Posted on Leave a comment

Extend root partition – physical storage expand

If you extend the virtual disk that holds the root partition of a linux server, you should extend the physical storage and filesystem in order to allocate the available space. In this article I will explain how to perform the necessary actions to archive this goal.

At first you can see that physical volume is currently 200GB.

In order to extend you should use parted and select the volume which holds the root filesystem. In my case it was number 3 and I performed the extension through the command:

parted -s -a opt devsda 'resizepart 3 100%'

If you check the vg space you may notice that space is not allocated yet.

Then you should perform a pvresize for the aforementioned partition and the space will be provided on the volume group.

pvresize /dev/sda3
Posted on Leave a comment

Log commands for all users on Linux – Redhat auditd

As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).

In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.

First things first, check if auditd is already installed and started on your system.

Then go to the rules file and open it with your favorite editor.

vi /etc/audit/rules.d/audit.rules

Add the below two rules to the end of the file.

-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd

Then execute on terminal:

augenrules 

You should then restart the service. Trying to do so with systemctl you may encounter the below error:

Execute auditd stop and start using the below commands:

service auditd stop
service auditd start

Verify existing rules:

auditctl -l

You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.

Locate the action from logs.

Posted on Leave a comment

Users with superuser privileges – sudo and su on RHEL 8

Sudo and su are two powerful utilities on linux operating system that enables one to manipulate who is performing actions on the filesystem and with which privileges .

The main difference between those two tools is that if administrator uses su - username then he should provide the user password in order to switch to the end user rights. On the other hand with sudo command the administrator should use its own password in order to validate with the system that he wants to run as a superuser the command su - .

As a result by using sudo su - x you dont have to specify the end user password but your own password.

Another way you can authorize your self as superuser is with sudo -i so you do not have to provide the password of root in the system.

The sudo command is very powerful and useful in the linux systems because for security purposes many times you could find root user deactivated and each user has its own credentials and rights. Also actions performed with sudo commands are logged in the operating system.

The most important prerequisite in order to use sudo command in Red Hat or Centos Linux is to be a member of the wheel group. You can give a specific user sudo rights with the following:

Create a new file under /etc/sudoers.d/USERNAME

touch /etc/sudoers.d/operator

and then vi the operator file and add the following line:

operator ALL=(ALL) ALL

using sudo with a user that does not have admin rights.
using sudo after creating the necessary file under sudoers.d