Como habilitar o acesso a SSH com root no Ubuntu 16.04

Olá amigos, satisfação em escrever novamente para vocês.

A dica de hoje é recomendada para ambientes de testes ou caso extremos de acesso direto com root. Pois querendo ou não isso é uma falha de segurança para seu servidor. Recentemente tive uma demanda entre dois servidores linux Ubuntu, aonde um script de automação que estava sendo executado pelo Jenkins precisava de acesso root ao ssh remoto.

Com isso o Ubuntu 16.04 bloqueia o acesso direto ao root, porem abaixo veremos como mudar essa configuração.

Nota: Certifique-se de ter o serviço openssh-server instalado,  caso não tenha o comando está abaixo para instalar:

sudo apt-get install openssh-server

Abrir o arquivo de configuração do SSH para realizar as alterações:

vim /etc/ssh/sshd_config

Procurar pela linha abaixo para realizar a alteração:

PermitRootLogin prohibit-password

E alterara a linha PermitRootLogin prohibit-password  para a linha abaixo:

PermitRootLogin yes

Também existe a possibilidade de rodar um comando que executa a mesma operação acima, segue abaixo:

sudo sed -i 's/prohibit-password/yes/' /etc/ssh/sshd_config

Apos isso apenas precisamos reiniciar o serviço do SSH com o comando abaixo:

sudo service ssh restart

Simples né? Qualquer problema ou duvida nos avisem.

Obrigado e até a próxima.

Continue Reading

Instalando PowerShell no Ubuntu 16.04

Olá amigos, satisfação em escrever novamente para vocês.

Hoje trago uma situação bem diferente, recentemente me deparei com um problema aonde precisava fazer um servidor linux  se conectar em uma maquina Windows.

A solução que adotei foi: Instalar o PoweShell no Ubuntu, e através dele fazer a conexão com a outra estação.

O PowerShell também está disponível para o Ubuntu 14.04, CentOS 7, Mac OS X e Docker

Segue abaixo o procedimento:

O pacote PowerShell depende de dois outros pacotes: libunwind8 e libicu55. Você pode instalá-los com o apt-get:

sudo apt-get install libunwind8 libicu55

O PowerShell ainda não está disponível nos repositórios do Ubuntu. Assim, você precisa baixar o pacote do PowerShell manualmente no GitHub.

wget https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.9/powershell_6.0.0-alpha.9-1ubuntu1.16.04.1_amd64.deb

Agora você está pronto para instalar o pacote do PowerShell:

sudo dpkg -i powershell_6.0.0-alpha.9-1ubuntu1.16.04.1_amd64.deb

 

Processo Finalizado:

Para iniciar o PowerShell, basta digitar “powershell” e você pode executar os comandos do PowerShell.

O procedimento é bem simples, qualquer duvida estou a disposição.

Continue Reading

How to Block Ping (ICMP) Responses in Linux System

Blocking ping responses from system can prevent system from hackers to ICMP flood dos attacks. So it can be a best practice for system security but most of online monitoring systems uses ping requests for monitoring system.
Disable Ping using iptables

You can simply block icmp responses directly from firewall in any Linux systems.

# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

Block Ping with Kernel Parameter

We can also block ping responses from system by directly updating kernel parameters. In this we can block ping responses temporarily or permanently as below.

Block Ping Temporarily

You can block temporarily block ping responses temporarily using following command

# echo "1" >  /proc/sys/net/ipv4/icmp_echo_ignore_all

Block Ping Permanently

In place of blocking ping temporarily, You can block it permanently by adding following parameter in /etc/sysctl.conf configuration file.

net.ipv4.icmp_echo_ignore_all = 1

Now execute following command to apply settings immediately without rebooting system.

# sysctl -p
Continue Reading

Install Cacti (Monitoring tool) on ubuntu 15.04 / 15.10 server.

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Features Graphs

Unlimited number of graph items can be defined for each graph optionally utilizing CDEFs or data sources from within cacti.
Automatic grouping of GPRINT graph items to AREA, STACK, and LINE[1-3] to allow for quick re-sequencing of graph items.
Auto-Padding support to make sure graph legend text lines up.
Graph data can be manipulated using the CDEF math functions built into RRDTool. These CDEF functions can be defined in cacti and can be used globally on each graph.
Support for all of RRDTool’s graph item types including AREA, STACK, LINE[1-3], GPRINT, COMMENT, VRULE, and HRULE.

Data Sources

Data sources can be created that utilize RRDTool’s “create” and “update” functions. Each data source can be used to gather local or remote data and placed on a graph.
Supports RRD files with more than one data source and can use an RRD file stored anywhere on the local file system.
Round robin archive (RRA) settings can be customized giving the user the ability to gather data on non-standard timespans while store varying amounts of data.

Data Gathering

Contains a “data input” mechanism which allows users to define custom scripts that can be used to gather data. Each script can contain arguments that must be entered for each data source created using the script (such as an IP address).
Built in SNMP support that can use php-snmp, ucd-snmp, or net-snmp.
Ability to retrieve data using SNMP or a script with an index. An example of this would be populating a list with IP interfaces or mounted partitions on a server. Integration with graph templates can be defined to enable one click graph creation for hosts.
A PHP-based poller is provided to execute scripts, retrieve SNMP data, and update your RRD files.

Templates

Graph templates enable common graphs to be grouped together by templating. Every field for a normal graph can be templated or specified on a per-graph basis.
Data source templates enable common data source types to be grouped together by templating. Every field for a normal data source can be templated or specified on a per-data source basis.
Host templates are a group of graph and data source templates that allow you to define common host types. Upon the creation of a host, it will automatically take on the properties of its template.

Graph Display

The tree view allows users to create “graph hierarchies” and place graphs on the tree. This is an easy way to manage/organize a large number of graphs.
The list view lists the title of each graph in one large list which links the user to the actual graph.
The preview view displays all of the graphs in one large list format. This is similar to the default view for the 14all cgi script for RRDTool/MRTG.

User Management

User based management allows administrators to create users and assign different levels of permissions to the cacti interface.
Permissions can be specified per-graph for each user, making cacti suitable for co location situations.
Each user can keep their own graph settings for varying viewing preferences.

Preparing your system

Before installing cacti you need to make sure you have installed Ubuntu 15.04 LAMP server.

Install Cacti on ubuntu 15.04 / 15.10 server

Open the terminal and run the following command

sudo apt-get install cacti-spine

The above command starts the cacti installation and you should see the first as php path change select ok and press enter

1

Now select the webserver you want to use (in my case it is apache2)

2

Cacti database configurations select yes

3

Enter database admin user password

4

Mysql application password for cacti

5

confirm the password

6

Now that Cacti is installed, we can start the configuration process on it.

Configuring cacti

Point your web browser towards http://YOURSERVERIP/cacti/install/ to start the initial setup and click next

7

Select new install option and click next

8

In the following screen you need to make sure you have all the required paths are correct and click on finish

9

Now login to Cacti with the default admin/admin, and change the password to something more sensible

10

After login in to Cacti you should see similar to the following screen

12

 

That is all!

Continue Reading