|
Configuring Linux Samba (SMB) - How to Setup Samba (Linux Windows File Sharing) |
 |
 |
|
Written by Administrator
|
|
Monday, 27 February 2012 21:30 |
|
Resource sharing, like file systems and printers, in Microsoft Windows systems, is accomplished using a protocol called the Server Message Block or SMB. For working with such shared resources over a network consisting of Windows systems, an RHEL system must support SMB. The technology used for this is called SAMBA. This provides integration between the Windows and Linux systems. In addition, this is used to provide folder sharing between Linux systems. There are two parts to SAMBA, a Samba Server and a Samba Client.
When an RHEL system accesses resources on a Windows system, it does so using the Samba Client. An RHEL system, by default, has the Samba Client installed.
When an RHEL system serves resources to a Windows system, it uses the package Samba Server or simply Samba. This is not installed by default and has to be exclusively set up.
Installing SAMBA on Linux Redhat/CentOS
Whether Samba is already installed on your RHEL, Fedora or CentOS setup, it can be tested with the following command:"
$ rpm -q samba
The result could be - “package samba is not installed,” or something like “samba-3.5.4-68.el6_0.1.x86_64” showing the version of Samba present on the system.
To install Samba, you will need to become root with the following command (give the root password, when prompted):
$ su -
Then use Yum to install the Linux Samba package:
# yum install samba
This will install the samba package and its dependency package, samba-common.
Before you begin to use or configure Samba, the Linux Firewall (iptables) has to be configured to allow Samba traffic. From the command-line, this is achieved with the use of the following command:
# firewall-cmd --enable --service=samba
Configuring Linux SAMBA
The Samba configuration is meant to join an RHEL, Fedora or CentOS system to a Windows Workgroup and setting up a directory on the RHEL system, to act as a shared resource that can be accessed by authenticated Windows users.
To start with, you must gain root privileges with (give the root password, when prompted):
$ su -
Edit the Samba configuration file:
# vi /etc/samba/smb.conf
The smb.conf [global] Section
An smb.conf file is divided into several sections. the [global] section, which is the first section, has settings that apply to the entire Samba configuration. However, settings in the other sections in the configuration file may override the global settings.
To begin with, set the workgroup, which by default is set as “MYGROUP”:
workgroup = MYGROUP
Since most Windows networks are named WORKGROUP by default, the settings have to be changed as:
workgroup = workgroup
Configure the Shared Resource
In the next step, a shared resource that will be accessible from the other systems on the Windows network has to be configured. This section has to be given a name by which it will be referred to when shared. For our example, let’s assume you would like share a directory on your Linux system located at /data/network-applications. You’ll need to entitle the entire section as [NetApps] as shown below in our smb.conf file:
[NetApps]
path = /data/network-applications
writeable = yes
browseable = yes
valid users = administrator
When a Windows user browses to the Linux Server, they’ll see a network share labeled
“NetApps”.
This concludes the changes to the Samba configuration file.
Create a Samba User
Any user wanting to access any Samba shared resource must be configured as a Samba User and assigned a password. This is achieved using the smbpasswd command as a root user. Since you have defined “administrator” as the user who is entitled to access the “/data/network-applications” directory of the RHEL system, you have to add “administrator” as a Samba user.
|
|
Last Updated on Tuesday, 28 February 2012 23:45 |
|
Read more...
|
|
Understanding The Linux Init Process & Different RunLevels |
|
|
|
Written by Administrator
|
|
Friday, 24 February 2012 01:40 |
|
Different Linux systems can be used in many ways. This is the main idea behind operating different services at different operating levels. For example, the Graphical User Interface can only be run if the system is running the X-server; multiuser operation is only possible if the system is in a multiuser state or mode, such as having networking available. These are the higher states of the system, and sometimes you may want to operate at a lower level, say, in the single user mode or the command line mode.
Such levels are important for different operations, such as for fixing file or disk corruption problems, or for the server to operate in a run level where the X-session is not required. In such cases having services running that depend on higher levels of operation, makes no sense, since they will hamper the operation of the entire system.
Each service is assigned to start whenever its run level is reached. Therefore, when you ensure the startup process is orderly, and you change the mode of the machine, you do not need to bother about which service to manually start or stop.
The main run-levels that a system could use are:
|
RunLevel
|
Target
|
Notes
|
|
0
|
runlevel0.target, poweroff.target
|
Halt the system
|
|
1
|
runlevel1.target, rescue.target
|
Single user mode
|
|
2, 4
|
runlevel2.target, runlevel4.target, multi-user.target
|
User-defined/Site-specific runlevels. By default, identical to 3
|
|
3
|
runlevel3.target,multi-user.target
|
Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
|
|
5
|
runlevel5.target, graphical.target
|
Multi-user, graphical. Usually has all the services of runlevel3 plus a graphical login - X11
|
|
6
|
runlevel6.target, reboot.target
|
Reboot
|
|
Emergency
|
emergency.target
|
Emergency shell
|
The system and service manager for Linux is now “systemd”. It provides a concept of “targets”, as in the table above. Although targets serve a similar purpose as runlevels, they act somewhat differently. Each target has a name instead of a number and serves a specific purpose. Some targets may be implemented after inheriting all the services of another target and adding more services to it.
Backward compatibility exists, so switching targets using familiar telinit RUNLEVEL command still works. On Fedora installs, runlevels 0, 1, 3, 5 and 6 have an exact mapping with specific systemd targets. However, user-defined runlevels such as 2 and 4 are not mapped that way. They are treated similar to runlevel 3, by default.
For using the user-defined levels 2 and 4, new systemd targets have to be defined that makes use of one of the existing runlevels as a base. Services that you want to enable have to be symlinked into that directory.
The most commonly used runlevels in a currently running linux box are 3 and 5. You can change runlevels in many ways.
A runlevel of 5 will take you to GUI enabled login prompt interface and desktop operations. Normally by default installation, this would take your to GNOME or KDE linux environment. A runlevel of 3 would boot your linux box to terminal mode (non-X) linux box and drop you to a terminal login prompt. Runlevels 0 and 6 are runlevels for halting or rebooting your linux respectively.
Although compatible with SysV and LSB init scripts, systemd:
- Provides aggressive parallelization capabilities.
- Offers on-demand starting of daemons.
- Uses socket and D-Bus activation for starting services.
- Keeps track of processes using Linux cgroups.
- Maintains mount and automount points.
- Supports snapshotting and restoring of the system state.
- Implements an elaborate transactional dependency-based service control logic.
Systemd starts up and supervises the entire operation of the system. It is based on the notion of units. These are composed of a name, and a type as shown in the table above. There is a matching configuration file with the same name and type. For example, a unit avahi.service will have a configuration file with an identical name, and will be a unit that encapsulates the Avahi daemon. There are seven different types of units, namely, service, socket, device, mount, automount, target, and snapshot.
To introspect and or control the state of the system and service manager under systemd, the main tool or command is “systemctl”. When booting up, systemd activates the default.target. The job of the default.target is to activate the different services and other units by considering their dependencies. The ‘system.unit=’ command line option parses arguments to the kernel to override the unit to be activated. For example,
systemd.unit=rescue.target is a special target unit for setting up the base system and a rescue shell (similar to run level 1);
systemd.unit=emergency.target, is very similar to passing init=/bin/sh but with the option to boot the full system from there;
systemd.unit=multi-user.target for setting up a non-graphical multi-user system;
systemd.unit=graphical.target for setting up a graphical login screen.
How to Enable/Disable Linux Services
Following are the commands used to enable or disable services in CentOS, Redhat Enterprise Linux and Fedora systems:
Activate a service immediately e.g postfix:
[root@gateway ~]# service postfix start
Starting postfix: [ OK ]
To deactivate a service immediately e.g postfix:
[root@gateway ~]# service postfix stop
Shutting down postfix: [ OK ]
To restart a service immediately e.g postfix:
[root@gateway ~]# service postfix restart
Shutting down postfix: [FAILED]
Starting postfix: [ OK ]
You might have noticed the 'FAILED' message. This is normal behavior as we shut down the postfix service with our first command (service postfix stop), so shutting it down a second time would naturally fail!
Determine which Linux Services are Enabled at Boot
|
|
Last Updated on Friday, 24 February 2012 15:37 |
|
Read more...
|
|
Troubleshooting Cisco VPN Client - How To Fix Reason 442: Failed to Enable Virtual Adapter |
|
|
|
Written by Administrator
|
|
Wednesday, 22 February 2012 23:02 |
If you are a Windows 7 user, it's most likely you'll stumble into the common Cisco VPN Client error message "Reason 442: Failed to enable Virtual Adapter".
Unfortunately the good old 'remove and reinstall' method won't get you far in this case as the problem is not within the Cisco VPN client program, but Microsoft's Internet Connection Sharing (ICS) service.
Following the steps outlined below will help resolve this error and save you a lot of time and frustration:
1. Hit the start button and type "services.msc' as shown:
2. Locate and stop Cisco Systems, Inc. VPN Service;
3. Stop and disable Internet Connection Sharing (ICS) Service;
4. Restart Cisco System, Inc. VPN Service.
Launch the Cisco VPN Client again, and the problem is now gone!
Keep in mind that we are running Cisco Systems VPN Client version 5.0.07.0440 on Windows 7 Ultimate 64-bit edition, but we faced the same problem with other versions as well.
Note: It’s always a great idea to have the latest Cisco VPN client installed. Users can download the Cisco VPN client for Windows, Linux and MacOS operating systems by visiting our Cisco Tools & Applications download section. |
|
Last Updated on Wednesday, 06 February 2013 00:55 |
|
Read more...
|
|
Greek Ministry Of Justice Hacked For the 2nd Time! |
|
|
|
Written by Administrator
|
|
Wednesday, 22 February 2012 02:55 |
For the second time during this month, the Greek Ministry Of Justice was hacked by the 'Anonymous Group', early morning hours of the 22nd of February 2012 in a protest against the Greek government's signing of the Anti-Counterfeiting Trade Agreement (ACTA), which is designed to reduce internet piracy.
Following are the screenshots saved by Firewall.cx. You can click on the images to load the full resolution image.
Note in the second image that the Greek Ministry Of Justice website is running on a Microsoft IIS webserver :)
|
|
Last Updated on Wednesday, 22 February 2012 03:54 |
|
Read more...
|
|
How To Secure Your Linux Server or Workstation - Linux Best Security Practices |
|
|
|
Written by Administrator
|
|
Friday, 10 February 2012 19:11 |
Boot Disk
One of the foremost requisites of a secure Linux server is the boot disk. Nowadays, this has become rather simple as most Linux distributions are on bootable CD/DVD/USB sticks. Other options are, to use rescue disks such as the ‘TestDisk’, ‘SystemRescueCD’, ‘Trinity Rescue Kit’ or ‘Ubuntu Rescue Remix’. These will enable you to gain access to your system, if you are unable to gain entry, and also to recover files and partitions if your system is damaged. They can be used to check for virus attacks and to detect rootkits.
Next requirement is for patching your system. Distributions issue notices for security updates, and you can download and patch your system using these updates. RPM users can use the ‘up2date’ command, which automatically resolves dependencies, rather than the other rpm commands, since these only report dependencies and do not help to resolve them.
Patch Your System
While RedHat/CentOS/Fedora users can patch their systems with a single command, 'yum update', Debian users can patch their systems with the ‘sudo apt-get update’ command, which will update the sources list. This should be followed by the command ‘sudo apt-get upgrade’, which will install the newest version of all packages on the machine, resolving all the dependencies automatically.
New vulnerabilities are being discovered all the time, and patches follow. One way to learn about new vulnerabilities is to subscribe to the mailing list of the distribution used.
Disable Unnecessary Services
Your system becomes increasingly insecure as you operate more services, since every service has its own security issues. For improving the overall system performance and for enhancing security, it is important to detect and eliminate unnecessary running services. To know which services are currently running on your system, you can use commands like:
[root@gateway~]# ps aux
Following is an example output of the above command:
[root@gateway~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 2828 1400 ? Ss Feb08 0:02 /sbin/init
root 2 0.0 0.0 0 0 ? S Feb08 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Feb08 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S Feb08 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S Feb08 0:00 [watchdog/0]
root 6 0.0 0.0 0 0 ? S Feb08 0:00 [events/0]
root 7 0.0 0.0 0 0 ? S Feb08 0:00 [cpuset]
root 8 0.0 0.0 0 0 ? S Feb08 0:00 [khelper]
root 9 0.0 0.0 0 0 ? S Feb08 0:00 [netns]
root 10 0.0 0.0 0 0 ? S Feb08 0:00 [async/mgr]
root 11 0.0 0.0 0 0 ? S Feb08 0:00 [pm]
root 12 0.0 0.0 0 0 ? S Feb08 0:00 [sync_supers]
apache 17250 0.0 0.9 37036 10224 ? S Feb08 0:00 /usr/sbin/httpd
apache 25686 0.0 0.9 37168 10244 ? S Feb08 0:00 /usr/sbin/httpd
apache 28290 0.0 0.9 37168 10296 ? S Feb08 0:00 /usr/sbin/httpd
postfix 30051 0.0 0.2 10240 2136 ? S 23:35 0:00 pickup -l -t fifo -u
postfix 30060 0.0 0.2 10308 2280 ? S 23:35 0:00 qmgr -l -t fifo -u
root 31645 0.1 0.3 11120 3112 ? Ss 23:45 0:00 sshd: root@pts/1
The following command will list all start-up scripts for RunLevel 3 (Full multiuser mode):
[root@gateway~]# ls -l /etc/rc.d/rc3.d/S*
OR
[root@gateway~]# ls -l /etc/rc3.d/S*
Here is an example output of the above commands:
[root@gateway~]# ls -l /etc/rc.d/rc3.d/S*
lrwxrwxrwx. 1 root root 23 Jan 16 17:45 /etc/rc.d/rc3.d/S00microcode_ctl -> ../init.d/microcode_ctl
lrwxrwxrwx. 1 root root 17 Jan 16 17:44 /etc/rc.d/rc3.d/S01sysstat -> ../init.d/sysstat
lrwxrwxrwx. 1 root root 22 Jan 16 17:44 /etc/rc.d/rc3.d/S02lvm2-monitor -> ../init.d/lvm2-monitor
lrwxrwxrwx. 1 root root 19 Jan 16 17:39 /etc/rc.d/rc3.d/S08ip6tables -> ../init.d/ip6tables
lrwxrwxrwx. 1 root root 18 Jan 16 17:38 /etc/rc.d/rc3.d/S08iptables -> ../init.d/iptables
lrwxrwxrwx. 1 root root 17 Jan 16 17:42 /etc/rc.d/rc3.d/S10network -> ../init.d/network
lrwxrwxrwx. 1 root root 16 Jan 27 01:04 /etc/rc.d/rc3.d/S11auditd -> ../init.d/auditd
lrwxrwxrwx. 1 root root 21 Jan 16 17:39 /etc/rc.d/rc3.d/S11portreserve -> ../init.d/portreserve
lrwxrwxrwx. 1 root root 17 Jan 16 17:44 /etc/rc.d/rc3.d/S12rsyslog -> ../init.d/rsyslog
lrwxrwxrwx. 1 root root 18 Jan 16 17:45 /etc/rc.d/rc3.d/S13cpuspeed -> ../init.d/cpuspeed
lrwxrwxrwx. 1 root root 20 Jan 16 17:40 /etc/rc.d/rc3.d/S13irqbalance -> ../init.d/irqbalance
lrwxrwxrwx. 1 root root 17 Jan 16 17:38 /etc/rc.d/rc3.d/S13rpcbind -> ../init.d/rpcbind
lrwxrwxrwx. 1 root root 19 Jan 16 17:43 /etc/rc.d/rc3.d/S15mdmonitor -> ../init.d/mdmonitor
lrwxrwxrwx. 1 root root 20 Jan 16 17:38 /etc/rc.d/rc3.d/S22messagebus -> ../init.d/messagebus
To disable services, you can either stop a running service or change the configuration in a way that the service will not start on the next reboot. To stop a running service, RedHat/CentOS users can use the command -
[root@gateway~]# service service-name stop
The example below shows the command used to stop our Apache web service (httpd):
[root@gateway~]# service httpd stop
Stopping httpd: [ OK ]
In order to stop the service from starting up at boot time, you could use -
[root@gateway~]# /sbin/chkconfig --levels 2345 service-name off
Where 'service-name' is replaced by the name of the service. e.g httpd
You can also remove a service from the startup script by using the following commands which will remove the httpd (Apache Web server) service:
|
|
Last Updated on Tuesday, 14 February 2012 02:26 |
|
Read more...
|
|
CPU Wars - A Firewall.cx Team Member Made Card Games a Lot Geekier |
|
|
|
Written by Administrator
|
|
Thursday, 09 February 2012 01:17 |
Harry Mylonadis (The_Berzerker) has been part of the firewall.cx team since 2005. His latest project has come to shake the waters of card games and make them a lot geekier. Last November he launched a campaign on the crowdfunding site kickstarter in order to raise the funds to produce his uber-geeky card game CPU Wars .
CPU Wars is a trump card game built by geeks for geeks. For Volume 1.0 he chose 30 CPUs that he believes had the greatest impact on the desktop history. The game is ideally played by 2 or 3 people. The deck is split between the players and then each player takes a turn and picks a category that they think has the best value. He has chosen the most important specs that could be numerically represented, such as maximum speed achieved and maximum number of transistors.
For more information and to grab a deck head over to the dedicated shop -> http://shop.cpuwarsthegame.com/ |
|
Last Updated on Tuesday, 14 February 2012 00:13 |
|
|
Network Security Articles
