CtechZ: Cyber Security | Hacking | Malware Analysis| Threat Intelligence | Linux Tutorials

Thursday 11 July 2013

How to setup RDS ( Relational Database Service ) on Amazon

RDS is a separate service on AWS. On creating a new RDS instance , you will get a username, password and a hostname to use it on your application.

After install RDS point your database towards RDS Or you can install PhpMyadmin in your EBS instance and in its configuration file give RDS details to connect.

You will get following details after you install RDS instance.

DB Version:- Mysql 5.5.27
Instance Class:- db.m1.medium
Allocated Storage: 1024 GB
DB Instance Identifier: rds-ctechz
Master Username: root
Master Password: 12345678
Hostname / Endpoint
:The DNS address of the DB Instance.--- rds-ctechz.ckieen0iiljz.us-east-1.rds.amazonaws.com

# mysql -uroot -p -P3306 -h rds-ctechz.ckieen0iiljz.us-east-1.rds.amazonaws.com

Please check the installation steps below:-

1.

2. RDS-DashBoard

3. LaunchDBInstance

4. DB-InstanceWizard

5. SelectDB

6. DBDetails

7. CreatingBDName-and-port

8. DB-Backup-Planning

9. LaunchDB-Instance

10.

11. LaunchingDBInstance

12.

13. DB-Description

14. ConfigureDB-SecurityGroups-forAccessingDBInstance

15.

16.

16.1

16.2

16.3

16.4

17.

Wednesday 3 July 2013

How to Start and stop daemons via sudo

Problem: you want specific non-superusers to start and stop system daemons

Solution: Here we let four our different users to start,stop, and restart web servers. The script for doing so is /etc/init.d/httpd

/etc/sudoers:
User_Alias FOLKS=barbara, l33t, jimmy, miroslav

Cmnd_Alias DAEMONS=/etc/init.d/httpd start, /etc/init.d/httpd stop, /etc/init.d/httpd restart

FOLKS ALL = (ALL) DAEMONS

How to Authorize Password changes via sudo

Problem: you want to permit a user to change the passwords of certain other users.

Solution: To permit smith to change the passwords of jones, chu, anf agarwal:

/etc/sudoers:
smith ALL = NOPASSWD: /usr/bin/passwd jones, /usr/bin/passwd chu, /usr/bin/passwd agarwal

The NOPASSWD tag is optional.

How to Permitting read-only access to a shared file via sudo

Problem: Two or more users want to share a file, some read/write and others read-only.

Solution: Create two linux groups, one for read/write and one for read-only users:

/etc/group:
readers:x:300:r1,r2,r3,r4
writers:x:301:w1,w2,w3

Permit the writers group to write the file via group permissions:

# chmod 660 shared_file
# chgrp writers shared_file

Permit the readers group to read the file via sudo:

/etc/sudoers:
%readers ALL = (w1) /bin/cat /path/to/shared_file

Note: If a file must be writable by a group of teaching assistants but read-only to a group of students. if there were only two users-one reader and one writer - you could dispense with groups and simply let the reader access the file via sudo.

if smith is the reader and jones the writer, and we give smith the following capability:

/etc/sudoers:
smith ALL = (jones) NOPASSWD: /bin/cat /home/jones/private.stuff

then jones can protect her file:

jones$ chmod 600 $HOME/private.stuff

and smith can view it:

smith$ sudo -u jones cat /home/jones/private.stuff

How to Prohibiting Command-line arguments with sudo

Problem: ou want to permit a command to be run via sudo, but only without command-line arguments.

Solution: Follow the pgm name with the single argument :: in /etc/sudoers:

/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand ""

smith$ sudo -u root mycommand a b c ---- Rejected
smith$ sudo -u root mycommand ---- Authorized

NOTE:
if you specify no arguments to a command in /etc/sudoers, then by default any arguments are permitted.

/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand

smith$ sudo -u root mycommand a b c ----- Authorized
Use "" to prevent any runtime arguments from being authorized.

How to run any program in a directory via sudo

Problem: Authorize a user to run all programs in a given directory, but only those programs, as another user.

Solution: Specify a fully-qualified directory name instead of a command, ending it with a slash

/etc/sudoers:
smith ALL = (root) /usr/local/bin/

smith$ sudo -u root /usr/local/bin/mycommand   Authorized
smith$ sudo -u root /usr/bin/emacs             Rejected

This authorization does not descend into subdirectories
smith$ sudo -u root /usr/local/bin/gnu/emacs    Rejected

How to Grant privileges to a group via sudo

Problem: Let a set of users run commands as another user,

Solution: Define a linux group containing those users,

/etc/group:
mygroup:x:1200:joe,jane,hiram,krishna

then create a sudo rule with the %groupname syntax:

/etc/sudoers:
# let the group run a particular program
%mygroup ALL = (root) /usr/local/bin/mycommand arg1 arg2
# give full superuser privilages to the group
%mygroup ALL = (ALL) ALL

How to Authorize per host machines in sudo

Problem: You want to allow a user authorization privileges only on certain machines

Solution: First, define a list of machines:

/etc/sudoers
Host_Alias SAFE_HOSTS = banana, cherry, grapes

Let smith run a program as jones on these machines:
# smith SAFE_HOSTS = (jones) /usr/local/bin/mycommand

Let smith run all programs as jones on these machines:
# smith SAFE_HOSTS = (jones) ALL

How to Bypass Password Authentication using sudo

Problem: You want one user to run a command as another user without supplying a password

Solution: Use sudo's NOPASSWD tag, which indicates to sudo that no password is needed for authentication.

/etc/sudoers
smith ALL = (jones) NOPASSWD: /usr/local/bin/mycommand args
smith ALL = (root) NOPASSWD: /usr/local/bin/my_script ""

Password-less authentication is particularly useful for batch jobs.

How to Run commands as another user via sudo

Problem: You want one user to run commands as another, without sharing passwords

Solution: Suppose you want user smith to be able to run a given command as user jones.

/etc/sudoers
smith ALL = (jones) /usr/local/bin/mycommand

user smith
smith$ sudo -u jones /usr/local/bin/mycommand
smith$ sudo -u jones mycommand --- if /usr/local/bin/ is in $PATH

user smith will be prompted for his own password, not jones's. The ALL keyword, which matches anything, in this case specifies that the line is valid on any host.

Some useful RPM commands in Linux

RPM (Red Hat Package Manager)

RPM keeps the information of all the installed packages under /var/lib/rpm database.

RPM is the only way to install packages under Linux systems, if you’ve installed packages using source code, then rpm won’t manage it.

RPM deals with .rpm files, which contains the actual information about the packages such as: what it is, from where it comes, dependencies info, version info etc.

There are five basic modes for RPM command

Install : It is used to install any RPM package.
Remove:It is used to erase,remove or un-install any
RPM package.
Upgrade : It is used to update the existing RPM package.
Verify : It is used to query about different RPM packages.
Query : It is used for the verification of any RPM package.

Please remember you must be root user when installing packages in Linux, with the root privileges you can manage rpm commands with their appropriate options.

1.Check an RPM Signature Package

Always check the PGP signature of packages before installing them on your Linux systems and make sure its integrity and origin is OK.

# rpm --checksig epel-release-5-4.noarch.rpm

2.How to Install an RPM Package

# rpm -ivh epel-release-5-4.noarch.rpm

-i : install a package
-v : verbose for a nicer display
-h : print hash marks as the package archive is unpacked.

3.How to check dependencies of RPM Package before Installing

# rpm -qpR BitTorrent-5.2.2-1-Python2.4.noarch.rpm

-q : Query a package
-p : List capabilities this package provides.
-R : List capabilities on which this package depends..

4.How to Install a RPM Package Without Dependencies

# rpm -ivh --nodeps epel-release-5-4.noarch.rpm

above command forcefully install rpm package by ignoring dependencies errors, but if those dependency files are missing, then the program will not work at all, until you install them.

5.How to check an Installed RPM Package

# rpm -q BitTorrent-5.2.2-1-Python2.4.noarch.rpm

6.How to List all files of an installed RPM package

# rpm -ql BitTorrent

7.How to List Recently Installed RPM Packages

# rpm -qa --last

to List All Installed RPM Packages

# rpm -qa

8.How to upgrade rpm package

# rpm -Uvh epel-release-5-4.noarch.rpm

9.To Remove a RPM Package

# rpm -e packagename

-e --- erase

10.How to Remove an RPM Package Without Dependencies

# rpm -ev --nodeps packagename

11.How to Query a file that belongs which RPM Package

# rpm -qf /usr/bin/htpasswd

-qf -- query file

12.How to Query a Information of Installed RPM Package

# rpm -qi vsftpd

-qi (query info)

13.How to Query documentation of Installed RPM Package

# rpm -qdf /usr/bin/vmstat
-qdf (query document file)

14.How to Verify a RPM Package

# rpm -Vp BitTorrent-5.2.2-1-Python2.4.noarch.rpm

Verifying a package compares information of installed files of the package against the rpm database.

The -Vp (verify package) is used to verify a package.

How to Verify all RPM Packages
# rpm -Va

15.How to Import an RPM GPG key

# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

16.How to List all Imported RPM GPG keys

# rpm -qa gpg-pubkey*

17.How To rebuild Corrupted RPM Database

Sometimes rpm database gets corrupted and stops all the functionality of rpm and other applications on the system.
So, at the time we need to rebuild the rpm database and restore it with the help of following command.

# cd /var/lib
# rm __db*
# rpm --rebuilddb
# rpmdb_verify Packages