View files permissions in ubuntu

If you want to see the the permission of a file you can use ls -l /path/to/file command.

For example

ls -l testfilename
-rwxr-xr-x 1 10490 floppy 17242 May 8 2013 testfilename

What does this mean ?

First – represents a regular file. It gives you a hint of the type of object it is. It can have following values.

d (directory)
c (character device)
l (symlink)
p (named pipe)
s (socket)
b (block device)
D (door)
– (regular file)

r represents read permission.
w represents write permission and
x represents executable permission.

First combination of rwx represents permission for the owner .
Second combination of rwx represents permission for the group .
Third combination of rwx represents permission for the other of the file.

Octal notation

Permission of file can also be represented in octal notation.
In octal notation

Read or r is represented by 4,
Write or w is represented by 2
Execute x is represented by 1.

Sum of these three is use to represent the permission.

stat command can be used to view file permission in octal notation

stat -c “%a %n” /path/of/file
For example

stat -c “%a %n” testfilename
755 testfilename
Here you can see

For owner it is 4+2+1=7 (111 in binary)
For group it is 4+0+1=5 (101 in binary) and
For other it is 4+0+1=5 (101 in binary).

Ref:: https://askubuntu.com/questions/528411/how-do-you-view-file-permissions/528433#528433

Advertisements

Configuration for SSH at a new Ubuntu Server

=========================================
Step 1 – Creating New Sudo and Root User
=========================================
// Adding new user
1) adduser TESTUSER

// Adding user to sudo group
2) usermod -aG sudo TESTUSER

// Adding user to root group
3) usermod -aG root TESTUSER

// Adding user to www-data group
4) usermod -aG www-data TESTUSER

// Checking user groups
5) id TESTUSER

// to reload your groups)
6) su – TESTUSER

// Checking user groups
7) id TESTUSER

result will show – uid=1000(TESTUSER) gid=1000(TESTUSER) groups=1000(TESTUSER),27(sudo),33(www-data)

=========================================
Step 2 – Editing SSH Configurations
=========================================

1) Allow new port to firewall and Changing SSH port

Adding and allow new port to Firewall
sudo ufw status
sudo ufw allow newport(eg_7676)

2) Disable the root user for login
** Before you disable root access, make sure to have the other root access user **

Changing SSH port
sudo nano /etc/ssh/sshd_config
change –
PermitRootLogin no
Port 7676 (AsYouWish)

3) /etc/init.d/ssh reload

=========================================
Step 3 – Upgrading SSH security
=========================================

3.1) Installing the Fail To Ban Server for SSH Security
Ref https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

3.1.1) sudo apt-get install fail2ban -y
3.1.2) sudo apt-get install sendmail
// testing sendmail can send or not
echo “hello” | sendmail -f receivermail@gmail.com sendermail@gmail.com

(sendmail or mail)

3.1.3) sudo apt install mailutils
// testing mail can send or not with mailutils
echo “testing” | mail -s “testing” receivermail@gmail.com

3.2) Copy the /etc/fail2ban/jail.cof as /etc/fail2ban/jail.local
awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local

3.3) // Change bantime at /etc/fail2ban/jail.local

// jail.local without sending alert email
—————————————————————
[DEFAULT]
bantime = 120
// bantime is with seconds
ignoreip = 127.0.0.1/8
findtime = 120
destemail = william.aceplus@gmail.com
sender = root@localhost

[sshd]
port = ssh
# logpath = %(sshd_log)s

[sshd-ddos]

port = 7878
logpath = /var/log/auth.log

[dropbear]
port = 7878
logpath = /var/log/auth.log

[selinux-ssh]
port = 7878
logpath = /var/log/auth.log
maxretry = 3

And then restart fail2ban server
/etc/init.d/fail2ban restart
—————————————————————

OR

// jail.local without sending alert email
—————————————————————
[DEFAULT]

ignoreip = –REMOVED IPS–
findtime = 600
bantime = 600
maxretry = 3

backend = polling

destemail = test@gmail.com
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest=”%(destemail)s”, protocol=”%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest=”%(destemail)s”, logpath=%(logpath)s]
action = %(action_mw)s
[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
—————————————————————

3.4) // Checking ban IPs
sudo zgrep ‘Ban’ /var/log/fail2ban.log

3.5) If you change the ssh port from ‘22’ to ‘custom_port’, you need to allow that port at ufw.

Sudo ufw status
Sudo ufw allow custom_port
Sudo ufw reload
Sudo ufw status

3.6) reload the fail2ban service
sudo /etc/init.d/fail2ban restart

3.7) check fail2ban server working or not by accessing with ssh 3 times and system will ban your ip 120 seconds

ssh ap2@128.199.101.113 -p 7878

fallocate: fallocate failed: Text file busy in ubuntu OS

fallocate: fallocate failed: Text file busy in ubuntu OS

swapoff -a turns off swap usage. You were trying to allocate 15G to /swapfile,
but you can’t do that if it’s in use.
You do a swapoff -a, fallocate (you may have to delete the current /swapfile first), mkswap /swapfile, then swapon -a.

swapoff -a
swapon -a

sudo fallocate -l 1G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

 

Cheers

 

How to install Mail Service at Ubutu Live Serer (LEMP)

How to install Mail Service at Ubutu Live Serer (LEMP)

Install mailutils by the following command
apt-get install mailutils
apt-get install ssmtp

edit ssmtp.conf under /etc/ssmtp/ssmtp.conf
Remove “#” from “#FromLineOverride=YES” and add the following lines to ssmtp.conf

FromLineOverride=YES
AuthUser=youremail@gmail.com
AuthPass=yourpassword
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES

After that, test email can send it or not with the following command
echo “tesitng” | mail -s “testing” william.aceplus@gmail.com

============================
Checking Error about mail
/var/log/mail.err
============================

if some setting are not and you want to re-configure the setting

Reconfigure / Resetting setting
sudo dpkg-reconfigure postfix
sudo dpkg-reconfigure mailutils
============================

 

Cheers

Example syntax for Secure Copy (scp)

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.

Examples

Copy the file “foobar.txt” from a remote host to the local host

$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”

$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \
your_username@rh2.edu:/some/remote/directory/

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

$ scp foo.txt bar.txt your_username@remotehost.edu:~

Copy the file “foobar.txt” from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} .
$ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} .

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish some_file your_username@remotehost.edu:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

$ scp -c blowfish -C local_file your_username@remotehost.edu:~

Contributions

Thanks Stewart Macleod for port example.

Ref : http://www.hypexr.org/linux_scp_help.php