Allow SSH and Web Connections in IP Tables in Linux


To Allow web and ssh connections in IP Tables

SSH and web both require out going messages on established tcp connections.

iptables -A OUTPUT -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

Then you need to allow incomming connections on port 80 and 22 and possibly 443
iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 -m state –state NEW -j ACCEPTiptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 -m state –state NEW -j ACCEPTiptables -A INPUT -p tcp -i eth0 –dport 443 –sport 1024:65535 -m state –state NEW -j ACCEPT

To allow a DNS server to operate use the following rules (assuming your blocking inbound and outbound in iptables)

DNS communicated in to destination port 53 but can come from any port in the upper range. So these rules require a large section of ports to allow access as long as they want to talk to 53.

iptables -A OUTPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPTiptables -A INPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPT

migratepv VS replacepv


what is the difference between migratepv and replacepv?

replacepv command simply moves all the logical partitions on one physical volume to another physical volume.  The command is designed to make it easy to replace a disk in a mirrored configuration.

migratepv command also very similar.

The biggest difference is that migratepv allows you to copy the LPs on a logical volume basis, not just on a physical volume basis. For example, if you have a disk that has two logical volumes on it and you want to reorganize and put each logical volume on a different disk, migratepv can do it.

migratepv -l lv01 hdisk1 hdisk2
migratepv -l lv02 hdisk1 hdisk3

In this case, the logical partitions from logical volume lv01 are moved from hdisk1 to hdisk2.
The logical partitions from logical volume lv02 are moved to hdisk3.

What is umask?


umask will be used for setting the default file creation permissions.When a file is created, its permissions are set by default, depending on the umask setting configured.

This value is usually set for all users in /etc/profile and can be obtained by typing command umask:
testuser$ umask
0022

The default umask value is usually 022. It is an octal number which indicates what rights will be removed by default to all newly created files by a user.For example, 022 indicates that write permissions will not be given to group and other.


For example, with umask value of 000, files get mode 666 and directories get mode 777. As a result, with a default umask value of 022, newly created files get a default mode 644 (666 - 022 = 644) and directories get a default mode 755 (777 - 022 = 755).

To change the umask value:

For example, if you want by default all the,

  • New directories to get permissions rwxr-x----  (Mode: 750)
  • New files to get permissions rw-r-----  (Mode 640)

You need to use a umask value which removes all rights to other, and write permissions to the group and the value is 027. The command to use to set this:

# umask 027

Changing default gateway in SuSE Linux


Adding default Gateway in Linux SUSE

To change the default route permanently in SuSe Linux, make an entry in /etc/sysconfig/network/routes file.

For example, to make 192.168.10.1 as default route, add the following line into /etc/sysconfig/network/routes file. 

default 192.168.2.1 - -

Using route command:

To route all the traffic via 192.168.1.1 gateway connected via eth1 network interface:
# route add default gw 192.168.1.1 eth1

To view routes configured:

# netstat -rn 

Setting Limits for Users in Linux



We can set useful limits for users which is useful to control the resource utilization in Linux. This can be configured in /etc/security/limits.conf. To activate these limits you need to add the following line to the bottom of /etc/pam.d/login file in your Linux server.

session required /lib/security/pam_limits.so.

Entries in limits.conf file have the following structure:
[username or @groupname]          [type resource]        [limit]
Group names must be preceded by the @ to distinguish them from usernames.
The type must be either soft or hard. Soft-limits can be exceeded and are usually warning marks whereas hard-limits cannot be exceeded. A resource type can be one of the following keywords:

core
 Limits the size of a core file (KB).
data
 Maximum data size (KB).
fsize
 Maximum file size (KB).
memlock
 Maximum locked in memory address space (KB).
nofile
 Maximum number of open files.
rss
 Maximum resident set size (KB).
stack
 Maximum stack size (KB).
cpu
 Maximum CPU time in minutes.
nproc
 Maximum number of processes.
as
 Address space limit.
maxlogins
 Maximum number of logins allowed for this user.


Below is example of limits.conf file. In this example, oracle user set to memlock limit of 12582912 and all the users in the server set with nproc and nofile limits.

# Added for Oracle Database Server
* soft nproc 2047
* hard nproc 16384
* soft nofile 1024
* hard nofile 65536

oracle soft memlock 12582912
oracle hard memlock 12582912

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4
# End of file

Special Shell Variables - Useful for Scripting

Below are the special shell variables. These are important to know for everyone, especially who is willing to learn shell scripting. Hope the list helps.

Name
Description
$1 - $9
These variables are referring the parameters passed to command or script. $1 refers to the first argument and $2 refers second and so on.
$0
The name of the command or script currently being executed.
$#
The number of arguments passed to the command/script or invocation of the shell.
$?                     
The exit status of the last command executed is given as a decimal string.  When a command completes successfully, it returns the exit status of 0 (zero), otherwise it returns a non-zero exit status.
$$
The process number of the currently executing command or script. - Useful for including in filenames, to make them unique.
$!
The process ID of the last command runs in the background.
$-
The current options supplied to the command or script.
$*
A string containing all the arguments passed to the command/script or shell, starting at $1. When quoted, "$*" is a single word, comprising all the arguments to the shell, joined together with spaces. For example ‘a b' c becomes "a b c".
$@
Same as above, except when quoted. When quoted, "$@" is identical to the arguments received by the shell, the resulting list of words completely match what was given to the shell. For example '1 2' 3 becomes "1 2" "3"

Apart from these, there are some standard variables which are set through .profile or .bashrc. Try "env" command to view all of them.