Bariatrics

Bariatrics

Who they are

Bariatrics in Tijuana, Mexico.COme Check out there all inclusive packages. Scared to go to Mexico, No worries at all! From Hotel to Hospital we have you covered every step of the way! 

PDSH – The Ultimate Terminal APP for SysAdmins

PDSH – The Ultimate Terminal APP for SysAdmins

Introduction

Pdsh is a tool to allow you to issue commands from a single terminal. We will install this on CentOS 6. Please visit the developers site: pdsh.

Pdsh is a parallel remote shell client. I started using this when there were way to many servers to login into via a Linux Terminal, especially if I wanted to enter a simple command. If you have to check the date on more than a few servers, force a a puppet run on many nodes, start or stop scripts running, then this is the tool for you.

The syntax may take time to get the hang of but it will save you from a lot of headaches. I think this is a SysAdmin’s best friend.


Repositories needed:

# EPEL (Extra Packages for Enterprise Linux):

Install Instructions:

# Lets start by installing the pdsh package from Yum since we now have the EPEL repo configured:

  • yum install push

# Set up user environment by first finding the location of the installed package and creating a profile:

  • which pdsh
  • vim /etc/profile.d/pdsh.sh
  • # For pdsh user environment:
  • export PDSH_RCMD_TYPE=‘ssh’
  • export pdshuser=‘/etc/pdsh/machines’

# What I did here was telling the profile to use ssh and then to export the path to the user I wish to use for pdsh.

# Note, the user here has to have the same username on all the remote machines if you are to do a simple pdsh setup, like whats covered here.

# Add nodes (Directory made need to be made):

  • mkdir /etc/pdsh
  • vim /etc/pdsh/machines
  • Node1
  • Node2
  • Node3
  • ….etc…nodes…

# Here is where we make the root location for pdsh hostname group files. I am going to name mine machine and add

# all the hosts by hostname, you can use IPs, that we will pdsh commands to.

# Password-less user login (pdsh user to user):

  • su – pdshuser
  • mkdir .ssh
  • chmod 700 .ssh
  • cd .ssh/
  • ssh-keygen -t rsa
  • ssh-copy-id -i ~/.ssh/id_rsa.pub Node1

# Here is where we become the pdsh user we made, and add the ssh directory for ssh keys to be stored.

# Once that is done, we generate the RSA SSH Keys and copy them to each node.

# Test that the ssh keys work. There should be no prompt for a password:

  • ssh Node1

# Disable tty for user using pdsh:

  • visudo
  • Defaults requiretty
  • Defaults:pdshuser !requiretty

# By adding these lines, we are only allowing the pdsh user to not need to an interactive shell or terminal session to be sudo

# Please be sure to only allow this for the pdsh user for security issues

Conclusion:

There are many other options we can include, but these I think are a must.

Please post any comments below and feel free to ask questions.

 

Essential Security – Linux Web Server

Essential Security – Linux Web Server

Introduction

Updated 8/15/2019 – Added updated code and support for Systemd systems.

  Building a LAMP (Linux, Apache, MySQL, Php) Web server or another variation of a Linux Web Server stack and getting it all nicely configured with reliable data handling, a domain name, and a TLS/SSL certificate is only half of the battle. You’ll also need to make sure your infrastructure (Server, Hosting Provider, Network) is protected from the internet’s many frightening threats and attacks.

  Securing Web Servers has become increasingly more advanced and difficult as compared to before. Notice some of the most recent recommendations for Essential Security on your Linux Web Server, Ubuntu or CentOS, for any company, big or small. We will focus mainly on CentOS 6 OS but most of what is listed here can be applied to Ubuntu and the many Red Hat (RHEL) Linux OS versions such as CentOS and Amazon Linux.

 

    For all you Security Admins or Linux SysAdmins, site security and interconnectivity based on open source tools is essential today. Common protocols such as SSH, HTTP and HTTPS are solely dependent on your OpenSSL Configurations, the OpenSSL Version to support modern secure encryption and ciphers and your Web Server support for these as well, including some of the more popular Enterprise solutions, Ngnix and Apache.

  Lets look at a few settings that are essential for good security. Though having other methods in place, such as Firewalls and VPNs, are important as well, we will not discuss those in this article.

Repositories needed:

None beyond the basic included Repos in your OS. If you want the latest version not supplied by the default repo, EPEL or IUS are recommended.

Install Instructions – OpenSSL:

 Lets start by installing the needed packages from Yum (CentOS and Amazon Linux) and Apt-Get (Ubuntu) and ensure they are running the most current repo version:

CentOS/ Amazon Linux:

  • sudo yum install openssl

Ubuntu:

  • sudo update
  • sudo apt-get -V install openssl

SSH:

 Securing SSH Configuration:

  • sudo vim /etc/ssh/sshd_config
  • # Make sure the following settings are set:
  • PermitRootLogin no
  • UsePrivilegeSeparation yes
  • Protocol 2
  • AllowAgentForwarding no

The first option here, ‘PermitRootLogin no’, is to disable anyone using the root user via ssh. This will help protect against root user brute force attacks.

The second options here, ‘UsePrivilegeSeparation yes’, is to split the daemon process into two parts. That way only what is needed and a small part of the code runs as root (kernel level access) and the rest of the code runs in a chroot jail environment.

The third option here, ‘Protocol 2’, may already be enabled in your configuration, but this limits ssh to the latest version 2 protocol only. Version 1 is no longer secure.

The forth option, ‘AllowAgentForwarding no’, may already be enabled in your configuration, but this keeps ssh keys from being used from the original source. We dont want to forward ssh keys beyond the first server, most cases we would not be using an SSH Jump Host of sorts.

Login Banners:

 Lets modify the motd file:

  • sudo vim /etc/motd:
  • *Notice*
  • This System, {System Name}, is property of {Company Name}.
  • Use of this system constitutes consent to official monitoring.

Placing a legal banner in the motd (Message of The Day) file gives anyone accessing the server notice about this environment. It is prudent to place a legal banner on login screens on all servers for legal reasons and to potentially deter intruders among other things. This motd banner will be displayed after  a user logins via ssh, local console, etc. If this files doesn’t exist, you can create it as root user using sudo. We like this method as well, so everyone knows which server they are in, especially if the command prompt has no name in it.

 Apply changes:

Systemvinit setups such as CentOS 6, Amazon Linux OS 1, use the command below:

  • sudo service sshd restart

Systemd setups such as CentOS 7, Amazon Linux OS 2, use the command below:

  • sudo systemctl restart ssh

 

Secure Nginx or Apache:

 Nginx, lets remove old vulnerable protocols, such as SSLv2 and SSLv3:

  • sudo vim /etc/nginx/sites-enabled/{your-site.conf}
  • server {
  • ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  • # UPDATE – TLS 1.0 and even at times 1.1, are discouraged.
  • # If your end users dont need old systems supported,
  • # use the below code instead for ssl_protocols.
  • ssl_protocols TLSv1.2;
  • }

Inside your server block that uses https/ssl, if you add these settings instead, you will not be vulnerable to many recent security flaws, DROWN, etc.

You can also modify the nginx.conf config to apply these settings as well.

 Check you configuration and Apply changes:

Test the configuration in the first step with ‘configtest’/’config’. We dont want any typos or misconfigurations.

Systemvinit setups such as CentOS 6, Amazon Linux OS 1, use the command below:

  • sudo service nginx configtest
  • sudo service nginx reload

Systemd setups such as CentOS 7, Amazon Linux OS 2, use the command below:

  • sudo systemctl config nginx
  • sudo systemctl reload nginx

 Apache, Lets remove old vulnerable protocols, such as SSLv2 and SSLv3:

  • sudo vim /etc/httpd/conf.d/ssl.conf
  • SSLProtocols +TLSv1 +TLSv1.1 +TLS1.2
  • # UPDATE – TLS 1.0 and even at times 1.1, are discouraged.
  • # If your end users dont need old systems supported,
  • # use the below code instead for sslProtocols.
  • SSLProtocols +TLS1.2

Inside your apache vhost that uses https/ssl, if you add these settings instead, you will not be vulnerable to many recent security flaws, DROWN, etc.

This will apply globally unless you overwrite it in a vhost. Please make sure the default ssl vhost is disabled or update its settings to this.

 Check you configuration and Apply changes:

Test the configuration in the first step with ‘configtest’/’config’. We dont want any typos or misconfigurations.

Systemvinit setups such as CentOS 6, Amazon Linux OS 1, use the command below:

  • sudo service httpd configtest
  • sudo service httpd reload

Systemd setups such as CentOS 7, Amazon Linux OS 2, use the command below:

  • sudo httpd -t
  • sudo systemctl reload httpd

Conclusion:

There are many other options we can include, but these I think are a must. In other articles we will discuss SSL Cipher Suites and HSTS for apache and nginx.

Remember, that if you are using a different OS, you may need to change Apache package name for Ubuntu. For Example, instead of ‘httpd’, you may need to use ‘apache2’ or similar.

Please post any comments below and feel free to ask questions.

Use your Custom Domain Name with Gmail

Use your Custom Domain Name with Gmail

Introduction

Have you ever come across someone’s business card or contact for a business and they use a public email service instead of a custom domain name or their website name? Have you ever wondered how you can set up your custom domain name as an email address?

What if I told you, you could and not only that, it would be FREE? Yes its true, nothing is ever truly free but this nearly is for a startup company that can expect less than 10,000 emails a day.

 

What is a custom domain name? A domain name usually represents your website or URL.

For Example, gmail.com would take you to Google’s email web client. From there you can create free email accounts. The catch? They are all going to be ‘@gmail.com‘.  Gmail.com is the domain name.

A custom domain name would be a website domain you buy online, typically $12-$20 a year. With that, you can register your site to a server and send email such as ‘[email protected]’ or ‘[email protected]’. Dont you agree, this looks way more professional and legitimate then, ‘[email protected]’.

 

Of course here at Bytes Unlimited, we dont recreate the wheel and we give credit where its due. If at anytime you need help or would like us to do it for you, we can. Here is the link to blog.tyrsius.com. They created a good walk-thru and some in the comments, including myself, have contributed to the article to be as smooth and easy as possible for most.

 

Using Mailgun to route Email to Gmail – https://blog.tyrsius.com/using-mailgun-to-route-gmail-for-free/

Intro to Linux Series – What is Linux – Part 1

Intro to Linux Series – What is Linux – Part 1

What is Linux?

What is Linux? Seems like more and more people are hearing the name these days. It use to be that only a few technology people were really into it and it required much learning that wasn’t easy for the average person to start learning it. Now it seems colleges and schools are advertising this and even Linux Foundation is pushing online courses to help with the exposure.

So where do we start on this path? There are literally hundreds of “Flavors” or variations of the Linux OS. Which is best for you start? Some think of Linux and associate it with Hackers wearing a hoodie in a dark room and the Matrix style of screen with green code going down the Terminal interface.For some, it can be rather exciting, for others, it can seem quite daunting.

 

Welcome to the Blog Series, Introduction to Linux! We are very excited you are wanting to learn more about Linux and to begin to understand what so many in the computer world are talking about. Linux can be a big undertaking, but it sure is rewarding.

Linux has so many specialities and focuses in the IT World. Many believe it is the Hacker OS but you will come to find out, more than just Hackers use Linux, and for good reason!

In this course we are going to explore the Linux OS (Operating System) that is most common amongst the corporate world. This will expose us to the root of what Linux has to offer and to start to learn to harness the real power of Linux. The OS that we will be using is called CentOS. This OS is completely free and actually runs a majority of the major supercomputers around the world, not to mention the countless websites, such as the one hosting BytesUnlimited.com.

CentOS – Where to get it?

CentOS has two common versions that are in use right now, version 6 and version 7. CentOS 6 is currently on its last phase of its release and lifecycle and thus we will focus on version 7, though most of what is discussed is version agnostic. Most people have been hesitant to start with CentOS 7 since it made major core changes from past versions, that of adding Systemd or System Management Daemon instead of Init or System V init.

Go ahead and download the Linux OS, CentOS 7 from their website: centos.org. You will want to choose the ‘Everything ISO’ or the ‘Minimal ISO’ download. Either doesn’t matter since we will be focusing on the Terminal, which is included in either release. For this ISO file, you will want to use it with a VM (Virtual Machine) environment and to do so, we can use a free application called, Virtual Box.

To download, go to Oracle’s website: VirtualBox.org. You will want to download the correct version for your computer, MacOS or Windows and also download the Extension Pack just below it on the downloads page.

Launch the Virtual Box app and create a new VM. Use the ISO image we downloaded for CentOS to use as a base image for the VM. Once the VM and parameters are set, launch the VM you just made.

Then, follow the Linux steps to install to drive and configure CentOS. We will want to navigate to the Terminal application to use the rest of this tutorial.

What is Up Next?

Now we are going to talk more about what Linux is, the Terminal, BASH Shell and other Linux topics. Please visit back to continue on our road to learning the basics of Linux.