Posts Tagged ‘ssh’

Setting up a new user account for root access.

July 7th, 2010

Let’s face it, giving out your root password to your Linux server isn’t very smart or security minded. Still there are many of us who provide our root user and before we know it, we’re either looking at a compromise or a permissions issue or worse. Though it doesn’t need to be this way. No… We can create a new user and give them root access or we can edit the abilities of this user.

How does one do this you ask? Simple. In this instance, we’ll setup a new user to have root access, but this works out as we can add the user to the sudoers file, meaning we know who we are giving access to. Heck, you may want to do this for your main user and disable the root user for security reasons, but that’s your call.

Any how, on to the fun stuff!

1. First we need to login to the server, so don’t disable the root user yet, and create a new user. For this example, I’ll make a new user called madtech. So we SSH into the server and type the following;

“useradd madtech”

2. Next we need to add a password for the user, to do this we need to type the following;

“passwd madtech”

It will then ask for us to enter the password and then again to confirm the password.

3. Now that we created the user, we need to edit the sudoers file. Take note we don’t want to edit this with or standard text editors.. no, thats bad. We need to use visudo. Visudo should already be installed on the server. So what we need to do now is goto the following line;

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
We need to add our new user to this file by typing;
madtech  ALL=(ALL)  ALL
And then we press CRTL+X and then Y to save the changes.
4. We’ve just added the user, so know when you log into the server with this new user you can type the following to sudo in and gain admin access;
“sudo -l” or “sudo su -”
This will give the suer root access for the logged in session. If you log out and back in, you need to sudo again.
*******Issues you may encounter*********
So you added the user but when you sudo in, you get the following error:
sudo: must be setuid root
This means there is an issue with the changes to the sudoers file and you need to fix it. But its an easy fix, so relax. All you need to do is log back into the server as the root user again and run the following commands;
“chown root:root /usr/bin/sudo”
“chmod 4111 /usr/bin/sudo”
Now logout as root and login as the new user and then sudo in.  You should now get the default sudo message like the one below or similar, depending on what the MOTD on the server is set to.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.”

That’s it. Now you can disable that root user, if you choose to!

No comments »

Posted in Linux, Security

Tags:

Updating Apache using Cpanel’s EasyApache (SSH)

December 8th, 2009

EasyApache is a pre configured script that allows you to easily update Apache Web server through WHM or SSH.
In this tutorial we will show you how to update apache using SSH /scripts/easyapache.

Requirements:
Root SSH access to your server

Login as root through SSH.
1) Login to your server and su - to root.

Run EasyApache
2) /scripts/easyapache
3) Now once you are logged in and have ran the script, you will be presented with an option to choose a profile. Seeing that this is your first time (or not) you will want to choose “Start customizing based on profile” and hit enter. You move by using the arrow keys and using the space bar or mouse to choose and option if you need to fill one out (later in the tutorial).

easyapache11

4) Your next screen will to choose what version of apache you wish to run. Depending on what version of cpanel you are running, your options will be different. In my instance, I am using 11.24, so I have the option for Apache 1.3, 2.0 or 2.2. Your choose will depend on if you need certain features of that version of Apache. However when in doubt, google it my friends. I’ll choose 2.0 for this instance.

easyapache2

5) The next step will to choose what version of php you wish to use. Keep in might that Apache is constantly upgraded, so it’s usually best to go with the newest version.

easyapache3

6) After you choose your php version, you will be presented with what revision you want. Once again, rule of thumb is the newest should be the one you choose, unless your program requires a specific version of php.

easyapache4

7) Now we get to choose several options for apache / php. Assuming that you don’t need frontpage for example, or you do want mod perl or Zend, you would choose what options you need. These are not the final options for apache / php however, this will be done on the next screen. Unlike the other screens where you selected next step to move on, here you can either finish the build by choosing save and build (which will use previous settings) or you can choose exhaustive options list, where you can customize apache /php. Choose the later to continue.

easyapache5

8) Finally, we can choose what options are available for apache / php. This can be several screens long, so make sure you scroll up and down to view all the options. Once you have selected what you need, hit the next step.

easyapache6

9) Now, after choosing all your options, you have the ability to either save the build but not running it or save the build and running it. Once you decide to save and build, this process takes 15-30 minutes to complete. Once it does complete, httpd will restart and the new settings will take place.

easyapache7

That’s it. Take note that you can also run Apache from inside of WHM/CP, but it uses more memory due to the GUI, so t’s recommended to do this via SSH, esspecially if you are on a VPS with less than 512MB of memory or a heavily trafficed server.

1 comment »

Posted in Cpanel, PHP

Tags:

How To Change MySQL Root Password

November 17th, 2009

I’ve found that in my journies, the easist way to reset a mysql password, assuming you have SSH / Shell access is to log into the server and change it. To do this, you need to do the following;

1. Login to the server via SSH.

2. Once logged in, you’ll need to modify the my.cnf file to force your mysql to skip the grant tables. This will allow you to reset mysql so you can gain access without providing the password. One of the benefits of SSH access.

The my.cnf file will look like this;

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
#skip-grant-tables  <— This is the line we add. Remove the # to enable it. Once done remove that or place the # back into place.
[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

3. Now that you added this, reset mysql.

4. Once mysql is restarted, you can gain access to it directly by typing ;

$ mysql -u root

It may ask for a password, but you can ignore it.

5. Now that you are logged in, will need to access the mysql database;

use mysql;

6. Lastly, we need to change the password by running the following;

UPDATE user SET password=PASSWORD(‘newpassword’) WHERE user=’root’;

7. Now you can remove the line in the my.cnf that we added in step 2. Once you remove it, save the configuration and restart mysql.

That’s it. The password has been changed!

No comments »

Posted in Linux, MySql

Tags: