Hack the permissions in Linux

Many of you reached here because of the term ‘Hack’. Sorry to say, I have to disappoint you(or may not be!). Here I am just discussing about how the Linux permissions work and not anything about hacking the system in a way script kiddies think. I am just mentioning few things about how the permissions are actually working and how it can lead to unwanted results if you are not sure what you are doing. I have put some commands below and for a Linux guy, it is enough and you will get an idea what I am talking about :

root@ubuntu:~# mkdir /root/test
root@ubuntu:~# ls -ld /root/test/
drwxr-xr-x 2 root root 4096 Mar 1 15:27 /root/test/
root@ubuntu:~# useradd tom
root@ubuntu:~# cat /etc/passwd|grep tom
tom:x:1001:1001::/home/tom:
root@ubuntu:~# chown -R tom:tom /root/test/
root@ubuntu:~# ls -ld /root/test/
drwxr-xr-x 2 tom tom 4096 Mar 1 15:27 /root/test/
root@ubuntu:~# userdel tom
root@ubuntu:~# ls -ld /root/test/
drwxr-xr-x 2 1001 1001 4096 Mar 1 15:27 /root/test/
root@ubuntu:~# useradd jerry
root@ubuntu:~# cat /etc/passwd|grep jerry
jerry:x:1001:1001::/home/jerry:
root@ubuntu:~# ls -ld /root/test/
drwxr-xr-x 2 jerry jerry 4096 Mar 1 15:27 /root/test/

See how the user jerry got access to tom’s files. It was caused by the same uid both were having. So if you are dealing with a large number of users, never simply delete the user. Just disable the user or change all the permission of the user to something more suitable before removing the user.

Enjoy :)

“This page includes other resources which are not secure.” || “The connection to this website is not fully secure because it contains unencrypted elements(such as images) or the encryption is not strong enough”

“This page includes other resources which are not secure.”

“The connection to this website is not fully secure because it contains unencrypted elements(such as images) or the encryption is not strong enough”

You might have noticed these warnings in your browsers even though you installed your SSL certificates correctly and wondering what is the next step to do. The answer is just replace the http links with https in your websites. Yes, you should find out all the insecure calls(http) to images,videos,css,javascript and replace it with https. It is a hair pulling job to find out these links manually and replace them correctly. But I can definitely help you to find out the http links.

Try the below things.

1. https://www.whynopadlock.com

Just give your website link in this website and check. It will list all the insecure URLs in your website.

In some cases, I have noted that the SSL warning comes only after you login, In that case, you cant use my first suggestion and you can use the chrome console as mentioned below

2. Using Chrome console

Load the site in google chrome -> Press F12 -> Select Console.
You can see the warning in red color that the mixed content should be replaced. Once you replace all those http links with https, your site should load fine.

Hope this helps :)

Integrate Linux machine with AD

I am using a software named ‘PowerBroker Identity Services’ to integrate my ubuntu machine with the AD.
First of all, download the corresponding package from the site :
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True&elq=a6018f25fe3d4379bbaa12d15e18325e&elqCampaignId

In my case, it was debian and the download link is as below
http://download.beyondtrust.com/PBISO/8.2.2/linux.deb.x64/pbis-open-8.2.2.2993.linux.x86_64.deb.sh

mkdir /root/theG;cd /root/theG
wget http://download.beyondtrust.com/PBISO/8.2.2/linux.deb.x64/pbis-open-8.2.2.2993.linux.x86_64.deb.sh
chmod +x pbis-open-*
./pbis-open-*

Restart the machine

To join domain, give the below command :

domainjoin-cli join DOMAIN.COM adminusername

Once it shows as success, Restart the machine and you can check the status using the below commands :

getent passwd
getent group

You can login to the machine as below :
DOMAIN\user.name
Password

If you want to allow all the members of a particular group to have full permission, allow it as :

%group^name ALL=(ALL) ALL

Thanks :)

Run a script at boot time in CentOS 7

By default /etc/rc.local and /etc/rc.d/rc.local are no longer executable in CentOS7 with the new systemd-changes. Follow the below steps to make the script /root/g.sh run at boot time:

1. chmod +x /etc/rc.d/rc.local
2. chmod +x /root/g.sh
2. Mention your script at the bottom of the file /etc/rc.local (/etc/rc.local is a symlink to /etc/rc.d/rc.local)as below :

sh /root/g.sh

Restart and check :)

Ubuntu keeps resetting the Laptop brightness

Atleast some of you might have noticed that Ubuntu keeps resetting the brightness level of our laptops whenever we reboot. I have found a simple solution that could atleast help you to start with a particular brightness level each time you restart. The solution is as follows:

1. First set your brightness level to the desired one and see the actual value

gopu@goputec:~$ cat /sys/class/backlight/intel_backlight/brightness
247

2. Add this value to the bottom of rc.local file (above ‘exit 0’) so that each time Ubuntu start, it will set the brightness to the value we specified in the same config file:

gopu@goputec:~$ cat /etc/rc.local 
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
echo 247 > /sys/class/backlight/intel_backlight/brightness
exit 0

3.Test yourself restarting the laptop.

Enjoy :)

Loadbalancing apache webservers using haproxy

Here I am discussing about setting up a loadbalancer using haproxy to load balance two apache

web servers.

ubuntu1 : 192.168.56.101
ubuntu2 : 192.168.56.102
ubuntu2 : 192.168.56.103

I have setup the first two servers as loadbalancer and installed haproxy on the third one. You

can use

tasksel

to setup the lamp servers easily.

To install haproxy on ubuntu3:

apt-get install haproxy

To start the haproxy at boot time, set ENABLED=1 in /etc/default/haproxy

Configuration :

1. Backup the existing configuration file

cp -pr /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk

2. Edit the haproxy.cfg as below :

root@ubuntu3:~# more /etc/haproxy/haproxy.cfg

global
    log 127.0.0.1 local0 notice
    maxconn 2000
    user haproxy
    group haproxy

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option redispatch
    timeout connect  5000
    timeout client  10000
    timeout server  10000


listen appname 0.0.0.0:80
    mode http
    stats enable
    stats uri /haproxy?stats
    stats realm Strictly\ Private
    stats auth Myusername1:mypassword1
    stats auth myusername2:mypassword2
    balance roundrobin
    option httpclose
    option forwardfor
    server ubuntu1 192.168.56.101:80 check
    server ubuntu2 192.168.56.102:80 check

where,
log defines syslog server where the logs should be sent to
maxconn defines the max connection loadbalancer can accept
retries specifies the max number of connection try on a back-end server
timeout connect specifies the max time LB wait for an connection to succeed
option redispatch enables session redistribution
timeout client and server specifies the send and ack time during tcp handshake process.

You can see the haproxy status through the link http://loadbalancer_ip/haproxy?stats
which we have set in uri section. The username/password that can be used is set in the next two
lines. Both of them will work.
In my case the link is

http://192.168.56.103/haproxy?stats

proxy_status

You can use different algorithm for the loadbalancing. Here we are using roundrobin. options

available are static-rr,leastconn,source,uri,url_param etc

ubuntu1 and ubuntu2 are the backend webservers we are forwarding the traffic to

Once the configurations are done, restart the services

service haproxy restart

Testing:

Create a file test.php with the web-server name as content in both the lamp servers.
Try to access the loadbalancer IP from browser and you can see the content are just changing
continuously each time you access via the browser.

To troubleshoot, check the log file : /var/log/haproxy.log

Whenever a host is not available, you can see logs similar to below :

Feb 24 16:23:31 localhost haproxy[2400]: Server appname/ubuntu2 is DOWN, reason: Layer4 

connection problem, info: "Connection refused", check duration: 1ms. 1 active and 0 backup 

servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

and when it come back online :

Feb 24 16:23:31 localhost haproxy[2400]: Server appname/ubuntu2 is DOWN, reason: Layer4 

connection problem, info: "Connection refused", check duration: 1ms. 1 active and 0 backup 

servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

Thanks :)

Got packet bigger than ‘max_allowed_packet’ bytes when dumping table

You may get the error mentioned as the post heading while you backup using some automatic backup tools such as MySQL ZRM or mysqldump.Sometimes you will see that the even though adding the

max_allowed_packet='N'

entry in the MySQL server my.cnf file. The reason behind this is, you have to add the ‘max_allowed_packet’ entry in the client side as well. The default value for ‘max_allowed_packet’ at server is 1M and at the client is 16MB. The largest value for ‘max_allowed_packet’ value at client or server is 1G. Add the value appropriate for your situation and your backup should work well.

Enjoy :)