The every day things from Thalamus' life.

Thalamus' Blog

29 September, 2015

Blocking outgoing traffic based on userid

Filed under: ComputerStuff_en — Thalamus @ 01:41

Iptables/Netfilter have surprised me more than once on its flexibility. Lately I learned that one can block traffic based upon uid, gid and more. Being a BOFH, one could pr. example block access to internet for a single user – obviously if the machine itself where set to use in this example googles public dns servers.

iptables -A OUTPUT -o eth0 -m owner --uid-owner 500  -d 8.8.8.8/32 -j DROP
iptables -A OUTPUT -o eth0 -m owner --uid-owner 500  -d 8.8.4.4/32 -j DROP

Another use case …

/sbin/iptables -A OUTPUT -o eth0 -m owner --uid-owner 500 -d 192.168.129.29/32 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -m owner --uid-owner 500 -d 0.0.0.0 -p tcp -dport 22 -j DROP
• • •
 

23 September, 2015

bash_profile and bashrc

Filed under: ComputerStuff_en — Thalamus @ 06:53

What goes into wich file ?

.bash_profile – executed on each login.
.bashrc – executed on each shell.

This is why you often see .bashrc sourced from .bash_profile for setting eg. the PATH variable.

if [ -f ~/.bashrc ]; then
   source ~/.bashrc
fi
• • •
 

4 September, 2015

grub2 – keep older kernel as default

Filed under: ComputerStuff_en — Thalamus @ 09:57

There might me cases where you need to stick to an older kernel. The best way is to extract the name of the menuentry lines in ‘/etc/grub2.cfg’ and add it to ‘/etc/default/grub’.

# awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

Fedora (4.1.6-200.fc22.x86_64) 22 (Twenty Two)
Fedora (4.1.5-200.fc22.x86_64) 22 (Twenty Two)
Fedora (4.1.4-200.fc22.x86_64) 22 (Twenty Two)
Fedora (0-rescue-94d6f1edde0448b9bb79bf4f41bc66e4) 22 (Twenty Two)

In my setup right now – I need to replace this line in /etc/default/grub

GRUB_DEFAULT=saved

with the kernel I want – eg.

GRUB_DEFAULT=Fedora (4.1.6-200.fc22.x86_64) 22 (Twenty Two)

Now, the last thing to do is – update the grub2 bootloader by running this on bios based machines

# grub2-mkconfig -o /boot/grub2/grub.cfg

or

# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

for EFI based machines.

• • •