Linux Archives - ITrepo Consulting

Linux user account management

Posted March 15, 2019March 15, 2019 masoudPosted in Linux

Here is some useful command for managing user accounts in Linux environment

Replace testuser with your username :

sudo useradd testuser

Set a password for new user :

sudo passwd testuser

Add the new user to a group e.g sudo group :

sudo usermod -a -G sudo testuser

Seeing group membership for your user :

sudo groups testuser

Seeing a group members e.g sudo group :

cat /etc/group | grep sudo

Remove your user from a group e.g sudo group:

sudo deluser testuser sudo

Disallow user from logging in :

sudo usermod --expiredate 1 testuser

Opposite of above for re-enabling a user and set the expiration date to never :

sudo usermod --expiredate "" testuser

For lock a user account , This prepends a ! to the password hash so that no password will match it anymore.

sudo passwd -l testuser

To unlock it :

sudo passwd -u testuser

Remove virbr0 interface from Linux

Posted December 28, 2018February 1, 2019 masoudPosted in Linux

Remove virbr0 interface from your Linux

if you like to have a clean output when you are running ifconfig and avoid having so many unused interfaces, you can read this post for remvoing virtual interfaces

of course, if you are not using any kind of virtualization, follow below steps :

First, open your shell and switch to root and then run below command :

Actually, with the first command, we are switching to root !

sudo su –
virsh net-destroy default
virsh net-undefine default
systemctl stop libvirtd.service
systemctl disable libvirtd.service
yum remove qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils

Linux

Secure your Raspberry Pi with iptables

Posted December 26, 2018January 17, 2019 masoudPosted in Linux

For securing your Raspberry Pi with iptables , if your device has Internet then securing your Raspberry Pi is a must !

First of all i got Raspberry Pi 3 and when I was checking the auth log file, i saw a lot of logins try from different IP addresses

technically what i did is just ran #sudo tail -f /var/log/auth.log

Below are the commands that you can run to configure iptables and make your Pi more secure :

# Add a log rule to see what kind of traffic we are getting

sudo iptables -t filter -A INPUT -j LOG

# sudo iptables -L -nv –line >>> just going to show us the current rules in all the chains (INPUT, FORWARD, OUTPUT) of filter table ( default )

After running this command you can go to /var/log/messages and see what kind of traffic is actually coming to your Linux box and then if its legit you can add an accept rule for it

With this method you can easily identify all the traffics like source IP address (SRC) and Destination IP (DST) also you can check the Destination port (DPT)

in the above screenshot , i have a lot of packets for SSH (DPT=22) because i am remotely connected to my Raspbery Pi , if i put a deny any any rule without opening my SSH then i’ll lose my remote connection!

so that’s why this LOG line is really useful , technically we can check it , add accept rule and when we are sure that there is no other traffic that must be allowed we then add a deny any any at the bottom of the iptables chain

Well after examining messages log file it’s obvious that we need a rule for SSH, so i am going to add the following :

# sudo iptables -t filter -I INPUT 1 -p tcp -s <SRC address from log file> –dport 22 -j ACCEPT

so basically i am working on filter table (-t filter ) which is the default table and even we can omit it from our command and then i am using (-I ) for insert the rule !

if you compare this command with the previous one, i was suing (-A) for appending the rule! since the order of the rules are important and iptables are going to check all the matches from the top to bottom

then i am going to insert the rest of rules at the top of the chain !

with (-p ) i am mentioning the protocol and (-s ) is the source IP address which you should decide from where you wanna access your Pi and then with (–dport ) i am mentioning destination port 22 for SSH

it’s up to you to add more accept rules for the legit traffic other than that there are couple of rules that i usually suggest to add in order to make sure everything is working smoothely :

# sudo iptables -t filter -I INPUT 1 -i lo -j ACCEPT >>> This is for allow loopback

# sudo iptables -t filter -I INPUT 1 -m state –state ESTABLISHED,RELATED -j ACCEPT >>> For allow all Established and related traffic

so at this stage my iptables rules are as below :

But as you can see we are not denying any traffic at the bottom of the chain we need to add a deny rule after rule 5 to block unneccassry traffic and we can easily achive this with :

# sudo iptables -t filter -A INPUT -j DROP

That’s mostly it , you can also do the same thing for other chains and remove the LOG at the end.