Monday, June 29, 2015

Firewall for Remote Desktop in Windows

Windows firewall (IP restriction) for Remote Desktop Clients

I allowed Remote Desktop to my Windows PC and I need to restrict(allow/deny) specific IP addressed to connect my PC via Remote Desktop.

Here I added some screenshots that will help to do this job.

Saturday, June 27, 2015

Google Authenticator for CentOS / Redhat / Fedora

Google Authenticator for CentOS / Redhat/ Fedora
First, I would recommend installing NTP (Network Time Protocol) to ensure the server's time is synchronized because Google Authenticator uses time-based codes/tokens that will fail if server time is not correct. Check if NTP is already running
root# pgrep ntpd
if not installed then install and config NTP
root# yum install ntp
root# chkconfig ntpd on
root# ntpdate
root# service ntpd start

*** Install prerequisites:
yum install make gcc pam-devel

*** Install from Yum Repository ( only an old version of libpam-google-authenticator is available in the EPEL package repository)

root# yum install google-authenticator

*** Installing the EPEL repo (for CentOS 6):
# cd /tmp
# wget
# wget
# rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

root# yum --enablerepo=epel install google-authenticator

OR... download and install libpam-google-authenticator from source
root# cd /tmp
# wget
# bunzip2 libpam-google-authenticator-1.0-source.tar.bz2
# tar xf libpam-google-authenticator-1.0-source.tar
# cd libpam-google-authenticator-1.0
# make
# make install

*** Switch to the user you want to setup Google 2-step verification for:

su tayab

[root@webmin1 ~]# su tayab

[tayab@webmin1 root]$ google-authenticator|0&cht=qr&chl=otpauth://totp/
Your new secret key is: F6T7HZLEGMQBHSB2
Your verification code is 183935
Your emergency scratch codes are:

Do you want me to update your "~/.google_authenticator" file (y/n) y

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y

By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) y

If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y

[tayab@webmin1 root]$

[tayab@webmin1 root]$  exit

*** Goto pam-ssh and add this line  Top of the file

[root@webmin1 ~]# vi /etc/pam.d/ssh

# google authenticator
auth required

*** Goto sshd_config file and  modify 'no' to 'yes'
[root@webmin1 ~]# vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

*** Restart SSH service
[root@webmin1 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
[root@webmin1 ~]#

*** now login via ssh .. you have to enter google-authenticator code and then password to login..

*** copy your link and browse via any browser:|0&cht=qr&chl=otpauth://totp/

This will show a Barcode..

*** Open your Android Mobile

Download android apps from google play
1) Google Authenticator
2) Barcode Scanner

Open  Barcode Scanner and Scan this barcode from browser

This will give a code ..

Give this code when you login via ssh and then ssh will ask users password

** Skip Google Authenticator Authentication if Logging in from the Local Network

You may trust systems on you local network enough not not require that SSH connections from them use Google Authenticator. If so, modify /etc/pam.d/sshd so that it looks like this:

auth [success=1 default=ignore] accessfile=/etc/security/access-local.conf
auth       required
Then add the file /etc/security/access-local.conf with the contents:

# Google Authenticator can be skipped on local network
+ : ALL :
- : ALL : ALL

Vi Editor (bangla) Details

Vi Editor Details

Monday, June 15, 2015

RAID LVM by Linux CentOS

RAID LVM by Linux CentOS



One Logical Volume is created named as myvol under vo volume group and is mounted. The Initial Size of that Logical Volume is 124MB. Make successfully that the size of Logical Volume 245MB without losing any data. The size of logical volume 240MB to 255MB will be acceptable.

Answer and Explanation:
1. First check the size of Logical Volume: lvdisplay /dev/vo/myvol
2. Increase the Size of Logical Volume: lvextend -L+121M /dev/vo/myvol
3. Make Available the size on online: resize2fs /dev/vo/myvol
4. Verify the Size of Logical Volume: lvdisplay /dev/vo/myvol
5. Verify that the size comes in online or not: df -h

We can extend the size of logical Volume using the lvextend command. As well as to decrease the
size of Logical Volume or lvreduce -L-100M /dev/vo/myvol to reduce , use the lvresize command. In LVM v2 we can extend the size of Logical
Volume without unmount as well as we can bring the actual size of Logical Volume on online using
ext2online command.

One Logical Volume named lv1 is created under vg0. The Initial Size of that Logical Volume is 100MB. Now you required the size 500MB. Make successfully the size of that Logical Volume 500M without losing any data. As well as size should be increased online.

Answer and Explanation:
1. Verify the size of Logical Volume: lvdisplay /dev/vg0/lv1
2. Verify the Size on mounted directory: df -h or df -h mounted directory name
3. Use : lvextend -L+400M /dev/vg0/lv1
4. resize2fs /dev/vg0/lv1 à to bring extended size online.
5. Again Verify using lvdisplay and df -h command.

The LVM system organizes hard disks into Logical Volume (LV) groups. Essentially, physical hard
disk partitions (or possibly RAID arrays) are set up in a bunch of equal-sized chunks known as
Physical Extents (PE). As there are several other concepts associated with the LVM system, let's
start with some basic definitions:
* Physical Volume (PV) is the standard partition that you add to the LVM mix. Normally, a physical
volume is a standard primary or logical partition. It can also be a RAID array.
* Physical Extent (PE) is a chunk of disk space. Every PV is divided into a number of equal sized
PEs. Every PE in a LV group is the same size. Different LV groups can have different sized PEs.
* Logical Extent (LE) is also a chunk of disk space. Every LE is mapped to a specific PE.
* Logical Volume (LV) is composed of a group of LEs. You can mount a filesystem such as /home
and /var on an LV.
* Volume Group (VG) is composed of a group of LVs. It is the organizational group for LVM. Most
of the commands that you'll use apply to a specific VG.