Tuesday, May 25, 2021

Adding user to sudoers/Root privileges to a user

The command sudo usermod -a -G sudo pramod is used to add a user named "pramod" to the "sudo" group on a Linux system. By adding a user to the "sudo" group, they are granted administrative privileges and can execute commands with superuser (root) privileges using the sudo command.

(Or)

Open terminal with the user already having sudo permission and run command

$ sudo visudo

Locate the section in the sudoers file that defines user privileges. It usually looks like this:

# User privilege specification

root    ALL=(ALL:ALL) ALL

To grant sudo access to a specific user, add the following line below the root user entry:

pramod ALL=(ALL:ALL) ALL

Save and exit


***
at No comments:
Labels:

Friday, May 21, 2021

MongoDB - Recommended production settings

Production settings: For Mongo DB

1) sysctl -w vm.zone_reclaim_mode=0


##Then start mongod, mongos, configservers using numactl

##numactl --interleave=all <path> <options>


##The <path> is the path to the program you are starting and the <options> are any optional arguments to pass to the program.


2) Verify fsync is available

man fsync


3) Set vm.swappiness to 1 for kernel versions 3.5 or later. Or else 0 for lower kernel versions

sysctl -w vm.swappiness=1

cat /proc/sys/vm/swappiness


4) ulimits

vi /etc/security/limits.d/99-mongodb-nproc.conf


@mongod soft fsize unlimited

@mongod hard fsize unlimited

@mongod soft cpu unlimited

@mongod hard cpu unlimited

@mongod soft memlock unlimited

@mongod hard memlock unlimited

@mongod soft nofile 64000

@mongod hard nofile 64000

@mongod soft nproc 64000

@mongod hard nproc 64000

@mongod soft as unlimited

@mongod hard as unlimited

@mongod soft rss unlimited

@mongod hard rss unlimited


chown mongod:mongod /etc/security/limits.d/99-mongodb-nproc.conf


Reference:



5) Disable Transparent Huge Pages (THP)

Check for Red Hat/CentOS 7



Reboot required.


6) After config file is updated to desired directories


Configure SELinux

Important: use .*

Check semanage avialiblity: man semanage

If not, yum provides semanage

yum install policycoreutils-python




7) Set net.ipv4.tcp_keepalive_time=300 in sysctl.conf

then

sysctl -p


8) Read ahead setting to 0

need study...


##9) AWS EC2 performance considerations

need study...


10) cd /etc/yum.repos.d # vi /etc/yum.repos.d/mongodb-enterprise.repo


[mongodb-enterprise]

name=MongoDB Enterprise Repository

baseurl=https://repo.mongodb.com/yum/redhat/7/mongodb-enterprise/3.6/x86_64/

gpgcheck=1

enabled=1

gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc


Install with: # yum install -y mongodb-enterprise-3.6.2 mongodb-enterprise-server-3.6.2 mongodb-enterprise-shell-3.6.2 mongodb-enterprise-mongos-3.6.2 mongodb-enterprise-tools-3.6.2


Once installed, edit the repository from

enabled=1 to enabled=0

verify by yum repolist


***

Shard 1:

101.11.16.36 -- Primary

101.11.16.12 -- Replica 1

101.11.16.17 -- Replica 2


Shard 2:

102.11.16.75 -- Primary

102.18.16.10 -- Replica 1

102.18.17.5 -- Replica 2


11) Some more sysctl configurations:

fs.file-max=98000

kernel.pid_max=64000

kernel.threads-max=64000

vm.max_map_count=128000



***
at No comments:
Labels:

Monday, May 17, 2021

Installing and setting up Nagios

 Nagios open source comes as raw code, so we need gcc compiler to compile as it was written in c.


Apache

php

gcc compiler

gd

perl

make


yum install httpd php gcc glibc* gd gd-devel


Installation.


1) Create account info

useradd -m nagios

passwd nagios


groupadd nagcmd

usermod -a -G nagcmd nagios

usermod -a -G nagcmd apache


2) Download nagios core

We need to download core and plugin tar(the plugi tar will have all plugins and core will have deamon)


3) extract both tars

go to nagios folder.

./configure--with-command-group=nagcmd

The above step will make sure that the core we extracted will be compatiable to the OS version so that make will be easy.

then run 

make all

above step will create compiled files from that folders raw code.


4) make install

make install-init

make install-config

make install-commandmode

make install-webconf


5) Create nagiosadmin

this user will have admin access to ui

htpasswd-b-c /usr/local/nagios/etc/htpasswd.users nagiosadmin nagiosadmin


6) service httpd restart


------------------


Install nagios plugins.


1) plugins complied will be using the libexec directory to store its files.

/usr/local/nagios/libexec


2) making sure the files that need to be compiled to be in for correct OS corresponding

./configure--with-nagos-user=nagios--with-nagios-group=nagios


3) make


4) make install


5) verify in libexec directory where all plugins .

If you want some thing else download correspondingly and keep it into that directory.


6) Verify sample nagios configuration default ones.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg


7) servive nagios start


8) verify by ps -ef | grep nagios


---------------


http interface:

localhost/nagios


------------

Directory structure:

/usr/local/nagios/bin -- binary files (nagios, nagiossstat)

/usr/local/nagios/sbin -- CGI files(ex: tac.cgi)

/usr/local/nagios/libexec -- plugins (ex:check_ping)

/usr/local/nagios/share-- php files

/usr/local/nagios/etc -- configuration files

/usr/local/nagios/var -- logs, lock


***
at No comments:
Labels:

Wednesday, May 5, 2021

High Disk Space Utilization

 High Disk space with "df" command

Scenario: Observing high disk space being utilized by disk but can't find any files with high size. Usually this is as below.

df -h /var/log

Filesystem                       Size  Used Avail Use% Mounted on

/dev/mapper/centos_vg-lv_varlog   12G  7.6G  4.5G  63% /var/log

du -sh /var/log

569M    /var/log

As from above, we can see from 'du' command the size is in mb where as in df command it shows 63% is occupied which is in gb.

This implies there were some deleted files hanging in the directory, which are not recycled and can be observed with lsof command.

Ex: sudo lsof /var/log | grep deleted

splunkd    2088      root   44r   REG  253,4 6925406608 1049233 /var/log/cassandra/debug.log (deleted)

java      14801 cassandra  443w   REG  253,4   20971608 3145811 /var/log/spark/master/master.log (deleted)

java      28197 cassandra  532w   REG  253,4  485919252 1048702 /var/log/cassandra/system.log (deleted)

java      28197 cassandra  534w   REG  253,4 6925406860 1049233 /var/log/cassandra/debug.log (deleted)

In our case observed that splunk and java were holding some deleted/log-rotated files and thus consuming disk space.

Solution/Workaround: 

Typical solution: After a file has been identified, free the file used space by shutting down the affected process. If a graceful shutdown does not work, then issue the kill command to forcefully stop it by referencing the PID.

From above lsof output, Column-4 represents the File descriptor id.

Ex: 

java      28197 cassandra  534w   REG  253,4 6925406860 1049233 /var/log/cassandra/debug.log (deleted)

In this 534 is the file-descriptor(fd)

Here, alternatively you can find that file's symbolic link as broken by

sudo file /proc/28197/fd/534

/proc/28197/fd/534: broken symbolic link to `/var/log/cassandra/debug.log (deleted)'

Then, truncate the corresponding process fd with

echo > /proc/pid/fd/fd_number

Ex: echo > /proc/28197/fd/534

Note: Need to be root user.

Reference: https://access.redhat.com/solutions/2316

***

at No comments:
Labels:

Tuesday, May 4, 2021

Scam the Scammer's

 Scam the Scammer's

1) Avoiding blank screens by using Virtual Machines.

Example: VMware, Virtual box etc.

Scenario: Usually, scammer's try to blind/blank your screen by doing Screen sharing only on to second screen and thus you will be getting a blank screen. But if the Operating system is running on Virtual environment, this logic on second screen won't work.

2) Faking SMS verification on temporary phone numbers.

Scenario: Usually, scammer's ask for verification message on your phone number. In this case you can provide fake/temporary phone number. For this you can search for "temporary sms number" there will be lot of websites depending on your country.

3) Tracing IP of the scammer.

Find the IP of the scammer using wire-shark software or use traceroute commands etc.

4) Review the reviewers.

Scenario: A restaurant, motel, stores having much reviews is not the logic to say if it is good or not. See whether the reviewers count of reviews that they gave, this basically explains whether the reviewer a paid artist or not.

5) Spoof Media Access Control Address (MAC address).

Note: This is only temporarily address(can be persistent), you cannot change your original MAC address.

Example:

i) On Windows OS

Command prompt: getmac

Go to Device Manager => Network adapters => 

ii) On Linux

6) Install keyloggers, so as to save what Scammer types/keystrokes.

This help's in reverse tracking scammers credentials/personal details.

7) Use voice changers or mimicry.

8) Use calls bombarding

Example: scammerblaster.com

9) Find information on web.archive.org

***
at No comments:
Labels:
Subscribe to: Comments (Atom)