Category Archives: Linux

Common Criteria SSH – restrict ciphers, key exchange method and drop SSH packets within certain range

1. Open ssh_config / sshd_config  – the first file is the configuration file for the client, the second is for the  daemon (SSH server).

2. Uncomment Ciphers section and leave it as:

Ciphers  aes128-cbc,aes256-cbc

This will ensure that only aes128 and aes256-cbc ciphers will be used.

3. Add the following line:

KexAlgorithms diffie-hellman-group14-sha1

This will ensure that this will be the only supported key exchange method.

4. To drop SSH packets with certain size you can always use the good old iptables:

iptables -A INPUT -p tcp -m length --length 1400:1500 --dport 22 -j DROP

This will drop all incoming packets with size between 1400 and 1500 for port 22 (the SSH port).

How to execute MySQL query / statement from the shell (command line)

mysql -hhostname -uusername -ppassword db_name -e 'query to execute;'
  • hostname – the host on which MySQL is installed
  • username – the MySQL user that has the necessary privileges over the database
  • passsword – the MySQL user password
  • db_name – the name of the MySQL database that you want to query
  • -e – MySQL option which will execute the statement and quit
  • query to execute; – the MySQL query you want to execute enclosed in single quotes

Generate random usernames / email addresses list with apg

apg is a handy utility for creating random passwords / strings. To install it run:

apt-get install apg

The below for loop will create 300 random usernames / email addresses in the format username@domain.com. You can always replace “domain” with “$i” , then you’ll have addresses in the format username@username.com.

-M – specifies that mode will be used
L – use small letters only mode
-n – number of passwords/random strings, in this case 300

for i in $(apg -M L -n 300); do echo $i@domain.com >> fileToSaveResult ; done

Create a file with email addresses / usernames

Quickly create a list of email addresses / usernames in the format usernameprefixNumber@domain.name

 

#!/bin/bash
userprefix=$1;
numberofusers=$2;
domain=$3;
filetosave=$4
counter=1;

if [ $# -ne 4 ]; then
echo Insufficient arguments:
echo "Usage: $0 userprefix numberofusers domainname filetosave"
echo " - enter user prefix, e.g. demo"
echo " - enter number of users,e.g. 100"
echo " - enter domain/hostname, e.g. some-hostname.domain.com"
echo " - file to save the result in"
exit 1
fi

touch $4 ;


while [[ $counter -le $numberofusers ]];
do echo Creating User $counter;
echo "$userprefix$counter@$domain" >> $4;
let "counter += 1";
done

How to install sysstat (sar) for performance statistics ?

apt-get update; apt-get install sysstat

The sysstat package contains several utilities for monitoring system performance. To enable performance data collection edit
/etc/default/sysstat
set
ENABLED="true"
restart sysstat
/etc/init.d/sysstat restart. If necessary edit the cronjob which will collect the statistics and make sure to setup a logrotate entry in order to avoid large logs.