Search This Blog

Wednesday, March 21, 2018

How to set up two-factor authentication in Linux


Source: https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/ 

How to set up two-factor authentication in Linux

f you're a Linux administrator and looking to lock down your Linux servers and desktops as tight as possible, you owe it to yourself to make use of two-factor authentication. This should be considered as "no-brainer" as they come. Why? Because by adding two-factor authentication, it becomes exponentially more difficult for malicious users to gain access to your machines. With Linux, it is possible to set up a machine so that you cannot log into the console or desktop or by way of secure shell, without having the two-factor authentication code associated with that machine.I'm going to walk you through the process of setting this up on Ubuntu Server 16.04. If you've attempted this process before, know that the steps have changed and the previously detailed method no longer works.

Before you begin

There is one thing you must know about adding two-factor authentication: Once you've set it up, without the third-party generated codes, you will not be able to gain access to your machine. Every time you want to log in, you will need either your smartphone or the emergency codes (generated upon installation of the necessary tools).

What you'll need

Obviously, you'll need a Linux server or desktop. Make sure it is fully updated and your data is backed up (because you never know). You will also need a third-party application (such as Authy or Google Authenticator) to generate your two-factor codes. Personally, I use Authy for this task. I will not walk through the process of installing either the Authy or Google Authenticator app (as that is self-explanatory).
With that said, let's set this up.

Installation

Log into your Linux machine and follow these steps:
  1. Open a terminal window
  2. Issue the command sudo apt install libpam-google-authenticator
  3. Type your sudo password and hit Enter
  4. If prompted, type y and hit Enter
  5. Allow the installation to complete
Now it's time to configure the machine for two-factor authentication.

Configuration

Back at your terminal window, issue the command sudo nano /etc/pam.d/common-auth. Add the following line to the bottom of the file:
auth required pam_google_authenticator.so nullok
Save and close that file.
Now we must setup Google-authenticator for every user that needs to log into the machine. I will demonstrate with a single user. Go back to the terminal window and, as the user in question, issue the command google-authenticator. You will be required to answer a series of questions. The first question is: Do you want authentication tokens to be time-based (y/n) y. Answer that with a y and you will be presented with a QR code (Figure A). Open up your two-factor app on your smartphone, add a new account, and scan that code.
Figure A

Figure A
Scan the qr code to add the account to your third-party app.
Once you've added the code, answer the remaining questions, which are:
  • Do you want me to update your "/home/jlwallen/.google_authenticator" file (y/n) y
  • Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n)
  • By default, tokens are good for 30 seconds, and to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n)
  • If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n)
Answer each question by typing y and hitting enter.

Configure SSH

Next we must setup ssh to allow two factor authentication. Otherwise you won't be able to login via ssh. Here's what you do:
First, enable the PAM module. To do this, issue the command sudo nano /etc/pam.d/sshd. With the file open, add the following line to the bottom of the file:
auth required pam_google_authenticator.so nullok
Save that file and then issue the command sudo nano /etc/ssh/sshd_config. In this file, look for:
ChallengeResponseAuthentication no
and change it to:
ChallengeResponseAuthentication yes
Save that file and restart sshd with the command sudo systemctl restart sshd.

Logging in

Before you log out of your server from the current working terminal window, I highly suggest you open up a new window and attempt to secure shell into the machine. If you cannot log in, go back through the steps and make sure you didn't miss anything. Once you've successfully logged in that way, it's safe to logout of your current session and log back in.

Welcome to a new level of security

That's all it takes to add a much-needed layer of extra security to your Linux machines. Remember, without that third-party two-factor authentication app, you will not be able to log into your newly configured machine—so keep that phone handy at all times.
Posted by at No comments:

Sunday, March 18, 2018

Linux: Monitor Hard Disks Temperature With hddtemp

in Categories CentOS, Debian Linux, Hardware, Howto, Linux, Monitoring, RedHat/Fedora Linux, Suse Linux, Tips, Troubleshooting, Tuning, Ubuntu Linux last updated June 25, 2017
 
https://www.cyberciti.biz/tips/howto-monitor-hard-drive-temperature.html
 
 
There is an excellent little utility to monitor hard drive temperature. Most modern computer hard disk comes with S.M.A.R.T (Self-Monitoring, Analysis, and Reporting Technology). It is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.

The hddtemp utility will give you the temperature of your hard drive by reading data from S.M.A.R.T. on drives that support this feature.
hddtemp on linux
Only modern hard drives have a temperature sensor. hddtemp supports reading S.M.A.R.T. information from SCSI drives too. hddtemp can work as simple command line tool or as a daemon to get information from all servers.

Install hddtemp

To install hddtemp under a Debian / Ubuntu Linux use apt-get command/apt command:
$ sudo apt-get install hddtemp
Sample outputs:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  ksensors
The following NEW packages will be installed:
  hddtemp
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 57.8 kB of archives.
After this operation, 184 kB of additional disk space will be used.
Get:1 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 hddtemp amd64 0.3-beta15-52+b1 [57.8 kB]
Fetched 57.8 kB in 2s (22.6 kB/s)  
Preconfiguring packages ...
Selecting previously unselected package hddtemp.
(Reading database ... 115096 files and directories currently installed.)
Preparing to unpack .../hddtemp_0.3-beta15-52+b1_amd64.deb ...
Unpacking hddtemp (0.3-beta15-52+b1) ...
Setting up hddtemp (0.3-beta15-52+b1) ...
Processing triggers for systemd (232-25) ...
Processing triggers for man-db (2.7.6.1-2)
To install hddtemp under a CentOS/RHEL/SL/Oracle Linux, run yum command (first turn on EPEL repo):
$ sudo yum install hddtemp
Type the following pacman command to install hddtemp under an Arch Linux distro:
$ sudo pacman -S hddtemp
Type the following dnf command to install hddtemp under a Fedora Linux distro:
$ sudo dnf install hddtemp
Type the following zypper command to install hddtemp under an OpenSUSE Linux distro :
$ sudo zypper install hddtemp

A note about source code installation

You can also perform source code installation. Download the source code tar ball here.
$ wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp-0.3-beta15.tar.bz2
Untar and install hddtemp using the following commands:
$ tar -jxvf hddtemp-0.3-beta15.tar.bz2
$ cd hddtemp-0.3-beta15
$ ./configure
$ make
$ sudo make install

Install hard disk temperature database at /usr/share/misc or /etc directory:
$ cd /usr/share/misc
# wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp.db

How do I monitor hard disk temperature?

To see temperature for /dev/sda, enter the following command:
$ hddtemp /dev/sda
Sample outputs
/dev/sda: WDC WD2500YS-01SHB1:  25°C
Above output indicate that my hard disk temperature is 25°C. If temperature is higher than 60°C , consider cooling options immediately.

How Do I Find Out Remote Server HDD Temperature?

By default hddtemp bind to TCP/IP port 7634. You need to run hddtemp in daemon mode. Login on remote box and start it as follows to monitor /dev/sda, /dev/sdb, /dev/sdc, and /dev/sdd:
# hddtemp -d /dev/sd[abcd]
Use telnet or nc / netcat command to to get a temperature from a remote box:
$ telnet remotebox 7634
OR
$ nc 192.168.1.100 7634
Sample outputs:
|/dev/sda|Samsung SSD 850 EVO mSATA 500GB|45|C|
You can format it as follows using the awk command:
nc centos7-box 7634 | awk -F'|' '{print $2 " " $4 $5 "(" $3 ")"}'
Sample outputs:
/dev/sda 45C(Samsung SSD 850 EVO mSATA 500GB)

Shutdown Linux Computer If Temperature >= 55

To power off / shutdown computer, run following command via cron tab (cron job) file:
t=$(hddtemp /dev/sda --numeric)
[ $t -ge 55 ] && /sbin/shutdown -h 0
Sample shell script to shutdown box if temperature >= 55°C (download link):
#!/bin/bash
# Purpose: Shutdown server if disk temp crossed $ALERT_LEVEL
# Author: Vivek Gite {https://www.cyberciti.biz/}, under GPL v.2.x
# -----------------------------------------------------------------
HDDS="/dev/sda /dev/sdb /dev/sdc /dev/sdc /dev/sdd /dev/sde"
HDT=/usr/sbin/hddtemp
LOG=/usr/bin/logger
DOWN=/sbin/shutdown
ALERT_LEVEL=60
for disk in $HDDS
do
  if [ -b $disk ]; then
        HDTEMP=$( ${HDT} --numeric ${disk} )
        if [ $HDTEMP -ge $ALERT_LEVEL ];
        then
           $LOG "System going down as hard disk \"$disk\" temperature ($HDTEMP) crossed its limit."
           sync;sync
           $DOWN -h 0
        fi
  fi
done
You can run script using a cron job on Linux or Unix-like system:
$ sudo crontab -e
Append the following to run cron job every 10 minutes to check for disk temp:
*/10 * * * * /root/bin/chk-disk-temp.bash

Say hello to smartctl Utility

If you have smartctl utility installed, try it as follows to get temperature data:
# smartctl -d ata -A /dev/sda | grep -i temperature
Output:
194 Temperature_Celsius     0x0022   122   095   000    Old_age   Always       -       28
Set ALERT_LEVEL as per your requirements. Please refer to your hard disk manual for working temperature guideline. Here is general temperature guideline (extracted from Seagate SV35.2 Series Hard Drives Web Page):
Operating 0 to 60 degrees C
Nonoperating -40 to 70 degrees C
Maximum operating temperature change 20 degrees C per hour
Maximum nonoperating temperature change 30 degrees C per hour
Maximum operating case temperature69 degrees C

A note for MS-Windows XP / Vista/ 7 / 10 / Server Users

Sorry. The hddtemp is UNIX / Linux only program.



Posted by at No comments:

Wednesday, March 14, 2018

Netowrk Drivers for HP compaq dc5800 Desktop PCs for all OSs

http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18719&keyword=%22intel+82566dm-2+%22&lang=eng
Posted by at No comments:
Subscribe to: Posts (Atom)