Network Administrator

chown -R ../

I needed to configure an SFTP server on a Fedora 8 Core server. To Keep things simple I choose SFTP over VSFTP as I was already running the SSH Daemon for server management.

So if you dont already have the SSH Daemon installed, open a terminal session as root and type

Yum install ssh*

Select Yes to download and install

type cd /etc/ssh

type vi sshd_config and make sure the config is similar to the one below

#####SSHD_Config######

# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don’t trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don’t read the user’s ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to ‘yes’ to enable support for the deprecated ‘gssapi’ authentication
# mechanism to OpenSSH 3.8p1. The newer ‘gssapi-with-mic’ mechanism is included
# in this release. The use of ‘gssapi’ is deprecated due to the presence of
# potential man-in-the-middle attacks, which ‘gssapi-with-mic’ is not susceptible to.
#GSSAPIEnableMITMAttack no

# Set this to ‘yes’ to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of “PermitRootLogin without-password”.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to ‘no’.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

type Esc :wq and enter to close out of the vi editor and save changes

Restart the SSH Daemon by typing service sshd restart

If you have any trouble connecting, you can install Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/

After installing putty, open a windows command window, browse to C:\Program Files (x86)\PuTTY>psftp -v (internal or external server IP address)

I did see a difference between Fedora and Open SuSE with this line in sshd_config, just make sure the path to sftp-server is correct. If your unsure where sftp-server is you can always run a search as find -name ‘ftp-server*’ or something like that.

Subsystem sftp /usr/libexec/openssh/sftp-server

If you have inheirted  an system or simply lost SU password in most cases you can reset the password. Remember phyiscal access is root or administrator access….

Open SuSE

If using CD/DVD boot media, You need to choose Rescue System

mount -o remount,rw /dev/sda2 /mnt

# cd /mnt
# chroot /mnt
# passwd (new password)

Reboot

As an alternative to more costly software monitoring  solutions this is free, Nagios provides the means to monitor windows and linux servers and other equipment such as

• Monitoring Windows machines
• Monitoring Linux/Unix machines
• Monitoring Netware servers
• Monitoring routers/switches
• Monitoring network printers
• Monitoring publicly available services (HTTP, FTP, SSH, etc.)

To keeps things simple I chose to install Nagios on Open SuSE 11.2 http://software.opensuse.org/112/en. Just go through a typical install, make sure that you install apache2 or httpd (Fedora) and C/C++ development libraries. Also I like to change the default run level from 5 to 3 so that you can put the memory toward the server and not toward the GUI interface. I would also recommend enabling SSH to manager the server.  For the most part you will be modifying conf files and managing the server from http://nagios_server_IP/nagios. Once you have your monitoring server operating system built in my case I chose OpenSuSE, follow these simple steps….

As a quick note, step 1, I had an issue with these commands…..
/usr/sbin/usermod -a -G nagcmd nagios

/usr/sbin/usermod -a -G nagcmd wwwrun

so, instead I used….

/usr/sbin/usermod  -G nagcmd nagios
/usr/sbin/usermod  -G nagcmd wwwrun

 Also one more note, after two installs the status map has not worked. I am running OpenSuSE, to fix this problem I did the following.

Make sure these packages are installed.

http://nagios.sourceforge.net/docs/3_0/quickstart-opensuse.html

http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

http://nagios.sourceforge.net/docs/3_0/quickstart-ubuntu.html

Debian/ubuntu

apt-get install

libgd

libgd-devel

libpng

libpng-devel

libjpeg

libjpeg-devel

zlib

zlib-devel

Fedora /centos/RHEL/opensuse

Use  yum install Or yast2 -i

gd

gd-devel

png

png-devel

jpeg

jpeg-devel

zlib

zlib-devel

While in the Nagios directory run the following commands. IF YOU ARE RUNNING RUNNING THESE COMMANDS ON AN EXISTING INSTALL YOU WILL LOSE DATA, SO PLEASE MAKE A COPY OF YOU CONFIG FILES.

http://clonezilla.org/

What is Clonezilla ?

You’re probably familiar with the popular proprietary commercial package Norton Ghost®, and its OpenSource counterpart, Partition Image. The problem with these software packages is that it takes a lot of time to massively clone systems to many computers. You’ve probably also heard of Symantec’s solution to this problem, Symantec Ghost Corporate Edition® with multicasting. Well, now there is an OpenSource clone system (OCS) solution called Clonezilla with unicasting and multicasting!

Clonezilla, based on DRBL, Partition Image, ntfsclone, partclone, and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency. At the NCHC’s Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!

Features of Clonezilla

• Free (GPL) Software.
• Filesystem supported: ext2, ext3, ext4, reiserfs, xfs, jfs of GNU/Linux, FAT, NTFS of MS Windows, and HFS+ of Mac OS. Therefore you can clone GNU/Linux, MS windows and Intel-based Mac OS, no matter it’s 32-bit (x86) or 64-bit (x86-64) OS. For these file systems, only used blocks in partition are saved and restored. For unsupported file system, sector-to-sector copy is done by dd in Clonezilla.
• LVM2 (LVM version 1 is not) under GNU/Linux is supported.
• Multicast is supported in Clonezilla SE, which is suitable for massively clone. You can also remotely use it to save or restore a bunch of computers if PXE and Wake-on-LAN are supported in your clients.
• Based on Partimage, ntfsclone, partclone, and dd to clone partition. However, clonezilla, containing some other programs, can save and restore not only partitions, but also a whole disk.
• By using another free software drbl-winroll, which is also developed by us, the hostname, group, and SID of cloned MS windows machine can be automatically changed.

Which Clonezilla Shall I Use ?

• Clonezilla Live: Clonezilla live allows you to use CD/DVD or USB flash drive to boot and run clonezilla (Unicast only)
• Clonezilla SE: Clonezilla SE is included in DRBL, therefore a DRBL server must first be set up in order to use Clonezilla to do massively clone (unicast, broadcast and multicast are supported)

http://posters.msug.vn.ua/default.aspx

https://help.ubuntu.com/community/CrackingWEP

http://unixwiz.net/techtips/recovering-failed-raid.html

http://brajeshwar.com/2008/top-free-linux-online-courses/

ReactOS is a free, modern operating system based on the design of Windows XP/2003. Written completely from scratch, it aims to follow the Windows® architecture designed by Microsoft from the hardware level right through to the application level. This is not a Linux based system, and shares none of the unix architecture.

http://www.reactos.org/en/index.html