Linux Certification

We will use the mysqldump utility included with mysql to dump the contents of the database to a text file that can be easily re-imported.

SYNTAX:

mysqldump -h localhost -u root -pmypassword databasename > dumpfile.sql

EXAMPLE:

mysqldump -h localhost -u root -p2Uad7as9 database01 > dumpfile.sql

This will give you a text file containing all the commands required to recreate the database.This Article is taken from

This script is about to build a firewall in Linux OS by using iptables, the user only needs to follow and answer the simple and easy steps and the script will generate the user specified iptables rule in its original form.

I HAVE TESTED THE SCRIPT ON PCLINUXOS, FEDORA-9, DREAM_LINUX, UBUNTU-8.

This is my iptables Version 1.0 (USMAN AKRAM – Lucky)

About iptables:

Network security is a primary consideration in any decision to host a website as the threats are becoming more widespread and persistent every day. One means of providing additional protection is to invest in a firewall. Though prices are always falling, in some cases you may be able to create a comparable unit using the Linux iptables package on an existing server for little or no additional expenditure.

Originally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. To rectify this, the Netfilter organization decided to create a product called iptables.

!!!The Script is Totally User Friendly!!!

Starting of the Script

A Menu will appear like this:

*****Main Menu*****
1. Check Iptables Package
2. Iptables Services
3. Build Your Firewall with Iptables
4. Exit

1. Check Iptables Package

Now let the user select the option 1. Check iptable Package from the menu by pressing “1″ from the keyboard.

Now the script confirms that the user must be Root, and we know that the UID of Root is zero ( 0 ). So first I have to compare the UID of the current user with zero ( 0 ), if the UID doesn’t match with the UID of root then it will display the following message:

****You must be the root user to run this script!****
and if the UID matches with root’s UID then it displays the following message and runs the script:

***Identity Verified_You are the Root***

We can check the UID of the current user by typing the following command in the terminal:

echo $UID

If the identity of the user is verified as root, then the script will check the iptables package in the Linux OS by using the following command.

rpm -q iptables

*****Main Menu*****
1. Check Iptables Package
2. Iptables Services
3. Build Your Firewall with Iptables
4. Exit

Now if the user selects the option 2. Iptables Services then the checkstatus function will be called. In this function there are some options for the user:

*****Note: Save your Iptables before stop/Restart the iptables Services*****
1. Save the iptables
2. Status of Iptables
3. Start iptables Services
4. Stop iptables Services
5. Restart iptable Services
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)
7. Go back to Main Menu

If the user selects 1. Save the iptables the iptables rules will be saved in the Linux OS by using the following command:

/etc/init.d/iptables save

If the user selects 2. Status of iptables the current status of iptables will be displayed, using the following command:

/etc/init.d/iptables status

Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp — 192.168.1.45 172.16.4.8 reject-with icmp-port-unreachable
ACCEPT tcp — 192.168.1.1 192.168.1.25
LOG icmp — anywhere anywhere LOG level warning

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP udp — 192.168.6.3 10.6.3.7
Click here to find out more!

If the user selects 3. Start iptables Services then iptables will be started, using the following command:

/etc/init.d/iptables start

If the user selects 4. Stop iptables Services then iptables will be stopped, using the following command:

/etc/init.d/iptables stop

If the user selects 5. Restart iptable Services then iptables will be restarted, using the following command, it will load the saved iptables rules:

/etc/init.d/iptables restart

If the user selects 6. Flush iptables then iptables will be flushed, (**use Carefully_it will remove all the rules from iptables**), using the following command, it will flush the saved iptables rules:

iptables -F

To go back to the Main Menu the user must select option 7. Go back to Main Menu.

*****Main Menu*****
1. Check Iptables Package
2. Iptables Services
3. Build Your Firewall with Iptables
4. Exit

Option 3. Build your Firewall with Iptables is the heart of this script, by using this option users can create the firewall with iptables using simple steps, when a user selects the option 3. Build your Firewall with Iptables then the script will ask the user to create the firewall.

Using Which Chain of Filter Table?
1. INPUT
2. OUTPUT
3. Forward”

The above menu will ask the user to select the chain where he/she wants to put the rule.

Now the script will ask the user to get the IP information from the Source side…

1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks

Then the above menu ask the user the above three question, if the user selects the option 1. Firewall using Single Source IP then the script will ask the user to enter the IP address.

If the user selects option 2. Firewall using Source Subnet then the script will ask the user to enter the subnet in the form of “192.168.1.0/24″.

If the user selects option 3. Firewall using for All Source Networks then the script will put 0/0 in the variable named “ip_source” in the script.

Now the script will ask the user to get the IP information from the Destination side…

1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks

Then the above menu asks the user the above three questions, if the user selects option 1. Firewall using Single Destination IP then the script will ask the user to enter the IP address.

If the user selects option 2. Firewall using Destination Subnet then the script will ask the user to enter the subnet in the form of “192.168.1.0/24″

If the user selects option 3. Firewall using for All Destination Networks then the script will put 0/0 in the variable named “ip_dest” in the script.

Now the script asks the user to select the PROTOCOL:

1. Block All Traffic of TCP
2. Block Specific TCP Service
3. Block Specific Port
4. Using no Protocol

Now from the above displayed menu if the user selects 1. Block All Traffic of TCP then the script will block all the TCP Traffic.

If the user selects 2. Block Specific TCP Service, now the script will ask the user to enter the TCP Service of his/her choice (e.g ICMP).

Note: the TCP Service name should be in CAPITAL LETTERS!!!

If the user selects 3. Block Specific Port the script will ask the user to enter the PORT number.

Now the script prompts the user What to do with the Above Created Rule?

What to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log

If the user selects 1. Accept the Packet then the packet will be accepted.

If the user selects 2. Reject the Packet then the packet will be rejected.

If the user selects 3. Drop the Packet then the packet will be dropped.

If the user selects 4. Create Log then only the log will be created.

Now the following message will be shown to the user:

Press Enter key to Generate the Complete Rule!!!

When the user presses the Enter key then the script generates the original rule with the correct syntax and displays it to the user, in my case:

The Generated Rule is
iptables -A INPUT -s 192.168.0.0/24 -d 172.16.0.0/16 -p TCP -j ACCEPT

Now the script shows the following message to the user:

Do you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2

If the above rule is correct then the user presses 1 for Yes and adds the rule to iptables
otherwise 2 for No and the script will return to let the user edit the rule.This Article is taken fromhowtoforge.com

Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on an OpenSUSE 11.3 server with PHP5 support (through FastCGI) and MySQL support.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

2 Installing MySQL 5

First we install MySQL 5 like this:

yast2 -i mysql mysql-client mysql-community-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig –add mysql
/etc/init.d/mysql start

To secure the MySQL installation, run:

mysql_secure_installation

Now you will be asked several questions:

server1:~ # mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): < -- ENTER
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <-- Y
New password: <-- fill in your desired MySQL root password
Re-enter new password: <-- confirm that password
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <-- Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <-- Y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <-- Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <-- Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

server1:~ #
This Article is taken fromhowtoforge.com

Every time I connect to my Ubuntu development server through my ssh client, I receive the same message and I’m getting tired of seeing it, so I decided to change the message to something else.

Here’s the message that I get every time:

Linux superfast 2.6.20-16-generic #2 SMP Thu Jun 7 19:00:28 UTC 2007 x86_64

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Mon Aug 13 01:05:46 2007 from ipaddress removed

geek@superfast:~$

Changing this message requires editing two different files. The first three sections can be modified by editing the following file:

/etc/motd

This file contains the linux build number as well as the Ubuntu warranty message. I don’t find this particularly useful, so I removed all of it and replaced it with my own message.

To disable the last login message (which I don’t recommend doing), you will need to edit the following file in sudo mode:

/etc/ssh/sshd_config

Find this line in the file and change the yes to no as shown:

PrintLastLog no

Now when you login, you’ll get a blank prompt, although I wouldn’t necessarily recommend it because it’s useful to see the last login to the system for security reasons. This is my prompt now:

This is a superfast system. Please max out the cpu accordingly.

Last login: Mon Aug 13 01:24:14 2007 from ipaddress removed
geek@superfast:~$This Article is taken from

One of the great things about Linux is that you can do the same thing hundreds of different ways—even something as simple as generating a random password can be accomplished with dozens of different commands. Here’s 10 ways you can do it.

We gathered all of these commands from Command-Line Fu and tested them out on our own Linux PC to make sure they work. You should be able to use at least some of these on Windows with Cygwin installed, though we didn’t test all of them—the last one definitely works though.
Generate a Random Password

For any of these random password commands, you can either modify them to output a different password length, or you can just use the first x characters of the generated password if you don’t want such a long password. Hopefully you’re using a password manager like LastPass anyway so you don’t need to memorize them.

This method uses SHA to hash the date, runs through base64, and then outputs the top 32 characters.

date +%s | sha256sum | base64 | head -c 32 ; echo

This method used the built-in /dev/urandom feature, and filters out only characters that you would normally use in a password. Then it outputs the top 32.

< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;

This one uses openssl’s rand function, which may not be installed on your system. Good thing there’s lots of other examples, right?

openssl rand -base64 32

This one works a lot like the other urandom one, but just does the work in reverse. Bash is very powerful!

tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1

Here’s another example that filters using the strings command, which outputs printable strings from a file, which in this case is the urandom feature.

strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo

Here’s an even simpler version of the urandom one.

< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c6

This one manages to use the very useful dd command.

dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev

You can even create a random left-hand password, which would let you type your password with one hand.

howtogeek.com

First, look in your /etc/xinetd.d/ directory and see if there’s a file named psa_ftp in there. If not, you might have to make this change in your /etc/xinetd.conf file.

Open up the file as root, and look for the following section:

service ftp
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
instances = UNLIMITED
server = /usr/sbin/in.proftpd
server_args = -c /etc/proftpd.conf
}

Change the disable = no line to disable = yes as shown above.

Run the following command to restart xinetd

/etc/init.d/xinetd restart This Article is taken from