3 Amazing facts about SElinux.


What is SELinux?

SELinux, Security-Enhanced linux , is an additional method to protect your system.Presuming we want to allow remote anonymous access to a web server,we must open the ports through firewall. However,that means that malicious people can try to crack into the system through a security exploit and, if they compromise the web server process, gain its permissions: the permissions to the apache user and the apache group. That user/group has read access to things like the document root (/var/www/html),as well as write access to /tmp,/var/tmp and any other files/directories that are world writable.
SELinux is a a set of security rules that determine which process can access which files, directories, ports, etc. Every file, process, directory and ports has a special security label called Selinux contexts. 
A context is simply a name that is used by the SELinux policy to determine whether or not a process can access a file, directory or post.
SELinux labels have several contexts, but we will discuss only one context with web server: The type context. Type context names usually end with_t.The type context for the web server is httpd_t. The type context for files and directories normally found in /var/www/html is httpd_sys_content_t. The type contexts for files and directories normally found in /tmp and /var/tmp is tmp_t.The t type context for web server ports is http_port_t.
There is a rule in the policy that permits Apache (the web server process running as httpd_t) to access files and directories with a context normally found in /var/www/html and other web server directories (httpd_sys_content_t). There is no allow rule in the policy for files normally found in /tmp and /var/tmp, so access is not permitted. With SELinux enabled a malicious user could not access the /tmp directory, let alone write files to it. SELinux even has rules for remote filesystems such as NFS and CIFS, although all files on these filesystems are labeled with the same context.


SELinux MODES

  • Enforcing Mode
  • Premissive Mode
  • Disabled


Enforcing Mode:In enforcing mode, SELinux actively access to the web server attempting to read files with tmp_t type context. In enforcing mode , SELinux both logs and protects.

Permissive Mode:Permissive mode is often used to troubleshoot issues. In permissive mode, SELinux allows all interactions, even if there is an explicit rule mentioned and it logs all of the denied interactions. This mode can be used to determine if you are having an SELinux issue. NO reboot is required to go from enforcing to permissive or back again.

Disabled:A third mode,disabled, completely disables SELinux. You must reboot to disable SELinux entirely, or to get from disabled mode to enforcing or permissive.



Enable And Disable SELinux Mode


There are two ways of Enable and Disable SElinux on linux:

1. Make the changes in /etc/sysconfig/selinux file.


# This file controls the state for selinux on the system.
# selinux= can take one of these three values: 
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded. 
SELINUX=enforcing 
# SELINUXTYPE= can take one of these two values: 
# targeted – Targeted processes are protected, 
# mls – Multi Level Security protection. 
SELINUXTYPE=targeted

use /etc/sysconfig/selinux to change the default SELinux mode at boot time. In the example above, it is set to enforcing mode.

2. Changed the Mode at command line.


To make the SELinux mode change without restart you can use the two commands:-
  • getenforce
  • setenforce

To check the current status of SELinux on the system use getenforce 

[root@serverx ~]# getenforce 
Enforcing

It show's the current SELinux Status is Enforcing.

To change the current Status of SELinux on the system use Setenforce

[root@serverx ~]# setenforce
 usage: setenforce [enforcing | permissive | 1 | 0 ]

You can choose either enforcing or permissive mode but you can't disable it with setenforce.

 [root@serverx ~]# setenforce 0 

 [root@serverx ~]# getenforce 
 Permissive 

SElinux Status changed to Premissive

 [root@serverx ~]# setenforce 1 
 [root@serverx ~]# getenforce 
 Enforcing 

SElinux Status changed to Enforcing

[root@serverx ~]# setenforce permissive 
[root@serverx ~]# getenforce 
permissive 

SElinux Status changed to Premissive

[root@serverx ~]# setenforce enforcing
 [root@serverx ~]# getenforce 
Enforcing

SElinux Status changed to Enforcing


Above Example shows you the different usage of setenforce command to change the modes of SELinux.

How to Install Mongodb on Ubuntu

Install Mongodb On Ubuntu

In this Article we will learn how to install mongodb on Ubuntu.If you want to install mongodb on other systems i.e fedora,redhat & centos please refer my last article.So lets start with install mongodb  Ubuntu systems.

What is Mongodb?

MongoDB is the leading NoSQL database, designed for how we build and run applications today.MongoDB empowers organizations to be agile and scalable. It helps them enable new types of applications, improve customer experience, accelerate time to market and reduce total cost of ownership (TCO). MongoDB is named from "huMONGOus" meaning "extremely large".
MongoDB is a general purpose, open-source database. MongoDB features:
  • Document data model with dynamic schemas
  • Full, flexible index support and rich queries
  • Auto-Sharding for horizontal scalability
  • Built-in replication for high availability
  • Text search
  • Advanced security
  • Aggregation Framework and MapReduce
  • Large media storage with GridFS 
After looking what is mongodb.let's gets started with installation of mongodb on Ubuntu..

Install Mongodb Ubuntu System

Ubuntu has its own Mongodb Packages but we will be using the offical Mongodb package available on the mongodb website as they are more up-to-date.

  • First Import the public key used by the package management system i.e. dpkg and apt which can be done with the following command.
     sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10

  • Create the repo file or list file for the mongodb using the following command
     echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee                 /etc/apt/sources.list.d/mongodb.list

  • Now it's time to reload the database of package management which can be done with following command
            sudo apt-get update

  • Now it's Time to Install the Mongodb package which can be done 
             sudo apt-get install -y mongodb-org

   This will install the latest stable release of mongodb on ubuntu    if you want to install a specific release of mongodb on ubuntu,Please use the following command.
    
    sudo apt-get install -y mongodb-org=2.6.1 mongodb-org-server=2.6.1 mongodb-org-shell=2.6.1 mongodb-org-mongos=2.6.1 mongodb-org-tools=2.6.1

The above command will install the mongodb version 2.6.1,you can replace the version number with your requirement.

If you have successfully executed all the above steps.You will be able to install mongodb on ubuntu.


MysqlDump - A program to take Mysql Backup

In This article we will learn What is Mysqldump? how it can be used with multiple options like add-drop-tables,d,e,w,x,f,no-tablespaces.Lets start with what is Mysqldump.

What is Mysqldump?

Mysqldump client is a utility that performs backup .It can be used to backup a database or a collection of databases for backup or transfer to another MySQL server. The dump typically contains SQL statements to create the table, populate it, or both. However, Mysqldump can also be used to generate files in CSV, other delimited text, or XML format.
Mysqldump requires at least the SELECT privilege for dumped tables, SHOW VIEW for dumped views, TRIGGER for dumped triggers, and LOCK TABLES if the --single-transaction option is not used.


You can use Mysqldump in three ways:-
  • db_name [tbl_name ...]
  • --databases db_name ...
  • --all-databases
let's see how to use all the three ways of Mysqldump:-
  • db_name [tbl_name ...] : This option should be used,if you are taking backup of a single database with multiple tables.
          shell> mysqldump [options] db_name [tbl_name ...]

  • --databases db_name ... :  This option should be used,If we have multiple databases to backup. 
          shell> mysqldump [options] --databases db_name ...
  • --all-databases: As the name suggest,This options should be used if you need to take backup of complete database.
          shell> mysqldump [options] --all-databases


Now we will se what lies in the [ options ],Mysqldump supports multiples options which can be used but we will be discussing only few of those options here.The options which are going to discuss are given below:-

  • --add-drop-table
  • -d
  • -e
  • -w
  • -x 
  • -f
  • --no-tablespaces

--add-drop-table: Add a DROP TABLE statement before each CREATE TABLE statement.So when every you take a backup of database or a table,It will always drop the existing table before creating the new table.It will help you in case having the same schema design.

-d or --no-data: if this option is used,No content from the table will be dumped.This option will only dump the structure of the table or tables

-e or --extended-insert: Use multiple-row INSERT syntax that include several VALUES lists. This results in a smaller dump file and speeds up inserts when the file is reloaded. 

-w or --where: Dump only selected records. Quotes are mandatory.

-x or --xml: Dump the database/databases in the well formed XML. 

-f or --force: it will continue to take the dump of the table even if there is any error.

--no-tablespaces: If the option no-tablespaces is used, it will take not take the dump of table structure,only the content will be backup from the tables.

Amazon S3 - Simple Storage Service

What is Amazon S3?

Amazon S3 is a repository for Internet data. Amazon S3 provides access to reliable, fast, and inexpensive data storage. It is designed to make web-scale computing easy by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.
Amazon S3 stores data objects redundantly on multiple devices across multiple facilities and allows concurrent read or write access to these data objects by many separate clients or application threads. You can use the redundant data stored in Amazon S3 to recover quickly and reliably from instance or application failures.

How to Start With Amazon S3 - Simple Storage Service

Follow the simple six steps to successfully Use a Amazon S3 :-
  • Sign-up for Amazon S3
  • Create Bucket
  • Add An Object to the Bucket
  • View Object
  • Move  Object
  • Delete  Object and Bucket

Sign-up for Amazon S3

  1. Go to http://aws.amazon.com/s3 and click Sign Up
  2. Follow the on-screen instructions.

Create Bucket for Amazon S3

  1. Sign into the AWS Management Console at https://console.aws.amazon.com/s3.
  2. Click Create Bucket and dialog box will pop up.
  3. In the Create a Bucket dialog box, enter a bucket name in the bucket Name box .After you create a bucket, you cannot change its name. The bucket name is also visible in the URL that points to the objects stored in the bucket. Ensure that the bucket name you choose is appropriate.
  4. In the Region box, select a region.You can choose a region to optimize latency, minimize costs, or address regulatory requirements.
  5. Click Create.
    When Amazon S3 successfully creates your bucket, the console displays your empty bucket in the Buckets panel.

Add An Object To The Bucket for Amazon S3

  1. click the name of bucket that you want to upload an object to and then click Upload.
  2. In the Upload - Select Files wizard, if you want to upload an entire folder, you must click Enable Enhanced Uploader to install the necessary Java applet. You only need to do this once per console session.
  3. Click Add Files.
    • If you enabled the advanced uploader in step 2, you see a Java dialog box titled Select files and folders to upload, as shown.
    • If not, you see the File Upload dialog box associated with your operating system.
  4. Now Select the file that you want to upload and then click Open.
  5. Click Start Upload

View Object from Amazon S3

  1. In the Objects and Folders list, right-click the object or objects that you want to open or download, then click Open or Download as appropriate.
  2. If you are downloading the object, specify where you want to save it. The procedure for saving the object depends on the browser and operating system that you are using.
So far we have seen how to create an Amazon S3 bucket,Add an object in the bucket and how to view the same object from the bucket.In the next article we will see how to move object in bucket and how to delete an object and bucket from Amazon S3.Thanks!!

Setup Mysql Replication in Master Slave Mode


In this tutorial we will learn what is Mysql Replication,How to setup mysql replication.

Let's start with what is MySQL replication is.

MySQL replication

MySQL replication is a process that allows you to easily maintain multiple copies of a MySQL data by having them copied automatically from a master to a slave database. This can helpful for many reasons :
  • Scale-out solutions
  • Data Security
  • Analytics
  • data distribution
  • Backup
 we will Setup a very simple Mysql Replication with One Master and One slave.let's take two machines for achieving the same. lets take two machines for setting up the Mysql Replication

Machine One:10.33.76.78- Master Database
Machine Two:10.22.43.46- Slave Database

Setup

In this article i am using ubuntu to setup the replication,So first thing which needs to be done for  replication is installation of mysql on the system 

apt-get install mysql-server mysql-client

Once you are done with the installation part,lets start the real fun of replication.

Step One—Setup the Master Database


On Master database we need to make couple changes in the configuration file on Mysql.

The first step is to find the section that looks like this, binding the server to the local host:

bind-address            = 127.0.0.1

Replace the standard IP address with the IP address of server.

bind-address            = 0.0.0.0

Next we need to un-comment the line which has server-id:

server-id               = 1

Now,Search for the line that refers to log_bin and uncomment the same,I will make the bin logs on default location but you can change the location of bin logs as well.

log_bin                 = /var/log/mysql/mysql-bin.log

Next option is used if you want to have Mysql Replication on the basis of databases i.e if you have multiple databases and you want Replication for only selective database

binlog_do_db            = newdatabase

We are done with all the configuration changes on Master and now it's time to restart the mysql.

service mysql restart

We need to grant privileges to the slave. The command should be in this format:

GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'%' IDENTIFIED BY 'password';


'slave_user' : Denotes the name of user used for replication,It can be anything.

'%' : Denotes that with above user and password,Any host can become slave of this master,I would recommend that instead of % you should use the ip-address of the slave host.

'password': it should be combination of character numeric.

Last thing to do :


FLUSH PRIVILEGES;


Now,We need to note down the position of master and take the backup of databases for which we want to setup the Mysql Replication,Which can be done with following sequence of commands:-

USE newdatabase;

FLUSH TABLES WITH READ LOCK;


mysql> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      107 |   |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)


The position noted above will be helpful while setting up the Slave.

export your database using mysqldump in the new window (make sure you are typing this command in the bash shell, not in MySQL).

mysqldump -u root -p --opt newdatabase > newdatabase.sql

Now, returning to your your original window, unlock the databases (making them writeable again). Finish up by exiting the shell.


UNLOCK TABLES;


QUIT;

Step Two—Configure the Slave Database

On Slave Machine,open up the MySQL shell and create the new database that you will be replicating from the master (then exit):


CREATE DATABASE newdatabase;

EXIT;

After creating the database, Now Import that you previously exported from the master database.


mysql -u root -p newdatabase < /path/to/newdatabase.sql



Now we need to configure the slave configuration :
make sure that your have the following Four criteria appropriately filled out:

server-id               = 2
relay-log               = /var/log/mysql/mysql-relay-bin.log
log_bin                 = /var/log/mysql/mysql-bin.log
binlog_do_db            = newdatabases
Server-id needs to be unique as and we have already used server-id = 1 on master,lets setup server-id=2 here on slave.
You might not find the rest of three values in my.cnf by default,So if the values are missing please add it and restart the mysql.
service mysql restart
Let's enable the replication from within the MySQL shell.Open up the the MySQL shell  and type in the details :
CHANGE MASTER TO MASTER_HOST='ip-address of master',MASTER_USER='slave_user', MASTER_PASSWORD='slave_password', MASTER_LOG_FILE='', MASTER_LOG_POS= ;
This command accomplishes several things at the same time:
It designates the current server as the slave of our master server.
It provides the server the correct login credentials
Last of all, it lets the slave server know where to start replicating from; the master log file and log position come from the numbers we wrote down previously.
With that—you have configured a master and slave server.

Activate the slave server:
START SLAVE;
You be able to see the details of the slave replication by typing in this command. The \G rearranges the text to make it more readable.
SHOW SLAVE STATUS\G
Show slave status will give you complete details which you have entered while setting up the slave.like master server,user name and etc.You can test t
he replication by simplying createing a table in the database for which you have enabled the replication and see if the same table exists on slave.If
you table is present on the slave machine as well then your Mysql Replication is working fine,Else investagte further to check what has went worng.



Install MongoDB on Fedora, Red Hat Enterprise and CentOS

In this Tutorial we will learn how to Install MongoDB on different Flavors on Linux i.e fedora, Redhat Enterprise and CentOS.

Considerations

For production deployments, always run MongoDB on 64-bit systems.

The default /etc/mongodb.conf configuration file supplied by the 2.6 series packages has bind_ip`set to 127.0.0.1 by default. Modify this setting as needed for your environment before initializing a replica set.
Changed in version 2.6: The package structure and names have changed as of version 2.6. For instructions on installation of an older release, please refer to the documentation for the appropriate version.


Install Mongodb 


Lets begin with the installation of Mongodb with YUM.

 Step 1: Add the Mongodb repo in package management system (YUM) in fedora.
 Create a /etc/yum.repos.d/mongodb.repo file which should have the following  configuration information for the MongoDB repository:

 [mongodb]

 name=MongoDB Repository

 baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/

 gpgcheck=0

 enabled=1

  

The Above configuration will work with 64-bit system,if You are running a 32-bit configuration please use the given below Confiugration:





[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686/
gpgcheck=0
enabled=1



Step 2: Once you have successfully done the changes in the package management system (YUM),It's time to install the Mongodb on the system i.e  fedora, Red Hat Enterprise and CentOS :



To install the latest stable version of MongoDB, simply issue the following command:
  sudo yum install -y mongodb-org

if you want to use a specific version of mongodb,You have  to specify each component package individually and append the version number to the package name,An example is shown below:
   sudo yum install -y mongodb-org-2.6.1 mongodb-org-server-2.6.1 mongodb-org-shell-2.6.1 mongodb-org-mongos-2.6.1 mongodb-org-tools-2.6.1


If you have completed the above two steps successfully,You have installed  mongodb in fedora or Redhat Enterprise .Thanks!!

Recent Posts

Powered by Blogger.

 

© 2013 Akhil's Blog. All rights resevered. Designed by Templateism

Back To Top