Monday, 11 November 2013

Record Terminal Session in Linux


Overview :
 ttyrec is a tty(terminal) recorder  in unix like operating system & recorded data can be played back with the help of ttyplay command.ttyrec is just a derivative of script command for recording timing information with microsecond accuracy as well. It can record emacs -nw, vi, lynx, or any programs running on tty.

Installation on Ubuntu :

# sudo apt-get install ttyrec

Installation on RHEL 6.X / CentOS 6.X / Fedora

First Download the ttyrec rpm package using wget command  and install using below mentioned yum command.
# wget ftp://ftp.pbone.net/mirror/ftp.turbolinux.com/pub/TurboLinux/stable/tested/Desktop/10/i586/ttyrec-1.0.6-1.i586.rpm
# yum localinstall ttyrec-1.0.6-1.i586.rpm


Now start Recording using ttyrec command :

Open the terminal type the below command and when you want to stop the recording type exit.
# ttyrec

When we run the above command recording of terminal session will start and when you type exit, recording will be stopped and a file name “ttyrecord”  will be created in the current directory.




Now Play the recorded sesssion using ttyplay command

# ttyplay ttyrecord

commonly used options in ttyplay :

  -s SPEED :  multiple the playing speed by SPEED (default is 1).
       -n   :  no wait mode.  Ignore the timing information in file.
       -p  :   peek another person's tty session.

We can also change the speed by using special keys like :

+ or f double the speed of playback.
- or s : halve the speed of playback.
0 :     set playback speed to 0, pausing playback.
1 :     set playback to speed 1.0 again.


Measuring the time of recorded data :

Using ttytime command we can determine the time of recorded data in seconds.
#  ttytime ttyrecord
14  ttyrecord
Posted by at 4 comments:

Saturday, 2 November 2013

Iptables Setup and Firewall For a Web Server Using GUI/TUI tool



Firewall configuration GUI/TUI tool (recommend for new users)
The system-config-firewall command is a graphical user interface for setting basic firewall rules. You need to have KDE or Gnome installed on the system. Open a terminal and type the following command as root user:
# system-config-firewall
Sample outputs:


Select services such as WWW, SSH, HTTPS to open port for everyone. Click on Apply button. This tool will generate /etc/sysconfig/iptables as follows: 


                           Sample RHEL CentOS Linux /etc/sysconfig/iptables files

A note about text based config tool (recommend for remote server with ssh access)
The sysystem-config-firewall-tui is a command line tool without having the GUI installed on the server:
# system-config-firewall-tui
Sample outputs:
 





system-config-firewall-tui in action

Select Enabled and Press Tab to select "Customization" : 

Scroll down/up and select SSH, WWW, Secure WWW (HTTPS) and other required ports you wish to open. Finally, select Close button. Finally, press OK button to activate new firewall settings.

Type the following iptables command as root user to open port 80 / 443:
## open port 80 and 443 for everyone ##
/sbin/iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

## save newly added firewall rules ##
/sbin/service iptables save

## verify new firewall settings
/sbin/iptables -L -n -v
/sbin/iptables -L INPUT -n -v
/sbin/iptables -L INPUT -n -v | grep :80
/sbin/iptables -L INPUT -n -v | grep :443

The following rule allows access to port 80 and 443 only to 192.168.1.0/24
## Find an appropriate network block, and network mask
## representing the machines on your network which should operate as
## clients of the Apache Web-server

## Open port 80 and 443 for 192.168.1.0/24 subnet only ##
/sbin/iptables -A INPUT -s 192.168.1.0/24  -m state --state NEW -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 443 -j ACCEPT

## save newly added firewall rules ##
/sbin/service iptables save

## verify new firewall settings
/sbin/iptables -L -n -v
/sbin/iptables -L INPUT -n -v
/sbin/iptables -L INPUT -n -v | grep :80
/sbin/iptables -L INPUT -n -v | grep :443

You can block/drop the IP address 202.54.1.1 or subnet 202.54.1.2/29 as follows using iptables:
## Block access to port 80 ##
iptables -A INPUT -s 202.54.1.1 -p tcp --dport 80 -j DROP
iptables -A INPUT -s 202.54.1.2/29 -p tcp --dport 80 -j DROP

## block and drop access to port 443 (secure apache web-server)
iptables -A INPUT -s 202.54.1.1 -p tcp --dport 443 -j DROP
iptables -A INPUT -s 202.54.1.2/29 -p tcp --dport 443 -j DROP

## save newly added firewall rules ##
/sbin/service iptables save

## verify new firewall settings
/sbin/iptables -L -n -v
/sbin/iptables -L INPUT -n -v | grep 202.54.1.1

Note: To unblock an IP i.e. delete the IP address 202.54.1.1 listed in iptables type the following command:
iptables -D INPUT -s 202.54.1.1 -j DROP 








Iptables Setup and Firewall For a Web Server




Posted by at No comments:
Subscribe to: Posts (Atom)