1.Incident management 2.Priority of the ticket 3.SLA 4.Response time 5.Resolution time 6.Follow up SLA 7.RLA 8.5 Why Questions 9.Bridge Call Participant Code Chair Person Code Toll Free Number (a)Indian Toll free Number (b)Us toll free number 10.Emual Management 11.Meeting Invitation 12.Charge Management 13.CAb Meeting 14.Lead Period of Change 15.Badout Plan. 16.What is a (I) SAN (ii) NAS (iii) DAS 17.Draw a connection diagram of SAN 18.What is WWPN Number19. what is HBA20. What is a LUN ,LUN D of LUN rescan18. Expalain Multipathing.19. Give the command to check HBA card20. Explain the followingI. Power out displayii. Power out display dev=alliii Powerout display dev=empowera21. Diff between copper cable and fiber cable22. what is a data center23. what is a RAC24. what is the height of a server25. what is RAC mountable server26. what is the rose of operating system27. what is MSLmaster server list 31 What is (CSL--->critical server list) 32.what is socks 33.How we get on site support 34.What is console access35. What is KVM36. Explain ILO37. What is PCI Slot38. which is the monitoeing tool you are used with your company39. which all alerts you will be getting usually40. How you manage escallations41 How do you manage vendor42. What is sysreport/SOS report

43. What is VM core file44. What is build process45. What is de commision process46. Expalin Patching. Incident management:

link : http :// www . itlibrary . org / index . php ? page = Incident _ Management

yum server configuration in RHEL 6

How To Install YUM Server in RHEL 6

Step By Step Configration of Yum Server1. mount /dev/cdrom /mnt2 rpm -ivh /mnt/Server/Packages/vsftpd*3. cp -rv /mnt/* /var/ftp/pub/4. rpm -ivh /mnt/Server/Packages/delta*5. rpm -ivh /mnt/Server/Packages/Pythen-delta*6. rpm -ivh /mnt/Server/Packages/createrepo*7. vi /etc/yum.repos.d/server.repo[yum-server]name= This is my RPM storebaseurl=file:///var/ftp/pub/enable=1gpgcheck=08. createrepo -v /var/ftp/pub9. rm -rf /var/ftp/pub/.olddata10. yum clean all11. yum updateNow Your Yum Server is Configured

ACCESS MECHANISM

The mechanism of positioning reading or writing heads onto the required tracks of a magnetic disk.

linux job search site

http://www.jobisjob.co.in/redhat+linux+administrator/jobs

SSH login without password

Your aimYou want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.

How to do itFirst log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:a@A:~> ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/a/.ssh/id_rsa): Created directory '/home/a/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/a/.ssh/id_rsa.Your public key has been saved in /home/a/.ssh/id_rsa.pub.The key fingerprint is:3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):a@A:~> ssh b@B mkdir -p .sshb@B's password:

Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'b@B's password:

From now on you can log into B as b from A as a without password:a@A:~> ssh b@B hostnameB

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

● Put the public key in .ssh/authorized_keys2● Change the permissions of .ssh to 700● Change the permissions of .ssh/authorized_keys2 to 640

linux commands link

http :// michaelminn . com / linux / command _ line /

HOW USE SSH AND SCP

http :// www . linuxsv . org / training / l 27_ linux _ ssh . html

Device firmware installation for wireless

# /sbin/lspci -vnn | grep 14e40c:00.0 Network controller [0280]: Broadcom Corporation BCM4312 802.11b/g [14e4:4315] (rev 01)After a bit of googling, I found the workaround to make it working.yum install b43-fwcutter b43-openfwwfmkdir ~/b43-driver; cd ~/b43-driverwget http://downloads.openwrt.org/sources/broadcom-wl-4.150.10.5.tar.bz2tar jxf broadcom-wl-4.150.10.5.tar.bz2cd broadcom-wl-4.150.10.5/driverb43-fwcutter -w /lib/firmware/ wl_apsta_mimo.omore details http :// sudhaker . com /10/ centos -6-0- on - inspiron -1525- bcm 4312

Linux System Administration and Configurationhttp :// www . yolinux . com / TUTORIALS / LinuxTutorialSysAdmin . html

DNS :

A DNS is a Domain Name Server. A domain is the name of a website, such as wiki.answers.com. Without a domain name server, you would need to know the IP address for the website. But with DNS, the name of the website is matched up automatically to the IP address.

Read more: http :// wiki . answers . com / Q / What _ is _ DNS _ in _ Linux # ixzz 1 eXnuGCxY

Configure Linux Virtual Local Area Network (VLAN)

Configure Linux Virtual Local Area Network ( VLAN )

Linux DHCP Linux ServerQ:Configure rhel6 as dhcp server for your LAN 192.168.1.0/24 using the IP Range 192.168.1.20-192.168.1.29 . Configure rhel6 (192.168.1.10) as default gateway and DNS server and reserve the IP 192.168.1.30 for node01 with MAC 00:0C:29:E9:F1:75. Configure node01 the network interface with MAC 00:0C:29:E9:F1:75 to obtain the IP via dhcp at boot, verify the booked ip 192.168.1.30 is assigned from rhel6 dhcp server. Obtain a IP from dhcp range for interface eth1.

A:Login as root on rhel6 (192.168.1.10) and install dhcp rpm.

# yum install dhcp

* Copy the dhcpd.conf.sample from /usr/share/doc on /etc/dhcpd/dhcpd.conf file.

# cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcpd/dhcpd.conf

Edit the sample config file with your LAN (192.168.1.0/24 in this case) network parameters configuration.

# cat /etc/dhcpd.conf

default-lease-time 600;max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local# network, the authoritative directive should be uncommented.#authoritative;

# Use this to send dhcp log messages to a different log file (you also# have to hack syslog.conf to complete the redirection).log-facility local7;

# No service will be given on this subnet, but declaring it helps the

# DHCP server to understand the network topology.

subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.20 192.168.1.29; option domain-name-servers 192.168.1.10; option domain-name "192.168.1.10"; option routers 192.168.1.10; option broadcast-address 192.168.1.255; default-lease-time 600; max-lease-time 7200;}

# Hosts which require special configuration options can be listed in# host statements.

host node01 { hardware ethernet 00:0C:29:E9:F1:75; fixed-address 192.168.1.30;}

* Login as root on node01 and configure eth0 to get the IP through dhcp.

* Edit /etc/sysconfig/network-script/ifcfg-eth0 file

DEVICE="eth0"HWADDR="00:0C:29:E9:F1:75"NM_CONTROLLED="no"ONBOOT="yes"BOOTPROTO="dhcp"

* Execute 'tail -f /var/log/messages &' command and restart the network service.

# tail -f /var/log/messages &# /etc/init.d/network restart

* From traces can be seen that the reserved IP 192.168.1.30 has been assigned to eth0. Also the 192.168.1.10 DNS has been configured on /etc/resolv.conf

* Obtain a IP from dhcp server to eth1 interface from 'dhclient' command.

# dhclient eth1...

The first IP available on the dhcp server IP Range, 192.168.1.20 in this case, is assigned to eth1. for more details

Linux DHCP Linux Server

20 Linux System Monitoring Tools Every SysAdmin Should Knowlink: http :// www . cyberciti . biz / tips / top - linux - monitoring - tools . html

Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

1. Finding out bottlenecks.2. Disk (storage) bottlenecks.3. CPU and memory bottlenecks.4. Network bottlenecks.

#1: top - Process Activity CommandThe top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds.

Fig.01: Linux top command

Commonly Used Hot Keys

The top command provides several useful hot keys:

Hot Key Usage

t Displays summary information off and on.

m Displays memory information off and on.

A Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system.

f Enters an interactive configuration screen for top. Helpful for setting up top for a specific task.

o Enables you to interactively select the ordering within top.

r Issues renice command.

k Issues kill command.

z Turn on or off color/mono

=> Related: How do I Find Out Linux CPU Utilization ?

#2: vmstat - System Activity, Hardware and System InformationThe command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity.# vmstat 3Sample Outputs:procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------ r b swpd free buff cache si so bi bo in cs us sy id wa st 0 0 0 2540988 522188 5130400 0 0 2 32 4 2 4 1 96 0 0 1 0 0 2540988 522188 5130400 0 0 0 720 1199 665 1 0 99 0 0 0 0 0 2540956 522188 5130400 0 0 0 0 1151 1569 4 1 95 0 0 0 0 0 2540956 522188 5130500 0 0 0 6 1117 439 1 0 99 0 0 0 0 0 2540940 522188 5130512 0 0 0 536 1189 932 1 0 98 0 0 0 0 0 2538444 522188 5130588 0 0 0 0 1187 1417 4 1 96 0 0 0 0 0 2490060 522188 5130640 0 0 0 18 1253 1123 5 1 94 0 0

Display Memory Utilization Slabinfo# vmstat -m

Get Information About Active / Inactive Memory Pages# vmstat -a=> Related: How do I find out Linux Resource utilization to detect system bottlenecks ?

#3: w - Find Out Who Is Logged on And What They Are Doingw command displays information about the users currently on the machine, and their processes.# w username# w vivekSample Outputs:17:58:47 up 5 days, 20:28, 2 users, load average: 0.36, 0.26, 0.24USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATroot pts/0 10.1.3.145 14:55 5.00s 0.04s 0.02s vim /etc/resolv.confroot pts/1 10.1.3.145 17:43 0.00s 0.03s 0.00s w

#4: uptime - Tell How Long The System Has Been RunningThe uptime command can be used to see how long the server has been running. The current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.# uptimeOutput:18:02:41 up 41 days, 23:42, 1 user, load average: 0.00, 0.00, 0.001 can be considered as optimal load value. The load can change from system to system. For a single CPU system 1 - 3 and SMP systems 6-10 load value might be acceptable.

#5: ps - Displays The Processesps command will report a snapshot of the current processes. To select all processes use the -A or -e option:# ps -ASample Outputs: PID TTY TIME CMD 1 ? 00:00:02 init 2 ? 00:00:02 migration/0 3 ? 00:00:01 ksoftirqd/0 4 ? 00:00:00 watchdog/0 5 ? 00:00:00 migration/1 6 ? 00:00:15 ksoftirqd/1......... 4881 ? 00:53:28 java 4885 tty1 00:00:00 mingetty 4886 tty2 00:00:00 mingetty 4887 tty3 00:00:00 mingetty 4888 tty4 00:00:00 mingetty 4891 tty5 00:00:00 mingetty 4892 tty6 00:00:00 mingetty 4893 ttyS1 00:00:00 agetty12853 ? 00:00:00 cifsoplockd12854 ? 00:00:00 cifsdnotifyd14231 ? 00:10:34 lighttpd14232 ? 00:00:00 php-cgi

54981 pts/0 00:00:00 vim55465 ? 00:00:00 php-cgi55546 ? 00:00:00 bind9-snmp-stat55704 pts/1 00:00:00 psps is just like top but provides more information.

Show Long Format Output# ps -AlTo turn on extra full mode (it will show command line arguments passed to process):# ps -AlF

To See Threads ( LWP and NLWP)# ps -AlFH

To See Threads After Processes# ps -AlLm

Print All Process On The Server# ps ax# ps axu

Print A Process Tree# ps -ejH# ps axjf# pstree

Print Security Information# ps -eo euser,ruser,suser,fuser,f,comm,label# ps axZ# ps -eM

See Every Process Running As User Vivek# ps -U vivek -u vivek u

Set Output In a User-Defined Format# ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm# ps -eopid,tt,user,fname,tmout,f,wchan

Display Only The Process IDs of Lighttpd# ps -C lighttpd -o pid=OR# pgrep lighttpdOR

# pgrep -u vivek php-cgi

Display The Name of PID 55977# ps -p 55977 -o comm=

Find Out The Top 10 Memory Consuming Process# ps -auxf | sort -nr -k 4 | head -10

Find Out top 10 CPU Consuming Process# ps -auxf | sort -nr -k 3 | head -10

#6: free - Memory UsageThe command free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.# freeSample Output: total used free shared buffers cachedMem: 12302896 9739664 2563232 0 523124 5154740-/+ buffers/cache: 4061800 8241096Swap: 1052248 0 1052248

#7: iostat - Average CPU Load, Disk ActivityThe command iostat report Central Processing Unit (CPU) statistics and input/output statistics for devices, partitions and network filesystems (NFS).# iostatSample Outputs:Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/2009avg-cpu: %user %nice %system %iowait %steal %idle 3.50 0.09 0.51 0.03 0.00 95.86Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtnsda 22.04 31.88 512.03 16193351 260102868sda1 0.00 0.00 0.00 2166 180sda2 22.04 31.87 512.03 16189010 260102688sda3 0.00 0.00 0.00 1615 0=> Related: : Linux Track NFS Directory / Disk I / O Stats

#8: sar - Collect and Report System ActivityThe sar command is used to collect, report, and save system activity information. To see network counter, enter:# sar -n DEV | moreTo display the network counters from the 24th:# sar -n DEV -f /var/log/sa/sa24 | more

You can also display real time usage using sar:# sar 4 5Sample Outputs:Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/200906:45:12 PM CPU %user %nice %system %iowait %steal %idle06:45:16 PM all 2.00 0.00 0.22 0.00 0.00 97.7806:45:20 PM all 2.07 0.00 0.38 0.03 0.00 97.5206:45:24 PM all 0.94 0.00 0.28 0.00 0.00 98.7806:45:28 PM all 1.56 0.00 0.22 0.00 0.00 98.2206:45:32 PM all 3.53 0.00 0.25 0.03 0.00 96.19Average: all 2.02 0.00 0.27 0.01 0.00 97.70=> Related: : How to collect Linux system utilization data into a file

#9: mpstat - Multiprocessor UsageThe mpstat command displays activities for each available processor, processor 0 being the first one. mpstat -P ALL to display average CPU utilization per processor:# mpstat -P ALLSample Output:Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/200906:48:11 PM CPU %user %nice %sys %iowait %irq %soft %steal %idle intr/s06:48:11 PM all 3.50 0.09 0.34 0.03 0.01 0.17 0.00 95.86 1218.0406:48:11 PM 0 3.44 0.08 0.31 0.02 0.00 0.12 0.00 96.04 1000.3106:48:11 PM 1 3.10 0.08 0.32 0.09 0.02 0.11 0.00 96.28 34.9306:48:11 PM 2 4.16 0.11 0.36 0.02 0.00 0.11 0.00 95.25 0.0006:48:11 PM 3 3.77 0.11 0.38 0.03 0.01 0.24 0.00 95.46 44.8006:48:11 PM 4 2.96 0.07 0.29 0.04 0.02 0.10 0.00 96.52 25.9106:48:11 PM 5 3.26 0.08 0.28 0.03 0.01 0.10 0.00 96.23 14.9806:48:11 PM 6 4.00 0.10 0.34 0.01 0.00 0.13 0.00 95.42 3.7506:48:11 PM 7 3.30 0.11 0.39 0.03 0.01 0.46 0.00 95.69 76.89=> Related: : Linux display each multiple SMP CPU processors utilization individually .

#10: pmap - Process Memory UsageThe command pmap report memory map of a process. Use this command to find out causes of memory bottlenecks.# pmap -d PIDTo display process memory information for pid # 47394, enter:# pmap -d 47394Sample Outputs:47394: /usr/bin/php-cgiAddress Kbytes Mode Offset Device Mapping0000000000400000 2584 r-x-- 0000000000000000 008:00002 php-cgi0000000000886000 140 rw--- 0000000000286000 008:00002 php-cgi00000000008a9000 52 rw--- 00000000008a9000 000:00000 [ anon ]0000000000aa8000 76 rw--- 00000000002a8000 008:00002 php-cgi000000000f678000 1980 rw--- 000000000f678000 000:00000 [ anon ]000000314a600000 112 r-x-- 0000000000000000 008:00002 ld-2.5.so000000314a81b000 4 r---- 000000000001b000 008:00002 ld-2.5.so000000314a81c000 4 rw--- 000000000001c000 008:00002 ld-2.5.so

000000314aa00000 1328 r-x-- 0000000000000000 008:00002 libc-2.5.so000000314ab4c000 2048 ----- 000000000014c000 008:00002 libc-2.5.so.............00002af8d48fd000 4 rw--- 0000000000006000 008:00002 xsl.so00002af8d490c000 40 r-x-- 0000000000000000 008:00002 libnss_files-2.5.so00002af8d4916000 2044 ----- 000000000000a000 008:00002 libnss_files-2.5.so00002af8d4b15000 4 r---- 0000000000009000 008:00002 libnss_files-2.5.so00002af8d4b16000 4 rw--- 000000000000a000 008:00002 libnss_files-2.5.so00002af8d4b17000 768000 rw-s- 0000000000000000 000:00009 zero (deleted)00007fffc95fe000 84 rw--- 00007ffffffea000 000:00000 [ stack ]ffffffffff600000 8192 ----- 0000000000000000 000:00000 [ anon ]mapped: 933712K writeable/private: 4304K shared: 768000KThe last line is very important:

● mapped: 933712K total amount of memory mapped to files● writeable/private: 4304K the amount of private address space● shared: 768000K the amount of address space this process is sharing with others

=> Related: : Linux find the memory used by a program / process using pmap command

#11 and #12: netstat and ss - Network StatisticsThe command netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. ss command is used to dump socket statistics. It allows showing information similar to netstat. See the following resources about ss and netstat commands:

● ss : Display Linux TCP / UDP Network and Socket Information ● Get Detailed Information About Particular IP address Connections Using netstat

Command

#13: iptraf - Real-time Network StatisticsThe iptraf command is interactive colorful IP LAN monitor. It is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. It can provide the following info in easy to read format:

● Network traffic statistics by TCP connection● IP traffic statistics by network interface● Network traffic statistics by protocol● Network traffic statistics by TCP/UDP port and by packet size● Network traffic statistics by Layer2 address

Fig.02: General interface statistics: IP traffic statistics by network interface

Fig.03 Network traffic statistics by TCP connection

#14: tcpdump - Detailed Network Traffic AnalysisThe tcpdump is simple command that dump traffic on a network. However, you need good understanding of TCP/IP protocol to utilize this tool. For.e.g to display traffic info about DNS, enter:# tcpdump -i eth1 'udp port 53'To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets, enter:# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'To display all FTP session to 202.54.1.5, enter:# tcpdump -i eth1 'dst 202.54.1.5 and (port 21 or 20'To display all HTTP session to 192.168.1.5:# tcpdump -ni eth0 'dst 192.168.1.5 and tcp and port http'Use wireshark to view detailed information about files, enter:# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

#15: strace - System CallsTrace system calls and signals. This is useful for debugging webserver and other server problems. See how to use to trace the process and see What it is doing.

#16: /Proc file system - Various Kernel Statistics/proc file system provides detailed information about various hardware devices and other Linux kernel information. See Linux kernel / proc documentations for further details. Common /proc examples:# cat /proc/cpuinfo# cat /proc/meminfo# cat /proc/zoneinfo# cat /proc/mounts

17#: Nagios - Server And Network MonitoringNagios is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. It can send alert when things go wrong and again when they get better. FAN is "Fully Automated Nagios". FAN goals are to provide a Nagios installation including most tools provided by the Nagios Community. FAN provides a CDRom image in the standard ISO format, making it easy to easilly install a Nagios server. Added to this, a wide bunch of tools are including to the distribution, in order to improve the user experience around Nagios.

18#: Cacti - Web-based Monitoring ToolCacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. It can provide data about network, CPU, memory, logged in users, Apache, DNS servers and much more. See how to install and configure Cacti network graphing tool under CentOS / RHEL.

#19: KDE System Guard - Real-time Systems Reporting and GraphingKSysguard is a network enabled task and system monitor application for KDE desktop. This tool can be run over ssh session. It provides lots of features such as a client/server architecture that enables monitoring of local and remote hosts. The graphical front end uses so-called sensors to retrieve the information it displays. A sensor can return simple values or more complex information like tables. For each type of information, one or more displays are provided. Displays are organized in worksheets that can be saved and loaded independently from each other. So, KSysguard is not only a simple task manager but also a very powerful tool to control large server farms.

Fig.05 KDE System Guard {Image credit: Wikipedia}See the KSysguard handbook for detailed usage.

#20: Gnome System Monitor - Real-time Systems Reporting and GraphingThe System Monitor application enables you to display basic system information and monitor system processes, usage of system resources, and file systems. You can also use System Monitor to modify the behavior of your system. Although not as powerful as the KDE System Guard, it provides the basic information which may be useful for new users:

● Displays various basic information about the computer's hardware and software.● Linux Kernel version● GNOME version

● Hardware● Installed memory● Processors and speeds● System Status● Currently available disk space● Processes● Memory and swap space● Network usage● File Systems● Lists all mounted filesystems along with basic information about each.

Fig.06 The Gnome System Monitor application

Bonus: Additional ToolsA few more tools:

● nmap - scan your server for open ports.● lsof - list open files, network connections and much more.● ntop web based tool - ntop is the best tool to see network usage in a way similar to what

top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.

● Conky - Another good monitoring tool for the X Window System. It is highly configurable and is able to monitor many system variables including the status of the CPU, memory, swap space, disk storage, temperatures, processes, network interfaces, battery power, system messages, e-mail inboxes etc.

● GKrellM - It can be used to monitor the status of CPUs, main memory, hard disks, network interfaces, local and remote mailboxes, and many other things.

● vnstat - vnStat is a console-based network traffic monitor. It keeps a log of hourly, daily and monthly network traffic for the selected interface(s).

● htop - htop is an enhanced version of top, the interactive process viewer, which can display the list of processes in a tree form.

● mtr - mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

How to configure Samba Server in RHEL 6 ? # 1 Configuring a shared directory which can be accessed by anyone.

Server Settings

[root@ora ~]# yum –y install samba*[root@ora ~]# mkdir /home/share[root@ora ~]# chmod 777 /home/share[root@ora ~]# vi /etc/samba/smb.conf

# at line 58 add the followingunix charset = UTF-8dos charset = CP932

# at line 75 change to the windows workgroup.workgroup = WORKGROUP

# at line 81 uncomment and change the ip addresses.hosts allow = 127.0.0.1 192.168.0.0/24

# at line 102 change the parameters.security = share

# add the following entries at the end.

[share]

path = /home/sharewritable = yesguest ok = yes guest only = yescreate mode = 0777directory mode = 0777share modes = yes

# restart the services

[root@ora ~]# service smb restart[root@ora ~]# service nmb restart[root@ora ~]# chkconfig smb on[root@ora ~]# chkconfig nmb on

Client Settings.

Right click on my computer > Properties > Computer Name

click on change

computer name: client01

workgroup: WORKGROUP

Press Ok

Restart the computer

After restart open My Computer > Tools > Map Network DriveChoose these name or ip address of the server and the directory Which is shared.

# 2 Samba share but with authentication.

[root@ora ~] # groupadd company[root@ora ~] # mkdir /home/company[root@ora ~] # chgrp company /home/company[root@ora ~] # chmod 770 /home/company[root@ora ~] # vi /etc/samba/smb.conf

# line 102 change the parameterSecurity = user

# add the following at the last line.

[company]path = /home/companywritable = yescreate mode = 0770directory mode = 0770share modes = yesguest ok = novalid users = @company

[root@ora ~] # service smb restart[root@ora ~] # service nmb restart[root@ora ~] # useradd –G company rhel6[root@ora ~] # smbpasswd –a rhel6New SMB password:Retype new SMB password:Added user cent

Samba server configuration steps

vim /etc/yum.repos.d/rhel.repo 951 service vsftpd restart 952 yum install samba* 953 mkdir /home/share 954 ls 955 cd /home/share/ 956 ls 957 cd 958 chmod 777 /home/share 959 vi /etc/samba/smb.conf 960 vim /etc/samba/smb.conf 961 service smb restart 962 service nmb restart 963 service nmb start 964 service nmb restart 965 chkconfig smb on 966 chkconfig nmb on 967 cd /home/share/ 968 mkdir gh 969 cd gh/ 970 touch jhdsk 971 touch jhd;lasg 972 vim lk 973 cd 974 smbclient -L //192.168.1.10 975 smbclient -L //192.168.1.10/Downloads 976 smbclient -L \\192.168.1.10\Downloads 977 smbclient -L \\192.168.1.3\Downloads 978 smbclient -L //192.168.1.3

979 smbclient -L //192.168.1.3/Downloads -U kathiresh-S 980 smbclient -L //192.168.1.3/Downloads -U kathiresh-S-PC 981 smbclient -L //192.168.1.4/Downloads 982 smbclient -L //192.168.1.3/Downloads -U kathiresh-S 983 smbclient -L //192.168.1.4/Downloads -U kathiresh-S 984 ssh 192.168.1.4 985 cd 986 yum install samba-client 987 rpm -q samba-client 988 ping 192.168.1.4 989 smbclient -L //192.168.1.4/Downloads -U kathiresh-S 990 /etc/init.d/vsftpd status 991 testparm 992 vim /etc/samba/ 993 vim /etc/samba/smb.conf 994 showmount -e 995 showmount -e 192.168.1.4

Linux command to gathers up information about a Linux systemby LinuxTitli on December 15, 2005 · 30 comments

If you are developing an application for Linux desktop and would like to automatically find out more information about system, use the following commands in shell scripts to gather information about system. Recently I was involved in project where I need to collect information about running GUI, browser and other information such as disk space, running kernel etc.

Find out KDE Desktop version:konqueror --version

Find out Gnome Desktop version:gnome-panel --version

Find out Mozilla browser version:

mozilla --version

Find out Firefox browser version:firefox --version

Find out current Language:set | egrep '^(LANG|LC_)'

Find out disk space usage:df -h

Find/Estimate file space usage:du -h

Find out version of Linux glibc:ls -l /lib/libc-*.so /lib/libc.so*

Find out user limits:ulimit -a

Find out installed device drivers (modules)lsmod

Find out information about an X server:xdpyinfoIt can find out:

● Name of display:● Version number● Vendor name (such as The XFree86 Project)● Vendor release number● And XFree86 version number

Find out information about Linux CPUcat /proc/cpuinfo

Find out information about Linux Memorycat /proc/meminfo

ORfree -mORfree -g

Find out user shell name:ps -p $$ | tail -1 | awk '{ print $4 }'Dump Linux kernel variables/sbin/sysctl -a

Find out running Linux kernel version:uname -mrsuname -acat /proc/version

Dump or display memory information and swap information:free -m

Network card and IP address information:ifconfig -aifconfig -a|less

Debian / Ubuntu Linux network configuration file (all interface eth0,eth1,...ethN)more /etc/network/interfaces

Redhat / CentOS / Fedora Linux network configuration file (eth0)more /etc/sysconfig/network-scripts/ifcfg-eth0Note replace eth1 for 2nd network card and so on.

Display routing informationroute -nroute

Display list of all open portsnetstat -tulpn

View login related logstail -f /var/log/securevi /var/log/securegrep 'something' /var/log/secure

View mail server related logstail -f /var/log/maillogvi /var/log/mailloggrep 'something' /var/log/maillog

Find how long the system has been runningunamew

Show who is logged on and what they are doingwwho

Display list of taskstop

Display all running processps auxps aux | grep process-name

Display list of all installed software on Redhat / CentOS / Fedorarpm -qarpm -qa | grep 'software-name'rpm -qa | less

Display list of all installed software on Debian / Ubuntudpkg --listOnce information collected it can be easily send as an email to help desk. You can use all above command to gathers information about a remote Linux system over secure ssh session (see related functions that gathers up information about a Linux and FreeBSD system). Best part is all above commands runs in non privileged mode.

Q :how to see list of users

ANS: cat /etc/passwd | grep /home/ | cut -d: -f1

monitoring tools

http :// library . nagios . com / library / products / nagiosxi / downloads / main

http :// library . nagios . com / library / products / nagiosxi / downloads / main

Linux chmod permission tips

This is an excerpt from "Easy Linux Commands " by Linux guru Jon Emmons. You can purchase it for only $19.95 (30%-off) at this link .

The read, write and execute permissions apply slightly differently to directories than they do to files. The read permission on a directory controls the ability to list the contents of that directory. In this example we’ll create a directory and place a blank file in it. We’ll then

modify the permissions on the directory so the owner cannot see the contents.$ mkdir secret_dir$ touch secret_dir/my_secret.txt$ ls secret_dir/my_secret.txt$ chmod u-r secret_dir/$ ls secret_dir/ls: secret_dir/: Permission denied$ cd secret_dir/$ lsls: .: Permission denied$ cd ../

We see that we get a Permission denied error when trying to view the contents of the directory when the read permission has been revoked. Despite not being able to see what is in the directory we can still change our working directory to that directory.

The write permission on a directory behaves somewhat as expected. If a user has write on a directory they can create or remove files from that directory even if they are not the owner of the files. This is important to note as giving a user, group or other users write on

a directory with other user’s files in it will allow them to delete other users files.

Now we’ll give read permissions back to the owner and revoke the execute permission:

$ chmod u+r secret_dir/$ chmod u-x secret_dir/$ ls secret_dir/my_secret.txt$ cd secret_dir/-bash: cd: secret_dir/: Permission denied

We can now view the contents of the directory again but look at what happened when we tried to cd into it! Not having the execute permission on a directory will prevent you from changing into that directory even though you can view the contents. It is understandable how this can cause some confusion.

Chmod and sticky bits

There are a few special permission mode settings that are worthy of noting. Note that the Set UID and Set GID permissions are disabled in some operating systems for security reasons.

Mode Description

Sticky bit

Used for shared directories to prevent users from renaming or deleting each others’ files. The only users

who can rename or delete files in directories with the sticky bit set are the file owner, the directory

owner, or the super-user (root). The sticky bit is represented by the letter t in the last position of the other permissions display.

SUID Set user ID, used on executable files to allow the executable to be run as the file owner of the executable

rather than as the user logged into the system.

SUID can also be used on a directory to change the ownership of files created in or moved to that directory to be owned by the directory owner rather than the user

who created it.

SGID Set group ID, used on executable files to allow the file to be run as if logged into the group (like SUID

but uses file group permissions).SGID can also be used on a directory

so that every file created in that directory will have the directory group owner rather than the group owner of the user creating

the file.

The following example displays the SUID permission mode that is set on the passwd command, indicated by the letter s in the last position of the user permission display. Users would like to be able to change their own passwords instead of having to ask the System Administrator to do it for them. Since changing a password involves updating the /etc/passwd file which is owned by root and protected from modification by any other user, the passwd command must be executed as the root user.

The which command will be used to find the full path name for the passwd command, then the attributes of the passwd command will be listed, showing the SUID permission(s).

$ which passwd/usr/bin/passwd$ ls -l /usr/bin/passwd-r-s–x–x 1 root root 17700 Jun 25 2004 /usr/bin/passwd

Here we see not only that the SUID permissions are set up on the passwd command but also that the command is owned by the root user. These two factors tell us that the passwd command will run with the permissions of root regardless of who executes it.

These special modes can be very helpful on multi-user systems. To set or unset the sticky bit use the the t option with the chmod command. When setting the sticky bit we do not have to specify if it is for user, group or other. In the following example we will make a directory called public which anyone can write to but we’ll use the sticky bit to make sure only the file owners can remove their own files.

$ mkdir public$ chmod 777 public$ chmod +t public

$ ls -ltotal 4drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

We see that the last character of the permissions string has a t indicating the sticky bit has been set. We could also prefix the number 1 to the chmod command using the number to achieve the same results. The following chmod command will accomplish the same thing as the two chmod commands in the last example:

$ chmod 1777 public$ ls -ltotal 4drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public

Now let’s say we instead want to make a directory which other users can copy files but which we want the files to instantly become owned by our username and group. This is where the SUID and SGID options come in.

$ mkdir drop_box$ chmod 777 drop_box$ chmod u+s,g+s drop_box$ ls -ltotal 4drwsrwsrwx 2 tclark authors 4096 Sep 14 10:55 drop_box

Now anyone can move files to this directory but upon creation in drop_box they will become owned by tclark and the group authors. This example also illustrates how you can change multiple levels of permissions with a single command by separating them with a comma. Just like with the other permissions this could have been simplified into one command using the SUID and SGID numeric values (4 and 2 respectively.) Since we are changing both in this case we use 6 as the first value for the chmod command.

$ chmod 6777 drop_box/$ ls -ltotal 4drwsrwsrwx 2 oracle users 4096 Sep 14 10:55 drop_box

Linux TroubleshootingLinux is legendary for its stability - once set up correctly, a Linux box, left to its own devices, will run trouble-free for a very long time. Most problems arise soon after installation or major configuration changes, and are the result of misconfiguration, typographical errors or the occasional hardware failure.However, from time to time accidents do happen, even in the best-regulated environments . . .

A Linux Troubleshooting Toolkit

The best way to minimise the impact of those unforeseeable events is to prepate for them, by assembling the recovery tools in advanceTom's Root Boot DiskAn essential part of every Linux professional's bag of tricks, this tiny (by today's standards) package unpacks to create a 1.722 MB floppy disk that is a complete Linux distribution with a selection of recovery tools - until you see how it's done you'll find it hard to believe a single floppy can contain so much!An alternative version comes in El Torito (bootable CD-ROM) format . You can download tomsrtbt from http :// www . toms . net / rb / KnoppixThis is a popular Linux distribution, based on Debian, which boots and runs entirely from CD-ROM. While it is popular for demonstrations, or for letting interested users get a taste of Linux without having to install a distribution on the hard drive, it is also incredibly useful as a system repair tool. You can download Knoppix from http :// www . knopper . net / knoppix / index - en . html (read the notes on software patents, then click on the KNOPPIX link - it's still there).mkbootdiskMost Linux distributions have a command to build a bootable floppy disk which can be used to repair a system. Red Hat Linux, for example, has the mkbootdisk command. In order to use this, you only need to know the desired kernel version to write to floppy, and you can find the current kernel version with the uname -r command:mkbootdisk 2.4.20-8

ormkbootdisk `uname -r`

In general, mkbootdisk and similar utilities will read various configuration files, such as /etc/fstab and /boot/grub/grub.conf, in order to work out the root filesystem, any required kernel command-line arguments and the drivers which will need to be loaded from the generated ramdisk image. One useful but not widely-known option for mkbootdisk is the --iso option, which makes a bootable CD-ROM image. This can then be updated with additional utilities, etc. if required.Other Boot DisksMost Linux distributions allow you to boot from the first installation CD in a system repair or 'rescue' mode. For Red Hat, for example, using the first CD-ROM to boot with the command 'linux rescue' will boot the system and then attempt a number of basic repairs automatically. The repair script will attempt to identify all the Linux partitions on your hard drives and mount them in the correct location. At the end of this process, you should wind up with the system completely assembled and mounted under /mnt/sysimage.Red Hat Linux Professional boxed sets of recent vintage also include a rather neat credit-card-sized rescue CD, and similar CD's are sometimes available from Linux-related company stands at trade shows.

Problems:Can't Boot?Watch the system closely as it boots, and take note of any error messages that appear. If the system complains that it is unable to mount the root filesystem, for example, this can be for any of several reasons:

● The BIOS cannot find the boot loader. This sometimes happens after you've installed Linux to dual-boot with Windows, but - out of concern to not misconfigure the system - have asked the install program to place the boot loader in the Linux root (or /boot) filesystem. The problem is that the BIOS can't see it there, unless you make that the active partition. The simplest fix is to reinstall Linux and this time, let it place the LILO or

GRUB boot loader into the Master Boot Record - don't worry, the Linux boot loaders are automatically set up to let you choose Linux or Windows at boot time. It is possible to perform a more complex fix, for example by copying the Linux boot loader sector into a file, and setting up the Windows NT/2K/XP boot loader to chain to it - but that is too complex to describe here (see http :// www . lesbell . com . au / Home . nsf / web / Using + the + NT + Boot + Loader + to + Boot + Linux ? OpenDocument where you'll find a longer article describing how to use the NT boot loader to boot Linux).

● The kernel doesn't have a device driver to access the hard drive (e.g. a SCSI drive). Fix this by using the mkinitrd script to build a new initrd file that contains the correct drivers, or recompile the kernel to include the driver code. This usually happens because you've built a new kernel and slightly messed up the configuration.

● The kernel doesn't have a filesystem driver to access the root partition. For example, if the root filesystem is formatted with ext3, then you will need the ext3 and jbd modules in the initrd or compiled into the kernel. Fix as for the previous problem. Again, this usually happens after building a new kernel.

● The partition table has been modified, for example, by the installation of another operating system. In this case, edit the kernel command line (in /ec/lilo.conf or /boot/grub/menu.lst) and the contents of /etc/fstab to contain the correct entries.

● Filesystems are corrupted, due to a power failure or system crash. Generally, after a system crash or power outage (what? No UPS?), the system will come up and repair itself. If you are using a journalling filesystem like ext3fs, jfs, xfs or resiserfs, it will usually perform a roll-forward recovery from its journal file and carry on. Even with the older ext2fs, the system usually runs an fsck (file system check) on the various file systems and repairs them automatically. However, just occasionally manual intervention is required - ; you might have to answer 'Y' to a string of questions (answering 'N' will get you nowhere unless you intend to perform really low-level repairs yourself in a last-ditch attempt to avoid data loss). In the worst case, you might have to reboot from rescue media and manuall run the e2fsck (or similar) command against each filesystem in turn. For example:

● e2fsck -p /dev/hda7●● If the program complains that the superblock - the master block that links to everything

else - is corrupted, it is useful to remember that the superblock is so critical that it is duplicated every 8192 blocks through the filesystem and you can tell e2fsck to use one of the backups:

● e2fsck -b 8193 /dev/hda7● One or more filesystems cannot be found and mounted: Check the contents of /etc/fstab

- in making quick alterations here, typographical errors are common. You can use the e2label command to view the label of each filesystem: some distributions set these to the mount point so you can figure out what is what.

In each case, you will need to boot from some kind of rescue media, then work at the command line to repair the damage. If you boot from tomsrtbt or Knoppix, you will have editors and other utilities available. If you boot from the Red Hat installation CD in rescue mode, you will need to change the root directory so that the various system directories and filesystems are in the correct locations:chroot /mnt/sysimage

See the box "The chroot Command" for details of why and how this works.Forgot root password

If you have - really have - forgotten the root password for your system, it is still possible, in many cases, to log in and fix this. On some distributions, you can boot in single-user maintenance mode (runlevel 1) by appending a '1' or 'single' on the end of the normal kernel boot command line. With the LILO boot loader, for example, you can typelinux 1

to boot this way. With GRUB, it's a little more complex: you have to choose the boot menu item you want to use, then press 'e' to edit it, move to the kernel command line and press 'e' to edit it, append the '1' at the end of the line, press Enter to terminate editing and then press 'b' to boot it.However, some distributions will still request the root password in runlevel 1. For those, you should append the option 'init=/bin/bash' to the kernel command line, e.g.linux init=/bin/bash

Now, instead of running the init process to kick off all the startup scripts, the kernel will simply run a bash shell. Since the startup scripts have not run, you may have to mount other filesystems manually, and you will certainly have to remount the root filesystem read-write with the command:mount -o remount,rw /

Now, you can set about removing the root password. To do this, simply edit the /etc/shadow file and remove the encrypted password field from the file - it's usually the second field of the first line. You can now reboot, log in as root and use the passwd command to reset the password.

Security Warning!Now that everyone knows this tip, you should take care to set a LILO or GRUB password to stop an attacker from editing the boot command line and breaking into your system this way. Of course, an attacker could also remove the root password by booting from floppy or CD, so you should set the system to boot from hard drive first, and then password-protect the BIOS settings, too!Can't Eject CD-ROM?You can normally eject a CD using the eject command (and you can close the drive again later with eject -t). But what if you get a message:eject: unable to eject, last error: Invalid argument

The problem here is that something is accessing the CD-ROM drive - but what? You can use the fuser command to find out:fuser /dev/cdrom

will show processes that have an open file or are otherwise accessing the CD-ROM drive. The commandfuser -uik /dev/cdrom

will show you the process ID and user that "owns" the drive, and will interactively allow you to kill the process.No soundSound configuration is fairly tricky unless you know exactly what type of sound hardware you have - the chipset, not the brand of card. The simplest solution is to use the distribution's own sound configuration command - for Red Hat, this is redhat-config-soundcard or sndconfig (for the older versions).X resolution too low or too high

Try using the left Ctrl and Alt keys with the + and - keys on the numeric pad to cycle through the various resolutions available on your system. You can also manually edit the XF86Config file (look in /etc/X11/ or nearby for this, depending on your distribution), then find the relevant Modes line, and comment out inappropriate modesFor example, if my monitor couldn't cope with 1400 x 1050 resolution, I would remove that entry from the Modes line in my XF86Config file:Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "Monitor0" DefaultDepth 24 SubSection "Display" Depth 24 Modes "1400x1050" "1280x1024" "1280x960" "1024x768" "800x600" "640x480" EndSubSectionEndSection

Sometimes, increasing the DefaultDepth entry will reduce the maximum resolution to something that your monitor can cope with.Find the Right Driver ModuleYou can make the system attempt to load every device driver module of any given type in turn by using the commandmodprobe -t type \*

where type is the name of a directory under /lib/modules/kernelver/kernel. For example:modprobe -t net \*

will attempt to load most network drivers, one after another.

Trouble-shooting techniquesUse pairs of similarly-configured systemsQuick things to check:Is a filesystem full? This can show up in lots of different ways: being unable to save files, print jobs not spooling correctly (especially on Samba print/file servers), and so on. Use the df command to see available space:[root@freya home]# df -HFilesystem Size Used Avail Use% Mounted on/dev/Volume00/LogVol00 520MB 254MB 240MB 52% //dev/hda3 128MB 2 1MB 101MB 17% /boot/dev/Volume00/LogVol03 2.2GB 134MB 1.9GB 7% /home/dev/Volume00/LogVol05 520MB 8.5MB 485MB 2% /optnone 264MB 0 264MB 0% /dev/shm/dev/Volume00/LogVol02 1.1GB 36MB 969MB 4% /tmp/dev/Volume00/LogVol01 4.3GB 3.0GB 1.1GB 75% /usr/dev/Volume00/LogVol06 1.1GB 101MB 903MB 11% /usr/local/dev/Volume00/LogVol04 3.2GB 2.3GB 756MB 75% /var/dev/hda1 16GB 13GB 2.8GB 83% /mnt/winc

Remember that a filesystem can fill up either because almost all of its data blocks are used up (some are reserved for the root user, just to get out of trouble) or because all its i-nodes (there is one of these per file) are used up.If you need to make space by deleting some large files, use the command 'ls -lS' to get a directory listing that is sorted by file size. To scan an entire filesystem (e.g. /home or /var) for the largest files, use the command:du | sort -n

The largest files will be at the end of the listing.Adding New DrivesSometimes the growth of a filesystem - particularly /home - means that it is necessary to find it a new home; in other words, add another physical disk and relocate the filesystem to its new home where there is room to grow.Here is the procedure for adding another drive, with a single partition which will become the new /home filesystem (I'm assuming fdisk has already been used to partition it):As root:# mkdir /mnt/newhome# mkfs -t ext2 /dev/hdb1# mount /dev/hdb1 /mnt/newhome# (cd /home && tar cf - .) | (cd /mnt/newhome && tar xpf -)

then# cd /# mv /home /home.old# mkdir /home# umount /mnt/newhome# mount /dev/hdb1 /home

Once the new /home directory tree has been checked out, you can then safely# cd /home.old# rm -rf *# cd ..# rmdir /home.old# rmdir /mnt/newhome

to clean up.Network ProblemsUse the ifconfig command to check whether an interface has been configured and is up. For example:Long delays while starting daemons at boot timeIf the system seems to stop for 30 seconds or more while starting - particularly when starting network deamons like sendmail or NFS - then the problem is likely to be either DNS misconfiguration, a DNS outage, or no network connection at all. Check that /etc/resolv.conf contains the correct DNS addresses, check that /etc/hosts contains the correct IP address and names for this machine, and then check that the network interface is up.

Troubleshooting Techniques and SkillsThe first rule is: Use the log files - they are the primary source of debugging information and clues. You can examine the main log file with the command:tail /var/log/messages

and you can watch it continuously by running the command:tail -f /var/log/messages

in a window while you work. For security and login-related problems, check the file /var/log/secure. There are other log files and directories that relate to different subsystems in /var/log, and you should never overlook them.If trying to resolve boot-time problems, use the command:dmesg | less

to review the kernel ring buffer.The next rule is to compare similarly-configured systems, if you have them. Often, you can see obvious differences in the configuration files between a working system and the broken system.Next: if you are stumped, talk the problem over with a colleague or friend. They don't have to know the perfect solution - often, their suggestions can trigger a new line of thinking or remind you of something you have overlooked.If you don't have someone you can talk to, then use online resources. Get to know how to perform searches at http :// www . google . com / linux , and how to search the comp.os.linux and similar newsgroups at http :// groups . google . com . On many occasions, I've turned up answers online after exhausting my own ideas.

Problem Avoidance TechniquesKeep a system change log. Whenever you make changes to the system, write them into the log. In general, if you never make changes to a system, it will just keep running - so that if the system breaks, the problem is usually related to recent changes.Before making changes to critical system configuration files, make a backup copy which you can restore if everything goes pear-shaped. For example:cp /etc/fstab /etc/fstab.goodvi /etc/fstab

There is no substitute for learning as much as possible about how the system works, and the role of the various configuration files in /etc, the daemon start/stop scripts in /etc/rc.d/init.d, how the init process works, and so on.And, of course, the most importand System Administration Rule of all: Never make changes after three p.m. on a Friday!

The chroot CommandThe chroot command is extremely useful for both system security and for system repair. Its basic syntax is:chroot new-root-dir [command ...]

and its purpose is to run the specified command with the root directory changed to new-root-dir. If no command is specified, the default behaiour is to run an interactive shell (usually a bash shell). For example, the command:chroot /var/ftp

will run a command shell in /var/ftp. However, note that the behaviour is to change the root directory first, and then try to invoke the command or shell, so that there had better be a file /var/ftp/bin/bash (which there would be, on many systems). In addition, the command will usually need to be statically linked, as otherwise it would attempt to load libraries from /lib, which is now /var/ftp/lib.The chroot command is often used to start network daemons on servers - this is so that if an attacker manages to compromise the daemon, perhaps through a buffer overflow, he is unable

to navigate around the entire system directory tree, but is instead constrained within a 'chroot jail'.A major use of the chroot command is to change the root directory of the system after booting from a repair floppy or CD. For example, if you boot a Red Hat installation CD with the command 'linux rescue', the root file system is actually a RAM disk, and the root filesystem on your hard drive is mounted as /mnt/sysimage. Commands you give will load programs from /bin and /sbin on the RAM disk, which is obviously limited. To get access to those directories on the hard drive, you will need to change your root directory with the commandchroot /mnt/sysimage

Running Teamviewer 6 as root

he new Teamviewer file is in /opt/teamviewer/teamviewer/6/bin/

So just type in your shell

"vi /opt/teamviewer/teamviewer/6/bin/wrapper"then"/root" press Enter till you find this little piece of code

function validate_user(){local userid=$(id -u)

if [ $userid = 0 ] ; thendie "TeamViewer must not be executed as root!"fi}

Change the userid to 1 and you are ready to go.

How to setup Linux OS as router

There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).Assuming eth0=WAN and eth1=LANThis step by step small howto will help you to setup Linux router only in 2 minutes.Configuration Step1) Enable packet forwarding2) Setup Network Address Translation using IPTABLES MASQUERADE targetsStep#1: Turn on IP forwarding in kernelOpen linux kernel configuration file (you must be a root user or use su – command to become a root user):# vi /etc/sysctl.confAdd/modify following line:net.ipv4.ip_forward = 1Step#2: Restart network# service network restartStep#3: Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE# iptables --append FORWARD --in-interface eth1 -j ACCEPTStep#4: Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)Step#5: Put code described in Step#3 to script and call it from /etc/rc.local file.

Linux box as routerHi,

1) Please configure the Fast Ethernet first like under given;

a) Assign Public IP address to the Fast Ethernet Card with the followings;

i) Eth0

ii) IP Address (61.5.156.1) change with your public IP address

iii) Net Mask (Provided by the Internet service provider) (255.255.255.24 change with your net mask

iv) Default Gateway (61.5.156.146) change with your Default Gateway

v) Preferred DNS (203.143.22.22) change with your preferred DNS

vi) Alt. DNS (203.153.240.10) Change with your alt. DNS

b) Create a virtual IP address on this Fast Ethernet Card

i) Copy and paste the configuration file of the eth0 with a new name eth0:0

c) Assign a private IP Address like you have assigned the other computers in your local area network

i) Eth0:0

ii) IP Address (192.168.1.10)

iii) Net mask (255.255.255.0)

iv) Default Gateway (leave this blank)

2) Creating forwarding rules with iptables:

# Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.

3) iptables –flush – Flush all the rules in filter and nat tables

4) iptables –table nat –flush

5) iptables –delete-chain

# Delete all chains that are not in default filter and nat table

6) iptables –table nat –delete-chain

# Set up IP FORWARDing and Masquerading

7) iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

8 ) iptables –append FORWARD –in-interface eth0 -j ACCEPT

9) echo 1 > /proc/sys/net/ipv4/ip_forward

# Enables packet forwarding by kernel

10) Create a route for internal packets:

11) route add -net 192.168.1.0 netmask 255.255.255.0 gw 61.5.156.146 dev eth0

# Change 61.5.156.146 with your Gateway IP Address

Configuring PCs on the office network:

All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer. 192.168.1.10 change with your own gateway

The DNS should be set to that of the ISP on the internet.

Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post.

Configure the firewall to control the security.

First flush everything and then allow limited ports and IP Addresses

12) iptables -F

13) iptables -A INPUT -i lo -p all -j ACCEPT – Allow self access by loopback interface

14) iptables -A OUTPUT -o lo -p all -j ACCEPT

15) iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT – Accept established connections

16) iptables -A INPUT -p tcp –tcp-option ! 2 -j REJECT –reject-with tcp-reset

17) iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT – Open ftp port

1 iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT

19) iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT – Open secure shell port

20) iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT

21) iptables -A INPUT -p tcp -i eth0 –dport 80 -j ACCEPT – Open HTTP port

22) iptables -A INPUT -p udp -i eth0 –dport 80 -j ACCEPT

23) iptables -A INPUT -p tcp –syn -s 192.168.10.0/24 –destination-port 139 -j ACCEPT – Accept local network Samba connection

24) iptables -A INPUT -p tcp –syn -s trancas –destination-port 139 -j ACCEPT

25) iptables -P INPUT DROP – Drop all other connection attempts. Only connections defined above are allowed.

26) alter the Linux kernel config file : /etc/sysctl.conf

Set the following value:

27) net.ipv4.ip_forward = 1

Linux: 20 Iptables Examples For New SysAdminsby Vivek Gite on December 13, 2011 · 23 comments

Linux comes with a host based firewall called Netfilter. According to the official project site:netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host - based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.

IPTABLES Rules Example● Most of the actions listed in this post are written with the assumption that they will be

executed by the root user running the bash or any other modern shell. Do not type commands on remote system as it will disconnect your access.

● For demonstration purpose I've used RHEL 6.x, but the following command should work with any modern Linux distro.

● This is NOT a tutorial on how to set iptables. See tutorial here . It is a quick cheat sheet to common iptables commands.

#1: Displaying the Status of Your FirewallType the following command as root:# iptables -L -n -vSample outputs:Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Above output indicates that the firewall is not active. The following sample shows an active firewall:# iptables -L -n -vSample outputs:Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 394 43586 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 93 17292 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 1 142 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0 0 0 wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 425 packets, 113K bytes) pkts bytes target prot opt in out source destinationChain wanin (1 references) pkts bytes target prot opt in out source destinationChain wanout (1 references) pkts bytes target prot opt in out source destination

Where,● -L : List rules.● -v : Display detailed information. This option makes the list command show the interface

name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.

● -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.

#1.1: To inspect firewall with line numbers, enter:# iptables -n -L -v --line-numbersSample outputs:Chain INPUT (policy DROP)num target prot opt source destination1 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/04 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy DROP)num target prot opt source destination1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/02 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID3 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED5 wanin all -- 0.0.0.0/0 0.0.0.0/06 wanout all -- 0.0.0.0/0 0.0.0.0/07 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT)num target prot opt source destinationChain wanin (1 references)num target prot opt source destinationChain wanout (1 references)num target prot opt source destination

You can use line numbers to delete or insert new rules into the firewall.

#1.2: To display INPUT or OUTPUT chain rules, enter:# iptables -L INPUT -n -v# iptables -L OUTPUT -n -v --line-numbers

#2: Stop / Start / Restart the FirewallIf you are using CentOS / RHEL / Fedora Linux, enter:# service iptables stop# service iptables start# service iptables restartYou can use the iptables command itself to stop the firewall and delete all rules:# iptables -F# iptables -X# iptables -t nat -F# iptables -t nat -X# iptables -t mangle -F# iptables -t mangle -X# iptables -P INPUT ACCEPT# iptables -P OUTPUT ACCEPT# iptables -P FORWARD ACCEPTWhere,

● -F : Deleting (flushing) all the rules.● -X : Delete chain.● -t table_name : Select table (called nat or mangle) and delete/flush rules.● -P : Set the default policy (such as DROP, REJECT, or ACCEPT).

#3: Delete Firewall RulesTo display line number along with other information for existing rules, enter:# iptables -L INPUT -n --line-numbers# iptables -L OUTPUT -n --line-numbers# iptables -L OUTPUT -n --line-numbers | less# iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1You will get the list of IP. Look at the number on the left, then use number to delete it. For example delete line number 4, enter:# iptables -D INPUT 4OR find source IP 202.54.1.1 and delete from rule:# iptables -D INPUT -s 202.54.1.1 -j DROPWhere,

● -D : Delete one or more rules from the selected chain

#4: Insert Firewall RulesTo insert one or more rules in the selected chain as the given rule number use the following syntax. First find out line numbers, enter:# iptables -L INPUT -n --line-numbersSample outputs:Chain INPUT (policy DROP)num target prot opt source destination1 DROP all -- 202.54.1.1 0.0.0.0/02 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHEDTo insert rule between 1 and 2, enter:# iptables -I INPUT 2 -s 202.54.1.2 -j DROPTo view updated rules, enter:# iptables -L INPUT -n --line-numbersSample outputs:Chain INPUT (policy DROP)num target prot opt source destination1 DROP all -- 202.54.1.1 0.0.0.0/02 DROP all -- 202.54.1.2 0.0.0.0/03 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED

#5: Save Firewall RulesTo save firewall rules under CentOS / RHEL / Fedora Linux, enter:# service iptables saveIn this example, drop an IP and save firewall rules:# iptables -A INPUT -s 202.5.4.1 -j DROP# service iptables saveFor all other distros use the iptables-save command:# iptables-save > /root/my.active.firewall.rules

# cat /root/my.active.firewall.rules

#6: Restore Firewall RulesTo restore firewall rules form a file called /root/my.active.firewall.rules, enter:# iptables-restore < /root/my.active.firewall.rulesTo restore firewall rules under CentOS / RHEL / Fedora Linux, enter:# service iptables restart

#7: Set the Default Firewall PoliciesTo drop all traffic:# iptables -P INPUT DROP# iptables -P OUTPUT DROP# iptables -P FORWARD DROP# iptables -L -v -n#### you will not able to connect anywhere as all traffic is dropped #### ping cyberciti.biz# wget http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-rc5.tar.bz2

#7.1: Only Block Incoming TrafficTo drop all incoming / forwarded packets, but allow outgoing traffic, enter:# iptables -P INPUT DROP# iptables -P FORWARD DROP# iptables -P OUTPUT ACCEPT# iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT# iptables -L -v -n### *** now ping and wget should work *** #### ping cyberciti.biz# wget http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-rc5.tar.bz2

#8:Drop Private Network Address On Public InterfaceIP spoofing is nothing but to stop the following IPv4 address ranges for private networks on your public interfaces. Packets with non-routable source addresses should be rejected using the following syntax:# iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

#8.1: IPv4 Address Ranges For Private Networks (make sure you block them on public interface)

● 10.0.0.0/8 -j (A)● 172.16.0.0/12 (B)● 192.168.0.0/16 (C)● 224.0.0.0/4 (MULTICAST D)● 240.0.0.0/5 (E)● 127.0.0.0/8 (LOOPBACK)

#9: Blocking an IP Address (BLOCK IP)To block an attackers ip address called 1.2.3.4, enter:# iptables -A INPUT -s 1.2.3.4 -j DROP# iptables -A INPUT -s 192.168.0.0/24 -j DROP

#10: Block Incoming Port Requests (BLOCK PORT)To block all service requests on port 80, enter:# iptables -A INPUT -p tcp --dport 80 -j DROP# iptables -A INPUT -i eth1 -p tcp --dport 80 -j DROPTo block port 80 only for an ip address 1.2.3.4, enter:# iptables -A INPUT -p tcp -s 1.2.3.4 --dport 80 -j DROP# iptables -A INPUT -i eth1 -p tcp -s 192.168.1.0/24 --dport 80 -j DROP

#11: Block Outgoing IP AddressTo block outgoing traffic to a particular host or domain such as cyberciti.biz, enter:# host -t a cyberciti.bizSample outputs:cyberciti.biz has address 75.126.153.206Note down its ip address and type the following to block all outgoing traffic to 75.126.153.206:# iptables -A OUTPUT -d 75.126.153.206 -j DROPYou can use a subnet as follows:# iptables -A OUTPUT -d 192.168.1.0/24 -j DROP# iptables -A OUTPUT -o eth1 -d 192.168.1.0/24 -j DROP

#11.1: Example - Block Facebook.com DomainFirst, find out all ip address of facebook.com, enter:# host -t a www.facebook.comSample outputs:www.facebook.com has address 69.171.228.40Find CIDR for 69.171.228.40, enter:# whois 69.171.228.40 | grep CIDRSample outputs:CIDR: 69.171.224.0/19To prevent outgoing access to www.facebook.com, enter:# iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -j DROPYou can also use domain name, enter:# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP# iptables -A OUTPUT -p tcp -d facebook.com -j DROPFrom the iptables man page:... specifying any name to be resolved with a remote query such as DNS (e.g., facebook.com is a really bad idea), a network IP address (with /mask), or a plain IP address ...

#12: Log and Drop PacketsType the following to log and block IP spoofing on public interface called eth1# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix "IP_SPOOF A: "

# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROPBy default everything is logged to /var/log/messages file.# tail -f /var/log/messages# grep --color 'IP SPOOF' /var/log/messages

#13: Log and Drop Packets with Limited Number of Log EntriesThe -m limit module can limit the number of log entries created per time. This is used to prevent flooding your log file. To log and drop spoofing per 5 minutes, in bursts of at most 7 entries .# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix "IP_SPOOF A: "# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

#14: Drop or Accept Traffic From Mac AddressUse the following syntax:# iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP## *only accept traffic for TCP port # 8080 from mac 00:0F:EA:91:04:07 * ### iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT

#15: Block or Allow ICMP Ping RequestType the following command to block ICMP ping requests:# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP# iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -j DROPPing responses can also be limited to certain networks or hosts:# iptables -A INPUT -s 192.168.1.0/24 -p icmp --icmp-type echo-request -j ACCEPTThe following only accepts limited type of ICMP requests:### ** assumed that default INPUT policy set to DROP ** #############iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPTiptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPTiptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT## ** all our server to respond to pings ** ##iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#16: Open Range of PortsUse the following syntax to open a range of ports:iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7000:7010 -j ACCEPT

#17: Open Range of IP AddressesUse the following syntax to open a range of IP address:## only accept connection to tcp port 80 (Apache) if ip is between 192.168.1.100 and 192.168.1.200 ##

iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT## nat example ##iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.20-192.168.1.25

#17: Established Connections and Restaring The FirewallWhen you restart the iptables service it will drop established connections as it unload modules from the system under RHEL / Fedora / CentOS Linux. Edit, /etc/sysconfig/iptables-config and set IPTABLES_MODULES_UNLOAD as follows:IPTABLES_MODULES_UNLOAD = no

#18: Help Iptables Flooding My Server ScreenUse the crit log level to send messages to a log file instead of console:iptables -A INPUT -s 1.2.3.4 -p tcp --destination-port 80 -j LOG --log-level crit

#19: Block or Open Common PortsThe following shows syntax for opening and closing common TCP and UDP ports: Replace ACCEPT with DROP to block port:## open port ssh tcp port 22 ##iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPTiptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT ## open cups (printing service) udp/tcp port 631 for LAN users ##iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPTiptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT ## allow time sync via NTP for lan users (open udp port 123) ##iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT ## open tcp port 25 (smtp) for all ##iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT # open dns server ports for all ##iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPTiptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT ## open http/https (Apache) server port to all ##iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPTiptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT ## open tcp port 110 (pop3) for all ##iptables -A INPUT -m state --state NEW -p tcp --dport 110 -j ACCEPT ## open tcp port 143 (imap) for all ##

iptables -A INPUT -m state --state NEW -p tcp --dport 143 -j ACCEPT ## open access to Samba file server for lan users only ##iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPTiptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPTiptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPTiptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT ## open access to proxy server for lan users only ##iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT ## open access to mysql server for lan users only ##iptables -I INPUT -p tcp --dport 3306 -j ACCEPT

#20: Restrict the Number of Parallel Connections To a Server Per Client IPYou can use connlimit module to put such restrictions. To allow 3 ssh connections per client host, enter:# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECTSet HTTP requests to 20:# iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j DROPWhere,

1. --connlimit-above 3 : Match if the number of existing connections is above 3.2. --connlimit-mask 24 : Group hosts using the prefix length. For IPv4, this must be a

number between (including) 0 and 32.

#21: HowTO: Use iptables Like a ProFor more information about iptables, please see the manual page by typing man iptables from the command line:$ man iptablesYou can see the help using the following syntax too:# iptables -hTo see help with specific commands and targets, enter:# iptables -j DROP -h

#21.1: Testing Your FirewallFind out if ports are open or not, enter:# netstat -tulpnFind out if tcp port 80 open or not, enter:# netstat -tulpn | grep :80If port 80 is not open, start the Apache, enter:# service httpd startMake sure iptables allowing access to the port 80:# iptables -L INPUT -v -n | grep 80Otherwise open port 80 using the iptables for all users:# iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

# service iptables saveUse the telnet command to see if firewall allows to connect to port 80:$ telnet www.cyberciti.biz 80Sample outputs:Trying 75.126.153.206...Connected to www.cyberciti.biz.Escape character is '^]'.^]telnet> quitConnection closed.

You can use nmap to probe your own server using the following syntax:$ nmap -sS -p 80 www.cyberciti.bizSample outputs:Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-13 13:19 ISTInteresting ports on www.cyberciti.biz (75.126.153.206):PORT STATE SERVICE80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 1.00 seconds

I also recommend you install and use sniffer such as tcpdupm and ngrep to test your firewall settings.

Conclusion:This post only list basic rules for new Linux users. You can create and build more complex rules. This requires good understanding of TCP/IP, Linux kernel tuning via sysctl.conf, and good knowledge of your own setup. Stay tuned for next topics:

Configuring XDMCP and GDM on Red Hat Linuxby Jeff Hunter, Sr. Database Administrator

Contents● Introduction ● Configure Linux to use GUI Logins ● Granting Remote Access to the Login Manager ● Remote X Server Access from a Linux Client ● Troubleshooting ● About the Author

IntroductionMost users installing Linux today choose to install and configure the X Windows System. This allows those users to access their Linux environment using a graphic (GUI) console connected to the workstation or server. An X Windows environment provides users to run X programs like xterm, OpenOffice, Mozilla Firefox and a host of other useful graphical software packages.

There are times, however, when users need to log in to a Linux machine using the graphical X Windows System from a remote computer, like a Windows PC for example. The remote Windows PC would first need to have an X Windows Server installed like Xming , Exceed Hummingbird, or my personal favorite X - Win 32 .When installing Red Hat Enterprise Linux, the system defaults to a secure configuration which does not allow remote graphical logins or remote desktop access. This article explains the configuration changes required to allow remote access to a Red Hat Enterprise Linux system (RHEL) using the X Display Manager Control Protocol (XDMCP) or GDM (GUI login).

Configure Linux to use GUI LoginsOne of the first steps is to make certain the Red Hat Linux environment is configured to use a graphical (GUI) login. A Linux environment allows for either a text login or a graphical (GUI) login. This option is specified in the init script configuration file /etc/inittab. In order to allow remote graphical (GUI) logins, the environment itself must be configured for a X11 GUI login. Make certain the system is configured with the correct X11 runlevel (which in this case is runlevel 5):

## /etc/inittab#

..... <SNIP> .....

# Default runlevel. The runlevels used by RHS are:# 0 - halt (Do NOT set initdefault to this)# 1 - Single user mode# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)# 3 - Full multiuser mode# 4 - unused# 5 - X11# 6 - reboot (Do NOT set initdefault to this)#id:5:initdefault:

..... <SNIP> .....

Granting Remote Access to the Login Manager

The next step is to grant MS Windows users remote GUI access to the Red Hat Linux system. More specifically, we need to grant access to the RHEL Login Manager. Use the GDM Login Manager for RHEL 5 or higher while using the XDM Login Manager for RHEL 3 and RHEL 4.

GDM Login ManagerUsers running Red Hat Enterprise Linux 5, CentOS 5, or Oracle Enterprise Linux Release 5 will need to use the GDM login manager as XDM is no longer supported.First, edit the file /etc/gdm/custom.conf and add the following two entries:

[xdmcp]Enable=true

[security]DisallowTCP=falseAllowRemoteRoot=true

Next, restart X Windows:

[root@racnode1 ~]# init 3[root@racnode1 ~]# init 5

The final step is to configure the GDM login manager using the gdmsetup utility:

[root@racnode1 ~]# gdmsetup

After starting the gdmsetup utility, click the Remote tab. Under the Remote tab, change the Style pull-down menu selection from 'Remote login disabled' to 'Same as Local':

Figure 1: Modify Remote Style to 'Same as Local'

After configuring remote access to the GDM login manager, select the Security tab. Under the Security tab, I checked the options:

● Allow local system administrator login● Allow remote system administrator login

Figure 2: Security - Allow Local / Remote System Administrator Logins

Exit from the gdmsetup utility and restart the GDM service:

[root@racnode1 ~]# /usr/sbin/gdm-restart

You can test the GDM login screen locally using the following:

[root@racnode1 ~]# X -query localhost :1

XDM Login ManagerThe XDM login manager is used for older releases of Red Hat Linux. For example:

● Red Hat Enterprise Linux 3● Red Hat Enterprise Linux 4● CentOS 3● CentOS 4● Fedora Versions 1 through 6

Use the following steps to enable the services and modify the files necessary to configure the XDMCP:

1. To do this, edit the /etc/X11/xdm/Xaccess file and open the connection to hosts by un-commenting the line:

2.3. * #any host can get a login window

4. or enter individual IP addresses of selected hosts.5. SuSE users can do the same by editing the file /usr/X11R6/lib/X11/xdm/Xaccess.6. Next, open the file /etc/X11/xdm/xdm-config and comment out the line:

7.8. # DisplayManager.requestPort: 0

9. Make sure to run the program xdm as the root user account.

10.11. [root@racnode1 ~]# xdm &

12. The xdm command (X Display Manager) manages a collection of X displays, which may be on the local host or remote servers. The design of the xdm command was guided by the needs of X terminals as well as the X Consortium standard XDMCP (the X Display Manager Control Protocol).

13. If things still do not work, you may need to reboot the server or restart the xdm if it was already running.

Remote X Server Access from a Linux ClientSo, what if your client workstation is a Linux machine and you want to obtain a graphic login to another Linux machine? From the client workstation, use the Xnest utility as follows:

# Xnest -query <machine-name> -geometry <resolution> :1

For example, if my Linux workstation is named oemprod and I want to remotely access node racdb2:

[root@oemprod ~]# Xnest -query racdb2 -geometry 1280x1024 :1

Figure 3: Linux Xnest Example

TroubleshootingProbably the most common error when configuring graphic remote login access is the Linux firewall rules. Make certain the Linux firewall rules allow the XDMCP protocol to pass:

● List the firewall rules.

●● [root@racnode1 ~]# iptables -L

Chain INPUT (policy ACCEPT)target prot opt source destination

Chain FORWARD (policy ACCEPT)target prot opt source destination

Chain OUTPUT (policy ACCEPT)target prot opt source destination

● If needed, flush all firewall rules.

●● [root@racnode1 ~]# iptables -F

FinConfiguring XDMCP and GDM on Red Hat Linuxby Jeff Hunter, Sr. Database Administrator

Contents● Introduction ● Configure Linux to use GUI Logins ● Granting Remote Access to the Login Manager ● Remote X Server Access from a Linux Client ● Troubleshooting ● About the Author

IntroductionMost users installing Linux today choose to install and configure the X Windows System. This allows those users to access their Linux environment using a graphic (GUI) console connected to the workstation or server. An X Windows environment provides users to run X programs like xterm, OpenOffice, Mozilla Firefox and a host of other useful graphical software packages.There are times, however, when users need to log in to a Linux machine using the graphical X Windows System from a remote computer, like a Windows PC for example. The remote Windows PC would first need to have an X Windows Server installed like Xming , Exceed Hummingbird, or my personal favorite X - Win 32 .When installing Red Hat Enterprise Linux, the system defaults to a secure configuration which does not allow remote graphical logins or remote desktop access. This article explains the configuration changes required to allow remote access to a Red Hat Enterprise Linux system (RHEL) using the X Display Manager Control Protocol (XDMCP) or GDM (GUI login).

Configure Linux to use GUI LoginsOne of the first steps is to make certain the Red Hat Linux environment is configured to use a graphical (GUI) login. A Linux environment allows for either a text login or a graphical (GUI) login. This option is specified in the init script configuration file /etc/inittab. In order to allow remote graphical (GUI) logins, the environment itself must be configured for a X11 GUI login. Make certain the system is configured with the correct X11 runlevel (which in this case is runlevel 5):

## /etc/inittab#

..... <SNIP> .....

# Default runlevel. The runlevels used by RHS are:# 0 - halt (Do NOT set initdefault to this)# 1 - Single user mode# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)# 3 - Full multiuser mode# 4 - unused# 5 - X11# 6 - reboot (Do NOT set initdefault to this)#id:5:initdefault:

..... <SNIP> .....

Granting Remote Access to the Login ManagerThe next step is to grant MS Windows users remote GUI access to the Red Hat Linux system. More specifically, we need to grant access to the RHEL Login Manager. Use the GDM Login Manager for RHEL 5 or higher while using the XDM Login Manager for RHEL 3 and RHEL 4.

GDM Login ManagerUsers running Red Hat Enterprise Linux 5, CentOS 5, or Oracle Enterprise Linux Release 5 will need to use the GDM login manager as XDM is no longer supported.First, edit the file /etc/gdm/custom.conf and add the following two entries:

[xdmcp]Enable=true

[security]DisallowTCP=falseAllowRemoteRoot=true

Next, restart X Windows:

[root@racnode1 ~]# init 3[root@racnode1 ~]# init 5

The final step is to configure the GDM login manager using the gdmsetup utility:

[root@racnode1 ~]# gdmsetup

After starting the gdmsetup utility, click the Remote tab. Under the Remote tab, change the Style pull-down menu selection from 'Remote login disabled' to 'Same as Local':

Figure 1: Modify Remote Style to 'Same as Local'

After configuring remote access to the GDM login manager, select the Security tab. Under the Security tab, I checked the options:

● Allow local system administrator login

● Allow remote system administrator login

Figure 2: Security - Allow Local / Remote System Administrator Logins

Exit from the gdmsetup utility and restart the GDM service:

[root@racnode1 ~]# /usr/sbin/gdm-restart

You can test the GDM login screen locally using the following:

[root@racnode1 ~]# X -query localhost :1

XDM Login ManagerThe XDM login manager is used for older releases of Red Hat Linux. For example:

● Red Hat Enterprise Linux 3● Red Hat Enterprise Linux 4● CentOS 3● CentOS 4● Fedora Versions 1 through 6

Use the following steps to enable the services and modify the files necessary to configure the XDMCP:

1. To do this, edit the /etc/X11/xdm/Xaccess file and open the connection to hosts by un-commenting the line:

2.3. * #any host can get a login window

4. or enter individual IP addresses of selected hosts.5. SuSE users can do the same by editing the file /usr/X11R6/lib/X11/xdm/Xaccess.6. Next, open the file /etc/X11/xdm/xdm-config and comment out the line:

7.8. # DisplayManager.requestPort: 0

9. Make sure to run the program xdm as the root user account.

10.11. [root@racnode1 ~]# xdm &

12. The xdm command (X Display Manager) manages a collection of X displays, which may be on the local host or remote servers. The design of the xdm command was guided by the needs of X terminals as well as the X Consortium standard XDMCP (the X Display Manager Control Protocol).

13. If things still do not work, you may need to reboot the server or restart the xdm if it was already running.

Remote X Server Access from a Linux ClientSo, what if your client workstation is a Linux machine and you want to obtain a graphic login to another Linux machine? From the client workstation, use the Xnest utility as follows:

# Xnest -query <machine-name> -geometry <resolution> :1

For example, if my Linux workstation is named oemprod and I want to remotely access node racdb2:

[root@oemprod ~]# Xnest -query racdb2 -geometry 1280x1024 :1

Figure 3: Linux Xnest Example

TroubleshootingProbably the most common error when configuring graphic remote login access is the Linux firewall rules. Make certain the Linux firewall rules allow the XDMCP protocol to pass:

● List the firewall rules.

●● [root@racnode1 ~]# iptables -L

Chain INPUT (policy ACCEPT)target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)target prot opt source destination

● If needed, flush all firewall rules.

●● [root@racnode1 ~]# iptables -F

Finally, ensure the following ports and protocols are able to pass through the firewall:

Protocol Port Data Type

UDP 177 XDMCP

TCP 6000-6005 X11 protocol

TCP 7100 xfs: X font server

ally, ensure the following ports and protocols are able to pass through the firewall:

Protocol Port Data Type

UDP 177 XDMCP

TCP 6000-6005 X11 protocol

TCP 7100 xfs: X font server

Linux / UNIX Automatically Log BASH / TCSH / SSH Users Out After a Period of Inactivity

You can configure any Linux system to automatically log users out after a period of inactivity. Simply login as the root user and create a file called /etc/profile.d/autologout.sh, enter::# vi /etc/profile.d/autologout.shAppend the following code:TMOUT=300readonly TMOUTexport TMOUT

Save and close the file. Set permissions:# chmod +x /etc/profile.d/autologout.sh

Above script will implement a 5 minute idle time-out for the default /bin/bash shell

RHEL6 - How to Setup an Anonymous FTP Server

Today on the fatmin we are going to setup an ftp server on RHEL6 that accepts anonymous uploads. We are going to do so with SELinux support and will be making modifications to iptables as well.Installation:First and formost we need to install vsftpd# yum -y install vsftpd && service vsftpd start && chkconfig vsftpd onOur anonymous upload directory will be /var/ftp/anon, and we need to change group ownership to the ftp group and then change permissions so that the members of that group can write to it. Note that no one other than root can read or execute anything under /var/ftp/anon.# chgrp ftp /var/ftp/anon# chmod 730 /var/ftp/anon# ls -ld /var/ftp/anondrwx-wx---. 3 root ftp 4096 Oct 19 13:34 /v1 SELinux Support:Next we need to configure SELinux support and assign the correct context to the /v1 directory and its future contents. Note -a is add -t is type.# semanage fcontext -a -t public_content_rw_t '/var/ftp/anon(/.*)'Now lets go ahead and apply the new context. Note -vv is verbose, -F force and R is recursive# restorecon -vvFR /var/ftp/anonNow we need to get and set the allow_ftpd_anon_write boolean# setsebool -P allow_ftpd_anon_write=1Now lets check to make sure the setting "stuck".# getsebool -a | grep allow_ftpd_anon_writeallow_ftpd_anon_write --> on Configure Vsftpd:Now vi /etc/vsftpd/vsftpd.conf and ensure that the following configuration values are set and uncommented. Note that I had to add the last line to my config file.anonymous_enable=YESanon_upload_enable=YESchown_uploads=YESchown_username=daemonanon_umask=077 Configure iptables:Add the following to /etc/sysconfig/iptables-config. In my case I only needed to add the ip_nat_ftp part to the lineIPTABLES_MODULES="nf_conntrack_ftp ip_nat_ftp"

Now you are going to want to make sure that these two lines exist in /etc/sysconfig/iptables.-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p tcp --dport 21 -j ACCEPTNow restart iptablesAddendum:Note that I ran into issues with the semanage command below.# semanage fcontext -a -t public_content_rw_t '/var/ftp/anon(/.*)'It seems that the context assigned to the /var/ftp/anon directory was not changing correctly from public_content_t to public_content_rw_t# ls -Zd /var/ftpdrwxrwxrwx. root root system_u:object_r:public_content_t:s0 /var/ftpHowever when I checked the file_contexts file all looked correct.#cat /etc/selinux/targeted/contexts/files/file_contexts.local/var/ftp/anon(/.*) system_u:object_r:public_content_rw_t:s0So I ran the chon command seen below and did not run the restorecon command. This worked as afterwards the context on the directory /var/ftp/anon was correctchcon -R -t public_content_rw_t /var/ftp/anon

SQUID PROXYiptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

1. Confirm that the squid process ID (PID) has started as a confined service, as seen here by the squid_var_run_t value:

2. # ls -lZ /var/run/squid.pid -rw-r--r--. root squid unconfined_u:object_r:squid_var_run_t:s0 /var/run/squid.pid

enable SElinux:# setsebool -P squid_connect_any on

6th edition mical janghttp :// www . torrentreactor . net / torrents /5452006/ RHCSARHCE -%28 Exams - EX 200- ampampEX 300%29- by - Michael - Jang -6 thED

PXE configuration

http :// www . datadisk . co . uk / html _ docs / redhat / rh _ pxe . html

successfully worked http :// www . jaimegago . com / network - install - via - pxe - and - tftp - on - rhel 6- x 86_64/

Linux: Recovering deleted /etc/shadow password file

http :// www . cyberciti . biz / tips / recovering - deleted - etcshadow - password - file . html

Grub passwd for ubuntu http :// ubuntuforums . org / showthread . php ? t =7353

cent os links

http :// mirrors . hns . net . in / centos /6.2/ isos / i 386/

crontab linkshttp :// www . thegeekstuff . com /2009/06/15- practical - crontab - examples /

port no list links

http :// en . wikipedia . org / wiki / List _ of _ TCP _ and _ UDP _ port _ numbers

ssh links

http :// blog . urfix . com /25- ssh - commands - tricks /

http :// www . linuxtutorialblog . com / post / ssh - and - scp - howto - tips - tricks

Mounting NTFS Partition in Redhat Linux

http :// crackconfig . wordpress . com /2010/08/30/ mounting - ntfs - partition - in - redhat - linux /

Nagios configuration http :// www . unixsurgeon . com / kb / how - to - install - nagios - on - redhatfedoracentos . html

IPTABLES CONFIGURATION

http :// nxlinuxadmin . blogspot . in /2010/05/ iptables - for - squid - samba - apache - ldap . html

Explain Linux / UNIX TCP Wrappers / Find Out If Program Compiled With TCP Wrappers

http :// www . cyberciti . biz / faq / tcp - wrappers - hosts - allow - deny - tutorial /

Top 20 OpenSSH Server Best Security Practices

http :// www . cyberciti . biz / tips / linux - unix - bsd - openssh - server - best - practices . html

Mail Server Configuration(successfully worked)http :// linuxgravity . com / configuring - postfix - and - dovecot - pop 3- and - imap - on - red - hat - or - centos - using - local - system - accounts

MYSQL SERVER RESET THE PASSWORDhttp :// crashmag . net / resetting - the - root - password - for - mysql - running - on - rhel - or - centos

SSH & SSH-Agent &ssh-addhttp :// www . lofar . org / wiki / doku . php ? id = public : ssh - usage

LUKS-encrypted_partitions

http :// rhce . co / rhel 6/ Create _ and _ configure _ LUKS - encrypted _ partitions _ and _ logical _ volumes _ to _ prompt _ for _ password _ and _ mount _ a _ decrypted _ file _ system _ at _ boot

System monitoring tools in Linux

http :// phn . ho . ua / articles / monitoring . html

Linux: Find Out Which Process Is Listening Upon a Port

http :// www . cyberciti . biz / faq / what - process - has - open - linux - port /

LDAPhttp :// linuxnextgen . blogspot . in /2010/03/ ldap - server - configuration . html need to Install migrationtools-47-8.fc15.noarch.rpm