- Run Registry Editor (regedit).
- Navigate to the following registery key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
- In the right pane, double click on the Start value name.
- Change the value data to 4 to disable the removable USB mass storage device drive access.
- To revert and re-enable the drive access for removable USB mass storage device driver, change back the value data for Start to its original default of 3.
Tuesday, October 6, 2009
Disable USB Removable Mass Storage Device Drive Access in Windows
How to Hide and Loch Hardisk Drive In windows
- Click on the "Start" button. Go to "Run", type "gpedit.msc" and press enter.
- Wait for the "Group Policy" window to appear. Click on the "+" button behind "Administrative Templates". Then click the "+" button behind "Windows Components" and then "Windows Explorer".
- Search for "Hide these specified drives in My Computer" in the options that appear in the right column of the window. Double click it, enable it and choose the drive(s) you want to hide.
- Search for "Prevent access to drives from My Computer". Double click it and repeat the previous step if you want to stop accessing any drive by "command" (e.g, by typing "C:" in the address bar or "Run").
- Close the group policy window.
- Restart your computer for changes to take effect.
To Remove Drive Open with option
first go to run then write " regedit" that is registry
then find " ctrl+f"
in this box write "mountpoints2" and delete it ......
then again press "ctrl+f" again find mountpoints2 until all these files are not deleted
then u will see ur problems is solved................
then find " ctrl+f"
in this box write "mountpoints2" and delete it ......
then again press "ctrl+f" again find mountpoints2 until all these files are not deleted
then u will see ur problems is solved................
Saturday, October 3, 2009
How to install + Yum in Red Hat Enterprise Linux 4
Setting up the yum package manager is not required by everyone who downloads and installs Red Hat Enterprise Linux 4. If you will be using your Linux system on the U of S wireless network or other services that use the yum package manager, you need to complete this step. Red Hat Enterprise Linux 5 will use the yum package manager as the standard package manager.
############################################################
Search the packages available from RHN.
yum search wine
Install packages
yum install wine
############################################################
- Download the following rpms from http://dag.wieers.com/packages/
- Install the rpms as root from the command line.
- Add the ATrpms repository to your /etc/yum.conf by adding the following lines
[atrpms]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el4-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1 - Update the yum database.
# rpm -Uvh python* sqlite* yum* rpmforge-release*
Search the packages available from RHN.
yum search wine
Install packages
yum install wine
What does myisamchk do?
- How do you start and stop MySQL on Windows? - net start MySQL, net stop MySQL
- How do you start MySQL on Linux? - /etc/init.d/mysql start
- Explain the difference between mysql and mysqli interfaces in PHP? - mysqli is the object-oriented version of mysql library functions.
- What’s the default port for MySQL Server? - 3306
- What does tee command do in MySQL? - tee followed by a filename turns on MySQL logging to a specified file. It can be stopped by command notee.
- Can you save your connection settings to a conf file? - Yes, and name it ~/.my.conf. You might want to change the permissions on the file to 600, so that it’s not readable by others.
- How do you change a password for an existing user via mysqladmin? - mysqladmin -u root -p password "newpassword"
- Use mysqldump to create a copy of the database? - mysqldump -h mysqlhost -u username -p mydatabasename > dbdump.sql
- Have you ever used MySQL Administrator and MySQL Query Browser? Describe the tasks you accomplished with these tools.
- What are some good ideas regarding user security in MySQL? - There is no user without a password. There is no user without a user name. There is no user whose Host column contains % (which here indicates that the user can log in from anywhere in the network or the Internet). There are as few users as possible (in the ideal case only root) who have unrestricted access.
- Explain the difference between MyISAM Static and MyISAM Dynamic. - In MyISAM static all the fields have fixed width. The Dynamic MyISAM table would include fields such as TEXT, BLOB, etc. to accommodate the data types with various lengths. MyISAM Static would be easier to restore in case of corruption, since even though you might lose some data, you know exactly where to look for the beginning of the next record.
- What does myisamchk do? - It compressed the MyISAM tables, which reduces their disk usage.
- Explain advantages of InnoDB over MyISAM? - Row-level locking, transactions, foreign key constraints and crash recovery.
- Explain advantages of MyISAM over InnoDB? - Much more conservative approach to disk space management - each MyISAM table is stored in a separate file, which could be compressed then with myisamchk if needed. With InnoDB the tables are stored in tablespace, and not much further optimization is possible. All data except for TEXT and BLOB can occupy 8,000 bytes at most. No full text indexing is available for InnoDB. TRhe COUNT(*)s execute slower than in MyISAM due to tablespace complexity.
- What are HEAP tables in MySQL? - HEAP tables are in-memory. They are usually used for high-speed temporary storage. No TEXT or BLOB fields are allowed within HEAP tables. You can only use the comparison operators = and <=>. HEAP tables do not support AUTO_INCREMENT. Indexes must be NOT NULL.
- How do you control the max size of a HEAP table? - MySQL config variable max_heap_table_size.
- What are CSV tables? - Those are the special tables, data for which is saved into comma-separated values files. They cannot be indexed.
- Explain federated tables. - Introduced in MySQL 5.0, federated tables allow access to the tables located on other databases on other servers.
- What is SERIAL data type in MySQL? - BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT
- What happens when the column is set to AUTO INCREMENT and you reach the maximum value for that table? - It stops incrementing. It does not overflow to 0 to prevent data losses, but further inserts are going to produce an error, since the key has been used already.
- Explain the difference between BOOL, TINYINT and BIT. - Prior to MySQL 5.0.3: those are all synonyms. After MySQL 5.0.3: BIT data type can store 8 bytes of data and should be used for binary data.
- Explain the difference between FLOAT, DOUBLE and REAL. - FLOATs store floating point numbers with 8 place accuracy and take up 4 bytes. DOUBLEs store floating point numbers with 16 place accuracy and take up 8 bytes. REAL is a synonym of FLOAT for now.
- If you specify the data type as DECIMAL (5,2), what’s the range of values that can go in this table? - 999.99 to -99.99. Note that with the negative number the minus sign is considered one of the digits.
- What happens if a table has one column defined as TIMESTAMP? - That field gets the current timestamp whenever the row gets altered.
- But what if you really want to store the timestamp data, such as the publication date of the article? - Create two columns of type TIMESTAMP and use the second one for your real data.
- Explain data type TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP - The column exhibits the same behavior as a single timestamp column in a table with no other timestamp columns.
- What does TIMESTAMP ON UPDATE CURRENT_TIMESTAMP data type do? - On initialization places a zero in that column, on future updates puts the current value of the timestamp in.
- Explain TIMESTAMP DEFAULT ‘2006:09:02 17:38:44′ ON UPDATE CURRENT_TIMESTAMP. - A default value is used on initialization, a current timestamp is inserted on update of the row.
- If I created a column with data type VARCHAR(3), what would I expect to see in MySQL table? - CHAR(3), since MySQL automatically adjusted the data type.
Wednesday, September 23, 2009
SHELL SCRIPT
# How do you find out what’s your shell? - echo $SHELL
# What’s the command to find out today’s date? - date
# What’s the command to find out users on the system? - who
# How do you find out the current directory you’re in? - pwd
# How do you remove a file? - rm
# How do you remove a Directory ? rm -rf
# How do you find out your own username? - whoami
# How do you count words, lines and characters in a file? - wc
# How do you search for a string inside a given file? - grep string filename
# How do you search for a string inside a directory? - grep string *
# How do you search for a string in a directory with the subdirectories recursed? -grep -r string *
# How do you do Boolean logic operators in shell scripting? - ! tests for logical not, -a tests for logical and, and -o tests for logical or.
# How do you find out the number of arguments passed to the shell script? - $#
# What’s a way to do multilevel if-else’s in shell scripting? - if {condition} then {statement} elif {condition} {statement} fi
# How do you write a for loop in shell? - for {variable name} in {list} do {statement} done
# How do you write a while loop in shell? - while {condition} do {statement} done
# How does a case statement look in shell scripts? - case {variable} in {possible-value-1}) {statement};; {possible-value-2}) {statement};; esac
# How do you read keyboard input in shell scripts? - read {variable-name}
# How do you define a function in a shell script? - function-name() { #some code here return }
To search through a directory and find files containing text string mytest and then copy that file with that text string to another directory
#!/bin/bash
files="$(find /Test | xargs grep mytest | cut -d ":" -f1 | uniq)"
echo $files
for X in $files
do
cp $X /test1
done
####################################################################
Copy a file with password threw a shell script
read -p "Enter a password" pass
if test "$pass" == "nikhil"
then
cp -dpR /etc/resolv.conf /etc/resolv.conf.nikhil
echo "Password verified."
else
echo "Access denied."
fi
####################################################################
# What’s the command to find out today’s date? - date
# What’s the command to find out users on the system? - who
# How do you find out the current directory you’re in? - pwd
# How do you remove a file? - rm
# How do you remove a Directory ? rm -rf
# How do you find out your own username? - whoami
# How do you count words, lines and characters in a file? - wc
# How do you search for a string inside a given file? - grep string filename
# How do you search for a string inside a directory? - grep string *
# How do you search for a string in a directory with the subdirectories recursed? -grep -r string *
# How do you do Boolean logic operators in shell scripting? - ! tests for logical not, -a tests for logical and, and -o tests for logical or.
# How do you find out the number of arguments passed to the shell script? - $#
# What’s a way to do multilevel if-else’s in shell scripting? - if {condition} then {statement} elif {condition} {statement} fi
# How do you write a for loop in shell? - for {variable name} in {list} do {statement} done
# How do you write a while loop in shell? - while {condition} do {statement} done
# How does a case statement look in shell scripts? - case {variable} in {possible-value-1}) {statement};; {possible-value-2}) {statement};; esac
# How do you read keyboard input in shell scripts? - read {variable-name}
# How do you define a function in a shell script? - function-name() { #some code here return }
Check Whether a Directory is Empty or Not
###############################################################
following find command will only print file name from /tmp. If there is no output, directory is empty.
###################################################################!/bin/bash
FILE=""
DIR=""
# init
# look for empty dir
if [ "$(ls -A $DIR)" ]; then
echo "$DIR is not Empty"
else
echo "$DIR is Empty"
fi
# rest of the logic
following find command will only print file name from /tmp. If there is no output, directory is empty.
$ find "/tmp" -type f -exec echo Found file {} \;To search through a directory and find files containing text string mytest and then copy that file with that text string to another directory
#!/bin/bash
files="$(find /Test | xargs grep mytest | cut -d ":" -f1 | uniq)"
echo $files
for X in $files
do
cp $X /test1
done
####################################################################
Copy a file with password threw a shell script
read -p "Enter a password" pass
if test "$pass" == "nikhil"
then
cp -dpR /etc/resolv.conf /etc/resolv.conf.nikhil
echo "Password verified."
else
echo "Access denied."
fi
####################################################################
Friday, July 31, 2009
Telnet +POP and SMTP Commands for send and retrieving mails
Telnet - POP Commands
To access your mailbox you need 4 things:
- An active internet connection
- The address of your pop mail server
- Your username
- Your password
The first thing to do is to open a connection from your computer to your mail server.
telnet pop.yourdomain.com 110 (default port is 110)
You should receive a reply like:
Trying ???.???.???.???...
Connected to pop.yourdomain.com
Escape character is '^]'.
+OK ready
Then log in:
USER username (yousrusername eg: username@yourdomain.com)
This should give you:
+OK Password required for userName.
Now give your password:
PASS passW0rd
+OK logged in.
To see a list of your emails awaiting collection use the LIST command, this will also show you the id number of your messages (e.g. 1 or 2 etc.)
To view the contents of an email type RETR + the id number of the message (e.g RETR 1).
To delete a message use DELE + the id number of the message (e.g DELE 1).
To leave your mailbox and close the connection use QUIT
Telnet - SMTP Commands
To access your mailbox you will need 3 things.
- An active internet connection
- The address of a mail server capable of relaying for you - usually provided by your dialup provider
- A valid email address
The first thing to do is to open a connection from your computer to your mail server.telnet smtp.yourdomain.com 25
You should receive a reply like:Trying ???.???.???.???...Connected to smtp.yourdomain.com.Escape character is '^]'.
You will then need to delcare where you are sending the email from:HELO smtp.yourdomain.com - dont worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:250 mail.domain.ext Hello smtp.yourdomain.com [loc.al.i.p], pleased to meet you
Now give your email address:MAIL FROM: username@smtp.yourdomain.com
Should yeild:250 2.1.0 smtp.yourdomain.com... Sender ok
Now give the recipients address:RCPT TO: username@smtp.yourdomain.com
Should yeild:250 2.1.0 user@smtp.yourdomain.com... Recipient ok
To start composing the message issue the command DATA
If you want a subject for your email type Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)
You may now proceed to type the body of your message (e.g. hello username@ smtp.yourdomain.com from username@smtp.yourdomain.com)
To tell the mail server that you have completed the message enter a single "." on a line on it's own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery
You can close the connection by issuing the QUIT command.
The mailserver should reply with something like:221 2.0.0 smtp.yourdomain.com closing connectionConnection closed by foreign host.
Thursday, July 23, 2009
HOW TO INSTALL AND CONFIGURE TRAC WITH APACHE AND SVN
# rpm -ivh http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
# yum install httpd subversion mod_python mod_dav_svn
# yum --enablerepo=rpmforge install trac
Instantiating svn:
# mkdir /var/www/svn
# svnadmin create /var/www/svn/project
Initial svn import:
# mkdir -p /tmp/newsvn/{trunk,tags,branches}
# svn import /tmp/newsvn file:///var/www/svn/project -m "Initial import"
# chown -R apache /var/www/svn/project
# chmod -R go-rwx /var/www/svn/project
Instantiating trac:
# mkdir /var/www/trac
# trac-admin /var/www/trac/project initenv
# mkdir /var/www/{.python-eggs,passwd}
# htpasswd -c /var/www/passwd/.htpasswd
# touch /var/www/passwd/svnauthz
# chgrp -R apache /var/www/trac/project
# chown -R apache /var/www/trac/project/{attachments,db,log,plugins}
# chown -R apache /var/www/{.python-eggs,passwd}
# chmod -R o-rwx /var/www/{trac/project,.python-eggs,passwd}
# chmod g+w /var/www/trac/project/conf/trac.ini
Install trac plugins:
# wget http://peak.telecommunity.com/dist/ez_setup.py
# python ez_setup.py
# easy_install http://svn.edgewall.com/repos/trac/sandbox/webadmin/
# easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10
# easy_install http://trac-hacks.org/svn/svnauthzadminplugin/0.10
trac.ini conf setup:
[trac]
default_charset=UTF-8
authz_file = /var/www/passwd/svnauthz
[components]
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
trac.web.auth.loginmodule = disabled
webadmin.* = enabled
svnauthz.* = enabled
[account-manager]
password_file = /var/www/passwd/.htpasswd
password_store = HtPasswdStore
Apache trac conf setup:
Alias /trac /var/www/trac
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /var/www/trac
PythonOption TracUriRoot /trac
SetEnv PYTHON_EGG_CACHE /var/www/.python-eggs
#
# AuthType Basic
# AuthName 'Trac Server'
# AuthUserFile /var/www/passwd/.htpasswd
# Require valid-user
#
Apache subversion conf setup:
DAV svn
SVNParentPath /var/www/svn
# Limit write permission to list of valid users.
#
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName 'Authorization Realm'
# Trac .htpasswd file used so users will be the same for both
AuthUserFile /var/www/passwd/.htpasswd
Require valid-user
AuthzSVNAccessFile /var/www/passwd/svnauthz
#
Trac privileges:
# trac-admin /var/www/trac/project permission add admins TRAC_ADMIN
# trac-admin /var/www/trac/project permission add admins
# trac-admin /var/www/trac/projectname permission remove anonymous TICKET_CREATE TICKET_MODIFY etc...
# track-admin /var/www/trac/project permission add devs BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW \
MILESTONE_CREATE MILESTONE_VIEW REPORT_CREATE REPORT_MODIFY REPORT_SQL_VIEW REPORT_VIEW \
ROADMAP_VIEW SEARCH_VIEW TICKET_APPEND TICKET_CHGPROP TICKET_CREATE TICKET_MODIFY \
TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
# yum install httpd subversion mod_python mod_dav_svn
# yum --enablerepo=rpmforge install trac
Instantiating svn:
# mkdir /var/www/svn
# svnadmin create /var/www/svn/project
Initial svn import:
# mkdir -p /tmp/newsvn/{trunk,tags,branches}
# svn import /tmp/newsvn file:///var/www/svn/project -m "Initial import"
# chown -R apache /var/www/svn/project
# chmod -R go-rwx /var/www/svn/project
Instantiating trac:
# mkdir /var/www/trac
# trac-admin /var/www/trac/project initenv
# mkdir /var/www/{.python-eggs,passwd}
# htpasswd -c /var/www/passwd/.htpasswd
# touch /var/www/passwd/svnauthz
# chgrp -R apache /var/www/trac/project
# chown -R apache /var/www/trac/project/{attachments,db,log,plugins}
# chown -R apache /var/www/{.python-eggs,passwd}
# chmod -R o-rwx /var/www/{trac/project,.python-eggs,passwd}
# chmod g+w /var/www/trac/project/conf/trac.ini
Install trac plugins:
# wget http://peak.telecommunity.com/dist/ez_setup.py
# python ez_setup.py
# easy_install http://svn.edgewall.com/repos/trac/sandbox/webadmin/
# easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10
# easy_install http://trac-hacks.org/svn/svnauthzadminplugin/0.10
trac.ini conf setup:
[trac]
default_charset=UTF-8
authz_file = /var/www/passwd/svnauthz
[components]
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
trac.web.auth.loginmodule = disabled
webadmin.* = enabled
svnauthz.* = enabled
[account-manager]
password_file = /var/www/passwd/.htpasswd
password_store = HtPasswdStore
Apache trac conf setup:
Alias /trac /var/www/trac
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /var/www/trac
PythonOption TracUriRoot /trac
SetEnv PYTHON_EGG_CACHE /var/www/.python-eggs
#
# AuthType Basic
# AuthName 'Trac Server'
# AuthUserFile /var/www/passwd/.htpasswd
# Require valid-user
#
Apache subversion conf setup:
DAV svn
SVNParentPath /var/www/svn
# Limit write permission to list of valid users.
#
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName 'Authorization Realm'
# Trac .htpasswd file used so users will be the same for both
AuthUserFile /var/www/passwd/.htpasswd
Require valid-user
AuthzSVNAccessFile /var/www/passwd/svnauthz
#
Trac privileges:
# trac-admin /var/www/trac/project permission add admins TRAC_ADMIN
# trac-admin /var/www/trac/project permission add
# trac-admin /var/www/trac/projectname permission remove anonymous TICKET_CREATE TICKET_MODIFY etc...
# track-admin /var/www/trac/project permission add devs BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW \
MILESTONE_CREATE MILESTONE_VIEW REPORT_CREATE REPORT_MODIFY REPORT_SQL_VIEW REPORT_VIEW \
ROADMAP_VIEW SEARCH_VIEW TICKET_APPEND TICKET_CHGPROP TICKET_CREATE TICKET_MODIFY \
TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
Monday, July 6, 2009
Sunday, July 5, 2009
Saturday, July 4, 2009
Howto Backup PostgreSQL Databases Server With pg_dump command
Howto Backup PostgreSQL Databases Server With pg_dump command
Howto Backup PostgreSQL Databases Server With pg_dump command
by LinuxTitli
Generally, I like to work with MySQL but some time my work force me to work with PostgreSQL database server.
Recently I had received a request to backup PostgreSQL databases as one of our client want to format and reinstall RHEL server.
PostgreSQL is a one of the robust, open source database server. Like MySQL database server, it provides utilities for creating a backup.
Step # 1: Login as a pgsql user
Type the following command:
$ su - pgsql
Get list of database(s) to backup:
$ psql -l
Step # 2: Make a backup using pg_dump
Backup database using pg_dump command. pg_dump is a utility for backing up a PostgreSQL database. It dumps only one database at a time. General syntax:
pg_dump databasename > outputfile
Task: dump a payroll database
Type the following command
$ pg_dump payroll > payroll.dump.outTo restore a payroll database:
$ psql -d payroll -f payroll.dump.outOR$ createdb payroll
$ psql payroll However, in real life you need to compress database:$ pg_dump payroll | gzip -c > payroll.dump.out.gzTo restore database use the following command:$ gunzip payroll.dump.out.gz
$ psql -d payroll -f payroll.dump.outHere is a shell script for same task:
#!/bin/bash
DIR=/backup/psql
[ ! $DIR ] && mkdir -p $DIR || :
LIST=$(psql -l | awk '{ print $1}' | grep -vE '^-|^List|^Name|template[0|1]')
for d in $LIST
do
pg_dump $d | gzip -c > $DIR/$d.out.gz
done
Another option is use to pg_dumpall command. As a name suggest it dumps (backs up) each database, and preserves cluster-wide data such as users and groups. You can use it as follows:$ pg_dumpall > all.dbs.outOR$ pg_dumpall | gzip -c > all.dbs.out.gzTo restore backup use the following command:
$ psql -f all.dbs.out postgresReferences:
• PostgreSQL documentation : Backup and Restore chapter
Howto Backup PostgreSQL Databases Server With pg_dump command
by LinuxTitli
Generally, I like to work with MySQL but some time my work force me to work with PostgreSQL database server.
Recently I had received a request to backup PostgreSQL databases as one of our client want to format and reinstall RHEL server.
PostgreSQL is a one of the robust, open source database server. Like MySQL database server, it provides utilities for creating a backup.
Step # 1: Login as a pgsql user
Type the following command:
$ su - pgsql
Get list of database(s) to backup:
$ psql -l
Step # 2: Make a backup using pg_dump
Backup database using pg_dump command. pg_dump is a utility for backing up a PostgreSQL database. It dumps only one database at a time. General syntax:
pg_dump databasename > outputfile
Task: dump a payroll database
Type the following command
$ pg_dump payroll > payroll.dump.outTo restore a payroll database:
$ psql -d payroll -f payroll.dump.outOR$ createdb payroll
$ psql payroll However, in real life you need to compress database:$ pg_dump payroll | gzip -c > payroll.dump.out.gzTo restore database use the following command:$ gunzip payroll.dump.out.gz
$ psql -d payroll -f payroll.dump.outHere is a shell script for same task:
#!/bin/bash
DIR=/backup/psql
[ ! $DIR ] && mkdir -p $DIR || :
LIST=$(psql -l | awk '{ print $1}' | grep -vE '^-|^List|^Name|template[0|1]')
for d in $LIST
do
pg_dump $d | gzip -c > $DIR/$d.out.gz
done
Another option is use to pg_dumpall command. As a name suggest it dumps (backs up) each database, and preserves cluster-wide data such as users and groups. You can use it as follows:$ pg_dumpall > all.dbs.outOR$ pg_dumpall | gzip -c > all.dbs.out.gzTo restore backup use the following command:
$ psql -f all.dbs.out postgresReferences:
• PostgreSQL documentation : Backup and Restore chapter
Tuesday, August 5, 2008
Linux Security Tips
BIOS Security
Always set a password on BIOS to disallow booting from floppy by changing the BIOS settings. This will block undesired people from trying to boot your Linux system with a special boot disk and will protect you from people trying to change BIOS feature like allowing boot from floppy drive or booting the server without password prompt.
LILO Security
Add the three parameters in "/etc/lilo.conf" file i.e. time-out, restricted and password. These options will ask for password if boot time options (such as "linux single") are passed to the boot loader.
Step 1
Edit the lilo.conf file (vi /etc/lilo.conf) and add or change the three options :
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
time-out=00 #change this line to 00
prompt
Default=linux
restricted #add this line
password=
image=/boot/vmlinuz-2.2.14-12
label=linux
initrd=/boot/initrd-2.2.14-12.img
root=/dev/hda6
read-only
Step 2
The "/etc/lilo.conf" file should be readable by only root because it contains unencrypted passwords.
[root@kapil /]# chmod 600 /etc/lilo.conf (will be no longer world readable).
Step 3
Update your configuration file "/etc/lilo.conf" for the change to take effect.
[Root@kapil /]# /sbin/lilo -v (to update the lilo.conf file).
Step 4
One more security measure you can take to secure the "/etc/lilo.conf" file is to set it immutable, using the chattr command.
* To set the file immutable simply, use the command:
[root@kapil /]# chattr +i /etc/lilo.conf
This will prevent any changes (accidental or otherwise) to the "lilo.conf" file.
For more information about lilo security, read my article on LILO.
Disable all special accounts
You should delete all default users and group accounts that you don't use on your system like lp, sync, shutdown, halt, news, uucp, operator, games, gopher etc
To delete a user account :
[root@kapil /]# userdel LP
To delete a group:
[root@kapil /]# groupdel LP
Choose a Right password
You should follow the following guidelines before choosing the right password.
The password Length: The minimum acceptable password length by default when you install your Linux system is 5. This is not enough and must be 8. To do this you have to edit the login.defs file (vi /etc/login.defs) and change the line that read:
- PASS_MIN_LEN 5
To read:
PASS_MIN_LEN 8
The "login.defs" is the configuration file for the login program.
You should enable the shadow password feature. You can use the "/usr/sbin/authconfig" utility to enable the shadow password feature on your system. If you want to convert the existing passwords and group on your system to shadow passwords and groups then you can use the commands pwconv, grpconv respectively.
The root account
The "root" account is the most privileged account on a Unix system. When the administrator forgot to logout from the system root prompt before leaving the system then the system should automatically logout from the shell. To do that, you must set the special variable of Linux named "TMOUT" to the time in seconds.
Edit your profile file "vi /etc/profile" and add the following line somewhere after the line that read
"HISTFILESIZE="
TMOUT=3600
The value we enter for the variable "TMOUT=" is in second and represent 1 hours (60 * 60 =
3600 seconds). If you put this line in your "/etc/profile" file, then the automatic logout after one hour of inactivity will apply for all users on the system. You can set this variable in user's individual ".bashrc " file to automatically logout them after a certain time.
After this parameter has been set on your system, you must logout and login again (as root) for the change to take effect.
Disable all console-equivalent access for regular users
You should disable all console-equivalent access to programs like shutdown, reboot, and halt for regular users on your server.
To do this, run the following command:
[root@kapil /]# rm -f /etc/security/console.apps/
Where
Disable & uninstall all unused services
You should disable and uninstall all services that you do not use so that you have one less thing to worry about. Look at your "/etc/inetd.conf" file and disable what you do not need by commenting them out (by adding a # at the beginning of the line), and then sending your inetd process a SIGHUP command to update it to the current "inetd.conf" file. To do this:
Step 1
Change the permissions on "/etc/inetd.conf" file to 600, so that only root can read or write to it.
[Root@kapil /]# chmod 600 /etc/inetd.conf
Step 2
ENSURE that the owner of the file "/etc/inetd.conf" is root.
Step 3
Edit the inetd.conf file (vi /etc/inetd.conf) and disable the services like:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc unless you plan to use it. If it's turned off it's much less of a risk.
Step 4
Send a HUP signal to your inetd process
[root@kapil /]# killall -HUP inetd
Step 5
Set "/etc/inetd.conf" file immutable, using the chattr command so that nobody can modify that file
* To set the file immutable simply, execute the following command:
[root@kapil /]# chattr +i /etc/inetd.conf
This will prevent any changes (accidental or otherwise) to the "inetd.conf" file. The only person that can set or clear this attribute is the super-user root. To modify the inetd.conf file you will need to unset the immutable flag:
* To unset the immutable simply, execute the following command:
[root@kapil /]# chattr -i /etc/inetd.conf
TCP_WRAPPERS
By using TCP_WRAPPERS you can make your server secure against outside intrusion . The best policy is to deny all hosts by putting "ALL: ALL@ALL, PARANOID" in the "/etc/hosts.deny" file and then explicitly list trusted hosts who are allowed to your machine in the "/etc/hosts.allow" file. TCP_WRAPPERS is controlled from two files and the search stops at the first match.
/etc/hosts.allow
/etc/hosts.deny
Step 1
Edit the hosts.deny file (vi /etc/hosts.deny) and add the following lines:
# Deny access to everyone.
ALL: ALL@ALL, PARANOID
Which means all services, all locations is blocked, unless they are permitted access by entries in the allow file.
Step 2
Edit the hosts.allow file (vi /etc/hosts.allow) and add for example, the following line:
As an example:
ftp: 202.54.15.99 foo.com
For your client machine: 202.54.15.99 is the IP address and foo.com the host name of one of your client allowed using ftp.
Step 3
The tcpdchk program is the tcpd wrapper configuration checker. It examines your tcp wrapper configuration and reports all potential and real problems it can find.
* After your configuration is done, run the program tcpdchk.
[Root@kapil /]# tcpdchk
Don't let system issue file to be displayed
You should not display your system issue file when people log in remotely . To do this, you can
change the telnet option in your "/etc/inetd.conf".
To do this change the line in "/etc/inetd.conf":
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
to look like:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -h
Adding the "-h" flag on the end will cause the daemon to not display any system information and just hit the user with a login: prompt. I will recommend to use sshd instead.
Change the "/etc/host.conf" file
The "/etc/host.conf" file specifies how names are resolved.
Edit the host.conf file (vi /etc/host.conf) and add the following lines:
# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We have machines with multiple IP addresses.
multi on
# Check for IP address spoofing.
nospoof on
The first option is to resolve the host name through DNS first and then hosts file.The multi option determines whether a host in the "/etc/hosts" file can have multiple IP addresses (multiple interface ethN).
The nospoof option indicates to take care of not permitting spoofing on this machine.
Immunize the "/etc/services" file
You must immunize the "/etc/services" file to prevent unauthorized deletion or addition of services.
* To immunize the "/etc/services" file, use the command:
[root@kapil /]# chattr +i /etc/services
Disallow root login from different consoles
The "/etc/securetty" file allows you to specify which TTY devices the "root" user is allowed to login . Edit the "/etc/securetty" file to disable any tty that you do not need by commenting them out (# at the beginning of the line).
Blocking anyone to su to root
The su (Substitute User) command allows you to become other existing users on the system. If you don't want anyone to su to root or restrict "su" command to certain users then add the following two lines to the top of your "su" configuration file in the "/etc/pam.d/" directory.
Step 1
Edit the su file (vi /etc/pam.d/su) and add the following two lines to the top of the file:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/Pam_wheel.so group=wheel
Which means only members of the "wheel" group can su to root; it also includes logging. You can add the users to the group wheel so that only those users will be allowed to su as root.
Shell logging
The bash shell stores up to 500 old commands in the "~/.bash_history" file (where "~/" is your home directory) to make it easy for you to repeat long commands. Each user that has an account on the system will have this file "Bash_history" in their home directory. The bash shell should store less number of commands and delete it on logout of the user.
Step 1
The HISTFILESIZE and HISTSIZE lines in the "/etc/profile" file determine the size of old commands the "Bash_history" file for all users on your system can hold. I would highly recommend setting the HISTFILESIZE and HISTSIZE in "/etc/profile" file to a low value such as 30.
Edit the profile file (vi /etc/profile) and change the lines to:
HISTFILESIZE=30
HISTSIZE=30
Which mean, the "Bash_history" file in each users home directory can store 20 old commands
and no more.
Step 2
The administrator should also add into the "/etc/skel/Bash_logout" file the
"rm -f $HOME/Bash_history" line, so that each time a user logs out, its "Bash_history" file will be deleted.
Edit the Bash_logout file (vi /etc/skel/Bash_logout) and add the following line:
rm -f $HOME/Bash_history
Disable the Control-Alt-Delete keyboard shutdown command
To do this comment out the line (with a "#") listed below in your "/etc/inittab" file .
To do this, edit the inittab file (vi /etc/inittab) and change the line:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
To read:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Now, for the change to take effect type in the following at a prompt:
[root@kapil /]# /sbin/init q
Fix the permissions under "/etc/rc.d/init.d" directory for script files
Fix the permissions of the script files that are responsible for starting and stopping all your normal processes that need to run at boot time. To do this:
[root@kapil/]# chmod -R 700 /etc/rc.d/init.d/*
Which means only root is allowed to Read, Write, and Execute scripts files on this directory.
Hide your system information
By default, when you login to a Linux box, it tells you the Linux distribution name, version, kernel version, and the name of the server. This is sufficient information for a crackers to get information about your server. You should just prompt users with a "Login:" prompt.
Step 1
To do this, Edit the "/etc/rc.d/rc.local" file and Place "#" in front of the following lines as shown:
# This will overwrite /etc/issue at every boot. So, make any changes you
# want to make to /etc/issue here or you will lose them when you reboot.
#echo "" > /etc/issue
#echo "$R" >> /etc/issue
#echo "Kernel $(uname -r) on $a $(uname -m)" >> /etc/issue
#
#cp -f /etc/issue /etc/issue.net
#echo >> /etc/issue
Step 2
Then, remove the following files: "issue.net" and "issue" under "/etc" directory:
[root@kapil /]# rm -f /etc/issue
[root@kapil /]# rm -f /etc/issue.net
Disable unused SUID/SGID programs
A regular user will be able to run a program as root if it is set to SUID root. A system administrator should minimize the use of these SUID/GUID programs and disable the programs which are not needed.
Step 1
* To find all files with the `s' bits from root-owned programs, use the command:
[root@kapil]# find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls lg {} \;
* To disable the suid bits on selected programs above, type the following commands:
[root@kapil /]# chmod a-s [program]
Subscribe to:
Posts (Atom)
