I'm Just A Programmer: 2016

How to install Samba on CentOS ?

Is this article teach you do basic samba? Oh~ no. This article introduces the server of samba. This server can help you to share files between Linux and Windows. The difference with FTP server is you can revise file directly on your PC. So let me show you how to install Samba server on Cent OS.

Install samba

[nick1811@centos-6 ~]$ sudo yum install -y samba

To allow folder access

[nick1811@centos-6 ~]$ sudo vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

To add samba user (Hint: Only Linux users can be added to samba user)

[nick1811@CentOS-6 ~]$ sudo pdbedit -a -u nick1811
new password:
retype new password:

Add user with password

[nick1811@CentOS-6 ~]$ sudo printf "********\n********\n" | sudo pdbedit -t -a -u nick1811
Unix username:        nick1811

To delete samba user

[nick1811@centos-6 ~]$ sudo pdbedit -x -u nick1811

To check samba users

[nick1811@CentOS-6 ~]$ sudo pdbedit -L
nick1811:500:nick1811

To enable samba on starting OS

[nick1811@centos-6 ~]$ sudo chkconfig smb on

Settings for creating shares by non-root users

create samba shares folder

[nick1811@CentOS-6 ~]$ sudo mkdir -p /usr/local/samba/lib/usershares
[nick1811@CentOS-6 ~]$ sudo chown root:nick1811 /usr/local/samba/lib/usershares
[nick1811@CentOS-6 ~]$ sudo chmod 1770 /usr/local/samba/lib/usershares
[nick1811@CentOS-6 ~]$ sudo chcon -R -t samba_share_t /usr/local/samba/lib/usershares

set up your smb.conf by adding to the [global] section

[nick1811@CentOS-6 ~]$ sudo vim /etc/samba/smb.conf

#======================= Global Settings =====================================

[global]
wins support = yes
usershare path = /usr/local/samba/lib/usershares
usershare max shares = 100
usershare allow guests = true
usershare owner only = false
# Samba works on NFS-Shares
admin users = nick1811
strict locking = no
oplocks = no
acl check permissions = false

Now you can create folder shares

To share samba folder

[nick1811@centos-6 ~]$ net usershare add nick_samba /home/nick1811/samba/ "nick's samba folder" Everyone:F guest_ok=y

To unshare samba folder

[nick1811@centos-6 ~]$ net usershare delete nick_samba

To enable/disable samba service

[nick1811@centos-6 ~]$ sudo service smb start

[nick1811@centos-6 ~]$ sudo service smb stop

[nick1811@centos-6 ~]$ sudo service smb restart

Finally, remember to set iptables for samba

[nick1811@CentOS-6 ~]$ sudo vim /etc/sysconfig/iptables

# SAMBA/CIFS
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

[nick1811@CentOS-6 ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

References:

Change the login message

To know which server is own login, we should show welcome message before login. This article illustrates how to set display messages before/after login on the banner.

Before Login
To show welcome message before login, you should edit ssh configure file, /etc/ssh/sshd_cofig. Add banner message which is follows. We add a banner text file to /etc/profile.d, and specify this file path in the ssh configure file. The path, /etc/profile.d, stores all files that are executed when the user login.

[root@centos-6 ~]# vim /etc/ssh/sshd_config

# no default banner path
Banner /etc/profile.d/banner.txt

The file, banner.txt, can be whatever file you want and store in anywhere. However, we store it in the /etc/profile.d. Then edit the file and put in whatever welcome message you want.

,--.   ,--.       ,--.                              
|  |   |  | ,---. |  | ,---. ,---. ,--,--,--. ,---. 
|  |.'.|  || .-. :|  || .--'| .-. ||        || .-. :
|   ,'.   |\   --.|  |\ `--.' '-' '|  |  |  |\   --.
'--'   '--' `----'`--' `---' `---' `--`--`--' `----'

After all settings, you need to restart sshd before your changes take effect.

[root@centos-6 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

When you connect to the server, the welcome message will show in the terminal.

newmac:~ user$ ssh nick1811@192.168.0.90
,--.   ,--.       ,--.                            
|  |   |  | ,---. |  | ,---. ,---. ,--,--,--. ,---.
|  |.'.|  || .-. :|  || .--'| .-. ||        || .-. :
|   ,'.   |\   --.|  |\ `--.' '-' '|  |  |  |\   --.
'--'   '--' `----'`--' `---' `---' `--`--`--' `----'
nick1811@192.168.0.90's password:

After Login
In this part, I will show you how to set display message after login. To change the display message, you should edit /etc/motd. But in this article, we do not revise /etc/motd. We add a file, motd.sh, into the path, /etc/profile.d. All of files in this path will be automatically executed by /etc/profile when the user login.

[root@centos-6 ~]# vim /etc/profile.d/motd.sh

#!/bin/bash
echo -e "
 ######################
 # Welcome to Cent OS #
 ######################
"

So you can see the result after this setting.

Last login: Tue May 17 11:27:49 2016 from 192.168.1.138

 ######################
 # Welcome to Cent OS #
 ######################

[nick1811@centos-6 ~]$

Searching log for shutdown/reboot on Linux

To address problem, sometimes, we need to find log to know machine's shutdown/reboot time. However, how to do it?

last command

We use command, man last, to view the illustration(link). It lists login account, but reboot the machines use a pseudo account. Hence, we use the command, last reboot , to show the reboot time. For an instance, it shows last reboot time at 5/12 13:04.

[root@centos-6 ~]# last reboot
reboot   system boot  2.6.32-431.el6.x Thu May 12 13:04 - 12:29 (3+23:25)   
reboot   system boot  2.6.32-431.el6.x Mon May  9 09:55 - 13:01 (3+03:05)   
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 18:20 - 09:52 (24+15:31)  
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 15:00 - 18:19  (03:19)    
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 14:42 - 14:59  (00:16)    
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 14:31 - 14:42  (00:10)    
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 14:27 - 14:30  (00:03)    
reboot   system boot  2.6.32-431.el6.x Thu Apr 14 14:20 - 14:26  (00:05)     
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 14:12 - 14:28  (00:15)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 13:47 - 14:11  (00:24)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 13:35 - 13:46  (00:10)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 11:50 - 13:35  (01:45)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 11:18 - 11:49  (00:31)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 11:10 - 11:18  (00:07)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 10:48 - 11:10  (00:21)    
reboot   system boot  2.6.32-431.el6.x Tue Jan 26 10:10 - 10:48  (00:37)    

wtmp begins Tue Jan 26 09:57:17 2016

Then if you want to list logs of shutdown. Using the command, last -x shutdown, which is follows.

[root@centos-6 ~]# last -x shutdown
shutdown system down  2.6.32-431.el6.x Thu May 12 13:01 - 13:04  (00:02)    
shutdown system down  2.6.32-431.el6.x Mon May  9 09:52 - 09:55  (00:03)    
shutdown system down  2.6.32-431.el6.x Thu Apr 14 18:19 - 18:20  (00:00)    
shutdown system down  2.6.32-431.el6.x Thu Apr 14 14:59 - 15:00  (00:00)    
shutdown system down  2.6.32-431.el6.x Thu Apr 14 14:42 - 14:42  (00:00)    
shutdown system down  2.6.32-431.el6.x Thu Apr 14 14:31 - 14:31  (00:00)    
shutdown system down  2.6.32-431.el6.x Thu Apr 14 14:26 - 14:27  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 13:46 - 13:47  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 13:35 - 13:35  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 11:49 - 11:50  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 11:18 - 11:18  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 11:10 - 11:10  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 10:48 - 10:48  (00:00)    
shutdown system down  2.6.32-431.el6.x Tue Jan 26 10:09 - 10:10  (00:00) 

wtmp begins Tue Jan 26 09:57:17 2016

How to make a schedule to clean logs on Linux ?

In the software developing, we may make a lot of logs and stored on our developed systems. However, logs will increase by the time. To address increasable logs, we should make a schedule to clean it. In Linux system, we have a simple way to do it. This article will introduce two commands which are installed on Linux. First is crontab, that is a command which service for you to make a schedule to do something. Second, tmpwatch is a command which cleans tmp directory. This article illustrates how to use those two commands to achieve our work.

crontab

This command makes the work cycle to do it. The cycler time use minute, hour, week, month, and year. You can use crontab command to archive your work, and also edit /etc/crontab to do it. To security issues, /etc/cron.allow use to allow who can use this command. Vice versa, /etc/cron.deny use to deny who cannot use it.

The crontab content

[nick1811@centos-6 ~]$ cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

parameters: http://linux.die.net/man/1/crontab

tmpwatch

Temporary files are almost placed in /tmp directory, and be deleted by the system. To assurance the /tmp directory is not full, the system automatically cleans it in each day. This because the system makes a schedule to execute tmpwatch to do it. This package is not installed in minimum installation.

Using yum to install package:

[root@centos-6 ~]# yum install tmpwatch.x86_64

After installing, the tmpwatch file will be placed on this location( /etc/cron.daily). We can use cat to view it. All files in the /tmp will be deleted when it be not accessed in 30 days. This file shows the system recursively detects /tmp directory and deletes files.

[nick1811@centos-6 ~]$ cat /etc/cron.daily/tmpwatch 
#! /bin/sh
flags=-umc
/usr/sbin/tmpwatch "$flags" -x /tmp/.X11-unix -x /tmp/.XIM-unix \
 -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix \
 -X '/tmp/hsperfdata_*' 10d /tmp
/usr/sbin/tmpwatch "$flags" 30d /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
    if [ -d "$d" ]; then
 /usr/sbin/tmpwatch "$flags" -f 30d "$d"
    fi
done

parameters: http://linux.die.net/man/8/tmpwatch

How to make a schedule to clean logs?

Now, we can make our schedule to clean logs. For an instance, we clean a directory at 1:30 in every day, and delete files which be not accessed in a month.

[nick1811@centos-6 ~]$ crontab -e

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed
 30  1  *  *  * /usr/sbin/tmpwatch -maf 30d /home/nick1811/logs

The concept of directory structure on Linux

This article is aimed to provide directory structure information on Linux Operation System. All of the directories are following the Filesystems Hierarchy Standard (FHS). Directories are specified purpose to store files.

/bin : Essential user command binaries (for use all users)

All the executable binary programs that can be executed by all users .
E.g. cat, chmod, chown, date, mv, mkdir, cp, bash, etc.

/boot : Static files of the boot loader

It contains every this required for the booting system.

/dev : Device files

It is the location of hardware device files.

/etc : Host-specific system configuration

It contains all configuration files for system and Applications. In general, all files that can be viewed by all users. But only root can revise it. It must be static and cannot be an executable binary.

/home : User home directories

Home directory of users. Therefore, no program should rely on this location. The space of each user directory is limited by the system.

/lib : Essential shared libraries and kernel modules

This directory contains shared library image which is needed to boot the system.

/media : Mount point for removable media

This directory contains subdirectories which are used as mount point for removable media.
E.g. cd-rom, floppy disk, etc.

/mnt : Mount point for a temporarily mounted filesystem

It provide you mount temporarily filesystem as needed.

/opt : Add-on application software packages

Optional is abbreviated as opt. This directory is reserved for the installation of add-on application software packages.

/root : Home directory for the root user

Super user’s home directory.

/sbin : System binaries

Executable binary programs that can be executed only by root user.

/srv : Data for services provided by this system

Service is abbreviated as srv. It contains site-specific data which are serviced by a server.
E.g. WWW, FTP, etc.

/tmp : Temporary files

Temporary files are written by the program. It can also be stored by the user. But the important files cannot be stored in there. It has a daemon service of tmpwatch, which cleans files by a period time.

/usr : Secondary hierarchy

Unix Shared Resource is abbreviated as usr. It is the second major section of the filesystem, that contains software packages. /usr is shareable, read-only data.

/var : Variable data

This includes spool directories and files, administrative and logging data, and transient and temporary files.

/proc : Kernel and process information virtual filesystem

A virtual filesystem which contains information about running process.
E.g. cpuinfo, dma, interrupts, ioports, net, etc.

Reference : http://www.pathname.com/fhs/ Filesystem Hierarchy Standard (FHS)

Most Used Commands on Git

Initial git repository on current directory

$ git init

Download a project from GitHub/GitLab

$ git clone [url]

Configure your personal information

$ git config --global user.name "Nick Yang"
$ git config --global user.email "your_email@example.com"

Add .gitignore file (generate .gitignore)

$ git config --global core.excludesfile ~/your_file

Add file to area

$ git add [file]

Remove file from Git

$ git rm [file]

Committing Your Changes

$ git commit

Revise last commit

$ git commit --amend

Clear stagging area

$ git checkout -- .

New a branch B from A

$ git checkout -b [B] [A]

Switch to branch A

$ git checkout [A]

Merge branch B to A

$ git merge --no-ff [B]

Tag on current commit

$ git tag [tag_name]

Submmit tag to server side

$ git push [remote] [tag]

Submmit project A

$ git push origin [A]

Delete branch A

$ git branch -d [A]

Store changing, but not commit

$ git stash

List stash

$ git stash list

Applying stash@{2}

$ git stash apply [stash@{2}]

Cancel stash@{2}

$ git stash show -p [stash@{2}] | git apply -R

Remove stash@{2}

$ git stash drop [stash@{2}]

git command tutorial

$ git --help [command]

App Transport Security

Platforms: iOS 9.0 and later, OS X v10.11 and later

Summary:

l Secure connections between App and back end

l Https exclusively

l default strong Internet security in iOS and OS X apps and in app extensions

Protocol: TLS 1.2 and later

Certificates:

l SHA-2 256 bits

l ECC 256 bits

l RSA 2048 bits

Forward secrecy (FS):

l TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

l TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

l TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

l TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

l TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

l TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

l TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

l TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

l TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

When the backend server does not follow ATS rules (Eg Using lower level of Transport Layer Securiy, http protocol or self-signed etc. ), it should make a whitelist. It only needs to revise the file of "Info.plist",

Here are some sample settings:

l Allowing Lowered Security

It can specify protocol, which is lower than TSL v1.2, or which is not supported FS

<key>NSAppTransportSecurity</key>

<dict>

<key>NSExceptionDomains</key>

<dict>

<key>your_server.example.com</key>

<dict>

<key>NSThirdPartyExceptionMinimumTLSVersion</key>

<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>

</dict>

l Allowing Http, Self-signed (Insecure connection)

<key>NSAppTransportSecurity</key>

<dict>

<key>NSExceptionDomains</key>

<dict>

<key>your_server.example.com</key>

<dict>

<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>

<true/>

</dict>

l Turn off ATS

<key>NSAppTransportSecurity</key>

<dict>

<key>NSAllowsArbitraryLoads</key>

<true/>

</dict>

P.S. If the domain which cannot be controlled by the developer, it needs a parameter of "NSThirdPartyException". I do not know what is different. But it is work for me.

Reference:

https://developer.apple.com/library/prerelease/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33