document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

20131205-2 选题

Browse Source
This commit is contained in:
DeadFire 2013-12-05 15:50:39 +08:00
parent 86a8a85cc7
commit bafa82b645
3 changed files with 525 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
sources/Built in Audit Trail Tool – Last Command in Linux.md Normal file
View File

@ -0,0 +1,180 @@
Built in Audit Trail Tool Last Command in Linux
================================================================================
![](http://linoxide.com/wp-content/uploads/2013/12/linux-last-command.jpg)
If you are working as a server administrator, you may understand that you have to protect your server. Not only from the outside, but you have to protect it from the inside. Linux has one built-in command to see who is the last logged in user into your server.
The command is **last**. This command is **very useful for audit trail**. Lets start to see what can last to do for you.
### What is the function of Last command ###
**Last** display a list of all user logged in (and out) from **/var/log/wtmp** since the file was created. This file is binary file which cannot view by text editor such as Vi, Joe or another else. This trick is pretty smart because user (or root) can not modify the file as they want.
Last gives you information the name of all users logged in, its tty, IP Address (if the user doing a remote connection) date time, and how long the user logged in.
### How to run Last ###
You just need to type **last** on your console. Heres the sample :
$ last
leni pts/0 10.0.76.162 Mon Dec 2 12:32 - 13:25 (00:53)
pungki tty1 Mon Dec 2 09:31 still logged in
reboot system boot 2.6.32-358.23.2 Mon Dec 2 09:20 - 13:25 (04:05)
Heres how to read last information :
- The first column tell who are the user
- The second column give us information about how the user is connected
> pts/0 (pseudo terminal) means that the user connect via remote connections such as SSH or telnet
>
> tty (teletypewriter) means that the user connect via direct connection to the computer or local terminal
>
> Exception for reboot activity the status will be shown is system boot
- The third column **show where the user come from**. If the user connect from remote computer, you will see a hostname or an IP Address. If you see :0.0 or nothing it means that the user is connect via local terminal. Exception for reboot activity, the kernel version will be shown as the status
- The remaining columns display **when the log activity has happened**. Numbers in the bracket tell us how many hours and minutes the connection was happened
### Some examples of Last command on day-to-day operation ###
#### Limit the number of line shown ####
When you have a lot of lines to show, you can limit how many lines do you want to see. Use **-n parameter** to do it.
$ last -n 3
leni pts/0 10.0.76.162 Mon Dec 2 12:32 - 13:25 (00:53)
pungki tty1 Mon Dec 2 09:31 still logged in
reboot system boot 2.6.32-358.23.2 Mon Dec 2 09:20 - 13:25 (04:05)
**-n parameter** will make last command to display 3 lines starting from the current time and backwards
#### Dont display the hostname ####
Use **-R parameter** to do is. Heres the sample :
$ last -R
leni pts/0 Mon Dec 2 12:32 - 13:25 (00:53)
pungki tty1 Mon Dec 2 09:31 still logged in
reboot system boot Mon Dec 2 09:20 - 13:25 (04:05)
As you see, now there is no information about hostname or IP Address
#### Display the hostname in the last column ####
To do this, we can use **-a parameter**
$ last -a
leni pts/0 Mon Dec 2 12:32 - 13:25 (00:53) 10.0.76.162
pungki tty1 Mon Dec 2 09:31 still logged in :0.0
reboot system boot Mon Dec 2 09:20 - 13:25 (04:05) 2.6.32-358.23.2.el6.i686
Now the hostname information such as 10.0.76.162 will be placed in the last column.
#### Print full login and logout time and dates ####
You can use **-F parameter** for this. Heres a sample.
$ last -F
leni pts/0 10.0.76.162 Mon Dec 2 12:32:24 2013 Mon Dec 2013 13:25:24 2013 (00:53)
#### Print specific user name ####
If you want to trace specific user, you can print it specifically. Put the name of user behind last command.
$ last leni
leni tty1 Mon Dec 2 18-42 still logged in
leni pts/0 Mon Dec 2 12:32 - 13:25 (00:53) 10.0.76.162
Or if you want to know when **reboot** is done, you can also display it
$ last reboot
reboot system boot Mon Dec 2 09:20 - 16:55 (07:34)
reboot system boot Sun Dec 1 04:26 - 04:27 (00:01)
reboot system boot Wed Nov 27 20:27 - 01:24 (04:57)
reboot system boot Tue Nov 26 21:06 - 06:13 (09:06)
#### Print spesific tty / pts ####
Last can also print information about specific tty / pts. Just put the tty name or pty name behind the last command. Here are some sample outputs :
$ last tty1
pungki tty1 Mon Dec 2 09:31 still logged in
pungki tty1 Mon Dec 2 04:26 down (00:00)
pungki tty1 Mon Dec 2 04:07 down (00:00)
pungki tty1 Sun Dec 1 18:55 04:07 (09:12)
$ last pts/0
leni pts/0 10.0.76.162 Mon Dec 2 12:32 - 13:25 (00:53)
pungki pts/0 :0.0 Wed Nov 27 20:28 down (04:56)
When you see **down value** such as the second line above , it means that the user was logged in from specific time until the system is reboot or shutdown.
#### Use another file than /var/log/wtmp ####
By default, last command will parse information from **/var/log/wtmp**. If you want t**he last command** parse from another file, you can use **-f parameter**. For example, you may rotate the log after a certain condition. Lets say the previous file is named **/var/log/wtmp.1** . Then the last command will be like this.
$ last -f /var/log/wtmp.1
#### Display the run level changes ####
There is **-x parameter** if you want to display run level changes. Heres a sample output :
pungki tty1 Mon Dec 2 19:21 still logged in
runlevel (to lvl 3) 2.6.32-358.23.2 Mon Dec 2 19:20 19:29 (00:08)
reboot system boot 2.6.32-358.23.2 Mon Dec 2 19:20 19:29 (00:08)
shutdown system down 2.6.32-358.23.2 Mon Dec 2 18:56 19:20 (00:23)
runlevel (to lvl 0) 2.6.32-358.23.2 Mon Dec 2 18:56 18:56 (00:00)
leni tty1 Mon Dec 2 18:42 down (00:00)
You can see that there are two entries of run level. Runlevel which has **to lvl 3** entry means the system is running on full console mode. No active X Window or GUI. Meanwhile, when the system is **shutdown**, Linux us **run level 0**. Thats why last show you **to lvl 0** entry
#### View bad logins ####
While **last** command logs successful logins, then **lastb** command **record failed login attempts**. You **must have root** access to run lastb command. Heres a sample output from lastb command. Lastb will parse information from /var/log/btmp.
# lastb
leni tty1 Mon Dec 2 22:12 22:12 (00:00)
rahma tty1 Mon Dec 2 22:11 22:11 (00:00)
#### Rotate the logs ####
Since **/var/log/wtmp** record every single log in activities, the size of the file may grow quickly. By default, Linux will **rotate /var/log/wtmp** every month. The detail of rotation activity is put in /etc/logrotate.conf file. Heres the content of my **/etc/logrotate.conf** file.
/var/log/wtmp {
  monthly
  create 0664 root umtp
  minsize 1M
  rotate 1
}
And for **/var/log/btmp**, heres default configuration of rotate activity
/var/log/btmp {
  missingok
  monthly
  create 0600 root umtp
  minsize 1M
  rotate 1
}
### Conclusion ###
You can combine those parameters to custom the output of last and lastb. All parameter **which run on last** command, **also run on** lastb command. For more detail, please visit last manual page by typing **man last** on your console.
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-command/linux-last-command/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

273
sources/How to Install and Configure UFW – An Un-complicated FireWall in Debian or Ubuntu.md Normal file
View File

@ -0,0 +1,273 @@
How to Install and Configure UFW An Un-complicated FireWall in Debian/Ubuntu
================================================================================
Since computers are connected to each other, services are growing fast. **Email, Social Media, Online Shop, Chat** until **Web Conferencing** are services that used by user. But on the other side this connectivity just likes a double-side knife. Its also possible to send bad messages to those computers like **Virus, malware, trojan-apps** are one of them.
![UFW Firewall for Ubuntu](http://www.tecmint.com/wp-content/uploads/2013/12/UFW-Firewall.jpeg)
*Install UFW Firewall*
The Internet, as the biggest computer network is not always fill with good people. In order to make sure our computers / servers are safe, we need to protect it.
One of the must have component on your computer / servers is **Firewall**. From **Wikipedia**, a definition is:
> In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analysing the data packets and determining whether they should be allowed through or not, based on applied rule set.
**Iptables** is one of the firewall that widely used by servers. It is a program used to manage incoming and outgoing traffic in the server based on a set of rules. Generally, only trusted connection is allowed to enter the server. But **IPTables** is running at console mode and its complicated. Those whore familiar with iptables rules and commands, they can read the following article that describes how to use iptables firewall.
- [Basic IPTables (Linux Firewall) Guide][1]
### Installation of UFW Firewall in Debian/Ubuntu ###
To reduce the complexity of how-to setting **IPTables**, there is a lot of fronted. If youre running **Ubuntu** Linux, you will find **ufw** as a default firewall tool. Lets start to explore about **ufw** firewall.
### What is ufw ###
The **ufw (Uncomplicated Firewall)** is an frontend for most widely used **iptables firewall** and it is well comfortable for host-based firewalls. ufw gives a framework for managing **netfilter**, as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.
While, on the other side same complicated commands helps administrators it set complicated rules using command line interface. The **ufw** is an upstream for other distributions such as **Debian, Ubuntu** and **Linux Mint**.
#### Basic Usage ufw ####
First, check if **ufw** is installed using following command.
$ sudo dpkg --get-selection | grep ufw
ufw install
If its not installed, you can install it using **apt** command as shown below.
$ sudo apt-get install ufw
Before you use, you should check whether **ufw** is running or not. Use the following command to check it.
$ sudo ufw status
If you found Status: **inactive**, it mean its not active or disable.
#### Enabling / Disabling ufw ####
To enable it, you just need to type the following command at the terminal.
$ sudo ufw enable
Firewall is active and enabled on system startup
To disable it, just type.
$ sudo ufw disable
#### List the current ufw rules ####
After the firewall is activated you can add your rules into it. If you want to see what are the default rules, you can type.
$ sudo status verbose
##### Sample Output #####
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
$
#### How to Add ufw rules ####
As you see, by default every incoming connection is denied. If you want to remote your machine then you have to allow proper port. For example you want to allow ssh connection. Heres the command to allow it.
#### Allow Access ####
$ sudo ufw allow ssh
[sudo] password for pungki :
Rule added
Rule added (v6)
$
If you check the status again, you will see an output like this.
$ sudo ufw status
To Action From
-- ----------- ------
22 ALLOW Anywhere
22 ALLOW Anywhere (v6)
If you have a lot of rules, and want to put numbers on every rules on the fly, use parameter numbered.
$ sudo ufw status numbered
To Action From
------ ----------- ------
[1] 22 ALLOW Anywhere
[2] 22 ALLOW Anywhere (v6)
The first rule says that incoming connection to **port 22** from **Anywhere**, both **tcp** or **udp** packets is allowed. What if you want to allow **tcp** packet only? Then you can add the parameter **tcp** after the **port** number. Heres an example with sample output.
$ sudo ufw allow ssh/tcp
To Action From
------ ----------- ------
22/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere (v6)
#### Deny Access ####
The same tricks is applied to Deny rule. Let say you want to deny ftp rule. So you only have to type.
$ sudo ufw deny ftp
To Action From
------ ----------- ------
21/tcp DENY Anywhere
21/tcp DENY Anywhere (v6)
### Adding Specific Port ###
Sometimes we have a custom port which is not follow any standards. Lets say we change the **ssh** port on our machine from **22**, into **2290**. Then to allow port **2290**, we can add it like this.
$ sudo ufw allow
To Action From
-- ----------- ------
2290 ALLOW Anywhere
2290 ALLOW Anywhere (v6)
It also possible for you to add **port-range** into the rule. If we want to open port from **2290 2300** with **tcp** protocol, then the command will be like this.
$ sudo ufw allow 2290:2300/tcp
To Action From
------ ----------- ------
2290:2300/tcp ALLOW Anywhere
2290:2300/tcp ALLOW Anywhere (v6)
while if you want to use **udp**, just use the following command.
$ sudo ufw allow 2290:2300/udp
To Action From
------ ----------- ------
2290:2300/udp ALLOW Anywhere
2290:2300/udp ALLOW Anywhere (v6)
Please remember that you have to put **tcp** or **udp** explicitly otherwise you will get an error message similar to below.
ERROR: Must specify tcp or udp with multiple ports
### Adding Specific IP ###
Previously we have added rules based on **service** or **port**. Ufw also allow you to add rules based on **IP Address**. Heres the sample command.
$ sudo ufw allow from 192.168.0.104
You can also use a subnet mask to wider the range.
$ sudo ufw allow form 192.168.0.0/24
To Action From
-- ----------- ------
Anywhere ALLOW 192.168.0.104
Anywhere ALLOW 192.168.0.0/24
As you can see, from parameter will only limit the source of connection. While the destination which is represented by **To** column is **Anywhere**. You can also manage the destination using **To** parameter. Lets see the sample to allow access to **port 22 (ssh)**.
$ sudo ufw allow to any port 22
The above command will allow access from anywhere and from any protocol to **port 22**.
### Combining Parameters ###
For more specific rules, you can also combining IP Address, **protocol** and **port**. Lets say we want to create rule that limit the connection only from IP 192.168.0.104, only protocol **tcp** and to port **22**. Then the command will be like below.
$ sudo ufw allow from 192.168.0.104 proto tcp to any port 22
Syntax to create deny rule is similar with allow rule. You only need to change parameter from **allow** to **deny**.
### Deleting Rules ###
Sometime you may need to delete your existing rule. Once again with **ufw** it is easy to delete rules. From above sample, you have a rule below and you want to delete it.
To Action From
-- ----------- ------
22/tcp ALLOW 192.168.0.104
21/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere (v6)
There are two methods of deleting rules.
**Method 1**
The below command will **delete** rules that match service **ftp**. So the **21/tcp** which mean **ftp** port will be deleted.
$ sudo ufw delete allow ftp
**Method 2**
But when you tried to delete the first rule at the above example using below command.
$ sudo ufw delete allow ssh
Or
$ sudo ufw delete allow 22/tcp
You may find an error message such as.
Could not delete non-existent rule
Could not delete non-existent rule (v6)
Then you can do this trick. As we mentioned above, you can show the number of rule to indicate which rule that we want to delete. Let we show it to you.
$ sudo ufw status numbered
To Action From
-- ----------- ------
[1] 22/tcp ALLOW 192.168.0.104
[2] 21/tcp ALLOW Anywhere
[3] 21/tcp ALLOW Anywhere (v6)
Then you can delete the first rule using. Press “**y**” will permanently delete the rule.
$ sudo ufw delete 1
Deleting :
Allow from 192.168.0.104 to any port 22 proto tcp
Proceed with operation (y|n)? y
From those methods you will see the difference. **Method 2** will ask **user confirmation** before deleting the rule while **method 1** is not.
### How to Reset Rules ###
In some situation, you may want to **delete / reset** all rules. You can do it by typing.
$ sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
If you press “**y**”, then **ufw** will backup all existing rules before doing the reset your ufw. Resetting the rules will also disable your firewall. You need to enabled it again if you want to use it.
### Advanced Functionality ###
As I stated above, the ufw firewall can able to do whatever that iptables can do. This is accomplished by using various sets of rules files, which are nothing more than **iptables-restore** appropriate text files. Fine tuning ufw and/or placing additional iptables commands not allowed via the ufw command is a matter of editing several text files.
- /etc/default/ufw: The main configuration for default policies, IPv6 support and kernel modules.
- /etc/ufw/before[6].rules: rules in these files are calculate before any rules added via the ufw command.
- /etc/ufw/after[6].rules: rules in these files are calculate after any rules added via the ufw command.
- /etc/ufw/sysctl.conf: kernel network tunables.
- /etc/ufw/ufw.conf: sets whether or not ufw is enabled on boot and sets the LOGLEVEL.
### Conclusion ###
**UFW** as a front-end to iptables surely make an easy interface to user. User dont need to remember complicated iptables syntax. **UFW** also use **plain english** as its parameter.
**Allow, deny, reset** are one of them. I believe that there are many more iptables front-end out there. But definitely ufw is one of the best alternative for users who want to setup their firewall fast, easy and of course secure. Please visit **ufw manual page** by typing **man ufw** for more detail.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/how-to-install-and-configure-ufw-firewall/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/

72
sources/onfigure Your Browser To Use Tor On Ubuntu or Debian or Linux Mint.md Normal file
View File

@ -0,0 +1,72 @@
onfigure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint
================================================================================
**Tor**, **T**he **O**nion **R**outer, is a network of Virtual Tunnels that allows users to communicate securely and as well as anonymously over Internet. Tor allows organizations and individuals to share information over public networks without compromising their privacy. We can use Tor to keep websites from tracking us and also our family members, or to connect to news sites, instant messaging services, or the websites which are blocked by the Internet providers and Network Administrators.
Tor was originally designed, implemented, and deployed as a third-generation [onion routing project of the U.S. Naval Research Laboratory][1]. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.
In this quick how-to let us learn how to use Tor with our browsers. The steps provided here were tested on Ubuntu 13.04 Desktop, but it should work on all Debian/Ubuntu and its derivatives.
### Install Tor & Vidalia On Ubuntu / Debian / Linux Mint ###
Tor is available in the default repositories of Debian/Ubuntu, but they might be bit outdated. So add Tor repository to your distribution source lists.
Edit file **/etc/apt/sources.list**,
$ sudo nano /etc/apt/sources.list
Add the following lines depending upon your distribution version. As i am testing this on my Ubuntu 13.04 desktop, i added the following lines.
[...]
deb http://deb.torproject.org/torproject.org raring main
Save and close the file. If youre using Ubuntu 13.10, then the lines should be,
deb http://deb.torproject.org/torproject.org saucy main
For Debian 7 Wheezy,
deb http://deb.torproject.org/torproject.org wheezy main
Add the gpg key using following commands:
$ gpg --keyserver keys.gnupg.net --recv 886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
Update the repository list and install vidalia using commands:
$ sudo apt-get update
$ sudo apt-get install tor vidalia deb.torproject.org-keyring
During installation, youll be asked which user should be able to control Tor service. Select the user and click Ok.
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/12/sk@sk-_013.jpg)
Now Vidalia is installed and running.
### Configure Firefox Browser ###
Open your browser. Go to **Edit -> Preferences -> Advanced -> Network ->Settings**. Select manual Proxy Configuration. In the SOCKS Host column, enter **localhost** or **127.0.0.1** and in the port column enter **9050** as shown in the below screenshot.
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/12/Firefox-Preferences_015.jpg)
Now point your browser with URL **https://check.torproject.org/**. You will see a green message that indicates: “**Congratulations. This browser is configured to use Tor**”. Red message indicate that Tor is not setup. Refer the following screenshot.
![Are you using Tor? - Mozilla Firefox_014](http://180016988.r.cdn77.net/wp-content/uploads/2013/12/Are-you-using-Tor-Mozilla-Firefox_014.jpg)
The same settings are applicable for all browsers, just open the Browser settings/preferences window, find the Network settings, Enter **127.0.0.1** in proxy server column and **9050** in port box. To disable Tor, Select **Use System Proxy settings** on browser settings.
**Note**: If you want to use Tor for anonymous web browsing, please read our article about [Tor Browser Bundle][2]. It comes with readily configured Tor and a browser patched for better anonymity. To use SOCKS directly (for instant messaging, Jabber, IRC, etc), you can point your application directly at Tor (localhost port 9050), but see [this FAQ entry][3] for why this may be dangerous.
Thats it. Good Luck! Stay Safe!
--------------------------------------------------------------------------------
via: http://www.unixmen.com/configure-browser-use-tor-ubuntu-debian-linux-mint/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.onion-router.net/
[2]:http://www.unixmen.com/protect-your-online-privacy-with-tor-browser/
[3]:https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#SOCKSAndDNS