ciphermethod.com

Linux

How-To: Replace SSH & Enable Chrooted SFTP

by on Feb.03, 2009, under Linux

1. Download latest OPENSSH
2. Unpack tar file
3. CD to openssh source directory
3. vi version.h and remove VERSION_SSH information (if desired)
example: #define SSH_VERSION “OpenSSH”
4. run ./configure –with-tcp-wrappers
5. resolve any missing dependencies
6. login via a telnet session
7. disable ssh and remove existing SSH packages
8. run “make install” from openssh source directory
9. cp opensshd.init to /etc/init.d/sshd
10. add the following chkconfig information to top of ../init.d/sshd file:
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
11. run chkconfig –add sshd

12 create sftponly group
groupadd sftponly

14. edit /usr/local/etc/sshd_config
update sftp subsystem to internal-sftp
# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp

add section to bottom of file:
Match group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

15. create sftp “jail” directory
mkdir /sftpusers
chown root:root /sftpusers
chmod 755 /sftpusers

16. create sftponly user accounts
useradd -g sftponly -d /sftpusers/user user
mkdir -p /sftpusers/user/data
chown root:root /sftpusers/user
chmod 755 /sftpusers/user
chown user:sftponly /sftpusers/user/data
chmod 700 /sftpusers/user/data
passwd user

user will now have complete control of the data directory, read access to /sftpusers/user, and be unable to cd past the root of /sftpusers/user.

Leave a Comment more...

openSUSE 11 x86_64 Flash FireFox

by on Aug.14, 2008, under Linux

If Adobe Flash is not working in FireFox, verify that the nspluginwrapper was installed.

nspluginwrapper
nspluginwrapper is an Open Source compatibility plugin for Netscape 4 (NPAPI) plugins. It enables you to use plugins on platforms they were not built for. For example, you can use the plugins compiled for i386 in Mozilla on Linux/x86_64 or other architectures.

Leave a Comment more...

20060425: dacprobe

by on Apr.25, 2006, under AIX, Linux, Scripts

#!/bin/sh
# dacprobe - monitor/audit daemon (drive space and rootkits)
# 20040830 - created by jamey hopkins
#
# 20050425 jah - added -x option to ssh command in order to speed up ssh call
# 20050811 jah - added SSH fail notice
# 20060425 jah - use -P on linux df to prevent drive space being placed on second line
#                shows up on servers with logical volumes

# spaces at start/end required
TEST=" lenxintq1 tto xto tlv qlv qto xlv "
PROD=" cvs dacadmin dacbup1 dacedip1 dacxextp1 dlv dms dto dxr fax1 fax2 ibb ibmtransp1 ibmxextp1 icc imserv1 lencextp1 lencometp1 lenpsp1 lentransp1 lenxintp1 ncc ns1 ns2 ticket toshcometp1 "
ALL="$PROD $TEST"
DLIMIT=90
MAILA="user@server.com"
MAILB="user@server.com pager@myairmail.com"

# check drive space
echo
echo -n "Checking Disk Space->"
echo >space.list
for HOST in `echo $ALL`
do
   echo -n " $HOST"
   if [ "$HOST" = "dacedip1" -o "$HOST" = "lenpsp1" ]
   then
      ssh -x $HOST df -k >dacprobe.$$ 2>/dev/null
      [ $? -ne 0 ] && FAIL="$FAIL $HOST"
   else
      ssh -x $HOST df -P >dacprobe.$$ 2>/dev/null
      [ $? -ne 0 ] && FAIL="$FAIL $HOST"
   fi

   COUNT=`cat dacprobe.$$ | wc -l | xargs echo`
   COUNT=`expr $COUNT - 1`
   cat dacprobe.$$ | tail -$COUNT >temp.$$ 2>/dev/null
   cat temp.$$ | grep -v cdrom >dacprobe.$$
   while read LINE
   do
      PERCENT=`echo $LINE | awk '{ print $5 }'`
      # redo PERCENT var if host is AIX
      [ "$HOST" = "lenpsp1" ] && PERCENT=`echo $LINE | awk '{ print $4 }'`
      PERCENT=`echo $PERCENT | sed 's/%//g'`
      if [ $PERCENT -gt $DLIMIT ]
      then
         PART=`echo $LINE | awk '{ print $6 }'`
	 # redo PART var if host is AIX
         [ "$HOST" = "lenpsp1" ] && PART=`echo $LINE | awk '{ print $7 }'`
	 HCAPS=`echo $HOST | tr [a-z] [A-Z]`
	 echo "${HCAPS}'s Partition $PART is ${PERCENT}% Full" >> space.list
         [ "$EMAIL" != "$MAILB" ] && EMAIL=$MAILA
	 # page if a prod server and > 98 percent full
	 echo $PROD | grep $HOST >/dev/null 2>&1
         [ $? -eq 0 -a $PERCENT -gt 98 ] && EMAIL=$MAILB
      fi
   done > space.list
	echo "WARNING - Drive Space Check Failed on the Following Servers:" >>space.list
	echo "$FAIL" >>space.list
	echo >> space.list
	echo "Please make sure dacprobe account exists and the SSH exchanges happen auto magically." >> space.list
	echo "If server is permanently down, then remove it from the list of servers to monitor." >> space.list
fi

if  [ -s space.list ]
then
   echo
   cat space.list
   {
      echo "subject: Drive Partition Exceeds ${DLIMIT}% Full Limit"
      echo "Partition Information:"
      cat space.list
      echo
      echo "Servers Checked:"
      echo "P:$PROD"
      echo "T:$TEST"
   } | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"
fi
rm space.list
echo

################  gather up chkrootkit output files and email

echo -n "Gather and Mail CHKROOTKIT Reports->"
PROD=" dlv dms dxr ibmpsp1 lenpsp1 lenxintp1 dacxextp1 dacxextq1 "
rm /tmp/chkrootkit.mailfile >/dev/null 2>&1
for HOST in `echo $PROD`
do
   echo -n " $HOST"
 ssh -x $HOST "cat /tmp/chkrootkit.status.*" >>/tmp/chkrootkit.mailfile 2>/dev/null
done

{
  echo "subject: CHKROOTKIT Status Report"
  echo
  echo "Servers Checked:"
  echo "P:$PROD"
  echo
  echo "Server Reports Returned:"
  cat /tmp/chkrootkit.mailfile 2>/dev/null
} | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"

echo 
echo
Leave a Comment more...

20040728: si (System Information)

by on Jul.28, 2004, under Linux, Scripts

#!/bin/sh
# System Information for Linux/SCO Openserver
# Created: 07 April 2000
#      by: Jamey Hopkins
#
# 23July2002 jah - send error on uptime and ps to /dev/null to handle
#                  output of unknown HZ value linux kernel bug 
# 28July2004 jah - added CPU information / format change
#

OS=`uname`
CPU=`cat /proc/cpuinfo | grep "model name" | tail -1 | awk -F: '{ print $2 }' | xargs echo`
NCPU=`cat /proc/cpuinfo | grep "processor" | wc -l | xargs echo`
MHZ=`cat /proc/cpuinfo | grep "MHz" | tail -1 | awk -F: '{ print $2 }' | xargs echo`

echo
echo [ `uname -n | tr a-z A-Z` ]
date
printf "%s on %s %s (%s MHz)\n" "$OS" "$NCPU" "$CPU" "$MHZ"
STATS=`uptime 2>/dev/null`
echo $STATS

echo
echo "Active Processes Using >= 1% of CPU:"
echo _________________________________________________________

if [ "$OS" = "Linux" ]
then
	ps -e -o user -o pid -o c -o args 2>/dev/null | grep -v ' 0 '
elif [ "$OS" = "SCO_SV" ]
then
	ps -A -o user -o pid -o c -o args 2>/dev/null | grep -v ' 0 ' \
                 | grep -v $$ > /tmp/ps.tmp
	echo "UID\\t\\tPID\\tC\\tCMD"
	while read data
	do
		set $data
		if [ $3 -gt 4 ]
		then
			echo -n $1\\t 
			if [ `expr length $1` -lt 8 ]
				then echo -n \\t
			fi
			echo $2\\t$3\\t$4' '$5
		fi
	done < /tmp/ps.tmp
fi
echo _________________________________________________________
rm /tmp/si.tmp /tmp/usr.tmp /tmp/ps.tmp >/dev/null 2>&1
echo
Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

But Wait, There's More!

A few highly recommended friends...

Old Stuff

All entries, chronologically...