Tuesday, November 24, 2009

How do I block specific incoming ip address?

following iptable rule will drop incoming connection from host/IP 72.30.2.43:

iptables -A INPUT -s 72.30.2.43 -j DROP
iptables -A OUTPUT -d 72.30.2.43 -j DROP

service iptables status

iptables -D INPUT -s 72.30.2.43 -j DROP
iptables -D OUTPUT -d 72.30.2.43 -j DROP
Posted by at Labels:
1 comment:

Monday, November 23, 2009

chmod 777 filename

owner rwx
group rwx
other rwx

chmod 7777 filename

4000 - Set the effective User ID
2000 - Set the effective Group ID
1000 - Set the sticky bit

So a file of 7777 means:
a file which is read-writable-executable by all, and has its setuid, groupuid and sticky bits set.

chmod u+x filename

add execute permission on file to owner

u - owner
g - group
o - others
a - all

chmod ug=rw filename

chmod ug+r filename

chmod o-w filename
Posted by at Labels:
No comments:

Question: I have a file i can't read/write/execute with the user i want!

Bad advice:

  • Bad: "chmod 666 file" - This makes the file editable and destroyable by anyone.
  • Worse: "chmod 777 file" - This makes the file editable by anyone AND sets execute permissions for anyone. Fucking stupid. This means that any user can edit the file to do something malicious for the next user to (accidentally?) execute it.
  • Worst: "chmod 7777 file" - Also gives setuid and setgid permission. With this shining example of stupidity you've just given any user permission to fuck your machine up the ass, especially if the file is owned by root.

Good advice:

Make sure the file is owned by an appropriate user or group, and set permissions for that user or group. Create a new group if necessary.

I haven't yet found one example where 777 are the proper permissions for a file or directory.
("But /tmp and /var/tmp!?" i hear you cry. They have permissions 1777.)

ref: http://kreiger.linuxgods.com/kiki/?Bad+linux+advice
Posted by at Labels:
No comments:

ls -ltr 

drwxr-xr-x  2 ariel    staff         512 Jun 13 16:19 Mail

- regular file
d - directory
l - link
c - character special device
b - block special device
p - pipe
s - socket

file permissions
rwx - owner
r-x - group 
r-x - other

Posted by at Labels:
No comments:

create pipes in Redhat

cd /tmp

mknod fifo_file p

ls -ltr file_file

------tty 1----------
echo passing this line >> /tmp/fifo_file

------tty 2----------
cat < /tmp/fifo_file
Posted by at Labels:
No comments:

create a new partition in Redhat

fdisk /dev/sda

p - print the partition table

n - create new partition

[Enter] to accept the default starting cyclinder

+20M

w - update the partition table

restart or type partprobe to use the new partition

mkfs.ext3 /dev/sda7

mount /dev/sda7 /mnt

umount /mnt
Posted by at Labels:
No comments:
Subscribe to: Posts (Atom)

About

Blogger templates