How to create bridge ?

a. Create a new network script file in the network configuration directory.
This example creates a file named ifcfg-installation which makes a bridge named
installation.

# vim ifcfg-installation
DEVICE=installation
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes

b. Start the new bridge by restarting the network service. The ifup installation command
can start the individual bridge but it is safer to test the entire network restarts properly.

# service network restart

c. There are no interfaces added to the new bridge yet. Use the brctl show command to view
details about network bridges on the system.

# brctl show
bridge name          bridge id                         STP enabled         interfaces
installation           8000.000000000000               no
virbr0                   8000.000000000000               yes

The virbr0 bridge is the default bridge used by libvirt for Network Address Translation
(NAT) on the default Ethernet device.

Add an interface to the new bridge
Edit the configuration file for the interface. Add the BRIDGE parameter to the configuration file with
the name of the bridge created in the previous steps.

# Intel Corporation Gigabit Network Connection
DEVICE=eth1
BRIDGE=installation
BOOTPROTO=dhcp
HWADDR=00:13:20:F7:6E:8E
ONBOOT=yes

After editing the configuration file, restart networking or reboot.

# service network restart

Verify the interface is attached with the brctl show command:

# brctl show
bridge name          bridge id               STP enabled         interfaces
installation 8000.001320f76e8e       no               eth1
virbr0                   8000.000000000000     yes

Restart libvirt before the installation
Restart the libvirt daemon.
# service libvirtd reload.

[ Read More ]

How to create limited shell

We want to limit the activities or command to run for specific user then, how to limit a shell? here are the steps to create limited shell.

Add a user who can execute some specific commands.

1. Create a link named  rbash  from bash.

# ln -s /bin/bash /opt/rbash

2. Add a user that his default shell is rbash and set he can execute only  ping .

# useradd lsuser -s /opt/rbash
# passwd lsuser
# mkdir /home/lsuser/bin
# ln -s /bin/ping /home/lsuser/bin/ping
# chown root. /home/lsuser/.bash_profile
# chmod 755 /home/lsuser/.bash_profile
# vi /home/lsuser/.bash_profile

 # change PATH like follows
 PATH= $HOME/bin

3. Login with the test user.

$ cd
-rbash: cd: restricted # denied
$ ls
-rbash: ls: command not found # none
$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.008 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.008 ms

localhost ping statistics
3 packets transmitted, 3 received, 0% packet loss, time 2157ms
rtt min/avg/max/mdev = 0.008/0.020/0.045/0.017 ms　 # executed

[ Read More ]