Monday, 28 November 2016

Configure SSSD & PAM for Client Authentication.


Note:- The configuration of file is configured according to my network. You have to configure according to you.

1. install the sssd
    apt-get install sssd*























2. go to /etc/sssd
  create here file named sssd.conf
  edit the file






















3. change the permission of sssd.conf file to 0600



4. After that make  mkhomedir to create the user home directory when login into the system.
    path is /usr/share/pam-config/mkhomedir






















5. After configuration done restart the service of sssd and update the pam.

systemctl restart sssd
And update the PAM
pam-auth-update



    systemctl status sssd




Very Secure FTP Server (VSFTPD)

FTP is a file transfer protocol  which is use to:-
                                           Upload the file & Folder
                      Download the file & Folder

 vsftp  Service Deamon is vsftpd

3 A’s Base Security
Authenction
Ip based Authentication using TCP wrapper or IPtables

Autherization
Upload Anonymous
Access FTP by local user
Local user uploading & Downloading

Auditing
Log Message  xfer_log message and all other logs
/var/log/xfer_log


Configuration file is  /etc/vsftpd/vsftpd.conf

To check the port number of services /etc/services

Mode of FTP

 Command Mode <Control Mode>
 Data transfer mode

Port 21 and 20
21 is use for connection establishment <Client Request on this port>
20 is use for uploading & downloading

Find the command location of vsftpd
/use/sbin/vsftpd

Note:- Anonymous  Bydefault can download file but not upload

#ldd vsftpd     ------ to check the library of service

vim /etc/hosts.allow --- allow host list
Syntax of content inside the file

Vsftpd: ALL         (if allow all the user)
VSFTPD: 172.16.0.1   (To allow a particular userIP )

Vim /etc/hosts.deny
To  deny the user or network create entry here.

Security Mechanism:-
 PAM
 IPtables
 Cryptography
 Selinux
 TCP Wraper

TCP Wraper:-
Its apply on libwrap.so library file only.
Its work on application layer
Supporting file is /etc/hosts.allow
/etc/hosts.deny

Installation of VSFTPD:-

Yum install vsftpd
Service vsftpd start

#getsebool –a | grep ftp
To check the selinux boolan to on the home directory of user and uploading enable for anonymous user.
If you want to enable home directory for user:-
Setsebool –P (p is here to permanent on) ftp_home_dir on

# vim /etc/vsftpd/vsftpd.conf
configure here server

On Clients

# ftp ip of ftp ser

To connect the server after enter here user and its password.

ftp> get <file name>   Download the file

ftp> put <file name>   Uploading the file.

ftp> mget file1 file2  Download multiple file.

ftp> bye Exit from ftp.

Check the port service of vsftpd running or not.

Netstat –tulpn
Tcp udp list port number

# vim /etc/vsftpd/chroot_list
Create here entry of those user who have restricting for change the directory in FTP mode.

# vim /etc/vsftpd/ftpusers
Create here entry of those users who have deny to login in the FTP

# vim /etc/vsftpd/user_list
If in /etc/vsftpd/vsftpd.conf
Userlist_deny = no
Userlist_enable = yes
Create here entry of those user you have to login access in FTP.

# vim /etc/initd/vsftpd
Execute the scripts of vsftpd.




How to join a member of Debian clients into Samba Domain Controller.

Pre-Requirement
1. First of All check the date of client machine. Or install NTP client to match the correct date & time     between server & client.

2. Give a host name to client machine. Path is /etc/hostname

3. Check your resolv.conf file for  DNS entry. Path is /etc/resolv.conf egg:-



4. Check the connectivity between server and client machine.

5. You must have a account with admin access to join the client into domain.

6. Your Kerberos configuration must be configured according to your DC.
    To configure the Kerberos:-
    create a file in vim /etc/krb5.conf




edit file change realm name and kdc  server name according to your domain.
save the file and exit


7. Install samba (client) package

     apt-get install samba


       Defaults configuration file is under /etc/samba/
8. Rename your /etc/samba/smb.conf file to smb.conf.org

9. now create a new file smb.conf
    edit the file

      save the file and exit

10. Now we are ready to join the system into domain

    net ads join -U username
    provide the password for user.





















System is join as a client of samba domain controller.
To check is system into domain or not. just see the krb5.keytab file in /etc/ or check the ID of any of domain user.






















Samba service status

systemctl status smbd


Friday, 25 November 2016


Configure own cloud to access with centralized  ldap authentication. You can say it accessing own cloud with domain authentication. Or how to access ldap with Single sign on.

First of all login into your own cloud console with admin privileges account:-




After logged in expend near your name. and click on admin.




this is the admin panel for own cloud here you can setup security for your server and file sharing document path  cron setting and email server configuration etc.. click on LDAP




Click  on server tab. Provide here ldap url and ldapuser details with password. Port Number 389.




below is users details. user must be a  posixAccount.




Here is the user attributes you can manage it according to you. how you want to find user by own cloud.



Here is group management setting.


In advance setting Here is the replica for your own cloud. how you want to backup your own cloud server.




Thanks.

Sunday, 13 November 2016


OpenVPN installation and configuration on Ubuntu

1.     sudo apt-get update


2.     sudo apt-get install network-manager-openvpn

3.     Click on network manager -> vpn connections-->configure vpn

4.     Click on the Add button

5.     Choose openvpn and click on create.


6.     Follow the steps given in figure below:'

1          7.   Put Domain name in IPv4 settings> additional search domains.






1              8. Click on vpn name you just created and you will connect to vpn.
                9.  Check by ifconfig command you will get a more entry with tun0.



The need of LVM extend is when we require extra disk space to store the raw data.
First we have to provide the storage or extra hardware to volume group.


Extend the Volume Group :-

# vgextend <vg name> <new pv>

# vgdisplay

Extend the LV size:-

# lvextend –size +1G /dev/vgname/lvname

extend the label size

# lvextend -l +<Label Amount> /dev/vgname/lvname

# resize2fs –f /dev/vgname/lvname

# lvdisplay

#df -h

Reduce the size of LVM
If you have extra space in LV and you don't want to pay extra money for your extra storage you can remove or reduce the extra space.

Follow the bellow mention steep:-

#umount /directoryname

# e2cfsck –f /dev/vgname/lvname

# resize2fs –f /dev/vgname/lvname  1G <Size you want to reduce>

# lvreduce –size 1G /dev/vgname/lvname    or

# lvreduce -l <label amount> /dev/vgname/lvname


# mount  /dev/vgname/lvname /mountDIR

Removing the LV, VG, PV
First umount the mounting directory

#umount <lv path> <mountDIR>

# lvremove <lv name>

# vgremove <vg name>

# pvremove <pv name>


LVM (Logical Volume Manager)
It is a software which install by default when you install Linux.  LVM use to allocate disks, mirroring striping and resizing the logical volumes. LVM physical volume placed on block device which have two or more hard disk.
It’s a storage management system that manage the disk space for file system and data. Most important feature is that you can easily create resize and delete LVM partition without reboot the system.

We have three main thing to implement the LVM as shown in below diagram:-





























Physical Volume (PV)
Adding new Hardware is called physical volume.  Mean you adding a new disk storage.
Volume Group (VG)
Collection of Physical volume is called volume group.
Logical Volume (LV)
The space of volume group which is used to store the data called logical volume.

Implement the Logical Volume

Fisrt of all you have to create a partition with 8e type which define the LVM.
# fdisk /dev/sda
Press n for new partition now give here size according to your requirement.
Partition type 8e. press w for save.
# partproble /dev/sda

# pvcreate  /dev/sda1 /dev/sda2

# pvdisplay

#vgcreate vgname /dev/sda1

# vgdisplay

# lvcreate –size +10G –n <lv name>  < vg name>
You can use here another command also which define the label size
# lvcreate -l +<Lavel Value> -n <lv name> <vg name>

# lvdisplay

#df -h
to check the size of new logical volume

After that create format the LV to use.
# mkfs.ext4 /dev/vgname/lvname 

After that mount LV with a existing directory
# mount /dev/vgname/lvname /mountDIR
# mount 
to check the mount 


For More about LVM please see on next post.
For Video of LVM please see on https://www.youtube.com/channel/UCdgKsGClT_D4A7he99JbfZg

Sample Text

Powered by Blogger.

Video

Popular Posts

Our Facebook Page