Running-projects

July 15th, 2010

Objective : Write Monitoring script for bellow network diagram.

Script include : (a) Monitor Mysql replication
(b) Monitor Dns Servers
(i) Change A records for any Apache server failure.
(c) Monitor Apache servers
(d) Monitor Red hat clusters
(e) Monitor DRBD replication

How to configure Cisco router to use Microsoft DHCP server Or Active Directory Server between vlans

July 9th, 2010

Note :This is a router on a stick method (cisco 1941 router)

(a) Find out router interfaces

EVROUTER#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         unassigned      YES manual up                    up
 
GigabitEthernet0/1         88.88.88.81    YES DHCP   up                    up
 
NVI0                       unassigned      NO  unset  up                    up

(b) Create Sub interface related to individuals vlan

For vlan1 
configure terminal
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1
 ip address 192.168.1.1 255.255.255.0
 
For Vlan 10
configure terminal
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 
For Vlan 20
 
configure terminal
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

output should be :

EVROUTER#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         unassigned      YES manual up                    up
 
GigabitEthernet0/0.1       192.168.1.1        YES manual up                    up
 
GigabitEthernet0/0.10      192.168.10.1    YES manual up                    up
 
GigabitEthernet0/0.20      192.168.20.1    YES manual up                    up
 
GigabitEthernet0/1         88.88.88.81    YES DHCP   up                    up
 
NVI0                       unassigned      NO  unset  up                    up
 
EVROUTER#

(c)Setup the relay agent for individuals subnet

For vlan 1 
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.1
EVROUTER(config-subif)#ip helper-address 192.168.1.7
 
For Vlan10:
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.10
EVROUTER(config-subif)#ip helper-address 192.168.1.7
 
For vlan20
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.20
EVROUTER(config-subif)#ip helper-address 192.168.1.7

now all your vlans will be able to get Ip from each individuals subnet from DHCP server and they would be able to use active directory to login each computer with their user name and password.

(d) Allow each vlans to use internat
(1) label each interface and sub interface for NAT

     configure terminal	 
     interface gigabitEthernet 0/0.1 
     ip nat inside
     exit
      interface gigabitEthernet 0/0.10 
     ip nat inside
    exit
    interface gigabitEthernet 0/0.20 
     ip nat inside
    exit
     interface gigabitEthernet 0/1 
     ip nat outside
    exit

(2)Create Access list to allow this vlans to use NAT

     configure terminal
     ip access-list standard NAT_ADDRESS 
     permit 192.168.0.0 0.0.255.255

(3)Enable nat overload

   ip nat inside source list NAT_ADDRESS gigabitEthernet 0/1  overload

note : At this point all vlans will be able to get to the internet .

Cisco:How to solve line protocol down problem for serial interface in packet tracer

July 3rd, 2010

I am using cisco 2811 router with 1 WIC-1T card for serial interface

Both router is connected by serial (DCE/DTE) interface and and ip is set as follows:
router 1: 192.168.1.1 255.255.255.0
router 1: 192.168.1.2 255.255.255.0

Problem: line protocol is showing down .
Example bellow :

R1#show ip interface brief 
Interface              IP-Address      OK? Method Status                Protocol
 
FastEthernet0/0        unassigned      YES manual administratively down down
 
FastEthernet0/1        unassigned      YES manual administratively down down
 
Serial0/3/0            192.168.1.1     YES manual up                    down
Vlan1                  unassigned      YES manual administratively down down

Reason :
one of the reason is on DCE , clock rate is set to : no clock , as bellow example

R1#show controllers serial 0/3/0
Interface Serial0/3/0
Hardware is PowerQUICC MPC860
DCE V.35, no clock
idb at 0x81081AC4, driver data structure at 0x81084AC0
SCC Registers:
General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00
Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
Interrupt Registers:
Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000
Mask   [CIMR]=0x00200000, In-srv  [CISR]=0x00000000
Command register [CR]=0x580
Port A [PADIR]=0x1030, [PAPAR]=0xFFFF
       [PAODR]=0x0010, [PADAT]=0xCBFF
Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E
       [PBODR]=0x00000, [PBDAT]=0x3FFFD
Port C [PCDIR]=0x00C, [PCPAR]=0x200
       [PCSO]=0xC20,  [PCDAT]=0xDF2, [PCINT]=0x00F
Receive Ring
        rmd(68012830): status 9000 length 60C address 3B6DAC4
        rmd(68012838): status B000 length 60C address 3B6D444
Transmit Ring
 --More--

Solve:
add clock rate by hand

R1#configure t
R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#in
R1(config)#interface se
R1(config)#interface serial 0/3/0
R1(config-if)#clo
R1(config-if)#clock r
R1(config-if)#clock rate 1000000
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

Protected: Perl:Array

July 1st, 2010

This content is password protected. To view it please enter your password below:

Protected: Perl:Files and I/O

July 1st, 2010

This content is password protected. To view it please enter your password below:

Cisco:Routing protocols OSPF

June 29th, 2010

How to setup OSPF routing :

How to view what protocols is running:

show ip protocols

how to kill rip protocols (if exists)

configure terminal
no router rip

How create OSPF protocols

configure terminal
router ospf 1   [ here 1 is the process id, which has to be same to every router in the organization ]
network 192.168.1.1 0.0.0.0 area 0
Or
network 192.168.1.0 0.0.255.255 area 0

How to set default route to go to internet
From main router :

configure terminal
router ospf 1
default-information originate

How to join Area 0 with Area 1
(Ip of Area 1 is :172.30.0.0-172.30.0.7 , Summary route: 172.30.0.0/21, Wild card mask for ospf 0.0.7.255)

configure terminal
router ospf 1
network 172.30.0.0 0.0.7.255 area 1

How to summarize Are 1 Network before adding to Area 0(How to create range) :

configure terminal
router ospf 1
area 1 range 172.30.0.0 255.255.248.0

How to debug ospf relation

debug ip ospf adj
clear ip ospf process

Nagios script to monitor memory uses

June 24th, 2010
#!/bin/bash
 
#Version 1.0
#######################################
#Nagios scrept to check memory status##
#Commands : free -m#####################
#######################################
 
 
#Status check for nagios script
 
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
 
#Define All the variables for commands
 
declare -rx SCRIPT=${0##*/}
declare -rx CMD_AWK="/bin/awk"
declare  -rx CMD_CAT="/bin/cat"
declare  -rx CMD_FREE="/usr/bin/free"
#####Section 1.1 :Definning function for free memory checking########
#Definning function to check free memory status#####################
#####################################################################
 
function FUNC_FREE_CMD
 
{
 
MEM_STATUS=$( $CMD_FREE -m | grep buffers/cache | awk '{print $4}')
 
 
########Checking if Current memory is critial or normal ######
 
if [ $MEM_STATUS -le 325 ]
then
 
#echo "Critical,Memory Level: $MEM_STATUS"
echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_CRITICAL
fi
 
if [ $MEM_STATUS -le 350 ]
then
 
echo "Warnings,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_WARNING
 
else
echo "Memory Seems Ok,Total Memory is: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
#echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS"
exit $STATE_OK
fi
 
}
 
#############Section 1.2 calling  the function###############
######## And processing data from this fucntion##############
FUNC_FREE_CMD

Thanks

Cisco:Basic Commands to setup vlan

June 16th, 2010

Vlan Network Diagram

Trunking:
(1)Create trunk ports between 2 switch:
to setup trunk between port F0/11 and F012 of Switch S1
For Port F0/11

configure terminal
interface fastEthernet 0/11
switchport mode trunk
note : if upper commands say : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

For Port F0/12

configure terminal
interface fastEthernet 0/12
switchport mode trunk
note : if it upper commands say ,  : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

Set others ports a Access ports 1 to 10, then 13 to 23
configure terminal

 interface range fastEthernet 0/1-10
 switchport mode access
 
 interface range fastEthernet 0/13-23
 switchport mode access

How to view which ports are trunk for a switch :

show interfaces trunk

VTP :
(a) Configure VTP:

How to see VTP status :

 show vtp status

Setup VTP Domain

   configure terminal
   vtp domain MYDomain

(B) How to create vtp client
By default every switch is a vtp server. To make switch as VTP client:

configure terminal
vtp mode client

Configuring VLAN:

(3)How to view vlan information

show vlan

How to create vlan

 configure terminal
 vlan 10
exit
show vlan

How to assign a name to a vlan

 configure terminal
 vlan 10
 name SALES

How to assign port to vlan
example : we want to make pc ip : 192.168.1.50 which is connected to switch 3 via port F0/8 and we want to make this pc under vlan 10

From switch 3 :
 configure terminal
 interface fastEthernet 0/8
 switchport access vlan 10

How to routing between Vlan 10 and Vlan20 for subnet (192.168.20.0 and 192.168.10.0)(Router on a stick)
To routing between vlan , we need to create sub-interface inside a router(example router2)
For interface 1

configure terminal
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

For interface 2

configure terminal
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

It will create 2 interface like bellow :

R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.2 YES manual up up

FastEthernet0/0.10 192.168.10.1 YES manual up up

FastEthernet0/0.20 192.168.20.1 YES manual up up

FastEthernet0/1 192.168.2.1 YES manual up up
R2#
To be continue

Mysql Server processlist shows negative value(-) in connect column for system user

June 9th, 2010

Some times process list out put show negative value like bellow :
Command :

watch /usr/local/mysql/bin/mysqladmin -ppass processlist

8 | system user | | Connect | -1247 | Has read all relay log; waiting for the slave I/O thread to update it |

One of the reason :
make sure both Server has same time zone.
if there is any time difference between 2 server the replicate client show negative values

How To Set Up MySQL Database Replication With SSL Encryption

June 9th, 2010

SSl Replication between 2 Active Active Mysql Server


Step1 :
Set up normal replication first and find out if mysql server is compiled with ssl supports
Ref:http://www.fosiul.com/index.php/2009/11/mysql-server-master-master-active-active-replication/

Bellow commands will verify if mysql server is compiled with ssl supports

SHOW VARIABLES LIKE ‘have_openssl’;

output :

(Yes mean)Mysql Server is compiled with ssl


Step2 :
in Server1 :
(a)Create Self signed certificate .
Note : While Creating self signed certificate use different common name for each certificate,other wise it will through ssl certificate error.

Creating Self signed certificate :
ref :http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html

mkdir /usr/local/mysql/ssl ( I am assuming ,mysql has been compiled at /usr/local/mysql directory)

cd /usr/local/mysql/ssl

# Create CA certificate (Use different common name)

shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
         -key ca-key.pem > ca-cert.pem

# Create server certificate (use different common name)

shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate

shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

So it will be like bellow picture

Step 2 :

Copy all these files into Server 2 .Location : /usr/local/mysql/ssl

Reason : we will make Master Master Active Active Replication. There would be ssl encryption between Server1 to server 2 and server2 to server1.
Picture :SSl Replication between 2 Active Active Mysql Server

scp * root@ns2.server2co.uk:/usr/local/mysql/ssl/
(Assume, we are in /usr/local/mysql/ssl directory of Server1)

Step 3:

For Server1 :

Edit my.cnf file add bellow lines in [ Mysqld] sections
 
ssl-key=/usr/local/mysql/ssl/server-key.pem
ssl-cert=/usr/local/mysql/ssl/server-cert.pem
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
 
[client]
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
ssl-key=/usr/local/mysql/ssl/client-key.pem
ssl-cert=/usr/local/mysql/ssl/client-cert.pem
 
 
For Server2 :
<pre lang="GNU">
Edit my.cnf file add bellow lines in [ Mysqld] sections
 
ssl-key=/usr/local/mysql/ssl/server-key.pem
ssl-cert=/usr/local/mysql/ssl/server-cert.pem
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
 
 
[client]
ssl-ca=/usr/local/mysql/ssl/ca-cert.pem
ssl-key=/usr/local/mysql/ssl/client-key.pem
ssl-cert=/usr/local/mysql/ssl/client-cert.pem

Restart the both server, using the –skip-slave-start
ref :href=”http://dev.mysql.com/doc/refman/5.1/en/replication-options-slave.html#option_mysqld_skip-slave-start

/usr/local/mysql/bin/mysqld_safe --skip-slave-start --user=mysql &

Now check if both server has ssl linked to accurate directory

Execute bellow command in mysql server console in both server.

mysql> show variables like '%ssl%';

it will give output like bellow picture

Ssl Enabled and its looking to right directory

Step 4 :
Create replication user
For server 1

GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO slave@'ip.of.your.server2' IDENTIFIED BY 'strong-password' require SSL;

For server 2

GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO slave@'ip.of.your.server1' IDENTIFIED BY 'strong-password' require SSL;

Step 5 :
Server 1:
Open firewall rules ,and allow traffic to 3306 port from only ip of server2

Server 2:

Open Firewall rules ,and allow traffic to 3306 port from only ip of server1

Step 5 :

Test if both server accepting ssl connection from each other and its going via Secure ssl encryption
From Server 1/Server 2 :

mysql --ssl -hip-of-server1 -uSSL_CLIENT -ppassword

if everything goes ok then you should see mysql prompt. at the mysql prompt , type
\s to verify that its going through via ssl encryption.

Look at the ssl column for :
SSL:Cipher in use is DHE-RSA-AES256-SHA or similar
Same as bellow picture:

Ssl is enabled

Step 6 :
Connect Serve1 with SErver 2 and SErver 2 with Server 1

Server1 to Server2 :

CHANGE MASTER TO MASTER_HOST='ip.of.your.server2', MASTER_USER='slave', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=53678, MASTER_SSL=1,MASTER_SSL_CA = '/usr/local/mysql/ssl/ca-cert.pem', MASTER_SSL_CERT = '/usr/local/mysql/ssl/client-cert.pem', MASTER_SSL_KEY = '/usr/local/mysql/ssl/client-key.pem';

Server2 to Server1

CHANGE MASTER TO MASTER_HOST='ip.of.your.server1', MASTER_USER='slave', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=53488, MASTER_SSL=1,MASTER_SSL_CA = '/usr/local/mysql/ssl/ca-cert.pem', MASTER_SSL_CERT = '/usr/local/mysql/ssl/client-cert.pem', MASTER_SSL_KEY = '/usr/local/mysql/ssl/client-key.pem';

NOte : make sure you lock al the tables before taking log file positions and also check the log file position from both server.

Step 6 :
Now start slave server on both server.

 
slave start

Step 7:
Verify if both server looking to each other.

Server1/Server2

show slave status\G;

check if the output is similar with the bellow picture

Check if all slaves looking to each other

Look for bellow options :

Master_Host: xx.xx.xx.xx
Master_User: slave
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 128108
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /usr/local/mysql/ssl/ca-cert.pem
Master_SSL_Cert: /usr/local/mysql/ssl/client-cert.pem
Master_SSL_Key: /usr/local/mysql/ssl/client-key.pem

Please let me know if there is any problem you face while implementing this.
Thanks

nagios script to check dns servers status

June 7th, 2010
#!/bin/bash
###################################
#Purpose:################################################################
###(a) Monitor if all your name server is online:        Status :Done ####
###(b) Monitor if all name server has same zone record : Staus : Ongoing##
###(c) Monitor the Response time of Dns server         : Status : Ongoing#
#########################################################################
 
#Status check variables for nagios script#####
#####################################
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
#####################################
##Declaration of vairables###########
#####################################
 
declare -rx  CMD_HOST="/usr/bin/host";
declare -rx CMD_AWK="/bin/awk"
declare  -rx CMD_CAT="/bin/cat"
declare -rx CMD_GREP="/bin/grep"
declare -rx CMD_DIG="/usr/bin/dig"
ZONE=$1;  # This value will captuer zone record prvided as parameter from script.
#############################################################
#Command to use : host -t ns fosiul.co.uk | awk '{print $4}'#
#############################################################
NUMBER_OF_DNSSrv=$($CMD_HOST -t ns $ZONE | $CMD_AWK '{print $4}' )
s=0
for i in $NUMBER_OF_DNSSrv
do
###########################################################
###Now Find out if all the name server is running##########
##########################################################
 
############Command#######################
########dig @dnserver ############
DNS_LIVE_RESULT=$($CMD_DIG @$i | $CMD_GREP -c  'connection timed out')
 
if [ $DNS_LIVE_RESULT -gt 0 ]
 
        then
         OFFLINE_ARRAY[$s]=$i
          ((s+=1))
fi
done
if [ ${#OFFLINE_ARRAY[*]} -eq 0 ]
then
 echo "All servers are online"
 exit $STATUS_OK
else
 s=0
  echo -n "Following servers are offline: "
  while [ $s -lt ${#OFFLINE_ARRAY[*]} ]
   do
    echo -n "${OFFLINE_ARRAY[$s]} "
    ((s+=1))
   done
   echo
  exit $STATE_CRITICAL
fi
 
 
 
done

Linux:How to run c program in linux

June 4th, 2010

1. Open an editor in linux Example vi editor
2. Write a simple program and save it as progra1.c

  #include <stdio.h>
  int main (void)
{
printf ("Programming is fun.\n");
return 0;
}

3. compile the program : $ gcc prog1.c
4. Run the program : ./a.out
Or
5.you can give it a different name : gcc prog1.c –o prog1
Now run the program by typing : prog1

Linux:How to configure logrotate for ModSecurity(source install)

April 26th, 2010

Problem: When you install Mod-security from source , by default log-rotate will not rotate those logs file as the path for log files are not defined logrotate configuration file by default. So if you want to allow logo-ratate to rotate your modsecurity log files. here is the steps:

1. Create a file modsecurity under /etc/logrotate.d

 cd /etc/logrotate.d/
touch modsecurity

2. Copy and past bellow lines in their

#Bellow is my modsecurity log file (/opt/modsecurity/var/log/audit.log)
 
/opt/modsecurity/var/log/audit.log {
    missingok
    notifempty
    postrotate
 ##Restart the apache daemon
       /usr/local/apache/bin/apachectl graceful > /dev/null 2>/dev/null || true
    endscript
}

Now you can forcefully rotate log files by executing bellow commands:

 
logrotate -f /etc/logrotate.conf

Linux:How to create multiple OpenVPN instances

April 26th, 2010

Problem :
How to configure openvpn to create multiple instances and listen more then 2 ports(1194,1195) ??
Solution:
you need more then 2 openvpn configuration file. example : openvpn.conf and openvpn1.conf

Now you need to define different port , Server Ip address,ifconfig-pool-persist, and log files

For openvpn.conf :

port 1194
proto tcp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
log         openvpn.log
log-append  openvpn.log

For openvpn1.conf :

 
port 1195
proto tcp
dev tun
server 192.168.1.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/config2/ipp.txt
log         /etc/openvpn/config2/openvpn.log
log-append  /etc/openvpn/config2/openvpn.log

Now start openvpn daemon with these 2 config file separately

shell> openvpn –config /etc/openvpn/openvpn.conf &
shell> openvpn –config /etc/openvpn/openvpn1.conf &

Or add this into /etc/rc.local file so that when computer will reboot , it will start automatically.

so now if you take ifconfig output , it will show like this

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.1.1  P-t-P:192.168.1.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Nagios script to monitor memory uses

April 23rd, 2010

Purpose:
###########################################
Develop a nagios script, which will monitor Linux memory uses.
###########################################

This script will check following :
#############################################
#1.If free memory is more then the defined memory as free: Status Done
#2.If System is using swap memory : Status:Done
##############################################

#!/bin/bash
 
#Version 1.0
#######################################
#Nagios scrept to check memory status##
#Commands : fre -m#####################
#######################################
 
 
#Status check for nagios script
 
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
 
#Define All the variables for commands
 
declare -rx SCRIPT=${0##*/}
declare -rx CMD_AWK="/bin/awk"
declare  -rx CMD_CAT="/bin/cat"
declare  -rx CMD_FREE="/usr/bin/free"
declare  -rx CMD_VMSTAT="/usr/bin/vmstat"
declare  -rx CMD_GREP="/bin/grep"
 
#####Section 1.1 :Definning function for free memory checking########
#Definning function to check free memory status#####################
##########################################
 
function FUNC_FREE_CMD
 
{
 
MEM_STATUS=$( $CMD_FREE -m | grep buffers/cache | awk '{print $4}')
 
 
########Checking if Current memory is critial or normal ######
 
if [ $MEM_STATUS -le 325 ]
then
 
#echo "Critical,Memory Level: $MEM_STATUS"
echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_CRITICAL
fi
 
if [ $MEM_STATUS -le 350 ]
then
 
echo "Warnings,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
exit $STATE_WARNING
 
else
echo "Memory Seems Ok,Total Memory is: $MEM_STATUS|Memory_level=$MEM_STATUS;350;325;0"
#echo "Critical,Memory Level: $MEM_STATUS|Memory_level=$MEM_STATUS"
#exit $STATE_OK
fi
 
}
 
#####Section 2.1 Definning function for checking swap uses###########
#### Commands: free -m | grep Swap | awk '{print $3}################
###################################################################
 
function FUNC_FREE_SWAP_CMD
{
 
SWAP_STATUS=$( $CMD_FREE -m | grep Swap | awk '{print $3}')
 
if [ $SWAP_STATUS -ne 0 ]
then
echo "System is using swap:$SWAP_STATUS"
echo "Lets Try to find out how much swap system using by using vmstat output"
 
fi
 
}
 
######Section 3.1, Definning funtion , to check how much swap in and swap out for  5 seconds####
#####Commands : vmstat
###############################################################################################
 
 
 
function FUNC_VMSTAT_CMD
{
 
#echo $( $CMD_VMSTAT 3 5 | $CMD_GREP "^[ ][0-9]"|  $CMD_AWK 'BEGIN{for(n=1;n<=8;n++){printf("%s ", "Average Uses:" [3]/5)}}')
echo $( $CMD_VMSTAT 3 5 | $CMD_GREP "^[ ][0-9]"|  $CMD_AWK 'BEGIN{for(n=1;n<=8;n++){printf("Average Uses:" s[3]/5)}}')
 
}
 
 
#############Section 3.1 calling  all  functions###############
###Function from section 1.1:To Calculate Free memory##############
###Funciton from section 2.1:To calucate  Swap uses ###############
FUNC_FREE_CMD
FUNC_FREE_SWAP_CMD
FUNC_VMSTAT_CMD

configure nrpe(nagios) to listen on different port

April 15th, 2010

Purpose : Some times Isp Or vps provider they block port 5666 Or for any reason if you want to configure nrpe to listen different port example 15666, follow as bellow:

On the Remote host(linux-vps) :

1. Change the Port number in : /etc/xinetd.d/nrpe

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
       port            = 15666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 ip.of.nagios.server
}

2. Change port number : vi /etc/services

nrpe            15666/tcp                        # NRPE

3. Change port number in : /usr/local/nagios/etc/nrpe.cfg

server_port=15666

4 . Restart nrpe daemon : service xinetd restart

On the server(nagiosserver) :
Purpose : Example, I have more then 10 linux server. 9 of them listen port 5666 , but only one of them listen port 15666 . So I need to create a different set of commands for nagios server to connect that nrpe client on different port.

1. Create a command in command.cgi file ( /usr/local/nagios/etc/objects/commands.cgi)

#This is slightly modified from check_nrpe command
#Because Vps company they blocked port 5666
#So i had to configure linuxvps server to listen on port  15666, So
#I need to create a different command to connect to different port
 
define command{
command_name check_nrpe_vps
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 15666 -c $ARG1$
}

2. Now call this check_nrpe_vps commands from host definition file
Example : host definition file for linuxvps is : linuxvps.cgi ( /usr/local/nagios/etc/objects/linuxvps.cgi)

   define service{
   use generic-service
   host_name linuxvps
   service_description CPU Load
  check_command check_nrpe_vps!check_load
}

3. now Call this linuxvps.cgi from nagios.cfg file

  cfg_file=/usr/local/nagios/etc/objects/linuxvps.cfg

4. restart the nagios.
So now this nagios server will connect to nrpe client via 15666 port.

Cisco:Basic commands to setup a cisco switch

April 12th, 2010

Privileges mode password :

enable , configure t, enable secret test

How to lock down telnet port :

enable, configure t , line vty 0 15 , login , password test

How to lock down console port :

enable , configure t, line console 0 , login, password test

How to set logoin banner

enable, configure t, banner motd ) , Please dont log on )

How to setup host name :

enable, configure t , hostname MasterSwitch

HOw to setup logigin synchronous

enable, configure t, line console 0 , logging synchronous 
also
line vty 0 15 , logging synchronous

How to setup Time out :

configure t, line console 0, exec-timeout 800 0

How to stop domain lookup :

configure t , no ip domain-lookup

How to set-up Ip into vlan :

configure t, interface vlan 1, ip address 192.168.1.10 255.255.255.0 , no shutdown

How to setup a default gateway

configure t , ip default-gateway 192.168.1.1

How to create short cut of commands/ :

do show ip interface brief   ( From any where)

how to view what ports are connected to what’s :

show cdp neighbors
show cdp neighbors detail

How to view mac address table :

show mac-address-table

How to save config file

configure terminal
service password-encryption

How to encrypt all the password :

configure terminal
service password-encryption

Linux :file and directory permission

April 8th, 2010

Octal Permission:

0 — 000 All types of access are denied
1 –x 001 Execute access is allowed only
2 -w- 010 Write access is allowed only
3 -wx 011 Write and execute access are allowed
4 r– 100 Read access is allowed only
5 r-x 101 Read and execute access are allowed
6 rw- 110 Read and write access are allowed
7 rwx 111 Everything is allowed

Linux-Memory Performance statistics

March 31st, 2010

Ref: Optimizing Linux® Performance: A Hands-On Guide to Linux® Performance Tools

Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-what-to-monitor.html

Ref:http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/admin-primer/s1-resource-rhlspec.html

Basic explanation of memory related words:

Swap (Not Enough Physical Memory)

All systems have a fixed amount of physical memory in the form of RAM chips.
The Linux kernel allows applications to run even if they require more memory
than available with the physical memory.The Linux kernel uses the hard drive
as a temporary memory. This hard drive space is called swap
space.

Buffers and Cache (Too Much Physical Memory)

 if your system has much more physical memory than required by your applications,
Linux will cache recently used files in physical memory so that subsequent accesses to that file do
not require an access to the hard drive. This can greatly speed up applications that access the hard
drive frequently, which, obviously, can prove especially useful for frequently launched applications.
Note :  most tools that report statistics about “cache” are actually referring to
disk cache.

Buffer:

In addition to cache, Linux also uses extra memory as buffers. To further optimize applications,
Linux sets aside memory to use for data that needs to be written to disk. These set-asides are called
buffers. If an application has to write something to the disk, which would usually take a long time,
Linux lets the application continue immediately but saves the file data into a memory buffer. At some
point in the future, the buffer is flushed to disk, but the application can continue immediately.

Low Memory is not always bad thing:

It can be discouraging to see very little free memory in a system because of the cache and buffer
usage, but this is not necessarily a bad thing. By default, Linux tries to use as much of your memory
as possible. This is good. If Linux detects any free memory, it caches applications and data in the
free memory to speed up future accesses. Because it is usually a few orders of magnitude faster to
access things from memory rather than disk, this can dramatically improve overall performance.
When the system needs the cache memory for more important things, the cache memory is erased
and given to the system. Subsequent access to the object that was previously cached has to go out
to disk to be filled.

Active Versus Inactive Memory

Active memory is currently being used by a process. Inactive memory is memory that is allocated
but has not been used for a while. Nothing is essentially different between the two types of memory.
When required, the Linux kernel takes a process’s least recently used memory pages and moves
them from the active to the inactive list. When choosing which memory will be swapped to disk, the
kernel chooses from the inactive memory list.

High Versus Low Memory

For 64bit processor it does not matter  because they can
directly address additional memory that is available in current system
For 32-bit processors (for example, IA32) with 1 GB or more of physical of memory, Linux must
manage the physical memory as high and low memory. The high memory is not directly accessible
by the Linux kernel and must be mapped into the low-memory range before it can be used.

Bottom line is : If system does not use Swap , there is no need to worry about ,but will have to keep on eye : cache, buffer,free ram. Memory Performance monitoring tools as bellow , which provide

* How much swap is being used

* How the physical memory is being used

* How much free ram.

Memory Performance monitoring tools and related commands:

1.vmstat

2.free -m

3.slabtop

4.top ( Press Shift + m )

5. Ps command

6.procinfo ( yum install procinfo)

6.sar [-B -W -r] ( sysstat packages, yum install sysstate)

Vmstat uses :

 vmstat [-a] [-s] [-m]

vmstat command line options :

-a This changes the default output of memory statistics to indicate the active/
inactive amount of memory rather than information about buffer and cache
usage.
-s  This prints out the vm table. This is a grab bag of differentstatistics about the
system since it has booted. It cannot be run in sample mode. It contains both
memory and CPU statistics.
-m This prints out the kernel’s slab info. This is the same information that can be
retrieved by typing cat/proc/slabinfo. This describes in detail how the
kernel’s memory is allocated and can be helpful to determine what area of the
kernel is consuming the most memory.

Memory Specific vmstat Output statistics swpd:

The total amount of memory currently swapped to disk.
free The amount of physical memory not being used by the operating system or
applications.

buff:

The size (in KB) of the system buffers, or memory used to store data waiting
to be saved to disk. This memory allows an application to continue execution
immediately after it has issued a write call to the Linux kernel (instead of
waiting until the data has been committed to disk).

cache :

The size (in KB) of the system cache or memory used to store data previously
read from disk. If an application needs this data again, it allows the kernel to
fetch it from memory rather than disk, thus increasing performance. &lt;/pre&gt;

active:

 The amount of memory actively being used. The active/ inactive statistics are
orthogonal to the buffer/cache; buffer and cache memory can be active and

inactive:

inactive The amount of inactive memory (in KB), or memory that has not been used
for a while and is eligible to be swapped to disk.

si

:

 The rate of memory (in KB/s) that has been swapped in from disk during the
last sample.

so :

The rate of memory (in KB/s) that has been swapped out to disk during the last
sample.

pages paged in

:

 The amount of memory (in pages) read from the disk(s) into the system buffers.
(On most IA32 systems, a page is 4KB.)

pages paged out :

 The amount of memory (in pages) written to the disk(s) from the system cache.
(On most IA32 systems, a page is 4KB.)

pages swapped in

:

 The amount of memory (in pages) read from swap into system memory.

pages swapped in/out :

 The amount of memory (in pages) written from system memory to the swap.

used swap :

 The amount of swap currently being used by the Linux kernel.

free swap:

 The amount of swap currently available for use.

total swap

:

 The total amount of swap that the

Free Command free can be invoked using the following command line:

free [ -l] [-t] [-s delay ] [-c count ]

Output :

[root@sandbox ~]# free -m
             total       used       free     shared    buffers     cached
Mem:           375        355         19          0        177         86
-/+ buffers/cache:         91        283
Swap:         2000          0       2000

Total:

 This is the total amount of physical memory and swap.

Used

This is the amount of physical memory and swap in use.

Free

 This is the amount of unused physical memory and swap.

Shared

 This is an obsolete value and should be ignored.

Buffers

This is the amount of physical memory used as buffers for disk writes.

Cached

This is the amount of physical memory used as cache for disk reads.

-/+ buffers/cache

 In the Used column, this shows the amount of memory that would be used if
buffers/cache were not counted as used memory. In the Free column, this
shows the amount of memory that would be free if buffers/cache were counted
as free memory.

Low

The total amount of low memory or memory directly accessible by the kernel.

High

The total amount of high memory or memory not directly accessible by the
kernel.

Totals

This shows the combination of physical memory and swap for the Total,
Used, and Free columns.

Sar Command
sar can be invoked with

 sar [-B] [-r] [-R]

Sar Command line options

-B

This reports information about the number of blocks that the kernel swapped

to and from disk. In addition, for kernel versions after v2.5, it reports information about the number of page faults.
-W

This reports the number of pages of swap that are brought in and out of the system.

-r

 This reports information about the memory being used in the system. It includes
information about the total free memory, swap, cache, and buffers being used

Explanation of Sar -B output

pgpgin/s:-    The amount of memory (in KB) that the kernel paged in from disk.
pgpgout/s:-  The amount of memory (in KB) that the kernel paged out to disk.
fault/s:-       The total number of faults that that the memory subsystem needed to fill. These
may or may not have required a disk access.
maj flt/s:-    The total number of faults that the memory subsystem needed to fill and required a disk access.
pswpin/s:-    The amount of swap (in pages) that the system brought into memory.

Explanation of Sar -W output:

pswpout/s:-    The amount of memory (in pages) that the system wrote to swap.
kbmemfree:-    This is the total physical memory (in KB) that is currently free or not being
used

Explanation of Sar -r output :

 
kbmemused:-   This is the total amount of physical memory (in KB) currently being used.
%memused:-   This is the percentage of the total physical memory being used.
kbbuffers:-     This is the amount of physical memory used as buffers for disk writes.
kbcached:-     This is the amount of physical memory used as cache for disk reads.
kbswpfree:-    This is the amount of swap (in KB) currently free.
kbswpused:-   This is the amount of swap (in KB) currently used.
%swpused:-   This is the percentage of the swap being used.
kbswpcad:-    This is memory that is both swapped to disk and present in memory. If the
memory is needed, it can be immediately reused because the data is already
present in the swap area.
frmpg/s:-       The rate that the system is freeing memory pages. A negative number means
the system is allocating them.
bufpg/s:-       The rate that the system is using new memory pages as buffers. A negative
number means that number of buffers is shrinking, and the system is using less
of them

529/Failure Audit(MICROSOFT_AUTHENTICATION_PACKAGE_V1_0)

March 29th, 2010

Ref: http://www.winvistatips.com/security-log-eventid-529-smtp-t673781.html
Ref: http://www.pcreview.co.uk/forums/thread-1596278.php

Bad guys are trying to authenticate server via port 25.
How to reproduce this log:

# Type telnet 25,and then press ENTER.
# Type EHLO , and then press ENTER.
# Type AUTH LOGIN. The server responds with an encrypted prompt for your user name.
# Enter your user name encrypted in base 64. You can use one of several tools that are available to encode your user name.
# The server responds with an encrypted base 64 prompt for your password. Enter your password encrypted in base 64.
# Type MAIL FROM:, and then press ENTER. If the sender is not permitted to send mail, the SMTP server returns an error.
# Type RCPT TO:,and then press ENTER.If the recipient is not a valid recipient or the server does not accept mail for this domain, the SMTP server returns an error.
# Type DATA.

Or by using hacking tools : Xscan

Solution: You can minimizing the attack by enabling tar pitting
Ref : http://support.microsoft.com/kb/842851/en-us

how to configure logrotate for apache log files

March 24th, 2010

Problem : When you install apache from source , by default logrotate will not rotate those logs file as the path for log files are different.

Solution: You can edit httpd file under /etc/logrotate.d/ directory and insert bellow lines

/usr/local/apache/logs/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /usr/local/apache/bin/apachectl graceful > /dev/null 2>/dev/null || true
    endscript
}

Now you can forcefully rotate log files by executing bellow commands:

logrotate -f /etc/logrotate.conf

Linux:How to use aide to check file system integrity

March 15th, 2010

Installing Aide:

Yum install aide

Creating the database:

aide -c /etc/aide.conf –i
Output : AIDE database at /var/lib/aide/aide.db.new.gz initialized.
This process creates a new file, aide.db.new.gz in /var/lib/aide/.You must rename this file to aide.db.gz, which is the correct name for the AIDE database.

Testing Aide:

aide -c /etc/aide.conf –C

Cisco:Basic commands to setup a cisco router

March 10th, 2010

How to lock the privilege mode :

 enable
 configure terminal
 enable secret cisco

How to secure vty ?

enable
configure terminal
line vty 0 15   [ for help type line vty ? ]
login
password cisco

How to secure console port?

enable
configure terminal
line con 0
login
password cisco

How to secure the aux port?

enable
configure terminal
line aux 0
login
password cisco

How to setup banner?

enable
configure terminal
banner motd  #
Please dont log in #

How to encrypt all the password :

configure terminal
service password-encryption

How to change host name?

configure terminal
hostname R2

How to setup logging synchronous?

configure terminal
line console 0
logging synchronous 
line vty 0 15
logging synchronous

How to stop domain lookup?

configure terminal
no ip domain-lookup

How to setup Ip address?

r1#show ip interface brief 	 
configure terminal	 
interface FastEthernet 0/1	 
no shutdown	 
ip address 192.168.1.1 255.255.255.0	 
description Link to switch2

how to allow router to speak with Isp/How to create default route to isp

ip route 0.0.0.0 0.0.0.0 ip-of-isp
meaning: it say to router, if you dont know anything sent it to isp router.

How to allow Internal network to access internet :
Step 1 :
label the interface

configure terminal	 
interface FastEthernet 0/1	 
ip nat inside
exit
interface FastEthernet 0/0
ip nat outside

Step 2 :
Create Access list to allow Internal lan to use NAT

configure terminal
ip access-list standard NAT_ADDRESS
permit 10.0.0.0 0.0.0.255

Step 3 :
Enable nat overload

ip nat inside source list NAT_ADDRESS interface FastEthernet 0/0 overload

How to do port forwarding from router to devices

configure terminal
ip nat inside source static tcp 10.0.0.227 25 interface Ethernet0/0 25

How to distribute static/default route to others routers:

configure terminal
router rip
redistribute static
meaning: it will give default route to each router in the organizations.so we don't have to create default router into each router.

Linux SVN/Subversion Usefull commands

February 25th, 2010

Ref:http://svnbook.red-bean.com/en/1.5/svn.tour.cycle.html#svn.tour.cycle.update

(A) How to install and Import directory into repository:
Click here

(B)How to get working copy from svn repository into local machine?
Goto Your home directory , example : cd /root
Now execute bellow commands

[root@mail ~]# svn checkout file:///svn
A    svn/script
A    svn/script/checkmemory.sh
A    svn/config
A    svn/config/httpd-vhosts
Checked out revision 2.

Now you will see there is a directory call svn has been created in to your home directory and this svn has all the files we added before
Example :

[root@mail ~]# ls
 rpmforge-release-0.3.6-1.el5.rf.i386.rpm
epel-release-5-3.noarch.rpm  script
svn
[root@mail ~]# cd svn
[root@mail svn]# ls
config  script
[root@mail svn]# cd script/
[root@mail script]# ls
checkmemory.sh
[root@mail script]# pwd
/root/svn/script
[root@mail script]#

NOte : If you want to just check out only one directory example script. then command would be :

[root@mail ~]# svn checkout file:///svn/script
A    script/checkmory.sh
Checked out revision 2.

(C) How to get the Updated copy of the working directory

[root@mail script]# svn update
U    checkmemory.sh
Updated to revision 3.
[root@mail script]#

While you are working on a file.if any one changes to that file and you want to download those changes, then svn update will give the up to date file.

(D) How to add directory or file to the repository

[root@mail script]# svn add check_cpu.sh check_memory.sh
A         check_cpu.sh
A         check_memory.sh
[root@mail script]#
 
Note : Dont forget to run bellow command to make the update permanently
svn commit

(E) How to delete file or directory

 [root@mail script]# svn delete check_memory.sh 
D         check_memory.sh

(F) How to view overall changes of local modifications

[root@mail script]# svn status
A       check_ping
M       check_cpu.sh
[root@mail script]#

(G) How to view the details of local modifications

For Every modifications( every files)
[root@mail script]# svn diff
Index: check_ping
===================================================================
--- check_ping  (revision 0)
+++ check_ping  (revision 0)
@@ -0,0 +1 @@
+This is a test insert
Index: check_cpu.sh
===================================================================
--- check_cpu.sh        (revision 4)
+++ check_cpu.sh        (working copy)
@@ -0,0 +1 @@
+This is a test line
[root@mail script]#
 
For a particular file:
 
[root@mail script]# svn diff check_cpu.sh
Index: check_cpu.sh
===================================================================
--- check_cpu.sh        (revision 4)
+++ check_cpu.sh        (working copy)
@@ -0,0 +1 @@
+This is a test line
[root@mail script]#

(H) How to commit changes ( update your working copy with svn repository)

   svn commit

Before committing , it will open vim editor and you need to insert some comments about what you updating for your/Other peoples references.

(I) How to check history ?
Ref :http://svnbook.red-bean.com/en/1.5/svn.tour.history.html

[root@mail script]# svn log
------------------------------------------------------------------------
r5 | root | 2010-02-25 14:10:45 +0000 (Thu, 25 Feb 2010) | 3 lines
 
Added Check_ping file
Modified check_cpu file
 
------------------------------------------------------------------------
r4 | root | 2010-02-25 13:55:01 +0000 (Thu, 25 Feb 2010) | 2 lines
 
Added Check_cpu and Delete check_memory.sh file
 
------------------------------------------------------------------------
r3 | root | 2010-02-25 13:42:52 +0000 (Thu, 25 Feb 2010) | 2 lines
 
Just update
 
------------------------------------------------------------------------
r1 | root | 2010-02-25 11:19:54 +0000 (Thu, 25 Feb 2010) | 2 lines
 
Just Adding a directory
 
------------------------------------------------------------------------

Meaning of A,C,D,M:

A item
 
    The file, directory, or symbolic link item has been scheduled for addition into the repository.
C item
 
    The file item is in a state of conflict. That is, changes received from the server during an update overlap with local changes that you have in your working copy (and weren't resolved during the update). You must resolve this conflict before committing your changes to the repository.
D item
 
    The file, directory, or symbolic link item has been scheduled for deletion from the repository.
M item
 
    The contents of the file item have been modified.

How to install Subversion

February 25th, 2010

Ref:http://svnbook.red-bean.com/en/1.5/index.html

(A) To install Subversion : yum install mod_dav_svn subversion
(B) How to create a Repo :

svnadmin create /svn

So it will create a svn directory under / directory

[root@mail /]# pwd
/
[root@mail /]# ls
aquota.group  boot      dev   lib    opt   sbin     svn  usr
aquota.user   conffile  etc   media  proc  selinux  sys  var
bin           data      home  mnt    root  srv      tmp
[root@mail /]#

(C) How to import Directory in svn repos ?

 svn import directory/ file:///svn/directory

output :

[root@mail /]# svn import /root/script/ file:///svn/script
Adding         /root/script/checkmory.sh
 
Committed revision 1.

Note After typing the svn import command it will open a Vim editor ,and will ask you to write some comments about this import
Example: I would of write: I am adding the /root/script directory into svn repository.
Pic:

Svn Asking to input comments before adding directory to repository

Svn Asking to input comments before adding directory to repository

Note : if you see bellow error :

svn: Could not use external editor to fetch log message; consider setting the $SVN_EDITOR environment variable or using the --message (-m) or --file (-F) options
svn: None of the environment variables SVN_EDITOR, VISUAL or EDITOR are set, and no 'editor-cmd' run-time configuration option was found

which means: you need to add “vim ” program path into bash_profile files

How to add vim programm path in .bash_profile file :

vi /root/.bash_profile
add this line :
export SVN_EDITOR="/bin/vi"

Now save the file and logoff and log on agian

(d) How to check list of projects in svn repo

[root@mail /]# svn list file:///svn

Output :

script/

Which means script directory has been added into svn repository.
Now if you want to see what is inside script directory

[root@mail /]# svn list file:///svn/script
checkmemory.sh

nagios script for checking mysql server replication status between 4 servers

February 22nd, 2010

Ref : http://onlamp.com/pub/a/onlamp/2006/04/20/advanced-mysql-replication.html?page=2

Date:22/02/2010
This Script is still under development.

Purpose:

Develop a nagios script, which would be able to check replication status between 4 Master/Master Server.

This scripy will check following :

#1.Each Mysql servers are online : Stats: Done
#2.If Slave process is running : Status:Done
#3.If Slave IO process is running : Status:Done
#4.If There is any bin log position difference between Master/Slave :Status:Done
#5.Check time in processlist for(Has read all relay log; waiting for the slave I/O thread to update it) for further repliation related problems. Status: Under Development
#6.If problem found,change Master server info in Slave, and connect to differerent Master server. :Status :Under Development
#7. Change Dns record(A record) to stop comming http request to the problematic server:Status:Under Development

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
 
 
#!/bin/bash
################################################################################
#SVN Version: 28
#Script Version 28
#Purpose of this script:
#Check Bellow options between 4 mysql Master/Master Replication
#1.Every Mysql servers are online: Status:Done
#2.If Slave process is running:    Status:Done
#3.If Slave IO process is running: Status:Done
#4.If There is any bin log position difference between Master/Slave: Status:Done
#5.Check time in processlist for:Status: In Development
#6.If problem found change  Master server info in Slave
#7. Change Dns record(A record) to stop comming http request to the problematic sever
#################################################################################
 
#Status check for nagios script
 
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
 
 
#Define All the variables
 
declare -rx SCRIPT=${0##*/}
declare -rx CMD_AWK="/bin/awk"
declare -rx CMD_MYSQL="/usr/local/mysql/bin/mysql"
declare -rx CMD_GREP="/bin/grep"
 
##Define value for nagios is to fire for certain conditions for log check
 
CRITICAL_VALUE=100
CRITICAL_VALUE=50
NORMAL_VALUE=0
 
#######################################################################
#####Define All the servers Ip, username and password for mysql server#
#######################################################################
declare -rx SLV_MSTRServerA="Ip.of.your.server"
declare -rx SLV_MSTRServerA_USER="noslave"
declare -rx SLV_MSTRServerA_PASSWD="password"
 
#Slave/Master ServerB (NodeB-web.yourdomian.co.uk)
 
declare -rx SLV_MSTRServerB="ip.of.your.server"
declare -rx SLV_MSTRServerB_USER="noslave"
declare -rx SLV_MSTRServerB_PASSWD="password"
 
#Slave/Master ServerC (NodeC-http.yourdomain.local)
 
declare -rx SLV_MSTRServerC="localhost"
declare -rx SLV_MSTRServerC_USER="noslave"
declare -rx SLV_MSTRServerC_PASSWD="password"
 
 
#Slave/Master ServerD (NodeD-beaver.yourdomain.local)
 
declare -rx SLV_MSTRServerD="ip.of.your.server"
declare -rx SLV_MSTRServerD_USER="noslave"
declare -rx SLV_MSTRServerD_PASSWD="password"
 
#Global Variables
declare -a result
 
 
#Definning Variable for Array
 
declare -a SLV_MSTRServerS=($SLV_MSTRServerA $SLV_MSTRServerB $SLV_MSTRServerC $SLV_MSTRServerD)
declare -a SLV_MSTRServerS_USERS=($SLV_MSTRServerA_USER $SLV_MSTRServerB_USER $SLV_MSTRServerC_USER $SLV_MSTRServerD_USER)
declare -a SLV_MSTRServerS_PASSWD=($SLV_MSTRServerA_PASSWD $SLV_MSTRServerB_PASSWD $SLV_MSTRServerC_PASSWD $SLV_MSTRServerD_PASSWD )
declare -a SLV_ServerAppLS=("SLV_MAIL" "SLV_WEB" "SLV_HTTP" "SLV_BEVR")
declare -a MSTR_ServerAppLS=("MSTR_MAIL" "MSTR_WEB" "MSTR_HTTP" "MSTR_BEVR")
 
 
###########################################################
#Section-1.0:function-Command: My Mysql Servers are online#
###########################################################
 
function FUNC_CHECK_SERVER_ONLINE_CMD
{
 
$CMD_MYSQL -h "$1"  -u"$2" -p"$3" -e "show slave status\G" >/dev/null 2>&1
 
return $?
 
}
 
 
###########################################################
#Section-2.0: Function-Command:If Slave_IO_Running#########
###########################################################
 
function FUNC_CHK_SLV_IO_RUN_CMD
{
 
echo $($CMD_MYSQL -h "$1"  -u"$2" -p"$3" -e "show slave status\G" | $CMD_GREP Slave_IO_Running | awk '{ print $2 }' )
 
}
 
 
##########################################################
#Section-3.0: Function-Command:If Slave_SQL_running#######
##########################################################
 
function FUNC_CHK_SLV_SQL_RUN_CMD
{
 
echo $($CMD_MYSQL -h "$1"  -u"$2" -p"$3" -e "show slave status\G" | $CMD_GREP Slave_SQL_Running | awk '{ print $2 }' )
 
}
 
##########################################################
#Section-4.0: Function-Command:#######
##########################################################
 
function FUNC_CHK_SLV_LOG_POS_CMD
{
 
echo $($CMD_MYSQL -h "$1"  -u"$2" -p"$3" -e "show slave status\G" | $CMD_GREP Read_Master_Log_Pos | awk '{ print $2}' )
 
 
}
 
 
 
##########################################################
#Section-5.0: Function-Command:#######
##########################################################
 
function FUNC_CHK_MSTR_LOG_POS_CMD
{
 
echo $($CMD_MYSQL -h "$1"  -u"$2" -p"$3" -e "show master status" | $CMD_GREP bin | cut -f2 )
 
 
}
 
 
###########################################################
#Section-1.1: If all Mysql Server is Online################
##Implementing Secton 1.0(ref:FUNC_CHECK_SERVER_ONLINE_CMD#
###########################################################
 
function FUNC_CHECK_SERVER_ONLINE()
{
i=0
COUNT=${#SLV_MSTRServerS[*]}
while [ $i -lt $COUNT ]
do
 
if ! $(FUNC_CHECK_SERVER_ONLINE_CMD "${SLV_MSTRServerS[$i]}" "${SLV_MSTRServerS_USERS[$i]}" "${SLV_MSTRServerS_PASSWD[$i]}"  )
 
then
echo " Server IP: ${SLV_MSTRServerS[$i]},is not running "
exit $STATE_CRITICAL
exit 99
fi
 
 
i=$(($i+1))
 
done
 
#echo "All Server are Online"
#exit $STATE_OK
 
}
 
 
###########################################################
#Section-2.1: If Slave_IO_Running IS RUNNING OR NOT########
##Implementing Secton 2.0(ref:FUNC_CHK_SLV_IO_RUN_CMD######
###########################################################
 
 
 
function FUNC_CHK_SLV_IO_RUN()
{
 
i=0
COUNT=${#SLV_MSTRServerS[*]}
while [ $i -lt $COUNT ]
do
result[$i]=$(FUNC_CHK_SLV_IO_RUN_CMD "${SLV_MSTRServerS[$i]}" "${SLV_MSTRServerS_USERS[$i]}" "${SLV_MSTRServerS_PASSWD[$i]}" )
i=$(($i+1))
done
 
 
i=0
while [ $i -lt $COUNT ]
do
if [ ${result[$i]} != "Yes" ]
then
echo "In Server IP: ${SLV_MSTRServerS[$i]},Slave_IO_running is not running "
exit $STATE_CRITICAL
 
fi
i=$(($i + 1 ))
done
#echo "ALL Servers are running fine"
#exit $STATE_OK
 
}
 
###########################################################
#Section-3.1: IF Slave_SQL_Running OR NOT#################
##Implementing Secton 3.0(ref:FUNC_CHK_SLV_SQL_RUN_CMD#####
###########################################################
 
function FUNC_CHK_SLV_SQL_RUN()
 
{
i=0
COUNT=${#SLV_MSTRServerS[*]}
while [ $i -lt $COUNT ]
 
do
result[$i]=$(FUNC_CHK_SLV_SQL_RUN_CMD "${SLV_MSTRServerS[$i]}" "${SLV_MSTRServerS_USERS[$i]}" "${SLV_MSTRServerS_PASSWD[$i]}" )
i=$(($i+1))
done
 
 
i=0
while [ $i -lt $COUNT ]
do
if [ ${result[$i]} != "Yes" ]
then
echo "In Server IP: ${SLV_MSTRServerS[$i]},Slave_SQL_Running is not running "
exit $STATE_CRITICAL
 
fi
i=$(($i + 1 ))
done
 
 
}
 
###########################################################
#Section-4.1: GETTING MASTER LOG POSITION FROM EACH SLAVE##
##Implementing Secton 4.0(ref:FUNC_CHK_SLV_LOG_POS_CMD#####
###########################################################
 
 
function FUNC_CHK_SLV_LOG_POS ()
 
{
i=0
COUNT=${#SLV_MSTRServerS[*]}
while [ $i -lt $COUNT ]
 
do
result[$i]=$(FUNC_CHK_SLV_LOG_POS_CMD "${SLV_MSTRServerS[$i]}" "${SLV_MSTRServerS_USERS[$i]}" "${SLV_MSTRServerS_PASSWD[$i]}" )
i=$(($i+1))
done
 
i=0
while [ $i -lt $COUNT ]
do
eval ${SLV_ServerAppLS[$i]}=${result[$i]}
 
 
i=$(($i + 1 ))
done
 
 
}
 
###########################################################
#Section-5.1: GETTING MASTER LOG POSITION FROM EACH MASTER#
##Implementing Secton 5.0(ref:FUNC_CHK_MSTR_LOG_POS_CMD#####
###########################################################
 
 
 
function FUNC_CHK_MSTR_LOG_POS ()
 
{
i=0
COUNT=${#SLV_MSTRServerS[*]}
while [ $i -lt $COUNT ]
 
do
result[$i]=$(FUNC_CHK_MSTR_LOG_POS_CMD "${SLV_MSTRServerS[$i]}" "${SLV_MSTRServerS_USERS[$i]}" "${SLV_MSTRServerS_PASSWD[$i]}" )
i=$(($i+1))
done
 
 
i=0
while [ $i -lt $COUNT ]
do
eval ${MSTR_ServerAppLS[$i]}=${result[$i]}
 
 
i=$(($i + 1 ))
done
 
 
}
 
#########################################################################################
 
#Section-4.1/5.1: FIND OUT LOG POSITION DIFFERENCE#######################################
##Implementing Secton 4.1 and 5.1(ref:FUNC_CHK_SLV_LOG_POS) AND   FUNC_CHK_MSTR_LOG_POS##
#########################################################################################
 
 
function FUNC_FIND_LOG_POS_DIFF ()
 
{
################################################################
##Calling FUNC_CHK_SRV_LOG_POS and FUNC_CHK_MSTR_LOG_POS########
## To Get All the output from Servers###########################
################################################################
 
FUNC_CHK_SLV_LOG_POS
FUNC_CHK_MSTR_LOG_POS
 
echo "Master log position from each master(show master status)"
echo "mail: $MSTR_MAIL"
echo "web: $MSTR_WEB"
echo "http: $MSTR_HTTP"
echo " beaver: $MSTR_BEVR"
 
 
 
echo "MAster log position from each  Slave(show slave status) "
echo "mail: $SLV_MAIL"
echo "web: $SLV_WEB"
echo "http: $SLV_HTTP"
echo "beaver: $SLV_BEVR"
 
 
 
 
### note : $SLV_MAIL will be equal to $MSTR_BEVR
### Note : $SLV_WEB will be equal to $MSTR_MAIL
### Note : $SLV_HTTP will be equal to $MSTR_WEB
### Note : $SLV_BEVR will be equal to $MSTR_HTTP
 
if [ $SLV_MAIL -ne $MSTR_BEVR ]
 
then
echo "Problem between Server Mail: $SLV_MAIL and Server BEVR:$MSTR_BEVR"
exit $STATE_CRITICAL
fi
 
if [ $SLV_WEB -ne $MSTR_MAIL ]
 
then
 
echo "Problem between Server WEB:$SLV_WEB and Server MAIL:$MSTR_MAIL"
exit $STATE_CRITICAL
fi
 
if [ $SLV_HTTP -ne $MSTR_WEB ]
 
then
echo "Problem between Server HTTP:$SLV_HTTP  and Server WEB:$MSTR_WEB "
exit $STATE_CRITICAL
fi
 
if [ $SLV_BEVR -ne $MSTR_HTTP ]
 
then
echo "Problem between Server BEVR:$SLV_BEVR and Server HTTP:$MSTR_HTTP"
exit $STATE_CRITICAL
fi
 
 
}
 
 
######################################################################
#Calling all function from  section [1.1,2.1,3.1,4.1,5.1]#############
######################################################################
 
FUNC_CHECK_SERVER_ONLINE
FUNC_CHK_SLV_IO_RUN
FUNC_CHK_SLV_SQL_RUN
FUNC_FIND_LOG_POS_DIFF
 
 
#####################################################################
## If there is not any error from section[1.1,2.1,3.1,4.1,5.1]#######
## then show bellow commands to ensure nagios all OK ################
#####################################################################
 
 
 
#echo $SLV_HTTP
#echo $SLV_BEVR
 
#echo $MSTR_MAIL
#echo $MSTR_WEB
#echo $MSTR_HTTP
#echo $MSTR_BEVR
 
echo "ALL Servers are running fine"
exit $STATE_OK

Linux:If Running Kernel Is 32 Or 64 Bit

February 18th, 2010

To find out, if Your kernel is 64 bit or 32 bit, run this commands

uname -a

Sample Out put for 64 bit kernel :

Linux  2.6.16.53-070731a #1 SMP Tue Jul 31 10:46:54 CEST 2007 x86_64 x86_64 x86_64 GNU/Linux

here x86_64 GNU/Linux indicates this kernel is 64 bit.

Sample Output for 32 bit kernel :

Linux sandbox.hostname.local 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010 i686 i686 i386 GNU/Linux

here i386 GNU/Linux indicates its a 32 bit kernel, also if you see i386/i486/i586/i686 which indicates its 32 bit kernel

also:
How to find if processor is 32 bit or 64 bit:
ref : http://fosiul.com/index.php/2010/02/linux-how-to-conferm-64bit32bit-capability-of-cpu/

Additional repository list for 32 bit kernel and 64 bit kernel
http://fosiul.com/index.php/2009/12/yum-repo-list-for-centos/

Linux-How to conferm 64bit/32bit capability of CPU

February 17th, 2010

How many CPU in the system :

commands : cat /proc/cpuinfo

 
[root@server ~]# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Intel(R) Xeon(TM) CPU 3.40GHz
stepping        : 3
cpu MHz         : 3401.008
cache size      : 2048 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
bogomips        : 6805.07
 
processor       : 1
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Intel(R) Xeon(TM) CPU 3.40GHz
stepping        : 3
cpu MHz         : 3401.008
cache size      : 2048 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
bogomips        : 6799.15
 
processor       : 2
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Intel(R) Xeon(TM) CPU 3.40GHz
stepping        : 3
cpu MHz         : 3401.008
cache size      : 2048 KB
physical id     : 3
siblings        : 2
core id         : 3
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
bogomips        : 6799.30
 
processor       : 3
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Intel(R) Xeon(TM) CPU 3.40GHz
stepping        : 3
cpu MHz         : 3401.008
cache size      : 2048 KB
physical id     : 3
siblings        : 2
core id         : 3
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
bogomips        : 6799.40
 
[root@server ~]#

From the example above there is 4 processor in the system [ processor 0 …. processor 3]

also :

short cut : cat /proc/cpuinfo  | grep processor
processor       : 0
processor       : 1
processor       : 2
processor       : 3


How to find out if processors are 64bit or 32 bit

From the out put cat /proc/cpuinfo, look at the flags column, if there is a word call lm , that means its
a 64bit processor.

Short cut commands :
grep flags /proc/cpuinfo

output :

[root@server ~]# grep flags /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl est cid xtpr

From the output above, all four processors has lm word, which means its 64 bit processors
if you do not see lm word, then its 32 bit processor.

Linux/windows-How to add a printer from cups by using .ppd file

February 12th, 2010

Recently I was trying to add a Canon LBP3460 Printer in my linux Server, I was trying to use .ppd which was available from canon website, but that file would not work.

so I download the file from : http://openprinting.org/printer_list.cgi , and its works perfectly .

here is the procedure::

Download the .ppd file from http://openprinting.org/printer_list.cgi

Upload the file into /usr/share/cups/model/ Directory.

Note : here I added the printer in windows 2003 server and made this printer Shareable by using port number 9100

example : port name : NPI414B70 and port number 9100

as described in the bellow picture

adding printer in windows 2003 server

adding printer in windows 2003 server

Now open your Cups interface by : https://localhost:631

Goto Administration->add new printer and follow as bellow pictues

Adding a new printer in cups (step1)

Adding a new printer in cups (step1)(Click to view Full image)

Selecting how this printer will be connected to linux

Selecting how this printer will be connected to linux

Definning the url for connecting to this printer

Definning the url for connecting to this printer(step3)(Click to view Full image)

cups5

Selecting model/driver for the printer(Step5) (Click to view Full image)

Selecting model(Step4)(Click to view Full image)

Selecting model(Step4)(Click to view Full image)

now you should be able to print from that printer.

How to install puppet in server and client

February 8th, 2010

Ref : http://docs.reductivelabs.com/guides/installation.html#open_firewall_ports_on_server_and_client

How to install puppet Client:

If yum can not find puppet software you can add bellow repo :

http://fosiul.com/index.php/2009/12/yum-repo-list-for-centos/

after adding repos

(a) yum install puppet( to install puppet client rpm)

(b) edit /etc/puppet/puppetd.conf and add references of puppet server

server = puppet-server.companydomain.com

Or Execute bellow command to connect to puppet server:
puppet agent –server fosiul.fosiul.lan –waitforcert 60 –test

(c) /usr/sbin/puppetd –verbose ( Start the client for the first time)

it will show below output

[root@pupet-client]# /usr/sbin/puppetd –verbose
warning: peer certificate won’t be verified in this SSL session
notice: Did not receive certificate

(d) Now go to Puppet Server , and type

[root@puppet-server]# puppetca –list
puppet-client.companydomain.com

(e) Now Again in the server execute bellow command, this command will sign the certificate fro the pupppet-client host.

puppetca –sign puppet-client.companydomain.com

Note :

(a) Make sure port 8140 (tcp/udp) open in puppet-server

and you have allow only puppet-client’s ip to connect puppet-server

Example :

-A RH-Firewall-1-INPUT -p tcp -m tcp -s ip-of-puppet-client –dport 8140 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s ip-of-puppet-client –dport 8140 -j ACCEPT

Linux print job administration

January 22nd, 2010

How to find every Printer Status :

lpc status

How to view print job for a particular printer:

lpq -Pprinter-spool-name
[root@Host~]# lpq -PGI_LBP
GI_LBP is ready and printing 
Example:
Rank    Owner   Job     File(s)                         Total Size<br />
active  xxx 231020  s.t-avprnt.0H9                  4096 bytes<br />
1st     xxxx   231023  s.t-avprnt.0HD                  4096 bytes</p>

How to remove a particular print job from a printer :

lprm -PGI_LBP 231020

How to remove all print job from a printer:

lprm -PGI_LBP -


How to sent a print job to a different printer

lpr -P printer-spool-name document
example:
lpr -P GI_LBP wordbook.txt

end_request: I/O error, dev fd0, sector 0 (openfiler)

January 12th, 2010

Error:

When you try to open volume groups page from open filer, either its hang or take too long to open and at the same time you see bellow error log ..

Jan 12 09:07:44 filer2 kernel: end_request: I/O error, dev fd0, sector 0
Jan 12 09:07:44 filer2 kernel: Buffer I/O error on device fd0, logical block 0

Solution for openfiler:

Remove the floppy modules from kernel or disable it from kernel.

How to remove:

# lsmod | grep -i floppy

Output should be :
floppy 95465 0

Now remove the module :
# modprobe -r floppy

How to disable:

Ref :
http://www.cyberciti.biz/faq/linux-end_request-ioerror-dev-fd0-sector0/

realtime network monitoring tools

December 24th, 2009
  1. tcptrack :http://www.rhythm.cx/~steve/devel/tcptrack/release/1.3.0/docs/tcptrack.1.html
  2. ngrep : http://www.linux.com/archive/feature/46268
  3. ntop :
  4. mrtg:
  5. vnstat: http://humdi.net/vnstat/

Deleted/Corrupted/Wrong Type/No IOS image and router won’t boot(cisco 2600)

December 24th, 2009

Deleted/Corrupted/Wrong Type/No IOS image and router won’t boot: http://www.dslreports.com/faq/13824
Break Key Sequence: http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml
ROMmon Recovery for the Cisco 2600 Series Router:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a0080094a0b.shtml
How to Download a Software Image to a Cisco 2600 via TFTP:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml

For Cisco 2600 Router :

(a) Connect to the router via Teraterm (console port)

(b) Now Turned on the router

(c) Press ALT+b to go to rommon mode

(d)

     rommon 16 > IP_ADDRESS=192.168.1.66      ( Ip of the Router)
     rommon 17 > IP_SUBNET_MASK=255.255.255.0
     rommon 18 > DEFAULT_GATEWAY=192.168.1.254
     rommon 19 > TFTP_SERVER=192.168.1.64
     rommon 20 > TFTP_FILE=c2600-is-mz.113-2.0.3.Q
     rommon 21 > TFTP_CHECKSUM=0

Note: As detailed in Cisco bug ID CSCdk81077 (registered customers only) , for Cisco 2600 and 1720 Series Routers running the ROM monitor command tftpdnld, the command might report a bad checksum comparison when it loads Cisco IOS software images of Cisco IOS Software Release 12.0(2.2)T or later.

Note: As a workaround to this problem, set the ROM monitor variable TFTP_CHECKSUM to 0. This is done by defining the variable TFTP_CHECKSUM=0 from the ROM monitor set command, and then proceeding with the tftpdnld procedure.

)

   rommon 22 > tftpdnld

After finish the upload the new ios, type

rommon 23> sync

Then reboot the router agian,it will show the old ios again.

How to install/configure bind in linux

December 18th, 2009

a)yum install bind bind-chroot bin-utils

b) go to /usr/share/doc/bind-9.3.6/sample [ here all the sample files should be installed]

c)cp -R var/* /var/named/chroot/

d)cp -R etc/* /var/named/chroot/

cp /usr/share/doc/bind-9.3.6/sample/etc/named.conf /var/named/chroot/etc/

[note : if named.conf is not that location then type : locate named.conf, it will show you where is the named.conf]

Cisco Access Control Lists (ACL) (Web link)

December 16th, 2009
  1. http://www.networkclue.com/routing/Cisco/access-lists/index.aspx

Harden Cisco IOS Devices

December 16th, 2009

Website link :

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

useful apache server documentation link

December 15th, 2009
  1. Prefix for configutraion: http://httpd.apache.org/docs/2.2/en/programs/configure.html#installationdirectories

Disclaimer

December 15th, 2009

Disclaimer: The information and content provided on this website is for reference and informational purpose only. I cannot guarantee for accuracy and completeness for any information or content published on this site. Use of the information and content on this site is at your own risk. I accept no responsibility for any loss or damage arising from the use of this website either directly or indirectly.

Fosiul Alam

How to install mod_security from source

December 15th, 2009

Ref :http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/html-multipage/installation.html

Mod security works with apache. So You will have to define where is your Apache location (if you installed Apache from source)
Here I have installed Apache in /usr/local/apache Directory
Note:
Make sure you have mod_unique_id installed :

run the bellow command to make sure mod_unique_id is installed .

bin/apachectl -l | grep  mod_unique_id.c

if this module is not installed then you will have to recompile your Apache with –-enable-unique-id
Example:

./configure  --prefix=/usr/local/apache --with-included-apr --with-php --with-mysql --with-susexec --disable-info --with-mpm=prefork --enable-so --enable-cgi --enable-rewrite --enable-ssl --enable-mime-magic --enable-unique-id

To install Mod_Security you need bellow rpms :

yum install pcre-devel
yum install apr-devel

Download modsecurity from :http://www.modsecurity.org/download/index.html

Configuring and installing Mod_Security

 
a)Download and upload modsecurity-apache_2.5.12.tar.gz in /tmp directory
 
b) tar -xvzf modsecurity-apache_2.5.12.tar.gz
 
c) cd modsecurity-apache_2.5.11
 
d) cd apache2
 
e) ./configure --with-apxs=/usr/local/apache/bin/apxs --with-pcre=/usr/bin/pcre-config --with-apr=/usr/local/apache/bin/apr-1-config --with-apu=/usr/local/apache/bin/apu-1-config
 
f)make
 
g)make intall

Configure Mod security with Apache:

a)Make a directory named modsecurity    under /usr/local/apache/conf/ and copy all the modsecurity rules there
note:
modsecurity rules will be found in modsecurity source directory "/tmp/modsecurity-apache_2.5.11/rules"  
(b) Insert the bellow lines  line in httpd.conf file(/usr/local/apache/conf/) 
    Include conf/modsecurity/*.conf
 
C)Also insert bellow lines in httpd.conf(/usr/local/apache/conf) 
 
   LoadFile /usr/lib/libxml2.so
   LoadFile /usr/lib/liblua-5.1.so  (optionals)    
          Note: This library is optional and only needed if you will be using         the new Lua engine.In that case you will have to  use      -–with-lua=PATH prefix with mod security installation. Ref : </span>http://www.modsecurity.org/documentation/modsecurity-apache   /2.5.11/html-multipage/installation.html    
   LoadModule security2_module modules/mod_security2.so 
           Note: This line should be automatically inserted while installation of mod security.If not then insert by your self.

Now Stop and restart apache service. and check apache error_log for this kind of entry :

[Tue Dec 15 12:14:10 2009] [notice] ModSecurity for Apache/2.5.11 (http://www.modsecurity.org/) configured.
[Tue Dec 15 12:14:10 2009] [notice] Original server signature: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5

Enabling mod_security:

By default , Mod_security rules is enabled, but you can check it from here :
modsecurity_crs_10_config.conf  ( location:/usr/local/apache/conf/modsecurity/)
Make sure bellow line is set to ON as bellow
 SecRuleEngine On,

Adding rules to mod_security :

Copy all the rules from base_rules directory to modsecurity directory 
 cp /tmp/modsecurity-apache_2.5.12/rules/base_rules/* /usr/local/apache/conf/modsecurity/

Note : To test your rules you can set SecRuleEngine DetectionOnly in modsecurity_crs_10_config.conf file ( location:/usr/local/apache/conf/modsecurity/) It will show you how all those rules are performing.

Now Stop and restart apache again, and look at error_log, access_log for modsecurity activity

Prefix for modsecurity installation

-–with-apxs=FILE FILE is the path to apxs; defaults to “apxs”.
-–with-pcre=PATH Path to pcre prefix or config script
-–with-apr=PATH Path to apr prefix or config script
-–with-apu=PATH Path to apu prefix or config script
-–with-libxml=PATH Path to libxml2 prefix or config script
-–with-lua=PATH Path to lua prefix or config script (optional)
-–with-curl=PATH Path to curl prefix or config script (optional)

Extra Notes :
1. Please create a directory “mkdir /usr/local/apache/conf/modsecurity/data”
and add bellow lines in modsecurity_crs_10_config.conf

  SecDataDir /usr/local/apache/conf/modsecurity/data

If this lines is missing you might see this kind of error :
[Thu Dec 10 10:10:54 2009] [error] [client xx.xx.xx.xx] ModSecurity: Unable to retrieve collection (name “ip”, key “xx.xx.xx.xx”). Use SecDataDir to define data directory first. [hostname “xx.xx.xx.xxx”] [uri “/”] [unique_id “SyC7Hn8AAAEAABLHj9gAAAAL”]

Yum repo list for Centos

December 14th, 2009

For 32 bit kernel

Repo1:

Download :
 
wget -c http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
 
Install : rpm -Uvh epel-release-5-3.noarch.rpm

Repo2:

Download :
 
wget -c  http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
 
Install :
 
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For 64bit kernel :

Repo1:

Download :
 
wget -c http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm
 
Install : rpm -Uvh epel-release-5-3.noarch.rpm

Repo2:

Download :
 
wget -c  http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
Install :
 
rpm -Uvh rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm

How to display security updates by yum

December 7th, 2009

Ref: http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/

Ref: http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/

Install Plugin

Type the following command:
# yum install yum-security

How Do I Display Available Security Updates?

Type the following command:
# yum list-security
Sample Outputs:

Loaded plugins: rhnplugin, security
RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386
RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64
list-security done

To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum --security check-update
To get a list of all BZs that are fixed for packages you have installed use:
# yum list-security bugzillas
To get the information on advisory RHSA-2009:1148-1 use:
# yum info-security RHSA-2009:1148-1
Sample Outputs:

Loaded plugins: rhnplugin, security

===============================================================================
  RHSA-2009:1148
===============================================================================
  Update ID : RHSA-2009:1148-1
    Release :
       Type : security
     Status : final
     Issued : 2009-07-08 23:00:00
       Bugs : 509125 - None
	    : 509375 - None
       CVEs : CVE-2009-1890
	    : CVE-2009-1891
Description : Important: httpd security update  \The Apache HTTP Server is a
            : popular Web server.  A denial of service flaw was
            : found in the Apache mod_proxy module when it was
            : used as a reverse proxy. A remote attacker could
            : use this flaw to force a proxy process to consume
            : large amounts of CPU time. (CVE-2009-1890)  A
            : denial of service flaw was found in the Apache
            : mod_deflate module. This module continued to
            : compress large files until compression was
            : complete, even if the network connection that
            : requested the content was closed before
            : compression completed. This would cause
            : mod_deflate to consume large amounts of CPU if
            : mod_deflate was enabled for a large file.
            : (CVE-2009-1891)  All httpd users should upgrade to
            : these updated packages, which contain backported
            : patches to correct these issues. After installing
            : the updated packages, the httpd daemon must be
            : restarted for the update to take effect.
      Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-devel-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
	    : mod_ssl-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done

Ref:http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/

To get an info list of the latest packages which contain fixes for Bugzilla 3595; CVE # CVE-2009-1890 and advisories RHSA-2009:1148-1, use:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates

How Do I Install All The Security Updates Only?

Type the following command to download and install all the available security updates:
# yum update --security

Mysql server master master active active replication

November 24th, 2009

Ref: http://www.howtoforge.com/mysql_master_master_replication

a) Create user name and password for replication on both servers by using this command

GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO noslave@’host-name’ IDENTIFIED BY ’some-pass’;

b) Configuration for Server 1 To make it primary Server for Server2

vi /etc/my.cnf

log-bin=mysql-bin
binlog-do-db=fosiul # which Database to replicate
binlog-do-db=hesk # Which Database to replicate
binlog-ignore-db=mysql # Which Database to ignore
binlog-ignore-db=test # Which Database to ignore
server-id = 1 # Primary Server id
auto_increment_increment= 2 # to solved the issue for auto indexing problem
auto_increment_offset = 1 # to solved the issue for auto indexing problem

Configuration For server2 to make as Slave for Server1

server-id = 2

master-host = IP_Of_Server1
master-user =noslave
master-password = SomeStrongPassword
master-port = 3306
auto_increment_increment= 2 # Avoid Auto Indexing problem
auto_increment_offset = 2

Now restart both Server and look for bellow report:

For Server 1 (Master Report):

mysql> show master status;
+——————+———-+————–+——————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———-+————–+——————+
| mysql-bin.000008 | 565444 | fosiul,hesk | mysql,test |
+——————+———-+————–+——————+
1 row in set (0.00 sec)

For Server2:( Slave report)

mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: IP-Of-Server1
Master_User: noslave
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000008
Read_Master_Log_Pos: 565444
Relay_Log_File: web-relay-bin.000092
Relay_Log_Pos: 153971
Relay_Master_Log_File: mysql-bin.000008
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 565444
Relay_Log_Space: 154124
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
1 row in set (0.00 sec)

ERROR:
No query specified

note :

a) Make sure Master_Log_File: mysql-bin.000008 From Slave Report matches with the Master_Log_file name with Master Reports.

b)Make sure Read_Master_Log_Pos: 565444 at Slave Report matches with Position field at Master Reports

c) Make sure Seconds_Behind_Master is always 0(Zero)

Click on the picture to view

Verify Log File

Master(Server1) Slave (Server2)

c)Configuration for server 2 as Master for Server1

#Bellow section for acting as Master for server1

log-bin=mysql-bin

binlog-do-db=fosiul # Which Database to repliacate
binlog-do-db=hesk # Which Database to replicate
binlog-ignore-db=mysql # Which Database to ignore
binlog-ignore-db=test # Which Database to ignore

#Configuration for Server1 to make as slave for Server 2

master-host = IP-Of-Server2
master-user = noslave
master-password = SomeSTrongPassowrd
master-port = 3306
log-slave-updates # To make this Master Server act as slave

d) Now Restart both mysql server and look for bellow report:

Slave Status report for Server1

mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: IP_OF_Sever2
Master_User: noslave
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 106
Relay_Log_File: mail-relay-bin.000025
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 106
Relay_Log_Space: 550
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
1 row in set (0.00 sec)

Master Report for Server2 :

mysql> show master status;
+——————+———-+————–+——————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———-+————–+——————+
| mysql-bin.000006 | 106 | fosiul,hesk | mysql,test |
+——————+———-+————–+——————+
1 row in set (0.01 sec)

Note :

a) Make sure Master_Log_File: mysql-bin.000006 From Slave Report matches with the Master_Log_file name with Master Report.

b)Make sure Read_Master_Log_Pos: 106 at Slave Report matches with Position field at Master Report.

c) Make sure Seconds_Behind_Master is always 0(Zero)

Click on the picture to view

Slave(Server1) and Master (Server2)

Slave(Server1) and Master (Server2)

How to install innotop

November 19th, 2009

a)Download innotop from http://code.google.com/p/innotop/

b)cd /tmp

c) tar -xvzf innotop-1.7.2.tar.gz

d) cd innotop-1.7.2

e) perl per Makefile.PL

f) Make install

NOte : if you see error like this :

Looks good
Warning: prerequisite DBD::mysql 1 not found.
Warning: prerequisite DBI 1.13 not found.
Warning: prerequisite Term::ReadKey 2.1 not found.
Writing Makefile for innotop

Solution :

yum install perl-DBD-MySQL

yum install perl-TermReadKey

Run innotop : perl /usr/bin/innotop –password “your password”

How to install chkrootkit/rootkit hunter

November 19th, 2009

a) Download latest rootkithunter from http://www.chkrootkit.org/download/ (latest version is chkrootkit-0.49 but its has bugs)

mv chkrootkit.tar.gz /usr/local/
cd /usr/local/
tar xvfz chkrootkit.tar.gz
ln -s chkrootkit-0.43/ chkrootkit
(replace 0.43 with the right version number)
cd chkrootkit/
make sense

You will now find the chkrootkit program under /usr/local/chkrootkit. Run it by typing

cd /usr/local/chkrootkit/ && ./chkrootkit

How to install portsentry

November 19th, 2009

Install PortsEntry

Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from sourceforge.net

wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install

If you get errors like while compiling

make linux
SYSTYPE=linux
Making
gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function ‘PortSentryModeTCP’:
./portsentry.c:1187: warning: pointer targets in passing argument 3 of ‘accept’ differ in signedness
./portsentry.c: In function ‘PortSentryModeUDP’:
./portsentry.c:1384: warning: pointer targets in passing argument 6 of ‘recvfrom’ diffe r in signedness
./portsentry.c: In function ‘Usage’:
./portsentry.c:1584: error: missing terminating ” character
./portsentry.c:1585: error: ‘sourceforget’ undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ‘)’ before ‘dot’
./portsentry.c:1585: error: stray ‘\’ in program
./portsentry.c:1585: error: missing terminating ” character
./portsentry.c:1595: error: expected ‘;’ before ‘}’ token
make: *** [linux] Error 1

To fix:

Open portsentry.c and look for the following line. There will be a extra carriage return breaking the line and you have to delete the carriage return and make single line. It should look like below.

printf (“Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n”);

Then run make and make install. That should fix it!

To launch portsentry

/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp

check the log files /var/log/secure or /var/log/messages on what portsentry is active or not.

Invalid method in request \x80O\x01\x03

November 18th, 2009

Make sure the IP of the server and the Ip in Virutal host (ssl configuraiton ) are same.

<VirtualHost xx.xx.xx.xx:443>

</VirtualHost>

How to configure nagios to work with apache source install(/usr/local/apache)

November 16th, 2009

Ref:http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

Basic nagios setup works well if you install apache server by yum. But if you install and configure Apache from source to run different directory(i.e /usr/local/apache) other then /etc/httpd/conf then then the default nagios web interface would not work because , by default nagios creates nagios.conf file in /etc/httpd/conf.d directory for fedora.

So if you have already installed apache from source then do the following:

Follow step 1 to 5 as documented in nagios website (Except htpasswd section)

(a)

I assume , you have configured your Apache to run from /usr/local/apache , and your apache configuration file is in /usr/local/apache/conf/

copy nagios.conf file from /etc/httpd/conf.d to /usr/local/apache/conf/extra

cp /etc/httpd/conf.d/nagios.conf /usr/local/apache/conf/extra/

Edit httpd.conf which located in /usr/local/apache/conf/httpd.conf and add the bellow line

Include conf/extra/nagios.conf

(b)

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account – you’ll need it later.

/usr/local/apache/bin/htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

stop the apache server by /usr/local/apache/bin/apachectl stop

start the Apache server by /usr/local/apache/bin/apachectl start

Then Follow rest of the steps .

Extra note:

if you did install apache by yum , then you might see error like bellow :

[root@web nagios-3.2.0]# make install-webconf
/usr/bin/install -c -m 644 sample-config/httpd.conf /etc/httpd/conf.d/nagios.conf
/usr/bin/install: cannot create regular file `/etc/httpd/conf.d/nagios.conf’: No such file or directory
make: *** [install-webconf] Error 1

Solution : mkdir /etc/httpd/conf.d , now run

make install-webconf

So it will install nagios.conf file in /etc/httpd/conf.d directory. Now follow form (a) to (b)

Note : I am assuming you have configured apache to install on /usr/local/apache directory

Apache performace tunning

November 16th, 2009

Ref: http://httpd.apache.org/docs/2.2/mod/prefork.html

Ref:http://www.devside.net/articles/apache-performance-tuning

Ref:http://en.wikipedia.org/wiki/Slowloris

Sample Configuration for prefork setting

<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

StartServers :

The StartServers directive sets the number of child server processes created on startup. So after restart the apache if we take a snapshot of how many process is running

[root@mail extra]# ps aux | grep -v grep | grep httpd
daemon 5384 0.0 0.7 15788 7532 ? S 17:45 0:00 /usr/local/apache/bin/httpd -k start
daemon 5385 0.0 0.7 15788 7532 ? S 17:45 0:00 /usr/local/apache/bin/httpd -k start
daemon 5386 0.0 0.7 15788 7532 ? S 17:45 0:00 /usr/local/apache/bin/httpd -k start
daemon 5387 0.0 0.7 15788 7532 ? S 17:45 0:00 /usr/local/apache/bin/httpd -k start
daemon 5388 0.0 0.7 15788 7532 ? S 17:45 0:00 /usr/local/apache/bin/httpd -k start
root 13326 0.0 0.8 15788 8596 ? Ss Nov07 0:00 /usr/local/apache/bin/httpd -k start
[root@mail extra]# ps aux | grep -v grep | grep httpd | wc -l
6

so after restart the server, its start of with 5 child process

MinSpareServer:

The MinSpareServers directive sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request.

MaxSpareServers:

The MaxSpareServers directive sets the desired maximum number of idle child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes.

Extra Note :

Here By setting MinSpareServer and MaxSpareServer, we are telling apache how many child process would be idle at a time. According to the above configuration there would be always minimum of 5 Child process would be ide .So , now if 5 child process is busy,t hen apache will create another 5 child process so it would be 5+5=10 child process, 5 is busy and 5 is idle. Now if all of them 10 child process is busy, apache will create another 5 child process,so total child process would be 5+5+5=15. apache will create child process till 150 , because Maximum client is set to 150

How to compile php for GD library

November 13th, 2009

Install necessary software by yum or from source

yum install gd gd-devel yum install zlib zlib-devel

then

a) Download the php source from here : http://www.php.net/downloads.php
b) Download the source file in to /tmp directory
c) Here I am gussing the php version is php-5.3.0.tar.gz
d) Tar –xvzf php-5.3.0.tar.gz
e) Cd php-5.3.0
f)

 ./configure --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --enable-mbstring –-with-gd –-with-zlib –-with-jpeg-dir-with-png-dir

g) make
h) make install
i) setup your php.ini : cp php.ini-dist /usr/local/lib/php.ini
j) Stop apache /usr/local/apache/bin/apachectl1 stop
k) Restart apache /usr/local/apache/bin/apachectl1 start

How to check :

create a file phpinfo.php

<?php
phpinfo();
?>

Open the file in your browser , http://localhost/phpinfo.php

and Look for 2 section , GD and ZLIB. You should see something like bellow pictures