#!/bin/bash
#Version 1.0
#######################################
#Nagios scrept to check memory status##
#Commands : free -m#####################
#######################################
#Status check for nagios script
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
#Define All the variables for commands
declare -rx SCRIPT=${0##*/}
declare -rx CMD_AWK="/bin/awk"
declare -rx CMD_CAT="/bin/cat"
declare -rx CMD_FREE="/usr/bin/free"
#####Section 1.1 
efinning function for free memory checking########
#Definning function to check free memory status#####################
#####################################################################
function FUNC_FREE_CMD
{
MEM_STATUS=$( $CMD_FREE -m | grep buffers/cache | awk ‘{print $4}’)
########Checking if Current memory [...]
Archive for the ‘Linux’ Category
Nagios script to monitor memory uses
Thursday, June 24th, 2010Mysql Server processlist shows negative value(-) in connect column for system user
Wednesday, June 9th, 2010Some times process list out put show negative value like bellow :
Command :
watch /usr/local/mysql/bin/mysqladmin -ppass processlist
8 | system user | | Connect | -1247 | Has read all relay log; waiting for the slave I/O thread to update it |
One of the reason :
make sure both Server has same [...]
How To Set Up MySQL Database Replication With SSL Encryption
Wednesday, June 9th, 2010Step1 :
Set up normal replication first and find out if mysql server is compiled with ssl supports
Ref:http://www.fosiul.com/index.php/2009/11/mysql-server-master-master-active-active-replication/
Bellow commands will verify if mysql server is compiled with ssl supports
SHOW VARIABLES LIKE ‘have_openssl’;
output :
Step2 :
in Server1 :
(a)Create Self signed certificate .
Note : While Creating self signed certificate use different common name for each certificate,other wise it will [...]
nagios script to check dns servers status
Monday, June 7th, 2010#!/bin/bash
###################################
#Purpose:################################################################
###(a) Monitor if all your name server is online: Status one ####
###(b) Monitor if all name server has same zone record : Staus : Ongoing##
###(c) Monitor the Response time of Dns server : Status : Ongoing#
#########################################################################
#Status check variables for nagios [...]
Linux:How to run c program in linux
Friday, June 4th, 20101. Open an editor in linux Example vi editor
2. Write a simple program and save it as progra1.c
#include <stdio.h>
int main (void)
{
printf ("Programming is fun.\n");
return 0;
}
3. compile the program : $ gcc prog1.c
4. Run the program : ./a.out
Or
5.you can give it a different name : gcc prog1.c –o prog1
Now run the program [...]
Linux:How to configure logrotate for ModSecurity(source install)
Monday, April 26th, 2010Problem: When you install Mod-security from source , by default log-rotate will not rotate those logs file as the path for log files are not defined logrotate configuration file by default. So if you want to allow logo-ratate to rotate your modsecurity log files. here is the steps:
1. Create a file modsecurity under /etc/logrotate.d
[...]
Linux:How to create multiple OpenVPN instances
Monday, April 26th, 2010Problem :
How to configure openvpn to create multiple instances and listen more then 2 ports(1194,1195) ??
Solution:
you need more then 2 openvpn configuration file. example : openvpn.conf and openvpn1.conf
Now you need to define different port , Server Ip address,ifconfig-pool-persist, and log files
For openvpn.conf :
port 1194
proto tcp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
log [...]
Nagios script to monitor memory uses
Friday, April 23rd, 2010Purpose:
###########################################
Develop a nagios script, which will monitor Linux memory uses.
###########################################
This script will check following :
#############################################
#1.If free memory is more then the defined memory as free: Status Done
#2.If System is using swap memory : Status:Done
##############################################
#!/bin/bash
#Version 1.0
#######################################
#Nagios scrept to check memory status##
#Commands : fre -m#####################
#######################################
#Status check for nagios script
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
#Define All the variables for commands
declare -rx SCRIPT=${0##*/}
declare -rx [...]
configure nrpe(nagios) to listen on different port
Thursday, April 15th, 2010Purpose : Some times Isp Or vps provider they block port 5666 Or for any reason if you want to configure nrpe to listen different port example 15666, follow as bellow:
On the Remote host(linux-vps) :
1. Change the Port number in : /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
[...]
Linux :file and directory permission
Thursday, April 8th, 2010Octal Permission:
0 — 000 All types of access are denied
1 –x 001 Execute access is allowed only
2 -w- 010 Write access is allowed only
3 -wx 011 Write and execute access are allowed
4 r– 100 Read access is allowed only
5 r-x 101 Read and execute access are allowed
6 rw- 110 Read and write access are allowed
7 [...]
Linux-Memory Performance statistics
Wednesday, March 31st, 2010Ref: Optimizing Linux® Performance: A Hands-On Guide to Linux® Performance Tools
Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-what-to-monitor.html
Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-rhlspec.html
Basic explanation of memory related words:
Swap (Not Enough Physical Memory)
All systems have a fixed amount of physical memory in the form of RAM chips.
The Linux kernel allows applications to run even if they require more memory
than available with the physical memory.The Linux kernel uses [...]
how to configure logrotate for apache log files
Wednesday, March 24th, 2010Problem : When you install apache from source , by default logrotate will not rotate those logs file as the path for log files are different.
Solution: You can edit httpd file under /etc/logrotate.d/ directory and insert bellow lines
/usr/local/apache/logs/*log {
missingok
notifempty
sharedscripts
postrotate
[...]
Linux:How to use aide to check file system integrity
Monday, March 15th, 2010Installing Aide:
Yum install aide
Creating the database:
aide -c /etc/aide.conf –i
Output : AIDE database at /var/lib/aide/aide.db.new.gz initialized.
This process creates a new file, aide.db.new.gz in /var/lib/aide/.You must rename this file to aide.db.gz, which is the correct name for the AIDE database.
Testing Aide:
aide -c /etc/aide.conf –C
Linux SVN/Subversion Usefull commands
Thursday, February 25th, 2010Ref:http://svnbook.red-bean.com/en/1.5/svn.tour.cycle.html#svn.tour.cycle.update
(A) How to install and Import directory into repository:
Click here
(B)How to get working copy from svn repository into local machine?
Goto Your home directory , example : cd /root
Now execute bellow commands
[root@mail ~]# svn checkout file:///svn
A svn/script
A svn/script/checkmemory.sh
A svn/config
A [...]
How to install Subversion
Thursday, February 25th, 2010Ref:http://svnbook.red-bean.com/en/1.5/index.html
(A) To install Subversion : yum install mod_dav_svn subversion
(B) How to create a Repo :
svnadmin create /svn
So it will create a svn directory under / directory
[root@mail /]# pwd
/
[root@mail /]# ls
aquota.group boot dev lib opt sbin svn usr
aquota.user [...]
nagios script for checking mysql server replication status between 4 servers
Monday, February 22nd, 2010Ref : http://onlamp.com/pub/a/onlamp/2006/04/20/advanced-mysql-replication.html?page=2
Date:22/02/2010
This Script is still under development.
Purpose:
Develop a nagios script, which would be able to check replication status between 4 Master/Master Server.
This scripy will check following :
#1.Each Mysql servers are online : Stats: Done
#2.If Slave process is running : Status:Done
#3.If Slave IO process is running : Status:Done
#4.If There is any bin log position difference [...]
Linux:If Running Kernel Is 32 Or 64 Bit
Thursday, February 18th, 2010To find out, if Your kernel is 64 bit or 32 bit, run this commands
uname -a
Sample Out put for 64 bit kernel :
Linux-How to conferm 64bit/32bit capability of CPU
Wednesday, February 17th, 2010How many CPU in the system :
commands : cat /proc/cpuinfo
[root@server ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name [...]
Linux/windows-How to add a printer from cups by using .ppd file
Friday, February 12th, 2010Recently I was trying to add a Canon LBP3460 Printer in my linux Server, I was trying to use .ppd which was available from canon website, but that file would not work.
so I download the file from : http://openprinting.org/printer_list.cgi , and its works perfectly .
here is the procedure::
Download the .ppd file from http://openprinting.org/printer_list.cgi
Upload the file [...]
How to install puppet in server and client
Monday, February 8th, 2010Ref : http://docs.reductivelabs.com/guides/installation.html#open_firewall_ports_on_server_and_client
How to install puppet Client:
If yum can not find puppet software you can add bellow repo :
http://fosiul.com/index.php/2009/12/yum-repo-list-for-centos/
after adding repos
(a) yum install puppet( to install puppet client rpm)
(b) edit /etc/puppet/puppetd.conf and add references of puppet server
server = puppet-server.companydomain.com
(c) /usr/sbin/puppetd –verbose ( Start the client for the first time)
it will show below output
[root@pupet-client]# /usr/sbin/puppetd –verbose
warning: [...]
Linux print job administration
Friday, January 22nd, 2010How to find every Printer Status :
lpc status
How to view print job for a particular printer:
lpq -Pprinter-spool-name
[root@Host~]# lpq -PGI_LBP
GI_LBP is ready and printing
Example:
Rank Owner Job File(s) [...]
end_request: I/O error, dev fd0, sector 0 (openfiler)
Tuesday, January 12th, 2010Error:
When you try to open volume groups page from open filer, either its hang or take too long to open and at the same time you see bellow error log ..
Jan 12 09:07:44 filer2 kernel: end_request: I/O error, dev fd0, sector 0
Jan 12 09:07:44 filer2 kernel: Buffer I/O error on device fd0, logical block 0
Solution [...]
realtime network monitoring tools
Thursday, December 24th, 2009tcptrack :http://www.rhythm.cx/~steve/devel/tcptrack/release/1.3.0/docs/tcptrack.1.html
ngrep : http://www.linux.com/archive/feature/46268
ntop :
mrtg:
vnstat: http://humdi.net/vnstat/
useful apache server documentation link
Tuesday, December 15th, 2009Prefix for configutraion: http://httpd.apache.org/docs/2.2/en/programs/configure.html#installationdirectories
How to install mod_security from source
Tuesday, December 15th, 2009Ref :http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/html-multipage/installation.html
Mod security works with apache. So You will have to define where is your Apache location (if you installed Apache from source)
Here I have installed Apache in /usr/local/apache Directory
Note:
Make sure you have mod_unique_id installed :
run the bellow command to make sure mod_unique_id is installed .
bin/apachectl -l | grep mod_unique_id.c
if this module is not installed [...]
Yum repo list for Centos
Monday, December 14th, 2009For 32 bit kernel
Repo1:
Download :
wget -c http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
Install : rpm -Uvh epel-release-5-3.noarch.rpm
Repo2:
Download :
wget -c http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
Install :
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64bit kernel :
Repo1:
Download :
wget -c http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm
Install : rpm -Uvh epel-release-5-3.noarch.rpm
Repo2:
Download :
wget -c http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
Install :
rpm -Uvh rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
How to display security updates by yum
Monday, December 7th, 2009Ref: http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/
Ref: http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/
Install Plugin
Type the following command:
# yum install yum-security
How Do I Display Available Security Updates?
Type the following command:
# yum list-security
Sample Outputs:
Loaded plugins: rhnplugin, security
RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386
RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64
list-security done
To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum [...]
Mysql server master master active active replication
Tuesday, November 24th, 2009Ref: http://www.howtoforge.com/mysql_master_master_replication
a) Create user name and password for replication on both servers by using this command
GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO noslave@’host-name’ IDENTIFIED BY ’some-pass’;
b) Configuration for Server 1 To make it primary Server for Server2
vi /etc/my.cnf
log-bin=mysql-bin
binlog-do-db=fosiul # which Database to replicate
binlog-do-db=hesk # Which Database to replicate
binlog-ignore-db=mysql # Which Database to ignore
binlog-ignore-db=test # [...]
How to install innotop
Thursday, November 19th, 2009a)Download innotop from http://code.google.com/p/innotop/
b)cd /tmp
c) tar -xvzf innotop-1.7.2.tar.gz
d) cd innotop-1.7.2
e) perl per Makefile.PL
f) Make install
NOte : if you see error like this :
Looks good
Warning: prerequisite DBD::mysql 1 not found.
Warning: prerequisite DBI 1.13 not found.
Warning: prerequisite Term::ReadKey 2.1 not found.
Writing Makefile for innotop
Solution :
yum install perl-DBD-MySQL
yum install perl-TermReadKey
Run innotop : perl /usr/bin/innotop –password “your password”
How to install chkrootkit/rootkit hunter
Thursday, November 19th, 2009a) Download latest rootkithunter from http://www.chkrootkit.org/download/ (latest version is chkrootkit-0.49 but its has bugs)
mv chkrootkit.tar.gz /usr/local/
cd /usr/local/
tar xvfz chkrootkit.tar.gz
ln -s chkrootkit-0.43/ chkrootkit (replace 0.43 with the right version number)
cd chkrootkit/
make sense
You will now find the chkrootkit program under /usr/local/chkrootkit. Run it by [...]
How to install portsentry
Thursday, November 19th, 2009Install PortsEntry
Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net
wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install
If you get errors like while compiling
make linux
SYSTYPE=linux
Making
gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function ‘PortSentryModeTCP’:
./portsentry.c:1187: warning: pointer targets in passing argument 3 of [...]
Invalid method in request \x80O\x01\x03
Wednesday, November 18th, 2009Make sure the IP of the server and the Ip in Virutal host (ssl configuraiton ) are same.
<VirtualHost xx.xx.xx.xx:443>
</VirtualHost>
How to configure nagios to work with apache source install(/usr/local/apache)
Monday, November 16th, 2009Ref:http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html
Basic nagios setup works well if you install apache server by yum. But if you install and configure Apache from source to run different directory(i.e /usr/local/apache) other then /etc/httpd/conf then then the default nagios web interface would not work because , by default nagios creates nagios.conf file in /etc/httpd/conf.d directory for fedora.
So if you have [...]
How to compile php for GD library
Friday, November 13th, 2009Install necessary software by yum or from source
yum install gd gd-devel yum install zlib zlib-devel
then
a) Download the php source from here : http://www.php.net/downloads.php
b) Download the source file in to /tmp directory
c) Here I am gussing the php version is php-5.3.0.tar.gz
d) Tar –xvzf php-5.3.0.tar.gz
e) Cd php-5.3.0
f)
./configure –with-apxs2=/usr/local/apache/bin/apxs –with-mysql=/usr/local/mysql –enable-mbstring –-with-gd –-with-zlib –-with-jpeg-dir –-with-png-dir
g) make
h) make install
i) setup your [...]
Linux performance tuning tools (vmstat tool)
Wednesday, September 23rd, 2009Ref: Performance Tuning for Linux® Servers
Ref: System Performance Tuning, Second Edition
Ref: Optimizing Linux® Performance: A Hands-On Guide to Linux® Performance Tools
Linux Performance Tools:
Processor time is organized into four timed modes: system time, user time, I/O wait time, and idle time. The idle time consists of what’s left over when all other portions have had their [...]
How to install apache2-php-mysql from source
Thursday, September 10th, 2009Prerequisite : yum install gcc-c++ gcc make ncurses-devel openssl-devel
Packages required for php: yum install libjpeg-devel libpng-devel curl-devel libmcrypt-devel krb5-devel
Apache Server Installation from Source:
Apache installation directory is : /usr/local/apache
a) Download the apache source file from : http://httpd.apache.org/download.cgi
b) Download the source file in to /tmp directory.
c) I am guessing the source file is httpd-2.2.13.tar.gz
d) Cd /tmp
e) tar –xvzf httpd-2.2.13.tar.gz
f) cd httpd-2.2.13
g)
./configure –prefix=/usr/local/apache [...]
How to backup linux Server remotely
Monday, September 7th, 2009Bellow article will show how to backup a Linux server remotely by using RSYNC with public key base authentication.
To make this backup process automatic we need a password less authentication system so that we don’t have to insert username and password before backup starts.
How to create Key base authentication:
Here are the steps you [...]
How to install mod_security by yum(Redhat-Centos 5)
Friday, August 28th, 20091.Download the EPEL repo :
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
2.Then type the following command :
yum install mod_security
Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum.
–> Processing Dependency: liblua-5.1.so for package: mod_security
–> Finished Dependency Resolution
mod_security-2.5.9-1.el5.i386 from epel has depsolving problems
–> Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9- [...]
Tools for securing Linux server and its services
Thursday, August 27th, 2009a) Fail2Ban: Which will ban IP address after few failure attempts
website : http://www.fail2ban.org/wiki/index.php/Main_Page
b)Rootkit Hunter : It will scan your server for any unauthorized scripts.
Website :http://www.chkrootkit.org/
To download : http://sourceforge.net/projects/rkhunter/
c)PortSentry : This tool will block IP who is trying to scan your server for open ports.
Ref : http://www.securityfocus.com/infocus/1580
http://www.securityfocus.com/infocus/1586
How to install : http://www.falkotimme.com/howtos/chkrootkit_portsentry/
d)mod_security
http://www.modsecurity.org/
e) mod_evasive : It will ban [...]
Bash script to check for automatic yum updates
Thursday, August 27th, 2009#!/bin/bash
########################################
# This script will check for available package-
# update for Centos/Redhat 5 sytem
# Written by : Fosiul Alam
# Version :1.0
# Created Date : 27/08/2009
# Last Modification : 27/08/2009
#########################################
########################################
# Command use [...]
All about yum command for Redhat/Centos/Fedora
Wednesday, August 26th, 2009Display List of updated software ( Security fix)
yum list updates
Or
yum check-update
Patch up system by applying all updates
yum update
List all installed packages
rpm -qa
How to find a perticular installed packages( httpd)
rpm -qa | grep httpd
How to look update for specific packages
yum update {package-name-1}
To check for and update [...]
reverse proxying with apache
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Module : mod_proxy.c
In httpd.conf , under bellow section all reverse proxy rules will go
<IfModule mod_proxy.c>
#ProxyRequests On
ProxyRequests Off
#
#<Proxy *>
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Proxy>
#
# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# [...]
How to allow perl/cgi script to run from virtualhost
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.0/howto/cgi.html
If you want to run a perl script like this http://www.mydomain.com/test.pl , you will have to to define explicitly use the Options directive, inside your main server configuration file, to specify that CGI execution was permitted in a particular directory:
Example:
<VirtualHost *:80>
ServerAdmin adin@mydomain.co.uk
DocumentRoot [...]
vsftpd: Failed to retrieve directory listing
Friday, August 14th, 2009Problem: If vsftpd failed to retrieves directory listing then do the following:
In vsftpd.conf
pasv_min_port=x
example : [ pasv_min_port=1023]
pasv_max_port=x
example : [pasv_max_port=1050]
Now add port 1023-1050 in iptables
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 1023:1050 -j ACCEPT
it will allow filezilla to connect to ftp server via passive mode.
How to Rebuilding failed Linux software RAID
Friday, August 14th, 2009Ref: http://aplawrence.com/Linux/rebuildraid.html
Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help.
When you look at a [...]
Centos/Redhat/Debain Internet Connection Sharing
Friday, August 14th, 2009Network Setup :
eth0 = 192.168.2.1 [ Isp router]
eth1 = 10.0.0.2 [ Internal network]
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :
echo “1″ > /proc/sys/net/ipv4/ip_forward
Now have to Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth0 [...]
How to sent email to a distribution group by sendmail
Wednesday, August 12th, 2009goto /etc/mail
vi virtualtable
all@yorudoman.co.uk allusers
Now go to
/etc/mail
vi allusers.txt
user1
user2
user3
[ Here you will have to just write the username (system username)]
[If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file]
Now save the file
vi /etc/newaliases
Insert this line
allusers: :include:/etc/mail/allusers.txt
Then make new aliases
That’s it
Now when [...]
How to make VIM as IDE for Bash and Perl
Wednesday, August 12th, 2009For Bash IDE:
1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365
2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim]
3. Open your script in gvim mood. [ [...]
Basic Linux User administration Commands
Wednesday, August 12th, 2009useradd -s /sbin/nologin username : It will prevent user to login to server
userdel -r username: -r delete everything( home directory,mail spool) without -r it will just delete account references from user and groups
usermod -L username : -L to disable user account
usermod -U username : -U enable the user account.
echo ‘mypassword’ | passwd –stdin username : [...]
How to add a new hardrive in linux with LVM
Wednesday, August 12th, 2009The steps are :
Create Physical volume Or Extend the existing volume:
Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc)
Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc
OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc
Create Logical Volume :
check how much free PE you got by : vgdisplay
It [...]
How to Setup a transparent proxy with Squid
Wednesday, August 12th, 2009by LinuxTitli [Last updated: December 5, 2007]
Setup :
i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)
Eth0 connected to internet and eth1 [...]
Basic kernel related commands
Wednesday, August 12th, 2009depmod -a : it will add new module automaticaly
modprobe drivername: it will add that specifiq driver
Preventing “ping of death” : cat /proc/sys/net/ipv4/tcp_syncookies , output should be 1
lsmod: to show the installed kernel module
/lib/modules/kernel_virson/Directory : here all kernel modules are stored
modprobe -r modulename : will remove that module
Kernel Tuning: Kernel Runtime Parameters
Several kernel [...]
SSH Dictionary Attack Prevention with iptables
Wednesday, August 12th, 2009Ref :http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables
Last week (9-15 April). 8,750 failed SSH login attempt, averaging almost one per minute, trying out all kinds of possible user names and left tons of junk in my message log. The recent SSH brute-force attacks (actually it’s not that recent) are rather annoying, and this article at Whitedust.com has useful information on how [...]
Iptables-rules
Wednesday, August 12th, 2009Allow ssh connection from selected Ip:
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT –source yy.yyy.yy.yy -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j DROP
Only allow ssh to linux box:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport [...]
How to install openssh-server in knoppix
Tuesday, August 11th, 2009In knoppix,
cd /etc/apt/
nano sources.list
add any good debain repo such as
deb http://http.us.debian.org/debian stable main contrib non-free
then : Save the file
then : apt-get update
then type: apt-get install openssh-server
also , give a password to root because currently knoppix does not have any root password.
repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
How to find expensive I/O process for I/O bottol neck
Tuesday, August 11th, 2009To find the most expensive process which causing the I/O bottol neck :
1. iotop ( http://guichaz.free.fr/iotop/)
Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled.
2. idstat from sysstat packages
But Iotop provides more user friendly output then idstat.
How to Change Ip from Dynamic to Static
Tuesday, August 11th, 2009In Debain :
/etc/networking/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
then /etc/init.d/networking restart
In Centos:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=Static
HWADDR=00:0C:29:81:90:33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255
then : /etc/network/restart