Linux

How to setup user authentication in MongoDB 4.0

Standard

Creating the users

Let’s start, for real, by creating the actual users. Open your mongo shell and switch to the admin database:

use admin

Create the “admin” user (you can call it whatever you want)

db.createUser({ user: "admin", pwd: "adminpassword", roles: [{ role: "userAdminAnyDatabase", db: "admin" }] })

Don’t panic with all these brackets. We’re passing an “user” object to the createUser function, which contains a “roles” array. In the array we have one “role” object, which defines what the user can do and on which database.

In this case we’re giving the user the userAdminAnyDatabase role. This means that the admin user will be able manage (create, update, delete) users on all the databases of the MongoDB instance.

Make sure you use a safe password for the admin user, preferably generated by a password manager.

You can check that the user has been correctly created with this command:

db.auth("admin", "adminpassword")

The command will log you in as admin. Now exit the shell:

exit

We are now going to enable authentication on the MongoDB instance, by modifying the mongod.conf file. If you’re on Linux:

sudo nano /etc/mongod.conf

Add these lines at the bottom of the YAML config file:

security:
    authorization: enabled

This will enable authentication on your database instance. With nano, save with CTRL+X and confirm with y.

Now restart the mongod service (Ubuntu syntax).

sudo service mongod restart

You can check if the service is up with:

sudo service mongod status

Let’s go back in the mongo shell. Switch to the database admin and authenticate with the previously created user (called “admin”). Given that the user has the “userAdmin” role, it will be able to create and manage other users.

use admin
db.auth("admin", "adminpassword")

Now we will switch to an already created database and create a new user specifically for the database.

The following command will create an user with the role of dbOwner on the database. The dbOwner role will give to the user read and write permissions on all the collections of the database.

use yourdatabase
db.createUser({ user: "youruser", pwd: "yourpassword", roles: [{ role: "dbOwner", db: "yourdatabase" }] })

Check that everything went fine by trying to authenticate, with the db.auth(user, pwd) function.

db.auth("youruser", "yourpassword")
show collections

And that’s it, your MongoDB instance is now secured, provided that you used strong passwords.

When connecting with your favourite MongoDB Client from an application, use a connection string that will look like this:

mongodb://youruser:yourpassword@localhost/yourdatabase

Now, one last thing…

Protecting from external access

We’re now going to check that the MongoDB instance is listening on the local loopback interface only. This means that the DBMS will be accepting connections to the databases only when they come from the host itself.

You can of course adapt this to your needs, for example by enabling access on a private network interface, but the important thing to understand is that you should carefully decide which interfaces MongoDB should listen on. You should therefore avoid to expose the instance on the Internet if you don’t require to access it from the outside. And even if you do, there are much better ways to do that, for example by using an SSH tunnel. But that’s another story.

So, open mongod.conf in edit mode again, as we’re going to check out the net.bindIp option. That option tells the mongod process on which interfaces it should listen.

Examples of bindIp configuration

net:
    bindIp: 127.0.0.1

With this configuration, MongoDB will listen on 127.0.0.1 only (localhost). It means that you’ll be able to connect to your database only from the local machine.

NOTE: 127.0.0.1 is the default bind interface starting with MongoDB 3.6.0.

net:
    bindIp: 0.0.0.0

With this configuration, MongoDB will be listening on 0.0.0.0 (“all the networks”). It means that mongod will listen on all the interfaces configured on your system. Pay attention that in this way you are likely going to allow everyone on the Internet to access your database (as far as they have the credentials, of course, so pay particular attention to poor passwords).

You can also make MongoDB listen on more than one interface, by separing them with commas. This is useful if you want to make MongoDB listen on localhost and a private network interface.

net:
    bindIp: 127.0.0.1,172.21.200.200

A solution that you could consider is to set the bindIp option to 0.0.0.0 and then configure a firewall to filter incoming TCP requests on the MongoDB port and allow them only on specific interfaces.

install mongoDB on Linux

Standard

1) Create a /etc/yum.repos.d/mongodb-org-4.0.repo file so that you can install MongoDB directly using yum:

go to directory: /etc/yum.repos.d/
Create file: vi mongodb-org-4.0.repo
Paste data:
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

2) Install the MongoDB packages.
sudo yum install -y mongodb-org

3) Start MongoDB.
sudo service mongod start

4) Begin using MongoDB.
mongo –host 127.0.0.1:27017

Shell script to import JSON files in mongodb

Standard
  • Following script will find all files in directory path mentioned below in “DIR” variable.
  • Read each file name in loop & execute mongodb import command i.e
    • mongoimport -d DATABASE_NAME -c TABLE_NAME –file FILE_PATH\FILE_NAME.json

#!/bin/sh

DIR=”NsBackupFiles/”
for eachFile in “$DIR”*
do
fileName=`echo $eachFile | cut -d’/’ -f 2`
tableName=`echo $fileName | cut -d’_’ -f 1`
echo $tableName
mongoimport -d ns_backup -c $tableName –file $eachFile
done

Install Java, mySQL, apacheTomcat on Linux Server & Open Specific Port Using FireWalld

Standard
  • Install Java
    • Download and upload any jdk say “jdk-8u162-linux-x64.rpm” file at any directory say “/tmp”
    • cd /usr/java
    • sudo rpm -Uvh /tmp/jdk-8u162-linux-x64.rpm

 

 

 

  • Open Specific Port Using FireWalld
    • [root@centos7 ~]# firewall-cmd –permanent –add-port=100/tcp
      success
    • [root@centos7 ~]# firewall-cmd –reload
      success
    • We can check the ports that are opened in the current default zone with ‘–list-ports’.
      • [root@centos7 ~]# firewall-cmd –list-ports

100/tcp

SSL https installation

Standard

https://in.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

Tomcat: Generate CSRs and install certificates
When you request an SSL certificate, you must provide a Certificate Signing Request (CSR) from your server. The CSR includes your public key, and must contain the same details as the online request form in your account. After your request is vetted and your certificate is issued, download and install all of the provided files to complete the installation.

Note: These steps describe how to install a certificate using keytool, so you must have Java 2 SDK 1.2 or above installed on your server.

Generating a Keystore and CSR in Tomcat
Using Keytool, follow these steps to generate a keystore and CSR on your server.

To Generate a Keystore and CSR in Tomcat
1.Enter the following command into keytool to create a keystore:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
2.Enter a Password. The default is changeit.
3.Enter Distinguished Information:
3.1.First and Last Name — The fully-qualified domain name, or URL, you’re securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
3.2.Organizational Unit — Optional. If applicable, you can enter the DBA name in this field.
3.3.Organization — The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor’s name in Organization, and the DBA (doing business as) name in Organizational Unit.
3.4.City/Locality — Name of the city in which your organization is registered/located — do not abbreviate.
3.5.State/Province — Name of state or province where your organization is located — do not abbreviate.
3.6.Country Code — The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
4.Enter the following command into keytool to create a CSR:
keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore
5.Enter the Password you provided in Step 2.
6.Open the CSR file, and copy all of the text, including
—-BEGIN NEW CERTIFICATE REQUEST—-

and

—-END CERTIFICATE REQUEST—-
7.Paste all of the text into the online request form and complete your application.
For more information about completing the online request form, see Request an SSL certificate.

After you submit the application, we begin vetting your request. You will receive an email with more information when this process is complete.

Installing Your SSL in Tomcat
After the certificate is issued, download it from the Certificate Manager and place it in the same folder as your keystore. Then, using keytool, enter the following commands to install the certificates.

The file names for your root and intermediate certificates depend on your signature algorithm.

SHA-1 root certificate: gd_class2_root.crt
SHA-2 root certificate: gdroot-g2.crt
SHA-1 intermediate certificate: gd.intermediate.crt
SHA-2 intermediate certificate: gdig2.crt
(Java 6/7 only) SHA-2 Root Certificate: gdroot-g2_cross.crt
Warning: You should not use SSL certificates employing the SHA-1 algorithm (more info).
You can also download certificates from the repository.

To Install Your SSL in Tomcat
1.Install the root certificate by running the following command:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file [name of the root certificate]
2.Install the intermediate certificate by running the following command:
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file [name of the intermediate certificate]
3.Install the issued certificate into the keystore by running the following command:
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file [name of the certificate]
4.Update the server.xml file with the correct keystore location in the Tomcat directory.
Note: The HTTPS connector is commented out by default. Remove the comment tags to enable HTTPS.

Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
clientAuth=”false”
protocol=”TLS” keystoreFile=”/etc/tomcat5/tomcat.keystore”
keystorePass=”changeit” />
Tomcat 5.x, 6.x and 7.x — Update the following elements in server.xml for Tomcat 5.x, 6.x and 7.x:
<– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
<Connector
port=”8443″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
keystoreFile=”[path to your keystore file]” keystorePass=”changeit”
clientAuth=”false” sslProtocol=”TLS”/>
5.Save your changes to server.xml, and then restart Tomcat to begin using your SSL. Your SSL Certificate is installed. If you have problems, please see Test your SSL’s configuration to help diagnose issues.

Using cron and curl execute server http page(servlet or php) using post method

Standard

Following steps have to follow for doing this :

  • Create .sh file in root directory, for e.g create test file as :
    • vi /root/test.sh
    • Write following line in test.sh file : for.e.g : java project name abc having servlet name xyz needs to execute by post method with two parameters aa, bb.
    • Save test.sh file by “press esc button” and type “:wq” and press enter key
    • cron test.sh to execute on specific time interval, e.g to be execute in every 1 hour daily and write its output in _log.log file created by us in root directory:
      • */02 * * * * /root/test.sh >> /root/_log.log

Linux Crontab: 15 Awesome Cron Job Examples

Standard

Linux Crontab Format

MIN HOUR DOM MON DOW CMD
Table: Crontab Fields and Allowed Ranges (Linux Crontab Syntax)
Field Description Allowed Value
MIN Minute field 0 to 59
HOUR Hour field 0 to 23
DOM Day of Month 1-31
MON Month field 1-12
DOW Day Of Week 0-6
CMD Command Any command to be executed.

1. Scheduling a Job For a Specific Time

The basic usage of cron is to execute a job in a specific time as shown below. This will execute the Full backup shell script (full-backup) on 10th June 08:30 AM.

Please note that the time field uses 24 hours format. So, for 8 AM use 8, and for 8 PM use 20.

30 08 10 06 * /home/ramesh/full-backup
  • 30 – 30th Minute
  • 08 – 08 AM
  • 10 – 10th Day
  • 06 – 6th Month (June)
  • * – Every day of the week

2. Schedule a Job For More Than One Instance (e.g. Twice a Day)

The following script take a incremental backup twice a day every day.

This example executes the specified incremental backup shell script (incremental-backup) at 11:00 and 16:00 on every day. The comma separated value in a field specifies that the command needs to be executed in all the mentioned time.

00 11,16 * * * /home/ramesh/bin/incremental-backup
  • 00 – 0th Minute (Top of the hour)
  • 11,16 – 11 AM and 4 PM
  • * – Every day
  • * – Every month
  • * – Every day of the week

3. Schedule a Job for Specific Range of Time (e.g. Only on Weekdays)

If you wanted a job to be scheduled for every hour with in a specific range of time then use the following.

Cron Job everyday during working hours

This example checks the status of the database everyday (including weekends) during the working hours 9 a.m – 6 p.m

00 09-18 * * * /home/ramesh/bin/check-db-status
  • 00 – 0th Minute (Top of the hour)
  • 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
  • * – Every day
  • * – Every month
  • * – Every day of the week

Cron Job every weekday during working hours

This example checks the status of the database every weekday (i.e excluding Sat and Sun) during the working hours 9 a.m – 6 p.m.

00 09-18 * * 1-5 /home/ramesh/bin/check-db-status
  • 00 – 0th Minute (Top of the hour)
  • 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
  • * – Every day
  • * – Every month
  • 1-5 -Mon, Tue, Wed, Thu and Fri (Every Weekday)

4. How to View Crontab Entries?

View Current Logged-In User’s Crontab entries

To view your crontab entries type crontab -l from your unix account as shown below.

ramesh@dev-db$ crontab -l
@yearly /home/ramesh/annual-maintenance
*/10 * * * * /home/ramesh/check-disk-space

[Note: This displays crontab of the current logged in user]

View Root Crontab entries

Login as root user (su – root) and do crontab -l as shown below.

root@dev-db# crontab -l
no crontab for root

Crontab HowTo: View Other Linux User’s Crontabs entries

To view crontab entries of other Linux users, login to root and use -u {username} -l as shown below.

root@dev-db# crontab -u sathiya -l
@monthly /home/sathiya/monthly-backup
00 09-18 * * * /home/sathiya/check-db-status

5. How to Edit Crontab Entries?

Edit Current Logged-In User’s Crontab entries

To edit a crontab entries, use crontab -e as shown below. By default this will edit the current logged-in users crontab.

ramesh@dev-db$ crontab -e
@yearly /home/ramesh/centos/bin/annual-maintenance
*/10 * * * * /home/ramesh/debian/bin/check-disk-space
~
"/tmp/crontab.XXXXyjWkHw" 2L, 83C

[Note: This will open the crontab file in Vim editor for editing.
Please note cron created a temporary /tmp/crontab.XX... ]

When you save the above temporary file with :wq, it will save the crontab and display the following message indicating the crontab is successfully modified.

~
"crontab.XXXXyjWkHw" 2L, 83C written
crontab: installing new crontab

Edit Root Crontab entries

Login as root user (su – root) and do crontab -e as shown below.

root@dev-db# crontab -e

Edit Other Linux User’s Crontab File entries

To edit crontab entries of other Linux users, login to root and use -u {username} -e as shown below.

root@dev-db# crontab -u sathiya -e
@monthly /home/sathiya/fedora/bin/monthly-backup
00 09-18 * * * /home/sathiya/ubuntu/bin/check-db-status
~
~
~
"/tmp/crontab.XXXXyjWkHw" 2L, 83C

6. Schedule a Job for Every Minute Using Cron.

Ideally you may not have a requirement to schedule a job every minute. But understanding this example will will help you understand the other examples mentioned below in this article.

* * * * * CMD

The * means all the possible unit — i.e every minute of every hour through out the year. More than using this * directly, you will find it very useful in the following cases.

  • When you specify */5 in minute field means every 5 minutes.
  • When you specify 0-10/2 in minute field mean every 2 minutes in the first 10 minute.
  • Thus the above convention can be used for all the other 4 fields.

7. Schedule a Background Cron Job For Every 10 Minutes.

Use the following, if you want to check the disk space every 10 minutes.

*/10 * * * * /home/ramesh/check-disk-space

It executes the specified command check-disk-space every 10 minutes through out the year. But you may have a requirement of executing the command only during office hours or vice versa. The above examples shows how to do those things.

Instead of specifying values in the 5 fields, we can specify it using a single keyword as mentioned below.

There are special cases in which instead of the above 5 fields you can use @ followed by a keyword — such as reboot, midnight, yearly, hourly.

Table: Cron special keywords and its meaning
Keyword Equivalent
@yearly 0 0 1 1 *
@daily 0 0 * * *
@hourly 0 * * * *
@reboot Run at startup.

8. Schedule a Job For First Minute of Every Year using @yearly

If you want a job to be executed on the first minute of every year, then you can use the @yearly cron keyword as shown below.

This will execute the system annual maintenance using annual-maintenance shell script at 00:00 on Jan 1st for every year.

@yearly /home/ramesh/red-hat/bin/annual-maintenance

9. Schedule a Cron Job Beginning of Every Month using @monthly

It is as similar as the @yearly as above. But executes the command monthly once using @monthly cron keyword.

This will execute the shell script tape-backup at 00:00 on 1st of every month.

@monthly /home/ramesh/suse/bin/tape-backup

10. Schedule a Background Job Every Day using @daily

Using the @daily cron keyword, this will do a daily log file cleanup using cleanup-logs shell scriptat 00:00 on every day.

@daily /home/ramesh/arch-linux/bin/cleanup-logs "day started"

11. How to Execute a Linux Command After Every Reboot using @reboot?

Using the @reboot cron keyword, this will execute the specified command once after the machine got booted every time.

@reboot CMD

12. How to Disable/Redirect the Crontab Mail Output using MAIL keyword?

By default crontab sends the job output to the user who scheduled the job. If you want to redirect the output to a specific user, add or update the MAIL variable in the crontab as shown below.

ramesh@dev-db$ crontab -l
MAIL="ramesh"

@yearly /home/ramesh/annual-maintenance
*/10 * * * * /home/ramesh/check-disk-space

[Note: Crontab of the current logged in user with MAIL variable]


If you wanted the mail not to be sent to anywhere, i.e to stop the crontab output to be emailed, add or update the MAIL variable in the crontab as shown below.

MAIL=""

13. How to Execute a Linux Cron Jobs Every Second Using Crontab.

You cannot schedule a every-second cronjob. Because in cron the minimum unit you can specify is minute. In a typical scenario, there is no reason for most of us to run any job every second in the system.

14. Specify PATH Variable in the Crontab

All the above examples we specified absolute path of the Linux command or the shell-script that needs to be executed.

For example, instead of specifying /home/ramesh/tape-backup, if you want to just specify tape-backup, then add the path /home/ramesh to the PATH variable in the crontab as shown below.

ramesh@dev-db$ crontab -l

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/home/ramesh

@yearly annual-maintenance
*/10 * * * * check-disk-space

[Note: Crontab of the current logged in user with PATH variable]

15. Installing Crontab From a Cron File

Instead of directly editing the crontab file, you can also add all the entries to a cron-file first. Once you have all thoese entries in the file, you can upload or install them to the cron as shown below.

ramesh@dev-db$ crontab -l
no crontab for ramesh

$ cat cron-file.txt
@yearly /home/ramesh/annual-maintenance
*/10 * * * * /home/ramesh/check-disk-space

ramesh@dev-db$ crontab cron-file.txt

ramesh@dev-db$ crontab -l
@yearly /home/ramesh/annual-maintenance
*/10 * * * * /home/ramesh/check-disk-space