Pluggable Authentication Module (PAM)

Pluggable Authentication Module (PAM) handle the authentication tasks of applications/services on the Linux system. In other words, it allows us to configure how applications use authentication to verify the identity of a user.

In this article, we are mainly dealing with the configuration file format. The PAM configuration files are located under the directory /etc/pam.d/ which describes the authentication procedure for an application. Each file in this directory has the same name as the application for which the module provides authentication. /etc/pam.conf was the configuration file used in earlier versions of PAM and is now deprecated. We can create or add new PAM modules at any time and the programs can immediately use these newly created module and password method without being recompiled.
Continue reading…

Monitor Real time resource usage in CloudLinux :: lvetop

CloudLinux is one of the widely used Operating System now-a-days due to the high level stability and advanced server security it provides, which makes it the first preference to hosting providers, especially in shared hosting environment.

LVE (Lightweight Virtual Environment) is a kernel level technology developed by the CloudLinux team. It is lightweight and transparent. The goal of LVE is to make sure that no single website can bring down your web server.

The kernel makes sure that all LVEs get fair share of the server’s resources, and that no customer can use more than the limits set for that customer.
Continue reading…

Network File System ( NFS ) on CentOS 6

The Network File System (NFS) was originally developed by SUN Micro-systems that allows communications between Linux/Unix systems. It allows you to mount your local file systems over a network and remote hosts or clients to interact with them as they are mounted locally on the same system.

nfs1

Benefits

>> Central Data Management.
>> Allows local access to remote files transparently.
>> Very good for local or reliable connections

Important NFS configuration file

/etc/exports : All files and directories which need to be exported are defined in this which is located in server.

Setup

Need to have two CentOS systems :
NFS Server
NFS Client     

Server

yum install nfs-utils nfs-utils-lib
chkconfig –levels 235 nfs on
service nfs start

Here we are going to share the /home directory in the server using NFS. To share this we need to add this directory to be shared and the details of how it is shared in /etc/exports file.

vi /etc/exports

Here we are going to add the below line in the above file

/home           192.168.0.xx(rw,sync,no_root_squash,no_subtree_check)

rw : This allows the client to read and write in the shared directory
sync : Sync confirms requests to the shared directory only once the changes have been committed.
no_root_squash : This allows /home accessed as root.
no_subtree_check : This option prevents the subtree checking. When a shared directory is the subdirectory of a larger filesystem, nfs performs scans of every directory above it, in order to verify its permissions and details. Disabling the subtree check may increase the reliability of NFS, but reduce security.

Once you entered the above entry, we need to export them by using below command.

exportfs -a

Note : We need to run this command for every update we make in the /etc/exports file.

exportfs -r

Client

yum install nfs-utils nfs-utils-lib

Then we need to create a directory in client system where we want to mount NFS shares. For e.g.:

mkdir /mnt/nfsshare

We can see the available list of NFS shares using :

showmount -e <server_ip or hostname>

For mounting :

mount <server_ip>:/home  /mnt/nfsshare

We can check whether the directory is mounted by :

df -h

We can additionally verify it using:

mount | grep nfs

For mounting NFS shares at boot time.

vi /etc/fstab

Now enter the following line in above file:

<server_ip>:/home  /mnt/nfs/home   nfs      rw,sync,hard,intr  0     0

To unmount NFS shares:

umount /mnt/nfsshare

Testing

Client :

touch /mnt/nfsshare/hello.txt

Server :

ls /home

You will be able to see the hello.txt file in the above location.

DROWN ATTACK – SSLv2 Vulnerablity

Security researchers identified a new openSSL vulnerability, called DROWN( Decrypting RSA With Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that uses the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication, if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that uses TLS were vulnerable to DROWN attack.If your website is protected by TLS and your server directly on indirectly supports the older SSLv2 , you are also vulnerable and an attacker may exploit it to get important information such as  user names, password, financial credentials,important documents ..etc. Continue reading…