SSH (Secure Shell) relies on public-key cryptography for secure logins. But how can you be sure your public and private key pair are actually linked? This blog post will guide you through a simple method to verify their authenticity in Linux and macOS.
Understanding the Key Pair:
Imagine a lock and key. Your public key acts like the widely distributed lock – anyone can see it. The private key is the unique counterpart, kept secret, that unlocks the metaphorical door (your server) for SSH access.
Using ssh-keygen
This method leverages the ssh-keygen tool, already available on most Linux and macOS systems.
1. Locate the keys :Open a terminal and use cd to navigate to the directory where your private key resides (e.g., cd ~/.ssh). 2. Use the command ‘ls -al’ to list all files in the directory, and locate your private/public keypair you wish to check.
Example:
ababwaha@ababwaha-mac.ssh % ls -al
total 32
drwx------6 ababwaha staff 192 Jun 2416:04 .
drwxr-x---+68 ababwaha staff 2176 Jun 2416:04 ..
-rw-------1 ababwaha staff 411 Jun 2416:04 id_ed25519
-rw-r--r--1 ababwaha staff 103 Jun 2416:04 id_ed25519.pub
-rw-------1 ababwaha staff 3389 Jun 2416:04 id_rsa
-rw-r--r--1 ababwaha staff 747 Jun 2416:04 id_rsa.pub
3. Verify the Key Pair: Run the following command, replacing with the actual path to your private key file (e.g., ssh-keygen -lf ~/.ssh/id_rsa):
ssh-keygen -lf ssh-keygen -lf
This command displays fingerprint information about your key pair.
4. Match the Fingerprints: Compare the fingerprint displayed by ssh-keygen with the beginning of the text in your public key file. If they match, congratulations! Your public and private keys are a verified pair.
Remember:
Security: Always keep your private key secure. Avoid storing it on publicly accessible locations.
Permissions: Ensure your private key file has appropriate permissions (usually 600) to prevent unauthorized access.
By following this method, you can easily verify the authenticity of your public and private SSH key pair, ensuring a secure connection to your server.
Maintaining a secure system involves monitoring file system activity, especially tracking file deletions, creations, and other modifications. This blog post explores how to leverage two powerful tools, auditd and process accounting with /usr/sbin/accton (provided by the psacct package), to gain a more comprehensive understanding of these events in Linux.
Introduction
Tracking file deletions in a Linux environment can be challenging. Traditional file monitoring tools often lack the capability to provide detailed information about who performed the deletion, when it occurred, and which process was responsible. This gap in visibility can be problematic for system administrators and security professionals who need to maintain a secure and compliant system.
To address this challenge, we can combine auditd, which provides detailed auditing capabilities, with process accounting (psacct), which tracks process activity. By integrating these tools, we can gain a more comprehensive view of file deletions and the processes that cause them.
What We’ll Cover:
1. Understanding auditd and Process Accounting 2. Installing and Configuring psacct 3. Enabling Audit Tracking and Process Accounting 4. Setting Up Audit Rules with auditctl 5. Simulating File Deletion 6. Analyzing Audit Logs with ausearch 7. Linking Process ID to Process Name using psacct 8. Understanding Limitations and Best Practices
Prerequisites:
1. Basic understanding of Linux commands 2. Root or sudo privileges 3. Auditd package installed (installed by default on most of the distros)
1. Understanding the Tools
auditd: The Linux audit daemon logs security-relevant events, including file system modifications. It allows you to track who is accessing the system, what they are doing, and the outcome of their actions.
Process Accounting: Linux keeps track of resource usage for processes. By analyzing process IDs (PIDs) obtained from auditd logs and utilizing tools like /usr/sbin/accton and dump-acct (provided by psacct), we can potentially identify the process responsible for file system activity. However, it’s important to understand that process accounting data itself doesn’t directly track file deletions.
2. Installing and Configuring psacct
First, install the psacct package using your distribution’s package manager if it’s not already present:
# For Debian/Ubuntu based systems sudo apt install acct
# For Red Hat/CentOS based systems sudo yum install psacct
3. Enabling Audit Tracking and Process Accounting
Ensure auditd is running by checking its service status:
This will start saving the process information in the log file /var/log/account/pacct.
4. Setting Up Audit Rules with auditctl
To ensure audit rules persist across reboots, add the rule to the audit configuration file. The location of this file may vary based on the distribution:
For Debian/Ubuntu, use /etc/audit/rules.d/audit.rules For Red Hat/CentOS, use /etc/audit/audit.rules Open the appropriate file in a text editor with root privileges and add the following line to monitor deletions within a sample directory:
-w /var/tmp -p wa -k sample_file_deletion Explanation:
-w: Specifies the directory to watch (/path/to/your/sample_directory: /var/tmp) -p wa: Monitors both write (w) and attribute (a) changes (deletion modifies attributes) -k sample_file_deletion: Assigns a unique key for easy identification in logs
After adding the rule, restart the auditd service to apply the changes:
sudo systemctl restart auditd
5. Simulating File Deletion
Create a test file in the sample directory and delete it:
touch /var/tmp/test_file rm /var/tmp/test_file
6. Analyzing Audit Logs with ausearch
Use ausearch to search audit logs for the deletion event:
sudo ausearch -k sample_file_deletion This command will display audit records related to the deletion you simulated. Look for entries indicating a “delete” operation within your sample directory and not down the the process id for the action.
As you can see in the above log, the user root(uid=0) deleted(exe=”/usr/bin/rm”) the file /var/tmp/test_file. Note down the the ppid=2358 pid=2606 as well. If the file is deleted by a script or cron, you would need these to track the script or cron.
7. Linking Process ID to Process Name using psacct
The audit logs will contain a process ID (PID) associated with the deletion. Utilize this PID to identify the potentially responsible process:
Process Information from dump-acct
After stopping process accounting recording with sudo /usr/sbin/accton off, analyze the captured data:
sudo dump-acct /var/log/account/pacct This output shows various process details, including PIDs, command names, and timestamps. However, due to the nature of process accounting, it might not directly pinpoint the culprit. Processes might have terminated after the deletion, making it challenging to definitively identify the responsible one. You can grep the ppid or pid we received from audit log against the output of the dump-acct command.
In some cases, you can try lastcomm to potentially retrieve the command associated with the PID, even if the process has ended. However, its effectiveness depends on system configuration and might not always be reliable.
Important Note
While combining auditd with process accounting can provide insights, it’s crucial to understand the limitations. Process accounting data offers a broader picture of resource usage but doesn’t directly correlate to specific file deletions. Additionally, processes might terminate quickly, making it difficult to trace back to a specific action.
Best Practices
1. Regular Monitoring: Regularly monitor and analyze audit logs to stay ahead of potential security breaches. 2. Comprehensive Logging: Ensure comprehensive logging by setting appropriate audit rules and keeping process accounting enabled. 3. Timely Responses: Respond quickly to any suspicious activity by investigating audit logs and process accounting data promptly.
By combining the capabilities of auditd and process accounting, you can enhance your ability to track and understand file system activity, thereby strengthening your system’s security posture.
Introduction Redmine is a powerful and versatile project management tool that can help teams stay organized, collaborate effectively, and track progress towards their goals. Originally developed for the Ruby on Rails community, Redmine is now used by thousands of organizations worldwide, from small startups to large enterprises.
With Redmine, you can create projects and sub-projects, define tasks and issues, assign them to team members, set due dates and priorities, and track time spent on each task. You can also add comments and attachments to issues, create custom fields and workflows, and generate reports and graphs to visualize project status and progress.
It is open-source software written in Ruby on Rails and is available under the GNU General Public License.
Whether you’re a software development team, a marketing agency, a non-profit organization, or any other type of group that needs to manage projects and tasks, Redmine can be a valuable tool to help you stay on track, collaborate effectively, and achieve your goals. In this blog, we’ll explore some of the key features and use cases of Redmine, and provide tips and best practices for getting the most out of this powerful project management tool.
In this tutorial, we will go through the steps of installing Redmine on an Ubuntu 22.04 server and secure it Let’s Encrypt SSL.
Prerequisites:
Ubuntu 22.04 Server Root or sudo user access A domain name pointed to the server is required for accessing Redmine via a web browser.
Step 1: Update Ubuntu System The first step is to update the Ubuntu system to ensure that all the packages are up-to-date. You can do this by running the following command: sudo apt update Step 2: Install Dependencies Redmine requires several dependencies to be installed before it can be installed. To install them, run the following command:
Also, install Apache and Apache mod Passenger module sudo apt install -y apache2 libapache2-mod-passenger
Note: libapache2-mod-passenger is a module for the Apache web server that enables the deployment of Ruby on Rails web applications. It provides an easy way to configure and manage Ruby on Rails applications within an Apache web server environment.
Step 3: Create a Redmine User Create a dedicated Linux user for running Redmine: useradd -r -m -d /opt/redmine -s /usr/bin/bash redmine
Add the user to the www-data group to enable Apache to access Redmine files: usermod -aG redmine www-data
Step 4: Install and Secure MariaDB MariaDB is a popular open-source database management system and is used as the backend for Redmine. To install and secure MariaDB, run the following commands: sudo apt install -y mariadb-server
Since the configuration file is an yaml, you need to use proper Indentation.
Save and close the file.
Step 7: Install Bundler and Redmine Dependencies Install Bundler for managing gem dependencies and run the following commands:
sudo gem install bundler
Login as redmine user and execute below commands:
su - redmine
bundle config set --local without 'development test'
bundle install
bundle update
exit
Step 8: Configure File System Permissions Ensure that the following directories are available in the Redmine directory (/opt/redmine):
tmp and tmp/pdf public and public/plugin_assets log files
Create them if they don’t exist and ensure that they are owned by the user used to run Redmine:
for i in tmp tmp/pdf public/plugin_assets; do [ -d $i ] || mkdir -p $i; done
chown -R redmine:redmine files log tmp public/plugin_assets
chmod -R 755 /opt/redmine
Step 9: Configure Apache Create a new Apache virtual host file for Redmine: sudo nano /etc/apache2/sites-available/redmine.conf
Paste the following configuration into the file:
<VirtualHost *:80>
ServerName redmine.linuxwebhostingsupport.in
DocumentRoot /opt/redmine/public
ErrorLog ${APACHE_LOG_DIR}/redmine-error.log
CustomLog ${APACHE_LOG_DIR}/redmine-access.log combined
<Directory /opt/redmine/public>
Require all granted
Options -MultiViews
PassengerEnabled on
PassengerAppEnv production
PassengerRuby /usr/bin/ruby
</Directory>
</VirtualHost>
Save the file and exit the text editor. Replace redmine.linuxwebhostingsupport.in with your domain name.
Enable the Redmine site by running the following command:
sudo a2ensite redmine.conf
Restart Apache to apply the changes:
sudo systemctl restart apache2
Allow Apache through the Ubuntu UFW firewall:
sudo ufw allow 'Apache Full'
Install Certbot and the Apache plugin for Let’s Encrypt:
sudo apt install certbot python3-certbot-apache
Adding Lets Encrypt SSL certificate
You need to make sure your domain is properly pointed to the server IP, otherwise, Let’s encrypt will fail.
Obtain an SSL certificate for your domain by running the following command:
sudo certbot --apache
Follow the on-screen instructions to complete the process.
Restart Apache to apply the SSL configuration:
sudo systemctl restart apache2
Open your web browser and go to https://redmine.linuxwebhostingsupport.in/. You should see the Redmine home screen.
Login to the admin area using your Redmine admin username and password. If this is your first login, you will need to reset your admin password.
https://redmine.linuxwebhostingsupport.in/login
Congratulations! You have successfully installed and configured Redmine on your Ubuntu server. In the previous steps, we have covered the installation and configuration of Redmine, including setting up the database, configuring Apache, and securing Redmine with Let’s Encrypt SSL.
However, one critical aspect of Redmine that you might want to configure is email delivery for notifications. This feature is essential for keeping team members informed about project updates, new issues, and changes to existing issues. In this section, we will show you how to configure email delivery in Redmine.
Configuring SMTP for Email Delivery in Redmine
Redmine supports email delivery for notifications, which you can set up using the following steps:
Step 1 – Open Configuration File
First, you need to open the configuration.yml file in a text editor:
sudo nano /opt/redmine/config/configuration.yml
Step 2 – Configure Email Settings
Next, scroll down to the production section of the file, uncomment the following lines by removing the # symbol at the beginning of each line, and replace the values with your SMTP server’s settings:
# specific configuration options for production environment# that overrides the default ones
production:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: "your.smtp.server.com"
port: 587
domain: "your.domain.com"
authentication: :login
user_name: "your_email@example.com"
password: "your_email_password"
enable_starttls_auto: true
# specific configuration options for development environment# that overrides the default ones
Replace the values for address, port, domain, user_name, and password with your SMTP server’s settings:
address: The address of your SMTP server. port: The port number to use for SMTP server (usually 587). domain: The domain name of your organization or server. user_name: The email address of the user account to use for sending emails. password: The password for the user account to use for sending emails. Save the configuration.yml file.
Since the configuration file is an yaml, you need to use proper Indentation.
Step 3 – Restart Apache
Finally, restart Apache to apply the changes:
sudo systemctl restart apache2 And that’s it! Redmine is now configured to deliver email notifications to your team members.
Conclusion
Redmine is a powerful project management tool that can help you manage your software development projects effectively. In this blog post, we have covered the installation and configuration of Redmine on Ubuntu, including setting up the database, configuring Apache, securing Redmine with Let’s Encrypt SSL, and configuring email delivery.
With these steps, you should now have a working Redmine installation that can help you track your projects, collaborate with your team, and stay on top of your development process. Good luck!
