≡ Menu

system administrator

Download of the day: Slackware Linux 12.1

The Slackware team announced Slackware 12.1. It is the time to upgrade your slackware server. From the announcement page:

Well folks, it's that time to announce a new stable Slackware release again. So, without further ado, announcing Slackware version 12.1! Since we've moved to supporting the 2.6 kernel series exclusively (and fine-tuned the system to get the most out of it), we feel that Slackware 12.1 has many improvements over our last release (Slackware 12.0) and is a must-have upgrade for any Slackware user.

Among the many program updates and distribution enhancements, you'll find better support for RAID, LVM, and cryptsetup; a network capable (FTP and HTTP, not only NFS) installer; and two of the most advanced desktop environments available today: Xfce 4.4.2, a fast, lightweight, and visually appealing desktop environment, and KDE 3.5.9, the latest 3.x version of the full-featured K Desktop Environment.

Download Slackware Linux 12.1

Download Slackware via bittorent

Understanding Forensics

Forensics is the art and science of applying computer science to aid the legal process. Linux journal has published a nice introduction to Forensics:

A break-in can happen to any system administrator. Find out how to use Autopsy and Sleuthkit to hit the ground running on your first forensics project.

There are certain aspects to system administration that you can learn only from experience. Computer forensics (among other things the ability to piece together clues from a system to determine how an intruder broke in) can take years or even decades to master. If you have never conducted a forensics analysis on a computer, you might not even know exactly where to start. In this guide, I cover how to use the set of forensics tools in Sleuthkit with its Web front end, Autopsy, to organize your first forensics case.

One of the most common scenarios in which you might want to use forensics tools on a system is the case of a break-in. If your system has been compromised, you must figure out how the attacker broke in so you can patch that security hole. Before you do anything, you need to make an important decision—do you plan to involve law enforcement and prosecute the attacker?

=> Introduction to Forensics

Linux Failed Login Control: Lock and Unlock User Accounts Using PAM

Under CentOS Linux it is possible to lock out a user login after failed login attempts. This is a security feature. You can also automatically unlock account after some time.

pam_tally - login counter (tallying) module

This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail.


Use /etc/pam.d/system-auth configuration file to configure attempted login accesses and other related activities. Append following AUTH configuration to /etc/pam.d/system-auth file:
auth required pam_tally.so onerr=fail deny=5 unlock_time=21600
(a)deny=5 - Deny access if tally for this user exceeds 5 times.

(b) unlock_time=21600 - Allow access after 21600 seconds (6 hours) after failed attempt. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator.

(c) onerr=fail - If something weird happens (like unable to open the file), return with PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM error code.

Default file /var/log/faillog is used to keep login counts.

The above PAM module is part of all Linux distribution and configuration should work with any Linux distribution.

See also:

  1. man pages faillog, pam.conf, pam.d, pam, and pam_tally
  2. pam_tally - login counter (tallying) module documentation.
  3. CentOS Linux project

Humor: Know your System Administrator

The joke on this page was obtained from the FSF's email archives of the GNU Project:

There are four major species of Unix sysad:
1.The TECHNICAL THUG. Usually a systems programmer who has been forced into system administration; writes scripts in a polyglot of the Bourne shell, sed, C, awk, perl, and APL.

2.The ADMINISTRATIVE FASCIST. Usually a retentive drone (or rarely, a harridan ex-secretary) who has been forced into system administration.

3.The MANIAC. Usually an aging cracker who discovered that neither the Mossad nor Cuba are willing to pay a living wage for computer espionage. Fell into system administration; occasionally approaches major competitors with indesp schemes.

4.The IDIOT. Usually a cretin, morpohodite, or old COBOL programmer selected to be the system administrator by a committee of cretins, morphodites, and old COBOL programmers.

HowTo: Configure Linux To Track and Log Failed Login Attempt Records

Under Linux operating system you can use the faillog command to display faillog records or to set login failure limits. faillog command displays the contents of the failure log from /var/log/faillog database file. It also can be used for maintains failure counters and limits. If you run faillog command without arguments, it will display only list of user faillog records who have ever had a login failure.
[click to continue…]

Configure Static Routes In Debian or Red Hat Enterprise Linux

Static routes improves overall performance of your network (especially bandwidth saving). They are also useful in stub networks (i.e. there is only one link to the network). For example, each LAN (located at different offices) is connected to HQ IDC (Internet data center) using single T1/LL/Wan links.

For example under Red Hat/Fedora Linux you can add static router for eth0 network interface by editing /etc/sysconfig/network-scripts/route-eth0 file. Under Debian Linux add static route by editing /etc/network/interface file.

[click to continue…]