Archive for May, 2009

h1

Some useful IBM Redbooks

May 1, 2009

I’ve found the IBM Redbooks page, in which, there’s many interesting books like this

TCP/IP Tutorial and Technical Overview

In this one, you can find info about the different network layers, from physic to application, with  explanations about routing protocols (OSPF, EIGRP, BGP…), IPv6, LDAP, VoIP, Wifi stuff, etc

Linux performance and tuning guidelines

In this, you’ll finde some very useful info. about how Linux works managing filesystems, I/O, memory, etc and how we can monitoring this with some well-know tools like Wireshark, vmstat, top, strace and many other commands.

Also in the IBM Redbooks page, there’re thousands of books about different topics, like WebSphere, DB2, AIX, Tivoli, Linux server integration and many other IBM stuff for their servers.

PD: I’ll add others redbooks :P. Send me suggestions about other books

h1

Preventing ctrol+alt+del rebooting in our machine

May 1, 2009

Edit the /etc/inittab file as root

There’s a line like this in the file

ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Just comment it, or replace it with something like this
ca:12345:ctrlaltdel:echo "Use the "shutdown -r now" command if you want to reboot the system"

Also you should read the shutdown manual. This is a part of this that I think is important if we want to lock the rebooting system.
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appro-
priate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard
can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in
on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation
of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then
compares the login names in that file with the list of people that are logged in on a virtual console
(from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Oth-
erwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty
lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this
file.

In some distros like Fedora, you must look for the /etc/event.d/control-alt-delete file to modify this event

Cheers

h1

RSA2/DSA key access from PuTTY to a *NIX OpenSSH server

May 1, 2009

If you want to access to your *NIX server using PuTTY in Windows, you just should follow the next steps to create a secure access using RSA/DSA public key infrastructure.

1) The first thing is configuring our openSSH server in the “/etc/ssh/sshd_config” file and modifying some configuration fields

  • Protocol 2
  • RSAAuthentication yes
  • PubkeyAuthentication yes
  • AuthorizedKeysFile      %h/.ssh/authorized_keys

Reload the ssh daemon. /etc/init.d/ssh reload

2) Get the PuTTY Key Generator (Just typing it in google) and generate a RSA2/DSA public and private keys. Save them in a folder, and copy the text with Ctrl+C or in a file. This is your public key in openSSH format (The format which uses the ssh daemon)

It would be a good idea protect our private key with a passphrase, at least, if we’ll use the remote access in a public place like an office. Maybe you must try PuTTY PageAgent to manage your keys, but this is another bussiness 😛

3) Paste the text in your server in you “$home/.ssh/authorized_keys” of the user that you want to authenticate with RSA/DSA. (I suppose that “public_key” file contains the text generated by PuTTY)

  • cat public_key >>$home/.ssh/authorized_keys

4) Now, just open PuTTY and load your private key

5) Just login in the server as usual, and you should be logged in without typing your password. You must be type the keyphrase if you had set it in the  2nd step.

Regards, and be careful with your private key file 😎