Wednesday, November 24, 2010

MySQL Dump/Restore

MySQL Backup:-

1. Dump ALL MySQL Databases

mysqldump --user=XXXXXXXX --password=XXXXXXX -A > /PATH/TO/DUMPFILE.SQL

2. Dump Individual or Multiple MySQL Databases

mysqldump --user=XXXXXXXX --password=XXXXXXX --databases DB_NAME1 DB_NAME2 DB_NAME3 > /PATH/TO/DUMPFILE.SQL

MySQL Restore:-

mysql --verbose --user=XXXXXXXX --password=XXXXXXXX DB_NAME < Path of the MySQL backup


Friday, November 12, 2010

Limit the users access to Linux in a time range

In the cases when you want to limit the access to a Linux operating system in a time range, you would like to use pam_time was written by Andrew G. Morgan.

Take a look at /etc/security/time.conf

To limit for example ssh access from 23:00 PM and 08:00 AM.

The format of the file is:

the !Al means, anything except "All the days".

If you would like to permit people from 4 to 8 PM all the days, except root:

Further reading:man time.conf


How to track in Linux which files have been deleted and by who ?

This is a hack you can use to control file deletion and know exactly who deleted a file.

The trick is to add into the /etc/profile file this script:

 rm () { echo `id` deleted the file $1 at `date` >> /tmp/.log; /bin/rm $1; }

The log file will show you this:

uid=500(walter) gid=500(walter) groups=500(walter) deleted the file test at Mon Nov 26 10:31:16 ART 2007 

To print also the hostname where the deletion has come from:

$ rm() { i=`tty | cut -d / -f 3,4`;host=`w | grep $i | awk '{print $3}'`;echo -e `id` deleted the file $1 at `date` comming from "$host\n" >> /tmp/.log;/bin/rm "$@";}

The output would be:

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),503(devel) deleted the file at Tue Nov 27 15:09:14 ART 2007 comming from

The problem of this solution is that if the user is some curious, he could know about this "set" variable, and:

* Unset the variable
* Execute the binary calling it directly

So, if you need the best way, you will have to write a little C script that replaces the original "rm" binary and rename the original "rm" binary to "rm.orig". Now, the "rm" binary should log the deletion of the file and then execute the "rm.orig", obviously, changing the process name to "rm", so the user do not suspects.