In centos yum install net-snmp-utils In debian apt-get install snmpd Take a Backup of Original Configuration file and Create a new one cd /etc/snmp mv snmp.conf snmp.bk mcedit snmp.conf Create a new config file from scratch agentAddress udp:192.0.0.xxx:161 rocommunity public 192.0.0.0/24 syslocation "MysqlServer, unit1" Now Restart the snmpd server In Centos /etc/init.d/snmpd start In Debian [...]
Archive for the ‘Linux’ Category
How to install snmp in centos/debian
Wednesday, December 21st, 2011Centos:Yum behind a proxy
Wednesday, November 2nd, 2011if your servers are behind a proxy and you need to provide username and password for the proxy server , then you need to configure yum.conf file with bellow syntax http_proxy=http://username:password@proxyaddress:port/ proxy_username=username proxy_password=password if you dont need to provide username and password for proxy server then : http_proxy=http://proxyserveraddress:port/
Centos:How to add newly created logical volume into fstab
Wednesday, November 2nd, 2011When you create a Logical volume , you need to add it into /etc/fstab file for it to stay as mounted when server reboot. suppose you have create a logical volume like bellow lvdisplay — Logical volume — LV Name /dev/POSREP-DB/DB VG Name POSREP-DB LV UUID 0IEKZw-tEoI-jJWt-OGXT-F0B7-hEic-hCbteW LV Write Access read/write LV Status available [...]
Linux:how to clone hardrive over network
Wednesday, August 24th, 2011Purpose : I want to clone a hardrive “/dev/sda” over network. Server A will get the clone data and Server B will will sent the clone data. disk space of Server B is : fdisk -l Disk /dev/sda: 20.0 GB, 20020396032 bytes 255 heads, 63 sectors/track, 2434 cylinders Units = cylinders of 16065 * [...]
How to install apache2 php mysql in debian
Thursday, August 18th, 2011Install apache2 and php modules apt-get install apache2 php5 libapache2-mod-php5 php5-mysql Install mysql server apt-get install mysql-server Restart apache2 /etc/init.d/apache2 restart
How to allow root to login in debian desktop
Wednesday, August 17th, 2011(a) edit gdm3 file nano /etc/pam.d/gdm3 (b) disable bellow line auth required pam_succeed_if.so user != root quiet_success
Linux:how to setup openvpn in centos or debain
Sunday, May 1st, 2011In debain apt-get install openvpn In Centos yum install openvpn Create Certificate in debain (a) The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". Now copy that directory into /etc/openvpn #cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/ # cd /etc/openvpn/2.0/ (b). Now we will create the certificate for CA #. ./vars #./clean-all #./build-ca [...]
Linux:Iptables rules for different services
Sunday, March 20th, 2011Bellow information for nfs server: vi /etc/sysconfig/nfs LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 RQUOTAD_PORT=875 STATD_PORT=662 STATD_OUTGOING_PORT=2020 Now reboot the services # service portmap restart # service nfs restart # service rpcsvcgssd restart Now add rules into iptables -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p udp -m udp –dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -p tcp -m tcp –dport [...]
Selinux commands for services
Saturday, March 5th, 2011(a)Selinux Requirement for NIS Clients setsebool -P allow_ypbind=1 ypbind_disable_trans=1 yppasswdd_disable_trans=1 Use getsebool command to verify : getsebool allow_ypbind ypbind_disable_trans yppasswdd_disabled _trans allow_ypbind -> on ypbind_disable_trans –>on yppasswdd_disable_trans –> on b) Selinux for vsftpd getsebool -a | grep ftp allow_ftpd_anon_write –> off allow_ftpd_full_access –> off allow_ftpd_use_cifs –> off allow_ftpd_use_nfs –> off ftp_home_dir –> off httpd_enable_ftp_server –> [...]
Linux: Mutt(How to attach file from command line)
Wednesday, January 5th, 2011If you want to attach a file in mutt from command line : echo "Body of email" | mutt -a attach.txt -s "subject" user@gmail.com -a : please provide the full path for attachment.
Linux:How to exclude packages from yum update
Tuesday, January 4th, 2011If you want to exclude packages from yum update then you can type –exclude command as bellow : yum update –exclude=openssl,openssl-devel,bind,bind-chroot,bind-utils,bind-libs Or yum update –exclude=openssl –exclude=openssl-devel –exclude=bind –exclude=bind-chroot –exclude=bind-utils –exclude=bind-libs Or
4 my apache keep crashing
Tuesday, January 4th, 2011Hi My apache keep crashing
Linux:How to compile php with mysqli support
Thursday, December 23rd, 2010While installing php from source with mysqli support could be big trouble , Most of the time it through bellow errors configure: error: Cannot find libmysqlclient under /usr. if you see this kind of error, try to find out where is libmysqlclient into your server, by typing locate libmysqlclient you might see output like this [...]
Linux: How to configure sendmail to receive email (Basic Steps)
Monday, December 13th, 2010Ref:http://www.sendmail.org/tips/virtualHosting (a) Edit /etc/mail/sendmail.mc and modify bellow lines , It will allow sendmail to received email from outside of localhost. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl to DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl (b) Edit /etc/mail/virtualtable type , this will map virtual addresses into real addresses joe@yourdomain.com jschmoe Here, sendmail will receive email , and any email comming with address joe@yourdomain.com will [...]
Linux:How to configure centralized yum repo server (Centos)
Friday, November 26th, 2010Local yum repository is used for local network and to make sure that all your server has same rpm for benchmarking and patching purpose.Its also save bandwidth because all the rpm will be store in one server(Central Repo Server) and rest of the servers will install those rpm from local repo server. Hence they don’t [...]
Apapce 2: How to turn off directory listings
Monday, November 22nd, 2010Directory listings can be a security threat . By default apache has bellow lines: Options Indexes FollowSymLinks Delete indexes from that line, so it will be like bellow Options FollowSymLinks Now restart apache daemon. It will stop Apache to show directory listing .
Linux:How to install vncserver
Monday, November 15th, 2010Ref: http://wiki.centos.org/HowTos/VNC-Server (a)Install vnc-server packages yum install vnc-server (b)Create your VNC users useradd user1 (c)Set your users’ VNC passwords: Login to each user, and run vncpasswd. This will create a .vnc directory. vncpasswd (d)Edit the server configuration Edit /etc/sysconfig/vncservers, and add the following to the end of the file. VNCSERVERS="2:root 3:user1" VNCSERVERARGS[2]="-geometry 640×480" VNCSERVERARGS[3]="-geometry 640×480" [...]
Linux: lsof command and its uses
Monday, November 1st, 2010How to view only TCP Established connections lsof -iTCP | grep ESTABLISHED How to view traffic on specific port ( port 22) Syntax is : lsof -i : port number lsof -i :22 | grep ESTABLISHED How to view traffic from specific ip address lsof -i@ip.of.your.user how to view open files by a individual users [...]
Linux:Unable to copy long( _ ,#) file name from windows to samba server
Tuesday, October 5th, 2010Some times , When trying to copy long directories/subdirectories or file name include (_ or # ) from windows to Samba server, it gives error example : “unable to copy” or “Cant move folder file_name_long_name.cfm ,the file name or extension is too long” The solution is : [ share ] path = /share-name /long-directory read [...]
Linux:How to force puppet client to download updates from puppet server
Friday, September 17th, 2010By default puppetd (puppet server) applies the client configuration; in 1800 seconds. If you have some emergency updates which has to be apply to every puppet clients instanly , you can do followings : (a) puppetrun (This commands run from the puppet server) SYNOPSIS Trigger a puppetd run on a set of hosts. USAGE [...]
Linux: Troubleshooting Redhat Cluster Suite
Wednesday, September 8th, 2010Ref:http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Configuration_Example_-_NFS_Over_GFS/NFS_GFS_Troubleshoot.html If you find that you are seeing error messages when you try to configure your system, or if after configuration your system does not behave as expected, you can perform the following checks and examine the following areas. * Connect to one of the nodes in the cluster and execute the clustat(8) command. This [...]
Linux:named: transfer of ‘domain.com/IN’ from #53: failed while receiving responses: permission denied
Friday, September 3rd, 2010When you setup a Slave Dns server and trying to transfer zone from master server, you might see problem as bellow : Sep 3 09:52:37 publicdns1.domani.local named[13635]: dumping master file: tmp-PKhZ6y6rRp: open: permission denied Sep 3 09:52:37 publicdns1.domain.local named[13635]: transfer of ‘domain.com/IN’ from 11.22.33.44#53: failed while receiving responses: permission denied Sep 3 09:52:37 publicdns1.domain.local named[13635]: [...]
How to run perl/Python script from Linux Apache server
Thursday, September 2nd, 2010For httpd.conf ( /usr/local/apache/conf – if you compile by source OR /etc/httpd/conf/httpd -: if you compile by yum) ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" If you want to run cgi script from under your domain , example , www.fosiul.com/cgi-bin/test.cgi , do as bellow <VirtualHost *:80> ServerAdmin fosiul@example.co.uk DocumentRoot /usr/local/apache/htdocs/example/ ServerName www.example.co.uk ServerAlias example.co.uk ……………………………….. ……………………………….. <Directory "/usr/local/apache/htdocs/example/"> [...]
Linux:How to configure/secure public primary/secondary bind dns server
Wednesday, September 1st, 2010Localhost Resolver : (a) install bind yum install bind bind-chroot bind-devel (b) Copy named.conf and related files from /usr/share/doc/bind-9.3.6/sample/etc/ cp /usr/share/doc/bind-9.3.6/sample/etc/* /var/named/chroot/etc/ (c) File lists in /var/named/chroot/etc are as bellows : [root@publicdns1 etc]# ls localtime named.rfc1912.zones rndc.conf named.conf named.root.hints rndc.key Check the Ownership of files. Ownership should be root:named as bellow: [root@publicdns1 etc]# pwd /var/named/chroot/etc [...]
Nagios script to monitor memory uses
Thursday, June 24th, 2010#!/bin/bash #Version 1.0 ####################################### #Nagios scrept to check memory status## #Commands : free -m##################### ####################################### #Status check for nagios script STATE_OK=0 STATE_WARNING=1 STATE_CRITICAL=2 STATE_UNKNOWN=3 STATE_DEPENDENT=4 #Define All the variables for commands declare -rx SCRIPT=${0##*/} declare -rx CMD_AWK="/bin/awk" declare -rx CMD_CAT="/bin/cat" declare -rx CMD_FREE="/usr/bin/free" #####Section 1.1 
efinning function for [...]
Mysql Server processlist shows negative value(-) in connect column for system user
Wednesday, June 9th, 2010Some times process list out put show negative value like bellow : Command : watch /usr/local/mysql/bin/mysqladmin -ppass processlist 8 | system user | | Connect | -1247 | Has read all relay log; waiting for the slave I/O thread to update it | One of the reason : make sure both Server has same time [...]
How To Set Up MySQL Database Replication With SSL Encryption
Wednesday, June 9th, 2010Step1 : Set up normal replication first and find out if mysql server is compiled with ssl supports Ref:http://www.fosiul.com/index.php/2009/11/mysql-server-master-master-active-active-replication/ Bellow commands will verify if mysql server is compiled with ssl supports SHOW VARIABLES LIKE ‘have_openssl’; output : Step2 : in Server1 : (a)Create Self signed certificate . Note : While Creating self signed certificate use [...]
nagios script to check dns servers status
Monday, June 7th, 2010#!/bin/bash ################################### #Purpose:################################################################ ###(a) Monitor if all your name server is online: Status one #### ###(b) Monitor if all name server has same zone record : Staus : Ongoing## ###(c) Monitor the Response time of Dns server : Status : Ongoing# ######################################################################### #Status check variables for nagios script##### ##################################### STATE_OK=0 STATE_WARNING=1 STATE_CRITICAL=2 STATE_UNKNOWN=3 STATE_DEPENDENT=4 [...]
Linux:How to run c program in linux
Friday, June 4th, 20101. Open an editor in linux Example vi editor 2. Write a simple program and save it as progra1.c #include <stdio.h> int main (void) { printf ("Programming is fun.\n"); return 0; } 3. compile the program : $ gcc prog1.c 4. Run the program : ./a.out Or 5.you can give it a different name : [...]
Linux:How to configure logrotate for ModSecurity(source install)
Monday, April 26th, 2010Problem: When you install Mod-security from source , by default log-rotate will not rotate those logs file as the path for log files are not defined logrotate configuration file by default. So if you want to allow logo-ratate to rotate your modsecurity log files. here is the steps: 1. Create a file modsecurity under /etc/logrotate.d [...]
Linux:How to create multiple OpenVPN instances
Monday, April 26th, 2010Problem : How to configure openvpn to create multiple instances and listen more then 2 ports(1194,1195) ?? Solution: you need more then 2 openvpn configuration file. example : openvpn.conf and openvpn1.conf Now you need to define different port , Server Ip address,ifconfig-pool-persist, and log files For openvpn.conf : port 1194 proto tcp dev tun server [...]
Nagios script to monitor memory uses
Friday, April 23rd, 2010Purpose: ########################################### Develop a nagios script, which will monitor Linux memory uses. ########################################### This script will check following : ############################################# #1.If free memory is more then the defined memory as free: Status Done #2.If System is using swap memory : Status:Done ############################################## #!/bin/bash #Version 1.0 ####################################### #Nagios scrept to check memory status## #Commands : [...]
configure nrpe(nagios) to listen on different port
Thursday, April 15th, 2010Purpose : Some times Isp Or vps provider they block port 5666 Or for any reason if you want to configure nrpe to listen different port example 15666, follow as bellow: On the Remote host(linux-vps) : 1. Change the Port number in : /etc/xinetd.d/nrpe # default: on # description: NRPE (Nagios Remote Plugin Executor) service [...]
Linux :file and directory permission
Thursday, April 8th, 2010Octal Permission: 0 — 000 All types of access are denied 1 –x 001 Execute access is allowed only 2 -w- 010 Write access is allowed only 3 -wx 011 Write and execute access are allowed 4 r– 100 Read access is allowed only 5 r-x 101 Read and execute access are allowed 6 rw- [...]
Linux-Memory Performance statistics
Wednesday, March 31st, 2010Ref: Optimizing Linux® Performance: A Hands-On Guide to Linux® Performance Tools Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-what-to-monitor.html Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-rhlspec.html Basic explanation of memory related words: Swap (Not Enough Physical Memory) All systems have a fixed amount of physical memory in the form of RAM chips. The Linux kernel allows applications to run even if they require more memory than available with [...]
how to configure logrotate for apache log files
Wednesday, March 24th, 2010Problem : When you install apache from source , by default logrotate will not rotate those logs file as the path for log files are different. Solution: You can edit httpd file under /etc/logrotate.d/ directory and insert bellow lines /usr/local/apache/logs/*log { missingok notifempty sharedscripts postrotate /usr/local/apache/bin/apachectl graceful > /dev/null 2>/dev/null || true endscript } Now [...]
Linux:How to use aide to check file system integrity
Monday, March 15th, 2010Installing Aide: Yum install aide Creating the database: aide -c /etc/aide.conf –i Output : AIDE database at /var/lib/aide/aide.db.new.gz initialized. This process creates a new file, aide.db.new.gz in /var/lib/aide/.You must rename this file to aide.db.gz, which is the correct name for the AIDE database. Testing Aide: aide -c /etc/aide.conf –C
Linux SVN/Subversion Usefull commands
Thursday, February 25th, 2010Ref:http://svnbook.red-bean.com/en/1.5/svn.tour.cycle.html#svn.tour.cycle.update (A) How to install and Import directory into repository: Click here (B)How to get working copy from svn repository into local machine? Goto Your home directory , example : cd /root Now execute bellow commands [root@mail ~]# svn checkout file:///svn A svn/script A svn/script/checkmemory.sh A svn/config A svn/config/httpd-vhosts Checked out revision 2. Now you [...]
How to install Subversion
Thursday, February 25th, 2010Ref:http://svnbook.red-bean.com/en/1.5/index.html (A) To install Subversion : yum install mod_dav_svn subversion (B) How to create a Repo : svnadmin create /svn So it will create a svn directory under / directory [root@mail /]# pwd / [root@mail /]# ls aquota.group boot dev lib opt sbin svn usr aquota.user conffile etc media proc selinux sys var bin data [...]
nagios script for checking mysql server replication status between 4 servers
Monday, February 22nd, 2010Ref : http://onlamp.com/pub/a/onlamp/2006/04/20/advanced-mysql-replication.html?page=2 Date:22/02/2010 This Script is still under development. Purpose: Develop a nagios script, which would be able to check replication status between 4 Master/Master Server. This scripy will check following : #1.Each Mysql servers are online : Stats: Done #2.If Slave process is running : Status:Done #3.If Slave IO process is running : [...]
Linux:If Running Kernel Is 32 Or 64 Bit
Thursday, February 18th, 2010To find out, if Your kernel is 64 bit or 32 bit, run this commands
uname -a
Sample Out put for 64 bit kernel :
Linux-How to conferm 64bit/32bit capability of CPU
Wednesday, February 17th, 2010How many CPU in the system : commands : cat /proc/cpuinfo [root@server ~]# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 4 model name : Intel(R) Xeon(TM) CPU 3.40GHz stepping : 3 cpu MHz : 3401.008 cache size : 2048 KB physical id : 0 siblings : 2 [...]
Linux/windows-How to add a printer from cups by using .ppd file
Friday, February 12th, 2010Recently I was trying to add a Canon LBP3460 Printer in my linux Server, I was trying to use .ppd which was available from canon website, but that file would not work. so I download the file from : http://openprinting.org/printer_list.cgi , and its works perfectly . here is the procedure:: Download the .ppd file from [...]
How to install puppet in server and client
Monday, February 8th, 2010Ref : http://docs.reductivelabs.com/guides/installation.html#open_firewall_ports_on_server_and_client How to install puppet Client: If yum can not find puppet software you can add bellow repo : http://fosiul.com/index.php/2009/12/yum-repo-list-for-centos/ after adding repos (a) yum install puppet( to install puppet client rpm) (b) edit /etc/puppet/puppetd.conf and add references of puppet server server = puppet-server.companydomain.com (c) /usr/sbin/puppetd –verbose ( Start the client for the [...]
Linux print job administration
Friday, January 22nd, 2010How to find every Printer Status : lpc status How to view print job for a particular printer: lpq -Pprinter-spool-name [root@Host~]# lpq -PGI_LBP GI_LBP is ready and printing Example: Rank Owner Job File(s) Total Size<br /> active xxx 231020 s.t-avprnt.0H9 4096 bytes<br /> 1st xxxx 231023 s.t-avprnt.0HD 4096 bytes</p> How to remove a particular print [...]
end_request: I/O error, dev fd0, sector 0 (openfiler)
Tuesday, January 12th, 2010Error: When you try to open volume groups page from open filer, either its hang or take too long to open and at the same time you see bellow error log .. Jan 12 09:07:44 filer2 kernel: end_request: I/O error, dev fd0, sector 0 Jan 12 09:07:44 filer2 kernel: Buffer I/O error on device fd0, [...]
realtime network monitoring tools
Thursday, December 24th, 2009tcptrack :http://www.rhythm.cx/~steve/devel/tcptrack/release/1.3.0/docs/tcptrack.1.html ngrep : http://www.linux.com/archive/feature/46268 ntop : mrtg: vnstat: http://humdi.net/vnstat/
useful apache server documentation link
Tuesday, December 15th, 2009Prefix for configutraion: http://httpd.apache.org/docs/2.2/en/programs/configure.html#installationdirectories
How to install mod_security from source
Tuesday, December 15th, 2009Ref :http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/html-multipage/installation.html Mod security works with apache. So You will have to define where is your Apache location (if you installed Apache from source) Here I have installed Apache in /usr/local/apache Directory Note: Make sure you have mod_unique_id installed : run the bellow command to make sure mod_unique_id is installed . bin/apachectl -l | grep [...]
Yum repo list for Centos
Monday, December 14th, 2009For 32 bit kernel Repo1: Download : wget -c http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm Install : rpm -Uvh epel-release-5-3.noarch.rpm Repo2: Download : wget -c http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm Install : rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm For 64bit kernel : Repo1: Download : wget -c http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm Install : rpm -Uvh epel-release-5-3.noarch.rpm Repo2: Download : wget -c http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm [...]
How to display security updates by yum
Monday, December 7th, 2009Ref: http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/ Ref: http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/ Install Plugin Type the following command: # yum install yum-security How Do I Display Available Security Updates? Type the following command: # yum list-security Sample Outputs: Loaded plugins: rhnplugin, security RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386 RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64 list-security done To list all updates that are security [...]
Mysql server master master active active replication
Tuesday, November 24th, 2009Ref: http://www.howtoforge.com/mysql_master_master_replication a) Create user name and password for replication on both servers by using this command GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO noslave@’host-name’ IDENTIFIED BY ’some-pass’; b) Configuration for Server 1 To make it primary Server for Server2 vi /etc/my.cnf log-bin=mysql-bin binlog-do-db=fosiul # which Database to replicate binlog-do-db=hesk # Which Database to [...]
How to install innotop
Thursday, November 19th, 2009a)Download innotop from http://code.google.com/p/innotop/ b)cd /tmp c) tar -xvzf innotop-1.7.2.tar.gz d) cd innotop-1.7.2 e) perl per Makefile.PL f) Make install NOte : if you see error like this : Looks good Warning: prerequisite DBD::mysql 1 not found. Warning: prerequisite DBI 1.13 not found. Warning: prerequisite Term::ReadKey 2.1 not found. Writing Makefile for innotop Solution : [...]
How to install chkrootkit/rootkit hunter
Thursday, November 19th, 2009a) Download latest rootkithunter from http://www.chkrootkit.org/download/ (latest version is chkrootkit-0.49 but its has bugs) mv chkrootkit.tar.gz /usr/local/ cd /usr/local/ tar xvfz chkrootkit.tar.gz ln -s chkrootkit-0.43/ chkrootkit (replace 0.43 with the right version number) cd chkrootkit/ make sense You will now find the chkrootkit program under /usr/local/chkrootkit. Run it by typing cd /usr/local/chkrootkit/ && ./chkrootkit
How to install portsentry
Thursday, November 19th, 2009Install PortsEntry Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net wget http://path/to/portsentry-1.2.tar.gz tar zxf portsentry-1.2.tar.gz make linux make install If you get errors like while compiling make linux SYSTYPE=linux Making gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \ ./portsentry_io.c ./portsentry_util.c ./portsentry.c: In function [...]
Invalid method in request \x80O\x01\x03
Wednesday, November 18th, 2009Make sure the IP of the server and the Ip in Virutal host (ssl configuraiton ) are same. <VirtualHost xx.xx.xx.xx:443> </VirtualHost>
How to configure nagios to work with apache source install(/usr/local/apache)
Monday, November 16th, 2009Ref:http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html Basic nagios setup works well if you install apache server by yum. But if you install and configure Apache from source to run different directory(i.e /usr/local/apache) other then /etc/httpd/conf then then the default nagios web interface would not work because , by default nagios creates nagios.conf file in /etc/httpd/conf.d directory for fedora. So if [...]
How to compile php for GD library
Friday, November 13th, 2009Install necessary software by yum or from source yum install gd gd-devel yum install zlib zlib-devel then a) Download the php source from here : http://www.php.net/downloads.php b) Download the source file in to /tmp directory c) Here I am gussing the php version is php-5.3.0.tar.gz d) Tar –xvzf php-5.3.0.tar.gz e) Cd php-5.3.0 f) ./configure –with-apxs2=/usr/local/apache/bin/apxs [...]
Linux performance tuning tools (vmstat tool)
Wednesday, September 23rd, 2009Ref: Performance Tuning for Linux® Servers Ref: System Performance Tuning, Second Edition Ref: Optimizing Linux® Performance: A Hands-On Guide to Linux® Performance Tools Linux Performance Tools: Processor time is organized into four timed modes: system time, user time, I/O wait time, and idle time. The idle time consists of what’s left over when all other [...]
How to install apache2-php-mysql from source
Thursday, September 10th, 2009Prerequisite : yum install gcc-c++ gcc make ncurses-devel openssl-devel glibc* libc-* Packages required for php: yum install libjpeg-devel libpng-devel curl-devel libmcrypt-devel krb5-devel Apache Server Installation from Source: Apache installation directory is : /usr/local/apache a) Download the apache source file from : http://httpd.apache.org/download.cgi b) Download the source file in to /tmp directory. c) I am guessing [...]
How to backup linux Server remotely
Monday, September 7th, 2009Bellow article will show how to backup a Linux server remotely by using RSYNC with public key base authentication. To make this backup process automatic we need a password less authentication system so that we don’t have to insert username and password before backup starts. How to create Key base authentication: Here are the steps [...]
How to install mod_security by yum(Redhat-Centos 5)
Friday, August 28th, 20091.Download the EPEL repo : rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm 2.Then type the following command : yum install mod_security Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum. –> Processing Dependency: liblua-5.1.so for package: mod_security –> Finished Dependency Resolution mod_security-2.5.9-1.el5.i386 from epel has depsolving problems –> [...]
Tools for securing Linux server and its services
Thursday, August 27th, 2009a) Fail2Ban: Which will ban IP address after few failure attempts website : http://www.fail2ban.org/wiki/index.php/Main_Page b)Rootkit Hunter : It will scan your server for any unauthorized scripts. Website :http://www.chkrootkit.org/ To download : http://sourceforge.net/projects/rkhunter/ c)PortSentry : This tool will block IP who is trying to scan your server for open ports. Ref : http://www.securityfocus.com/infocus/1580 http://www.securityfocus.com/infocus/1586 How to [...]
Bash script to check for automatic yum updates
Thursday, August 27th, 2009#!/bin/bash ######################################## # This script will check for available package- # update for Centos/Redhat 5 sytem # Written by : Fosiul Alam # Version :1.0 # Created Date : 27/08/2009 # Last Modification : 27/08/2009 ######################################### ######################################## # Command use : yum -e0 -d0 check-update # Usage : /yum-script.sh ######################################## _GET_HOSTNAME=`hostname` _TODAY=`date ‘+%A’` [...]
All about yum command for Redhat/Centos/Fedora
Wednesday, August 26th, 2009Display List of updated software ( Security fix) yum list updates Or yum check-update Patch up system by applying all updates yum update List all installed packages rpm -qa How to find a perticular installed packages( httpd) rpm -qa | grep httpd How to look update for specific packages yum update {package-name-1} To check for [...]
reverse proxying with apache
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Module : mod_proxy.c In httpd.conf , under bellow section all reverse proxy rules will go <IfModule mod_proxy.c> #ProxyRequests On ProxyRequests Off # #<Proxy *> # Order deny,allow # Deny from all # Allow from .example.com #</Proxy> # # Enable/disable the handling of HTTP/1.1 “Via:” headers. # (“Full” adds the server version; “Block” removes [...]
How to allow perl/cgi script to run from virtualhost
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.0/howto/cgi.html If you want to run a perl script like this http://www.mydomain.com/test.pl , you will have to to define explicitly use the Options directive, inside your main server configuration file, to specify that CGI execution was permitted in a particular directory: Example: <VirtualHost *:80> ServerAdmin adin@mydomain.co.uk DocumentRoot /var/www/html/mydomain/ ServerName mydomain.co.uk ServerName www.mydomain.co.uk ErrorLog logs/mydomain.co.uk-error_log [...]
vsftpd: Failed to retrieve directory listing
Friday, August 14th, 2009Problem: If vsftpd failed to retrieves directory listing then do the following: In vsftpd.conf pasv_min_port=x example : [ pasv_min_port=1023] pasv_max_port=x example : [pasv_max_port=1050] Now add port 1023-1050 in iptables iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 1023:1050 -j ACCEPT it will allow filezilla to connect to ftp server via passive mode.
How to Rebuilding failed Linux software RAID
Friday, August 14th, 2009Ref: http://aplawrence.com/Linux/rebuildraid.html Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help. When you look [...]
Centos/Redhat/Debain Internet Connection Sharing
Friday, August 14th, 2009Network Setup : eth0 = 192.168.2.1 [ Isp router] eth1 = 10.0.0.2 [ Internal network] Check if IPv4 forwarding is ON or OFF : cat /proc/sys/net/ipv4/ip_forward if result = 0 then will have to On it by this command : echo “1″ > /proc/sys/net/ipv4/ip_forward Now have to Enable IP masquerading by adding rules in iptables [...]
How to sent email to a distribution group by sendmail
Wednesday, August 12th, 2009goto /etc/mail vi virtualtable all@yorudoman.co.uk allusers Now go to /etc/mail vi allusers.txt user1 user2 user3 [ Here you will have to just write the username (system username)] [If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file] Now save the file vi /etc/newaliases Insert this [...]
How to make VIM as IDE for Bash and Perl
Wednesday, August 12th, 2009For Bash IDE: 1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365 2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim] 3. Open your script in gvim [...]
Basic Linux User administration Commands
Wednesday, August 12th, 2009useradd -s /sbin/nologin username : It will prevent user to login to server userdel -r username: -r delete everything( home directory,mail spool) without -r it will just delete account references from user and groups usermod -L username : -L to disable user account usermod -U username : -U enable the user account. echo ‘mypassword’ | [...]
How to add a new hardrive in linux with LVM
Wednesday, August 12th, 2009The steps are : Create Physical volume Or Extend the existing volume: Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc) Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc Create Logical Volume : check how much free PE you [...]
How to Setup a transparent proxy with Squid
Wednesday, August 12th, 2009by LinuxTitli [Last updated: December 5, 2007] Setup : i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid). ii) Eth0: IP:192.168.1.1 iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems)) iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros) [...]
Basic kernel related commands
Wednesday, August 12th, 2009depmod -a : it will add new module automaticaly modprobe drivername: it will add that specifiq driver Preventing “ping of death” : cat /proc/sys/net/ipv4/tcp_syncookies , output should be 1 lsmod: to show the installed kernel module /lib/modules/kernel_virson/Directory : here all kernel modules are stored modprobe -r modulename : will remove that module Kernel Tuning: Kernel [...]
SSH Dictionary Attack Prevention with iptables
Wednesday, August 12th, 2009Ref :http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables Last week (9-15 April). 8,750 failed SSH login attempt, averaging almost one per minute, trying out all kinds of possible user names and left tons of junk in my message log. The recent SSH brute-force attacks (actually it’s not that recent) are rather annoying, and this article at Whitedust.com has useful information on [...]
Iptables-rules
Wednesday, August 12th, 2009Allow ssh connection from selected Ip: iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT iptables -A INPUT –source yy.yyy.yy.yy -p tcp –dport 22 -j ACCEPT iptables -A INPUT -p tcp –dport 22 -j DROP Only allow ssh to linux box: iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP [...]
How to install openssh-server in knoppix
Tuesday, August 11th, 2009In knoppix, cd /etc/apt/ nano sources.list add any good debain repo such as deb http://http.us.debian.org/debian stable main contrib non-free then : Save the file then : apt-get update then type: apt-get install openssh-server also , give a password to root because currently knoppix does not have any root password. repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
How to find expensive I/O process for I/O bottol neck
Tuesday, August 11th, 2009To find the most expensive process which causing the I/O bottol neck : 1. iotop ( http://guichaz.free.fr/iotop/) Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled. 2. idstat from sysstat packages But Iotop provides more user friendly output then idstat.
How to Change Ip from Dynamic to Static
Tuesday, August 11th, 2009In Debain : /etc/networking/interfaces auto eth0 iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 then /etc/init.d/networking restart In Centos: vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=Static HWADDR=00:0C:29:81:90:33 ONBOOT=yes IPADDR=192.168.1.1 NETMASK=255.255.255.0 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 BROADCAST=192.168.1.255 then : /etc/network/restart