February 7, 2014

What is RHCE?

RHCE neelpathak.wordpress.com

RHCE i.e. RedHat Certified Engineer is considered as most respected certification in Linux Community. The certification actually consists of three Modules viz. SA1, SA2 and SA3. Any person who wish to get RHCE certified needs to clear two exams. They are:

1) RHCSA i.e. RedHat Certified System Administrator which comprises of two Modules SA1 and SA2.
2) and RHCE which comprise of Third Module i.e. SA3.

There are many and immediate job openings in some of the well known Information Technology firms of India like Infosys, TCS, TechMahindra for those who clears RHCE exam and also for those who possess knowledge of RHCE.

Below are the topics (course content) discussed in all the three Modules (Official Curriculum) RHCE 6

SA1:
GNOME Graphical Desktop, managing files with Nautilus, get help in graphical environment, configure local services, bash, managing physical storage, system resourses monitoring, managing locical volumes, getting help in texual environment, network connectivity, user and groups, manages files from command line, secure linux file access, remote systems, control boot process, deploy file sharing services, manage virtual machines, install linux graphically, configure general services and secure network services.

SA2:
Automated installation of Linux, accessing the command line, intermediate command line tools, regular expressions, network config and troubleshooting, managing simple partitions and file systems, flexible storage with LVM, accessing NFS services, managing user accounts, network user accounts with ldap, controlling access to files, managing SELinux, installing and managing software, managing installed services, tuning and maintaining the kernel and system recovery techniques.

SA3:
Enhance user security, bash scripting, file security with GpG, package management, network monitoring, advanced network configuration, secure network traffic, NTP server configuration, system monitoring and logs, centralized and secure storage, SSL encapsulated web servcies, web serever additional configuration, basic smtp configuration, caching only dns servers, file sharing with NFS and CIFS, file sharing with ftp and troubleshooting the boot process.

When you clear first exam, you are considered as RHCSA (which contains SA1 and SA2) and when you clear second exam then you are a certified RedHat Engineer (which contains module SA3).

So, its basically a beginning level certification which bears utmost importance in Linux Community. I think I have now cleared doubts regarding RHCE. For more information you can visit Official Website.

November 6, 2013

Network Scanning with HPING3

BELOW are the commands that one can use to scan any network with HPING3.

Bydefault hping3 is loaded with Backtrack 5 and Kali Linux distros.

1) Command to check port no.

hping3 -S http://www.neelpathak.in -p 80 -c 2 (SYN Req, -c = count)

2) Command to check series of ports

hping3 -S 192.168.1.7 -p ++50 -c 5 (SYN req, starting with port 50 as a destination port, -c = count )

Giving the destination ports if they are open then they will reply on our ports..:P, If the flags we get are RA then the ports are closed.

3) hping3 -1 192.168.1.x –rand-dest -I eth0 (-1 == ICMP service, -I = interface, –rand-dest = Random destination )

To check which hosts have blocked ICMP, if the device replies then the ICMP is not blocked.

4) hping3 -1 192.168.1.1 –icmp-ts -c 2

(Icmp echo timestamp)

5) hping3 -1 192.168.1.1 –icmp-addr -c 2 (To know the netmask) 🙂

(Generally no replies will get, as machines are intelligent nowadays 😛 )

6) hping3 -8 50-56 -S 8.8.8.8 (-8 = SCAN, 50-56 = range , -S = SYN)
(Just scans TCP ports)

7) hping3 -2 192.168.1.6 -p 80 -c 1 (-2 = UDP)

8) hping3 -F -P -U 192.168.1.28 -c 3 (XMAS scan)

9) hping3 192.168.1.38 -Q -p 139 -s (Getting sequence numbers, if initial seq number is predictable then there must be some vulnerability in OS . Generally shown in older operating system)

10) hping3 -S 192.168.1.38 -a 192.168.1.254 -p 22 –flood (-S = SYN, -a <I.P.> = Spoofed IP address, –flood = Flooding)
11) hping3 -2 http://www.neelpathak.in -p ++44444 -T -n (-T = traceroute, -n = don`t bother name resolution, -2 = UDP)

(Use ctrl+z to skip that hop 😛 )

12) hping3 -S http://www.neelpathak.in -p 53 -T

(Use to find load balancing, use this and above command. If you get different IP address here at a particular hop then probably there is load balancing present)

13) hping3 -S http://www.neelpathak.in -p 80 -T –ttl 13 –tr-keep -n (–ttl 13 = setting ttl to 13, every host will forward except that of hop 13, –tr-keep = don`t bother about the ttl values, Here one must see the repeating IP address from that you can come to know that there is some sort of the packets forwarding from different devices..)

14) Specially crafted TCP packet with HPING3

hping3
hping send “ip(saddr=<Spoofed IP in network>,daddr=<Destination IP>)+tcp(sport=6783,dport=80,flags=s)”

Sending crafted packet to the destination.
The first part is the network layer part and then the second part is the transport layer.

October 29, 2013

Users and Permissions on Linux (CentOs)

Today I am going to write about users, groups and their permissions on certain files and directories on CentOS. On other distros the procedure may very slightly but the concepts are all the same. Here I`ve used CentOS version 6.4 (This is hands on tutorial, Part 1)

USERS:
It is always a nice idea to create users according to their respective work on PC/workstation. And its easy to create users on Linux OS.

To add user, first open terminal(Applications -> System Tool -> Terminal) and type “useradd” followed by the name of the user you want to create. Below is its snapshot.

Note: If you get message like “Permission Denied”, then it says that you are not having enough permissions to create user. Simply switch to super user(root user) by typing “su -” and provide password for the super user(root user)

Above we created user with the name “alice”.

Remember, by default every user has its home directory and it has “/home/<username>” path. Below is the snapshot showing just that.

Remember that by default every user is present into its own group named same as user name.

Every user account is worthless without any password assigned to that user. So lets assign password to user named “alice”. This is done with the command “passwd” followed by the username. Below it is shown.

As you can see that we just assigned password as “alice” to user named “alice”. As this password was relatively simple, so OS gave warning but we assigned our password successfully thereby again confirming our password. The command is shown in dark blue color and warning message is shown in red box.

Now, just logout from this session (username -> quit) and login to user named “alice”. Open terminal and type command “ls -l” (shown in red). You can notice that all the directories appeared as Desktop, Documents, Downloads, Music, Pictures etc. in the alice home directory. Below it is shown in the snapshot. This directories were not before when we created the user from the super user account.

Try to change the password by the same command, just type “passwd” without username as we are already logged in with “alice” user so we will not give the username. If you give the username after command “passwd” then it will give an error stating “passwd: only root can specify user name”, means that when we are logged in as root then and then only we can give username after “passwd” command.

Now, if you will provide any simple password like that has same name as username or any dictionary based word then it will simply not allow you to change the password. But this was not the case earlier when we gave a simple password when we were logged in as super user(i.e. root user). Ahha that power to Super user. Amazed!!

Again login as super user (or root user) and create a user named “bob” and we will change its default directory`s name to something else. This can be done from the command “useradd” followed by giving option “-d” and its path and then username.

“useradd -d /home/notbob bob” (Snapshot shown below)

Remember, we just created different home directory for the user and not different group for these users. The users have the same name as that of their username unless changed. (See the snaphot below)

As shown above, “bob” user has same name of group as its user name i.e. “bob” group. Also it is shown in second example, there is “pathak” user which has “pathak” group by default and other home directory.

Lets create a user belonging to different group. For this there is a small change in command especially the switch of that command. We will create user named “jhon” belonging to the group “bob”.

“useradd -g bob jhon”

It is also possible that a single user can belong to many groups. Lets see how.

“useradd -G bob,alice abraham”

So, we have user abraham belonging to three groups, yes THREE groups. The first and default is “abraham” and other two are “bob” and “alice”

Amazed again?? Don`t be.

Remember: Whenever you create a user belonging to other groups, the default group is always there and its name is same as the user created with the same restriction of the group.

Also we can know whether the user is present or not from “id” command. It also shows other groups which that user belongs to. (Shown above)

Note: You can get full information about “useradd” cmd by referring its man pages. Just type “man useradd” on your terminal.

One can also look at the command “usermod”, just type “man usermod” to check options.

Pheww… Enough talking about users and groups now lets talk about permissions.

Permissions:
You can assign permissions to any files or directories under Linux.

Lets check it how.

First lets login to one of the account just created above, lets say we are logged in as user “alice” (snap below)

Now, lets create a directory under documents directory and then lets create a test.txt file. (Shown Below in snap)

Change to some other user say “abraham” and try to enter into “alice” home directory, what do you notice? Yes you are right, you can`t enter into “alice” home directory from other user account. (Snap shown below)

Lets, add user “abraham” to the group named “alice”, we will do this by using command “usermod” (snap shot below)

Note: When you create any user you can specify groups explicitly there. But suppose the user is created and then you want to change its properties, then use “usermod” command.

Again lets try to login as “abraham” and again access the same directory i.e. “alice” home directory, what you notice?

Eventhough “abraham” user belongs to both the groups “alice” and “abraham”, it is not able to still access that directory. This is because when we check its permissions we can come to know that what permissions exits on that directory.

Check its permissions with “ls -l” (Snap shot below)

Remember that the permissions follow in a specific order,

1) User permission
2) Group permission
3) Other permission

Earlier we just added our user “abraham” to the group named “alice” to access alice`s home directory. But we have not specified the permission for the group/groups in which it is present.

So, lets give group/groups a permission of r,w and x (r=read, w=write and x=execute). This can be done with “chmod” command. And again check the permission (Snapshot is shown below)

Note: Execute this command with root privileges.

Note:When we create a user, then the permissions are in restrictive mode by default. We need to change them according to our needs.

Commands that you can check for permissions are

1) chown
2) chgrp
3) chmod

Just open manual pages and go through it like “man chmod”.

May 8, 2013

Sniffing passwords from LAN network using Cain and Abel tool

Here I will show you that how simple HTTP and FTP passwords can be sniffed across LAN network. Just follow the steps and you are done.

First install the tool Cain And Able form here.

About the tool Cain And Abel:

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.
Read more..

Just follow the steps:

Step 1:
Please turn off the windows firewall or any other third party firewall so that all the packets are captured efficiently.

Step 2:
Open Cain and Abel tool

Step 3:
Goto -> Sniffer Tab and click Configure in the main menu to configure your packet listening adapter.

Step 4:
Select the appropriate network adapter for your network that you want to sniff the packets for plain-text passwords. And Click Ok.

Step 5:
Click the Green Adapter icon as shown below. This means that you just configured the adapter and now you are turning it ON.

Step 6:
Now select the APR tab below as shown and now first click on the right side upper pane area. When you click that area the blue plus (“+”) icon will get enabled. Press that blue plus (“+”) icon.

Step 7:
This is very interesting step. Now we need to select the router`s IP address and click ok. This means that we want to listen to every packet that is sent to router. If we select any other IP address in our LAN network then we can listen to only that particular HOST on the network. Since the router responds to all the request of HOSTS connected in a LAN. Thus we can listen to all the HOSTs.

Step 8:
Now click the Yellow Circle icon as shown. This means that we are starting ARP poisoning.

Step 9:
We can see that in the upper right panel there is an IP address of our router and when we press that Yellow Circle icon (button), it performs ARP poisoning.

Step 10:
Now click the password tab which is at the bottom. We can see that we are getting passwords of HTTP i.e. plain text session in our LAN network.

Note: While performing this practical you will notice that there is significant reduction in he network speed. This is due to the fact that ARP spoofing on the LAN network creates many fake packets advertising other`s host identity.

This can also create DoS Attak on the LAN network as it creates many fake packets for processing thereby making unable for other HOST to make a request on the network.

August 3, 2012

Active Record, Rails 3

Active record maps tables to classes, table rows to objects and table columns to object attributes. This practice is commonly known as ORM Object Relational Mapping. Really awesome thing isn`t it ?

Just don`t bother about SQL Quires only write simple active record query which is easy and simple to write. Enough of theory now , lets explore it.

Example: 1

1) First create rails application, type “rails new test1 -d mysql” (The switch “-d mysql” means that you want to use mysql database instead of default database (sqlite) ). Also configure dbname and dbpassword in the database.yml file present in /config folder under root folder.

2) Create a model named book type “rails g model book” (Remember that model is always named in sigular form and controller are named in plural). This model is present at <your-app>/app/models/book.rb. Now, see carefully. What you notice in the first line ?

class Book < ActiveRecord::Base

end

We know that classes in ruby always start from capital alphabet and you notice above that the class book has capital alphabet. Also we know that in ruby language inheritance is done by “<” symbol. You notice that class Book inherit ActiveRecord::Base. This means that the class here Book is already mapped to the database having table name as books. Hurray… 🙂

Now let us assume that your books table in mysql database contains field(column) like “title”, “publisher” and “published_at” fields. Now you can easily create new record. Switch to console type “rails console” in terminal from application root folder.

Type the following at console:

>> book = Book.new

>>book.title = “Rails 3”

>>book.publisher = “BPB”

>>book.published_at =”2010-05-21″

>>book.save

This was pretty known stuff I guess. What we did was created a book object (first line), assigned title, publisher and published_at fields from that object and lastly we saved that object. Now, you have a record created. You can view this new record in mysql if you want to see.

Notice how simple was that to insert new record in rails application. This is just because of Active Record.

Example: 2

1) Now, if you want to inquire that how many fields are there in any particular table. Again switch to the rails console from your application root folder type “rails console”

2)now type “<Model-name>.column_names”

Here we write as “Book.column_names”. Notice you get all the fields of the table “books” which is stored in mysql database. Conclusion, We are here accessing model Book and getting to know that what fields are present in the “books” table in mysql database. Remember that model name (in sigural) with first capital alphabet equals to the table of the same name (in plural) in your database.

simply type “Book” this will also tell you the fields present in the “books” table with its data-type.

3) If you want to know that how many methods are present in your Model named book then you can type “Book.methods.size” at your rails console and it will give you total number of the methods.

Example: 3 CRUD operations.

Assume that you have model named book.rb in your app/model/ folder.
Fire up the rails console from root application folder.

1) Creating record:

>> book = Book.new

>>book.title = “Rails 3”

>>book.publisher = “BPB”

>>book.published_at =”2010-05-21″

>>book.save

Performing all in on line command.

>>Book.create(title: “Rails3”, publisher: “BPB”, published_at: “2010-05-21”)

2) Retrieve record

Know how many entries of book is created

>> Book.count

Finding record:

finding all records:

>>Book.find(:all)

>>Book.all

find first record

>>Book.find(:first)

>>Book.first

find last record

>>Book.find(:last)

>>Book.last

find any record

>>Book.find(1) # notice that find(1), here 1 i the record whose id is 1 you can give any number you wish to find record of.

Finding records in array form

>> books = Book.all

>>books[0]

# this will find the first record having index 0

>>books[3]

# this will find the record having index 3 i.e. fourth record.

find how many entries are there for books

>>books.size

# The command above will return the records in the array form.

finding the title for the fourth record

>>books[3].title

finding the title of the first record

>>books.first.title

finding the title of the last record

>>books.last.title

finding all the publisher of books

>>books.each { |book| puts book.publisher } # Simple isn`t it .

finding specific field with ascending order

>>books.order(“published_at”)

finding specific field in descending order

>>books.order(“published_at DESC”)

Finding records with condition.

>>Book.where(:title => “Rails3”).all

>>Book.where(:title => “Rails3”).first # if present else will raise an exception.

Finding records using dynamic finders.

Format for dynamic finders:

<Model-name>.find_by_<field-name>(“string to find”)

>>Book.find_by_title(“Rails3”)

<Model-name>.find_all_by_<field-name>(“string to find”)

>>Book.find_all_by_title(“Rails3”) # finds all records having “Rails3” as field name.

<Model-name>.find_by_<title name>_and_*(cond1, cond2).

>>Book.find_by_title_and_published_at(“Rails3″,”2009-05-19”)

Updating Records:

>>book = Book.first

>>book.title = “Rails 3 is great” # Overwriting the data i.e. updating.

All in one line

>>book.update_attributes(:title => “Rails 3 is great”, :publisher => “Neel”, :published_at => 1.day.ago)
Destroying Records:

>>book = Book.last

>>book.destroy

>>Book.last.destroy

>>Book.destroy(1) # Destroying first record.

First fetch a record in any variable and then destroy it. Isn`t it simple ?

Now remember there is difference in destroy and delete. I won`t be writing this here and want you to search and write it in comment.

July 28, 2012

Some of the awesome less known resources for rails on internet. (Free)

How to populate your database using fixtures:

http://biodegradablegeek.com/2008/07/how-to-use-fixtures-to-populate-your-database-in-rails/

Rails client side validation:

http://www.ddarrensmith.com/blog/2012/05/17/ruby-on-rails-client-side-validation-with-validation-helpers-and-twitter-bootstrap/

http://webtempest.com/easy-client-side-form-validation-for-rails-3-1/

Rails beginner all concepts with audio-book free:

http://www.buildingwebapps.com/learningrails/

July 9, 2012

Getting error like “An error occured, all later migrations canceled”

This error usually occurs when you have created your database manually. Or it can also occur when there is a problem in your rake commands.

Remember that “rails generate model <model name> title:string <attribute name 2>:<data-type 2>” command just makes a schema that is present in your ruby code.

The actual database gets created when you issue the command “rake db:migrate“.

There are times when your “rake db:migrate” command report an error as stated in title. What you want to do is just simply reset the database by issuing following command.

“rake db:migrate:reset”

You can also try “rake db:drop” to drop db and start again or can also dump the whole schema by “rake db:schema:dump”

I hope this post proves useful to use when you get irritating errors from rake command.

July 9, 2012

Digging deeper into Rails 3.(Part 1)

What the heck is BUNDLER ?

There are many changes in the newer version of rails i.e. Rails ver 3.BUNDLER is newer addition to this, it is a tool that manages the gem dependencies for your Ruby applications. Remember that BUNDLE is not compulsory to use but it is most prefered way to use in your Rails application as it efficiently manages Gem dependencies.

What the heck is Gemfile and Gemfile.lock file ?

::Gemfile::

In newer version of rails the Gemfile comes by default . Its sort of the menifest file where you can note down all the Gems that you want to use into your project. As we know there are three environments for rails i.e. Development , Test and Production. So the Gems are mentioned for each environment like wise.

<Your-app>/Gemfile

Example: group :test do
gem “rspec”
gem “faker”
end

The above Gems are listed just for the test environment. We can also use similar Gems for Test and Development environment. This can be done is the following way.

Example: group :development, :test do
gem “wrible”
gem “ruby-debug”
end

You can also mention specific version of the Gem in your Gemfile to load.

Example: gem ‘faker’, ‘>1.4.2’

Also there are some cases that you need to require particular gem in your “require” gem statement. For this Gemfile provides special provison

Example: gem ‘sqlite-ruby’, :require => ‘sqlite3’

Now, you can use require statement in your Ruby code as “require ‘sqlite'” and it will load the gem ‘sqlite-ruby’ present in your Gemfile.

Loading the Gem directly from Git repository.

Example: gem ‘nokogiri’, :git => ‘git://github.com/tenderlove/nokogiri.git’

Loading Gem from your File System.

Example: gem ‘nokogiri’, :path => ‘~/code/nokogiri’

____________________________________________________________________________________________________________________________
Execute the following command to install Gems that are specified in your Gem file(from your application`s root directory) 🙂

Type:
bundle install

________________________________________________________________________________________________________________________________

::Gemfile.lock::

This file maintains the dependency tree for your Rails application. I mean to say that if your application requires particular set of Gems, you first specify that Gems in your Gemfile and install it using “bundle install” command then the Gemlock file maintains a dependency tree for it relative to your application.This happens when you either install or update Gems. It records (Gemlock file) all dependencies and from that point if you again issue “bundle install” command then it will start from the last point of any update.

_________________________________________________________________________________________________________________________________

Three important file that are involved in setting up entire Rails stack:

<your-app>/config/

boot.rb : Set up bundler and load Paths.

application.rb: Load rails gems, gems for the specified Rails.env, and configures the application.

environment.rb: runs all initializers.

_______________________________________________________________________________________________________________________________

Source: “The Rails3 Way”

July 6, 2012

Designing the database and tables for use with Active record.

1) The name of the database should always be suffixed with _development, _test or _production. _development for development database, _test for test database and _production for production database.
For example: I want to build a database for bloging system then I would create development database as blog_development and likewise for test and production databases.

2) The name of the table must be in the plural form.
For example: I want to name a table in our blog_development database, then I would use name as blogs instead of blog.

Note that Active Record automatically finds the sigular form of the table name i.e. “blog” in our case. If I use “axes” as a table name then it will automatically find its sigular form i.e. “axis”. . . . . Humm Quite Cool right ?

4) The Primary key should always be named as “id”, these avoids two issues as follows:

You don`t need to think for any other name for primary key.

If you named primary key as “one_id” which holds the integer value and if the size of that key increases (as database grows), then you have to change all the “one_id” which you have passed as a reference key in other tables.

5) The datatype of the primary key should be an integer.

Active record assumes that the data type of primary key is of type integer or long. This helps in easier generation of id values automatically.

6) The foreign keys should be named as such format “<name of table in sigular>_id”.

For example: If I want to use “users” table as a reference in my “blogs” table then I would place “user_id” as a reference key in “blogs” table.

And that`s all you should take care of the issues while designing database and tables for use with Active Record. 🙂

Source: Building Dynamic Web 2.0 Websites with ROR.

July 3, 2012

Some useful commands for rubygems.

To query which gems are present in your local machine:

>gem list -l

To install a particular version of gem:

>gem install <gem-name> -v <version-number>

To query for remote gems:

>gem list –remote <gem-name> or gem list -r <gem-name>

To update gem to its newest version:

>gem update <gem-name>

To update all the gems in your local system:

>gem update

To uninstall gems:

>gem uninstall <gem-name>

To uninstall particular version of gem:

>gem uininstall <gem-name> -v <version-number>