed guide on downloading and installing Rootkit Hunter can be found here.
  • KismetFrom the website: “Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.” If you have a wireless network, or travel with a laptop, this security tool is a must have.
    This Kismet readme covers just about all you need to know.
    There is also a lot of useful information located within the Kismet forums.
  • Shorewall
    Shorewall is a very powerful and flexible firewall that utilizes iptables and Netfilter. Very flexible configuration allows the firewall to be used in a wide variety of firewall/gateway/router and VPN environments.
    The Shorewall Installation document can be found here.
    Here is a quick start guide to using Shorewall.
    Shorewall Features can be found here.
  • Ethereal (Now called Wireshark)
    Wireshark is a very popular network protocol anyalizer that has a varaiety of security features including a packet browser, live capture and offline analysis and more. Basically, Wireshark captures packets going across the network and displays them to you with as much detail possible. From the users guide: “You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).”
    Here is the Wireshark users guide.
    The Wireshark wiki is here.
Now that you’ve gotten a glimpse at ten of the best Linux security tools, it is up to you to install them and put them to use in your network environment.

How to Restore a Bad Superblock

When the superblock of a file system becomes damaged, you must restore it. fsck tells you when a superblock is bad. Fortunately, redundant copies of the superblock are stored within a file system. You can use fsck -o b to replace the superblock with one of the copies.

How to Restore a Bad Superblock

1. Become superuser.

2. Change to a directory outside the damaged file system.

3. Unmount the file system.

# umount mount-point

4. Display the superblock values with the newfs -N command.

# newfs -N /dev/rdsk/device-name

The output of this command displays the block numbers that were used for the superblock copies when newfs created the file system, unless the file system was created with special parameters. See "Deciding on Custom File System Parameters" for information on creating a customized file system.

5. Provide an alternative superblock with the fsck command

# fsck -F ufs -o b=block-number /dev/rdsk/device-name

fsck uses the alternative superblock you specify to restore the primary superblock. You can always try 32 as an alternative block, or use any of the alternative blocks shown by newfs -N.

ex) The following example restores the superblock copy 5264 for the /files7 file system:

# cd /
# umount /files7
# newfs -N /dev/rdsk/c0t3d0s7
/dev/rdsk/c0t3d0s7: 163944 sectors in 506 cylinders of 9 tracks, 36 sectors
 83.9MB in 32 cyl groups (16 c/g, 2.65MB/g, 1216 i/g)
super-block backups (for fsck -b #) at:
 32, 5264, 10496, 15728, 20960, 26192, 31424, 36656, 41888,
 47120, 52352, 57584, 62816, 68048, 73280, 78512, 82976, 88208,
 93440, 98672, 103904, 109136, 114368, 119600, 124832, 130064, 135296,
 140528, 145760, 150992, 156224, 161456,
# fsck -F ufs -o b=5264 /dev/rdsk/c0t3d0s7
Alternate superblock location: 5264.
** /dev/rdsk/c0t3d0s7
** Last Mounted on
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
36 files, 867 used, 75712 free (16 frags, 9462 blocks, 0.0% fragmentation)
/dev/rdsk/c0t3d0s7 FILE SYSTEM STATE SET TO OKAY
 
***** FILE SYSTEM WAS MODIFIED *****

Editor VI SET useful preferences


Their HOME directory. vimrc file, create the following additional information is.

set tabstop=2  
set color evening 
set shiftwidth=2 
set expandtab 
set softtabstop = 2 "when converted to a space character tab spacing in units of two spaces shall be deleted
set visualbell "user error warning will flash on the screen once Taishan beep.
set nobackup "does not create a backup file
set cindent "C language uses the indentation style.
set autoindent 
set smartindent "more intelligent use indentation.
set enc = euc-kr 
set incsearch "Enter keywords to search for, use the search progresses. (using Firefox seuseo)
syntax on "syntax highlighting is used
filetype on "file, depending on the type of syntax highlighted.
set background=dark
set backspace=eol,start,indent
set history = 1000 "VI until 1000 to save the edited record.
set hlsearch "search highlighting is used.
set ignorecase "search, edit, or substitution is not case-sensitive.
set showmatch "() {} and parentheses but you can enter a match in the parentheses shows

bacula backup system using the online environment to build


Bacula-5.0.2 on-line using a different computer, let's try to back up.

First, the backup server is down, down geulcheoreom install.
Now it's time to setup a client node.


bacula-5.0.2.tar.gz compilation allows you to download after receiving.
여기서 --with-fd-password 는 backup 서버의 bacula/etc/bacula-dir.conf 파일에서
이 client 용으로 설정한 "Client {" 항목 의 "Password =" 의 값을 써준다.

# ./configure --prefix=/usr/local/bacula-5.0.2 --with-readline --with-fd-password="wvyPsGsBPRIgJKhyYV5C0+WJ9MTDR9epBKa/oftfQa/5"   --enable-client-only

# Make

# make install

daemon for client preferences allow to float.
# Cd / usr/local/bacula-5.0.2/etc /
# Vi bacula-fd.conf

Director {
# Name = rhel1-dir
  Name = cep-dir
  Password = "wvyPsGsBPRIgJKhyYV5C0+WJ9MTDR9epBKa/oftfQa/5"
}


Just leave the rest of the items above ten thousand, the Name of Director Name should be replaced with the backup server.
backup server bacula-dir.conf 의 에서

Director {
  Name = cep-dir     #이 이름이 Director Name이다.
  DIRport = 9101                # where we listen for UA connections
  QueryFile = "/ usr/local/bacula-5.0.2/etc/query.sql"
  WorkingDirectory = "/usr/local/bacula-5.0.2/var/bacula/working"
  PidDirectory = "/ var / run"
  Maximum Concurrent Jobs = 1
  Password = "**** yJO" # Console password
  Messages = Daemon
}


And to execute bacula.

#. / Bacula start
# ps -ef |grep bacula
# Netstat-na | grep 910

When checked, all of this well is to be established as normal.

##############
Backup server
##############
이제 는 에서 backup server bacula / etc / bacula-dir.conf 파일 을 수정 해준다.
# Vi bacula-dir.conf

Add adds a client's information.

{Customer
  Name = rhel1-fd  #Client name(임의의 이름으로 본인이 알도록 정한다.)
  Address = rhel1  # hostname
  FDPort = 9102
  Catalog = MyCatalog
  Password = "wvyPsGsBPRIgJKhyYV5C0+WJ9MTDR9epBKa/oftfQa/5"          # password for FileDaemon
  File Retention = 30 days            # 30 days
  Job Retention = 6 months            # six months
  AutoPrune = yes                     # Prune expired Jobs/Files
}

and helps to define the backup from client sipeungot.
FileSet {
  Name = "RHEL1 Set" # 이름 을 정해 준다.
  Include {
    Options {
      signature = MD5
    }
    File = / usr # define the directory you want backed up and allows.
  }
 
  Exclude {# define a backup, you should not allow directory.
    File = /usr/local/bacula-5.0.2/var/bacula/working
    File = /tmp
    File = / proc
    File = /tmp
    File = /. Journal
    File = /.fsck
  }
}


Client willing to add another name if you want to add the Job Definition used to produce the JobDefs.
{JobDefs
  Name = "RHEL1_BAK"
  Type = Backup
  Level = Incremental
  Client-fd # = rhel1 백업 하고 싶은 Client Name 을 적어 준다.
  FileSet = "RHEL1 Set" # 백업 하고 싶은 곳을 정의한 FileSet 의 이름 을 적어 준다.
  Schedule = "WeeklyCycle"
  Storage = File
  Messages = Standard
  Pool = File
  Priority = 10
  Write Bootstrap = "/usr/local/bacula-5.0.2/var/bacula/working/%c.bsr"
}


When running as a console command to run the job is set to run.
{Job
  Name = "BackupClient2"
  Client-fd = rhel1 # Client Name 을 써준다.
  JobDefs = "RHEL1_BAK" # Name JobDefs 을 써준다.
}


When you are finished, save and later as the console goes out.
#. / Bconsole
In order to reload the modified configuration to update the information allows.
*reload
You have messages.

rhel1 to run commands on the server / usr to be backed up.
* Run
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
A job name must be specified.
The defined Job resources are:
     1: BackupClient1
     2: BackupClient2
     3: BackupCatalog
     4: RestoreFiles
Select Job resource (1-4): 2
Run Backup job
JobName:  BackupClient2
Level:    Incremental
Client: rhel1-fd
FileSet:  RHEL1 Set
Pool:     File (From Job resource)
Storage:  File (From Job resource)
When:     2010-06-09 18:22:36
Priority: 10
OK to run? (yes/mod/no): yes
Job queued. JobId = 9
*

This backup is done.

Using the online backup system bacula Environment


To install bacula then a few are needed. (Bin & devel package)
readline package
mysql package ( 다른 DB package여도 된다.)
  - mysql server를 위해 perl-DBD-MySQL package도 필요
python package

start mysql daemon

[] Bacula-5.0.2 install

download: http://www.bacula.org

extract : tar zxvf bacula-x.x.x.tar.gz

configure : ./configure  --prefix=/usr/local/bacula-5.0.2 --with-x --with-mysql --with-readline --with-python --with-db-password=BACULA_PWD --with-db-port=3306 --enable-includes  --enable-bwx-console --enable-static --enable-shared

mysql port is 3306.

make: make

install : make install

환경 설정 하기: bacula server
cd / usr/local/bacula-5.0.2/etc
# Once again, I did report preference sipeulttae
. / Bacula_config
#create bacula database to mysql
. / Create_bacula_datase
#create bacula table to mysql
./make_bacula_tables
#copy from /examples/sample-query.sql to /usr/local/bacula-5.0.2/etc/query.sql
cp /root/bacula-5.0.2/examples/sample-query.sql to /usr/local/bacula-5.0.2/etc/query.sql


checking /etc/service
[root@backup bacula-5.0.2]# cat /etc/services |grep bacula
bacula-dir 9101/tcp # Bacula Director
bacula-dir 9101/udp # Bacula Director
bacula-fd       9102/tcp                        # Bacula File Daemon
bacula-fd 9102/udp Bacula File Daemon #
bacula-sd       9103/tcp                        # Bacula Storage Daemon
bacula-sd       9103/udp                        # Bacula Storage Daemon


run: cd / usr/local/bacula-5.0.2/sbin
        . / Bacula start
        . / Console (or. / Gnome-console)

stop : ./bacula stop


checking bacula stuff
# ps -ef |grep bacula
root 2040 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-sd-v-c / usr/local/bacula-5.0.2/etc/bacula-sd.conf
root 2050 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-fd-v-c / usr/local/bacula-5.0.2/etc/bacula-fd.conf
root 2058 1 0 22:32? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-dir-v-c / usr/local/bacula-5.0.2/etc/bacula-dir.conf
# Netstat-na | grep 910
tcp 0 0 0.0.0.0:9102 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9103 0.0.0.0: * LISTEN    
#. / Bacula status
bacula-sd (pid 18753) is running...
bacula-fd (pid 18763) is running...
bacula-dir (pid 18771) is running...
However, the ttuiwoomyeon bconsole bacula-dir daemon is killed. So as netstat, verify that port 9101 must be submitted.
#. / Bacula status
bacula-sd (pid 2040) is running...
bacula-fd (pid 2050) is running...
bacula-dir dead but pid file exists

This usually works with mysql and bacula are symptoms caused are impossible.
#. / Bacula stop

# mysql
mysql> use mysql
mysql> insert into user (host,user,password) values('localhost','bacula',password('BACULA_PWD'));
mysql> insert into db values('%','bacula','bacula','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N');


[Root @ backup etc] #. / Bacula start
Starting the Bacula Storage daemon
Starting the Bacula File daemon
Starting the Bacula Director daemon
[root@backup etc]# ps -ef |grep bacu
root 19144 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-sd-v-c / usr/local/bacula-5.0.2/etc/bacula-sd.conf
root 19154 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-fd-v-c / usr/local/bacula-5.0.2/etc/bacula-fd.conf
root 19162 1 0 23:13? 00:00:00 / usr/local/bacula-5.0.2/sbin/bacula-dir-v-c / usr/local/bacula-5.0.2/etc/bacula-dir.conf
root     19168  1045  0 23:13 pts/2    00:00:00 grep bacu
[Root @ backup etc] # netstat-na | grep 910
tcp 0 0 0.0.0.0:9101 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9102 0.0.0.0: * LISTEN      
tcp 0 0 0.0.0.0:9103 0.0.0.0: * LISTEN      

[Root @ backup etc] # cd .. / sbin
[Root @ backup sbin] # ls
bacula      bacula-fd  bconsole  bextract  bregex  bsmtp  btraceback  dbcheck
bacula-dir  bacula-sd  bcopy     bls       bscan   btape  bwild
[root@backup sbin]# ./bconsole
Connecting to Director backup:9101
1000 OK: backup-dir Version: 5.0.2 (28 April 2010)
Enter a period to cancel a command.
*

Test backup
[Root @ backup etc] # pwd
/ Usr/local/bacula-5.0.2/etc
# Vi file-list
--------------------------------------------------------
/ Usr/local/bacula-5.0.2/share/man/man1/bacula-bwxconsole.1.gz
/ Usr/local/bacula-5.0.2/share/man/man1/bacula-tray-monitor.1.gz
--------------------------------------------------------
# Bacula-backup fd.conf 는 될곳 (client) 에 떠 있는 daemon 의 환경 설정 파일. (Client server)
# Vi bacula-dir.conf (backup server)
Where to backup (client) is defined definitions and backup servers.
--------------------------------------------------------
# List of files to be backed up
FileSet {
  Name = "Full Set"
  Include {
    Options {
      signature = MD5
    }
#
#  Put your list of files here, preceded by 'File =', one per line
#    or include an external list with:
#
# File =
#
#  Note: / backs up everything on the root partition.
#    if you have other partitions such as /usr or /home
#    you will probably want to add them too.
#
#  By default this is defined to point to the Bacula binary
#    directory to give a reasonable FileSet to backup to
#    disk storage during initial testing.
#
    # File = / usr/local/bacula-5.0.2/sbin
    File =
  }
#
# If you backup the root directory, the following two excluded
#   files can be useful
#
  Exclude {
    File = /usr/local/bacula-5.0.2/var/bacula/working
    File = /tmp
    File = / proc
    File = /tmp
    File = /. Journal
    File = /.fsck
  }
}
--------------------------------------------------------------
# Vi bacula-sd.conf (backukp server)
accumulate backup file storage-related information to be indicated.
--------------------------------------------------------------
Device {
  Name = FileStorage
  Media Type = File
#  Archive Device = /tmp
  Archive Device = /backup/bacula  # <= backup 된 디렉토리를 써준다.
  LabelMedia = yes; # lets Bacula label unlabeled half
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
}
--------------------------------------------------------------

[Root @ backup etc] #. / Bconsole
Connecting to Director backup:9101
1000 OK: backup-dir Version: 5.0.2 (28 April 2010)
Enter a period to cancel a command.
* Label
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
Automatically selected Storage: File
Enter new Volume name: test2
Defined Pools:
     1: Default
     2: File
     3: Scratch
Select the Pool (1-3): 2
Connecting to Storage daemon File at backup:9103 ...
Sending label command for Volume "test2" Slot 0 ...
3000 OK label. VolBytes=186 DVD=0 Volume="test2" Device="FileStorage" (/backup/bacula)
Catalog record for Volume "test2", Slot 0  successfully created.
Requesting to mount FileStorage ...
3906 File device "FileStorage" (/backup/bacula) is always mounted.
*

Backup command to label this as a device (file name) to run commands to create a backup sikinhu where the backup will be defined as the contents of the label is stored in a file.



[] Bacula daemon 설명
bacula director (bacula-dir)
   - Backup, restore and general manager of service operations such as
   - backup schedule을 관리
bacula console (console)
   - Administrator console to enter commands (director iteoyaham I access)
   - Console-BWX 은 환경 의 GUI console
bacula file (bacula-fd)
    - Back up service where the equipment is installed in
    - director로부터 명령어를 받아서 backup 하거나 restore를 해준다.
    - Restore and elsewhere, as when you send a restore is possible.
bacula storage (bacula-sd)
    - Backup device that is installed in equipment, services that have
    - Bacula-fd or save a file from a flying
       to backup the data to a blow from the bacula-fd a daemon
    - directory에 file device를 사용하거나 DVD, DLT, 8mm, 4mm 등의 device 정의
    - Director cheoriham accept commands from.
Catalog
    - The backup of the file that stores information services that are installed on the database machine
    - If this is broken backup file can be accessed directly using the utilities
bacula monitor
    - I find out the status of several privacy GUI program off