Apache configuration(IN SERVERS USER WHM TO ADD GLOBAL SETTING TO THE httpd.conf)
To start, open the Apache configuration file and finding the directives section. On a cPanel server, it will be located in /usr/local/apache/conf/. On a Plesk server, it will be in /etc/httpd/conf/. If you are using vi or vim: once you open the file, you can find the directives by scrolling through the file, or by typing forward-slash ‘/’ and typing the exact string that you are looking for (search is case specific).
[root@host /] vim /usr/local/apache/conf/httpd.conf
or
[root@host /] vim /etc/httpd/conf/httpd.conf
This list is a composite of the settings we will be reviewing from fresh install on a cPanel server:
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
Timeout 300
Usually this value doesn’t require editing and a default of 300 is sufficient. Lowering the ‘Timeout’ value will cause a long running script to terminate earlier than expected.
On virtualized servers like VPS servers, lowering this value to 100 can help improve performance.
KeepAlive On
This setting should be “On” unless the server is getting requests from hundreds of IPs at once.
High volume and/or load balanced servers should have this setting disabled (Off) to increase connection throughput.
MaxKeepAliveRequests 100
This setting limits the number of requests allowed per persistent connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed.
It is recommended to keep this value at 100 for virtualized accounts like VPS accounts. On dedicated servers it is recommended that this value be modified to 150.
KeepAliveTimeout 15
The number of seconds Apache will wait for another request before closing the connection. Setting this to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.
It is recommended that this value be lowered to 5 on all servers.
MinSpareServers 5
This directive sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request. If there are fewer spareservers idle then specified by this value, then the parent process creates new children at a maximum rate of 1 per second. Setting this parameter to a large number is almost always a bad idea.
Liquidweb recommends adjusting the value for this setting to the following:
Virtualized server, ie VPS 5
Dedicated server with 1-2GB RAM 10
Dedicated server with 2-4GB RAM 20
Dedicated server with 4+ GB RAM 25
****************************************************************
WHM Tweaking – Tweak WHM for better security and performance.
Server Setup =>> Tweak Settings
Check the following items...
Under Domains: Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail: Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
Under System: Use jailshell as the default shell for all new accounts and
modified accounts
Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
*****************************************************************
PHP Tightening – Tweak PHP by changing the parameters of php configuration for better security and performance.
php.ini & disabled functions
Edit php.ini
[root@server ]# nano /usr/local/lib/php.ini
safe_mode = On
allow_url_fopen = off
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd, popen, proc_open, allow_url_fopen, ini_set
************************************************************
PHP Upgarde – Compile PHP to its latest stable version which increases server security.
Using easyapache script .
************************************************************
MySQL optimization – Optimize MySQL value for better performance and stability
/usr/local/cpanel/3rdparty/mysqltuner/mysqltuner.pl
#DO NOT MODIFY THE FOLLOWING COMMENTED LINES!
[mysqld]
max_connections = 400
key_buffer = 16M
myisam_sort_buffer_size = 32M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1024
thread_cache_size = 286
interactive_timeout = 25
wait_timeout = 1000
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 16M
query_cache_type = 1
tmp_table_size = 16M
skip-innodb
[mysqld_safe]
open_files_limit = 8192
[mysqldump]
quick
max_allowed_packet = 16M
[myisamchk]
key_buffer = 32M
sort_buffer = 32M
read_buffer = 16M
write_buffer = 16M
MySQL parameters like query_cache_size, key_buffer_size, Table_cache, sort_buffer, read_rnd_buffer_size, thread_cache, tmp_table_size, query_cache_size etc should be altered according to your server status.
Showing posts with label rhel. Show all posts
Showing posts with label rhel. Show all posts
Monday, February 11, 2013
Sunday, February 10, 2013
FTP Hardening – Secure FTP software by upgrading to latest version
FTP Hardening – Secure FTP software by upgrading to latest version
FTP: In WHM >> Service Configuration, there is an option to change 2 settings for FTP.
By default the first will be set to use pure-ftpd (this is good) and the second is to allow anonymous FTP (this is very bad). Unless you really want half the world (the bad half) discovering that you run an open FTP server, turn anonymous OFF.
Each FTP session uses resources, so you should also be careful about how many FTP logons you allow each account in your Feature Lists. Up to 3 is fine - anything over 10 is getting silly and simply invites your users to use your server for file sharing.
FTP: In WHM >> Service Configuration, there is an option to change 2 settings for FTP.
By default the first will be set to use pure-ftpd (this is good) and the second is to allow anonymous FTP (this is very bad). Unless you really want half the world (the bad half) discovering that you run an open FTP server, turn anonymous OFF.
Each FTP session uses resources, so you should also be careful about how many FTP logons you allow each account in your Feature Lists. Up to 3 is fine - anything over 10 is getting silly and simply invites your users to use your server for file sharing.
Thursday, January 24, 2013
Find Command variants
1. Find Files Using Name in Current Directory
Find all the files whose name is server.txt in a current working directory.
# find . -name server.txt
./server.txt
2. Find Files Under Home Directory
Find all the files under /home directory with name server.txt.
# find /home -name server.txt
/home/server.txt
3. Find Files Using Name and Ignoring Case
Find all the files whose name is server.txt and contains both capital and small letters in /home directory.
# find /home -iname server.txt
./server.txt
./server.txt
4. Find Directories Using Name
Find all directories whose name is server in / directory.
# find / -type d -name server
/server
5. Find PHP Files Using Name
Find all php files whose name is server.php in a current working directory.
# find . -type f -name server.php
./server.php
6. Find all PHP Files in Directory
Find all php files in a directory.
# find . -type f -name "*.php"
./server.php
./login.php
./index.php
Part II – Find Files Based on their Permissions
7. Find Files With 777 Permissions
Find all the files whose permissions are 777.
# find . -type f -perm 0777 -print
8. Find Files Without 777 Permissions
Find all the files without permission 777.
# find / -type f ! -perm 777
9. Find SGID Files with 644 Permissions
Find all the SGID bit files whose permissions set to 644.
# find / -perm 2644
10. Find Sticky Bit Files with 551 Permissions
Find all the Sticky Bit set files whose permission are 551.
# find / -perm 1551
11. Find SUID Files
Find all SUID set files.
# find / -perm /u=s
12. Find SGID Files
Find all SGID set files.
# find / -perm /g+s
13. Find Read Only Files
Find all Read Only files.
# find / -perm /u=r
14. Find Executable Files
Find all Executable files.
# find / -perm /a=x
15. Find Files with 777 Permissions and Chmod to 644
Find all 777 permission files and use chmod command to set permissions to 644.
# find / -type f -perm 0777 -print -exec chmod 644 {} \;
16. Find Directories with 777 Permissions and Chmod to 755
Find all 777 permission directories and use chmod command to set permissions to 755.
# find / -type d -perm 777 -print -exec chmod 755 {} \;
17. Find and remove single File
To find a single file called server.txt and remove it.
# find . -type f -name "server.txt" -exec rm -f {} \;
18. Find and remove Multiple File
To find and remove multiple files such as .mp3 or .txt, then use.
# find . -type f -name "*.txt" -exec rm -f {} \;
OR
# find . -type f -name "*.mp3" -exec rm -f {} \;
19. Find all Empty Files
To file all empty files under certain path.
# find /tmp -type f -empty
20. Find all Empty Directories
To file all empty directories under certain path.
# find /tmp -type d -empty
21. File all Hidden Files
To find all hidden files, use below command.
# find /tmp -type f -name ".*"
Part III – Search Files Based On Owners and Groups
22. Find Single File Based on User
To find all or single file called server.txt under /root directory of owner root.
# find / -user root -name server.txt
23. Find all Files Based on User
To find all files that belongs to user server under /home directory.
# find /home -user server
24. Find all Files Based on Group
To find all files that belongs to group Developer under /home directory.
# find /home -group developer
25. Find Particular Files of User
To find all .txt files of user server under /home directory.
# find /home -user server -iname "*.txt"
Part IV – Find Files and Directories Based on Date and Time
26. Find Last 50 Days Modified Files
To find all the files which are modified 50 days back.
# find / -mtime 50
27. Find Last 50 Days Accessed Files
To find all the files which are accessed 50 days back.
# find / -atime 50
28. Find Last 50-100 Days Modified Files
To find all the files which are modified more than 50 days back and less than 100 days.
# find / -mtime +50 –mtime -100
29. Find Changed Files in Last 1 Hour
To find all the files which are changed in last 1 hour.
# find / -cmin -60
30. Find Modified Files in Last 1 Hour
To find all the files which are modified in last 1 hour.
# find / -mmin -60
31. Find Accessed Files in Last 1 Hour
To find all the files which are accessed in last 1 hour.
# find / -amin -60
Part V – Find Files and Directories Based on Size
32. Find 50MB Files
To find all 50MB files, use.
# find / -size 50M
33. Find Size between 50MB – 100MB
To find all the files which are greater than 50MB and less than 100MB.
# find / -size +50M -size -100M
34. Find and Delete 100MB Files
To find all 100MB files and delete them using one single command.
# find / -size +100M -exec rm -rf {} \;
35. Find Specific Files and Delete
Find all .mp3 files with more than 10MB and delete them using one single command.
# find / -type f -name *.mp3 -size +10M -exec ls -l {} \;
Find all empty files (zero byte file) in your home directory and its subdirectory
Most files of the following command output will be lock-files and place holders created by other applications.
# find ~ -empty
List all the empty files only in your home directory.
# find . -maxdepth 1 -empty
List only the non-hidden empty files only in the current directory.
# find . -maxdepth 1 -empty -not -name ".*"
Find all the files whose name is server.txt in a current working directory.
# find . -name server.txt
./server.txt
2. Find Files Under Home Directory
Find all the files under /home directory with name server.txt.
# find /home -name server.txt
/home/server.txt
3. Find Files Using Name and Ignoring Case
Find all the files whose name is server.txt and contains both capital and small letters in /home directory.
# find /home -iname server.txt
./server.txt
./server.txt
4. Find Directories Using Name
Find all directories whose name is server in / directory.
# find / -type d -name server
/server
5. Find PHP Files Using Name
Find all php files whose name is server.php in a current working directory.
# find . -type f -name server.php
./server.php
6. Find all PHP Files in Directory
Find all php files in a directory.
# find . -type f -name "*.php"
./server.php
./login.php
./index.php
Part II – Find Files Based on their Permissions
7. Find Files With 777 Permissions
Find all the files whose permissions are 777.
# find . -type f -perm 0777 -print
8. Find Files Without 777 Permissions
Find all the files without permission 777.
# find / -type f ! -perm 777
9. Find SGID Files with 644 Permissions
Find all the SGID bit files whose permissions set to 644.
# find / -perm 2644
10. Find Sticky Bit Files with 551 Permissions
Find all the Sticky Bit set files whose permission are 551.
# find / -perm 1551
11. Find SUID Files
Find all SUID set files.
# find / -perm /u=s
12. Find SGID Files
Find all SGID set files.
# find / -perm /g+s
13. Find Read Only Files
Find all Read Only files.
# find / -perm /u=r
14. Find Executable Files
Find all Executable files.
# find / -perm /a=x
15. Find Files with 777 Permissions and Chmod to 644
Find all 777 permission files and use chmod command to set permissions to 644.
# find / -type f -perm 0777 -print -exec chmod 644 {} \;
16. Find Directories with 777 Permissions and Chmod to 755
Find all 777 permission directories and use chmod command to set permissions to 755.
# find / -type d -perm 777 -print -exec chmod 755 {} \;
17. Find and remove single File
To find a single file called server.txt and remove it.
# find . -type f -name "server.txt" -exec rm -f {} \;
18. Find and remove Multiple File
To find and remove multiple files such as .mp3 or .txt, then use.
# find . -type f -name "*.txt" -exec rm -f {} \;
OR
# find . -type f -name "*.mp3" -exec rm -f {} \;
19. Find all Empty Files
To file all empty files under certain path.
# find /tmp -type f -empty
20. Find all Empty Directories
To file all empty directories under certain path.
# find /tmp -type d -empty
21. File all Hidden Files
To find all hidden files, use below command.
# find /tmp -type f -name ".*"
Part III – Search Files Based On Owners and Groups
22. Find Single File Based on User
To find all or single file called server.txt under /root directory of owner root.
# find / -user root -name server.txt
23. Find all Files Based on User
To find all files that belongs to user server under /home directory.
# find /home -user server
24. Find all Files Based on Group
To find all files that belongs to group Developer under /home directory.
# find /home -group developer
25. Find Particular Files of User
To find all .txt files of user server under /home directory.
# find /home -user server -iname "*.txt"
Part IV – Find Files and Directories Based on Date and Time
26. Find Last 50 Days Modified Files
To find all the files which are modified 50 days back.
# find / -mtime 50
27. Find Last 50 Days Accessed Files
To find all the files which are accessed 50 days back.
# find / -atime 50
28. Find Last 50-100 Days Modified Files
To find all the files which are modified more than 50 days back and less than 100 days.
# find / -mtime +50 –mtime -100
29. Find Changed Files in Last 1 Hour
To find all the files which are changed in last 1 hour.
# find / -cmin -60
30. Find Modified Files in Last 1 Hour
To find all the files which are modified in last 1 hour.
# find / -mmin -60
31. Find Accessed Files in Last 1 Hour
To find all the files which are accessed in last 1 hour.
# find / -amin -60
Part V – Find Files and Directories Based on Size
32. Find 50MB Files
To find all 50MB files, use.
# find / -size 50M
33. Find Size between 50MB – 100MB
To find all the files which are greater than 50MB and less than 100MB.
# find / -size +50M -size -100M
34. Find and Delete 100MB Files
To find all 100MB files and delete them using one single command.
# find / -size +100M -exec rm -rf {} \;
35. Find Specific Files and Delete
Find all .mp3 files with more than 10MB and delete them using one single command.
# find / -type f -name *.mp3 -size +10M -exec ls -l {} \;
Find all empty files (zero byte file) in your home directory and its subdirectory
Most files of the following command output will be lock-files and place holders created by other applications.
# find ~ -empty
List all the empty files only in your home directory.
# find . -maxdepth 1 -empty
List only the non-hidden empty files only in the current directory.
# find . -maxdepth 1 -empty -not -name ".*"
‘df‘ command stand for linux “disk filesystem“
Linux has a strong built in utility called ‘df‘. The ‘df‘ command stand for “disk filesystem“, it is used to get full summary of available and used disk space usage of file system on Linux system.
Using ‘-h‘ parameter with (df -h) will shows the file system disk space statistics in “human readable” format, means it gives the details in bytes, mega bytes and gigabyte.
How to Check Disk Space in Linux
Useful df Command Examples
This article explain a way to get the full information of Linux disk space usage with the help of ‘df‘ command with their practical examples. So, you could better understand the usage of df command in Linux.
1. Check File System Disk Space Usage
The “df” command displays the information of device name, total blocks, total disk space, used disk space, available disk space and mount points on a file system.
[root@tecmint ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23185840 51130588 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
2. Display Information of all File System Disk Space Usage
The same as above, but it also displays information of dummy file systems along with all the file system disk usage and their memory utilization.
[root@tecmint ~]# df -a
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23186116 51130312 32% /
proc 0 0 0 - /proc
sysfs 0 0 0 - /sys
devpts 0 0 0 - /dev/pts
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
none 0 0 0 - /proc/sys/fs/binfmt_misc
sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs
3. Show Disk Space Usage in Human Readable Format
Have you noticed that above commands displays information in bytes, which is not readable yet all, because we are in a habit of reading the sizes in megabytes, gigabytes etc. as it makes very easy to understand and remember.
The df command provides an option to display sizes in Human Readable formats by using ‘-h’ (prints the results in human readable format (e.g., 1K 2M 3G)).
[root@tecmint ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/cciss/c0d0p2 75G 23G 49G 32% /
/dev/cciss/c0d0p5 24G 22G 1.2G 95% /home
/dev/cciss/c0d0p3 29G 25G 2.6G 91% /data
/dev/cciss/c0d0p1 289M 22M 253M 8% /boot
tmpfs 252M 0 252M 0% /dev/shm
4. Display Information of /home File System
To see the information of only device /home file system in human readable format use the following command.
[root@tecmint ~]# df -hT /home
Filesystem Type Size Used Avail Use% Mounted on
/dev/cciss/c0d0p5 ext3 24G 22G 1.2G 95% /home
5. Display Information of File System in Bytes
To display all file system information and usage in 1024-byte blocks, use the option ‘-k‘ (e.g. –block-size=1K) as follows.
[root@tecmint ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23187212 51129216 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
6. Display Information of File System in MB
To display information of all file system usage in MB (Mega Byte) use the option as ‘-m‘.
[root@tecmint ~]# df -m
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 76525 22644 49931 32% /
/dev/cciss/c0d0p5 24217 21752 1215 95% /home
/dev/cciss/c0d0p3 29057 24907 2651 91% /data
/dev/cciss/c0d0p1 289 22 253 8% /boot
tmpfs 252 0 252 0% /dev/shm
7. Display Information of File System in GB
To display information of all file system statistics in GB (Gigabyte) use the option as ‘df -h‘.
[root@tecmint ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/cciss/c0d0p2 75G 23G 49G 32% /
/dev/cciss/c0d0p5 24G 22G 1.2G 95% /home
/dev/cciss/c0d0p3 29G 25G 2.6G 91% /data
/dev/cciss/c0d0p1 289M 22M 253M 8% /boot
tmpfs 252M 0 252M 0% /dev/shm
8. Display File System Inodes
Using ‘-i‘ switch will display the information of number of used inodes and their percentage for the file system.
[root@tecmint ~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/cciss/c0d0p2 20230848 133143 20097705 1% /
/dev/cciss/c0d0p5 6403712 798613 5605099 13% /home
/dev/cciss/c0d0p3 7685440 1388241 6297199 19% /data
/dev/cciss/c0d0p1 76304 40 76264 1% /boot
tmpfs 64369 1 64368 1% /dev/shm
9. Display File System Type
If you notice all the above commands output, you will see there is no file system type mentioned in the results. To check the file system type of your system use the option ‘T‘. It will display file system type along with other information.
[root@tecmint ~]# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 ext3 78361192 23188812 51127616 32% /
/dev/cciss/c0d0p5 ext3 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 ext3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 ext3 295561 21531 258770 8% /boot
tmpfs tmpfs 257476 0 257476 0% /dev/shm
10. Include Certain File System Type
If you want to display certain file system type use the ‘-t‘ option. For example, the following command will only display ext3 file system.
[root@tecmint ~]# df -t ext3
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23190072 51126356 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
11. Exclude Certain File System Type
If you want to display file system type that doesn’t belongs to ext3 type use the option as ‘-x‘. For example, the following command will only display other file systems types other than ext3.
[root@tecmint ~]# df -x ext3
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 257476 0 257476 0% /dev/shm
=====================
[root@tecmint ~]# df
[root@tecmint ~]# df -h
[root@tecmint ~]# df -a
[root@tecmint ~]# df -hT /home
[root@tecmint ~]# df -k
[root@tecmint ~]# df -m
[root@tecmint ~]# df -h
[root@tecmint ~]# df -i
[root@tecmint ~]# df -T
[root@tecmint ~]# df -t ext3
[root@tecmint ~]# df -x ext3
[root@tecmint ~]# df -aihT
=====================
Using ‘-h‘ parameter with (df -h) will shows the file system disk space statistics in “human readable” format, means it gives the details in bytes, mega bytes and gigabyte.
How to Check Disk Space in Linux
Useful df Command Examples
This article explain a way to get the full information of Linux disk space usage with the help of ‘df‘ command with their practical examples. So, you could better understand the usage of df command in Linux.
1. Check File System Disk Space Usage
The “df” command displays the information of device name, total blocks, total disk space, used disk space, available disk space and mount points on a file system.
[root@tecmint ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23185840 51130588 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
2. Display Information of all File System Disk Space Usage
The same as above, but it also displays information of dummy file systems along with all the file system disk usage and their memory utilization.
[root@tecmint ~]# df -a
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23186116 51130312 32% /
proc 0 0 0 - /proc
sysfs 0 0 0 - /sys
devpts 0 0 0 - /dev/pts
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
none 0 0 0 - /proc/sys/fs/binfmt_misc
sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs
3. Show Disk Space Usage in Human Readable Format
Have you noticed that above commands displays information in bytes, which is not readable yet all, because we are in a habit of reading the sizes in megabytes, gigabytes etc. as it makes very easy to understand and remember.
The df command provides an option to display sizes in Human Readable formats by using ‘-h’ (prints the results in human readable format (e.g., 1K 2M 3G)).
[root@tecmint ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/cciss/c0d0p2 75G 23G 49G 32% /
/dev/cciss/c0d0p5 24G 22G 1.2G 95% /home
/dev/cciss/c0d0p3 29G 25G 2.6G 91% /data
/dev/cciss/c0d0p1 289M 22M 253M 8% /boot
tmpfs 252M 0 252M 0% /dev/shm
4. Display Information of /home File System
To see the information of only device /home file system in human readable format use the following command.
[root@tecmint ~]# df -hT /home
Filesystem Type Size Used Avail Use% Mounted on
/dev/cciss/c0d0p5 ext3 24G 22G 1.2G 95% /home
5. Display Information of File System in Bytes
To display all file system information and usage in 1024-byte blocks, use the option ‘-k‘ (e.g. –block-size=1K) as follows.
[root@tecmint ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23187212 51129216 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
tmpfs 257476 0 257476 0% /dev/shm
6. Display Information of File System in MB
To display information of all file system usage in MB (Mega Byte) use the option as ‘-m‘.
[root@tecmint ~]# df -m
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 76525 22644 49931 32% /
/dev/cciss/c0d0p5 24217 21752 1215 95% /home
/dev/cciss/c0d0p3 29057 24907 2651 91% /data
/dev/cciss/c0d0p1 289 22 253 8% /boot
tmpfs 252 0 252 0% /dev/shm
7. Display Information of File System in GB
To display information of all file system statistics in GB (Gigabyte) use the option as ‘df -h‘.
[root@tecmint ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/cciss/c0d0p2 75G 23G 49G 32% /
/dev/cciss/c0d0p5 24G 22G 1.2G 95% /home
/dev/cciss/c0d0p3 29G 25G 2.6G 91% /data
/dev/cciss/c0d0p1 289M 22M 253M 8% /boot
tmpfs 252M 0 252M 0% /dev/shm
8. Display File System Inodes
Using ‘-i‘ switch will display the information of number of used inodes and their percentage for the file system.
[root@tecmint ~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/cciss/c0d0p2 20230848 133143 20097705 1% /
/dev/cciss/c0d0p5 6403712 798613 5605099 13% /home
/dev/cciss/c0d0p3 7685440 1388241 6297199 19% /data
/dev/cciss/c0d0p1 76304 40 76264 1% /boot
tmpfs 64369 1 64368 1% /dev/shm
9. Display File System Type
If you notice all the above commands output, you will see there is no file system type mentioned in the results. To check the file system type of your system use the option ‘T‘. It will display file system type along with other information.
[root@tecmint ~]# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 ext3 78361192 23188812 51127616 32% /
/dev/cciss/c0d0p5 ext3 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 ext3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 ext3 295561 21531 258770 8% /boot
tmpfs tmpfs 257476 0 257476 0% /dev/shm
10. Include Certain File System Type
If you want to display certain file system type use the ‘-t‘ option. For example, the following command will only display ext3 file system.
[root@tecmint ~]# df -t ext3
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p2 78361192 23190072 51126356 32% /
/dev/cciss/c0d0p5 24797380 22273432 1243972 95% /home
/dev/cciss/c0d0p3 29753588 25503792 2713984 91% /data
/dev/cciss/c0d0p1 295561 21531 258770 8% /boot
11. Exclude Certain File System Type
If you want to display file system type that doesn’t belongs to ext3 type use the option as ‘-x‘. For example, the following command will only display other file systems types other than ext3.
[root@tecmint ~]# df -x ext3
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 257476 0 257476 0% /dev/shm
=====================
[root@tecmint ~]# df
[root@tecmint ~]# df -h
[root@tecmint ~]# df -a
[root@tecmint ~]# df -hT /home
[root@tecmint ~]# df -k
[root@tecmint ~]# df -m
[root@tecmint ~]# df -h
[root@tecmint ~]# df -i
[root@tecmint ~]# df -T
[root@tecmint ~]# df -t ext3
[root@tecmint ~]# df -x ext3
[root@tecmint ~]# df -aihT
=====================
(Disk Usage) “du” is a standard Unix/Linux command
The Linux “du” (Disk Usage) is a standard Unix/Linux command, used to check the information of disk usage of files and directories on a machine. The du command has many parameter options that can be used to get the results in many formats. The du command also displays the files and directory sizes in a recursively manner.
Check Disk Usage In Linux
Check Disk Usage of Files and Folders In Linux
1. To find out the disk usage summary of a /home/server directory tree and each of its sub directories. Enter the command as:
[root@]# du /home/server
40 /home/server/downloads
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
12 /home/server/.ssh
689112 /home/server/Ubuntu-12.10
689360 /home/server
The output of the above command displays the number of disk blocks in the /home/server directory along with its sub-directories.
2. Using “-h” option with “du” command provides results in “Human Readable Format“. Means you can see sizes in Bytes, Kilobytes, Megabytes, Gigabytes etc.
[root@server]# du -h /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
3. To get the summary of a grand total disk usage size of an directory use the option “-s” as follows.
[root@server]# du -sh /home/server
674M /home/server
4. Using “-a” flag with “du” command displays the disk usage of all the files and directories.
[root@server]# du -a /home/server
4 /home/server/.bash_logout
12 /home/server/downloads/uploadprogress-1.0.3.1.tgz
24 /home/server/downloads/Phpfiles-org.tar.bz2
40 /home/server/downloads
12 /home/server/uploadprogress-1.0.3.1.tgz
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
4 /home/server/.bashrc
689108 /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
689112 /home/server/Ubuntu-12.10
689360 /home/server
5. Using “-a” flag along with “-h” displays disk usage of all files and folders in human readeable format. The below output is more easy to understand as it shows the files in Kilobytes, Megabytes etc.
[root@server]# du -ah /home/server
4.0K /home/server/.bash_logout
12K /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K /home/server/downloads/Phpfiles-org.tar.bz2
40K /home/server/downloads
12K /home/server/uploadprogress-1.0.3.1.tgz
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
4.0K /home/server/.bashrc
673M /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M /home/server/Ubuntu-12.10
674M /home/server
6. Find out the disk usage of a directory tree with its subtress in Kilobyte blcoks. Use the “-k” (displays size in 1024 bytes units).
[root@server]# du -k /home/server
40 /home/server/downloads
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
12 /home/server/.ssh
689112 /home/server/Ubuntu-12.10
689360 /home/server
7. To get the summary of disk usage of directory tree along with its subtrees in Megabytes (MB) only. Use the option “-mh” as follows. The “-m” flag counts the blocks in MB units and “-h” stands for human readable format.
[root@server]# du -mh /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
8. The “-c” flag provides a grand total usage disk space at the last line. If your directory taken 674MB space, then the last last two line of the output would be.
[root@server]# du -ch /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
674M total
9. The below command calculates and displays the disk usage of all files and directories, but excludes the files that matches given pattern. The below command excludes the “.txt” files while calculating the total size of diretory. So, this way you can exclude any file formats by using flag “-–exclude“. See the output there is no txt files entry.
[root@server]# du -ah --exclude="*.txt" /home/server
4.0K /home/server/.bash_logout
12K /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K /home/server/downloads/Phpfiles-org.tar.bz2
40K /home/server/downloads
12K /home/server/uploadprogress-1.0.3.1.tgz
4.0K /home/server/.bash_history
4.0K /home/server/.bash_profile
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
4.0K /home/server/.bashrc
24K /home/server/Phpfiles-org.tar.bz2
4.0K /home/server/geoipupdate.sh
4.0K /home/server/.zshrc
120K /home/server/goaccess-0.4.2.tar.gz.1
673M /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M /home/server/Ubuntu-12.10
674M /home/server
10. Display the disk usage based on modification of time, use the flag “–time” as shown below.
[root@server]# du -ha --time /home/server
4.0K 2012-10-12 22:32 /home/server/.bash_logout
12K 2013-01-19 18:48 /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K 2013-01-19 18:48 /home/server/downloads/Phpfiles-org.tar.bz2
40K 2013-01-19 18:48 /home/server/downloads
12K 2013-01-19 18:32 /home/server/uploadprogress-1.0.3.1.tgz
4.0K 2012-10-13 00:11 /home/server/.bash_history
4.0K 2012-10-12 22:32 /home/server/.bash_profile
0 2013-01-19 18:32 /home/server/xyz.txt
0 2013-01-19 18:32 /home/server/abc.txt
4.0K 2012-10-12 22:32 /home/server/.mozilla/plugins
4.0K 2012-10-12 22:32 /home/server/.mozilla/extensions
12K 2012-10-12 22:32 /home/server/.mozilla
4.0K 2012-10-12 22:32 /home/server/.bashrc
24K 2013-01-19 18:32 /home/server/Phpfiles-org.tar.bz2
4.0K 2013-01-19 18:32 /home/server/geoipupdate.sh
4.0K 2012-10-12 22:32 /home/server/.zshrc
120K 2013-01-19 18:32 /home/server/goaccess-0.4.2.tar.gz.1
673M 2013-01-19 18:51 /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M 2013-01-19 18:51 /home/server/Ubuntu-12.10
674M 2013-01-19 18:52 /home/server
=================
[root@server]# du /home/server
[root@server]# du -h /home/server
[root@server]# du -sh /home/server
[root@server]# du -a /home/server
[root@server]# du -ah /home/server
[root@server]# du -k /home/server
[root@server]# du -mh /home/server
[root@server]# du -ch /home/server
[root@server]# du -ah --exclude="*.txt" /home/server
[root@server]# du -ha --time /home/server
[root@server]# du -sach *
=================
Check Disk Usage In Linux
Check Disk Usage of Files and Folders In Linux
1. To find out the disk usage summary of a /home/server directory tree and each of its sub directories. Enter the command as:
[root@]# du /home/server
40 /home/server/downloads
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
12 /home/server/.ssh
689112 /home/server/Ubuntu-12.10
689360 /home/server
The output of the above command displays the number of disk blocks in the /home/server directory along with its sub-directories.
2. Using “-h” option with “du” command provides results in “Human Readable Format“. Means you can see sizes in Bytes, Kilobytes, Megabytes, Gigabytes etc.
[root@server]# du -h /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
3. To get the summary of a grand total disk usage size of an directory use the option “-s” as follows.
[root@server]# du -sh /home/server
674M /home/server
4. Using “-a” flag with “du” command displays the disk usage of all the files and directories.
[root@server]# du -a /home/server
4 /home/server/.bash_logout
12 /home/server/downloads/uploadprogress-1.0.3.1.tgz
24 /home/server/downloads/Phpfiles-org.tar.bz2
40 /home/server/downloads
12 /home/server/uploadprogress-1.0.3.1.tgz
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
4 /home/server/.bashrc
689108 /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
689112 /home/server/Ubuntu-12.10
689360 /home/server
5. Using “-a” flag along with “-h” displays disk usage of all files and folders in human readeable format. The below output is more easy to understand as it shows the files in Kilobytes, Megabytes etc.
[root@server]# du -ah /home/server
4.0K /home/server/.bash_logout
12K /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K /home/server/downloads/Phpfiles-org.tar.bz2
40K /home/server/downloads
12K /home/server/uploadprogress-1.0.3.1.tgz
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
4.0K /home/server/.bashrc
673M /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M /home/server/Ubuntu-12.10
674M /home/server
6. Find out the disk usage of a directory tree with its subtress in Kilobyte blcoks. Use the “-k” (displays size in 1024 bytes units).
[root@server]# du -k /home/server
40 /home/server/downloads
4 /home/server/.mozilla/plugins
4 /home/server/.mozilla/extensions
12 /home/server/.mozilla
12 /home/server/.ssh
689112 /home/server/Ubuntu-12.10
689360 /home/server
7. To get the summary of disk usage of directory tree along with its subtrees in Megabytes (MB) only. Use the option “-mh” as follows. The “-m” flag counts the blocks in MB units and “-h” stands for human readable format.
[root@server]# du -mh /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
8. The “-c” flag provides a grand total usage disk space at the last line. If your directory taken 674MB space, then the last last two line of the output would be.
[root@server]# du -ch /home/server
40K /home/server/downloads
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
12K /home/server/.ssh
673M /home/server/Ubuntu-12.10
674M /home/server
674M total
9. The below command calculates and displays the disk usage of all files and directories, but excludes the files that matches given pattern. The below command excludes the “.txt” files while calculating the total size of diretory. So, this way you can exclude any file formats by using flag “-–exclude“. See the output there is no txt files entry.
[root@server]# du -ah --exclude="*.txt" /home/server
4.0K /home/server/.bash_logout
12K /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K /home/server/downloads/Phpfiles-org.tar.bz2
40K /home/server/downloads
12K /home/server/uploadprogress-1.0.3.1.tgz
4.0K /home/server/.bash_history
4.0K /home/server/.bash_profile
4.0K /home/server/.mozilla/plugins
4.0K /home/server/.mozilla/extensions
12K /home/server/.mozilla
4.0K /home/server/.bashrc
24K /home/server/Phpfiles-org.tar.bz2
4.0K /home/server/geoipupdate.sh
4.0K /home/server/.zshrc
120K /home/server/goaccess-0.4.2.tar.gz.1
673M /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M /home/server/Ubuntu-12.10
674M /home/server
10. Display the disk usage based on modification of time, use the flag “–time” as shown below.
[root@server]# du -ha --time /home/server
4.0K 2012-10-12 22:32 /home/server/.bash_logout
12K 2013-01-19 18:48 /home/server/downloads/uploadprogress-1.0.3.1.tgz
24K 2013-01-19 18:48 /home/server/downloads/Phpfiles-org.tar.bz2
40K 2013-01-19 18:48 /home/server/downloads
12K 2013-01-19 18:32 /home/server/uploadprogress-1.0.3.1.tgz
4.0K 2012-10-13 00:11 /home/server/.bash_history
4.0K 2012-10-12 22:32 /home/server/.bash_profile
0 2013-01-19 18:32 /home/server/xyz.txt
0 2013-01-19 18:32 /home/server/abc.txt
4.0K 2012-10-12 22:32 /home/server/.mozilla/plugins
4.0K 2012-10-12 22:32 /home/server/.mozilla/extensions
12K 2012-10-12 22:32 /home/server/.mozilla
4.0K 2012-10-12 22:32 /home/server/.bashrc
24K 2013-01-19 18:32 /home/server/Phpfiles-org.tar.bz2
4.0K 2013-01-19 18:32 /home/server/geoipupdate.sh
4.0K 2012-10-12 22:32 /home/server/.zshrc
120K 2013-01-19 18:32 /home/server/goaccess-0.4.2.tar.gz.1
673M 2013-01-19 18:51 /home/server/Ubuntu-12.10/ubuntu-12.10-server-i386.iso
673M 2013-01-19 18:51 /home/server/Ubuntu-12.10
674M 2013-01-19 18:52 /home/server
=================
[root@server]# du /home/server
[root@server]# du -h /home/server
[root@server]# du -sh /home/server
[root@server]# du -a /home/server
[root@server]# du -ah /home/server
[root@server]# du -k /home/server
[root@server]# du -mh /home/server
[root@server]# du -ch /home/server
[root@server]# du -ah --exclude="*.txt" /home/server
[root@server]# du -ha --time /home/server
[root@server]# du -sach *
=================
Wednesday, January 9, 2013
Install / Compile Kernel 3.5
Install / Compile Kernel 3.5
Step 1: Installing Kernel 3.5 Dependencies
Let’s first install dependencies packages gcc, ncurses and then update the system.
# yum install gcc ncurses ncurses-devel
# yum update
Step 2: Downloading Kernel 3.5 Source
# cd /tmp
# wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.5.tar.bz2
Step 3: Extracting Kernel 3.5 Source
Once the file is downloaded extract it under /usr/src/ directory by running the below command.
# tar -jxvf linux-3.5.tar.bz2 -C /usr/src/
# cd /usr/src/linux-3.5/
Step 4: Configuring Kernel 3.5 Source
For New Kernel Configuration
Now run the make menuconfig command to configure the Linux kernel. Once you execute the below command a pop up window appears with all the menus. Here you can select your new kernel configuration. If you unfamiliar with these menus, just hit ESC key to exit.
# make menuconfig
Step 5: Compiling Kernel 3.5
Next, type the make command to compile the Kernel 3.5. The compilation would take at least 30-40 minutes depends on your system configuration.
# make
Step 5: Installing Kernel 3.5
Once the compliation completes cleanly, now install the Kernel 3.5 in your Linux system. The below command will create files under /boot directory and also make a new kernel entry in your grub.conf file.
# make modules_install install
Step 6: Verifying Kernel 3.5
To verify newly installed Kernel just type the following command on the terminal.
# uname -r
That’s it. We hope this article will be much helpful to you all. If you’re facing any problems or difficulties while compiling or installing feel free to ask or post your questions using our comment form below.
Step 1: Installing Kernel 3.5 Dependencies
Let’s first install dependencies packages gcc, ncurses and then update the system.
# yum install gcc ncurses ncurses-devel
# yum update
Step 2: Downloading Kernel 3.5 Source
# cd /tmp
# wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.5.tar.bz2
Step 3: Extracting Kernel 3.5 Source
Once the file is downloaded extract it under /usr/src/ directory by running the below command.
# tar -jxvf linux-3.5.tar.bz2 -C /usr/src/
# cd /usr/src/linux-3.5/
Step 4: Configuring Kernel 3.5 Source
For New Kernel Configuration
Now run the make menuconfig command to configure the Linux kernel. Once you execute the below command a pop up window appears with all the menus. Here you can select your new kernel configuration. If you unfamiliar with these menus, just hit ESC key to exit.
# make menuconfig
Step 5: Compiling Kernel 3.5
Next, type the make command to compile the Kernel 3.5. The compilation would take at least 30-40 minutes depends on your system configuration.
# make
Step 5: Installing Kernel 3.5
Once the compliation completes cleanly, now install the Kernel 3.5 in your Linux system. The below command will create files under /boot directory and also make a new kernel entry in your grub.conf file.
# make modules_install install
Step 6: Verifying Kernel 3.5
To verify newly installed Kernel just type the following command on the terminal.
# uname -r
That’s it. We hope this article will be much helpful to you all. If you’re facing any problems or difficulties while compiling or installing feel free to ask or post your questions using our comment form below.
Friday, January 4, 2013
Linux Directory Structure
Linux filesystem structures and understand the meaning of individual high-level directories.
1. / – Root
Every single file and directory starts from the root directory.
Only root user has write privilege under this directory.
Please note that /root is root user’s home directory, which is not same as /.
2. /bin – User Binaries
Contains binary executables.
Common linux commands you need to use in single-user modes are located under this directory.
Commands used by all the users of the system are located here.
For example: ps, ls, ping, grep, cp.
3. /sbin – System Binaries
Just like /bin, /sbin also contains binary executables.
But, the linux commands located under this directory are used typically by system aministrator, for system maintenance purpose.
For example: iptables, reboot, fdisk, ifconfig, swapon
4. /etc – Configuration Files
Contains configuration files required by all programs.
This also contains startup and shutdown shell scripts used to start/stop individual programs.
For example: /etc/resolv.conf, /etc/logrotate.conf
5. /dev – Device Files
Contains device files.
These include terminal devices, usb, or any device attached to the system.
For example: /dev/tty1, /dev/usbmon0
6. /proc – Process Information
Contains information about system process.
This is a pseudo filesystem contains information about running process. For example: /proc/{pid} directory contains information about the process with that particular pid.
This is a virtual filesystem with text information about system resources. For example: /proc/uptime
7. /var – Variable Files
var stands for variable files.
Content of the files that are expected to grow can be found under this directory.
This includes — system log files (/var/log); packages and database files (/var/lib); emails (/var/mail); print queues (/var/spool); lock files (/var/lock); temp files needed across reboots (/var/tmp);
8. /tmp – Temporary Files
Directory that contains temporary files created by system and users.
Files under this directory are deleted when system is rebooted.
9. /usr – User Programs
Contains binaries, libraries, documentation, and source-code for second level programs.
/usr/bin contains binary files for user programs. If you can’t find a user binary under /bin, look under /usr/bin. For example: at, awk, cc, less, scp
/usr/sbin contains binary files for system administrators. If you can’t find a system binary under /sbin, look under /usr/sbin. For example: atd, cron, sshd, useradd, userdel
/usr/lib contains libraries for /usr/bin and /usr/sbin
/usr/local contains users programs that you install from source. For example, when you install apache from source, it goes under /usr/local/apache2
10. /home – Home Directories
Home directories for all users to store their personal files.
For example: /home/john, /home/nikita
11. /boot – Boot Loader Files
Contains boot loader related files.
Kernel initrd, vmlinux, grub files are located under /boot
For example: initrd.img-2.6.32-24-generic, vmlinuz-2.6.32-24-generic
12. /lib – System Libraries
Contains library files that supports the binaries located under /bin and /sbin
Library filenames are either ld* or lib*.so.*
For example: ld-2.11.1.so, libncurses.so.5.7
13. /opt – Optional add-on Applications
opt stands for optional.
Contains add-on applications from individual vendors.
add-on applications should be installed under either /opt/ or /opt/ sub-directory.
14. /mnt – Mount Directory
Temporary mount directory where sysadmins can mount filesystems.
15. /media – Removable Media Devices
Temporary mount directory for removable devices.
For examples, /media/cdrom for CD-ROM; /media/floppy for floppy drives; /media/cdrecorder for CD writer
16. /srv – Service Data
srv stands for service.
Contains server specific services related data.
For example, /srv/cvs contains CVS related data.
1. / – Root
Every single file and directory starts from the root directory.
Only root user has write privilege under this directory.
Please note that /root is root user’s home directory, which is not same as /.
2. /bin – User Binaries
Contains binary executables.
Common linux commands you need to use in single-user modes are located under this directory.
Commands used by all the users of the system are located here.
For example: ps, ls, ping, grep, cp.
3. /sbin – System Binaries
Just like /bin, /sbin also contains binary executables.
But, the linux commands located under this directory are used typically by system aministrator, for system maintenance purpose.
For example: iptables, reboot, fdisk, ifconfig, swapon
4. /etc – Configuration Files
Contains configuration files required by all programs.
This also contains startup and shutdown shell scripts used to start/stop individual programs.
For example: /etc/resolv.conf, /etc/logrotate.conf
5. /dev – Device Files
Contains device files.
These include terminal devices, usb, or any device attached to the system.
For example: /dev/tty1, /dev/usbmon0
6. /proc – Process Information
Contains information about system process.
This is a pseudo filesystem contains information about running process. For example: /proc/{pid} directory contains information about the process with that particular pid.
This is a virtual filesystem with text information about system resources. For example: /proc/uptime
7. /var – Variable Files
var stands for variable files.
Content of the files that are expected to grow can be found under this directory.
This includes — system log files (/var/log); packages and database files (/var/lib); emails (/var/mail); print queues (/var/spool); lock files (/var/lock); temp files needed across reboots (/var/tmp);
8. /tmp – Temporary Files
Directory that contains temporary files created by system and users.
Files under this directory are deleted when system is rebooted.
9. /usr – User Programs
Contains binaries, libraries, documentation, and source-code for second level programs.
/usr/bin contains binary files for user programs. If you can’t find a user binary under /bin, look under /usr/bin. For example: at, awk, cc, less, scp
/usr/sbin contains binary files for system administrators. If you can’t find a system binary under /sbin, look under /usr/sbin. For example: atd, cron, sshd, useradd, userdel
/usr/lib contains libraries for /usr/bin and /usr/sbin
/usr/local contains users programs that you install from source. For example, when you install apache from source, it goes under /usr/local/apache2
10. /home – Home Directories
Home directories for all users to store their personal files.
For example: /home/john, /home/nikita
11. /boot – Boot Loader Files
Contains boot loader related files.
Kernel initrd, vmlinux, grub files are located under /boot
For example: initrd.img-2.6.32-24-generic, vmlinuz-2.6.32-24-generic
12. /lib – System Libraries
Contains library files that supports the binaries located under /bin and /sbin
Library filenames are either ld* or lib*.so.*
For example: ld-2.11.1.so, libncurses.so.5.7
13. /opt – Optional add-on Applications
opt stands for optional.
Contains add-on applications from individual vendors.
add-on applications should be installed under either /opt/ or /opt/ sub-directory.
14. /mnt – Mount Directory
Temporary mount directory where sysadmins can mount filesystems.
15. /media – Removable Media Devices
Temporary mount directory for removable devices.
For examples, /media/cdrom for CD-ROM; /media/floppy for floppy drives; /media/cdrecorder for CD writer
16. /srv – Service Data
srv stands for service.
Contains server specific services related data.
For example, /srv/cvs contains CVS related data.
Friday, December 28, 2012
MySQL- basic commands in Mysql
To login from unix shell.
[mysql dir]/bin/mysql -h hostname -u root -p
*Note: use -h only if needed.
Create, List, Use and Delete Databases Commands
create database
This command is used to create a Database on the sql server..
Syntax: create [db name];
Eg:
create employees;
show databases
This command id used to list all databases on the sql server.
Syntax: show databases;
use database
This command is used to switch to a database.
Syntax: use [db name];
drop database
This command is used to delete a database.
Syntax: drop [db name];
Creating tables and working with MySQL
create tabe
This command is used to create tables in a database.
Eg:
CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups
VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));
show tables
This command is see all the tables in the database.
describe table
To see database's field formats.
describe [table name];
drop table
To delete a table.
drop table [table name];
Show all data in a table.
SELECT * FROM [table name];
Returns the columns and column information pertaining to the designated table.
show columns from [table name];
Show certain selected rows with the value "something".
SELECT * FROM [table name] WHERE [field name] = "something";
Show all records containing the name "Telson" AND the phone number '2255'.
SELECT * FROM [table name] WHERE name = "Telson" AND phone_number = '2255';
Show all records not containing the name "Telson" AND the phone number '2255' order by the phone_number field.
SELECT * FROM [table name] WHERE name != "Telson" AND phone_number = '2255' order by phone_number;
Show all records starting with the letters 'Tel' AND the phone number '2255'.
SELECT * FROM [table name] WHERE name like "Tel%" AND phone_number = '2255';
Use a regular expression to find records. Use "REGEXP BINARY" to force case-sensitivity. This finds any record beginning with a.
SELECT * FROM [table name] WHERE rec RLIKE "^a$";
Show unique records.
SELECT DISTINCT [column name] FROM [table name];
Show selected records sorted in an ascending (asc) or descending (desc).
SELECT [column1],[column2] FROM [table name] ORDER BY [column2] DESC;
Return number of rows.
SELECT COUNT(*) FROM [table name];
Sum column.
SELECT SUM(*) FROM [table name];
Join tables on common columns.
select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Creating Mysql databse Users and changing Password
Switch to the mysql db.
Create a new user.
INSERT INTO [table name] (Host,User,Password) VALUES('%','user',PASSWORD('password'));
Change a users password.(from unix shell).
[mysql dir] mysqladmin -u root -h hostname.blah.org -p password 'new-password'
Change a users password.(from MySQL prompt).
SET PASSWORD FOR 'user'@'hostname' = PASSWORD('passwordhere');
Allow the user "telson" to connect to the server from localhost using the password "passwd"
grant usage on *.* to telson@localhost identified by 'passwd';
Switch to mysql db.
Give user privilages for a db.
INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('%','databasename','username','Y','Y','Y','Y','Y','N');
or
grant all privileges on databasename.* to username@localhost;
Modifying and Updating tables in MySQL
To update info already in a table.
UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y',Update_priv = 'Y' where [field name] = 'user'; Delete a row(s) from a table.
DELETE from [table name] where [field name] = 'something';
Update database permissions/privilages.
FLUSH PRIVILEGES;
Delete a column.
alter table [table name] drop column [column name];
Add a new column to db.
alter table [table name] add column [new column name] varchar (20);
Change column name.
alter table [table name] change [old column name] [new column name] varchar (50);
Make a unique column so you get no dupes.
alter table [table name] add unique ([column name]);
Make a column bigger.
alter table [table name] modify [column name] VARCHAR(4);
Delete unique from table.
alter table [table name] drop index [colmn name];
Load a CSV file into a table.
LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Creating MySQL Database backup's and Restoring Databases
Dump all databases for backup. Backup file is sql commands to recreate all db's.
[mysql dir] mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql
Dump one database for backup.
[mysql dir] mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql
Dump a table from a database.
[mysql dir] mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql
Restore database (or database table) from backup.
[mysql dir] mysql -u username -ppassword databasename < /tmp/databasename.sql
[mysql dir]/bin/mysql -h hostname -u root -p
*Note: use -h only if needed.
Create, List, Use and Delete Databases Commands
create database
This command is used to create a Database on the sql server..
Syntax: create [db name];
Eg:
create employees;
show databases
This command id used to list all databases on the sql server.
Syntax: show databases;
use database
This command is used to switch to a database.
Syntax: use [db name];
drop database
This command is used to delete a database.
Syntax: drop [db name];
Creating tables and working with MySQL
create tabe
This command is used to create tables in a database.
Eg:
CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups
VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));
show tables
This command is see all the tables in the database.
describe table
To see database's field formats.
describe [table name];
drop table
To delete a table.
drop table [table name];
Show all data in a table.
SELECT * FROM [table name];
Returns the columns and column information pertaining to the designated table.
show columns from [table name];
Show certain selected rows with the value "something".
SELECT * FROM [table name] WHERE [field name] = "something";
Show all records containing the name "Telson" AND the phone number '2255'.
SELECT * FROM [table name] WHERE name = "Telson" AND phone_number = '2255';
Show all records not containing the name "Telson" AND the phone number '2255' order by the phone_number field.
SELECT * FROM [table name] WHERE name != "Telson" AND phone_number = '2255' order by phone_number;
Show all records starting with the letters 'Tel' AND the phone number '2255'.
SELECT * FROM [table name] WHERE name like "Tel%" AND phone_number = '2255';
Use a regular expression to find records. Use "REGEXP BINARY" to force case-sensitivity. This finds any record beginning with a.
SELECT * FROM [table name] WHERE rec RLIKE "^a$";
Show unique records.
SELECT DISTINCT [column name] FROM [table name];
Show selected records sorted in an ascending (asc) or descending (desc).
SELECT [column1],[column2] FROM [table name] ORDER BY [column2] DESC;
Return number of rows.
SELECT COUNT(*) FROM [table name];
Sum column.
SELECT SUM(*) FROM [table name];
Join tables on common columns.
select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Creating Mysql databse Users and changing Password
Switch to the mysql db.
Create a new user.
INSERT INTO [table name] (Host,User,Password) VALUES('%','user',PASSWORD('password'));
Change a users password.(from unix shell).
[mysql dir] mysqladmin -u root -h hostname.blah.org -p password 'new-password'
Change a users password.(from MySQL prompt).
SET PASSWORD FOR 'user'@'hostname' = PASSWORD('passwordhere');
Allow the user "telson" to connect to the server from localhost using the password "passwd"
grant usage on *.* to telson@localhost identified by 'passwd';
Switch to mysql db.
Give user privilages for a db.
INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('%','databasename','username','Y','Y','Y','Y','Y','N');
or
grant all privileges on databasename.* to username@localhost;
Modifying and Updating tables in MySQL
To update info already in a table.
UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y',Update_priv = 'Y' where [field name] = 'user'; Delete a row(s) from a table.
DELETE from [table name] where [field name] = 'something';
Update database permissions/privilages.
FLUSH PRIVILEGES;
Delete a column.
alter table [table name] drop column [column name];
Add a new column to db.
alter table [table name] add column [new column name] varchar (20);
Change column name.
alter table [table name] change [old column name] [new column name] varchar (50);
Make a unique column so you get no dupes.
alter table [table name] add unique ([column name]);
Make a column bigger.
alter table [table name] modify [column name] VARCHAR(4);
Delete unique from table.
alter table [table name] drop index [colmn name];
Load a CSV file into a table.
LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Creating MySQL Database backup's and Restoring Databases
Dump all databases for backup. Backup file is sql commands to recreate all db's.
[mysql dir] mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql
Dump one database for backup.
[mysql dir] mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql
Dump a table from a database.
[mysql dir] mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql
Restore database (or database table) from backup.
[mysql dir] mysql -u username -ppassword databasename < /tmp/databasename.sql
Saturday, December 22, 2012
EXIM -- MTA
Exim
=====
Conf : /etc/exim.conf - exim main configuration file
/etc/localdomains - list of domains allowed to relay mail
Log : /var/log/exim_mainlog - incoming/outgoing mails are logged here
/var/log/exim_rejectlog - exim rejected mails are reported here
/var/log/exim_paniclog - exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim - /scripts/restartsrv_exim
Email forwarders and catchall address file - /etc/valiases/domainname.com
Email filters file - /etc/vfilters/domainname.com
POP user authentication file - /home/username/etc/domainname/passwd
catchall inbox - /home/username/mail/inbox
POP user inbox - /home/username/mail/domainname/popusername/inbox
POP user spambox - /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid - -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
force exim up : /scripts/eximup --force
Log file is located at /var/log/exim4/mainlog
Count the number of messages in the queue.
root@localhost# exim -bpc
Listing the messages in the queue (time queued, size, message-id, sender, recipient).
root@localhost# exim -bp
Search the queue for messages from a specific sender.
root@localhost# exiqgrep -f [luser]@domain
Search the queue for messages for a specific recipient/domain.
root@localhost# exiqgrep -r [luser]@domain
Print messages older than the specified number of seconds.
Eg: messages older than 1 hour.
root@localhost# exiqgrep -o 3600 [...]
Print messages younger than the specified number of seconds.
Eg: messages less than an hour old.
root@localhost# exiqgrep -y 3600 [...]
Match the size of a message with a regex. Eg: Messages between 500-599 bytes.
root@localhost# exiqgrep -s '^5..$' [...]
Print just the message-id of the entire queue.
root@localhost# exiqgrep -i
Remove a message from the queue.
root@localhost# exim -Mrm <message-id> [ <message-id> ... ]
Freeze a message.
root@localhost# exim -Mf <message-id> [ <message-id> ... ]
View a message's logs.
root@localhost# exim -Mvl <message-id>
========================
Remove all frozen messages.
root@localhost# exiqgrep -z -i | xargs exim -Mrm
there can be lot of frozen messages in the queue which are not delivered most probabalt spammed messages the script deletes them
exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm
Remove all messages older than five days (86400 * 2 = 172800 seconds).
root@localhost# exiqgrep -o 172800 -i | xargs exim -Mrm
Remove all messages latest five days (86400 * 2 = 172800 seconds).
root@localhost# exiqgrep -y 172800 -i | xargs exim -Mrm
Freeze all queued mail from a given sender.
root@localhost# exiqgrep -i -f user@example.com | xargs exim -Mf
To remove all messages from the queue, enter:
===================================================================
grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
Command to send all the emails in the mail queue
===================================================================
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M
=========================
Send a test message send "content" | mail -s "subject" user@example.com
Send a message without "send": echo "body" | mail -s "subject" user@example.com
==========================
##############################################################
Troubleshoot Spamming#########################################
##############################################################
Get details of scripts that are used to send out spam emails :
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i teststats
Script to know the mail count by various accounts
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
The number of mails by a domain
exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l
1)Issue this command: ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.
2)Issue this command: eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.
3)Issue this command: exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.
4)Issue this command: netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.
5)In order to find “nobody” spamming, issue the following command
ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n
It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)
The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n
This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test
Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)
Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.
exim -bp
exim -bpr | exiqsumm -c | head
Then,
exiqgrep -ir | xargs -n1 exim -Mrm
================================
=====
Conf : /etc/exim.conf - exim main configuration file
/etc/localdomains - list of domains allowed to relay mail
Log : /var/log/exim_mainlog - incoming/outgoing mails are logged here
/var/log/exim_rejectlog - exim rejected mails are reported here
/var/log/exim_paniclog - exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim - /scripts/restartsrv_exim
Email forwarders and catchall address file - /etc/valiases/domainname.com
Email filters file - /etc/vfilters/domainname.com
POP user authentication file - /home/username/etc/domainname/passwd
catchall inbox - /home/username/mail/inbox
POP user inbox - /home/username/mail/domainname/popusername/inbox
POP user spambox - /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid - -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
force exim up : /scripts/eximup --force
Log file is located at /var/log/exim4/mainlog
Count the number of messages in the queue.
root@localhost# exim -bpc
Listing the messages in the queue (time queued, size, message-id, sender, recipient).
root@localhost# exim -bp
Search the queue for messages from a specific sender.
root@localhost# exiqgrep -f [luser]@domain
Search the queue for messages for a specific recipient/domain.
root@localhost# exiqgrep -r [luser]@domain
Print messages older than the specified number of seconds.
Eg: messages older than 1 hour.
root@localhost# exiqgrep -o 3600 [...]
Print messages younger than the specified number of seconds.
Eg: messages less than an hour old.
root@localhost# exiqgrep -y 3600 [...]
Match the size of a message with a regex. Eg: Messages between 500-599 bytes.
root@localhost# exiqgrep -s '^5..$' [...]
Print just the message-id of the entire queue.
root@localhost# exiqgrep -i
Remove a message from the queue.
root@localhost# exim -Mrm <message-id> [ <message-id> ... ]
Freeze a message.
root@localhost# exim -Mf <message-id> [ <message-id> ... ]
View a message's logs.
root@localhost# exim -Mvl <message-id>
========================
Remove all frozen messages.
root@localhost# exiqgrep -z -i | xargs exim -Mrm
there can be lot of frozen messages in the queue which are not delivered most probabalt spammed messages the script deletes them
exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm
Remove all messages older than five days (86400 * 2 = 172800 seconds).
root@localhost# exiqgrep -o 172800 -i | xargs exim -Mrm
Remove all messages latest five days (86400 * 2 = 172800 seconds).
root@localhost# exiqgrep -y 172800 -i | xargs exim -Mrm
Freeze all queued mail from a given sender.
root@localhost# exiqgrep -i -f user@example.com | xargs exim -Mf
To remove all messages from the queue, enter:
===================================================================
grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
Command to send all the emails in the mail queue
===================================================================
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M
=========================
Send a test message send "content" | mail -s "subject" user@example.com
Send a message without "send": echo "body" | mail -s "subject" user@example.com
==========================
##############################################################
Troubleshoot Spamming#########################################
##############################################################
Get details of scripts that are used to send out spam emails :
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i teststats
Script to know the mail count by various accounts
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
The number of mails by a domain
exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l
1)Issue this command: ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.
2)Issue this command: eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.
3)Issue this command: exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.
4)Issue this command: netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.
5)In order to find “nobody” spamming, issue the following command
ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n
It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)
The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n
This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test
Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)
Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.
exim -bp
exim -bpr | exiqsumm -c | head
Then,
exiqgrep -ir | xargs -n1 exim -Mrm
================================
Thursday, November 29, 2012
Config-Server-Firewall
Installing CSF---config-server-firewall
Downloading the Packages
--------------->wget http://www.configserver.com/free/csf.tgz
--------------->tar zxvf csf.tgz
--------------->cd csf
This is where the paths diverge: cPanel server, or non-cPanel server.
--------------->./install.cpanel.sh
If you are running a non-cpanel redhat server:
--------------->./install.sh
---------------> /etc/init.d/csf restart
First run following command that you have all the required iptables modules available for running CSF full. Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors
[root@desk csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
RESULT: csf should function on this server
Looks 100% OK.
Here are the most common commands you will be using:
csf -d IPADDRESS will deny an IP.
csf -a IPADDRESS will allow an IP.
csf -r will reload all rules.
-dr, --denyrm ip Remove and unblock an IP address in /etc/csf.deny
-t, --temp Displays the current list of temporary IP bans and their TTL
-tr, --temprm ip Remove an IP address from the temporary IP ban list
---------------------------
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "1"
Edit the last line of that block of text so that it reflects testing being disabled:
TESTING = "0"
Finally, restart CSF:
---------------------------
More about csf
##############################
Now edit the /etc/csf/csf.conf
Put your all ports which you want to be open on your server for incoming traffic seperated by comma.
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995″
Also open any port you want for outgoing traffic
TCP_OUT = “20,21,22,25,53,80,110,113,443″
Same goes for UDP_IN and UDP_OUT, be remember if you are running DNS service, so you have to open port 53 in UDP_IN as DNS port 53 runs on udp rather than tcp
UDP_IN = “20,21,53″
To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,33434:33523″
#############################
SYNFLOOD protection is already enabled and if you want to change the RATE or BURST value you can use following lines to match your traffic.
SYNFLOOD = “0″
SYNFLOOD_RATE = “100/s”
SYNFLOOD_BURST = “150″
currently the RATE is 100/s and BURST can upto 150. This can be varry from server to server.
i.e. if 100 connections are received from an IP/sec for 150 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
############################
Search for “PORTFLOOD”
PORTFLOOD = “80;tcp;20;300″
This rule will block IPs that connects to port 80 via TCP more than 20 times within 300 seconds. Once the attack is normal then remove this rule from the csf firewall.
############################
# To disable this feature, set this to 0
CT_LIMIT = Default: 50 (means 50 connections per ip address)
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
CT_INTERVAL = Default: 30
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = Default: 1
# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared after CT_BLOCK_TIME seconds
CT_PERMANENT = Default: 0
# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = Default: 1800
# If you don’t want to count the TIME_WAIT state against the connection count
# then set the following to “1″
CT_SKIP_TIME_WAIT = Default: 0
# If you only want to count specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. “SYN_RECV,TIME_WAIT”
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES =
# If you only want to count specific ports (e.g. 80,443) then add the ports
# to the following as a comma separated list. E.g. “80,443″
#
# Leave this option empty to count all ports against CT_LIMIT
CT_PORTS = 80,443
############################
CONNLIMIT is a comma separated list of:
port;limit
So, a setting of CONNLIMIT = "22;5,80;20" means:
1. Only allow up to 5 concurrent new connections to port 22 per IP address
2. Only allow up to 20 concurrent new connections to port 80 per IP address
Note: Existing connections are not included in the count, only new SYN packets,
i.e. new connections
############################
If you want to add some spam protection, CSF can help. Look in the configuration for the following:
LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.
LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.
Define email address to which you need to get alerts and define email address to which you want to get.
LF_ALERT_TO = “snipped@google.com”
LF_ALERT_FROM = “csf@google.com”
###########################
Downloading the Packages
--------------->wget http://www.configserver.com/free/csf.tgz
--------------->tar zxvf csf.tgz
--------------->cd csf
This is where the paths diverge: cPanel server, or non-cPanel server.
--------------->./install.cpanel.sh
If you are running a non-cpanel redhat server:
--------------->./install.sh
---------------> /etc/init.d/csf restart
First run following command that you have all the required iptables modules available for running CSF full. Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors
[root@desk csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
RESULT: csf should function on this server
Looks 100% OK.
Here are the most common commands you will be using:
csf -d IPADDRESS will deny an IP.
csf -a IPADDRESS will allow an IP.
csf -r will reload all rules.
-dr, --denyrm ip Remove and unblock an IP address in /etc/csf.deny
-t, --temp Displays the current list of temporary IP bans and their TTL
-tr, --temprm ip Remove an IP address from the temporary IP ban list
---------------------------
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "1"
Edit the last line of that block of text so that it reflects testing being disabled:
TESTING = "0"
Finally, restart CSF:
---------------------------
More about csf
##############################
Now edit the /etc/csf/csf.conf
Put your all ports which you want to be open on your server for incoming traffic seperated by comma.
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995″
Also open any port you want for outgoing traffic
TCP_OUT = “20,21,22,25,53,80,110,113,443″
Same goes for UDP_IN and UDP_OUT, be remember if you are running DNS service, so you have to open port 53 in UDP_IN as DNS port 53 runs on udp rather than tcp
UDP_IN = “20,21,53″
To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,33434:33523″
#############################
SYNFLOOD protection is already enabled and if you want to change the RATE or BURST value you can use following lines to match your traffic.
SYNFLOOD = “0″
SYNFLOOD_RATE = “100/s”
SYNFLOOD_BURST = “150″
currently the RATE is 100/s and BURST can upto 150. This can be varry from server to server.
i.e. if 100 connections are received from an IP/sec for 150 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
############################
Search for “PORTFLOOD”
PORTFLOOD = “80;tcp;20;300″
This rule will block IPs that connects to port 80 via TCP more than 20 times within 300 seconds. Once the attack is normal then remove this rule from the csf firewall.
############################
# To disable this feature, set this to 0
CT_LIMIT = Default: 50 (means 50 connections per ip address)
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
CT_INTERVAL = Default: 30
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = Default: 1
# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared after CT_BLOCK_TIME seconds
CT_PERMANENT = Default: 0
# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = Default: 1800
# If you don’t want to count the TIME_WAIT state against the connection count
# then set the following to “1″
CT_SKIP_TIME_WAIT = Default: 0
# If you only want to count specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. “SYN_RECV,TIME_WAIT”
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES =
# If you only want to count specific ports (e.g. 80,443) then add the ports
# to the following as a comma separated list. E.g. “80,443″
#
# Leave this option empty to count all ports against CT_LIMIT
CT_PORTS = 80,443
############################
CONNLIMIT is a comma separated list of:
port;limit
So, a setting of CONNLIMIT = "22;5,80;20" means:
1. Only allow up to 5 concurrent new connections to port 22 per IP address
2. Only allow up to 20 concurrent new connections to port 80 per IP address
Note: Existing connections are not included in the count, only new SYN packets,
i.e. new connections
############################
If you want to add some spam protection, CSF can help. Look in the configuration for the following:
LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.
LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.
Define email address to which you need to get alerts and define email address to which you want to get.
LF_ALERT_TO = “snipped@google.com”
LF_ALERT_FROM = “csf@google.com”
###########################
Gstreamer-ffmpeg Packages for rhel
1. Download the latest atrpms-repo rpm from
http://dl.atrpms.net/el6-x86_64/atrpms/stable/
2. Install atrpms-repo rpm:
# rpm -Uvh atrpms-repo*rpm
3. Install gstreamer-ffmpeg rpm package:
# yum install gstreamer-ffmpeg
[fusion]
name=fusion
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/
enabled=1
gpgcheck=0
[atrpms]
name=atrpms
baseurl=http://dl.atrpms.net/el6-x86_64/atrpms/stable/
enabled=1
gpgcheck=0
http://dl.atrpms.net/el6-x86_64/atrpms/stable/
2. Install atrpms-repo rpm:
# rpm -Uvh atrpms-repo*rpm
3. Install gstreamer-ffmpeg rpm package:
# yum install gstreamer-ffmpeg
[fusion]
name=fusion
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/
enabled=1
gpgcheck=0
[atrpms]
name=atrpms
baseurl=http://dl.atrpms.net/el6-x86_64/atrpms/stable/
enabled=1
gpgcheck=0
Tuesday, November 27, 2012
Creating a Certificate Authority OR Self Signing
To create the private Certificate Authority we could make one as below..
How the whole thing works
1.First create Certificate Authority with needed credentials as per needed certificate details.To sign a certificate signing request the authority must have a certificate with same credentials as that of certificate signing request . so after configuring /etc/pki/tls/openssl.cnf with needed credential we need to create a private key and a certificate in the certificate authority
2.create the private key and certificate signing request at client side as per needed credential.
3.scp the certificate signing request csr from the client to the server which is the certificate authority and sign the csr with the certificate authority and get the certificate and send the certificate back to client
Signing of the certificate will be successful only if the the credentials in the certificate authorities certificate and that in certificate signing request matches
Packages needed are openssl*
1.
In server where we need to create the certificate authority
cd /etc/pki/tls/openssl.cnf
In that file we need to change the following as per out need
#######
dir = /etc/pki/CA ----------------------> root directory of Certificate authority
certificate = $dir/my-ca.crt ------------------> Certificate of the CA which is used to check against the csr
crl = $dir/crl.pem ------------------> certificate revocation list if the certificate is compromised
private_key = $dir/private/my-ca.key -----------> private key of Certificate authority used to create the CA's certificate
#######Basic Credentials that should be same in both csr and the certificate in CA
stateOrProvinceName_default = North Carolina
localityName_default = Raleigh
0.organizationName_default = Example, Inc.
#######There are more credentials which are used in certificate creation
#######Make the needed directories in CA
mkdir /etc/pki/CA/{cert,crl,newcerts}
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
NOW Creating the CA's private key and CERTIFICATE in corresponding places
cd /etc/pki/CA
openssl genrsa -out private/my-ca.key -des3 2048
openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt
2.
Creating privet key and Certificate Signing Request at client side
Creating private key
openssl genrsa -out private.key -des3 2048
Creating certificate sigining request with private key
openssl req -new -key private.key -out certificate.csr
here you will be asked for needed credentials ..Remember if the credentials are different in csr and ca the signing will be failure
3
With certificate.csr in Certificate Authority server we can sign the certificate
openssl ca -in certificatecsr.csr -out certificate.crt
here the ca implies that it will use the configuration from /etc/pki/tls/openssl.cnf to sign the signing request.
Or the other way is to self sign as follow after creating the private key and csr we could do self signing as follows
openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt
How the whole thing works
1.First create Certificate Authority with needed credentials as per needed certificate details.To sign a certificate signing request the authority must have a certificate with same credentials as that of certificate signing request . so after configuring /etc/pki/tls/openssl.cnf with needed credential we need to create a private key and a certificate in the certificate authority
2.create the private key and certificate signing request at client side as per needed credential.
3.scp the certificate signing request csr from the client to the server which is the certificate authority and sign the csr with the certificate authority and get the certificate and send the certificate back to client
Signing of the certificate will be successful only if the the credentials in the certificate authorities certificate and that in certificate signing request matches
Packages needed are openssl*
1.
In server where we need to create the certificate authority
cd /etc/pki/tls/openssl.cnf
In that file we need to change the following as per out need
#######
dir = /etc/pki/CA ----------------------> root directory of Certificate authority
certificate = $dir/my-ca.crt ------------------> Certificate of the CA which is used to check against the csr
crl = $dir/crl.pem ------------------> certificate revocation list if the certificate is compromised
private_key = $dir/private/my-ca.key -----------> private key of Certificate authority used to create the CA's certificate
#######Basic Credentials that should be same in both csr and the certificate in CA
stateOrProvinceName_default = North Carolina
localityName_default = Raleigh
0.organizationName_default = Example, Inc.
#######There are more credentials which are used in certificate creation
#######Make the needed directories in CA
mkdir /etc/pki/CA/{cert,crl,newcerts}
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
NOW Creating the CA's private key and CERTIFICATE in corresponding places
cd /etc/pki/CA
openssl genrsa -out private/my-ca.key -des3 2048
openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt
2.
Creating privet key and Certificate Signing Request at client side
Creating private key
openssl genrsa -out private.key -des3 2048
Creating certificate sigining request with private key
openssl req -new -key private.key -out certificate.csr
here you will be asked for needed credentials ..Remember if the credentials are different in csr and ca the signing will be failure
3
With certificate.csr in Certificate Authority server we can sign the certificate
openssl ca -in certificatecsr.csr -out certificate.crt
here the ca implies that it will use the configuration from /etc/pki/tls/openssl.cnf to sign the signing request.
Or the other way is to self sign as follow after creating the private key and csr we could do self signing as follows
openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt
Tuesday, November 13, 2012
Install Dolphin in Vps / Hosting
Installing Dolphin
We can install dolphin in two ways either as main site or as a sub directory ie a folder inside the main site. The difference between this two are is that to get the dolphin installed as the main site uncompress the tar file in the public_html folder so that we can access the site as following
http://your-domain-name/
and in second type we will be uncompressing the tar file in a directory inside public_html so that we can access the site as follows
http://your-domain-name/<name-we-give>
Downloading Dolphin
Change to the Dolphin directory by entering the following command:
Download the latest Dolphin release by entering the following command:
Unzip the archive by entering the following command:
We could create the database and user using cpanel mysql window. Normally the database are named as username_databasename and username as username_name
mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;
GRANT ALL PRIVILEGES ON db_base.* TO db_user @’%’ IDENTIFIED BY ‘db_passwd’;
Navigate to http://host-name.com/dolphin/install/index.php.
The Dolphin installation page appears,
Click Install to begin.
If any of the file get failed we need to do that manually using chmod 755 for needed files.
All of the files listed should be Writable. Click Next to continue. The Paths Check webpage appears, as shown below.
If we get ImageMagick installed failed we need to install it manually .we could intall that using the cpanel scripts
Check whether ImageMagicK is installed or not:-Ã /scripts/checkimagemagick
Install ImageMagick :Ã /scripts/installimagemagick
/usr/bin/convert –version
If we get GD library failed intall it using
/scripts/easyapache
Even after installing GD library if we get GD library failed we need to edit
Find and edit the php.ini
And add
extension=php_gd2.dll
extension=php_gd.dll
and run the check again.
All of the paths listed should be "found". You should also see a GD library installed message at the bottom of the webpage. Click Next to continue. The Database webpage appears.
Enter the details for the Dolphin database you created earlier in this guide. Click Next to continue. The Configuration webpage appears.
Complete the form by entering the required information for your website, and then click Next to continue. The Cron Jobs webpage appears.
Now you'll need to set up a cron job specified on the webpage. We can also do this from the cpanel in graphical way. To set up your cron job, you'll need to open your crontab for editing by entering the following command:
To save the cron job, press Control-X, and then press Y to save.
Back in your web browser, click Next. The Permissions Reversal webpage appears, as shown below.
To reverse your permissions, enter the following commands, one by one.
Back in your web browser, click Check. The webpage should now indicate that the directory is "Non-writable", as shown below.
Click Next. If the webpage shown below appears its finished
After that copy the languages from the install/lang directory to dolphin/lang that in dolphin.
mv /<path-to-document-root>/public_html/dolphin/install/langs/* /<path-to-document-root>/public_html/dolphin/langs/
Now you'll want to remove the install directory by entering the following commands, one by one:
Change the permissions of the cache, cache_public, langs, and tmp folders by entering the following commands, one by one:
You can now log into your admin panel at http://host-name.com/dolphin/administration/.
We can install dolphin in two ways either as main site or as a sub directory ie a folder inside the main site. The difference between this two are is that to get the dolphin installed as the main site uncompress the tar file in the public_html folder so that we can access the site as following
http://your-domain-name/
and in second type we will be uncompressing the tar file in a directory inside public_html so that we can access the site as follows
http://your-domain-name/<name-we-give>
Downloading Dolphin
Cd /<path-to-root_directory>/public_html
mkdir dolphin
Change to the Dolphin directory by entering the following command:
cd dolphin
Download the latest Dolphin release by entering the following command:
http://www.boonex.com/paymentprovider/payment#download
wget http://get.boonex.com/Dolphin-v.7.0
Unzip the archive by entering the following command:
unzip Dolphin-v.7.0
Adding a MySQL User and Database
We could create the database and user using cpanel mysql window. Normally the database are named as username_databasename and username as username_name
mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;
GRANT ALL PRIVILEGES ON db_base.* TO db_user @’%’ IDENTIFIED BY ‘db_passwd’;
Configuring Permissions
Cd /<path-to-root-document>/public_html/dolphin
chmod 777 ./inc ./backup ./cache ./cache_public ./langs ./media/app ./media/images ./media/images/banners ./media/images/blog ./media/images/classifieds ./media/images/membership ./media/images/profile ./media/images/profile_bg ./media/images/promo ./media/images/promo/original ./tmp ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/Test ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI
chmod 777 ./flash/modules/board/files ./flash/modules/chat/files ./flash/modules/photo/files ./flash/modules/im/files ./flash/modules/mp3/files ./flash/modules/video/files ./flash/modules/video_comments/files
chmod 666 inc/prof.inc.php
chmod 666 ./flash/modules/global/data/integration.dat ./flash/modules/board/xml/config.xml ./flash/modules/board/xml/langs.xml ./flash/modules/board/xml/main.xml ./flash/modules/board/xml/skins.xml ./flash/modules/chat/xml/config.xml ./flash/modules/chat/xml/langs.xml ./flash/modules/chat/xml/main.xml ./flash/modules/chat/xml/skins.xml ./flash/modules/desktop/xml/config.xml ./flash/modules/desktop/xml/langs.xml ./flash/modules/desktop/xml/main.xml ./flash/modules/desktop/xml/skins.xml ./flash/modules/global/xml/config.xml ./flash/modules/global/xml/main.xml ./flash/modules/im/xml/config.xml ./flash/modules/im/xml/langs.xml ./flash/modules/im/xml/main.xml ./flash/modules/im/xml/skins.xml ./flash/modules/mp3/xml/config.xml ./flash/modules/mp3/xml/langs.xml ./flash/modules/mp3/xml/main.xml ./flash/modules/mp3/xml/skins.xml ./flash/modules/photo/xml/config.xml ./flash/modules/photo/xml/langs.xml ./flash/modules/photo/xml/main.xml ./flash/modules/photo/xml/skins.xml ./flash/modules/video/xml/config.xml ./flash/modules/video/xml/langs.xml ./flash/modules/video/xml/main.xml ./flash/modules/video/xml/skins.xml ./flash/modules/video_comments/xml/config.xml ./flash/modules/video_comments/xml/langs.xml ./flash/modules/video_comments/xml/main.xml ./flash/modules/video_comments/xml/skins.xml
chmod 777 flash/modules/global/app/ffmpeg.exe
Running the Install Script
Navigate to http://host-name.com/dolphin/install/index.php.
The Dolphin installation page appears,
Click Install to begin.
If any of the file get failed we need to do that manually using chmod 755 for needed files.
All of the files listed should be Writable. Click Next to continue. The Paths Check webpage appears, as shown below.
If we get ImageMagick installed failed we need to install it manually .we could intall that using the cpanel scripts
Check whether ImageMagicK is installed or not:-Ã /scripts/checkimagemagick
Install ImageMagick :Ã /scripts/installimagemagick
/usr/bin/convert –version
If we get GD library failed intall it using
/scripts/easyapache
- "Start customizing based on profile"
- Select the Apache version and click next step.
- Select the Major PHP Version and click next step.
- Select the PHP Minor Version and click next step.
- Scroll down to the bottom and click "Exhaustive Options List". (If the module you are needing isn't listed)
- Select the modules you wish to add (GD library) then scroll to the bottom and click "Save and Build".
Even after installing GD library if we get GD library failed we need to edit
Find and edit the php.ini
And add
extension=php_gd2.dll
extension=php_gd.dll
and run the check again.
All of the paths listed should be "found". You should also see a GD library installed message at the bottom of the webpage. Click Next to continue. The Database webpage appears.
Enter the details for the Dolphin database you created earlier in this guide. Click Next to continue. The Configuration webpage appears.
Complete the form by entering the required information for your website, and then click Next to continue. The Cron Jobs webpage appears.
Now you'll need to set up a cron job specified on the webpage. We can also do this from the cpanel in graphical way. To set up your cron job, you'll need to open your crontab for editing by entering the following command:
sudo crontab -e
MAILTO=myemail@gmail.com
* * * * * cd /var/www/periodic; /usr/bin/php -q cron.php
To save the cron job, press Control-X, and then press Y to save.
Back in your web browser, click Next. The Permissions Reversal webpage appears, as shown below.
To reverse your permissions, enter the following commands, one by one.
cd /<path-to-document-root>/public_html/dolphin
find ./ -type d -exec chmod 755 {} \;
sudo find ./ -type f -exec chmod 644 {} \;
chmod 755 flash/modules/global/app/ffmpeg.exe;
Back in your web browser, click Check. The webpage should now indicate that the directory is "Non-writable", as shown below.
Click Next. If the webpage shown below appears its finished
After that copy the languages from the install/lang directory to dolphin/lang that in dolphin.
mv /<path-to-document-root>/public_html/dolphin/install/langs/* /<path-to-document-root>/public_html/dolphin/langs/
Now you'll want to remove the install directory by entering the following commands, one by one:
cd /<path-to-root-document>/public/dolphin
rm -rf install
Change the permissions of the cache, cache_public, langs, and tmp folders by entering the following commands, one by one:
chmod 777 cache
chmod 777 cache_public
chmod 777 tmp
You can now log into your admin panel at http://host-name.com/dolphin/administration/.
Installing Wordpresss in VPS / Hosting places
We can install wordpress in our domain in two ways . Either as main site ie in public_html or as an sub website inside a directory in the public_html..difference between then is just about uncompromising the tar file in public_html directory or in a sub directory . For doing that in either way all the steps are same .
First we need to download the tar file and we need to uncompress it in the needed directory .
cd /<path-to-document-root>/public_html
wget http://wordpress.org/latest.tar.gz
now decompress the file
tar -xvzf latest.tar.gz
change the privilage of the folder by
chmod -R 777 *
noramally to make it the main site we copy the tar file and extract the tar file in same public_html directroy so that it can be accessed like
http://your-domain-name
To make it a sub website first we need to make a direcotry with any name inside the public_html and untar the tar file into that it can be accessed by
http://your-domain-name/<name-we-give>
Second thing we need is a database which we can create through the cpanel or through the shell .when creating the databse user throug the cpanel we need to create a database first and later a user and we need to give full permission to that user over that database. All this can be done through
cpanel>>Home>>Mysql databse …Or
by following commands in the shell .To do it through shell we need to get into our server/vps through ssh and run the following command.Normally the databases will be named as username_databasename . And user of that database as username_name.
mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;
GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';
Now go to browser and type “http://your-domain-name/” or “ http://your-domain-name/<name-we-give>” to get the auto install configuration file of the wordpress.There we will be asked for following and we need to fill in the needed details..Remember to give correct database name and user name leave the rest of options as it is
database: database_name
username:user_name
password:password
host:localhost:
and click next
If all things ends correctly it will be done and you will get the welcome page
First we need to download the tar file and we need to uncompress it in the needed directory .
cd /<path-to-document-root>/public_html
wget http://wordpress.org/latest.tar.gz
now decompress the file
tar -xvzf latest.tar.gz
change the privilage of the folder by
chmod -R 777 *
noramally to make it the main site we copy the tar file and extract the tar file in same public_html directroy so that it can be accessed like
http://your-domain-name
To make it a sub website first we need to make a direcotry with any name inside the public_html and untar the tar file into that it can be accessed by
http://your-domain-name/<name-we-give>
Second thing we need is a database which we can create through the cpanel or through the shell .when creating the databse user throug the cpanel we need to create a database first and later a user and we need to give full permission to that user over that database. All this can be done through
cpanel>>Home>>Mysql databse …Or
by following commands in the shell .To do it through shell we need to get into our server/vps through ssh and run the following command.Normally the databases will be named as username_databasename . And user of that database as username_name.
mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;
GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';
Now go to browser and type “http://your-domain-name/” or “ http://your-domain-name/<name-we-give>” to get the auto install configuration file of the wordpress.There we will be asked for following and we need to fill in the needed details..Remember to give correct database name and user name leave the rest of options as it is
database: database_name
username:user_name
password:password
host:localhost:
and click next
If all things ends correctly it will be done and you will get the welcome page
Wednesday, November 7, 2012
Creating the Cpanel account with WHM
Log into your WHMIn the left menu under "Account Functions", click "Create a New Account"
Fill in the details for the new account. Here's a brief outline of the settings you'll be putting in:
After you have filled in all of the details above, click the "Create" button at the bottom of the page.
Congratulations, you have just created a new cPanel account!
Fill in the details for the new account. Here's a brief outline of the settings you'll be putting in:
- Domain Information
- Enter the main domain name on the account, set a cPanel username and password for it, and then enter the email address to be associated with the account.
- Package
- WHM allows you to create packages, which make it easier to manage cPanel accounts. For Example, you may have a "Power Plan" package like InMotion Hosting offers. Within that package you could set limits such as the number of addon domains to associate to the account. If you don't have any packages set, select the "Select Options Manually" option and set those limitations now.
- Settings
- Choose the cPanel theme to assign the user (InMotion Hosting currently uses x3) and select the appropriate language for the user.
- Reseller Settings
- If you have the access to create a cPanel account, it means that you have reseller permissions. Decide here if this new account you're creating should have WHM access and be able to create accounts themselves.
- DNS Settings
- Decide how the domain's nameservers should be configured on the server. If the nameservers specified for this domain name are going to be on another server, choose the option "Use the nameservers specified at the Domain's Regsitrar"
- Mail Routing Settings
- Decide how the server handles email for this specific domain. For example, should it attempt to deliver the email locally or should it look at the external MX records and decide? It's recommended to use "Automatically Detect Configuration" if you're not sure about this setting
- .
After you have filled in all of the details above, click the "Create" button at the bottom of the page.
Congratulations, you have just created a new cPanel account!
Tuesday, November 6, 2012
Installing cPanel manually
In order to install cpanel/WHM on your VPS , you will need to log into your server as root first.
ssh root@server-ip
In above server-ip should be your server's ip. We should install cpanel/whm only in a fresh system ,configured with a proper yum or apt-get system .
From a windows machine we can use putty to log into the server ...
Minimum Requirements as per cpanel's original site
To obtain a list of
You should make sure these
To remove a
You should disable SELinux after installing Red Hat Enterprise Linux, CentOS, or CloudLinux. To disable SELinux, you can either:
If you disable SELinux from the command line, the contents of
If you are installing a CentOS, Red Hat Enterprise Linux, CloudLinux operating system, you should deactivate the default firewall and check for updates.
To deactivate the firewall, run the commands:
To check for updates, run the command:
change the hostname of the VPS to a valid hostname like "server.domain.com".
The installation of cPanel can take a long time and it is better if you install "screen". Depending on your operating system you can install screen running yum or apt-get (yum install screen or apt-get install screen).
Now you will want to download and install cPanel:
screen -S cpanel
cd /home
wget http://layer1.cpanel.net/latest
sh latest
ctrl -A-D ...to detach from screen
screen -ls will list the screens
If you get disconnected, you can ssh back into your server as root, and run:
screen -r cpanel
After everything is complete, and there are no errors, you should be able to access the WHM control panel by visiting
https://your_ip:2087
ssh root@server-ip
In above server-ip should be your server's ip. We should install cpanel/whm only in a fresh system ,configured with a proper yum or apt-get system .
From a windows machine we can use putty to log into the server ...
Minimum Requirements as per cpanel's original site
| Processor | 266 MHz |
| Memory | 512 MB RAM (1 GB recommended when hosting many accounts) |
| Disk Space | 10 GB hard disk |
Removing YUM groups
To obtain a list of
yum groups, run the command:yum grouplist
You should make sure these
yum groups are not installed:- FTP Server
- GNOME Desktop Environment
- KDE (K Desktop Environment)
- Mail Server
- Mono
- Web Server
- X Window System
To remove a
yum group, run the command yum groupremove. For example, if you wish to remove Mono and Mail Server, enter:yum groupremove "Mono" "Mail Server"
Disabling SELinux security features
You should disable SELinux after installing Red Hat Enterprise Linux, CentOS, or CloudLinux. To disable SELinux, you can either:
- Use the graphical interface while configuring your operating system, or
- Edit
/etc/selinux/configfrom the command line and set theSELINUXparameter todisabledusing a text editor, such as nano or vi.
If you disable SELinux from the command line, the contents of
/etc/selinux/config should resemble:# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Deactivating default firewall and checking for updates
If you are installing a CentOS, Red Hat Enterprise Linux, CloudLinux operating system, you should deactivate the default firewall and check for updates.
To deactivate the firewall, run the commands:
chkconfig iptables off
service iptables stop
To check for updates, run the command:
yum update
change the hostname of the VPS to a valid hostname like "server.domain.com".
Installing cpanel
The installation of cPanel can take a long time and it is better if you install "screen". Depending on your operating system you can install screen running yum or apt-get (yum install screen or apt-get install screen).
Now you will want to download and install cPanel:
screen -S cpanel
cd /home
wget http://layer1.cpanel.net/latest
sh latest
ctrl -A-D ...to detach from screen
screen -ls will list the screens
If you get disconnected, you can ssh back into your server as root, and run:
screen -r cpanel
After everything is complete, and there are no errors, you should be able to access the WHM control panel by visiting
https://your_ip:2087
Friday, October 26, 2012
Kerberose authentication in rhel
Kerberose authentication
To use kerberose authentication we need to set up server with all the needed principle and their passwords.and we must configure the client to use the proper kerberpse server as needed.
Server Configuration
server:virtual19.virtual.com
IP:192.168.100.19
client:virtual21.virtual.com
IP:192.168.100.21
Packages needed are
yum install -y krb5-server
yum install -y krb5-libs
yum install -y readline-devel
vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = VIRTUAL.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
VIRTUAL.COM = {
kdc = virtual19.virtual.com
admin_server = virtual19.virtual.com
}
[domain_realm]
virtual19.virtual.com = VIRTUAL.COM
virtual21.virtual.com = VIRTUAL.COM
[appdefault]
validate=true
vim /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
VIRTUAL.COM = {
master_key_type = aes256-cts
default_principle_flags = +preauth
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
kdb5_util create -r VIRTUAL.COM -s
kadmin.local
kadmin: listprincs
kadmin: addprinc root/admin
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw
kadmin: addprinc -randkey host/virtual19.virtual.com
kadmin: ktadd -k /etc/krb5.keytab host/virtual19.virtual.com
vim /var/kerberos/krb5kdc/kadm5.acl
*/admin@VIRTUAL.COM *
service krb5kdc restart
chkconfig krb5kdc on
service kadmin restart
chkconfig kadmin on
----------------------------------------------------------
Client side configuration
----------------------------------------------------------
copy the /etc/krb5.conf from server to client
authconfig-tui
select the kerberised password authentication then they will ask for kdc and krb5 server and releam name to which we need to enter the correct entry .When closing the utils the system will configure itself for connection to kerberose server
Now we need to add that machine to kerberose server database
kadmin
kadmin: addprinc -randkey host/virtual21.virtual.com
kadmin: ktadd -k /etc/krb5.keytab host/virtual21.virtual.com
now the client machine is added to server and now the tickets will be issued as normal and to check that
klist to list the tickets got from server
-------------------------------------------------------------------.
Now adding nis user to kerberose
At server make a principle for the nis users and that is it
kadmin.local
kadmin: addprinc nisuser1
now will be prompted for kerberose password which at client will enable the user to login as user using kerberised security .
To use kerberose authentication we need to set up server with all the needed principle and their passwords.and we must configure the client to use the proper kerberpse server as needed.
Server Configuration
server:virtual19.virtual.com
IP:192.168.100.19
client:virtual21.virtual.com
IP:192.168.100.21
Packages needed are
yum install -y krb5-server
yum install -y krb5-libs
yum install -y readline-devel
vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = VIRTUAL.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
VIRTUAL.COM = {
kdc = virtual19.virtual.com
admin_server = virtual19.virtual.com
}
[domain_realm]
virtual19.virtual.com = VIRTUAL.COM
virtual21.virtual.com = VIRTUAL.COM
[appdefault]
validate=true
vim /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
VIRTUAL.COM = {
master_key_type = aes256-cts
default_principle_flags = +preauth
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
kdb5_util create -r VIRTUAL.COM -s
kadmin.local
kadmin: listprincs
kadmin: addprinc root/admin
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
kadmin: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw
kadmin: addprinc -randkey host/virtual19.virtual.com
kadmin: ktadd -k /etc/krb5.keytab host/virtual19.virtual.com
vim /var/kerberos/krb5kdc/kadm5.acl
*/admin@VIRTUAL.COM *
service krb5kdc restart
chkconfig krb5kdc on
service kadmin restart
chkconfig kadmin on
----------------------------------------------------------
Client side configuration
----------------------------------------------------------
copy the /etc/krb5.conf from server to client
authconfig-tui
select the kerberised password authentication then they will ask for kdc and krb5 server and releam name to which we need to enter the correct entry .When closing the utils the system will configure itself for connection to kerberose server
Now we need to add that machine to kerberose server database
kadmin
kadmin: addprinc -randkey host/virtual21.virtual.com
kadmin: ktadd -k /etc/krb5.keytab host/virtual21.virtual.com
now the client machine is added to server and now the tickets will be issued as normal and to check that
klist to list the tickets got from server
-------------------------------------------------------------------.
Now adding nis user to kerberose
At server make a principle for the nis users and that is it
kadmin.local
kadmin: addprinc nisuser1
now will be prompted for kerberose password which at client will enable the user to login as user using kerberised security .
Tuesday, October 23, 2012
NIS server-client configuration
NIS Network Information System is one of the centralized way to use the user through-out the network.
At Server
Install the nis server package
----->yum install -y ypserv
Add the needed users ,make sure that u give an uid that is normally not used ..go for 5000 + uids here i will be using ids at range of 6000 . This is may to avoid confilt with the local user uids
----->useradd -u 60000 nisuser1
----->passwd nisuser1
----->useradd -u 60001 nisuser2
----->passwd nisuser2
Give the nisdoamin name in /etc/sysconfig/network and we can make nis services use the port we say by giving following arguments
---->echo "
NISDOMAIN=virtual19
YPSERV_ARGS="-p 900"
YPPASSWRD_ARGS="-p 901"
YPXFRD_ARGS="-p 902"
" >> /etc/sysconfig/network
the -p argument will make the service use that port
Now to make the master nis server
----->service ypserv restart
----->/usr/lib64/yp/ypinit -m
will make the nis server and and make the needed changes
to make those changes permanent
------>make -C /var/yp
------>service ypserv restart
we can check the users by
getent passwd
-----------------------------
AT Client
-----------------------------
we neet to configure the authconfig-tui to nis
------->authconfig-tui
Now a window will be opened and we need to select the nis option,system will automatically start the needed service..you will be asked the nisdomain name and server ip we should provide that and when the window close the clinet configuration is complete
Now at client side if we do
------->getent passwd
we would be able to see the users...
to just see the nis users we need to use ypcat
------->ypcat passwd
this will only show the nis uses from passwd file
switch to the user just like we switch to normal users
at client ------->su nisuser1
Basically nis is not that much secure we can make its client restriction in file /var/yp/securenets .the ips or network given in that file only will have entry to nis server
To change passwd of the user from client we need to use yppasswdd sevice at server and same command at client side.
At Server
Install the nis server package
----->yum install -y ypserv
Add the needed users ,make sure that u give an uid that is normally not used ..go for 5000 + uids here i will be using ids at range of 6000 . This is may to avoid confilt with the local user uids
----->useradd -u 60000 nisuser1
----->passwd nisuser1
----->useradd -u 60001 nisuser2
----->passwd nisuser2
Give the nisdoamin name in /etc/sysconfig/network and we can make nis services use the port we say by giving following arguments
---->echo "
NISDOMAIN=virtual19
YPSERV_ARGS="-p 900"
YPPASSWRD_ARGS="-p 901"
YPXFRD_ARGS="-p 902"
" >> /etc/sysconfig/network
the -p argument will make the service use that port
Now to make the master nis server
----->service ypserv restart
----->/usr/lib64/yp/ypinit -m
will make the nis server and and make the needed changes
to make those changes permanent
------>make -C /var/yp
------>service ypserv restart
we can check the users by
getent passwd
-----------------------------
AT Client
-----------------------------
we neet to configure the authconfig-tui to nis
------->authconfig-tui
Now a window will be opened and we need to select the nis option,system will automatically start the needed service..you will be asked the nisdomain name and server ip we should provide that and when the window close the clinet configuration is complete
Now at client side if we do
------->getent passwd
we would be able to see the users...
to just see the nis users we need to use ypcat
------->ypcat passwd
this will only show the nis uses from passwd file
switch to the user just like we switch to normal users
at client ------->su nisuser1
Basically nis is not that much secure we can make its client restriction in file /var/yp/securenets .the ips or network given in that file only will have entry to nis server
To change passwd of the user from client we need to use yppasswdd sevice at server and same command at client side.
Monday, October 22, 2012
More about DNS and Security in Zone sharing
More about DNS
Bogus servers which give wrong information can be blocked or to make our server not to accept any information from them
server IP {bogus yes ;};
we can also create blackhole in dns where the server will not even acknowledge the other ip
blackhole {ips;};
version bind
this can be used to make the details of dns version IE bind version safe from the outsider
version "INFORMATION ....";
chrooting the bind
By installing the bind-chroot the dns configuration file will be moved to space where only root and named group has permission to edit those files
Making DNS Zone sharing safe
we could share a key between slave and master to make sure that update are send to only correct slaves.
This method in called TSIG transaction signature configuration
1.first start from client making the key
----->dnssec-keygen -a hmac-md5 -b 128 -n HOST virtual_key
----->cat Kvirtual_key.+157+56451.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: yzkKqIIa4sUPXm+Oz7VNgg==
Bits: AAA=
Created: 20121022004959
Publish: 20121022004959
Activate: 20121022004959
**copy the key part and create a key file as follows
------->vim /etc/rndc.key
key "virtual_key"
{
algorithm HMAC-MD5;
secret "yzkKqIIa4sUPXm+Oz7VNgg==";
};
------->chgrp named /etc/rndc.key
**inside /etc/named.conf add
include "/etc/rndc.key" ;
server 192.168.100.1 {
keys { virtual_key ; };
};
**and
allow-transfer { key virtul_key ;};
this forces the client to use the key we generate..
Now copy the rndc.key file to server
change the group to named at server
and include the file to /etc/named.conf and give allow-transfer at needed zones to make it more secure
at server /etc/named.conf
include "/etc/rndc.key" ;
allow-transfer { key virtual_key ;};
----------------------------------------------------------------------
master configuration
----------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };
include "/etc/rndc.key" ;
options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
allow-transfer { key virtual_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};
view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update {none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update {none ;};
};
};
#include "/etc/named.rfc1912.zones";
----------------------------------------------------------------------------
slave configuration
----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/rndc.key" ;
server 192.168.100.1 {
keys { virtual_key ; };
};
options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;192.168.100.0/24; };
allow-transfer { key virtul_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view external {
match-clients { 192.168.100.0/24; };
allow-transfer { key virtual_key ;};
zone "virtual.com" IN {
type slave;
file "slaves/forwardvir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/reversevir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};
};
Bogus servers which give wrong information can be blocked or to make our server not to accept any information from them
server IP {bogus yes ;};
we can also create blackhole in dns where the server will not even acknowledge the other ip
blackhole {ips;};
version bind
this can be used to make the details of dns version IE bind version safe from the outsider
version "INFORMATION ....";
chrooting the bind
By installing the bind-chroot the dns configuration file will be moved to space where only root and named group has permission to edit those files
Making DNS Zone sharing safe
we could share a key between slave and master to make sure that update are send to only correct slaves.
This method in called TSIG transaction signature configuration
1.first start from client making the key
----->dnssec-keygen -a hmac-md5 -b 128 -n HOST virtual_key
----->cat Kvirtual_key.+157+56451.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: yzkKqIIa4sUPXm+Oz7VNgg==
Bits: AAA=
Created: 20121022004959
Publish: 20121022004959
Activate: 20121022004959
**copy the key part and create a key file as follows
------->vim /etc/rndc.key
key "virtual_key"
{
algorithm HMAC-MD5;
secret "yzkKqIIa4sUPXm+Oz7VNgg==";
};
------->chgrp named /etc/rndc.key
**inside /etc/named.conf add
include "/etc/rndc.key" ;
server 192.168.100.1 {
keys { virtual_key ; };
};
**and
allow-transfer { key virtul_key ;};
this forces the client to use the key we generate..
Now copy the rndc.key file to server
change the group to named at server
and include the file to /etc/named.conf and give allow-transfer at needed zones to make it more secure
at server /etc/named.conf
include "/etc/rndc.key" ;
allow-transfer { key virtual_key ;};
----------------------------------------------------------------------
master configuration
----------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };
include "/etc/rndc.key" ;
options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
allow-transfer { key virtual_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};
view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update {none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update {none ;};
};
};
#include "/etc/named.rfc1912.zones";
----------------------------------------------------------------------------
slave configuration
----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
include "/etc/rndc.key" ;
server 192.168.100.1 {
keys { virtual_key ; };
};
options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;192.168.100.0/24; };
allow-transfer { key virtul_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view external {
match-clients { 192.168.100.0/24; };
allow-transfer { key virtual_key ;};
zone "virtual.com" IN {
type slave;
file "slaves/forwardvir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/reversevir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};
};
DNS Master Slave Configuration
1.Master and slave configuration
2.acl setting
3.view setting
For making the Dns a Master dns server we give the type master and for making that slave we give type slaves. And by defaults in slaves the files will be copied from master to slaves defautl /var/named/slaves/ directory.
Acl setting acl setting is used to group a set of networks or individual ip's under a single name.
View setting is used to isolate the dns zones for a specific network as per acl or given ip's.we could give the ip's or network or acl which has access to the view in match-client {;}; option inside the view option .
-----------------------------------------------------------------------------
MASTERS-configuration file
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };
options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};
view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
#i:nclude "/etc/named.rfc1912.zones";
-----------------------------------------------------------------------------
SLAVES-configuration file
In salves the zones will have the entry
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.100.0/24 ; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view external {
match-clients { 192.168.100.0/24; };
zone "virtual.com" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/reversevir.zone";
allow-update { none; };
};
};
2.acl setting
3.view setting
For making the Dns a Master dns server we give the type master and for making that slave we give type slaves. And by defaults in slaves the files will be copied from master to slaves defautl /var/named/slaves/ directory.
Acl setting acl setting is used to group a set of networks or individual ip's under a single name.
View setting is used to isolate the dns zones for a specific network as per acl or given ip's.we could give the ip's or network or acl which has access to the view in match-client {;}; option inside the view option .
-----------------------------------------------------------------------------
MASTERS-configuration file
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };
options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};
view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};
};
#i:nclude "/etc/named.rfc1912.zones";
-----------------------------------------------------------------------------
SLAVES-configuration file
In salves the zones will have the entry
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.100.0/24 ; };
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view external {
match-clients { 192.168.100.0/24; };
zone "virtual.com" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/forwardvir.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.1 ; };
file "slaves/reversevir.zone";
allow-update { none; };
};
};
Subscribe to:
Posts (Atom)