rssh chroot jailroot sftp creation - By Vinodh tiruttani

Steps for chroot jail folder creation:
The chroot command changes its current and root directories to the provided directory and then run command, if supplied, or an interactive copy of the user's login shell. Please note that not every application can be chrooted.
Creating User
[root@learnadmin ~]# /usr/sbin/useradd testrssh
[root@learnadmin ~]# su testrssh
[testrssh@learnadmin root]$ cd /home/testrssh/
[testrssh@learnadmin ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/testrssh/.ssh/id_dsa):
Created directory '/home/testrssh/.ssh'.
Enter passphrase (empty for no passphrase): < Type passphrase >
Enter same passphrase again: <  Re-type passphrase >
Your identification has been saved in /home/testrssh/.ssh/id_dsa.
Your public key has been saved in /home/testrssh/.ssh/id_dsa.pub.
The key fingerprint is:
92:c9:fe:9f:47:29:ba:15:29:9c:51:84:0f:c6:d8:0b testrssh@learnadmin.com
[testrssh@learnadmin ~]$
[testrssh@learnadmin ~]$ cd .ssh/
[testrssh@learnadmin .ssh]$ pwd
/home/testrssh/.ssh
[testrssh@learnadmin .ssh]$ cp id_dsa.pub authorized_keys2
[testrssh@learnadmin .ssh]$ ls -l
total 24
-rw-r--r-- 1 testrssh testrssh 618 Jun 12 18:12 authorized_keys2
-rw------- 1 testrssh testrssh 736 Jun 12 18:11 id_dsa ( 600 permission)
-rw-r--r-- 1 testrssh testrssh 618 Jun 12 18:11 id_dsa.pub
[testrssh@learnadmin .ssh]$
[testrssh@learnadmin .ssh]$ exit
[root@learnadmin ~]# /usr/sbin/usermod -s /usr/bin/rssh testrssh
Download from net rssh-2.3.3.tar.gz from http://www.pizzashack.org/rssh/downloads.shtml
[root@learnadmin ~]# tar xvf rssh-2.3.3.tar.gz
[root@learnadmin ~]# cd rssh-2.3.3
[root@learnadmin rssh-2.3.3]# ./configure
[root@learnadmin rssh-2.3.3]# make
[root@learnadmin rssh-2.3.3]# make install
[root@learnadmin rssh-2.3.3]# cd ..
 Download from net rssh-2.3.3-1.x86_64.rpm
 [root@learnadmin ~]# rpm -ivh rssh-2.3.3-1.x86_64.rpm
Preparing...                ########################################### [100%]
   1:rssh                   ########################################### [100%]
[root@learnadmin ~]# pwd
/root
·         Converting rssh chroot Jail folder – Execute the below script from the below location
 [root@learnadmin ~]# cp /usr/share/doc/rssh-2.3.3/mkchroot.sh .
[root@learnadmin ~]# chmod 775 mkchroot.sh
 [root@learnadmin ~]# ./mkchroot.sh /home/testrssh/
NOT changing owner of root jail.
NOT changing perms of root jail.
setting up /home/testrssh//usr/bin
setting up /home/testrssh//usr/libexec/openssh
setting up /home/testrssh//usr/libexec
Copying libraries for /usr/bin/scp.
        /lib64/libcrypto.so.6
        /lib64/libutil.so.1
        /usr/lib64/libz.so.1
        /lib64/libnsl.so.1
        /lib64/libcrypt.so.1
        /lib64/libresolv.so.2
        /usr/lib64/libgssapi_krb5.so.2
        /usr/lib64/libkrb5.so.3
        /usr/lib64/libk5crypto.so.3
        /lib64/libcom_err.so.2
        /usr/lib64/libnss3.so
        /lib64/libc.so.6
        /lib64/libdl.so.2
        /usr/lib64/libkrb5support.so.0
        /lib64/libkeyutils.so.1
        /usr/lib64/libnssutil3.so
        /usr/lib64/libplc4.so
        /usr/lib64/libplds4.so
        /usr/lib64/libnspr4.so
        /lib64/libpthread.so.0
        /lib64/libselinux.so.1
        /lib64/libsepol.so.1
Copying libraries for /usr/libexec/openssh/sftp-server.
        /lib64/libcrypto.so.6
        /lib64/libutil.so.1
        /usr/lib64/libz.so.1
        /lib64/libnsl.so.1
        /lib64/libcrypt.so.1
        /lib64/libresolv.so.2
        /usr/lib64/libgssapi_krb5.so.2
        /usr/lib64/libkrb5.so.3
        /usr/lib64/libk5crypto.so.3
        /lib64/libcom_err.so.2
        /usr/lib64/libnss3.so
        /lib64/libc.so.6
        /lib64/libdl.so.2
        /usr/lib64/libkrb5support.so.0
        /lib64/libkeyutils.so.1
        /usr/lib64/libnssutil3.so
        /usr/lib64/libplc4.so
        /usr/lib64/libplds4.so
        /usr/lib64/libnspr4.so
        /lib64/libpthread.so.0
        /lib64/libselinux.so.1
        /lib64/libsepol.so.1
Copying libraries for /usr/bin/rssh.
        /lib64/libc.so.6
Copying libraries for /usr/libexec/rssh_chroot_helper.
        /lib64/libc.so.6
copying name service resolution libraries...
tar: Removing leading `/' from member names
        lib/libnss_files-2.5.so
tar: /lib/libnss1_files*: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
        lib/libnss_files.so.2
Setting up /etc in the chroot jail
cp: omitting directory `/etc/ld.so.conf.d'
Chroot jail configuration completed.
NOTE: if you are not using the passwd file for authentication,
you may need to copy some of the /lib/libnss_* files into the jail.

 NOTE: you must MANUALLY edit your syslog rc script to start syslogd
with appropriate options to log to /home/testrssh//dev/log.  In most cases,
you will need to start syslog as:
    /sbin/syslogd -a /home/testrssh//dev/log
 NOTE: we make no guarantee that ANY of this will work for you... if it
doesn't, you're on your own.  Sorry!
 Note: while executing above command some files are not copied, we need to copy manually.
[root@learnadmin ~]#
[root@learnadmin ~]# cd /home/testrssh/
[root@learnadmin testrssh]# cd dev/
[root@learnadmin dev]# mknod -m 666 zero c 1 5
[root@learnadmin dev]# mknod -m 666 null c 1 3
[root@learnadmin dev]# cd ../lib
[root@learnadmin lib]# cp /lib/ld-linux.so.2 .
[root@learnadmin lib]# cp /lib/libc.so.6 .
[root@learnadmin lib]# cd ../lib64/
[root@learnadmin lib64]# cp /lib64/ld-linux-x86-64.so.2 .
[root@learnadmin lib64]# cp /lib64/libnss_* .
[root@learnadmin lib64]# cd
[root@learnadmin]# vi /etc/rssh.conf ( add the user and uncomment 2 lines)
allowscp
allowsftp
user=testrssh:011:00011:"/home/testrssh"
:wq!
[root@learnadmin ~]#
Done rssh chroot jail folder is created
-------------------------------------------------
Testing rssh login  from remote system
Login to server  from remote server
 Copy id_dsa key from Server ( user: testrssh )
[root@clientmachine test-rssh-keys]# vi id_dsa_testrssh

-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,42ED97DC52451DE9

UAh2bmigMZ5DN0KVadfR9bRrFL7l0mUMF7iCjgbqHA3wgNfPttytDmt3jJR5Mmb+
uxl0s1D1JwDvNstUgTL9fDC+TnrQXj+0YVQ7bvHPLdcyTEUm3MXNAbqv3PUoFAVa
qfLPtybOHCADOA6wH+vcJ4Mt2NM/M+fbMbcmBsrMw3fYzB2na5Zs2OoVxKLbVPEo
mKP3Eu5Eo1nC6wApQkBzO7ZJDq3x7YjxPPQJZ82j/vVVuZsGj0IFBRm1Esj8gABp
MlQfTzK0wnbbCJ2L3CqRPS7gyyKCpdQtuNYliDh8E+uXAsCjIx+rksfRJkTmKTDj
Huob0no/69che/tnBzhzQV3B6C1BrJ4CPElRVOoq2niQIy4ruku5wK9ONm3J50It
wc3uADpOgBUStavVpuUJTU4Oe8rVraUhEyBB0iOpYySGrAAfEtabwCwB0OvK+bht
1mLleTDGadms07+psexV4L66bmDY6ypu7dtcGWuFXQP5UQdOHqS7ehdEtCpuboer
BVkcrdivDHoc88cScuDOytPsFyMiHJ5fkrMLtKWQBTF3I7SiDqVBq/lKFcubZK3Q
K/PpJyasnxlcaLJLFkFibw==
-----END DSA PRIVATE KEY-----
 :wq!
 [root@ clientmachine test-rssh-keys]# chmod 600 id_dsa_testrssh
 [root@ clientmachine test-rssh-keys]# sftp -o IdentityFile=id_dsa_testrssh testrssh@sftp server
Connecting to 10.x.x.x...
Enter passphrase for key 'id_dsa_testrssh':
sftp> ls
dev    etc    lib    lib64  usr
sftp> cd /root
Couldn't canonicalise: No such file or directory
sftp> cd /tmp
Couldn't canonicalise: No such file or directory
sftp>
 rssh chroot jail folder is working.


How to parse xml tags in bash or retrieve xml tag values in linux


Consider the following example file test.xml





<header>
        <tag1>1</tag1>
        <system>test123</system>
        <cdc>230</cdc>
       
</header>

   
 


 grep -E -m 1 -o "(.*)" test.xml

This will return "test123"


if you want only the value we need to pipe it further

grep -E -m 1 -o "(.*)" test.xml | sed -e 's,.*\([^<]*\).*,\1,g'

This will return "test123"

fix failed: NT_STATUS_BAD_NETWORK_NAME"



smbclient -L 127.0.0.1 -U testuser  ( will list directories )

smbclient //127.0.0.1/Pubshare -U testuser ( will connect )

Simple gpg encryption setup

Generation of encryption keys
-----------------------------------

gpg --gen-key


gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
       = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "

Real name: learnadmin
Email address: admin@learnadmin.com
Comment: this is comment section
You selected this USER-ID:
    "learnadmin (this is comment section) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
----------------
Here give password which is used for decryption of files. ( my testpassphrase is test@123 )
----------------
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++...++++++++++++++++++++++++++++++++++++++++..+++++..+++++..++++++++++++++++++++.+++++..........+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 162 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++.+++++++++++++++..+++++.+++++.+++++++++++++++.+++++.++++++++++++++++++++.+++++++++++++++.++++++++++...+++++++++++++++....+++++++++++++++..++++++++++++++++++++>++++++++++>+++++.>.+++++........<+++++.......................................................................>+++++....................<+++++......>+++++................................................................................................................+++++^^^^
gpg: /home/username/.gnupg/trustdb.gpg: trustdb created
gpg: key 4F13D8CF marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/4F13D8CF 2014-03-10
      Key fingerprint = BB11 7A85 CC87 55D2 6F35  D34C CD32 5F04 4F13 D8CF
uid                 learnadmin (this is comment section)  
sub   2048g/5A897101 2014-03-10

------------------------
Tip for creating random key for cert generation :
Depending on your disk type
dd if=/dev/sda of=/dev/zero
(or)
dd if=/dev/hda2  of=/dev/zero
2911235+0 records in
2911234+0 records out
1490551808 bytes (1.5 GB) copied, 8.24918 seconds, 181 MB/s

The above command with take input form your disk and writes it randomly to /dev/zero

---------------------------


gpg --import Yourkey.gpg ( not required . This key need to be imported if you are using this encryption on other server or other client )

Create a file test.txt and try to encrypt and check if it is working ...!!


gpg --always-trust --encrypt --recipient "learnadmin (this is comment section) " test.txt


gpg --batch --passphrase test@123 --decrypt test.txt.gpg>test.txt


Graphite & statsd installation and Configuration

How to install Graphite and statsd
-----------------------------------

yum install   python-devel.noarch
yum install   pycairo.x86_64 Django.noarch django-tagging.noarch  python-twisted.noarch python-zope-interface.x86_64 python-zope-interface httpd memcached  python-memcached
yum install   fontconfig.x86_64 fontconfig-devel.x86_64
yum install   mod_wsgi.x86_64
yum install   python-pip.noarch

pip-python install whisper
pip-python install carbon
pip-python install graphite-web



cp /opt/graphite/conf/carbon.conf.example /opt/graphite/conf/carbon.conf
 cp /opt/graphite/conf/storage-schemas.conf.example /opt/graphite/conf/storage-schemas.conf
 cp /opt/graphite/conf/graphite.wsgi.example /opt/graphite/conf/graphite.wsgi
 cp /opt/graphite/examples/example-graphite-vhost.conf /etc/httpd/conf.d/graphite.conf
 cp /opt/graphite/webapp/graphite/local_settings.py.example /opt/graphite/webapp/graphite/local_settings.py




 python /opt/graphite/webapp/graphite/manage.py syncdb
 chown -R apache:apache /opt/graphite/storage/



wget -O /etc/init.d/carbon https://gist.github.com/raw/3652720/6978bda604c794e21165a81c6b879528d19e8bb4/carbon.init.sh
 chmod 0755 /etc/init.d/carbon
chkconfig --add carbon



 /opt/graphite/bin/carbon-cache.py start
 /etc/init.d/httpd start



yum install nodejs npm


cd /opt/graphite
git clone https://github.com/etsy/statsd.git
cd statsd
cp exampleConfig.js local.js



/etc/init.d/carbon start

/etc/init.d/memcached  start
/etc/init.d/statsd start



Configurations
--------------------
Graphite Configuration: /opt/graphite
Statsd configugration: /opt/graphite/statsd




Graphite/Statsd Logs
---------------------------

Graphite: /opt/graphite/storage/log/webapp
Statsd:  /var/log/statsd/
statsderr.log  statsd.log