Thursday, September 27, 2012

Sudo Full Practical Session


Introduction


Before we proceed, it would be best to cover some basic user administration topics that will be very useful in later chapters. Adding Users

One of the most important activities in administering a Linux box is the addition of users. Here you'll find some simple examples to provide a foundation for future chapters. It is not intended to be comprehensive, but is a good memory refresher. You can use the command man useradd to get the help pages on adding users with the useradd command or the man usermod to become more familiar with modifying users with the usermod command.

Wednesday, September 26, 2012

Using chkconfig to Start Daemons at Each runlevel


As stated earlier, the chkconfig command can be used to adjust which applications start at each runlevel. You can use this command with the --list switch to get a full listing of packages listed in /etc/init.d and the runlevels at which they will be on or off:

Basic's of Networking



1. Define Network?
A network is a set of devices connected by physical media links. A network is recursively is a connection of two or more nodes by a physical link or two or more networks connected by one or more nodes.

2. What is a Link?
At the lowest level, a network can consist of two or more computers directly connected by some physical medium such as coaxial cable or optical fiber. Such a physical medium is called as Link.

3. What is a node?
A network can consist of two or more computers directly connected by some physical medium such as coaxial cable or optical fiber. Such a physical medium is called as Links and the computer it connects is called as Nodes.

Friday, September 21, 2012

Linux / Unix Commands For Connecting To The Serial Console


Most embedded Linux / BSD systems such as routers, servers and nas devices comes with console interface (serial port with RS-232). BIOS can use this, and after boot BIOS screen I/O is redirected so that you can use the device. RS-232 is also used for communicating to headless server, where no monitor or keyboard is installed, during boot when operating system is not running yet and therefore no network connection is possible. You need to use a serial cable between your computer and embedded system or server. In this post I will cover five common utilities used for serial communication under Linux / Unix / *BSD and Mac OS X.

How To Check and Use Serial Ports Under Linux


How do I check and configure serial ports under Linux for various purposes such as modem, connecting null modems or connect a dumb terminal?

Linux offers various tools. Linux uses ttySx for a serial port device name. For example, COM1 (DOS/Windows name) is ttyS0, COM2 is ttyS1 and so on.

Task: Display Detected System's Serial Support

Simple run dmesg command

Tuesday, September 18, 2012

Troubleshooting Disk and Data store Related Issues  SHOOT:2


SHOOT: 2

VMFS Lock Volume is Corrupted

Details

You may observe the following events within the /var/log/vmkernel logs within your VMware ESX host:
Volume 4976b16c-bd394790-6fd8-00215aaf0626 (san-lun-100) may be damaged on disk. Corrupt lock detected at offset 0

Note: In this example 4976b16c-bd394790-6fd8-00215aaf0626 represents the UUID of the VMFS datastore and san-lun-100 represents the name of the VMFS datastore.
You may observe the following events within the /var/log/vmkernel logs within your VMware ESX host:
Resource cluster metadata corruption detected Volume 4976b16c-bd394790-6fd8-00215aaf0626 (san-lun-100) may be damaged on disk.

Troubleshooting Disk and Data store Related Issues  SHOOT:1


SHOOT: 1

Troubleshooting a VMFS resource volume that is corrupted

The event indicates the reported VMFS volume is corrupted.

Example

If 4976b16c-bd394790-6fd8-00215aaf0626 represents the UUID and san-lun-100 represents the associated volume label, you see:
For Event: vmfs.lock.corruptondisk

Wednesday, September 12, 2012

Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems


From my mail bag:
I would like to run few commands such as stop or start web server as a root user. How do I allow a normal user to run these commands as root?
You need to use the sudo command which is use to execute a command as another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers (config file that defines or list of who can run what) file. The sudo command allows users to do tasks on a Linux system as another user.

Wednesday, September 5, 2012

Shell Script To Encrypt Any Given Text File


In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter. If no files are specified, the standard input is encrypted to the standard output.

Shell Script List All Top IP Address Accessing Apache Web Server


********************************
#!/bin/bash
# Shell Script To List All Top Hitting IP Address to your webserver.
# This may be useful to catch spammers and scrappers.

# where to store final report?
DEST=/var/www/reports/ips

Basic of Shell Script


What Is a Shell?


Ø       The shell is a user program or it is an environment provided for user interaction.
Ø       It is a command language interpreter that executes commands read from the standard input device such as keyboard or from a file.
Ø       The shell gets started when you log in or open a console (terminal).
Ø       Quick and dirty way to execute utilities.
Ø       The shell is not part of system kernel, but uses the system kernel to execute programs, create files etc.
Ø       Several shells are available for Linux including:
Ø       BASH ( Bourne-Again SHell ) - Most common shell in Linux. It's Open Source.
Ø       CSH (C SHell) - The C shell's syntax and usage are very similar to the C programming language.
Ø       KSH (Korn SHell) - Created by David Korn at AT & T Bell Labs. The Korn Shell also was the base for the POSIX Shell standard specifications.
Ø       TCSH - It is an enhanced but completely compatible version of the Berkeley UNIX C shell (CSH).
Please note that each shell does the same job, but each understands different command syntax and provides different built-in functions. Under MS-DOS, the shell name is COMMAND.COM which is also used for the same purpose, but it is by far not as powerful as our Linux Shells are!

Linux log files location and how do I view logs files?


Q. I am new to Linux and I would like to know where are the log files located under Debian or Cento OS Linux server? How do I open or view log files?

Ans. Almost all logfiles are located under /var/log directory (and subdirectory). You can change to this directory using cd command but you need to be the root user. You can use less, more, cat or tail command to see the logs.

Go to /var/logs directory:

How do I rotate log files?


Q. How do I rotate log files under Linux operating system?

A. You need use tool called logrotate, which is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files.

Each log file may be handled daily, weekly, monthly, or when it grows too large. With this tool you keep logs longer with less disk space.

Default configuration file

The default configuration file is /etc/logrotate.conf:

Redhat Enterprise Linux 5 / CentOS 5 monitor and track TCP connections on the network


Q. How do I track and monitor connection for eth1 public network interface under Redhat Enterprise Linux (RHEL) 5 server?

Ans.You can use netstat command or tcptrack command. Both command can show established TCP connection and provides the ability to monitor the same.

BASIC LDAP CONFIGURATION For RHEL / Centos / Fedora


INTRO: LDAP stands for Lightweight Directory Access Protocol. It is used as centralized data (or Directory) server (not database server) for various purposes.

There is a difference between Directory server and a Database server.
In Directory server the data is read more frequently than it is written.
In Database server the data is written more frequently than it is read.

Here we shall see how LDAP is used for creating centralized users (Network users).
The Network Users can also be configured using NIS (Network Information Service).

SUPPORTIVE SERVICES:

Configuration of NFS is required at server and client end. NFS plays the backbone for LDAP as it provides the Directory throughout the network.

Without NFS configuration of LDAP does not work.

Monday, September 3, 2012

Linux: Iptables Examples For New SysAdmins Part -->3


Before see this post please read my previous post (Linux: Iptables Examples For New SysAdmins Part -->2)


#12: Log and Drop Packets

 

Type the following to log and block IP spoofing on public interface called eth1

# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix "IP_SPOOF A:

# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

Linux: Iptables Examples For New SysAdmins Part -->2


Before see this post please read my previous post (Linux: Iptables Examples For New SysAdmins Part -->1)

#3: Delete Firewall Rules

To display line number along with other information for existing rules, enter:

# iptables -L INPUT  -n --line-numbers
# iptables -L OUTPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers | less
# iptables -L OUTPUT -n --line-numbers | grep 192.0.43.10

Linux: Iptables Examples For New SysAdmins Part -->1


Linux comes with a host based firewall called Netfilter. According to the official project site:
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial thatexplains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.

Redhat / CentOS Iptables Firewall Configuration


H
ow do I configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux?
Icon reference for Firewall


Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network packet.

What is sysctl.conf in Linux


sysctl is an interface that allows you to make changes to a running Linux kernel. With /etc/sysctl.conf you can configure various Linux networking and system settings such as:
1.      Limit network-transmitted configuration for IPv4
2.      Limit network-transmitted configuration for IPv6
3.      Turn on execshield protection
4.      Prevent against the common 'syn flood attack'
5.      Turn on source IP address verification
6.      Prevents a cracker from using a spoofing attack against the IP address of the server.
7.      Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects.

sysctl command

The sysctl command is used to modify kernel parameters at runtime. /etc/sysctl.conf is a text file containing sysctl values to be read in and set by sysct at boot time. To view current values, enter:

# sysctl -a

# sysctl -A

# sysctl mib

# sysctl net.ipv4.conf.all.rp_filter

To load settings, enter:

# sysctl -p

Sample /etc/sysctl.conf

Edit /etc/sysctl.conf and update it as follows. The file is documented with comments. However, I recommend reading the official Linux kernel sysctl tuning help file (see below):
# The following is suitable for dedicated web server, mail, ftp server etc. 
# ---------------------------------------
# BOOLEAN Values:
# a) 0 (zero) - disabled / no / false
# b) Non zero - enabled / yes / true
# --------------------------------------
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
 
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
 
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
 
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
 
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
 
# Controls the use of TCP syncookies
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
 
########## IPv4 networking start ##############
# Send redirects, if router, but this is just server
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
 
# Accept packets with SRR option? No
net.ipv4.conf.all.accept_source_route = 0
 
# Accept Redirects? No, this is not router
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
 
# Log packets with impossible addresses to kernel log? yes
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
 
# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
net.ipv4.icmp_echo_ignore_broadcasts = 1
 
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1
 
# Enable source validation by reversed path, as specified in RFC1812
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
 
########## IPv6 networking start ##############
# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0
 
# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0
 
# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0
 
# Setting controls whether the system will accept Hop Limit settings from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0
 
#router advertisements can cause the system to assign a global unicast address to an interface
net.ipv6.conf.default.autoconf = 0
 
#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0
 
# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1
 
########## IPv6 networking ends ##############
 
#Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1
 
# TCP and memory optimization 
# increase TCP max buffer size setable using setsockopt()
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 87380 8388608
 
# increase Linux auto tuning TCP buffer limits
#net.core.rmem_max = 8388608
#net.core.wmem_max = 8388608
#net.core.netdev_max_backlog = 5000
#net.ipv4.tcp_window_scaling = 1
 
# increase system file descriptor limit    
fs.file-max = 65535
 
#Allow for more PIDs 
kernel.pid_max = 65536
 
#Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000

Powered by Blogger.