Home » 2012 » July

Linux Restricted Shells: rssh and scponly

October 31, 2020July 5, 2012 by Stefan Durand

Restricted shells like rssh and scponly give sysadmin the possibility to limit the operations that Linux user can do, for example you can create user that will be allowed to copy files via scp but won’t be permitted to login into system’s command line. This is quite important security feature that should be considered by every sysadmin to prevent unauthorized activity by users for example over SSH. If you have some online storage that is used for uploading backup data over scp or rsync/ssh from remote hosts then … Read more

Home » 2012 » July

Track file changes using auditd

October 31, 2020July 4, 2012 by Stefan Durand

Most of Linux distributions comes with Linux Auditing System that makes it possible to track file changes, file accesses as well as system calls. It’s pretty useful functionality for sysadmins who wish to know who and when accessed and/or changed sensitive files like /etc/passwd, /etc/sudoers or others. Daemon auditd that usually runs in background and starts after reboot by default logs those events into /var/log/audit.log file (or into other file if different syslog facility is specified). The common usage is to list all files which should … Read more

Home » 2012 » July

Limit CPU usage of Linux process

October 31, 2020July 3, 2012 by Stefan Durand

cpulimit is a small program written in C that allows to limit CPU usage by Linux process. Limit is specified in percentage so it’s possible to prevent high CPU load generated by scripts, programs or processes. I found cpulimit pretty useful for the scripts running from cron, for example I can do overnight backups and be sure that compression of 50GB file via gzip won’t eat all CPU resources and all other system processes will have enough CPU time. In most of Linux distributions cpulimit … Read more