Saturday, October 11, 2014

SAMBA FILE SERVER AND WINDOWS ACTIVE DIRECTORY

SAMBA FILE SERVER AND WINDOWS ACTIVE DIRECTORY

ADS and DNS server IP : 192.168.3.14

Samba server IP: 192.168.3.13
yum install samba-*
yum install krb5-*
*************************************************
# /etc/resolv.conf
    search aiamibd.com
    nameserver 192.168.3.14


*************************************************

# /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = AIAMIBD.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]

 AIAMIBD.COM = {
  kdc = aia.aiamibd.com
 }

[domain_realm]
 .aiamibd.com = AIAMIBD.COM
 aiamibd.com = AIAMIBD.COM

************************************************

# /etc/nsswitch.conf
#
passwd:     files winbind compat
shadow:     files winbind compat
group:      files winbind compat

#hosts:     db files nisplus nis dns
hosts:      files dns winbind

*************************************************

# Add samba server to domain user

net ads join -U administrator


/etc/init.d/winbind restart
/etc/init.d/smb restart
/etc/init.d/nmb restart

# check it
kinit administrator
klist
wbinfo -u
wbinfo -g




*************************************************

 Global Settings
   
[global]

   workgroup = AIAMIBD
   password server = aia.aiamibd.com
   realm = AIAMIBD.COM
   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /bin/bash
   winbind use default domain = yes
   winbind offline logon = true
   
# ----------------------- Network Related Options -------------------------
    server string = Samba Server Version %v
    hosts allow = 127. 192.168.
   
# --------------------------- Logging Options -----------------------------
# Max Log Size let you specify the max size log files should reach
   
    # logs split per machine
    log file = /var/log/samba/log.%m
    # max 50KB per log file, then rotate
    max log size = 50
   
# ----------------------- Standalone Server Options ------------------------
    passdb backend = tdbsam

#============================ Share Definitions ==============================
   
[homes]
    comment = Home Directories
    browseable = yes
    writable = yes
    valid users = %S
    valid users = AIAMIBD\%S

[omes]
        comment = omes Directories
              path  = /omes
        browseable  = yes
        writable    = yes
        valid users = @"AIAMIBD\Domain Users"
       
        (Note: Permission to access omes folder for All Domain users)

[INFRA]
        comment     = Use for all domain Users
        path        = /IT
        browseable  = yes
        writable    = yes
        valid users = @"AIAMIBD\samba-infra"
       
        (Note: Permission to access INFRA folder for samba-infra group users of AD)


[Spacial]
        comment     = Use for all domain Users
        path        = /software
        browseable  = yes
        writable    = yes
        valid users = AIAMIBD\tumi ami test1

        (Note: Permission to access Spacial folder for some domain users of AD)
Posted by at No comments:

Wednesday, October 8, 2014

How to check if your Linux server is under DDOS Attack?

How to check if your Linux server is under DDOS Attack?


Login to your server as root and fire the following command, using  which you can check if your server is under DDOS attack or not:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n

This command will show you the list of IP’s which have logged in is maximum number of connections to your server.

ddos becomes more complex as attackers  use fewer connections with more number of attacking IP’s.In such cases, you should get less number of connections even when your server is under ddos.One important thing that you should check is the number of active connections that your server currently has.For that execute the following command:
netstat -n | grep :80 |wc –l

The above command will show the active connections that are open to your server.
You can also fire the following command :
netstat -n | grep :80 | grep SYN |wc –l

Result of active connections from the first command will vary but if it shows connections more than 500, then you will be definitely having problems. If the result after you fire second command is 100 or above then you are having problems with sync attack.
Once you get an idea of the ip attacking your server, you can easily block it.
Fire the following command to block that ip or any other specific ip:
route add ipaddress reject

Once you block a paricular IP on the server, you can even crosscheck if the IP is blocked or not
by using the following command:
route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT
service iptables restart
service iptables save

After firing the above command, KILL all httpd connection and than restart httpd service by
using following command:
killall -KILL httpd
service httpd start




 https://kb.hivelocity.net/how-to-check-if-your-linux-server-is-under-ddos-attack/
Posted by at No comments:
Subscribe to: Posts (Atom)