Prakash Sawarkar

Saturday, 22 October 2011

How to create & convert Linux File Systems Ext2, Ext3 & Ext4

ext2,ext3 and ext4 are all filesystems created for Linux.

High level difference between these filesystems.
How to create these filesystems.
How to convert from one filesystem type to another.

I converted from ext2 to ext3, ext3 to ext4 and ext2 to ext4 file systems successfully. By following this guide anyone can convert their file systems smartly, but still I like to WARN you’ll before doing this, because the following task required skilled administrative practices and make sure you must take important backup of your files before doing this. If in case something goes wrong at least you can revert to back with your backup data.
File system is divided in two segments called User Data and Metadata. In this article I am trying to explore how to create and convert various Linux file systems and high level difference amongst Ext2, Ext3 and Ext4 file systems. Before moving further readings, let me introduce a brief about Linux file systems.

Ext2:- Stands for second extended file system.
It was introduced in 1993. Developed by Rémy Card.
This was developed to overcome the limitation of the original ext file system.
Ext2 does not have journaling feature.
On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling.
Maximum individual file size can be from 16 GB to 2 TB
Overall ext2 file system size can be from 2 TB to 32 TB

Ext3:- Stands for third extended file system.
It was introduced in 2001. Developed by Stephen Tweedie.
Starting from Linux Kernel 2.4.15 ext3 was available.
The main benefit of ext3 is that it allows journaling.
Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes, the possibility of file system corruption is less because of journaling.
Maximum individual file size can be from 16 GB to 2 TB
Overall ext3 file system size can be from 2 TB to 32 TB
There are three types of journaling available in ext3 file system.
Journal – Metadata and content are saved in the journal.
Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default.
Writeback – Only metadata is saved in the journal. Metadata might be journaled either before or after the content is written to the disk.
You can convert a ext2 file system to ext3 file system directly (without backup/restore).

Ext4:- Stands for fourth extended file system.
It was introduced in 2008.
Starting from Linux Kernel 2.6.19 ext4 was available.
Supports huge individual file size and overall file system size.
Maximum individual file size can be from 16 GB to 16 TB
Overall maximum ext4 file system size is 1 EB (exabyte). 1 EB = 1024 PB (petabyte). 1 PB = 1024 TB (terabyte).
Directory can contain a maximum of 64,000 subdirectories (as opposed to 32,000 in ext3)
You can also mount an existing ext3 fs as ext4 fs (without having to upgrade it).
Several other new features are introduced in ext4: multiblock allocation, delayed allocation, journal checksum. fast fsck, etc. All you need to know is that these new features have improved the performance and reliability of the filesystem when compared to ext3.
In ext4, you also have the option of turning the journaling feature “off”.

Creating an ext2, or ext3, or ext4 filesystem

Once you’ve partitioned your hard disk using fdisk command, use mke2fs to create either ext2, ext3, or ext4 file system.

Creating Ext2 File System

# mke2fs /dev/sdXX

Creating Ext3 File System

# mke2fs –j /dev/sdXX

-j option is used for journaling.

Creating Ext4 File System

# mke2fs -t ext4 /dev/sdXX

-t option to specify the file system type.

Converting an Ext2, or Ext3, or Ext4 File Systems

If you are upgrading /dev/sda2 that is mounted as /home, from ext2 to ext3, do the following.

Converting Ext2 to Ext3

# umount /dev/sda2
# tune2fs -j /dev/sda2
# mount /dev/sda2 /home

You really don’t need to umount and mount it, as ext2 to ext3 conversion can happen on a live file system. But, I feel better doing the conversion offline.

Converting Ext3 to Ext4

# umount /dev/sda2
# tune2fs -O extents,uninit_bg,dir_index /dev/sda2
# e2fsck -pf /dev/sda2
# mount /dev/sda2 /home

-p option automatically repairs the file system.
-f option force checking file system even it seems clean.
WARNING: You cannot revert or mount back to ext3 filesystem once you run above command.

Converting Ext2 to Ext4

To convert from old ext2 to new ext4 file system with latest journaling feature. Run the following command.

# umount /dev/sdxx
# tune2fs -O dir_index,has_journal,uninit_bg /dev/sdxx
# e2fsck -pf /dev/sdXX
# mount /dev/sdxx /home

Note: all of the above commands only on a test Linux server, where you can afford to lose all your data.

Wednesday, 20 July 2011

Secure your RHEL/CentOS Server Prevent from DoS and Bruteforce (Intrusion Prevention)

Prevent from DoS and Bruteforce attack.

Bruteforce and Denial Of Service are both automated attacks that you can prevent by using tools specially made for this purpose.

Fail2ban is an open source free intrusion prevention framework developed in python programming language. Fail2ban operates by monitoring log files such as /var/log/pwdfail, /var/log/auth.log, /var/log/secure etc. and bans the IP address after too many password failure attempts. It used to update iptable firewall rules to reject the IP address for a specified amount of time.
Fail2ban is designed to ban users which fail to login correctly on your server, its main purpose is to prevent malicious users to bruteforce your password.

Before heading up for installation and configuration of Fail2Ban, I would like to tell you that most of the attackers trying to gain root access via SSH. So, I recommend you to pay close attention to things such as disable ssh root logins and use pair of ssh keys for authentication etc.

Step 1-Installing Fail2Ban in RHEL, CentOS and Fedora.
By default Fail2Ban is not available under Linux systems, so you will need to add and enable third party RPMForge repository or EPEL repository in your Linux box. Once you’ve added repository, install it using following YUM command.

# rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarc...
# rpm –import https://fedoraproject.org/static/0608B895.txt
# yum install fail2ban
Step 2- Configuring Default section for Fail2Ban.

The master Fail2Ban configuration file is located under /etc/fail2ban/jail.conf. So, open it using VI editor or any editor that you feel comfortable.
Then edit the configuration file as you wish :

# vi /etc/fail2ban/jail.conf

Now, you will see default section with some basic rules that are followed by fail2ban itself. If you want to add some extra layer of protection to your server, then you can customize the each rule section as per your needs.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
as follows :

Step 3 -Restarting Fail2Ban Service

Once you’ve made the changes to the fail2ban config file, then always make sure to restart Fail2Ban service.

# chkconfig --level 23 fail2ban on
# service fail2ban start
Starting fail2ban: [ OK ]

Step 4- DDOS Deflate

DDos Deflate automatically detects and blocks denial of service attempts. Switch to a folder where you will download the DDoS Deflate script:

# wget http://www.inetbase.com/scripts/ddos/install.sh

# chmod 0700 install.sh
# ./install.sh

A ddos.conf configuration file has been created under /usr/local/ddos/ddos.conf, have a look inside, it's commented well. A software cron job is installed and will regurlarly to the DoS checking.

# ls -l /etc/cron.d

-rw-r--r--. 1 root root 113 Jul 19 2011 0hourly
-rw-r--r--. 1 root root 74 Apr 1 12:37 ddos.cron
-rw-r--r--. 1 root root 108 Dec 6 21:41 raid-check

# /usr/local/ddos/ddos.sh --help
DDoS-Deflate version 0.6

Usage: ddos.sh [OPTIONS] [N]

N : number of tcp/udp connections (default 150)

OPTIONS:

-h | --help: Show this help screen

-c | --cron: Create cron job to run this script regularly (default 1 mins)

-k | --kill: Block the offending ip making more than N connections

Watch Failed SSH login attempts

To see the current ssh failed login attempts, run the following command it will display a list of failed attempts attempted by hosts.

# cat /var/log/secure | grep 'Failed password' | sort | uniq -c

Wednesday, 29 June 2011

How to Kill a SSH User Shell Session

As Administrator, when you do a notice that you will some of your users have idle and active ssh session. The idle ssh session could be be due to the hanged ssh session. So the question is how to remove the individual session without killing the active and genuine session.

First thing first, do
# w
You may get some information like this
18:00:35 up 143 days, 19:57, 3 user, load average: 0.03, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user1 pts/31 :24.0 08Oct11 22days 0.05s 0.05s -bash
user2 pts/24 :30 02Jan11 2days 0.66s 0.66s -bash
user3 pts/55 :17 12Nov10 59days 0.01s 0.01s -bash
To get process id (PID) of the idle session, do the command
# ps -aux | grep 'pts/31'
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root 33541 0.0 0.0 61172 776 pts/1 S+ 00:41 0:00 grep pts/31
523 33678 0.0 0.0 64188 1516 pts/31 Ss+ 2012 0:00 -bash
Kill the Process
# kill -9 33678
The idle ssh session has been removed. You can verify with the command "w"

Friday, 17 June 2011

25 Facts About GNU/Linux

Linux is a land of excavation, the more you excavate the more you find treasure lies within it. This article tries to uncover some of the lesser known facts about Linux. To keep things simple, easy to read, easy to remember and easy to refer this article will be presented in point-wise fashion.

1. Linux is not an OS, but it is the kernel, GNU Linux is the OS and it comes in several hundred flavours.
2. Linux Kernel was written by a 21 year finnish college student as a part of his hobby. Yup! His name is Linus Torvalds.
3. Torvalds created Linux based on GNU General Public License (GPL). Perhaps Torvalds would have never written his own kernel if GPL would be having it’s own kernel and driver.
4. Major part of today’s Linux kernel is written in C programming language and assembly language and only 2% of today’s kernel contains code written by Torvalds.
5. A Standard Linux Kernel of today has over 10 Million lines of code and it grows at the rate of 10% every year. About 4500 lines of codes are added and 1500 lines of code are changed everyday. Initially in 1991, Linux kernel version 0.01 was released with 10239 lines of code.
6. A guy named William Della Croce Jr. registered the name Linux and demanded royalty for using its name and mark. However he agreed to handover the trademark to Linus, later.
7. The Linux kernel’s official mascot is a penguin named Tux, abbreviation of tuxedo. The idea that Linux had a pet penguin comes from Linus Torvalds himself.
8. The first commercial distribution of GNU / Linux was Yggdrasil (http://en.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X) and was launched in CD format in 1992. Red Hat was one of the first distributions to settle within companies and data centers in 1999.
9. Debian was one of the first GNU / Linux that was constituted and organized as a community of developers. Debian v. 4.0′s source code contains 283 million lines of code, $7.37 billion: projected cost to produce that amount of code in a commercial environment. Debian’s code base remains the foundation for other distros such as Ubuntu, Knoppix and Xandros.
10. 90% of the world’s most powerful supercomputers are using GNU/Linux. Top ten of supercomputers use Linux. 33.8% of the world runs on Linux servers compared to 7.3% running Microsoft Windows operating system.
11. Linux Torvalds has been honoured by naming an astroid after his name.
12. There are over 300 distributions GNU / Linux activities ranging from the well known Debian or Fedora distributions through governmental or educational level. And this list seems to grow with regional and personal distros being added frequently.
13. OK, Now the area of application of Linux – U.S. Department of Defense, U.S. Navy Submarine Fleet, Federal Aviation Administration, Tamil Nadu for education purpose, Japan’s bullet trains, traffic control of San Francisco, the New York Stock Exchange, CERN, many air traffic control systems or control of nuclear reactors of submarines and ships, Russia, Brazil and Venezuela for interoperable management , cost efficient and technologically independence, Google, Cisco, Facebook, Twitter, Linked in, Toyota, TiVo, etc, server hosting the website of the White House (Drupal), federal government of Brazil favours Linux operating systems over all others in its PCs. Is Not Linux kernel the most widely ported operating system, running on a great variety of operating systems.
14. For those who think Linux can’t do Animation – Oscar-winning visual effects of the Titanic by James Cameron came from machines with Linux and Avatar was the last movie completely developed in 3D Applications on Linux platform using Foss Software. Exclaimed!
15. Believe it or not – In 2002, Microsoft had accumulated a $ 421 million cost of fighting the spread of Linux, according to The Register.
16. According to a study funded by the European Union, the estimated cost to redevelop the most recent kernel versions would be at $1.14 billion USD – Amazed.
17. Microsoft Windows and the Linux kernel can run simultaneously in parallel on the same machine using a software called Cooperative Linux (coLinux).
18. IBM choose Linux for what is expected to be the world’s most powerful supercomputer, Sequoia, due in 2011.
19. An unmodified version of the Linux kernel is called – ''Vanilla Kernel''
20. Last year, 75% of Linux code was developed by programmers working for corporations. GOOGLE has contributed about 1.1% of the code in the current Linux kernel.
21. Linux has a strong following in Smart Phones – Palm’s WebOS, Google’s Android and Nokia’s Maemo smart phone operating systems are built on top of the Linux kernel.
22. Android’s Operating System is based off of Linux. The operating system is primarily based off of Linux kernel and Google has made several changes to make it go above and beyond the original basis of Linux kernel. The first Android Smart phone was launched by HTC! Though Samsung has captured much of the Android smart phone sector with its Galaxy series of devices.
23. Google names the code names of Android versions in alphabetical order. These names are not random but names of desserts. Can you guess the next versions of Android now? Android 5.0 K………..?!, Android 6.0 L………….?!!
24. Android mascot was stolen! Google didn’t originally create that mascot. The mascot was adopted from a character named Android! from a game called Gauntlet.
25. As of January 2010, Linux still only has a 1.02% market share within desktops.
This is not the end. You could tell us any other interesting fact about this wonderful project, if you know. Nevertheless you comments are highly appreciated. I will be coming with another article, very soon which you will love to read. Stay Tuned.

Saturday, 19 February 2011

Backup for /etc/passwd , /etc/group , /etc/shadow

/etc/passwd /etc/group /etc/shadow are very essential file systems for Linux. You should not be surprised that linux does do a backup of the /etc/passwd /etc/group /etc/shadow. They are represented by

# /etc/passwd-
# /etc/group-
# /etc/shadow-

So in case your any of your /etc/passwd /etc/group /etc/shadow are corrupted, just do a copy and replace

Note: listed with the appropriate access permissions
File:    Owner:  Group: Permissions:
/etc/passwd    root   root   rw- r-- r--
/etc/group root   root   rw- r-- r--
/etc/shadow root   root   rw- --- ---