4 Ways to Watch or Monitor Log Files in Real Time

How can I see the content of a log file in real time in Linux? Well there are a lot of utilities out there that can help a user to output the content of a file while the file is changing or continuously updating. Some of the most known and heavily used utility to display a file content in real time in Linux is the tail command (manage files effectively).

Read Also: 4 Good Open Source Log Monitoring and Management Tools for Linux

1. tail Command – Monitor Logs in Real Time

As said, tail command is the most common solution to display a log file in real time. However, the command to display the file has two versions, as illustrated in the below examples.

In the first example the command tail needs the -f argument to follow the content of a file.

$ sudo tail -f /var/log/apache2/access.log
Monitor Apache Logs in Real Time

Monitor Apache Logs in Real Time


The second version of the command is actually a command itself: tailf. You won’t need to use the -f switch because the command is built-in with the -f argument.

$ sudo tailf /var/log/apache2/access.log
Real Time Apache Logs Monitoring

Real Time Apache Logs Monitoring

Usually, the log files are rotated frequently on a Linux server by the logrotate utility. To watch log files that get rotated on a daily base you can use the -F flag to tail command.

Read Also: How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux

The tail -F will keep track if new log file being created and will start following the new file instead of the old file.

$ sudo tail -F /var/log/apache2/access.log

However, by default, tail command will display the last 10 lines of a file. For instance, if you want to watch in real time only the last two lines of the log file, use the -n file combined with the -f flag, as shown in the below example.

$ sudo tail -n2 -f /var/log/apache2/access.log
Watch Last Two Lines of Logs

Watch Last Two Lines of Logs

2. Multitail Command – Monitor Multiple Log Files in Real Time

Another interesting command to display log files in real time is multitail command. The name of the command implies that multitail utility can monitor and keep track of multiple files in real time. Multitail also lets you navigate back and forth in the monitored file.

To install mulitail utility in Debian and RedHat based systems issue the below command.

$ sudo apt install multitail [On Debian & Ubuntu]
$ sudo yum install multitail [On RedHat & CentOS]
$ sudo dnf install multitail [On Fedora 22+ version]

To display the output of two log file simultaneous, execute the command as shown in the below example.

$ sudo multitail /var/log/apache2/access.log /var/log/apache2/error.log
Multitail Monitor Logs

Multitail Monitor Logs

3. lnav Command – Monitor Multiple Log Files in Real Time

Another interesting command, similar to multitail command is the lnav command. Lnav utility can also watch and follow multiple files and display their content in real time.

To install lnav utility in Debian and RedHat based Linux distributions by issuing the below command.

$ sudo apt install lnav [On Debian & Ubuntu]
$ sudo yum install lnav [On RedHat & CentOS]
$ sudo dnf install lnav [On Fedora 22+ version]

Watch the content of two log files simultaneously by issuing the command as shown in the below example.

$ sudo lnav /var/log/apache2/access.log /var/log/apache2/error.log
lnav - Real Time Logs Monitoring

lnav – Real Time Logs Monitoring

4. less Command – Display Real Time Output of Log Files

Finally, you can display the live output of a file with less command if you type Shift+F.

As with tail utility, pressing Shift+F in a opened file in less will start following the end of the file. Alternatively, you can also start less with less +F flag to enter to live watching of the file.

$ sudo less +F /var/log/apache2/access.log
Watch Logs Using Less Command

Watch Logs Using Less Command

That’s It! You may read these following articles on Log monitoring and management.

  1. Manage Files Effectively using head, tail and cat Commands in Linux
  2. How to Setup and Manage Log Rotation Using Logrotate in Linux
  3. Petiti – An Open Source Log Analysis Tool for Linux SysAdmins
  4. How to Query Audit Logs Using ‘ausearch’ Tool on CentOS/RHEL
  5. Manage Log Messages Under Systemd Using Journalctl [Comprehensive Guide]

In this article, we showed how to watch data being appended in log files in real-time on the terminal in Linux. You can ask any questions or share your thoughts concerning this guide via the comment form below.

Get Certified Oracle Database Administrator Bundle: Lifetime Access

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘Get Certified Oracle Database Administrator Bundle: Lifetime Access’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/10/Certified-Oracle-Database-Administrator-Course.jpg’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>

How to Run Shell Scripts with Sudo Command in Linux

sudo is a powerful command line tool that enables a “permitted user” to run a command as another user (the superuser by default), as defined by a security policy. On most if not all Linux systems, the security policy is driven by the /etc/sudoers file.

Read Also: 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux

Therefore, to run a shell script or program as root, you need to use sudo command. However, sudo only recognizes and runs commands that exist in directories specified in the secure_path in the /etc/sudoers, unless a command is present in the secure_path, you’ll counter an error such as the one below.

This will happen even if the script exists in a directory in the PATH environmental variable, because when a user invokes sudo, PATH is replaced with secure_path.

$ echo $PATH
$ ls -l
$ sudo proconport.sh 80
Sudo Error While Running Script

Sudo Error While Running Script


In the above scenario, the directory /home/aaronkilik/bin is in the PATH environment variable and we are trying to run the script /home/aaronkilik/bin/proconport.sh (finds process listening on a port) with root privileges.

Then we encountered the error “sudo: proconport.sh: command not found”, since /home/aaronkilik/bin is not in the sudo secure_path as shown in next screenshot.

Check Sudo Secure Path

Check Sudo Secure Path

To fix this, we need to add the directory containing our scripts in the sudo secure_path by using the visudo command by editing /etc/sudoers file as follows.

$ sudo visudo

Attention: This method has serious security implications especially on servers running on the Internet. This way, we risk exposing our systems to various attacks, because an attacker who manages to gain access to an unsecure (without superuser privileges) directory that has been added to secure_path, can run a malicious script/program with sudo command.

For security reason, do check out the following article from the sudo website explains a vulnerability relating to secure_path: https://www.sudo.ws/sudo/alerts/secure_path.html

Preferably, we can provide the absolute path to a script while running it with sudo:

$ sudo ./proconport.sh 80
Run Script Using Sudo Command

Run Script Using Sudo Command

That’s It! You may follow list of articles about sudo command:

  1. How to Run ‘sudo’ Command Without Entering a Password in Linux
  2. How to Keep ‘sudo’ Password Timeout Session Longer in Linux
  3. How to Fix “Username is not in the sudoers file. This incident will be reported” in Ubuntu
  4. Let Sudo Insult You When You Enter Incorrect Password

If you have any questions or thoughts concerning this article, share with us via the comment form below.

Understanding Shared Libraries in Linux

In programming, a library is an assortment of pre-compiled pieces of code that can be reused in a program. Libraries simplify life for programmers, in that they provide reusable functions, routines, classes, data structures and so on (written by a another programmer), which they can use in their programs.

For instance, if you are building an application that needs to perform math operations, you don’t have to create a new math function for that, you can simply use existing functions in libraries for that programming language.

Examples of libraries in Linux include libc (the standard C library) or glibc (GNU version of the standard C library), libcurl (multiprotocol file transfer library), libcrypt (library used for encryption, hashing, and encoding in C) and many more.

Linux supports two classes of libraries, namely:

  • Static libraries – are bound to a program statically at compile time.
  • Dynamic or shared libraries – are loaded when a program is launched and loaded into memory and binding occurs at run time.


Dynamic or shared libraries can further be categorized into:

  • Dynamically linked libraries – here a program is linked with the shared library and the kernel loads the library (in case it’s not in memory) upon execution.
  • Dynamically loaded libraries – the program takes full control by calling functions with the library.

Shared Library Naming Conventions

Shared libraries are named in two ways: the library name (a.k.a soname) and a “filename” (absolute path to file which stores library code).

For example, the soname for libc is libc.so.6: where lib is the prefix, c is a descriptive name, so means shared object, and 6 is the version. And its filename is: /lib64/libc.so.6. Note that the soname is actually a symbolic link to the filename.

Locating Shared Libraries in Linux

Shared libraries are loaded by ld.so (or ld.so.x) and ld-linux.so (or ld-linux.so.x) programs, where x is the version. In Linux, /lib/ld-linux.so.x searches and loads all shared libraries used by a program.

A program can call a library using its library name or filename, and a library path stores directories where libraries can be found in the filesystem. By default, libraries are located in /usr/local/lib, /usr/local/lib64, /usr/lib and /usr/lib64; system startup libraries are in /lib and /lib64. Programmers can, however, install libraries in custom locations.

The library path can be defined in /etc/ld.so.conf file which you can edit with a command line editor.

# vi /etc/ld.so.conf 

The line(s) in this file instruct the kernel to load file in /etc/ld.so.conf.d. This way, package maintainers or programmers can add their custom library directories to the search list.

If you look into the /etc/ld.so.conf.d directory, you’ll see .conf files for some common packages (kernel, mysql and postgresql in this case):

# ls /etc/ld.so.conf.d
kernel-2.6.32-358.18.1.el6.x86_64.conf kernel-2.6.32-696.1.1.el6.x86_64.conf mariadb-x86_64.conf
kernel-2.6.32-642.6.2.el6.x86_64.conf kernel-2.6.32-696.6.3.el6.x86_64.conf postgresql-pgdg-libs.conf

If you take a look at the mariadb-x86_64.conf, you will see an absolute path to package’s libraries.

# cat mariadb-x86_64.conf
/usr/lib64/mysql

The method above sets the library path permanently. To set it temporarily, use the LD_LIBRARY_PATH environment variable on the command line. If you want to keep the changes permanent, then add this line in the shell initialization file /etc/profile (global) or ~/.profile (user specific).

# export LD_LIBRARY_PATH=/path/to/library/file

Managing Shared Libraries in Linux

Let us now look at how to deal with shared libraries. To get a list of all shared library dependencies for a binary file, you can use the ldd utility. The output of ldd is in the form:

library name => filename (some hexadecimal value)
OR
filename (some hexadecimal value) #this is shown when library name can’t be read

This command shows all shared library dependencies for the ls command.

# ldd /usr/bin/ls
OR
# ldd /bin/ls
Sample Output
 linux-vdso.so.1 => (0x00007ffebf9c2000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003b71e00000)
librt.so.1 => /lib64/librt.so.1 (0x0000003b71600000)
libcap.so.2 => /lib64/libcap.so.2 (0x0000003b76a00000)
libacl.so.1 => /lib64/libacl.so.1 (0x0000003b75e00000)
libc.so.6 => /lib64/libc.so.6 (0x0000003b70600000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003b70a00000)
/lib64/ld-linux-x86-64.so.2 (0x0000561abfc09000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003b70e00000)
libattr.so.1 => /lib64/libattr.so.1 (0x0000003b75600000)

Because shared libraries can exist in many different directories, searching through all of these directories when a program is launched would be greatly inefficient: which is one of the likely disadvantages of dynamic libraries. Therefore a mechanism of caching employed, performed by a the program ldconfig.

By default, ldconfig reads the content of /etc/ld.so.conf, creates the appropriate symbolic links in the dynamic link directories, and then writes a cache to /etc/ld.so.cache which is then easily used by other programs.

This is very important especially when you have just installed new shared libraries or created your own, or created new library directories. You need to run ldconfig command to effect the changes.

# ldconfig
OR
# ldconfig -v #shows files and directories it works with

After creating your shared library, you need to install it. You can either move it into any of the standard directories mentioned above, and run the ldconfig command.

Alternatively, run the following command to create symbolic links from the soname to the filename:

# ldconfig -n /path/to/your/shared/libraries

To get started with creating your own libraries, check out this guide from The Linux Documentation Project(TLDP).

Thats all for now! In this article, we gave you an introduction to libraries, explained shared libraries and how to manage them in Linux. If you have any queries or additional ideas to share, use the comment form below.

The Linux Lifetime Mastery Bundle Course

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘The Linux Lifetime Mastery Bundle Course’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/10/Linux-Lifetime-Mastery-Bundle.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>

Initial Ubuntu Server Setup for Beginners

This tutorial will guide you on the first basic steps you need to configure on a new installed Ubuntu server in order to increase security and reliability for your server.

The configurations explained in this topic are almost the same for all Ubuntu server systems, regarding of the underlying OS platform, whether Ubuntu is installed on a bare-metal server, in a private virtual machine or a virtual machine spinned-out in a VPS public cloud.

Requirements

  1. Ubuntu Server Edition installation

Update and Upgrade Ubuntu System

The first step you need to take care of in case of fresh installation of Ubuntu server or a new deployed Ubuntu VPS is to make sure the system and all system components, such as the kernel, the package manager and all other installed packages are up-to-date with the latest released versions and security patches.

To update Ubuntu server, to log in to server’s console with an account with root privileges or directly as root and run the below commands in order to perform the update and upgrade process.

$ sudo apt update 
Update Ubuntu Server

Update Ubuntu Server


After running the update command, you will see the number of available packages for upgrading process and the command used for listing the packages upgrades.

$ sudo apt list --upgradable
List Upgrade Ubuntu Packages

List Upgrade Ubuntu Packages

After you’ve consulted the list of packages available for upgrading, issue the below command to start system upgrade process.

$ sudo apt upgrade
Upgrade Ubuntu Server Packages

Upgrade Ubuntu Server Packages

In order to remove all locally downloaded deb packages and all other apt-get caches, execute the below command.

$ sudo apt autoremove
$ sudo apt clean
Autoremove APT Packages and Cache

Autoremove APT Packages and Cache

Create New Account in Ubuntu

By default, as a security measure, the root account is completely disabled in Ubuntu. In order to create a new account on the system, log in to the system with the account user with root privileges and create a new account with the below command.

This new account will be granted with root powers privileges via sudo command and will be used to perform administrative tasks in the system. Make sure you setup a strong password to protect this account. Follow the adduser prompt to setup the user details and password.

$ sudo adduser ubuntu_user
Create User in Ubuntu

Create User in Ubuntu

If this account will be assigned to another system admin, you can force the user to change its password at the first log in attempt by issuing the following command.

$ sudo chage -d0 ubuntu_user

For now, the new added user cannot perform administrative tasks via sudo utility. To grant this new user account with administrative privileges you should add the user to “sudo” system group by issuing the below command.

$ sudo usermod -a -G sudo ubuntu_user

By default, all users belonging to the “sudo” group are allowed to execute commands with root privileges via sudo utility. Sudo command must be used before writing the command needed for execution, as shown in the below example.

$ sudo apt install package_name

Test if the new user has the root privileges granted, by logging in to the system and run the apt update command prefixed with sudo.

$ su - ubuntu_user
$ sudo apt update
Verify New User

Verify New User

Configure System Hostname in Ubuntu

Usually, the machine hostname is set-up during the system installation process or when the VPS is created in the cloud. However, you should change the name of your machine in order to better reflect the destination of your server or to better describe its final purpose.

In a large company, machines are named after complex naming schemes in order to easily identify the machine in datacenter’s racks. For instance, if your Ubuntu machine will operate a mail server, the name of the machine should reflect this fact and you can setup machine hostname as mx01.mydomain.lan, for example.

To show details about your machine hostname run the following command.

$ hostnamectl

In order to change the name of your machine, issue hostnamectl command with the new name you will configure for your machine, as illustrated in the below excerpt.

$ sudo hostnamectl set-hostname tecmint

Verify the new name of your system with one of the below commands.

$ hostname
$ hostname -s
$ cat /etc/hostname 
Set Hostname in Ubuntu Server

Set Hostname in Ubuntu Server

Setup SSH with Public Key Authentication in Ubuntu

To increase system security degree of an Ubuntu server, you should set-up SSH public key authentication for an local account. In order to generate SSH Key Pair, the public and private key, with a specifying a key length, such as 2048 bits, execute the following command at your server console.

Make sure you’re logged in to the system with the user you’re setting up the SSH key.

$ su - ubuntu_user
$ ssh-keygen -t RSA -b 2048
Setup SSH Keys in Ubuntu

Setup SSH Keys in Ubuntu

While the key is generated, you will be prompted to add passphrase in order to secure the key. You can enter a strong passphrase or choose to leave the passphrase blank if you want to automate tasks via SSH server.

After the SSH key has been generated, you can copy the public key to a remote server by executing the below command. To install the public key to the remote SSH server you will need a remote user account with the proper permissions and credentials to log in to remote server.

$ ssh-copy-id [email protected]_server
Copy SSH Key to Remote Server

Copy SSH Key to Remote Server

You should be able to automatically log in via SSH to the remote server using the public key authentication method. You won’t need to add the remote user password while using SSH public key authentication.

After you’ve logged in to the remote server, you can start to execute commands, such as w command to list ssh remote logged in users, as shown in the below screenshot.

Type exit in the console to close the remote SSH session.

$ ssh [email protected]_server
$ w
$ exit
Verify SSH Passwordless Login

Verify SSH Passwordless Login

To see the content of your public SSH key in order to manually install the key to a remote SSH server, issue the following command.

$ cat ~/.ssh/id_rsa.pub
View SSH Key

View SSH Key

Secure SSH Server in Ubuntu

In order to secure the SSH daemon you should change the default SSH port number from 22 to a random port, higher than 1024, and disallow remote SSH access to the root account via password or key, by opening SSH server main configuration file and make the following changes.

$ sudo vi /etc/ssh/sshd_config

First, search the commented line #Port22 and add a new line underneath (replace the listening port number accordingly):

Port 2345

Don’t close the file, scroll down and search for the line #PermitRootLogin yes, uncomment the line by removing the # sign (hashtag) from the beginning of the line and modify the line to look like shown in the below excerpt.

PermitRootLogin no
Secure SSH Service

Secure SSH Service

Afterwards, restart the SSH server to apply the new settings and test the configuration by trying to log in from a remote machine to this server with the root account via the new port number. The access to root account via SSH should be restricted.

$ sudo systemctl restart sshd

Also, run netstat or ss command and filter the output via grep in order to show the new listening port number for SSH server.

$ sudo ss -tlpn| grep ssh
$ sudo netstat -tlpn| grep ssh
Verify SSH Port

Verify SSH Port

There are situations where you might want to automatically disconnect all remote SSH connections established into your server after a period of inactivity.

In order to enable this feature, execute the below command, which adds the TMOUT bash variable to your account .bashrc hidden file and forces every SSH connection made with the name of the user to be disconnected or dropped-out after 5 minutes of inactivity.

$ echo 'TMOUT=300' >> .bashrc

Run tail command to check if the variable has been correctly added at the end of .bashrc file. All subsequent SSH connections will be automatically closed after 5 minutes of inactivity from now on.

$ tail .bashrc

In the below screenshot, the remote SSH session from drupal machine to Ubuntu server via ubuntu_user account has been timed out and auto-logout after 5 minutes.

Auto Disconnect SSH Sessions

Auto Disconnect SSH Sessions

Configure Ubuntu Firewall UFW

Every server needs a well configured firewall in order to secure the system at network level. Ubuntu server uses UFW application to manage the iptables rules on the server.

Check the status of UFW firewall application in Ubuntu by issuing the below commands.

$ sudo systemctl status ufw
$ sudo ufw status
Check UFW Firewall Status

Check UFW Firewall Status

Usually, the UFW firewall daemon is up and running in Ubuntu server, but the rules are not applied by default. Before enabling UFW firewall policy in you system, first you should add a new rule to allow SSH traffic to pass through firewall via the changed SSH port. The rule can be added by executing the below command.

$ sudo ufw allow 2345/tcp

After you’ve allowed SSH traffic, you can enable and check UFW firewall application with the following commands.

$ sudo ufw enable
$ sudo ufw status
Open SSH Port and Verify

Open SSH Port and Verify

To add new firewall rules for other network services subsequently installed on your server, such as HTTP server, a mail server or other network services, use the below firewall commands examples as guide.

$ sudo ufw allow http #allow http traffic
$ sudo ufw allow proto tcp from any to any port 25,443 # allow https and smtp traffic

To list all firewall rules run the below command.

$ sudo ufw status verbose
Check UFW Firewall Rules

Check UFW Firewall Rules

Set Ubuntu Server Time

To control or query Ubuntu server clock and other related time settings, execute timedatectl command with no argument.

In order to change your server’s time zone settings, first execute timedatectl command with list-timezones argument to list all available time zones and, then, set the time zone of your system as shown in the below excerpt.

$ sudo timedatectl $ sudo timedatectl list-timezones $ sudo timedatectl set-timezone Europe/Vienna
Set Ubuntu Timezone

Set Ubuntu Timezone

The new systemd-timesyncd systemd daemon client can be utilized in Ubuntu in order to provide an accurate time for your server across network and synchronize time with an upper time peer server.

To apply this new feature of Systemd, modify systemd-timesyncd daemon configuration file and add the closest geographically NTP servers to NTP statement line, as shown in the below file excerpt:

$ sudo nano /etc/systemd/timesyncd.conf

Add following configuration to timesyncd.conf file:

[Time]
NTP=0.pool.ntp.org 1.pool.ntp.org
FallbackNTP=ntp.ubuntu.com
NTP Time Configuration

NTP Time Configuration

To add your nearest geographically NTP servers, consult the NTP pool project server list at the following address: http://www.pool.ntp.org/en/

Afterwards, restart the Systemd timesync daemon to reflect changes and check daemon status by running the below commands. After restart, the daemon will start to sync time with the new ntp server peer.

$ sudo systemctl restart systemd-timesyncd.service $ sudo systemctl status systemd-timesyncd.service
Start TimeSyncd Service

Start TimeSyncd Service

Disable and Remove Unneeded Services in Ubuntu

In order to get a list of all TCP and UDP network services up-and-running by default in your Ubuntu server, execute the ss or netstat command.

$ sudo netstat -tulpn
OR
$ sudo ss -tulpn
List All Running Services

List All Running Services

Staring with Ubuntu 16.10 release, the default DNS resolver is now controlled by systemd-resolved service, as revealed by the output of netstat or ss commands.

You should also check the systemd-resolved service status by running the following command.

$ sudo systemctl status systemd-resolved.service
Check Systemd Resolved Status

Check Systemd Resolved Status

The systemd-resolved service binds on all enabled network interfaces and listens on ports 53 and 5355 TCP and UDP.

Running system-resolved caching DNS daemon on a production server can be dangerous due to the numerous number of DDOS attacks performed by malicious hackers against unsecured DNS servers.

In order to stop and disable this service, execute the following commands.

$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
Disable Systemd Resolved Service

Disable Systemd Resolved Service

Verify if the service has been stopped and disabled by issuing ss or netstat command. The systemd-resolved listening ports, 53 and 5355 TCP and UDP, should not be listed in netstat or ss command output, as illustrated in the below.

You should also reboot the machine in order to completely disable all systemd-resolved daemon services and restore the default /etc/resolv.conf file.

$ sudo ss -tulpn
$ sudo netstat -tulpn
$ sudo systemctl reboot
Verify All Running Services

Verify All Running Services

Although, you’ve disabled some unwanted networking services to run in your server, there are also other services installed and running in your system, such as lxc process and snapd service. These services can be easily detected via ps, top or pstree commands.

$ sudo ps aux
$ sudo top
$ sudo pstree
List Running Services in Tree Format

List Running Services in Tree Format

In case you’re not going to use LXC container virtualization in your server or start installing software packaged via Snap package manager, you should completely disable and remove these services, by issuing the below commands.

$ sudo apt autoremove --purge lxc-common lxcfs
$ sudo apt autoremove --purge snapd

That’s all! Now, Ubuntu server is now prepared for installing additional software needed for custom network services or applications, such as installing and configuring a web server, a database server, a file share service or other specific applications.

How to Enable, Disable and Install Yum Plug-ins

YUM plug-ins are small programs that extend and improve the overall performance of the package manager. A few of them are installed by default, while many are not. Yum always notify you which plug-ins, if any, are loaded and active whenever you run any yum command.

In this short article, we will explain how to turn on or off and configure YUM package manager plug-ins in CentOS/RHEL distributions.

To see all active plug-ins, run a yum command on the terminal. From the output below, you can see that the fastestmirror plug-in is loaded.

# yum search nginx
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Determining fastest mirrors
...

Enabling YUM Plug-ins

To enable yum plug-ins, ensure that the directive plugins=1 (1 meaning on) exists under the [main] section in the /etc/yum.conf file, as shown below.

# vi /etc/yum.conf

Yum Configuration File

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1 installonly_limit=5


This is a general method of enabling yum plug-ins globally. As we will see later on, you can enable them individually in their receptive configuration files.

Disabling YUM Plug-ins

To disable yum plug-ins, simply change the value above to 0 (meaning off), which disables all plug-ins globally.

plugins=0 

At this stage, it is useful to note that:

  • Since a few plug-ins (such as product-id and subscription-manager) offer fundamental yum functionalities, it is not recommended to turn off all plug-ins especially globally.
  • Secondly, disabling plug-ins globally is allowed as an easy way out, and this implies that you can use this provision when investigating a likely problem with yum.
  • Configurations for various plug-ins are located in /etc/yum/pluginconf.d/.
  • Disabling plug-ins globally in /etc/yum.conf overrides settings in individual configuration files.
  • And you can also disable a single or all yum plug-ins when running yum, as described later on.

Installing and Configuring Extra YUM Plug-ins

You can view a list of all yum plug-ins and their descriptions using this command.

# yum search yum-plugin
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Loading mirror speeds from cached hostfile
* base: mirror.sov.uk.goscomb.net
* epel: www.mirrorservice.org
* extras: mirror.sov.uk.goscomb.net
* updates: mirror.sov.uk.goscomb.net
========================================================================= N/S matched: yum-plugin ==========================================================================
PackageKit-yum-plugin.x86_64 : Tell PackageKit to check for updates when yum exits
fusioninventory-agent-yum-plugin.noarch : Ask FusionInventory agent to send an inventory when yum exits
kabi-yum-plugins.noarch : The CentOS Linux kernel ABI yum plugin
yum-plugin-aliases.noarch : Yum plugin to enable aliases filters
yum-plugin-auto-update-debug-info.noarch : Yum plugin to enable automatic updates to installed debuginfo packages
yum-plugin-changelog.noarch : Yum plugin for viewing package changelogs before/after updating
yum-plugin-fastestmirror.noarch : Yum plugin which chooses fastest repository from a mirrorlist
yum-plugin-filter-data.noarch : Yum plugin to list filter based on package data
yum-plugin-fs-snapshot.noarch : Yum plugin to automatically snapshot your filesystems during updates
yum-plugin-keys.noarch : Yum plugin to deal with signing keys
yum-plugin-list-data.noarch : Yum plugin to list aggregate package data
yum-plugin-local.noarch : Yum plugin to automatically manage a local repo. of downloaded packages
yum-plugin-merge-conf.noarch : Yum plugin to merge configuration changes when installing packages
yum-plugin-ovl.noarch : Yum plugin to work around overlayfs issues
yum-plugin-post-transaction-actions.noarch : Yum plugin to run arbitrary commands when certain pkgs are acted on
yum-plugin-priorities.noarch : plugin to give priorities to packages from different repos
yum-plugin-protectbase.noarch : Yum plugin to protect packages from certain repositories.
yum-plugin-ps.noarch : Yum plugin to look at processes, with respect to packages
yum-plugin-remove-with-leaves.noarch : Yum plugin to remove dependencies which are no longer used because of a removal
yum-plugin-rpm-warm-cache.noarch : Yum plugin to access the rpmdb files early to warm up access to the db
yum-plugin-show-leaves.noarch : Yum plugin which shows newly installed leaf packages
yum-plugin-tmprepo.noarch : Yum plugin to add temporary repositories
yum-plugin-tsflags.noarch : Yum plugin to add tsflags by a commandline option
yum-plugin-upgrade-helper.noarch : Yum plugin to help upgrades to the next distribution version
yum-plugin-verify.noarch : Yum plugin to add verify command, and options
yum-plugin-versionlock.noarch : Yum plugin to lock specified packages from being updated

To install a plug-in, use the same method for installing a package. For instance we will install the changelog plug-in which is used to display package changelogs before/after updating.

# yum install yum-plugin-changelog 

Once you have installed, changelog will be enabled by default, to confirm take look into its configuration file.

# vi /etc/yum/pluginconf.d/changelog.conf

Now you can view the changelog for a package (httpd in this case) like this.

# yum changelog httpd
Loaded plugins: changelog, fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: mirror.freethought-internet.co.uk
* extras: mirrors.linode.com
* updates: mirrors.linode.com
Listing all changelogs
==================== Installed Packages ====================
httpd-2.4.6-45.el7.centos.4.x86_64 installed
* Wed Apr 12 17:30:00 2017 CentOS Sources <[email protected]> - 2.4.6-45.el7.centos.4
- Remove index.html, add centos-noindex.tar.gz
- change vstring
- change symlink for poweredby.png
- update welcome.conf with proper aliases
...

Disable YUM Plug-ins in Command Line

As stated before, we can also turn off one or more plug-ins while running a yum command by using these two important options.

  • --noplugins – turns off all plug-ins
  • --disableplugin=plugin_name – disables a single plug-ins

You can disable all plug-ins as in this yum command.

# yum search --noplugins yum-plugin

The next command disables the plug-in, fastestmirror while installing httpd package.

# yum install --disableplugin=fastestmirror httpd
Loaded plugins: changelog
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7.centos.4 will be updated
--> Processing Dependency: httpd = 2.4.6-45.el7.centos.4 for package: 1:mod_ssl-2.4.6-45.el7.centos.4.x86_64
---> Package httpd.x86_64 0:2.4.6-67.el7.centos.6 will be an update
...

That’s it for now! you may also like to read these following YUM related articles.

  1. How to Use ‘Yum History’ to Find Out Installed or Removed Packages Info
  2. How to Fix Yum Error: Database Disk Image is Malformed

In this guide, we showed how to activate, configure or deactivate YUM package manager plug-ins in CentOS/RHEL 7. Use the comment form below to ask any question or share your views about this article.

Initial Server Setup and Configurations on RHEL 7

In this tutorial we’ll discuss the first configuration steps you need to take care of after a fresh installation of Red Hat Enterprise Linux 7 on a bare metal-server or on a Virtual Private Server.

Requirements

  1. RHEL 7 Minimal Installation

Important: CentOS 7 users, can follow this article to do a Initial Server Setup on CentOS 7.

Update RHEL 7 System

In the first step log in to your RHEL server console with an account with root privileges or directly as root and run the below command in order to fully update your system components, such as the installed packages, the kernel or apply other security patches.

# yum check-update
# yum update

In order to remove all locally downloaded packages and other related YUM caches, execute the below command.

# yum clean all

Install System Utilities on RHEL 7


These following utilities can prove to be useful for day-by-day system administration: nano (text editor to replace vi editor), wget, curl (utilities used for downloading packages over network mostly) net-tools, lsof (utilities for managing local networking) and bash-completion (command line autocomplete).

Install them all in one-shot by executing the below command.

# yum install nano wget curl net-tools lsof bash-completion

Setup Networking in RHEL 7

RHEL 7 has a wide range of tools that can be used to configure and manage networking, from manually editing the network configuration file to using commands such as ip, ifconfig, nmtui, nmcli or route.

The easiest utility a beginner can use to manage and change network configurations is nmtui graphical command line.

In order to change the system hostname via nmtui utility, execute nmtui-hostname command, set your machine hostname and press OK to finish, as illustrated in the below screenshot.

# nmtui-hostname
Set Hostname in RHEL 7

Set Hostname in RHEL 7

To manipulate a network interface, execute nmtui-edit command, choose the interface you want to edit and select edit from the right menu, as shown in the below screenshot.

Configure Network in RHEL 7

Configure Network in RHEL 7

Once you’re in the graphical interface provided by nmtui utility you can setup the network interface IP settings as illustrated in the below screenshot. When you finish, navigate to OK using [tab] key to save the configuration and quit.

Setup Network IP Address

Setup Network IP Address

In order to apply the network interface new configuration, execute nmtui-connect command, select the interface you want to manage and hit on Deactivate/Activate option to decommission and rise-up the interface with the IP settings, as presented in the below screenshots.

# nmtui-connect
Active Network Interface

Active Network Interface

In order to view the network interface settings, you can inspect the content of the interface file or you can issue the below commands.

# ifconfig enp0s3
# ip a
# ping -c2 google.com
Verify Network Configuration

Verify Network Configuration

Other useful utilities that can be used to manage speed, link state or obtain information about machine network interfaces are ethtool and mii-tool.

# ethtool enp0s3
# mii-tool enp0s3
Check Network Connection

Check Network Connection

Create New User Account

On the next step, while logged in as root into your server, create a new user with the below command. This user will be used later to login into your system and perform administrative tasks.

# adduser tecmint_user

After you’ve added the user using the above command, setup a strong password for this user by issuing the below command.

# passwd tecmint_user

In cases where you want to force this new user to change its password at the first log in attempt, execute the below command.

# chage -d0 tecmint_user

This new user account with has regular account privileges for now and cannot perform administrative tasks via sudo command.

In order to avoid the use of the root account for performing administrative privileges, grant this new user with administrative privileges by adding the user to “wheel” system group.

The users belonging to the “wheel” group are allowed, by default in RHEL, to run commands with root privileges by using the sudo utility before writing the command needed for execution.

For instance, to add the user “tecmint_user” to “wheel” group, execute the below command.

# usermod -aG wheel tecmint_user

Afterwards, login to the system with the new user and try to update the system via ‘sudo yum update’ command to test if the user has root powers granted.

# su - tecmint_user
$ sudo yum update

Configure SSH Public Key Authentication on RHEL 7

On the next step in order to increase your RHEL serve security, configure SSH public key authentication for the new user. In order to generate a SSH Key Pair, the public and private key, execute the following command at your server console. Make sure you’re logged in to the system with the user you’re setting up the SSH key.

# su - tecmint_user
$ ssh-keygen -t RSA

While the key is generated, you will be prompted to add passphrase in order to secure the key. You can enter a strong passphrase or choose to leave the passphrase blank if you want to automate tasks via SSH server.

After the SSH key has been generated, copy the public key pair to a remote server by executing the below command. To install the public key to the remote SSH server you will need a user account that has credentials to log in to that server.

$ ssh-copy-id [email protected]

Now you should try to login via SSH to the remote server using the private key as authentication method. You should be able to log in automatically without the SSH server asking for a password.

$ ssh [email protected]

To see the content of your public SSH key if you want to manually install the key to a distant SSH server, issue the following command.

$ cat ~/.ssh/id_rsa

Secure SSH on RHEL 7

In order to secure the SSH daemon and disallow remote SSH access to the root account via password or key, open SSH server main configuration file and make the following changes.

$ sudo vi /etc/ssh/sshd_config

Search for the line #PermitRootLogin yes, uncomment the line by removing the # sign (hashtag) from the beginning of the line and modify the line to look like shown in the below excerpt.

PermitRootLogin no

Afterwards, restart the SSH server to apply the new settings and test the configuration by trying to login to this server with the root account. The access to root account via SSH should be restricted by now.

$ sudo systemctl restart sshd

There are situations where you might want to automatically disconnect all remote SSH connections to your server after a period of inactivity.

In order to enable this feature system-wide, execute the below command, which adds the TMOUT bash variable to main bashrc file and forces every SSH connection to be disconnected or dropped-out after 5 minutes of inactivity.

$ su -c 'echo "TMOUT=300" >> /etc/bashrc'

Run tail command to check if the variable has been correctly added at the end of /etc/bashrc file. All subsequent SSH connections will be automatically closed after 5 minutes of inactivity from now on.

$ tail /etc/bashrc

In the below screenshot, the remote SSH session from drupal machine to RHEL server has been auto-logout after 5 minutes.

Auto Disconnect SSH Sessions

Auto Disconnect SSH Sessions

Configure Firewall on RHEL 7

On the next step configure the firewall in order to further secure the system at network level. RHEL 7 ships with Firewalld application to manage iptables rules on the server.

First, make sure the firewall is running in your system by issuing the below command. If the Firewalld daemon is stopped you should start it with the following command.

$ sudo systemctl status firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

Once the firewall is enabled and running in your system, you can use the firewall-cmd command line utility to set the firewall policy information and allow traffic to some specific network ports, such as SSH daemon, connection made to an internal web server or other related network services.

Because right now we’re just running a SSH daemon in our server, we can adjust the firewall policy to allow traffic for SSH service port by issuing the following command.

$ sudo firewall-cmd --add-service=ssh --permanent
$ sudo firewall-cmd --reload

To add a firewall rule on-fly, without applying the rule next time the server is started, use the below command syntax.

$ sudo firewall-cmd --add-service=sshd

If you install other network services in your server, such as HTTP server, a mail server or other network services, you can add rules to allow the specific connections as follows.

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --permanent --add-service=smtp

To list all firewall rules run the below command.

$ sudo firewall-cmd --permanent --list-all

Remove Unneeded Services in RHEL 7

In order to get a list of all network services (TCP and UDP) running in your RHEL server by default, issue the ss command, as illustrated in the below sample.

$ sudo ss -tulpn

The ss command will reveal some interesting services which are started and running by default in your system, such as the Postfix master service and the server responsible for the NTP protocol.

If you’re not planning to configure this server a mail server, you should stop, disable and remove the Postfix daemon by issuing the below commands.

$ sudo systemctl stop postfix.service $ sudo yum remove postfix

Recently, there have been reported some nasty DDOS attacks over NTP protocol. In case you’re not planning to configure your RHEL server to run as a NTP server in order for internal clients to sync time with this server, you should completely disable and remove the Chrony daemon by issuing the below commands.

$ sudo systemctl stop chronyd.service $ sudo yum remove chrony

Again, run ss command to identify if other network services are running in your system and disable and remove them.

$ sudo ss -tulpn

In order to provide the accurate time for your server and synchronize time with a upper time peer server, you can install the ntpdate utility and sync time with a public NTP server, by executing the below commands.

$ sudo yum install ntpdate
$ sudo ntpdate 0.uk.pool.ntp.org

To automate the ntpdate time synchronize command to be executed every day without any user intervention, schedule a new crontab job to run at midnight with the following content.

$ sudo crontab -e

Crontab file excerpt:

@daily /usr/sbin/ntpdate 0.uk.pool.ntp.org

That’s all! Now, you RHEL server is prepared for installing additional software needed for custom network services or applications, such as installing and configuring a web server, a database server, a file share service or other specific applications.

To further secure and harden RHEL 7 server, check out these following articles.

  1. The Mega Guide To Harden and Secure RHEL 7 – Part 1
  2. The Mega Guide To Harden and Secure RHEL 7 – Part 2

If you’re planning to deploy websites on this RHEL 7 system, learn how to setup and configure LAMP stack or LEMP stack.

How to Lock User Accounts After Failed Login Attempts

This guide will show how to lock a system user’s account after a specifiable number of failed login attempts in CentOS, RHEL and Fedora distributions. Here, the focus is to enforce simple server security by locking a user’s account after consecutive number of unsuccessful authentications.

Read Also: Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts

This can be achieved by using the pam_faillock module which helps to temporary lock user accounts in case of multiple failed authentication attempts and keeps a record of this event. Failed login attempts are stored into per-user files in the tally directory which is /var/run/faillock/ by default.

pam_faillock is part of Linux PAM (Pluggable Authentication Modules), a dynamic mechanism for implementing authentication services in applications and various system services which we briefly explained under configuring PAM to audit user login shell activity.

How to Lock User Accounts After Consecutive Failed Authentications


You can configure the above functionality in the /etc/pam.d/system-auth and /etc/pam.d/password-auth files, by adding the entries below to the auth section.

auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600

Where:

  • audit – enables user auditing.
  • deny – used to define the number of attempts (3 in this case), after which the user account should be locked.
  • unlock_time – sets the time (300 seconds = 5 minutes) for which the account should remain locked.

Note that the order of these lines is very important, wrong configurations can cause all user accounts to be locked.

The auth section in both files should have the content below arranged in this order:

auth required pam_env.so
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=300
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so

Now open these two files with your choice of editor.

# vi /etc/pam.d/system-auth
# vi /etc/pam.d/password-auth 

The default entries in auth section both files looks like this.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so

After adding the above settings, it should appear as follows.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=300
auth requisite pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so

Then add the following highlighted entry to the account section in both of the above files.

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account required pam_faillock.so

How to Lock Root Account After Failed Login Attempts

To lock the root account after failed authentication attempts, add the even_deny_root option to the lines in both files in the auth section like this.

auth required pam_faillock.so preauth silent audit deny=3 even_deny_root unlock_time=300
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300

Once you have configured everything. You can restart remote access services like sshd, for the above policy to take effect that is if users will employ ssh to connect to the server.

# systemctl restart sshd [On SystemD]
# service sshd restart [On SysVInit]

How to Test SSH User Failed Login Attempts

From the above settings, we configured the system to lock a user’s account after 3 failed authentication attempts.

In this scenario, the user tecmint is trying to switch to user aaronkilik, but after 3 incorrect logins because of a wrong password, indicated by the “Permission denied” message, the user aaronkilik’s account is locked as shown by “authentication failure” message from the fourth attempt.

Test User Failed Login Attempts

Test User Failed Login Attempts

The root user is also notified of the failed login attempts on the system, as shown in the screen shot below.

Failed Login Attempts Message

Failed Login Attempts Message

How to View Failed Authentication Attempts

You can see all failed authentication logs using the faillock utility, which is used to display and modify the authentication failure log.

You can view failed login attempts for a particular user like this.

# faillock --user aaronkilik
View User Failed Login Attempts

View User Failed Login Attempts

To view all unsuccessful login attempts, run faillock without any argument like so:

# faillock 

To clear a user’s authentication failure logs, run this command.

# faillock --user aaronkilik --reset OR
# fail --reset #clears all authentication failure records

Lastly, to tell the system not to lock a user or user’s accounts after several unsuccessful login attempts, add the entry marked in red color, just above where pam_faillock is first called under the auth section in both files (/etc/pam.d/system-auth and /etc/pam.d/password-auth) as follows.

Simply add full colon separated usernames to the option user in.

auth required pam_env.so
auth [success=1 default=ignore] pam_succeed_if.so user in tecmint:aaronkilik auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so

For more information, see the pam_faillock and faillock man pages.

# man pam_faillock
# man faillock 

You might also like to read these following useful articles:

  1. TMOUT – Auto Logout Linux Shell When There Isn’t Any Activity
  2. Single User Mode: Resetting/Recovering Forgotten Root User Account Password
  3. 5 Best Practices to Secure and Protect SSH Server
  4. How to Get Root and User SSH Login Email Alerts

That’s all! In this article, we showed how to enforce simple server security by locking a user’s account after x number of incorrect logins or failed authentication attempts. Use the comment form below to share your queries or thoughts with us.

How to Enable or Disable SELinux Boolean Values

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘How to Enable or Disable SELinux Boolean Values’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/10/Enable-Disable-SELinux-Boolean.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>