Disable direct root Login.

In previous post we saw how to Set Alerting for root login and How to Change Default SSH Port. To add more to the security you should also disable direct root Login and specific users should be allowed only.

To disable Direct root Login, you need to follow the steps below.

1. Open the file /etc/ssh/sshd_config and add the line below.

PermitRootLogin no

2. Create a new user – e.g. user bob and set a password to that user.

3. Open file /etc/group and add the user to the Wheel group. So the Wheel group in that file would look like this.

[root@server ~]# cat /etc/group | grep -i wheel
wheel:x:10:bob
[root@server ~]#

4. Finally restart sshd service.

[root@server ~]# systemctl restart sshd

5. Please make sure that permissions to below are set correctly.

chmod 4755 /bin/su
chmod 1700 /etc/passwd
chmod 1700 /etc/shadow
chmod 1755 /etc/groups

Remember the Golden Rule? Yes, always verify the changes from a different session before logging out the current one.

Set alerting for root login.

If you are using Linux server, you must have enhanced security by Changing Default SSH port. (If you haven’t you should do it immediately). To further secure your environment, you should consider setting alerts for root login.
Setting alerts for root account login is useful in many ways. To track who logged in and for security reason,

Steps to enable Alerting for root login

  1. Login to server and switch to root user.
  2. Open file /root/.bash_profile and append the code below.
/usr/bin/echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" email@yourdomain.com

Simple, isn’t it?
You can try to login/switch to root user and you should get the email like this.

ALERT - Root Shell Access on: Thu Jul 23 09:42:46 UTC 2020 user pts/0 2020-07-23 09:42 (xx.xx.xx.xx)

Echo Command in Linux

Echo command mainly prints on the screen whatever you ask it. It a simple function but most the scripts would be incomplete with echo command. You won’t be able get visible output from the shell script, without echo command.

How to check what version of echo command you are using?

[root@server ~]# /bin/echo --version
echo (GNU coreutils) 8.22
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Brian Fox and Chet Ramey.

How to print using echo command ?

it’s actually quite simple. Just use echo command following by the text.

[root@server ~]# echo "Hello JustGeek"
Hello JustGeek
[root@server ~]#

Printing Variables.

it’s not just for the print text there are many things you can do using echo command. Example you can print Variables.

[root@server ~]# IamVariable="This is JustGeek"
[root@server ~]# echo $IamVariable
This is JustGeek
[root@server ~]#

You can also run a command through echo command and print it’s output to the screen.

[root@server ~]# echo "This server is online from $(uptime | awk '{print $3,$4}')"
This server is online from 77 days,

Formatting using Echo Command.

To use formatting functions with echo -e. It enables interpretation of backslash escapes.
eg:- “\n” parameter will print on the new line. As shown below.

[root@server ~]# echo -e "First Line\nSecond Line"
First Line
Second Line
[root@server ~]#

There are multiple characters which can be used which suits you.

\a: Alert (historically known as BEL). This generates the default alert sound.
\b: Writes a backspace character.
\c: Abandons any further output.
\e: Writes an escape character.
\f: Writes a form feed character.
\n: Writes a new line.
\r: Writes a carriage return.
\t: Writes a horizontal tab.
\v: Writes a vertical tab.
\\: Writes a backslash character.

Basic Openssl Commands

Openssl is an open source implementation SSL protocol. It is widely used and it has different functions which allows you to check CSR, Certificate and it’s expiry.

Here are some basic open commands which will be useful when you are dealing with certificate or anything related to that.

To decode certificate.

[root@server ~]# openssl x509 -in certificate.crt -text -noout

Check Expiry Date of Certificate Using OpenSSL command

[root@server ~]# cat certificate.crt | openssl x509 -noout -enddate

How to see if Certificate and a Private Key match.
Compare the output from both commands. If they are identical then the private key matches the certificate.

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum 

Above are the most basic Operations and Widely used. Do let me know if you want us to add more here. So you can refer here.

How to use Array in Bash Scripting

First we will see what is Array in Linux

If you have been doing shell scripting, you must have definitely came across the term called variable. So when you use a variable, you can add a single name to the variable – In other words one variable can hold only one value.

Example of an Variable

#!/bin/bash
cityname="Berlin"
echo "$cityname"

So if you want to hold names of multiple cities, then you will have to create new variable for each city.

For an Example

cityname01="Berlin"
cityname02="Tokyo"
cityname03="Moscow"
cityname04="Rio"
cityname05="Denver"

However, to ease life we could use a single Array which could hold up all values in a single variable.

To define Array :-

cityname[0]="Berlin"
cityname[1]="Tokyo"
cityname[2]="Moscow"
cityname[3]="Rio"
cityname[4]="Denver"

So here we have stored all city Names in a Array called “cityname”. So now question is how do you access an Array.

You just need to echo it’s number 🙂 Like shown below.

#!/bin/bash
cityname[0]="Berlin"
cityname[1]="Tokyo"
cityname[2]="Moscow"
cityname[3]="Rio"
cityname[4]="Denver"
echo "${cityname[3]}"

So above script will print “Rio” If you want to print all city names then you would use

echo "${cityname[@]}"

OR

echo "${cityname[*]}"

You can copy paste the script below and run it which will help you understand better.

#!/bin/bash
cityname[0]="Berlin"
cityname[1]="Tokyo"
cityname[2]="Moscow"
cityname[3]="Rio"
cityname[4]="Denver"

echo Cities I love are : "${cityname[@]}"

Output would be.

Cities I love are : Berlin Tokyo Moscow Rio Denver