Thursday, March 17, 2016

Centos 6 Checklist on Systems Security

Linux Security Checklist

A reliable server is only as good as it is maintained and due processes applied. A systems security checklist template for Centos 6 mentioned below serves to meet the basic security requirements. A more stringent and targeted checklist can be developed further.

This mainly records existing system details and follow common practices. Some stuff like SELinux is mentioned as permissive as this is what I have at the moment. Details should be updated to specific server needs. Another useful checklist is for web application deployment and can be found at http://tboxmy.blogspot.my/2011/06/linux-security-checklist_14.html.

Centos 6 Checklist on Systems Security (link)

Contents of the checklist includes;

Section A. Details of the system
Section B. Services
Section C. Essential files
Section D. Examples.




Monday, March 14, 2016

NFS Commands 101


Refer to previous article Setup File Sharing with NFS on Centos Linux.

I find NFS version 3 is the most commonly used and uses remote procedure call (RPC) to manage connection between client and server. The service called rpcbind in Centos 6 has replaced portmap to handle RPC (see nfs4). Version 3 onward support files larger than 2 Gb size.

Whenever an NFS server is restarted not gracefully, the service rpc.statd notifies NFS clients. When quota is applied to the NFS, the service rpc.rquotad handles quota information.

The file /etc/exports define which directories are available to NFS clients. Each share is placed on a separate line and it indicates which client can access along with the options. Default users access a share as the user nobody, where this can be overridden in the /etc/exports option.

E.g. The following /etc/exports shares the directory /data with the client 192.168.1.45. The client may read and write and mounts synchronously.

/data 192.168.1.45(rw,sync)

Or user connect as its own user

/data 192.168.1.45(rw,no_root_squash,sync)

Default ports used by NFS are 2049 for the NFS service and 111 for RPC service.

Here are a list of NFS version 3 commands. Most are at the client side unless specified.

General NFS Commands

Start and stop NFS service
# service nfs start
Or
# /etc/init.d/nfs start
Or
# service nfs stop

Enable NFS service at boot
#chkconfig nfs on

Refresh NFS server shares from /etc/exports
# exportfs -r

Unload and reload NFS shares from /etc/exports
# export -a

Check support for NFS on the kernel. Did you forget to compile kernel with NFS support?
# lsmod |grep nfs
or
# grep -i nfs /boot/config

Check if list of commands are running
# rpcinfo -p

Display NFS statistics as client
# nfsstat -c

Display use of io
# vmstat -s

Mounting NFS

Display available NFS mounts
# showmount -e servername

Mount an NFS share
# mount -t nfs servername:/the/sharename

Display if the NFS mount is full or its free space
# df -k


Troubleshoot reference


Howto check Linux memory usage

Ever found a Linux suddenly having low free memory or none at all? This is something to check when the server suddenly starts slowing down or not able to complete processes.

Here are several method to diagnose and maybe identify a fix. Check the memory usage then identify the process causing the extreme usage. Next, work on that process configuration.


Check memory usage

Display available and used memory with 'free' command
# free
Or
# free  -m

The top live monitor
# top

Press m to display memory
Press Shift + m to sort by memory percentage
Press R to reverse the sort


List processes and amount of memory being used
# ps -e -o pid,vsz,comm=
Or
# ps -e -o pid,vsz,comm= | sort -n -k 2

Or
# ps aux  | awk '{print $6/1024 " MB\t\t" $11}'  | sort -n


View meminfo
# cat  /proc/meminfo
or
# vmstat -s

View the RAM device installed
# dmidecode -t 17


Check the process

List processes that open files
# lsof


Several TYPE of files are monitored

REG – Regular File
DIR – Directory
FIFO – First In First Out
CHR – Character special file

A description of the file is shown by FD
cwd – Current Working Directory
txt – Text file
mem – Memory mapped file
mmap – Memory mapped device
NUMBER – Represent the actual file descriptor. The character after the number i.e ‘1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write.

List processes base on process names
# lsof -c ssh

List processes base on process id
# lsof -p 1234

Where 1234 is an example of the process id (pid).

Done

Tuesday, March 8, 2016

Boot Centos Linux to Windows

Centos 6 and 7 provide different approach for booting to a graphical windows interface known as X. Firstly, ensure the relevant packages to support display of windows where most of it are bundled as one of the popular Linux desktop environments.

Among the popular current desktops environments available are;

  • Gnome
  • KDE
  • Unity
  • Xfce
  • LXDe
  • Cinnamon
Here are the steps.

Centos 6 Approach


Edit the file /etc/inittab and change the number 3 to 5 as shown in the line below

id:5:initdefault:

Then reboot.

To start graphical windows without reboot, at the command prompt type

init 5
or
startx

Centos 7 Approach


Login as root and the prompt type

sudo systemctl set-default graphical.target

Then reboot.

To start graphical windows without reboot, at the command prompt type

sudo systemctl start graphical.target

Done

Install GIMP on Centos 6

Centos 6.6 provides the popular graphic editing software GIMP at version 2.6.9. The current stable release is GIMP 2.8 for those who seek the additional editing features (link). Existing Centos 6.6 does not have the required newer libraries to support GIMP 2.8.

The details of GIMP is described as below.

Name        : gimp                         Relocations: (not relocatable)
Version     : 2.6.9                             Vendor: CentOS
Release     : 8.el6_6                       Build Date: Thu 20 Nov 2014 02:06:25 PM EST
Install Date: Tue 08 Mar 2016 03:09:46 PM EST      Build Host: c6b9.bsys.dev.centos.org
Group       : Applications/Multimedia       Source RPM: gimp-2.6.9-8.el6_6.src.rpm
Size        : 48118103                         License: GPLv2+
Signature   : RSA/SHA1, Thu 20 Nov 2014 04:10:42 PM EST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem
URL         : http://www.gimp.org/
Summary     : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.


Flexibility on editing include availability of many brushes and patterns.




 Here are steps to install the standard GIMP version 2.6.9
 

Step 1: Install GIMP



# yum install gimp





Step 2: Install additional brushes and patterns

Install additional brushes and patterns. Brushes include swirls and text to enhance strokes. Patterns such as clouds and funnymess.

yum install gimp-data-extras

Start GIMP from the desktop menu. Click Applications ->Graphics ->GNU Image Manipulation Program




Done

Blog Archive