Clean Desk Policy:

Goal:

Establish the minimum requirements for maintaining a “clean desk” – where sensitive/critical information about employees, intellectual property, students is secure in locked areas and out of site.

Procedure:

a.Employees are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day and when they are expected to be gone for an extended period.
b.Computer workstations must be locked when workspace is unoccupied.
c.Computer workstations must be shut completely down at the end of the work day.
d.Any Restricted or Sensitive information must be removed from the desk and locked in a drawer when the desk is unoccupied and at the end of the work day.
e.File cabinets containing Restricted or Sensitive information must be kept closed and locked when not in use or when not attended.
f.Keys used for access to Restricted or Sensitive information must not be left at an unattended desk.
g.Laptops must be either locked with a locking cable or locked away in a drawer.
h.Passwords may not be left on sticky notes posted on or under a computer, nor may they be left written down in an accessible location.
i.Printouts containing Restricted or Sensitive information should be immediately removed from the printer.
j.Upon disposal Restricted and/or Sensitive documents should be shredded in the official shredder bins or placed in the lock confidential disposal bins.
k.Whiteboards containing Restricted and/or Sensitive information should be erased.
l.Lock away portable computing devices such as laptops and tablets.
m.Treat mass storage devices such as CDROM, DVD or USB drives as sensitive and secure them in a locked drawer.

Password Policy:

Goal:

Passwords are a critical component of information security and serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or network. This policy provides best practices for creating secure passwords.

ACL means “access control list”.

Config file

/etc/default/useradd
/etc/skel
note:this config will add subdir under /etc/skel, it will automatically create the same dir when using useradd command to create a username

useradd

-u uid
-g default group, initial login group
-a -G append extra group
-r add a system users (uid < 100)
-s shell /bin/bash or /sbin/login or /sbin/nologin
newgrp username groupname set the effective group for user

userdel

1

userdel   anna

only delete the username, keep the home dir and all other files

1

userdel -r anna

delete completely all the username’s file and dir, use “-r”

gpasswd

1

gpasswd group name

create a passwd for this group

1

gpasswd -A username groupname

Let username to be the administrator of groupname
Then user can use gpasswd to add new user to this group

RPM (Red Hat Package Manager) is an default open source and most popular package management utility in Redhat Linux. The tool allows users to install, update, uninstall, query, verify and manage system software packages in Unix/Linux operating systems.
Here are some very useful commands

You want to know whether httpd installed

1
2
3

[root@www 7]# rpm -qa |grep httpd
httpd-tools-2.4.6-88.el7.centos.x86_64
httpd-2.4.6-88.el7.centos.x86_64

Query all the config files of http

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

[root@www 7]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd

Query all the files about httpd

1

rpm -ql httpd

If you don’t know which software a file belongs to, you can do :

1
2
3

[root@www 7]# rpm -qf /etc/rpc
glibc-2.17-260.el7_6.3.x86_64
glibc-2.17-260.el7_6.3.i686

Yum is a very powful tool in Redhat Linux, it can provide install and update software online.

Some very useful commands

Quiry

1

yum list all

query all softwares in repository

1

yum list installed

softwares already installed on host

1

yum list available

softwares not installed yet, you can install right now

1

yum list updates

show the software that can be updated at once

The following two commands have same function

1
2

yum provides passwd
rpm -qf /etc/passwd

Both will tell you what software this command belong to

There are two ways to create a swap in Linux.

Use disk partition

Make a partition first

1

fdisk /dev/sda1

1

mkswap /dev/sda1

1

swapon /dev/sda1

1
2

blkid
UUID="40a10328-63e5-4450-8bed-1739bc472d2d"

1
2

vi /etc/fstab
UUID="40a10328-63e5-4450-8bed-1739bc472d2d"   swap swap defaults 0 0

1

mount -a

Use a file

1
2
3

dd if=/dev/zero of=/tmp/swap bs=1M count=128
mkswap /tmp/swap
swapon /tmp/swap

1
2

vi /etc/fstab
/tmp/swap swap swap defaults  0 0

Linux provides a method to let users create personality boot menu.Doing as follows:

Config document location

/boot/grub2/grub.cfg
/etc/default/grub
/etc/grub.d/*

Adding more than one kernel boot to menu

Copy first menu from /boot/grub2/grub.cfg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

menuentry 'CentOS Linux (3.10.0-957.10.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-957.10.1.el7.x86_64-advanced-51497437-886c-472c-9c74-8ef2e459214b' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'  cdbb3f80-2c48-4c5c-bc72-0f40023061b9
        else
          search --no-floppy --fs-uuid --set=root cdbb3f80-2c48-4c5c-bc72-0f40023061b9
        fi
        linux16 /vmlinuz-3.10.0-957.10.1.el7.x86_64 root=/dev/mapper/cl-root ro crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap ifname=enp0s3:08:00:27:37:8e:ba  elevator=deadline elevator=deadline
        initrd16 /initramfs-3.10.0-957.10.1.el7.x86_64.img
}

then

1
2

cd /etc/grub.d
vim 40_custom

1
2
3
4
5
6
7
8
9
10
11
12
13

menuentry 'my CentOS Linux (3.10.0-957.5.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted --id 'mygraphical' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'  cdbb3f80-2c48-4c5c-bc72-0f40023061b9
        else
          search --no-floppy --fs-uuid --set=root cdbb3f80-2c48-4c5c-bc72-0f40023061b9
        fi
        linux16 /vmlinuz-3.10.0-957.5.1.el7.x86_64 root=/dev/mapper/cl-root ro crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap ifname=enp0s3:08:00:27:37:8e:ba rhgb elevator=deadline systemd.unit=graphical.target

paste menuentry in 40_custom, then change name to “my centOS” and config it to fit your requirement, creating a new menu.
Don’t forget mkconfig, after doing that, the new menu can be created.

1

grub2-mkconfig -o /boot/grub2/grub.cfg

The new menu will be created at the bottom of /boot/grub.d/grub.cfg, when booting linux, it will show on the menu.

Important directory needed to backup

/etc
/home
/var/spool/mail
/var/spool/{at,cron}
/boot
/root
/usr/local
/var/www
/srv/www
/var/lib/mysql for apache server

backup methods

dd :

1

dd  if=/dev/sda of=/dev/sdb

let /dev/sdb keep all the backup for /dev/sda

cpio:

1

find / -print |cpio -covB > dev/st0

backup all / to the tape

About matplotlib

Matplotlib is a python plotting library which can help generate plots, and charts.

Installation

Install python3 matplotlib on my Ubuntu 16.04 box

1

$ sudo apt install python3-matplotlib

Creating a simple chart in python shell

1
2
3
4
5
6
7
8
9
10
11
12

$ python3
Python 3.5.2 (default, Nov 23 2017, 16:37:01) 
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import matplotlib.pyplot as plt
>>> plt
<module 'matplotlib.pyplot' from '/usr/lib/python3/dist-packages/matplotlib/pyplot.py'>
>>> x = range(10) # create X coordinate data
>>> y = [ i*i for i in x ] # create Y coordinate data with square of data on X.
>>> plt.plot(x, y)
[<matplotlib.lines.Line2D object at 0x7f4f7d4433c8>]
>>> plt.show()

Then I got the chart

Change hexo blog theme - NexT

Change to hexo blog theme NexT which has neat look and supports a lot cool features.
Download the theme

1

$ git clone https://github.com/iissnan/hexo-theme-next themes/next

Edit blog configuration file _config.yml, change to theme from the default langscape to next

1

theme: next

Edit theme configuration file themes/next/_config.yml, change list scheme from default Muse to Pisces, see more about NexT theme scheme

1
2
3
4

# Schemes
#scheme: Muse
#scheme: Mist
scheme: Pisces

I prefer the scheme Pisces because it has menu and links and other stuff showing on left side of the blog content.

Introduction

Github pages

Github pages is a github service that can host personal or project web pages directly from a github repository. This is ideal place to host my blog site because it is fast, and I will have a github.io domain, and there are some really cool blog frameworks that support deploying blog site to Github Pages.

Hexo

The most popular blog framework that supports github pages is Jekyll It seems, because it is officially recommended by github. But I found another framework Hexo, which compared to Jekyll, is similar but much easier to use, I only need to know 4 commands,

1
2
3
4

hexo n # new post
hexo g # generate
hexo s # server
hexo d # deploy

After I checked out some Hexo built blog sites, I decied to go with Hexo. Hexo is wirtten in node.js, and it supports a lot powerfull plugins and has cool themes.