wachid web id
share something that don't now before, don't know, search and share it
share something that don't now before, don't know, search and share it
Home Archives for September 2016
ssh-keygen -t rsa
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/demo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/demo/.ssh/id_rsa. Your public key has been saved in /home/demo/.ssh/id_rsa.pub. The key fingerprint is: 4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a The key's randomart image is: +--[ RSA 2048]----+ | .oo. | | . o.E | | + . o | | . = = . | | = S = . | | o + = + | | . o + o . | | . o | | | +-----------------+
ssh-copy-id [email protected]
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established. RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '12.34.56.78' (RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '[email protected]'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
sudo nano /etc/ssh/sshd_config
PermitRootLogin
and modify it to ensure that users can only connect with their SSH key:PermitRootLogin without-password
reload ssh
sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysqld stop
sudo mysqld_safe --skip-grant-tables &
mysql -uroot
use mysql;
update user set password=PASSWORD("mynewpassword") where User='root';
flush privileges;
quit
sudo /etc/init.d/mysql stop
...
sudo /etc/init.d/mysql start
sudo /etc/init.d/mysqld stop
...
sudo /etc/init.d/mysqld start
mysql -u root -p
[root@dhcppc2 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@dhcppc2 ~]#
[root@dhcppc2 ~]# iptables --line -vnL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 273 22516 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 271 36456 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 172 packets, 24494 bytes) num pkts bytes target prot opt in out source destination [root@dhcppc2 ~]#
# iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@dhcppc2 ~]# iptables --line -vnL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 291 23868 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED 6 286 38524 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 4 packets, 608 bytes) num pkts bytes target prot opt in out source destination [root@dhcppc2 ~]#
[root@dhcppc2 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
# Generated by iptables-save v1.4.7 on Fri Oct 25 10:33:46 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39:6956] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Oct 25 10:33:46 2013
[root@dhcppc2 ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@dhcppc2 ~]#
rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y update
yum -y install phpmyadmin
vim /etc/httpd/conf.d/phpMyAdmin.conf
service httpd restart
SELINUX=disabled
in the /etc/selinux/config
file:# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
getenforce
command returns Disabled
:~]~ getenforce
Disabled
# yum remove mysql mysql-server
# mv /var/lib/mysql /var/lib/mysql_old_backup
# yum install mysql mysql-server
# cd /opt/ # wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u79-b15/jdk-7u79-linux-x64.tar.gz" # tar xzf jdk-7u79-linux-x64.tar.gz
# cd /opt/ # wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u79-b15/jdk-7u79-linux-i586.tar.gz" # tar xzf jdk-7u79-linux-i586.tar.gz
# cd /opt/jdk1.7.0_79/ # alternatives --install /usr/bin/java java /opt/jdk1.7.0_79/bin/java 2 # alternatives --config java
There are 3 programs which provide 'java'. Selection Command ----------------------------------------------- * 1 /opt/jdk1.7.0_60/bin/java + 2 /opt/jdk1.7.0_72/bin/java 3/opt/jdk1.7.0_79/bin/java Enter to keep the current selection[+], or type selection number:3 [Press Enter]
# alternatives --install/usr/bin/jar jar /opt/jdk1.7.0_79/bin/jar 2 # alternatives --install/usr/bin/javac javac /opt/jdk1.7.0_79/bin/javac 2 # alternatives --setjar /opt/jdk1.7.0_79/bin/jar # alternatives --setjavac /opt/jdk1.7.0_79/bin/javac
# java -version java version "1.7.0_79 " Java(TM) SE Runtime Environment (build 1.7.0_79-b15) Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)
# export JAVA_HOME=/opt/jdk1.7.0_79
# export JRE_HOME=/opt/jdk1.7.0_79/jre
# export PATH=$PATH:/opt/jdk1.7.0_79/bin:/opt/jdk1.7.0_79/jre/bin
$ cat /etc/*-release
Red Hat Enterprise Linux Server release 5 (Tikanga)Sample outputs from my Ubuntu Linux v7.10 server:
DISTRIB_ID=Ubuntu DISTRIB_RELEASE=7.10 DISTRIB_CODENAME=gutsy DISTRIB_DESCRIPTION="Ubuntu 7.10"
$ lsb_release -a
No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 6.0.1 (squeeze) Release: 6.0.1 Codename: squeeze
$ uname -a
$ uname -mrs
Linux 2.6.32-5-amd64 x86_64
|
$ cat /proc/version
Linux version 3.2.0-0.bpo.1-amd64 (Debian 3.2.4-1~bpo60+1) ([email protected]) (gcc version 4.4.5 (Debian 4.4.5-8) ) #1 SMP Sat Feb 11 08:41:32 UTC 2012
hostnamectl
command:# hostnamectl Static hostname: localhost.localdomain Icon name: computer-laptop Chassis: laptop Machine ID: 6892999b8d8c43fab29fca961dbff24b Boot ID: b0a95bf56f61417ca8073b3847a73ab1 Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-229.7.2.el7.x86_64 Architecture: x86_64The next example uses
rpm
command to to query for centos-release
package to reveal CentOS version:# rpm --query centos-release centos-release-7-1.1503.el7.centos.2.8.x86_64Yet, another alternative is to use
lsb_release
command. However, this command is part of redhat-lsb
package and is not installed by default so the actual lsb_release
command may be unavailable on your system. If this is the case it is recommended to use some other alternative approach on how to check CentOS version on your system.# lsb_release -d Description: CentOS Linux release 7.1.1503 (Core)If none of the above does not reveal CentOS version we can try to query release numbers directly. Attempt to read the content of the following files to reveal CentOS version number:
cat
command to read their content in order to show CentOS version:# cat /etc/centos-release CentOS Linux release 7.1.1503 (Core) # cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" # cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) # cat /etc/system-release CentOS Linux release 7.1.1503 (Core)