Linux, UNIX

The getent command displays entries from databases supported by the Name Service Switch libraries, which are configured in /etc/nsswitch.conf.  

root@server#  vncviewer -via vncuser@localhost localhost:1 localhost:1 <-- session#2

In Linux there are different kinds of time 1)Hardware 2)Software 3)Network [root@localhost tmp]# systemctl status chronyd.service   ● chronyd.service - NTP client/server    Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)    Active: active (running) since Fri 2017-09-22 12:53:56 EDT; 4 days ago ===================== to write time back to hardware [root@localhost web]# hwclock --systohc ===================== [root@localhost tmp]# cat /etc/chrony.conf | more # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst # Ignore stratum in source selection. stratumweight 0 ====================== Stratum 0 devices (including atomic and  gps clocks ) are the most accurate, but cannot be conne

Processes Inside the  /proc  directory every process has a folder, named after its process ID. For example, my  nagios3  program has the following process ID: ps aux | grep [n]agios3 | awk '{ print $2 }' 3363 So it has its own special folder:  /proc/3363 . Every process has a folder like  /proc/$PID  where $PID is its process ID. I'll cover a few specific files of a process folder below. exe This is a symlink to the process binary: sudo ls -l /proc/3363/exe lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/exe -> /usr/sbin/nagios3 cmdline This shows the command which started the process: (sudo cat /proc/3363/cmdline; echo) | tr "\000" " " /usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg cwd This is a symlink to the process current working directory: sudo ls -la /proc/3363/cwd lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/cwd -> / environ This gives us the environment of the command (your  env ) which also shows us all the

You can read the  initial  environment of a process from  /proc/<pid>/environ . If a process  changes  it's environment, then in order to read the environment you must have the symbol table for the process and use the  ptrace  system call (for example by using  gdb ) to read the environment from the global  char **__environ  variable. There isn't any other way to get the value of any variable from a running Linux process. [root@localhost tmp]# cat /proc/15885/environ | xargs --null --max-args=1 LANG=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin NOTIFY_SOCKET=/run/systemd/notify

1. Execute Shell Script Using File Name Use the shell script file name to execute it either by using it’s relative path or absolute path as shown below. $ cd /home/sathiya $ ./scriptfile (or) $ /home/sathiya/scriptfile If you have the shebang, then it will be executed using the command interpreter specified in the shebang. If you are beginner in shell scripting, refer our earlier article  Shell Script Execution Guidelines for Newbies 2. Execute Shell SCript by Specifying the Interpreter You can also execute a unix shell script by specifying the interpreter in the command line as shown below. Execute using sh interpreter $ sh scriptfile Execute using bash interpreter $ bash scriptfile Irrespective of what is being used as shebang, the interpreter which you have specified will be used for execution. You can use any interpreter (sh, ksh, bash, csh etc.,). 3. Execute Shell Script Using .  ./ (dot space dot slash) While executing the shell script using “dot space do

[root@localhost tmp]# telnet localhost 999 2>&1 | tee -a log telnet: connect to address ::1: Connection refused telnet: connect to address 127.0.0.1: Connection refused Trying ::1... Trying 127.0.0.1... [root@localhost tmp]# cat log telnet: connect to address ::1: Connection refused telnet: connect to address 127.0.0.1: Connection refused Trying ::1... Trying 127.0.0.1...

The basic firewall software most commonly used in Linux is called  iptables . The  iptables   firewall works by interacting with the packet filtering hooks in the Linux kernel's networking stack. These kernel hooks are known as the  netfilter  framework. Every packet that enters networking system (incoming or outgoing) will trigger these hooks as it progresses through the stack, allowing programs that register with these hooks to interact with the traffic at key points. The kernel modules associated with   iptables   register at these hooks in order to ensure that the traffic conforms to the conditions laid out by the firewall rules. The following hooks (крючок,зацепка)  represent various well-defined points in the networking stack: NF_IP_PRE_ROUTING : This hook will be triggered by any incoming traffic very soon after entering the network stack. This hook is processed before any routing decisions have been made regarding where to send the packet. NF_IP_LOCAL_IN : This

Listen 888 [root@localhost ~]# vim /etc/httpd/conf/httpd.conf  [root@localhost ~]# systemctl stop httpd [root@localhost ~]# systemctl start httpd Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. [root@localhost ~]# systemctl status httpd.service ● httpd.service - The Apache HTTP Server    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)    Active: failed (Result: exit-code) since Sat 2017-09-23 15:04:01 EDT; 14s ago      Docs: man:httpd(8)            man:apachectl(8)   Process: 13914 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)   Process: 13909 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)  Main PID: 13909 (code=exited, status=1/FAILURE) [root@localhost ~]# grep sealert /var/log/messages Sep 23 15:04:08 localhost setroubleshoot:

[root@localhost tmp]# mkdir /web && cd /web [root@localhost web]# pwd /web [root@localhost web]# touch index.html [root@localhost web]# vim index.html # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # #DocumentRoot "/var/www/html" DocumentRoot "/web" # # Relax access to content within /var/www. # <Directory "/var/www">     AllowOverride None     # Allow open access:     Require all granted </Directory> <Directory "/web">     AllowOverride None     Require all granted </Directory> #<Directory "/var/www/html"> <Directory "/web> ========================== after change directory to /web , new index.html page doesn't open ========================== [root@localhost ~]# grep -i avc /var/log/audit

setroubleshoot utility is used [root@localhost tmp]# yum list installed | grep setrou setroubleshoot.x86_64                  3.2.27.2-3.el7                  @base   setroubleshoot-plugins.noarch          3.0.64-2.1.el7                  @base   setroubleshoot-server.x86_64           3.2.27.2-3.el7                  @base   [root@localhost tmp]# ============================= all logs are stored by auditd [root@localhost tmp]# systemctl status auditd ● auditd.service - Security Auditing Service    Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)    Active: active (running) since Fri 2017-09-22 12:53:52 EDT; 21h ago      Docs: man:auditd(8)            https://people.redhat.com/sgrubb/audit/   Process: 678 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)  Main PID: 677 (auditd)    CGroup: /system.slice/auditd.service            ├─677 /sbin/auditd -n            ├─688 /sbin/audispd            └─690 /usr/sbin/se

Don't use chcon as in case of file system relable / SELinux policy will be applied use  semanage

[root@localhost www]# ls -Zl total 0 drwxr-xr-x. 2 system_u:object_r: httpd_sys_script_exec_t :s0 root root  6 Apr 12 17:04 cgi-bin drwxr-xr-x. 2 system_u:object_r: httpd_sys_content_t :s0 root root 24 Sep 20 17:00 html [root@localhost www]# List all file contexts [root@localhost www]# semanage fcontext -l | more SELinux fcontext                                   type               Context /.*                                                all files           system_u:object_r: default_t :s0   /[^/]+                                             regular file       system_u:object_r:etc_runtime_t:s0  /a?quota\.(user|group)                             regular file       system_u:object_r:quota_db_t:s0  /nsr(/.*)?                                         all files          system_u:object_r:var_t:s0  /sys(/.*)?                                         all files          system_u:object_r:sysfs_t:s0  /xen(/.*)?                                         all file

[root@localhost ~]# ps auxZ | grep http system_u:system_r: httpd_t :s0    root       5285  0.0  0.4 221940  4980 ?        Ss   14:46   0:00 /usr/sbin/httpd -DFOREGROUND system_u:system_r:httpd_t:s0    apache     5290  0.0  0.3 224024  3096 ?        S    14:46   0:00 /usr/sbin/httpd -DFOREGROUND system_u:system_r:httpd_t:s0    apache     5291  0.0  0.3 224024  3096 ?        S    14:46   0:00 /usr/sbin/httpd -DFOREGROUND system_u:system_r:httpd_t:s0    apache     5293  0.0  0.3 224024  3096 ?        S    14:46   0:00 /usr/sbin/httpd -DFOREGROUND system_u:system_r:httpd_t:s0    apache     5294  0.0  0.3 224024  3096 ?        S    14:46   0:00 /usr/sbin/httpd -DFOREGROUND system_u:system_r:httpd_t:s0    apache     5295  0.0  0.3 224024  3096 ?        S    14:46   0:00 /usr/sbin/httpd -DFOREGROUND unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 5966 0.0  0.0 112648 956 pts/0 R+ 15:42   0:00 grep --color=auto http [root@localhost ~]# if you don't want intruder to

This section will serve as an overview of Security Enhanced Linux (SELinux). In the Working with file permissions section, we discussed how standard Linux provides protection for the system. This method is called Discretionary Access Control ( DAC ), and has some limitations. For example, a typical user could open his files up, either accidentally or on purpose, for any other user to read or write. This could allow unauthorized access to sensitive information. To provide more security, SELinux uses MAC ( Mandatory Access Control ). MAC uses a security policy that covers all processes and files in the system. All files in SELinux have labels that contain security-relevant information. ls -la ifcfg-eth0 -rw-r--r--. 1 root root 73 Apr 22 2011 ifcfg-eth0 Same file, but with the Z (security context) option to ls: ls -Z ifcfg-eth0 -rw-r--r--. root root unconfined_u:object_r:default_t:s0ifcfg-eth0 unconfined_u is the user ,  object_r is the role ,  default_t is the type , an