security for sshd server

Recently, I suffer a lot attack from china IP.

I set some security rules for sshd server

1. edit sshd_configure

PermitRootLogin no

MaxAuthTries 2

PermitEmptyPasswords no

PasswordAuthentication yes

UsePAM yes

2. edit /etc/hosts.deny

ALL: {IP from fuck damn China}

or

sshd: {IP from fuck damn China}

The IP can check from http://www.ipdeny.com/ipblocks/

3. apply pam

auth required pam_stack.so service=system-auth

auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed

account required pam_nologin.so

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth

session required pam_loginuid.so

Touch directories recursively

Some linux or unix workstation may clean your files that you do work for a long after a period.

But sometime some file we do not expect the system to clean like as file of lib.

The solution is write a script to touch them.

Actually, "touch" can not touch recursively in linux system.

However, I find a solution in web. could solve this problem.

find ~/lib -exec touch {} \;

How to put variable in sed command

I declare a variable in bash

VALUE=dance

How to put it in sed command like that:

sed 's/hop/$VALUE/' filename

Solution:

sed 's/hop/'"$VALUE"'/' filename

OR

sed 's/hop/'$VALUE'/' filename

Two method are worked.

Linux connected to a Windows print server

chkconfig your system that is CUPS on?
if no, please turn it on.
open firefox type http://localhost:631

If you are connected to a Windows print server (or any other Samba capable print server), you can skip the section about kernel modules and such. All you have to do is start the CUPS daemon and complete the web interface as specified in section 3.3 and 3.4. Before this, you need to activate the Samba CUPS backend. You can do this by entering the following command:

# ln -s `which smbspool` /usr/lib/cups/backend/smb

Note that the symbol before is ` (underneath the ~ on a standard US keyboard) and not '. After this, you will have to restart CUPS using the command specified in the previous section. Next, simply log in on the CUPS web interface and choose to add a new printer. As a device choose "Windows Printer via SAMBA".

For the device location, enter:

smb://username:password@hostname/printer_name

Or without a password:

smb://username@hostname/printer_name

Make sure that the user actually has access to the printer on the Windows computer. Select the appropriate drivers and that's about it. If the computer is located on a domain, make sure the username includes the domain:

smb://username:password@domain/hostname/printer_name

Note: If your network contains many printers, use lpoptions -d your_desired_default_printer_name to set your preferred printer

Note: I, thepizzaking, was having 'NT_STATUS_ACCESS_DENIED' errors and to fix them I needed to use a slightly different syntax:

smb://workgroup/username:password@hostname/printer_name

reference: http://wiki.archlinux.org/index.php/CUPS#Windows_to_Linux