sudo command – Linux

PreWebHost.com

PreWebHost.com

The sudo command offers another approach to giving users administrative access. When trusted users precede an administrative command with sudo, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user.

The basic format of the sudo command is as follows:

 sudo <command>

In the above example, <command> would be replaced by a command normally reserved for the root user, such as mount.

The sudo command allows for a high degree of flexibility. For instance, only users listed in the /etc/sudoers configuration file are allowed to use the sudo command and the command is executed in the user’s shell, not a root shell. This means the root shell can be completely disabled  in the Red Hat Enterprise Linux / CentOS / Fedora / Ubuntu.

Each successful authentication using the sudo is logged to the file /var/log/messages and the command issued along with the issuer’s username is logged to the file /var/log/secure. Should you require additional logging, use the pam_tty_audit module to enable TTY auditing for specified users by adding the following line to your /etc/pam.d/system-auth file:

 session required pam_tty_audit.so disable=<pattern> enable=<pattern>

 

where pattern represents a comma-separated listing of users with an optional use of globs. For example, the following configuration will enable TTY auditing for the root user and disable it for all other users:

 session required pam_tty_audit.so disable=* enable=root

 

Another advantage of the sudo command is that an administrator can allow different users access to specific commands based on their needs. Administrators wanting to edit the sudo configuration file, /etc/sudoers, should use the visudo command.

To give someone full administrative privileges, type visudo and add a line similar to the following in the user privilege specification section:

mark ALL=(ALL) ALL

Above example states that the user, mark, can use sudo from any host and execute any command. The example below illustrates the granularity possible when configuring sudo:

 %users localhost=/sbin/shutdown -h now

This example states that any user can issue the command /sbin/shutdown -h now as long as it is issued from the console.

 

Important Points :

There are several potential risks to keep in mind when using the sudo command. You can avoid them by editing the /etc/sudoers configuration file using visudo as described above. Leaving the /etc/sudoers file in its default state gives every user in the wheel group unlimited root access.

By default, sudo stores the sudoer’s password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt the user for a password. This could be exploited by an attacker if the user leaves his workstation unattended and unlocked while still being logged in. This behavior can be changed by adding the following line to the /etc/sudoers file:

 Defaults    timestamp_timeout=<value>

where <value> is the desired timeout length in minutes. Setting the <value> to 0 causes sudo to require a password every time. If a sudoer’s account is compromised, an attacker can use sudo to open a new shell with administrative privileges:

 sudo /bin/bash

Opening a new shell as root in this or similar fashion gives the attacker administrative access for a theoretically unlimited amount of time, bypassing the timeout period specified in the /etc/sudoers file and never requiring the attacker to input a password for sudo again until the newly opened session is closed.

Domain Name Basics –

Domain name

Meaning of Domain name !

Domain name

A Domain Name is a unique name given to every website. It is used to physically locate a website over the Internet. The most basic functionality of a domain name is to provide symbolic representations, i.e., recognizable names, to mostly numerically addressed(IP Addresses) internet resources.
Example : In www.example.com www is the host name, example is the domain name and com is the top-level domain

Domain names must be registered. When domain names are registered they are added to a large domain name register, and information about your site – including your internet IP address – is stored on a DNS server.

DNS stands for Domain Name System. A DNS server is responsible for informing all other computers on the Internet about your domain name and your site address.

For more information visit bellow given websites.
http://en.wikipedia.org/wiki/Domain_name
http://en.wiktionary.org/wiki/domain_name

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Domain name pwh

Top-level domains
Every domain name ends in a top-level domain (TLD) name, which is always either one of a small list of generic names (three or more characters), or a two-character territory code based on ISO-3166 (there are few exceptions and new codes are integrated case by case). Top-level domains are sometimes also called first-level domains. For more info check the link http://en.wikipedia.org/wiki/Domain_name#Top-level_domains

Second-level domains and lower level domains
Below the top-level domains in the domain name hierarchy are the second-level domain (SLD) names. These are the names directly to the left of TLD. Next is third-level domains, which are written immediately to the left of a second-level domain and so on. Each level is separated by a dot, or period symbol. For example bbc.co.uk, is a third-level domain. Up to 127 levels are possible.

Who is in charge of maintaining the domain names list?
Network Solutions is in charge of maintaining domain names list. When you register a domain name, it goes through one of several dozen registrars who work with Network Solutions to add names to the list. Network Solutions, in turn, keeps a central database known as the whois database that contains information about the owner and name servers for each domain. If you go to the whois form, you can find information about any domain currently in existence.

How Domain Name Servers Work
http://blog.prewebhost.com/working-of-domain-name-servers/

Sub domain
In the Domain Name System (DNS) hierarchy, a subdomain is a domain that is part of a larger domain. For example, “mail.example.com” and “calendar.example.com” are subdomains of the “example.com” domain, which in turn is a subdomain of the “com” top-level domain (TLD). Sub-domains are domains subordinate to their parent domain. For More Info visit http://en.wikipedia.org/wiki/Subdomains

Addon Domains
Addon Domains are domain names that point to subdirectories within your hosting account.Addon Domains will not be functional unless the domain name is registered with a valid registrar and configured to point to hosting DNS servers.

Parked Domain
Domain pointers allow you to “point” or “park” additional domain names to your existing hosting account. This will allow users to also reach your website when entering the “parked” or “pointed” domain into their browsers. Domains must be registered with a valid registrar before they can be parked. In addition, they will not be functional unless they are configured to point to hosting DNS servers.

 

Enable the slow query log in mysql

A mysql is widely used database server and to yield better performance from it you need to optimize it properly.

When you use tools like mysqltuner, it would show you following recommendations.

Enable the slow query log to troubleshoot bad queries

Queries that take longer than expected to execute can be caused by a variety of reasons. In mysql a slow query can be detected easily using logs. You need to enable slow query logs in your mysql configuration so that slow queries in the server can be written to the file specified.

You can set it temporarily, but running the following commands:

Login to mysql and execute following commands.

root@starpro [/var/log]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3363
Server version: 5.5.32-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> set global log_slow_queries = 1;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> set global slow_query_log_file = ‘/var/log/mysql.log’;
Query OK, 0 rows affected (0.00 sec)

mysql> quit

root@starpro [/var/log]# /etc/init.d/mysqld restart

You can enable permanently [ I am using cPanel server ]

root@server[~]# mysql_config –version
5.0.92

root@server [~]# mysqladmin var | grep slow
| log_slow_queries | OFF |
| slow_launch_time | 2 |

root@sever[~]# cat /etc/my.cnf
[mysqld]
innodb_file_per_table=1

root@server[~]# echo “log-slow-queries=/var/log/mysql.log” >> /etc/my.cnf

root@server[~]# touch /var/log/mysql.log

root@server[~]# chown mysql:mysql /var/log/mysql.log

root@server[~]# chmod 660 /var/log/mysql.log

root@server[~]# /etc/init.d/mysql restart
Shutting down MySQL. SUCCESS!
Starting MySQL. SUCCESS!

root@host [~]# mysqladmin var | grep slow
| log_slow_queries | ON |
| slow_launch_time | 2 |

root@server[~]# cat /etc/my.cnf
[mysqld]
innodb_file_per_table=1
log-slow-queries=/var/log/mysql.log
root@host [~]# cat /var/log/mysql.log
/usr/sbin/mysqld, Version: 5.0.92-community-log
(MySQL Community Edition (GPL)). started with:
Tcp port: 0 Unix socket: (null)
Time Id Command Argument

1 2 3 4