Mail me when someone runs command using sudo – Linux Security

There is situation that i wanted to monitor all the sudo users activity, When ever they type an command using sudo i should get an email. This is very important when your working as a Linux Security Administrator / Security analyst.  As a Linux Administrator you should have an evidence to prove somebody is screed up something in your environment.

Restrict your Administrator’s to use sudo for all the important commands by writing an restriction in /etc/sudoers file then change the permission of the /etc/sudoers to 600 using root. No user will able to see the

:: Prerequisites ::

1. Restrict users by adding restrictions to /etc/sudoers
2. Create an distribution list and add that to configuration – because every time we are not going to modify config file

Most of the time what we will do is we will provide an full rights to the administrator based an there designation and level of exportation, but we don’t know what he / she is doing an the production environment. In order to monitor the typed commands with sudo, We have to add below lines to the configuration file.

Add the entry to the /etc/sudoers as mentioned below, It will send you an alert whenever user type the command using sudo. Providing the the path of the log file it will save an every executed command as shown in below:

~]# vi /etc/sudoers
###### Get every alert when user fired an command with sudo ####
Defaults        syslog=auth, insults, syslog_goodpri=alert
Defaults        logfile=/var/log/sudo.log
Defaults        timestamp_timeout=0, log_year, tty_tickets
Defaults        mailto="theja473@gmail.com", mail_always, mail_badpass, mail_no_user

Some times we need an exceptional cases that we don’t want to get alert when particular user types and commands with sudo before the command.

we have to modify the configuration as shown in below.

~]#vi /etc/sudoers
User_Alias NoMail = goodboy, goodgirl
User_Alias MailUsers = ALL, !NoMail
Defaults           mailto="aravikumar48@gmail.com"
Defaults:MailUsers mail_always
Defaults:NoMail    !mail_badpass

Where User_Alias NoMail it will not send a mail for that specified users.

INSTALLING OPERATING SYSTEM IMAGES IN TO SD CARDS

INSTALLING OPERATING SYSTEM IMAGES USING WINDOWS

• Insert the SD card into your SD card reader and check which drive letter was assigned. You can easily see the drive letter (for example G:) by looking in the left column of Windows Explorer. You can use the SD Card slot (if you have one) or a cheap SD adaptor in a USB port.
• Download the Win32DiskImager utility from the Sourceforge Project page (it is also a zip file); you can run this from a USB drive.
• Extract the executable from the zip file and run the Win32DiskImager utility; you may need to run the utility as administrator. Right-click on the file, and select Run as administrator.
• Select the image file you extracted above.
• Select the drive letter of the SD card in the device box. Be careful to select the correct drive; if you get the wrong one you can destroy your data on the computer's hard disk! If you are using an SD card slot in your computer and can't see the drive in the Win32DiskImager window, try using a cheap SD adaptor in a USB port.
• Click Write and wait for the write to complete.
• Exit the imager and eject the SD card.

INSTALLING OPERATING SYSTEM IMAGES ON LINUX

Please note that the use of the dd tool can overwrite any partition of your machine. If you specify the wrong device in the instructions below you could delete your primary Linux partition. Please be careful.

• Run df -h to see what devices are currently mounted.
• If your computer has a slot for SD cards, insert the card. If not, insert the card into an SD card reader, then connect the reader to your computer.
• Run df -h again. The new device that has appeared is your SD card. The left column gives the device name of your SD card; it will be listed as something like /dev/mmcblk0p1 or /dev/
  sdd1. The last part (p1 or 1respectively) is the partition number but you want to write to the whole SD card, not just one partition. Therefore you need to remove that part from the name (getting, for example, /dev/mmcblk0 or /dev/sdd) as the device for the whole SD card. Note that the SD card can show up more than once in the output of df; it will do this if you have previously written a Raspberry Pi image to this SD card, because the Raspberry Pi SD images have more than one partition.
• Now that you've noted what the device name is, you need to unmount it so that files can't be read or written to the SD card while you are copying over the SD image.
• Run umount /dev/sdd1, replacing sdd1 with whatever your SD card's device name is (including the partition number).
• If your SD card shows up more than once in the output of df due to having multiple partitions on the SD card, you should unmount all of these partitions.
• In the terminal, write the image to the card with the command below, making sure you replace the input file if= argument with the path to your .imgfile, and the /dev/sdd in the output file of= argument with the right device name. This is very important, as you will lose all data on the hard drive if you provide the wrong device name. Make sure the device name is the name of the whole SD card as described above, not just a partition of it; for example sdd, not sdds1 or sddp1; or mmcblk0, not mmcblk0p1.

  dd bs=4M if=2015-11-21-raspbian-jessie.

  img of=/dev/sdd
  

• Please note that block size set to 4M will work most of the time; if not, please try 1M, although this will take considerably longer.
• Also note that if you are not logged in as root you will need to prefix this withsudo.
• The dd command does not give any information of its progress and so may appear to have frozen; it could take more than five minutes to finish writing to the card. If your card reader has an LED it may blink during the write process. To see the progress of the copy operation you can run pkill -USR1 -n -x dd in another terminal, prefixed with sudo if you are not logged in as root. The progress will be displayed in the original window and not the window with the pkill command; it may not display immediately, due to buffering.
• Instead of dd you can use dcfldd; it will give a progress report about how much has been written.
• You can check what's written to the SD card by dd-ing from the card back to another image on your hard disk, truncating the new image to the same size as the original, and then running diff (or md5sum) on those two images.
• The SD card might be bigger than the original image, and dd will make a copy of the whole card. We must therefore truncate the new image to the size of the original image. Make sure you replace the input file if= argument with the right device name. diff should report that the files are identical.

  dd bs=4M if=/dev/sdd of=from-sd-card.img
  truncate --reference 2015-11-21-raspbian-jessie.img from-sd-card.img
  diff -s from-sd-card.img 2015-11-21-raspbian-jessie.img

• Run sync; this will ensure the write cache is flushed and that it is safe to unmount your SD card.
• Remove the SD card from the card reader.

INSTALLING OPERATING SYSTEM IMAGES ON MAC OS

On Mac OS you have the choice of the command line dd tool or using the graphical tool ImageWriter to write the image to your SD card.

(MOSTLY) GRAPHICAL INTERFACE

• Connect the SD card reader with the SD card inside. Note that it must be formatted in FAT32.
• From the Apple menu, choose About This Mac, then click on More info...; if you are using Mac OS X 10.8.x Mountain Lion or newer then click on System Report.
• Click on USB (or Card Reader if using a built-in SD card reader) then search for your SD card in the upper right section of the window. Click on it, then search for the BSD name in the lower right section; it will look something like 'diskn' where n is a number (for example, disk4). Make sure you take a note of this number.
• Unmount the partition so that you will be allowed to overwrite the disk; to do this, open Disk Utility and unmount it (do not eject it, or you will have to reconnect it). Note that On Mac OS X 10.8.x Mountain Lion, "Verify Disk" (before unmounting) will display the BSD name as "/dev/disk1s1" or similar, allowing you to skip the previous two steps.
• From the terminal run:

  sudo dd bs=1m if=path_of_your_image.img of=/dev/rdiskn

  Remember to replace n with the number that you noted before!
  • If this command fails, try using disk instead of rdisk:

    sudo dd bs=1m if=path_of_your_image.img of=/dev/diskn

COMMAND LINE

• If you are comfortable with the command line, you can write the image to a SD card without any additional software. Open a terminal, then run:
  diskutil list
• Identify the disk (not partition) of your SD card e.g. disk4 (not disk4s1).
• Unmount your SD card by using the disk identifier to prepare copying data to it:
  diskutil unmountDisk /dev/disk<disk# from diskutil>
  e.g. diskutil unmountDisk /dev/disk4
• Copy the data to your SD card:
  sudo dd bs=1m if=image.img of=/dev/rdisk<disk# from diskutil>
  e.g. sudo dd bs=1m if=2015-11-21-raspbian-jessie.
  img of=/dev/rdisk4
  • This may result in an dd: invalid number '1m' error if you have GNU coreutils installed. In that case you need to use 1M:
    sudo dd bs=1M if=image.img of=/dev/rdisk<disk# from diskutil>
• This will take a few minutes, depending on the image file size. You can check the progress by sending a SIGINFO signal pressing 
  Ctrl
  +
  T
  .
  • If this command still fails, try using disk instead of rdisk:

    e.g. `sudo dd bs=1m if=2015-11-21-raspbian-jessie.

    img of=/dev/disk4`
    

    or

    e.g. `sudo dd bs=1M if=2015-11-21-raspbian-jessie.

    img of=/dev/disk4`
    

ALTERNATIVE METHOD

Note: Some users have reported issues with using Mac OS X to create SD cards.

These commands and actions need to be performed from an account that has administrator privileges.

• From the terminal run df -h.
• Connect the SD card reader with the SD card inside.
• Run df -h again and look for the new device that wasn't listed last time. Record the device name of the filesystem's partition, for example /dev/disk3s1.
• Unmount the partition so that you will be allowed to overwrite the disk:

  sudo diskutil unmount /dev/disk3s1

  (or open Disk Utility and unmount the partition of the SD card (do not eject it, or you will have to reconnect it)
• Using the device name of the partition, work out the raw device name for the entire disk by omitting the final "s1" and replacing "disk" with "rdisk". This is very important as you will lose all data on the hard drive if you provide the wrong device name. Make sure the device name is the name of the whole SD card as described above, not just a partition of it (for example, rdisk3, not rdisk3s1). Similarly, you might have another SD drive name/number like rdisk2 or rdisk4; you can check again by using the df -h command both before and after you insert your SD card reader into your Mac. For example, /dev/disk3s1 becomes /dev/rdisk3.
• In the terminal, write the image to the card with this command, using the raw disk device name from above. Read the above step carefully to be sure you use the correct rdisk number here:

  sudo dd bs=1m if=2015-11-21-raspbian-jessie.

  img of=/dev/rdisk3
  

  If the above command reports an error (dd: bs: illegal numeric value), please change bs=1m to bs=1M.
  If the above command reports an error dd: /dev/rdisk3: Permission denied then that is because the partition table of the SD card is being protected against being overwritten by MacOS. Erase the SD card's partition table using this command:

  sudo diskutil partitionDisk /dev/disk3 1 MBR "Free Space" "%noformat%" 100%

  That command will also set the permissions on the device to allow writing. Now try the dd command again.
  Note that dd will not feedback any information until there is an error or it is finished; information will be shown and the disk will re-mount when complete. However if you wish to view the progress you can use 'ctrl-T'; this generates SIGINFO, the status argument of your tty, and will display information on the process.
• After the dd command finishes, eject the card:

  sudo diskutil eject /dev/rdisk3

  (or: open Disk Utility and eject the SD card)

Connecting an Arduino to Raspberry Pi

Connecting an Arduino to Raspberry Pi for the best of both worlds

“Connecting an Arduino to Raspberry Pi for the best of both worlds” Rather than struggle with the very basic unprotected IO pins on the Raspberry Pi and the lack of real-time performance in Linux, the ideal setup for many real-world-interfacing projects is Raspberry Pi + Arduino.

After pricing a multitude of combinations of microcontroller boards and Wifi adapters, I found that the Raspberry Pi + USB Wifi + Arduino is the absolute best value for money if you need both wireless internet access and easy sensor data handling. (Note: I’ll be investigating the Beaglebone Black soon to see how it compares).

There are four basic ways to connect Arduino to Raspberry Pi:

1. Buy an add-on board like the Gertboard which has an Arduino compatible IC on it. Pricey.
2. Plug a standard Arduino like an Uno or Nano into the USB port of the RPi. This is by far the easiest method and minimises wiring and hassle. However it requires the more expensive Arduinos.
3. Use a USB to Serial adapter with a cheaper/smaller Arduino like a Pro Mini or a self-made Shrimp. This is the best DIY option and has the same advantage of method 2 that you can power the Arduino/Shrimp from USB. For a Model B RPi, I’d recommend this route.
4. Use the Serial Pins on the Raspberry Pi to connect to a cheaper/smaller Aruduino like a Pro Mini or a self-made Shrimp. This is theoretically the cheapest method but by far the most hassle. This is also the best method if you are using the cheaper Raspberry Pi Model A and its single USB port is being used for Wifi.

I won’t go into the details of 1 since I haven’t done it. 2 and 3 are plug n play and require no instructions. 4 is the awkward one, so here are some notes to save you the hassle I went through.

The basic steps are identical to those described here. In hardware terms You connect the 3.3V/GND/TX/RX pins on the Raspberry Pi via a level converter to 5V/GND/RX/TX pins on an Arduino. Alternatively you buy a 3.3V Arduino and avoid the need for a level converter. I powered the Arduino separately to avoid overloading the RPi pins (this seems to be causing intermittent issues with RPi booting tho).

RPi software changes involve commenting out this line in /etc/inittab with a #

T0:23:respawn:/sbin/getty -L ttyAMA0 115200 vt100

and removing the following parts of the one line in /boot/cmdline.txt

console=ttyAMA0,115200 kgdboc=ttyAMA0,115200

You also need to create a link to the serial port so that the Arduino IDE recognises it:

sudo ln -s /dev/ttyAMA0 /dev/ttyUSB9

That last step has to be done after every reboot. I should find a way to make it permanent.

Unfortunately this still isn’t enough to be able to program the Arduino from the IDE running on the RPi. We need to be able to toggle the reset pin on the Arduino to initiate programming. Normally that’s done by the USB-Serial adapters or the USB-Serial chip on the more expensive Arduinos. To do this in our setup requires following the instructions herewhere one of the Arduino tools is wrapped in a script which does the pin toggling at exactly the right moment. In summary:

1. Connect Pin 11 (GPIO 17) of the RPi to the DTR Pin on the Arduino Pro Mini via the level converter
2. Run the following commands to download and configure avrdude-rpi:

sudo apt-get update
sudo apt-get install python-dev
sudo apt-get install python-rpi.gpio
wget <a href="https://raw.github.com/deanmao/avrdude-rpi/master/autoreset">https://raw.github.com/deanmao/avrdude-rpi/master/autoreset</a>
wget <a href="https://raw.github.com/deanmao/avrdude-rpi/master/avrdude-autoreset">https://raw.github.com/deanmao/avrdude-rpi/master/avrdude-autoreset</a>
sudo cp autoreset /usr/bin
sudo cp avrdude-autoreset /usr/bin
sudo mv /usr/bin/avrdude /usr/bin/avrdude-original
sudo ln -s /usr/bin/avrdude-autoreset /usr/bin/avrdude
sudo chmod 755 /usr/bin/avrdude-autoreset
sudo chmod 755 /usr/bin/autoreset

I was getting a warning about “Channel already in use” from /usr/bin/autoreset so I added this to the end of the file:

PIO.cleanup()

Note you must run the Arduino IDE as root from now on. i.e. in LXTerminal:

sudo arduino

If you haven’t already, reboot the RPi to make the earlier steps kick in. You should now be able to program whatever you like on to the Arduino using the IDE running on the Raspberry Pi. I even have this running headless by connecting to the RPi across the network using the Windows Remote Desktop Connection tool.

Any questions, pop them in the comments.

RUN LEVELS/TARGETS IN LINUX

RUN LEVELS/TARGETS IN LINUX

Run Levels/Targets in Linux

Welcome guys to our linux tutorial, In this article we will discuss about different runlevels in unix-linux system. We will briefly describe runlevel, its associated configuration file, boot process,stages of boot process and finally we will discuss briefly about each runlevel. These runlevels or modes run system or boot process defined by user/system admin. But in latest version system uses target instead of runlevels so I am going to use both runlevel or target word so don’t confuse.

Introduction

Runlevels is basically modes in *nix based systems which is initializing operating system. Every runlevel has certain numbers of services started or stopped. This gives user flexibility to run/boot system in different modes( run system with certain services) as per requirements
Init stand for initialization is the program file in *nix operating system. Its run as a daemon and has typically process identity (PID)  1.

Configuration File

/etc/inittab is a configuration file used to setup the default runlevels for *nix system.After the linux system is booted the init program reads this configuration file and determines runlevel set in this file. If user/admin has not specified any runlevel system will boot with default runlevel.  Applications which  are started by init program located in the/etc/rc.d folder, then within this folder there are  separate folders for each runlevel  e.g rc0.d, rc1.d etc. These runlevels or targets are defined in below.

To Change in configuration file is open it in vi editor or any other editor of your own choice .

I am going to open with vi

vi /etc/inittab.

In older version you can change the run level in last line of this file see below example

id:5:initdefault: or id:3:initdefault    #(choose as per your requirement)

In latest version there are only two main targets by default

# multi-user.target: analogous to runlevel 3

# graphical.target: analogous to runlevel 5         #(choose as per your requirement)

BOOT Process

There are following stages of boot process.

Runlevel or Target with Commands

There are seven runlevels in *nix OS and runlevels are identified by numbers.

Init 0

Init 0 is for immediately shutdown system and powers it off you may also use halt and poweroff. Syntax init 0 orpoweroff or halt.

[fahmed@faraz ~]$ init 0

[fahmed@faraz ~]$ poweroff

[fahmed@faraz ~]$ halt

Init 1

It is also known as Single-User mode and it is used for system maintenance and root in CLI mode. Syntax init 1. No network interfaces configured

[fahmed@faraz ~]$ init 1

Init 2

Used for without networking in CLI mode and it is multi-user mode. Syntax init 2.

[fahmed@faraz ~]$ init 2

Init 3

It is also used as multi-user mode but with networking in CLI mode. Syntax init 3. this is like normal startup

[fahmed@faraz ~]$ init 3

Init 4

This is an un-defined mode or you can say not in used mode. Syntax init 4.

[fahmed@faraz ~]$ init 4

Init 5

This is a GUI mode. A standard and default runlevel/target  for most *nix OS. Syntax init 5.

[fahmed@faraz ~]$ init 5

Init 6

It is used to restart your system when required and you may also use reboot.

Syntax init 6 or reboot.

[fahmed@faraz ~]$ init 6
OR
[fahmed@faraz ~]$ reboot

NOTE: Don’t set runlevel 0, 1 and 6 as default runlevel. Otherwise you will face the problems.

To check who is logon in system by using command who. Or list of user login by using command who –u.

[fahmed@faraz ~]$ who

fahmed   :0           2016-02-24 06:09 (:0)

fahmed   pts/0        2016-02-24 06:10 (:0)

fahmed   pts/1        2016-02-24 06:10 (192.168.40.112)

To view current runlevel/target by using command who –r.

[fahmed@faraz ~]$ who -r

run-level 5  2016-02-24 05:33

To view boot system time by using command who –b.

[fahmed@faraz ~]$ who -b

system boot  2016-02-24 05:32

[fahmed@faraz ~]$

For all options by using who –a.

[fahmed@faraz ~]$ who -a

system boot  2016-02-24 05:32

fahmed   ? :0           2016-02-24 06:09   ?          4601 (:0)

run-level 5  2016-02-24 05:33

fahmed   + pts/0        2016-02-24 06:10 00:22        5430 (:0)

fahmed   + pts/1        2016-02-24 06:10   .          5584 (192.168.40.112)

[fahmed@faraz ~]$

In this tutorial we discussed about runlevels or targets with command init 0 to 6 and who command who –r, who –u, who –a and who –b. Please subscribe our newsletter for new upcoming tutorials.

HOW TO CONFIGURE DHCP SERVER IN LINUX0

Hello and welcome guys, In this new and exciting tutorial/article we will learn step by step how to configure DHCP Server in Linux (Red Hat/ CentOS). We will do configuration by using configuration file.  This is used for enterprise network to reduce manual  IP configuration efforts (for instance it will take hours and hours to do ip configuration on 1000 systems).

What is DHCP Server

DHCP stands for Dynamic Host Configuration Protocol.
Network/Server/System Administrator designs and implements DHCP server to centrally manage and automate the process of assigning Internet Protocol (IP) in company/organization. DHCP has ability to assign IP automatically for the system as well as Subnet Mask, Gateway and DNS (if you have configured),
when system boots it gets the IP from DHCP. DHCP uses DORA process in backend. DHCP uses the concept of lease time or we can say the amount of time that given an IP address is valid for computer. The lease time may vary depending on the user to require internet connection with a specific location. It is useful in education sector or other environment where users change frequently.

DORA Stand for Discover Offer Request Acknowledgement.

DHCP Discover

When a client is configure with obtain automatic IP address, then the client PC searches for DHCP server. The UDP is broadcasted to discover the DHCP server.

Available IP address in the pool offered by DHCP Server and the Client PC waiting for the IP address.

DHCP Request

In the response of the offer, Client will request IP address.

DHCP Acknowledge

In the response to the request, DHCP server will respond with IP address, subnet mask, Gateway and DNS info along with the acknowledgement.

DHCP PORTS

DHCP client is running on the client machine. It begins broadcasting requests for configuration information. By default, these requests are listening on UDP port # 68. The server responds to client on UDP port # 67.

Installation of DHCP Server on CentOS / Red Hat 7

For installation of DHCP server by using command yum. Syntax yum install dhcp

[root@faraz ~]# yum install dhcp*

Loaded plugins: fastestmirror, langpacks, priorities

base                                                                        | 3.6 kB  00:00:00
epel/x86_64/metalink                                                        | 4.0 kB  00:00:00
epel                                                                        | 4.3 kB  00:00:00
extras                                                                      | 3.4 kB  00:00:00
updates                                                                     | 3.4 kB  00:00:00

(1/4): epel/x86_64/updateinfo                                               | 523 kB  00:00:02
(2/4): extras/7/x86_64/primary_db                                           | 101 kB  00:00:03
(3/4): epel/x86_64/primary_db                                               | 3.9 MB  00:00:08
(4/4): updates/7/x86_64/primary_db                                          | 3.2 MB  00:00:22

After installation you need to configure a static IP address for DHCP server in the DHCP range for the listening interface. (e.g. enp0s3 for latest version, eth0 for older versions)

Configure Server Interface (Network Interface Card) for DHCP

Open the file /etc/sysconfig/network-scripts/ifcfg-enp0s3 with insertion mode through vim tool and make the changes as per requirement. Here we go…..;

[root@faraz ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.56.10
NETMASK=255.255.255.0

DHCP Configuration

Now we are going to configure our DHCP server, for configuration we need to go to the file which is in/etc/dhcp/dhcpd.conf. In this file we need to add some parameters for DHCP server configuration by defining IP range, route, domain name server, default and max lease time within subnet and netmask parameters.

[root@faraz ~]# vi /etc/dhcp/dhcpd.conf

# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

subnet 192.168.56.0 netmask 255.255.255.0
{
range 192.168.56.50 192.168.56.100;
# DNS server IP or additional DNS server IP
#       option domain-name-servers 8.8.8.8, 8.8.4.4 (remove the [#] hash sign if you have domain server)
#Domin name
#       option domain-name shahid-academy.com
option broadcast-address 192.168.56.255;
#Gateway IP
option routers 192.168.56.1;
 
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
}

Reserve IP address with MAC

You can also reserve the IP address for printer or system/ Pc with MAC address in this regard add some parameter which is define in below example;

host myPC
{
hardware ethernet 00:00:00:00:00:00;
fixed-address 192.168.56.90;
}

Add rule for Firewall

If your system’s firewall in running position then you have two choices one is stop the service of firewall by usingsystemctl stop firewalld and the second one is to define the rule for the firewall by using below condition;

[root@faraz ~]# firewall-cmd --permanent --add-service=dhcp

[root@faraz ~]# firewall-cmd --reload

Service

Start the service by using command systemctl. Syntax systemctl start service – daemon – name

[root@faraz ~]# systemctl start dhcpd

You can start the service at the boot time by using enable option. Syntax systemctl enable service – daemon – name

[root@faraz ~]# systemctl enable dhcpd

Verification of DHCP Server Configuration

Finally you can verify whether you DHCP server configure accurately or not by using dhcpd configtest.

[root@faraz ~]# dhcpd configtest

In this tutorial/ article we have learnt how to configure DHCP server with reservation by adding firewall rule if firewall is running. I hope you like it and learn this practical knowledge. Let us know about your suggestions and problem through comment and subscribe our newsletter. Keep learning with us…