Increase gpg file encryption security using AES256
In order to increase backup files or sensitive information using gpg you should specify gpg using AES256 cipher algo. AES256 will use 256 bit key, it’s open encryption algorithm and it’s been approved by the NSA for top secret information.
Add to the gpg the following switch:
–cipher-algo=AES256
The full command line to encrypt file using gpg with AES256 key:
gpg –cipher-algo=AES256 -c file.tgz
It’s quite of bit of typing every time and I prefer to set-up alias
alias gpg=’gpg –cipher-algo=AES256′
you can add it to your ~/.bashrc or any other profile file that is executed when you login into the system. The alias syntax may change if you are using different bash.
Encrypt your backup files for top security using GPG
Remember that you should have backups for your servers or web site. If a disaster strikes you can restore the data quickly and easily – you should keep the backup files SAFE, because backup usually includes system configuration, users, passwords and various other very important data. And by safe we mean that none except you can access it. We usually keep backup files on a remote server(s) to make sure no data backups are kept in one physical location.For extra security we do encrypt backup files using gpg (Gnu Privacy Guard) a Linux command line software in our case. Gpg provides very high security level and encryption.
You can encrypt file using GPG:
gpg -c filename.tar
<enter password 2 x times>
If you are running gpg command first time a key may be generated before you can enter the password.
File unencryption can be done by:
gpg -c filename.tar.gpg
There you go
For folks who want to encrypt backup files or any other files using automated scripts use the following command:
echo PASSWORD_HERE | gpg –passphrase-fd 0 -c FILENAME_HERE
Setup SSH Key Authentication
Setup ssh key authentication for password-less login between servers. For use by ssh/sftp users or scripts.Source Server (or local system)
Generate RSA key for user on this system, you can also use DSA. This asks for key pass-phrase but you can leave it blank.
ssh-keygen -t rsaThis asks for location to place the generated key, by default it will be your home directory (ex: /home/your_username/.ssh/). This generates two files: id_rsa and id_rsa.pub. Content of id_rsa.pub is what we need to copy to destination server.
Destination Server (or remote server)
Check if you have the directory .ssh on your home (ex: /home/username/.ssh/), if not, create that directory.
ls ~/.ssh
mkdir ~/.ssh
Check if you have existing file authorized_keys on your .ssh directory, if not create it.
ls ~/.ssh/ authorized_keys
touch ~/.ssh/ authorized_keysCopy content of id_rsa.pub that you created from your source/local server, or execute this command from your source/local server:
scp ~/.ssh/id_rsa.pub username@remote_host:~/.ssh/authorized_keysTest your password-less login from source to destination server.
Limit CPU Usage Per Process in Linux
Download "cpulimit" setup file first.
wget 'http://downloads.sourceforge.
Extract it & go inside the directory.
tar -zxvf cpulimit-1.1.tar.gz
cd cpulimit-1.1
make
cp cpulimit /usr/local/sbin/
rm -rf cpulimit*
Command to run cpulimit.
To limit CPU usage of the process called firefox to 30%, enter:
# cpulimit -e firefox -l 30
To limit CPU usage of the process to 30% by using its PID, enter:
# cpulimit -p 1313 -l 30
To find out PID of the process use any of the following:
# ps aux | less
# ps aux | grep firefox
# pgrep -u nnv php-cgi
# pgrep lighttpd
You can also use absolute path name of the executable, enter:
# cpulimit -P /opt/firefox/firebox -l 30
Where,
* -p : Process PID.
* -e : Process name.
* -l : percentage of CPU allowed from 0 to 100.
* -P: absolute path name of the executable program file
