in /etc/vsftpd/vsftpd.conf
more over we need to specify the list of
users which are to be chroot-ed,
in a file specified by

chroot_list_file.

If chroot_list_file=/etc/vsftpd/chroot_users

then we need to enter the users’ names in /etc/vsftpd/chroot_users.
Restart the ftp server and login as those users.
Check whether they CD to other
directories. Theres an additional syntax in vsftpd.conf
which just reverse the default configuration just like
userlist_deny=NO does for access rights.
If, chroot_local_user=YES,
then users who are NOT listed in /etc/vsftpd/chroot_users would only be chrooted.

1. Use different open source projects like Linux, Solaris, Firefox, Filezilla, Apache HTTP Server, Gaim, and others.

2. Look for a place to contribute. This means not only programming, but also documentation, theme design, art work, or architectural design.

3. Note that each project has its own distinct methods for communication and submitting contributions.

4. Join the mailing list. This is highly recommended because you will never feel that you are left behind. You can also get feedback on patches and contributions.

5. Respect and maintain discussions.

6. Encourage contributions.

7. Start small by reporting and fixing bugs.

8. Submitting small patches containing bug fixes.

9. Respond and send feedback.

10. If you really want to help but don’t have the experience or the know-how, DONATE! By giving a few dollars to help out open source developers, you can help them get the tools they need to build better programs.

Also read, http://www.kegel.com/academy/opensource.html

Connect to me on Facebook

To understand the benefit of mandatory access control (MAC) over traditional discretionary access control (DAC), you need to first understand the limitations of DAC.

Under DAC, ownership of a file object provides potentially crippling or risky control over the object. A user can expose a file or directory to a security or confidentiality breach with a misconfigured chmod command and an unexpected propagation of access rights. A process started by that user, such as a CGI script, can do anything it wants to the files owned by the user. A compromised Apache HTTP server can perform any operation on files in the Web group. Malicious or broken software can have root-level access to the entire system, either by running as a root process or using setuid or setgid.

Under DAC, there are really only two major categories of users, administrators and non-administrators. In order for services and programs to run with any level of elevated privilege, the choices are few and course grained, and typically resolve to just giving full administrator access. Solutions such as ACLs (access control lists) can provide some additional security for allowing non-administrators expanded privileges, but for the most part a root account has complete discretion over the file system.

A MAC or non-discretionary access control framework allows you to define permissions for how all processes (called subjects) interact with other parts of the system such as files, devices, sockets, ports, and other processes (called objects in SELinux). This is done through an administratively-defined security policy over all processes and objects. These processes and objects are controlled through the kernel, and security decisions are made on all available information rather than just user identity. With this model, a process can be granted just the permissions it needs to be functional. This follows the principle of least privilege. Under MAC, for example, users who have exposed their data using chmod are protected by the fact that their data is a kind only associated with user home directories, and confined processes cannot touch those files without permission and purpose written into the policy.

SELinux is implemented in the Linux kernel using the LSM (Linux Security Modules) framework.

Type Enforcement involves defining a type for every subject, that is, process, and object on the system. These types are defined by the SELinux policy and are contained in security labels on the files themselves, stored in the extended attributes (xattrs) of the file. When a type is associated with a processes, the type is called a domain, as in, “httpd is in the domain of httpd_t.” This is a terminology difference leftover from other models when domains and types were handled separately.

All interactions between subjects and objects are disallowed by default on an SELinux system. The policy specifically allows certain operations. To know what to allow, TE uses a matrix of domains and object types derived from the policy. The matrix is derived from the policy rules. For example, allow httpd_t net_conf_t:file { read getattr lock ioctl }; gives the domain associated with httpd the permissions to read data out of specific network configuration files such as/etc/resolv.conf. The matrix clearly defines all the interactions of processes and the targets of their operations.

Connect to me on Facebook

Zombie

After the zombie is removed, its process id and entry in the process table can then be reused but until its entry is in the process table that value cannot be used for other process in case the parent spawns the new process. It will allocate a new pid different from that of zombie process to the new process created.

Zombies can be identified in the output from the ps command in Linux by the presence of a “Z” in the “STAT” column.

To remove zombies from a system, the SIGCHLD signal can be sent to the parent manually, using the kill command. If the parent process still refuses to reap the zombie, the next step would be to remove the parent process. When a process loses its parent, init becomes its new parent. Init periodically executes the wait system call to reap any zombies with init as parent.

Connect to me on Facebook

This is how SSH works:
When a user attempts for a remote login using SSH ,for the first time it prompts for the generation of keys. SSH uses asymmetric Encryption. Asymmetric encryption also allows for digital certificates.

Two types of key are generated:

Private key : This key is kept only with the user who generated the key and is used for encrypting the messages before sending them over the network.

Public key : This key is distributed to all the users with which you want to encrypt your communication .Remote system uses this key to decrypt the encrypted messsages which is sent by the user to the remote  machines.

This is how SSH actually works:

SENDER:

generate public/private key pair : P and S
 publish public key P .guard private key S
encrypt message M with private key S
 send recipient S(M)

RECIPIENT:

decrypt with sender’s public key to recover M=P(S(M))

For making remote login through ssh :
At the hash prompt:

#ssh 192.168.1.1

then type yes for the generation of the keys and then enter the password for the remote system and you are logged into the system

Enjoy the encrypted communication and stay away from network hacks.

Connect to me on Facebook

Sometimes non-root users wish to login into the root account but doesn’t have the password or in times some bad users change the root password which disables root-user to login ,hence he need to change the password for his account  and setup a new password

Here are the all steps to change/break  password for root in linux even if previous password is not known:

Step 1:)

When the first  grub screen like the below snapshot appears  press ‘e’ on linux line entry:

Step2)

After preesing “e” in the previous step the snapshot similar to the below snapshot appears. Move to the line which contains the word ‘kernel’ and  press  ‘e’

Step3)

Go to end of that line and after rhgb quiet write  1 as in the snapshot below…this means that you are setting your kernel to boot into single user mode also known as the maintenance mode.

Step4)

Then press “enter ” and then  ‘b’ to boot the system into run level 1:
Step5)

Now wait for the prompt and  write the following command :
#passwd root

Now the password for root account has been changed and try login with the new account:

Related articles
How to set password for grub in linux

You may have encountered the error message:

Cannot open /dev/hda9 : device or resource busy

in linux many times..where /dev/hda9 is one of your partitions of your hard drive /dev/hda..and 9 is the partition number.

This can happen due to one of the following reasons:-

1.The device could be mounted somewhere.To fix this

Check /etc/fstab file.

#cat /etc/fstab

We can see that the last line contains /dev/hda9 mounted on /quota folder.

Comment out this line

Open /etc/fstab file with your favourite editor..we will use vi editor here.

#vi /etc/fstab

Go in insert mode by pressing ‘i’ and comment out the line.

Move out of the editor with [esc] and then :wq

Then,

#umount /dev/hda9

#mount –a

Now check with,

#mount

You will not see /dev/hda9 mounted.

2.Another reason may be that the device you are trying to access (or use) is supposedly busy (in use) or that a resource it needs (such as an IRQ) is supposedly being used by another device and can’t be shared. This message is easy to understand if it only means that the device is busy (in use). But it sometimes means that a needed resource is already in use (busy). What makes it even more confusing is that in some cases neither the device nor the resources that it needs are actually “busy”.

To read more on this.Read here

So what is a vncviewer?

Vncviewer is a viewer(client) for virtual network computing.Vncviewer is an Xt-based client application for the VNC (Virtual Network  Computing) system. It can connect to any VNC-compatible server such as Xvnc or WinVNC, allowing you to control desktop environment  of a different machine.

It is relatively straightforward to display and access a Linux desktop from a system anywhere else on a network or the internet by using Virtual Network Computing (VNC). This can be achieved regardless of whether that system is running Linux, Windows or Mac OS X.. The more impressive thing about this is that it can be set up for free with only a little time and knowledge.

For enabling vnc settings three things are required:

1. A VNC services enabled on the  Linux system whose desktop needs to be accessed.

2. A VNC viewer client installed on the system on which you want to display your Linux desktop.

3. A connection between the two systems.

Here are some  simple steps that will help you in setting the vncserver and allowing others to have  access to your desktop.

Step:1)Firstly you need to install vnc-server rpm on your server system.

Give the following command to install vnc packages:

#rpm –ivh  vnc-server-4.1.2-14.el5

#rpm –ivh  vnc-4.1.2-14.el5

Step:2)On your Linux system desktop whose desktop need to be accessed, go at the top and click on the System—>Preferences—>Remote desktop

Similar to thepicture below

After clicking on remote desktop a dialog box similar to below one will get  displayed:

Here check the first box i.e Allow other users to view your desktop.

There are other options also available like do you want to have password authentication and want to allows the remote system to control your desktop or not.

Step 3:)On the client side install the vnc packages:

To install the vnc package, at the prompt type:

#rpm –ivh  #rpm –ivh  vnc-4.1.2-14.el5

Step 4:)At the command prompt,just type the following command

#vncviewer

The following dialog box will get appeared.

Enter the ip of the remote machine and enjoy the services

It worked for me like this:

yum uses ftp protocol for the transfer of packages from client to server side.

Configuring the yum server:

Step1:)Mount the linux dvd/iso to some preexisting directory.

#mount /dev/cdrom /mnt/

Step2:) Intsall the vsftpd package and createrepo package:

#rpm –ivh vsftpd-2.0.5-12.el5
#rpm –ivh createrepo-0.4.11-3.el5

Step3:)Copy the entire DVD to /var/ftp/pub directory:

# cp -rvf /mnt/* /var/ftp/pub/

Step4:)Move to the pub direcorty:

# cd /var/ftp/pub/
#cp Server/repodata/comps-rhel5-server-core.xml Server
# cd Server/
#createrepo -vg comps-rhel5-server-core.xml /var ftp/pub/Server

Step5:)Restart vsftpd service

#service vsftpd restart

Step6:)To enable service start at the boot time type the following command:

#chkconfig vsftpd on
yum server has been established and can be used for downloading the packages.

Configuring the yum client:

Step1:)Create the yum repository file.

#vi /etc/yum.repos.d/ser.repo
enter the following configuration lines.
[Server]
name=any meaningful name
baseurl=ftp://192.168.1.1/pub/Server #enter the ip adress of the yum server
baseurl=file:///var/ftp/pub/Server #if both client and server are same machine
gpgcheck=0
save and exit.
Now you can easily download packages using the yum command:
For more options go to man yum.conf

Related articles
How to configure dhcp server on redhat/linux

How to make a nfs server