By default all user's of Linux OS can do SU ( super user) and attempt to get root privileges ( if they are able to crack root password). We can avoid this by creating a group (i.e Admin) and assigning SU privilege to that group.
vi /etc/pam.d/su
### Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/$ISA/pam_wheel.so use_uid group=Admin
Note:group=Admin need to added after use_uid to group access to SU.
Tuesday, February 12, 2008
Monday, February 11, 2008
Configuring And Troubleshooting HDLC On Point-To-Point Links
R1#show interface serial 1
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
R3#show int serial1
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.3/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
At this point, each partner in the PTP link can ping the other.
R1#ping 172.12.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
If one of the routers is running another encapsulation type, the physical interfaces will still be up, but the line protocol will go down and IP connectivity will be lost. To illustrate, I'll change the encapsulation type on R3's Serial1 interface to the Point-To-Point Protocol (PPP).
R3(config-if)#exit
R3(config)#int serial 1
R3(config-if)#encapsulation ppp
R3#show interface serial 1
Serial1 is up, line protocol is down
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#show interface serial 1
Serial1 is up, line protocol is down
R1#ping 172.12.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The encapsulation mismatch has brought the line protocol down, and to bring it back up, we simply need to make the encapsulation types match again.
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
R3#show int serial1
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.3/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
At this point, each partner in the PTP link can ping the other.
R1#ping 172.12.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
If one of the routers is running another encapsulation type, the physical interfaces will still be up, but the line protocol will go down and IP connectivity will be lost. To illustrate, I'll change the encapsulation type on R3's Serial1 interface to the Point-To-Point Protocol (PPP).
R3(config-if)#exit
R3(config)#int serial 1
R3(config-if)#encapsulation ppp
R3#show interface serial 1
Serial1 is up, line protocol is down
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#show interface serial 1
Serial1 is up, line protocol is down
R1#ping 172.12.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The encapsulation mismatch has brought the line protocol down, and to bring it back up, we simply need to make the encapsulation types match again.
Subscribe to:
Posts (Atom)
RSS Feeds
View Anilkumar Naik's profile
