Sudo vs. SU

The “su” command is what a Linux user with proper permissions uses to ascend to the root administrator account. A secure SSH server will not allow direct root login, so the user must gain root after initial login. The “sudo” command is an alternative to using a separate root user with its own password. Instead, the user prepends “sudo” before a command that needs root privileges. Certain distributions, such as Ubuntu use “sudo” by default, while others, such as CentOS, prefer “su”.

There are benefits and drawbacks to each. With “su”, root is a true separate user, and some administrators find it more useful to be able to log in as root and run several commands. With “sudo” only commands with those words in front of it will be administrative preventing the user from accidentally running a dangerous command as root.

There are security benefits to each, and the argument over which is better can get heated. Suffice it is to say that it ultimately depends on the preference of the system administrator. Does he/she want to deal with one password or two? Technically, an administrator can decide to use both on the same server and use the one that is most beneficial at the time. It can also be useful if you have multiple users who need various permissions.

Photo Source: Flickr

iPhone and smartphone SSH with WebShell

You cannot be at your desk 24/7 even if you are the best system administrator the world has ever known. You also cannot predict when your server will need attention or where you will be when it does. We live in an age where mobile devices are as common as clothing, so it is only natural that web servers should be accessible from mobile devices as well.

Enter: Webshell, a cross-platform mobile SSH tool that allows the user to access a remote server on a computer, iPhone, or any other mobile device that has a web browser. Webshell is written in Python and therefore runs on any Unix-like system, including Linux, BSD, and Mac OS X.

Webshell supports multiple terminal emulations, UTF-8 enconding, including chinese/japanese glyph support, a virtual keyboard for iPhone users, customizable appearance, and maintains all of the security of SSH since it still operates over SSL/TLS. Webshell is free and open source software (GPL) and available for download from the project’s website.

5 Security tips for virtual private servers

There are many security factors you should consider when deploying Linux-based virtual private servers (VPS) on systems such as OpenVZ. Some protect your users and some protect your server as a whole. Here are five steps you can take to make sure your server is secure:

1. Disable the root password on the real server. Users may decide to use root passwords on their VPS systems, but do not make it easy for attackers to get past them to the real system.

2. Create a user designed just for admin tasks and give it “sudo” rights.

3. Create an ssh user to handle any remote logins and an sftp user for uploads to the real server. Disable remote access for all other users.

4. Run OpenSSH on a port other than the default 22. You can use 2222 or something else.

5. Rely on SSH keys for the two secure users and disable clear password authentication.

Photo Source: Flickr

cPanel shell scripts for Linux

cPanel is best known as a graphical web hosting control panel. Since it is web based, however, there may be times when a system administrator may prefer or may need to execute commands from the Linux shell, either locally or remotely via SSH. Fortunately, cPanel comes with a host of scripts found in the /scripts directory. Here are just some of the scripts offered:

easyapache – upgrades and reinstalls Apache
addpop – adds a POP mail account
wwwacct – adds a cPanel account
suspendacct – suspends an account
runweblogs – updates statistics for a user
makecpphp – reinstalls cPanel’s internal PHP
cpbackup – backs up all accounts

Other scripts are documented on the cPanel website as well as more specific documentation about updating services. As a warning, cPanel recommends against using any other scripts not listed on their website, although your web hosting provider might install some. If you find a suspicious script, contact your web host.

Source: cPanel Documentation
Photo: Flickr

How to check and optimize MySQL databases automatically

MySQL databases require regular maintenance, but usually the databases just need to be re-optimized and checked for errors. In such cases, having to go through each database on your server can be time consuming. Following these steps, you can setup a cron job that will automatically check and repair your databases.

1. Login to the server via SSH
2. Edit the crontab file found in /etc/crontab

# crontab -e

3. Enter the following line in the crontab file:

0 1 * * * mysqlcheck -Aao –auto-repair -u root -p[password] > /dev/null

This will check all databases on the server. If you do not have root access and only want to check your own website, you can edit your cron in your control panel or replace the “root” user with your MySQL username. Save the file, and cron will now start mysqlcheck at 1 am everyday to optimize and check all databases.

Source: My Digital Life
Photo: Flickr

Monitoring your server from your iPhone

Picture this. You’re on the go, traveling, working, going on a date, or even just taking a nap, and you suddenly start getting phone calls. Little do you know that those phone calls are from angry customers or your boss. The server went down two hours ago, but you had no idea what was going on.

Many of us in the IT industry, particularly server administrators, have experienced a scenario like this one. It could be something small. Maybe Apache just needs a restart, but instead of it being a small issue, your stakeholders blow it out of proportion. Rather than getting upset with them and possibly losing your job, why not put your iPhone to use?

Root Internet, an Internet service company, offers an iPhone server monitoring tool. It pings HTTP, HTTPS, FTP, SSH, SMTP, DNS, POP3, IMAP, MySQL, and custom TCP/IP services that you specify. When your server experiences trouble, you will receive a notification on your iPhone, through email, and even a text message. Now you can rest easy and enjoy your vacation time – that is until the next disaster strikes.

Source: Apple.com
Photo: Flickr

What is Putty?

PuTTY is a free terminal emulator that supports SSH and many other protocols. Most users, particularly on Windows, find it very useful for connecting to a Unix or Linux SSH server. PuTTY has a graphical configuration interface with many useful features:

• storage of connection data for quick reconnection
• port forwarding
• IPv6 support
• SCP and SFTP support

In addition to Windows, PuTTY has been ported to Linux and other Unix-like operating systems and will soon have a Mac OS X version. PuTTY is free and open source software released under the MIT license. It is available for download from the project’s website.

Photo: Wikimedia Commons

The benefits of SFTP

FTP is the primary method used by website owners to upload content to their servers or distribute large amounts of data. FTP is easy to use and generally efficient at doing its job, but no one would claim that it is completely secure. Generally speaking, files you upload to your website are public anyway, so you might not care if someone intercepts an FTP session’s contents.

When dealing with private information, however, it is a good idea to use a secure transfer method. It is also a better practice in general to use something secure so that your transactions and possibly client and user transactions are not available for the world to see. SFTP is a method of transferring data over an SSH channel.

There are SFTP clients available, and many FTP clients also support SFTP. They may even refer to it as SSH, since SFTP stands for SSH File Transfer Protocol. SFTP does require the user to have an SSH account, and some web hosting providers do not allow them, but if yours does, it is an excellent alternative to FTP.

Photo: Wikimedia

How to delete multiple files in various directories in Linux

Question: When uploading files to my Linux server from my windows computer, I have accumulated WS_FTP.log files and thumbs.db files in multiple directories. Is there an easy way to delete all of them at once without navigating through each directory?

Answer: With Linux, of course there is. You can accomplish this with the “find” command, and you can apply the same technique to any files you need to remove on a mass scale. To remove thumbs.db files, enter the following from a SSH command line:

find /home/user -name Thumbs.db -ok rm {} \;

And if you do not want to be prompted for each deletion, add the “-f” flag:

find /home/user -name Thumbs.db -ok rm -f {} \;

To find any other file, just replace the “Thumbs.db” with the appropriate filename.

find /home/user -name WS_FTP.LOG -ok rm -f {} \;

Source: webhostingtalk.com
Flickr: Flickr

How to manually grant privileges in MySQL

There are plenty of reasons why you might want to grant various privileges to a user in MySQL manually rather than with a control panel or phpMyAdmin. But regardless of the reason, the process is quick and easy, once you learn how to do it. For this you will need SSH access, which you will have with your own server or with special permission from your web hosting provider.

In this example, you will grant a user the “SELECT” privilege.

1. First login to your server via SSH and enter the following:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

(you will be prompted for your password)

2. At the “mysql>” prompt, enter:

GRANT SELECT ON database.* TO username@'localhost' IDENTIFIED BY 'password';

After you have assigned privileges, enter:

FLUSH PRIVILEGES;

You will need to replace “database”, “username”, and “password” with the appropriate information. That is all it takes to enter a basic privilege. For more extensive examples, see mediatemple.net

Photo Source: Flickr