Permissions bits in Linux

SUID:
S instead of x in user permissions
It sets the process user owner to the file's user
It has no effect on directories
Set SUID:
chmod 4000 file
chmod u+s file

SGID:

S instaed of x in group permissions

It sets the process group owner to the file's group
Sets group for all new files in the directory, the same as directory's group
Set SGID:
chmod 2000 file
chmod g+s file

Sticky bit:
T instead of x in other permisiions
Files with sticky bit can be deleted onle by root ans files owner
Files in directory with sticky bit can be deleted only by root, file owner or directory owner, regardless of file permissions.
Set sticky bit:
chmod 1000 file
chmot o+t file

ProFTPd tips

Proftpd is very flexible FTP server. This post contains some ready-to-use examples of Proftpd configurations.

Hide FTP server version
ServerName "FTP"
ServerIdent on "FTP server"
DeferWelcome on

Allow only certain user to connect to Proftpd, no Anonymous access
<Limit LOGIN>
AllowUser barb
AllowUser dave
AllowGroup ftpusers
DenyAll
</Limit>

Script to add FTP user
This scripts is very simple and accepts two parameters: user's login and password
#!/bin/bash
useradd $1 -G ftpusers -d /ftp -s /bin/false
echo $1:$2 | chpasswd

Configure default user folder and allow /bin/false shell
DefaultRoot ~
RequireValidShell off

Allow writing files for only certain group
<Directory /ftp>
<Limit WRITE>
AllowGroup ftpusers
DenyAll
</Limit>
</Directory>

Deny writing and listing files during anonymous sessions
In <Anonymous ~ftp> section:
<Directory /ftp>
<Limit WRITE>
DenyAll
</Limit>
<Limit LIST NLST MLSD MLST STAT>
DenyAll
</Limit>
</Directory>

Forbid deleting files for a particular user in particular directory
<Directory /ftp/upload>
<Limit DELE>
      DenyUser ftpuser
</Limit>

</Directory>

DNS tips

Detect BIND version

dig @server_address -c CH -t txt version.bind

or via fpdns

fpdns server_address

Hide BIND version

version "DNS server";

Sample master server

/etc/bind/conf.local:

options

{

recursion no;

version "DNS server";

};

zone "domain" { 

type master;

file "/etc/bind/db.zone";
allow-transfer { slave_server;};
};

/etc/bind/db.zone
$TTL 3h
@ IN SOA ns1. email.domain (
2
12h
1h
1w
1h
)
@ IN NS ns1.
ns1 IN A 11.11.11.11
@ IN A 11.11.11.11
www IN A 11.111.11.111
@ IN MX 10 mx
mx IN A 11.111.11.111

• @ - alias for domain
• ns1 - name of NS server
• email - email address of administrator
• 2 - serial number
• 12h - update interval, that would be used by slave DNS server
• 1h - time between retries by slave to retrieve information, if connect failed
• 1w - indicates that zone data is no longer authoritive, used only by slaves. They stop responding queries, after this time expires and no contact with master
• 1h - this time interval determines how long ckients will store in cache error replies

Sample slave server
Create directory for backup file and grant permissions on it for user bind:

mkdir /var/bind
chown root:bind /var/bind
chmod 770 /var/bind

/etc/bind/conf.localoptions 

{

recursion no;

version "DNS server"; };
zone "domain" {
type slave;
file "/var/bind/db.zone";
masters { master; };
allow-transfer { none;};
};

Forward only server

/etc/bind/conf.local:
options {
directory “/var/named”;
forwarders { 10.9.16.30; 10.13.16.30; };
listen-on{ 192.168.1.1; 172.24.21.1; };
forward only;
recursion no;
version "DNS server";
};

Reverse zone sample

$TTL 1D

1.168.192.in-addr.arpa. IN SOA dns1.example.com. \ admin.example.com. 

( 2010022003 ; serial 3600 ; refresh 600 ; retry 604800 ; expire 86400 ; default_ttl ) 

1.1.168.192.in-addr.arpa. IN PTR dns1.example.com.
2 IN PTR horus.exmaple.com.
3 IN PTR ra.example.com.
@ IN NS dns1.example.com.

Monitor DNS requests
dnstop -l 3 eth0

http://www.zytrax.com/books/dns/

Bash

Links with good documentation about bash

• Linux Shell Scripting Tutorial (LSST) v2.0
• Advanced Bash-Scripting Guide
• Shell initialization files
• Great FAQ on BASH

Quoting in bash
There are two types of quoting: strong quotes(' ') and weak quotes(” ”). Strong quotes mean to treat all symbols inside them as literally symbols. Weak quotes treat some special characters as special characters… :) For example dollar sign:

echo "$SHELL" /bin/bash

Also, you can quote a single character using backslash(\), it's called backslash-escaping.

Hot keys in Bash

• Ctrl-z - suspend key, puts the currently running process in background and pause it
• Ctrl-c - kills the current command or process, by sending to it SIGINT(2) signal
• CTRL-\ - stops command
• Ctrl-d - kills the shell an End of file in commands
• Ctrl-m - similar to press enter
• To see al your control keys: stty -a

Builtin variables

• $! - PID of last background job
• $_ - final argument of previous command executed
• $? - exit status of last command
• $$ - Process ID (PID) of the script itself
• $# - amount of arguments
• $0 - the command itself

Read file line by line

while read line
do
echo "$line"
done

Create alias

For example to launch “ls –color” instead of “ls”.In .bashrc file:
alias ls="ls --color"
alias ..='cd ..'
alias d='ls -l | grep -E "^d"'

To redirect standard output and standard error to one file
program > file 2>&1

Logical operations

Double bars || mean logical OR.
For example command2 will be launched only if command1 fails:
command1 || command2

Double ampersands && mean logical AND.
For example, command 2 will be launched only if command1 is successful:
command1 && command2