Tuesday, October 22, 2013

Lynis - Server Scanner

# mkdir /usr/local/lynis
Download stable version of Lynis source files from the trusted website using wget command and unpack it using tar command as shown below.
# cd /usr/local/lynis
# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
# tar -xvf lynis-1.3.0.tar.gz
Running and Using Lynis Basics
You must be root user to run Lynis, because it creates and writes output to /var/log/lynis.log file. To run Lynis execute the following command.
# cd lynis-1.3.0
# ./lynis

Friday, October 18, 2013



limits.conf - configuration file for the pam_limits module


The pam_limits.so module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions. This description of the configuration file syntax applies to the /etc/security/limits.conf file and *.conf files in the /etc/security/limits.d directory.

The syntax of the lines is as follows:

<domain> <type> <item> <value>

The fields listed above should be filled as follows:


• a username
• a groupname, with @group syntax. This should not be confused with netgroups.
• the wildcard *, for default entry.
• the wildcard %, for maxlogins limit only, can also be used with %group syntax. If the % wildcard is used alone it is identical to using * with maxsyslogins limit. With a group specified after % it limits the total number of logins of all users that are member of the group.
• an uid range specified as <min_uid>:<max_uid>. If min_uid is omitted, the match is exact for the max_uid. If max_uid is omitted, all uids greater than or equal min_uid match.
• a gid range specified as @<min_gid>:<max_gid>. If min_gid is omitted, the match is exact for the max_gid. If max_gid is omitted, all gids greater than or equal min_gid match. For the exact match all groups including the user's supplementary groups are examined. For the range matches only the user's primary group is examined.
• a gid specified as %:<gid> applicable to maxlogins limit only. It limits the total number of logins of all users that are member of the group with the specified gid.
for enforcing hard resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values.
for enforcing soft resource limits. These limits are ones that the user can move up or down within the permitted range by any pre-existing hard limits. The values specified with this token can be thought of as default values, for normal system usage.
for enforcing both soft and hard resource limits together.Note, if you specify a type of '-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. .

limits the core file size (KB)
maximum data size (KB)
maximum filesize (KB)
maximum locked-in-memory address space (KB)
maximum number of open files
maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher)
maximum stack size (KB)
maximum CPU time (minutes)
maximum number of processes
address space limit (KB)
maximum number of logins for this user except for this with uid=0
maximum number of all logins on system
the priority to run user process with (negative values boost process priority)
maximum locked files (Linux 2.4 and higher)
maximum number of pending signals (Linux 2.6 and higher)
maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher)
maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]
maximum realtime priority allowed for non-privileged processes (Linux 2.6.12 and higher)
All items support the values -1unlimited or infinity indicating no limit, except for priority and nice.If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur. If the control value required is used, the module will reject the login if a limit could not be set.

In general, individual limits have priority over group limits, so if you impose no limits for admin group, but one of the members in this group have a limits line, the user will have its limits set according to this line.

Also, please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session.

In the limits configuration file, the '#' character introduces a comment - after which the rest of the line is ignored.

The pam_limits module does report configuration problems found in its configuration file and errors via syslog(3).


These are some example lines which might be specified in /etc/security/limits.conf.

*               soft    core            0
* hard nofile 512
@student hard nproc 20
@faculty soft nproc 20
@faculty hard nproc 50
ftp hard nproc 0
@student - maxlogins 4
:123 hard cpu 5000
@500: soft cpu 10000
600:700 hard locks 10

See Also

Linux - Resource Manager - Processes limitations (/etc/security/limits.conf)

Limiting user processes is important for running a stable system. To limit user process, you have just to set shell limit by adding:

  • a user name

  • or group name

  • or all users

to /etc/security/limits.conf file and impose then process limitations.

Example of /etc/security/limits.conf file
*               hard    nofile          65535
* soft nofile 4096
@student hard nproc 16384
@student soft nproc 2047

A soft limit is like a warning and hard limit is a real max limit. For example, following will prevent anyone in the student group from having more than 50 processes, and a warning will be given at 30 processes.
@student        hard    nproc           50
@student soft nproc 30

Hard limits are maintained by the kernel while the soft limits are enforced by the shell.


Syntax of the /etc/security/limits.conf file

The /etc/security/limits.conf file contains a list line where each line describes a limit for a user in the form of:
<domain> <type> <item> <shell limit value>


  • <domain> can be:

    • group name, with @group syntax

    • the wildcard *, for default entry

    • the wildcard %, can be also used with %group syntax, for maxlogin limit

  • <type> can have the two values:

    • “soft” for enforcing the soft limits (soft is like warning)

    • “hard” for enforcing hard limits (hard is a real max limit)

  • <item> can be one of the following:

    • core - limits the core file size (KB)

  • <shell limit value> can be one of the following:

    • core - limits the core file size (KB)

    • data - max data size (KB)

    • fsize - maximum filesize (KB)

    • memlock - max locked-in-memory address space (KB)

    • nofile - Maximum number of open file descriptors

    • rss - max resident set size (KB)

    • stack - max stack size (KB) - Maximum size of the stack segment of the process

    • cpu - max CPU time (MIN)

    • nproc - Maximum number of processes available to a single user

    • as - address space limit

    • maxlogins - max number of logins for this user

    • maxsyslogins - max number of logins on the system

    • priority - the priority to run user process with

    • locks - max number of file locks the user can hold

    • sigpending - max number of pending signals

    • msgqueue - max memory used by POSIX message queues (bytes)

    • nice - max nice priority allowed to raise to

    • rtprio - max realtime priority

    • chroot - change root to directory (Debian-specific)

How to

Set the limitations

  • Open the /etc/security/limits.conf file and change the existing values for “hard” and “soft” parameters as it's given in your installation documentation.

  • Restart the system after making changes.

If the current value for any parameter is higher than the value listed in the installation document, then do not change the value of that parameter.
*               hard    nofile          65535
* soft nofile 4096
* hard nproc 16384
* soft nproc 2047

Verify the limitations

To check the soft and hard limits, log as the user and enter the following ulimit command:

file descriptorulimit -Snulimit -Hn
number of processes available to a userulimit -Suulimit -Hu
stackulimit -Ssulimit -Hs

Test the limitations

The following bash function:

:(){ :|:& };:

is a recursive function and is often used by sys admin to test user processes limitations.

The RPM DB is corrupt cpanel

mkdir /root/old_rpm_dbs/
mv /var/lib/rpm/__db* /root/old_rpm_dbs/
rpm --rebuilddb

Sunday, October 13, 2013

Backing up MySQL database on restricted user account

Backing up MySQL database on restricted user account

I know that backing up databases is a job for a sysdamin. I know that I shouldn’t do that because I’m a stupid developer. I know that. I just couldn’t resist… And then I came across a strange error that sysadmin never encounters (you know… mysqldump -u root…). I couldn’t dump this db due to events error. So here is a quick solution for that.

The error:

1mysqldump: Couldn't execute 'show events': Access denied for user 'user'@'some-host' to database 'dbname' (1044)

Below lines are solving that. The magic option here is –skip-events


1mysqldump -u usernam -p --skip-events --databases dbname > dbname_dump.sql


1mysqldump -u usernam -p --skip-events --single-transaction --databases dbname > dbname_dump.sql

Adding IPV6 to machine

Your IPv6 address
There are two ways of obtaining your IPv6 address: hard and easy.

Hard way: calculate it yourself. You can do this here.

Easy way: check it in your OVH panel. After logging in to OVH Manager, go to Dedicated Servers -> Summary. On right side of screen you should see something similar to picture below.


Don’t look at me like that. I can’t make it easier. If you want to complicate things a little, just go ahead and read more about IP version 6. :P

Paste two commands
This is the main magic. Don’t try it when you’re sober. Ever.

$ sudo ip -6 addr add 2001:41d0:XXXX:XXXX::1/56 dev eth0
$ sudo ip -6 addr delete 2001:41d0:XXXX:XXXX::1/56 dev eth0
Ok. So what the hell is up with these?

First, you’ll need iproute2 package (for the ip command). So just apt-get your way through this complicated issue…

apt-get update && apt-get install iproute
Now, you can add v6 address to your network interface:

$ ip -6 addr add 2001:41d0:XXXX:XXXX::1/56 dev eth0
And check if your gateway is available:

$ ping6 -c 3 2001:41d0:XX:XXff:ff:ff:ff:ff
PING 2001:41d0:1:afff:ff:ff:ff:ff(2001:41d0:XX:XXff:ff:ff:ff:ff) 56 data bytes
64 bytes from 2001:41d0:XX:XXff:ff:ff:ff:ff: icmp_seq=1 ttl=64 time=57.8 ms
64 bytes from 2001:41d0:XX:XXff:ff:ff:ff:ff: icmp_seq=2 ttl=64 time=70.4 ms
64 bytes from 2001:41d0:XX:XXff:ff:ff:ff:ff: icmp_seq=3 ttl=64 time=8.99 ms

--- 2001:41d0:XX:XXff:ff:ff:ff:ff ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 8.992/45.762/70.463/26.508 ms
Fine. Let’s configure routing:

$ sudo ip -6 r a via 2001:41d0:XX:XXff:ff:ff:ff:ff dev eth0
Check if you can see Internets:

$ ping6 -c 3 ipv6.google.com
PING ipv6.google.com(muc03s02-in-x14.1e100.net) 56 data bytes
64 bytes from muc03s02-in-x14.1e100.net: icmp_seq=1 ttl=55 time=21.4 ms
64 bytes from muc03s02-in-x14.1e100.net: icmp_seq=2 ttl=55 time=18.5 ms
64 bytes from muc03s02-in-x14.1e100.net: icmp_seq=3 ttl=55 time=18.6 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 18.590/19.563/21.469/1.357 ms

Let’s now update our /etc/network/interfaces file. Whole file should look similar to this:

auto eth0
iface eth0 inet static

iface eth0 inet6 static
address 2001:41d0:1:XXXX::1
netmask 56
gateway 2001:41d0:1:XXFF:FF:FF:FF:FF
If you want to have more than one IPv6 address add to second (inet6) definition of eth0 interface following lines.

up /sbin/ip -6 addr add 2001:41d0:1:af20::deaf:bed/56 dev eth0
down /sbin/ip -6 addr delete 2001:41d0:1:af20::deaf:bed/56 dev eth0
Easy? Easy! As hell.

Great. Let’s just disable automatic configuration – it’s breaking things at OVH.

$ sudo sysctl net.ipv6.conf.default.autoconf=0
$ sudo sysctl net.ipv6.conf.all.autoconf=0
Before you proceed – double check your configuration. Reboot your system. Triple check. And then…

- See more at: http://gstlt.info/2012/06/ovh-and-ipv6-problems/#sthash.xntLLa8J.dpuf

How to Set Up Your Own Terminal Server Using Remote Desktop Services On Server 2008 R2

To install the Terminal Server role service
Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

In the left pane, right-click Roles, and then click Add Roles.

In the Add Roles Wizard, on the Before You Begin page, click Next.

On the Select Server Roles page, under Roles, select the Terminal Services check box.

If Terminal Services is already installed on the server, the Terminal Services check box will be selected and dimmed.
Click Next.

On the Terminal Services page, click Next.

On the Select Role Services page, select the Terminal Server check box, and then click Next.

If you are installing the Terminal Server role service on a domain controller, you will receive a warning message because installing the Terminal Server role service on a domain controller is not recommended. For more information, see "Installing Terminal Server on a Domain Controller" in the Terminal Server Help in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?linkid=109277).

On the Uninstall and Reinstall Applications for Compatibility page, click Next.

On the Specify Authentication Method for Terminal Server page, select the appropriate authentication method for the terminal server, and then click Next. For more information about authentication methods, see "Configure the Network Level Authentication Setting for a Terminal Server" in the Terminal Server Help in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?linkid=109280).

On the Specify Licensing Mode page, select the appropriate licensing mode for the terminal server, and then click Next. For more information about licensing modes, see "Specify the Terminal Services Licensing Mode" in the Terminal Services Configuration Help in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?linkid=101638).

On the Select User Groups Allowed Access To This Terminal Server page, add the users or user groups that you want to be able to remotely connect to this terminal server, and then click Next. For more information, see "Configure the Remote Desktop User Group" in the Terminal Server Help in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?linkid=109278).
On the Confirm Installation Selections page, verify that the Terminal Server role service will be installed, and then click Install.

On the Installation Progress page, installation progress will be noted.

On the Installation Results page, you are prompted to restart the server to finish the installation process. Click Close, and then click Yes

to restart the server.

If you are prompted that other programs are still running, do either of the following:

To close the programs manually and restart the server later, click Cancel.

To automatically close the programs and restart the server, click Restart now.

After the server restarts and you log on to the computer, the remaining steps of the installation will finish. When the Installation Results page appears, confirm that the installation of Terminal Server succeeded.
You can also confirm that Terminal Server is installed by following these steps:
Start Server Manager.

Under Roles Summary, click Terminal Services.

Under System Services, confirm that Terminal Services has a status of Running.

Under Role Services, confirm that Terminal Server has a status of Installed.



Installing Remote Desktop Services

Open the Server Manager and right-click on roles, select Add Roles from the context menu

Click next on the Before You Being page to bring up a list of Roles that can be installed, select Remote Desktop Services and click next

On the Introduction To Remote Desktop Services page click next, this will bring you to the Role Services page, select the Remote Desktop Session Host as well as the Remote Desktop Licensing Service and then click next.

When you get to the application compatibility page it tells you that you should install the Session Host Role before you install your applications, just click next as we have not yet installed our applications. You are then asked if you want to require NLA, this will only allow Windows clients to connect to the Remote Desktop Session Host Server, in addition they must be running a Remote Desktop Client that support Network Level Authentication. I will go ahead and require NLA and then click next

Now you have to choose a licensing method, most of you guys wont have Remote Desktop Client Access Licenses, so you can leave your option at Configure Later this will give you unlimited access to the Remote Desktop Server for 4 Months (120 Days). However, if you do have licenses here is some information help you make your choice:

Licensing Modes

The licenses you purchased can be used either as Per User or Per Device. It is purely up to you, however if you already have a RDS Licensing Server you will have to choose the same option you chose when importing the licenses originally.

  • RDS Per User CAL –  This means that every user that connects to the RDS Server must have a license. The user is assigned the license rather than the devices that he/she connects to the server from. This mode is a good choice if your users want to connect from a lot of different computers or devices (iPad, Home PC, Laptop, Phone etc)

  • RDS Per Device CAL – If your users share a common workstation this is the mode for you, the license is given to the device rather than the users, this way many people can connect from a single device. However, if they try to connect from a different device they will not be able to since their user account doesn’t have a license.

I will leave mine at configure later and click next

Now you should specify who can connect to the Remote Desktop Server, I will just add my user account (Windows Geek), then click next

You are now given the option of making the RDS Server look and act more like Windows 7, this is to avoid users getting confused when they see the classic theme. I will enable the all the settings, it requires more bandwidth though, so take your network traffic into account before going click-happy and selecting everything. Once you have made your choice click next

Since we are running Server 2008 R2, we don’t need to specify a Discovery Scope so just click next again

Finally you can click on install.

Once installation is complete, reboot your server, when you log in the configuration will complete. That’s all there is to installing a Remote Desktop Server.


If you need to install your licenses you can do it through the RD Licensing Manager. You will need to activate the Server first though. I wont go through this, as it is self-explanatory.

Once you have installed you Licenses you will need to specify a license server for the RDS Session Host to use, to do this, open the RDS Session Host Configuration MMC

When the console opens double-click on the Remote Desktop license servers link.

Now you can specify your licensing mode and then hit the add button to specify a licensing server.

As I said before, you can skip this activation section and use Remote Desktop Services for 120 Days before you need to purchase a CAL. Once you have done this you will need to install your applications. However you cant just install them in any fashion you want, there is actually a special method for installing applications on a Remote Desktop Server.

Enable Multiple Remote Desktop Sessions on Server 2008

Step 1

Click on Start > Administrative Tools > Terminal Services > Terminal Services Configuration.


Step 2

Right Click on “Restrict each user to a single session” in the “Edit settings” section and choose “Properties“.


Step 3

Uncheck the “Restrict each user to a single session” checkbox and Click OK.


Step 4

Click OK for the window that opens.


Step 5

You will need to log off and log back on for the changes to take effect.

You will now be able to connect to multiple Remote Desktop Sessions on the same user account.

Alternatively you can use this Registry .reg file to disable the setting above:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
If you need any further assistance, please do not hesitate to contact our Support Team available 24/7!


Enable Ping on Windows Server 2008

When setting up new servers, one of the first things to do is to make sure other machines can connect to. The easiest way to do that has typically been to use the ping command, which sends an Internet Control Message Protocol (ICMP) or Echo message to the remote machine. Due to security concerns, however, the Windows Firewall on Windows Server 2008 and Windows Server 2008 R2 is configured to disallow responses to these requests. Here is how to enable responses to these requests.
Windows Firewall Control Panel
Display the Windows Firewall control panel and click the Advanced settings link on the left.


1-Enable Ping-Windows Firewall


Inbound Rules

Click on the Inbound Rules entry below the Windows Firewall with Advanced Settings entry in the left pane.

 2-Enable Ping-Inbound Rules


Echo Request Rules
There are two rules for echo requests, one called File and Printer Sharing (Echo Request – ICMPv4-In) and File and Printer Sharing (Echo Request – ICMPv6-In). You’ll find these in the contents pane on the right.

3-Enable Ping-Echo Request Rules

Enable the Rules

Right click on a rule and click on Enable.

4-Enable Ping-Enable Rule


Once the rule has been enabled, the icon will turn green and the value in the Enabled column will change from No to Yes.

5-Enable Ping-Rule Enabled


Command Line Control
Note that Windows Server Core does not have any UI. You can use the following commands from a command prompt window to enable and disable the IPv4 rule:

netsh firewall set icmpsetting 8
netsh firewall set icmpsetting 8 disable

Note that these commands have been deprecated and you’ll see this message when you execute them on Windows Server 2008 R2:

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
I haven’t found the syntax for simply enabling and disabling the existing rules. All the examples I’ve seen have you create a new rule, like this:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
If anyone can find the syntax for simply enabling and disabling the existing rules, please let me know.

How to Quickly Add Multiple IP Addresses to Windows Servers

If you have ever added multiple IP addresses to a single Windows server, going through the graphical interface is an incredible pain as each IP must be added manually, each in a new dialog box. Here’s a simple solution.


Needless to say, this can be incredibly monotonous and time consuming if you are adding more than a few IP addresses. Thankfully, there is a much easier way which allows you to add an entire subnet (or more) in seconds.

Adding an IP Address from the Command Line
Windows includes the “netsh” command which allows you to configure just about any aspect of your network connections. If you view the accepted parameters using “netsh /?” you will be presented with a list of commands each which have their own list of commands (and so on). For the purpose of adding IP addresses, we are interested in this string of parameters:

netsh interface ipv4 add address

Note: For Windows Server 2003/XP and earlier, “ipv4″ should be replaced with just “ip” in the netsh command.

If you view the help information, you can see the full list of accepted parameters but for the most part what you will be interested in is something like this:

netsh interface ipv4 add address “Local Area Connection”

The above command adds the IP Address (with Subnet Mask to the connection titled “Local Area Network”.

Adding Multiple IP Addresses at Once
When we accompany a netsh command with the FOR /L loop, we can quickly add multiple IP addresses. The syntax for the FOR /L loop looks like this:

FOR /L %variable IN (start,step,end) DO command

So we could easily add every IP address from an entire subnet using this command:

FOR /L %A IN (0,1,255) DO netsh interface ipv4 add address “Local Area Connection” 192.168.1.%A

This command takes about 20 seconds to run, where adding the same number of IP addresses manually would take significantly longer.

A Quick Demonstration
Here is the initial configuration on our network adapter:

ipconfig /all

Now run netsh from within a FOR /L loop to add IP’s to this adapter:

FOR /L %A IN (10,1,20) DO netsh interface ipv4 add address “Local Area Connection” 192.168.1.%A

After the above command is run, viewing the IP Configuration of the adapter now shows:

# Add IP
netsh int ipv4 add address name="Local Area Connection 1" addr=
mask= skipassource=true
Here are a couple of other commands that are nice to know:
# List ip addresses
netsh int ipv4 show ipaddresses level=verbose

# Delete IP
netsh int ipv4 delete address "Local Area Connection 1"


To Add IP Addresses to Your Dedicated Windows 2003 Server
Log in to Remote Desktop.

Go to Control Panel->Network Connections->Local Area Connection.
Right-click on Properties.
Select Internet Protocol (TCP/IP).
Click Properties.
Click Advanced.
Click Add and add the new IP, with as the subnet mask.

To Add IP Addresses to Your Dedicated Windows 2008 Server

Log into your server via Remote Desktop.

Open the server's Start menu and select Network.
Double-click on the Network and Sharing Center icon.
Click on the Change Adapter Settings link on the left.
Right click on the icon representing your server's network card and select Properties from the menu that appears.
Select Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.
Click the Advanced button.
Click the Add button under the IP addresses section of the IP Settings tab.
Enter the IP address and subnet mask and click the Add button.
Click the OK button to close the Advanced TCP/IP Settings window.
Click the OK button to close the Internet Protocol Version 4 (TCP/IPv4) Properties window.
Click the Close button to close out of the Local Area Connection Properties window.

Thursday, October 3, 2013

Inode space issue , finding largest inode entry direcotry


The find command searches for files, starting at a directory named on the command line. It looks for files that match whatever criteria you wish, such as all regular files, all files that end in .trash, or any file older than a particular date. When it finds a file that matches the criteria, it performs whatever task you specify, such as removing the file, printing the name of the file, changing the file's permissions, and so forth.

For example:

# find /usr -local -type f -mtime +60 -print > /usr/tmp/deadfiles &
-mtime +60
Says you are interested only in files that have not been modified in 60 days.
As another example, you can use the find command to find files over 7 days old in the temporary directories and remove them. Use the following commands:

# find /var/tmp -local -type f -atime 7 -exec rm {} \;
# find /tmp -local -type f -atime 7 -exec rm {} \;
then this bash command may help you:

sudo find . -xdev -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n
And yes, this will take time, but you can locate the directory with the most files

for i in /*; do echo $i; find $i -type f | wc -l; done



Tuesday, October 1, 2013

NCftp - get multiple Folders with ftp

Install ncftp client

ncftp client software can be downloaded from http://www.ncftp.com/ncftp/ and works with FreeBSD, Solaris and all most all UNIX variant. You can also run command as follows to install ncftp:
$ sudo apt-get install ncftp

FTP get directory recursively

ncftpget is Internet file transfer program for scripts and advance usage. You need to use command as follows:
$ ncftpget –R –v –u "ftpuser" ftp.nixcraft.net /home/vivek/backup /www-data

  • -R : Copy all subdirectories and files (recursive)

  • -v : Verbose i.e. display download activity and progess

  • -u "USERNAME" : FTP server username, if skipped ncftpget will try anonymous username

  • ftp.nixcraft.net : Ftp server name

  • /home/vivek/backup : Download everything to this directory

  • /www-data : Remote ftp directory you wish to copy

If you get an error which read as follows:
tar: End of archive volume 1 reached
tar: Sorry, unable to determine archive format.
Could not read directory listing data: Connection reset by peer

Then add –T option to ncftpget command:

$ ncftpget –T –R –v –u "ftpuser" ftp.nixcraft.net /home/vivek/backup /www-data


  • -T : Do not try to use TAR mode with Recursive mode