50 Systemadmin Work

50UNIX/LinuxSysadminTutorials
1. Disk to disk backup using dd command : 6ExamplestoBackupLinuxUsingddCommand(IncludingDisktoDisk) Warning:Whileusingddcommand,ifyouarenotcareful,andifyoudontknowwhatyouaredoing, youwillloseyourdata!
Example1.BackupEntireHarddisk
Tobackupanentirecopyofaharddisktoanotherharddiskconnectedtothesamesystem,execute theddcommandasshownbelow.Inthisddcommandexample,theUNIXdevicenameofthesource harddiskis/dev/hda,anddevicenameofthetargetharddiskis/dev/hdb.
#ddif=/dev/sdaof=/dev/sdb
ifrepresentsinputfile,andofrepresentsoutputfile.Sotheexactcopyof/dev/sdawillbe availablein/dev/sdb. Ifthereareanyerrors,theabovecommandwillfail.Ifyougivetheparameterconv=noerrorthen itwillcontinuetocopyiftherearereaderrors. Inputfileandoutputfileshouldbementionedverycarefully,ifyoumentionsourcedeviceinthe targetandviceversa,youmightlossallyourdata. Inthecopyofharddrivetoharddriveusingddcommandgivenbelow,syncoptionallowsyouto copyeverythingusingsynchronizedI/O.

#ddif=/dev/sdaof=/dev/sdbconv=noerror,sync
Example2.CreateanImageofaHardDisk
Insteadoftakingabackupoftheharddisk,youcancreateanimagefileoftheharddiskandsaveit inotherstoragedevices.Therearemanyadvantagestobackingupyourdatatoadiskimage,one beingtheeaseofuse.Thismethodistypicallyfasterthanothertypesofbackups,enablingyouto quicklyrestoredatafollowinganunexpectedcatastrophe.
#ddif=/dev/hdaof=~/hdadisk.img
Theabovecreatestheimageofaharddisk/dev/hda.ReferourearlierarticleHow to view initrd.imageformoredetails.
Example3.RestoreusingHardDiskImage
#ddif=hdadisk.imgof=/dev/hdb
Torestoreaharddiskwiththeimagefileofananotherharddisk,usethefollowingddcommand example. Theimagefilehdadisk.imgfile,istheimageofa/dev/hda,sotheabovecommandwillrestorethe imageof/dev/hdato/dev/hdb.
Example4.CreatingaFloppyImage
Usingddcommand,youcancreateacopyofthefloppyimageveryquickly.Ininputfile,givethe floppydevicelocation,andintheoutputfile,givethenameofyourfloppyimagefileasshown below.

#ddif=/dev/fd0of=myfloppy.img
Example5.BackupaPartition
Youcanusethedevicenameofapartitionintheinputfile,andintheoutputeitheryoucanspecify yourtargetpathorimagefileasshownintheddcommandexamplebelow.
#ddif=/dev/hda1of=~/partition1.img
Example6.CDROMBackup
ddcommandallowsyoutocreateanisofilefromasourcefile.SowecaninserttheCDandenterdd commandtocreateanisofileofaCDcontent.
#ddif=/dev/cdromof=tgsservice.isobs=2048
ddcommandreadsoneblockofinputandprocessitandwritesitintoanoutputfile.Youcanspecify theblocksizeforinputandoutputfile.Intheaboveddcommandexample,theparameterbs specifiestheblocksizefortheboththeinputandoutputfile.Sodduses2048bytesasablocksizein theabovecommand. Note:IfCDisautomounted,beforecreatinganisoimageusingddcommand,itsalwaysgoodifyou unmounttheCDdevicetoavoidanyunnecessaryaccesstotheCDROM 2. 15 rsync command examples :Everysysadminshouldmastertheusageofrsync.rsyncutilityisused tosynchronizethefilesanddirectoriesfromonelocationtoanother.Firsttime,rsyncreplicatesthe wholecontentbetweenthesourceanddestinationdirectories.Nexttime,rsynctransfersonlythe changedblocksorbytestothedestinationlocation,whichmakesthetransferreallyfast.
HowtoBackupLinux?15rsyncCommandExamples
rsyncstandsforremotesync. rsyncisusedtoperformthebackupoperationinUNIX/Linux. rsyncutilityisusedtosynchronizethefilesanddirectoriesfromonelocationtoanotherinaneffectiveway.Backup locationcouldbeonlocalserveroronremoteserver.
Importantfeaturesofrsync
Speed:Firsttime,rsyncreplicatesthewholecontentbetweenthesourceanddestinationdirectories.Nexttime,
rsynctransfersonlythechangedblocksorbytestothedestinationlocation,whichmakesthetransferreallyfast. Security:rsyncallowsencryptionofdatausingsshprotocolduringtransfer.
LessBandwidth:rsyncusescompressionanddecompressionofdatablockbyblockatthesendingandreceiving
endrespectively.Sothebandwidthusedbyrsyncwillbealwayslesscomparedtootherfiletransferprotocols.
Privileges:Nospecialprivilegesarerequiredtoinstallandexecutersync
Syntax
$rsyncoptionssourcedestination
Sourceanddestinationcouldbeeitherlocalorremote.Incaseofremote,specifytheloginname,remoteserver nameandlocation.
Example1.SynchronizeTwoDirectoriesinaLocalServer
Tosynctwodirectoriesinalocalcomputer,usethefollowingrsynczvrcommand. $rsynczvr/var/opt/installation/inventory//root/temp buildingfilelist...done sva.xml svB.xml . sent26385bytesreceived1098bytes54966.00bytes/sec totalsizeis44867speedupis1.63 $ Intheaboversyncexample:
zistoenablecompression vverbose rindicatesrecursive Nowletusseethetimestampononeofthefilesthatwascopiedfromsourcetodestination.Asyouseebelow,rsync didntpreservetimestampsduringsync. $lsl/var/opt/installation/inventory/sva.xml/root/temp/sva.xml rrr1binbin949Jun182009/var/opt/installation/inventory/sva.xml rrr1rootbin949Sep22009/root/temp/sva.xml
Example2.PreservetimestampsduringSyncusingrsynca
rsyncoptionaindicatesarchivemode.aoptiondoesthefollowing, Recursivemode Preservessymboliclinks Preservespermissions Preservestimestamp Preservesownerandgroup Now,executingthesamecommandprovidedinexample1(Butwiththersyncoptiona)asshownbelow: $rsyncazv/var/opt/installation/inventory//root/temp/ buildingfilelist...done ./ sva.xml svB.xml . sent26499bytesreceived1104bytes55206.00bytes/sec totalsizeis44867speedupis1.63 $ Asyouseebelow,rsyncpreservedtimestampsduringsync. $lsl/var/opt/installation/inventory/sva.xml/root/temp/sva.xml rrr1rootbin949Jun182009/var/opt/installation/inventory/sva.xml rrr1rootbin949Jun182009/root/temp/sva.xml
Example3.SynchronizeOnlyOneFile
Tocopyonlyonefile,specifythefilenametorsynccommand,asshownbelow. $rsyncv/var/lib/rpm/Pubkeys/root/temp/ Pubkeys
sent42bytesreceived12380bytes3549.14bytes/sec totalsizeis12288speedupis0.99
Example4.SynchronizeFilesFromLocaltoRemote
rsyncallowsyoutosynchronizefiles/directoriesbetweenthelocalandremotesystem. $rsyncavz/root/temp/thegeekstuff@192.168.200.10:/home/thegeekstuff/temp/ Password: buildingfilelist...done ./ rpm/ rpm/Basenames rpm/Conflictname
sent15810261bytesreceived412bytes2432411.23bytes/sec
totalsizeis45305958speedupis2.87
Whiledoingsynchronizationwiththeremoteserver,youneedtospecifyusernameandipaddressoftheremote server.Youshouldalsospecifythedestinationdirectoryontheremoteserver.Theformatis username@machinename:path Asyouseeabove,itasksforpasswordwhiledoingrsyncfromlocaltoremoteserver. Sometimesyoudontwanttoenterthepasswordwhilebackingupfilesfromlocaltoremoteserver.Forexample,If youhaveabackupshellscript,thatcopiesfilesfromlocaltoremoteserverusingrsync,youneedtheabilitytorsync withouthavingtoenterthepassword. Todothat,setupssh password less login asweexplainedearlier.
Example5.SynchronizeFilesFromRemotetoLocal
Whenyouwanttosynchronizefilesfromremotetolocal,specifyremotepathinsourceandlocalpathintargetas shownbelow. $rsyncavzthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/ rpm/Basenames . sent406bytesreceived15810230bytes2432405.54bytes/sec totalsizeis45305958speedupis2.87
Example6.RemoteshellforSynchronization
rsyncallowsyoutospecifytheremoteshellwhichyouwanttouse.Youcanusersyncsshtoenablethesecured remoteconnection. Usersyncesshtospecifywhichremoteshelltouse.Inthiscase,rsyncwillusessh. $rsyncavzesshthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/ rpm/Basenames
Example7.DoNotOverwritetheModifiedFilesattheDestination
Inatypicalsyncsituation,ifafileismodifiedatthedestination,wemightnotwanttooverwritethefilewiththe oldfilefromthesource. Usersyncuoptiontodoexactlythat.(i.edonotoverwriteafileatthedestination,ifitismodified).Inthe followingexample,thefilecalledBasenamesisalreadymodifiedatthedestination.So,itwillnotbeoverwritten withrsyncu. $lsl/root/temp/Basenames total39088 rwxrxrx1rootroot4096Sep211:35Basenames
$rsyncavzuthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/
sent122bytesreceived505bytes114.00bytes/sec totalsizeis45305958speedupis72258.31 $lslrt total39088 rwxrxrx1rootroot4096Sep211:35Basenames
Example8.SynchronizeonlytheDirectoryTreeStructure(notthefiles)
Usersyncdoptiontosynchronizeonlydirectorytreefromsourcetothedestination.Thebelowexample, synchronizeonlydirectorytreeinrecursivemanner,notthefilesinthedirectories. $rsyncvdthegeekstuff@192.168.200.10:/var/lib/. Password: receivingfilelist...done logrotate.status CAM/ YaST2/ acpi/
Example9.ViewthersyncProgressduringTransfer
Whenyouusersyncforbackup,youmightwanttoknowtheprogressofthebackup.i.ehowmanyfilesarecopies, atwhatrateitiscopyingthefile,etc. rsyncprogressoptiondisplaysdetailedprogressofrsyncexecutionasshownbelow. $rsyncavzprogressthegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist... 19filestoconsider ./ Basenames 5357568100%14.98MB/s0:00:00(xfer#1,tocheck=17/19) Conflictname 12288100%35.09kB/s0:00:00(xfer#2,tocheck=16/19) . . . sent406bytesreceived15810211bytes2108082.27bytes/sec totalsizeis45305958speedupis2.87 Youcanalsousersnapshotutility(thatusesrsync)tobackup local linux server ,orbackup remote linux server .
Example10.DeletetheFilesCreatedattheTarget
Ifafileisnotpresentatthesource,butpresentatthetarget,youmightwanttodeletethefileatthetargetduring rsync. Inthatcase,usedeleteoptionasshownbelow.rsyncdeleteoptiondeletesfilesthatarenotthereinsource directory. #Sourceandtargetareinsync.Nowcreatingnewfileatthetarget. $>newfile.txt
$rsyncavzdeletethegeekstuff@192.168.200.10:/var/lib/rpm/.
Password: receivingfilelist...done deletingnewfile.txt ./ sent26bytesreceived390bytes48.94bytes/sec totalsizeis45305958speedupis108908.55
Targethasthenewfilecallednewfile.txt,whensynchronizewiththesourcewithdeleteoption,itremovedthefile newfile.txt
Example11.DonotCreateNewFileattheTarget
Ifyoulike,youcanupdate(Sync)onlytheexistingfilesatthetarget.Incasesourcehasnewfiles,whichisnot thereatthetarget,youcanavoidcreatingthesenewfilesatthetarget.Ifyouwantthisfeature,useexistingoption withrsynccommand. First,addanewfile.txtatthesource. [/var/lib/rpm]$>newfile.txt Next,executethersyncfromthetarget. $rsyncavzexistingroot@192.168.1.2:/var/lib/rpm/. root@192.168.1.2'spassword: receivingfilelist...done ./
Ifyouseetheaboveoutput,itdidntreceivethenewfilenewfile.txt
Example12.ViewtheChangesBetweenSourceandDestination
Thisoptionisusefultoviewthedifferenceinthefilesordirectoriesbetweensourceanddestination. Atthesource: $lsl/var/lib/rpm rwrr1rootroot53575682010062408:57Basenames rwrr1rootroot122882008052822:03Conflictname rwrr1rootroot11796482010062408:57Dirnames Atthedestination: $lsl/root/temp rwrr1rootroot12288May282008Conflictname rwrr1binbin1179648Jun2405:27Dirnames rwrr1rootroot0Sep306:39Basenames Intheaboveexample,betweenthesourceanddestination,therearetwodifferences.First,ownerandgroupofthe fileDirnamediffers.Next,sizediffersforthefileBasenames. Nowletusseehowrsyncdisplaysthisdifference.ioptiondisplaystheitemchanges. $rsyncavzithegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done >f.st....Basenames .f....og.Dirnames
Intheoutputitdisplayssome9lettersinfrontofthefilenameordirectorynameindicatingthechanges. Inourexample,thelettersinfrontoftheBasenames(andDirnames)saysthefollowing: >specifiesthatafileisbeingtransferredtothelocalhost. frepresentsthatitisafile. srepresentssizechangesarethere. trepresentstimestampchangesarethere. oownerchanged ggroupchanged.
Example13.IncludeandExcludePatternduringFileTransfer
rsyncallowsyoutogivethepatternyouwanttoincludeandexcludefilesordirectorieswhiledoing synchronization. $rsyncavzinclude'P*'exclude'*'thegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done ./ Packages Providename Provideversion Pubkeys
Intheaboveexample,itincludesonlythefilesordirectoriesstartingwithP(usingrsyncinclude)andexcludesall otherfiles.(usingrsyncexclude*)
Example14.DoNotTransferLargeFiles
Youcantellrsyncnottotransferfilesthataregreaterthanaspecificsizeusingrsyncmaxsizeoption. $rsyncavzmaxsize='100K'thegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done ./ Conflictname Group Installtid Name Sha1header Sigmd5 Triggername
maxsize=100Kmakesrsynctotransferonlythefilesthatarelessthanorequalto100K.YoucanindicateMfor megabytesandGforgigabytes.
Example15.TransfertheWholeFile
Oneofthemainfeatureofrsyncisthatittransfersonlythechangedblocktothedestination,insteadofsendingthe wholefile. Ifnetworkbandwidthisnotanissueforyou(butCPUis),youcantransferthewholefile,usingrsyncWoption. Thiswillspeedupthersyncprocess,asitdoesnthavetoperformthechecksumatthesourceanddestination.
#rsyncavzWthegeekstuff@192.168.200.10:/var/lib/rpm//root/temp Password: receivingfilelist...done ./ Basenames Conflictname Dirnames Filemd5s Group Installtid Name sent406bytesreceived15810211bytes2874657.64bytes/sec totalsizeis45305958speedupis2.87
AdditionalrsyncTutorials
3. Three sysadmin rules :Ifyouareasysadmin,youcant(andshouldnt)breakthesethreesysadmin rules.
Rule#1:BackupEverything(andvalidatethebackupregularly)
Experiencedsysadminknowsthatproductionsystemwillcrashsomeday,nomatterhowproactivewe are.Thebestwaytobepreparedforthatsituationistohaveavalidbackup. Ifyoudonthaveabackupofyourcriticalsystems,youshouldstartplanningforitimmediately. Whileplanningforabackup,keepthefollowingfactorsinyourmind: Whatsoftware(orcustomscript?)youwouldusetotakeabackup? Doyouhaveenoughdiskspacetokeepthebackup? Howoftenwouldyourotatethebackups? Apartfromfullbackup,doyoualsoneedregularincrementalbackup? Howwouldyouexecuteyourbackup?i.eUsingcrontaborsomeotherschedulers? Ifyoudonthaveabackupofyourcriticalsystems,stopreadingthisarticleandgetbacktowork. Startplanningforyourbackupimmediately. Awhilebackinoneoftheresearchconductedbysomegroup(dontrememberwhodidthat),I remembertheymentionedthatonly70%oftheproductionapplicationsaregettingbackedup.Out ofthose,30%ofthebackupsareinvalidorcorrupted. AssumethatSamtakesbackupofthecriticalapplicationsregularly,butdoesntvalidatehisbackup. However,Jackdoesntevenbothertotakeanybackupofhiscriticalapplications.Itmightsoundlike SamwhohasabackupisinmuchbettershapethanJackwhodoesntevenhaveabackup.Inmy opinion,bothSamandJackareinthesamesituation,asSamnevervalidatedhisbackuptomake sureitcanberestoredwhenthereisadisater. Ifyouareasysadminanddontwanttofollowthisgoldenrule#1(orliketobreakthisrule),you shouldseriouslyconsiderquittingsysadminjobandbecomeadeveloper.
Rule#2:MastertheCommandLine(andavoidtheUIifpossible)
ThereisnotasingletaskonaUnix/Linuxserver,thatyoucannotperformfromcommandline. Whiletherearesomeuserinterfaceavailabletomakesomeofthesysadmintaskeasy,youreally dontneedthemandshouldbeusingcommandlineallthetime. So,ifyouareaLinuxsysadmin,youshouldmasterthecommandline. Onanysystem,ifyouwanttobeveryfluentandproductive,youshouldmasterthecommandline. ThemaindifferencebetweenaWindowssysadminandLinuxsysadminisGUIVsCommandline. Windowssysadminarenotverycomfortablewithcommandline.Linuxsysadminshouldbevery comfortablewithcommandline. EvenwhenyouhaveaUItodocertaintask,youshouldstillprefercommandline,asyouwould understandhowaparticularserviceworks,ifyoudoitfromthecommandline.Inlotofproduction serverenvironment,sysadminstypicallyuninstallallGUIrelatedservicesandtools. IfyouareUnix/Linuxsysadminanddontwanttofollowthisrule,probablythereisadeepdesire insideyoutobecomeaWindowssysadmin.
Rule#3:AutomateEverything(andbecomelazy)
Lazysysadministhebestsysadmin. ThereisnotevenasinglesysadminthatIknowof,wholikestobreakthisrule.Thatmighthave somethingtodowiththelazypart. Takefewminutestothinkandlistoutalltheroutinetasksthatyoumightdodaily,weeklyor monthly.Onceyouhavethatlist,figureouthowyoucanautomatethose.Thebestsysadmintypically doesntliketobebusy.Hewouldratherberelaxedandletthesystemdothejobforhim. 4. User and group disk quota :Thisarticleexplainshowtosetupuserandgroupquotewithsoft limit,hardlimitandgraceperiod.Forexample,ifyouspecify2GBashardlimit,userwillnotbeable tocreatenewfilesafter2GB. 5StepstoSetupUserandGroupDiskQuotaonUNIX/Linux OnLinux,youcansetupdiskquotausingoneofthefollowingmethods: Filesystembasediskquotaallocation Userorgroupbaseddiskquotaallocation Ontheuserorgroupbasedquota,followingarethreeimportantfactorstoconsider: HardlimitForexample,ifyouspecify2GBashardlimit,userwillnotbeabletocreatenewfiles after2GB SoftlimitForexample,ifyouspecify1GBassoftlimit,userwillgetawarningmessagediskquota exceeded,oncetheyreach1GBlimit.But,theyllstillbeabletocreatenewfilesuntiltheyreachthe hardlimit GracePeriodForexample,ifyouspecify10daysasagraceperiod,afteruserreachtheirhardlimit, theywouldbeallowedadditional10daystocreatenewfiles.Inthattimeperiod,theyshouldtryto getbacktothequotalimit.
1.Enablequotacheckonfilesystem
First,youshouldspecifywhichfilesystemareallowedforquotacheck.
Modifythe/etc/fstab,andaddthekeywordusrquotaandgrpquotatothecorrespondingfilesystem thatyouwouldliketomonitor. Thefollowingexampleindicatesthatbothuserandgroupquotacheckisenabledon/home filesystem

#cat/etc/fstab LABEL=/home/homeext2defaults,usrquota,grpquota12
Reboottheserveraftertheabovechange.
2.InitialquotacheckonLinuxfilesystemusingquotacheck
Onceyouveenableddiskquotacheckonthefilesystem,collectallquotainformationinitiallyas shownbelow.
#quotacheckavug quotacheck:Scanning/dev/sda3[/home]done quotacheck:Checked5182directoriesand31566files quotacheck:Oldfilenotfound. quotacheck:Oldfilenotfound.
Intheabovecommand: a:Checkallquotaenabledfilesystem v:Verbosemode u:Checkforuserdiskquota g:Checkforgroupdiskquota Theabovecommandwillcreateaaquotafileforuserandgroupunderthefilesystemdirectoryas shownbelow.

#lsl/home/ rw1rootroot11264Jun2114:49aquota.user rw1rootroot11264Jun2114:49aquota.group
3.Assigndiskquotatoauserusingedquotacommand
Usetheedquotacommandasshownbelow,toeditthequotainformationforaspecificuser. Forexample,tochangethediskquotaforuserramesh,useedquotacommand,whichwillopenthe soft,hardlimitvaluesinaneditorasshownbelow.
#edquotaramesh Diskquotasforuserramesh(uid500): Filesystemblockssofthardinodessofthard /dev/sda3141935200168600
Oncetheedquotacommandopensthequotasettingsforthespecificuserinaeditor,youcansetthe followinglimits: softandhardlimitfordiskquotasizefortheparticularuser. softandhardlimitforthetotalnumberofinodesthatareallowedfortheparticularuser.
4.Reportthediskquotausageforusersandgroupusingrepquota
#repquota/home ***Reportforuserquotasondevice/dev/sda3 Blockgracetime:7days;Inodegracetime:7days BlocklimitsFilelimits Userusedsofthardgraceusedsofthardgrace
Usetherepquotacommandasshownbelowtoreportthediskquotausagefortheusersandgroups.
root56648800540100 nobody1448003000 ramesh141935200168600 john266040017200
5.Addquotachecktodailycronjob
Addthequotachecktothedailycronjob.Createaquotacheckfileasshownbelowunderthe /etc/cron.dailydirectory,thatwillrunthequotacheckcommandeveryday.Thiswillsendtheoutput ofthequotacheckcommandtorootemailaddress.
#cat/etc/cron.daily/quotacheck quotacheckavug
5. Troubleshoot using dmesg :Usingdmesgyoucanviewbootupmessagesthatdisplaysinformation aboutthehardwaredevicesthatthekerneldetectsduringbootprocess.Thiscanbehelpfulduring troubleshootingprocess.
TroubleshootingUsingdmesgCommandinUnix andLinux
Duringsystembootupprocess,kernelgetsloadedintothememoryanditcontrolstheentiresystem. Whenthesystembootsup,itprintsnumberofmessagesonthescreenthatdisplaysinformationaboutthehardware devicesthatthekerneldetectsduringbootprocess. Thesemessagesareavailableinkernelringbufferandwheneverthenewmessagecomestheoldmessagegets overwritten.Youcouldseeallthosemessagesafterthesystembootupusingthedmesgcommand.
1.ViewtheBootMessages
Byexecutingthedmesgcommand,youcanviewthehardwaresthataredetectedduringbootupprocessandits configurationdetails.Therearelotofusefulinformationdisplayedindmesg.Justbrowsethroughthemlinebyline andtrytounderstandwhatitmeans.Onceyouhaveanideaofthekindofmessagesitdisplays,youmightfindit helpfulfortroubleshooting,whenyouencounteranissue. #dmesg|more Bluetooth:L2CAPver2.8 eth0:noIPv6routerspresent bnx2:eth0NICCopperLinkisDown usb15.2:USBdisconnect,address5 bnx2:eth0NICCopperLinkisUp,100Mbpsfullduplex Aswediscussedearlier,youcanalsoviewhardware information using dmidecode .
2.ViewAvailableSystemMemory
Youcanalsoviewtheavailablememoryfromthedmesgmessagesasshownbelow. #dmesg|grepMemory Memory:57703772k/60817408kavailable(2011kkernelcode,1004928kreserved,915kdata,208kinit)
3.ViewEthernetLinkStatus(UP/DOWN)
Intheexamplebelow,dmesgindicatesthattheeth0linkisinactivestateduringthebootitself. #dmesg|grepeth eth0:BroadcomNetXtremeIIBCM57091000BaseT(C0)PCIExpressfoundatmem96000000,IRQ169,nodeaddr
e4:1f:13:62:ff:58 eth1:BroadcomNetXtremeIIBCM57091000BaseT(C0)PCIExpressfoundatmem98000000,IRQ114,nodeaddr e4:1f:13:62:ff:5a eth0:Linkup
4.ChangethedmesgBufferSizein/boot/configfile
Linuxallowstoyouchangethedefaultsizeofthedmesgbuffer.TheCONFIG_LOG_BUF_SHIFTparameterinthe /boot/config2.6.18194.el5file(orsimilarfileonyoursystem)canbechangedtomodifythedmesgbuffer. Thebelowvalueisinthepowerof2.So,thebuffersizeinthisexamplewouldbe262144bytes.Youcanmodifythe buffersizebasedonyourneed(SUSE/REDHAT). #grepCONFIG_LOG_BUF_SHIFT/boot/configùnamer` CONFIG_LOG_BUF_SHIFT=18
5.ClearMessagesindmesgBuffer
Sometimesyoumightwanttoclearthedmesgmessagesbeforeyournextreboot.Youcanclearthedmesgbufferas shownbelow. #dmesgc
#dmesg
6.dmesgtimestamp:DateandTimeofEachBootMessageindmesg
Bydefaultthedmesgdonthavethetimestampassociatedwiththem.HoweverLinuxprovidesawaytoseethedate andtimeforeachbootmessagesindmesginthe/var/log/kern.logfileasshownbelow. klogdserviceshouldbeenabledandconfiguredproperlytologthemessagesin/var/log/kern.logfile. #dmesg|grep"L2cache" [0.014681]CPU:L2cache:2048K
#grep"L2cache"kern.log.1 Oct1823:55:40ubuntukernel:[0.014681]CPU:L2cache:2048K
6. RPM package management examples :15examplesprovidedinthisarticleexplainseverythingyou needtoknowaboutmanagingRPMpackagesonredhatbasedsystem(includingCentOS).
RPMCommand:15ExamplestoInstall,Uninstall,Upgrade,QueryRPM Packages
Linuxsystem. RPMstandsforRedHatPackageManager.
RPMcommandisusedforinstalling,uninstalling,upgrading,querying,listing,andcheckingRPMpackagesonyour
Withrootprivilege,youcanusetherpmcommandwithappropriateoptionstomanagetheRPMsoftwarepackages. Inthisarticle,letusreview15practicalexamplesofrpmcommand. LetustakeanrpmofMysqlClientandrunthroughallourexamples.
1.InstallingaRPMpackageUsingrpmivh
RPMfilenamehaspackagename,version,releaseandarchitecturename. Forexample,IntheMySQLclient3.23.571.i386.rpmfile:
MySQLclientPackageName 3.23.57Version 1Release i386Architecture WhenyouinstallaRPM,itcheckswhetheryoursystemissuitableforthesoftwaretheRPMpackagecontains, figuresoutwheretoinstallthefileslocatedinsidetherpmpackage,installsthemonyoursystem,andaddsthat pieceofsoftwareintoitsdatabaseofinstalledRPMpackages. ThefollowingrpmcommandinstallsMysqlclientpackage. #rpmivhMySQLclient3.23.571.i386.rpm Preparing...###########################################[100%] 1:MySQLclient###########################################[100%] rpmcommandandoptions i:installapackage v:verbose h:printhashmarksasthepackagearchiveisunpacked. Youcanalsousedpkg on Debian ,pkgadd on Solaris ,depot on HPUX toinstallpackages.
2.QueryalltheRPMPackagesusingrpmqa
Youcanuserpmcommandtoqueryallthepackagesinstalledinyoursystem. #rpmqa cdrecord2.0110.7.el5 bluezlibs3.71.1 setarch2.01.1 . . qqueryoperation aqueriesallinstalledpackages Toidentifywhetheraparticularrpmpackageisinstalledonyoursystem,combinerpmandgrepcommandas shownbelow.Followingcommandcheckswhethercdrecordpackageisinstalledonyoursystem. #rpmqa|grep'cdrecord'
3.QueryaParticularRPMPackageusingrpmq
Theaboveexamplelistsallcurrentlyinstalledpackage.Afterinstallationofapackagetochecktheinstallation,you canqueryaparticularpackageandverifyasshownbelow. #rpmqMySQLclient MySQLclient3.23.571
#rpmqMySQL packageMySQLisnotinstalled
Note:Toqueryapackage,youshouldspecifytheexactpackagename.Ifthepackagenameisincorrect,thenrpm commandwillreportthatthepackageisnotinstalled.
4.QueryRPMPackagesinavariousformatusingrpmqueryformat
Rpmcommandprovidesanoptionqueryformat,whichallowsyoutogivetheheadertagnames,tolistthe packages.Enclosetheheadertagwithin{}. #rpmqaqueryformat'%{name%{version}%{release}%{size}\n' cdrecord2.0110.712324 bluezlibs3.71.15634
setarch2.01.1235563 . . #
5.WhichRPMpackagedoesafilebelongto?Userpmqf
Letussay,youhavelistoffilesandyouwouldwanttoknowwhichpackageownsallthesefiles.rpmcommandhas optionstoachievethis. Thefollowingexampleshowsthat/usr/bin/mysqlaccessfileispartoftheMySQLclient3.23.571rpm. #rpmqf/usr/bin/mysqlaccess MySQLclient3.23.571 f:filename
6.Locatedocumentationofapackagethatownsfileusingrpmqdf
Usethefollowingtoknowthelistofdocumentations,forapackagethatownsafile.Thefollowingcommand,gives thelocationofallthemanualpagesrelatedtomysqlpackage. #rpmqdf/usr/bin/mysqlaccess /usr/share/man/man1/mysql.1.gz /usr/share/man/man1/mysqlaccess.1.gz /usr/share/man/man1/mysqladmin.1.gz /usr/share/man/man1/mysqldump.1.gz /usr/share/man/man1/mysqlshow.1.gz d:refersdocumentation.
7.InformationaboutInstalledRPMPackageusingrpmqi
rpmcommandprovidesalotofinformationaboutaninstalledpacakgeusingrpmqiasshownbelow: #rpmqiMySQLclient Name:MySQLclientRelocations:(notrelocatable) Version:3.23.57Vendor:MySQLAB Release:1BuildDate:Mon09Jun200311:08:28PMCEST InstallDate:Mon06Feb201003:19:16AMPSTBuildHost:build.mysql.com Group:Applications/DatabasesSourceRPM:MySQL3.23.571.src.rpm Size:5305109License:GPL/LGPL Signature:(none) Packager:LenzGrimmer URL:http://www.mysql.com/ Summary:MySQLClient Description:ThispackagecontainsthestandardMySQLclients. IfyouhaveanRPMfilethatyouwouldliketoinstall,butwanttoknowmoreinformationaboutitbeforeinstalling, youcandothefollowing: #rpmqipMySQLclient3.23.571.i386.rpm Name:MySQLclientRelocations:(notrelocatable) Version:3.23.57Vendor:MySQLAB Release:1BuildDate:Mon09Jun200311:08:28PMCEST InstallDate:(notinstalled)BuildHost:build.mysql.com Group:Applications/DatabasesSourceRPM:MySQL3.23.571.src.rpm Size:5305109License:GPL/LGPL Signature:(none) Packager:LenzGrimmer URL:http://www.mysql.com/
Summary:MySQLClient Description:ThispackagecontainsthestandardMySQLclients.
i:viewinformationaboutanrpm p:specifyapackagename
8.ListalltheFilesinaPackageusingrpmqlp
TolistthecontentofaRPMpackage,usethefollowingcommand,whichwilllistoutthefileswithoutextracting intothelocaldirectoryfolder. $rpmqlpovpc2.1.10.rpm /usr/bin/mysqlaccess /usr/bin/mysqldata /usr/bin/mysqlperm . . /usr/bin/mysqladmin q:querytherpmfile l:listthefilesinthepackage p:specifythepackagename Youcanalsoextract files from RPM package using rpm2cpio aswediscussedearlier.
9.ListtheDependencyPackagesusingrpmqRP
Toviewthelistofpackagesonwhichthispackagedepends, #rpmqRpMySQLclient3.23.571.i386.rpm /bin/sh /usr/bin/perl
10.Findoutthestateoffilesinapackageusingrpmqsp
Thefollowingcommandistofindstate(installed,replacedornormal)forallthefilesinaRPMpackage. #rpmqspMySQLclient3.23.571.i386.rpm normal/usr/bin/msql2mysql normal/usr/bin/mysql normal/usr/bin/mysql_find_rows normal/usr/bin/mysqlaccess normal/usr/bin/mysqladmin normal/usr/bin/mysqlbinlog normal/usr/bin/mysqlcheck normal/usr/bin/mysqldump normal/usr/bin/mysqlimport normal/usr/bin/mysqlshow normal/usr/share/man/man1/mysql.1.gz normal/usr/share/man/man1/mysqlaccess.1.gz normal/usr/share/man/man1/mysqladmin.1.gz normal/usr/share/man/man1/mysqldump.1.gz normal/usr/share/man/man1/mysqlshow.1.gz
11.VerifyaParticularRPMPackageusingrpmVp
Verifyingapackagecomparesinformationabouttheinstalledfilesinthepackagewithinformationaboutthefiles takenfromthepackagemetadatastoredintherpmdatabase.Inthefollowingcommand,Visforverificationand poptionisusedtospecifyapackagenametoverify. #rpmVpMySQLclient3.23.571.i386.rpm S.5....Tc/usr/bin/msql2mysql
S.5....Tc/usr/bin/mysql S.5....Tc/usr/bin/mysql_find_rows S.5....Tc/usr/bin/mysqlaccess
Thecharacterintheaboveoutputdenotesthefollowing: SfileSizediffers MModediffers(includespermissionsandfiletype) 5MD5sumdiffers DDevicemajor/minornumbermismatch Lreadlink(2)pathmismatch UUserownershipdiffers GGroupownershipdiffers TmTimediffers
12.VerifyaPackageOwningfileusingrpmVf
Thefollowingcommandverifythepackagewhichownsthegivenfilename. #rpmVf/usr/bin/mysqlaccess S.5....Tc/usr/bin/mysql #
13.UpgradingaRPMPackageusingrpmUvh
Upgradingapackageissimilartoinstallingone,butRPMautomaticallyuninstallsexistingversionsofthepackage beforeinstallingthenewone.Ifanoldversionofthepackageisnotfound,theupgradeoptionwillstillinstallit. #rpmUvhMySQLclient3.23.571.i386.rpm Preparing...###########################################[100%] 1:MySQLclient###########################################
14.UninstallingaRPMPackageusingrpme
Toremoveaninstalledrpmpackageusingeasshownbelow.Afteruninstallation,youcanqueryusingrpmqaand verifytheuninstallation. #rpmevMySQLclient
15.VerifyingalltheRPMPackagesusingrpmVa
Thefollowingcommandverifiesalltheinstalledpackages. #rpmVa S.5....Tc/etc/issue S.5....Tc/etc/issue.net S.5....Tc/var/service/imap/ssl/seed S.5....Tc/home/httpd/html/horde/ingo/config/backends.php . . S.5....Tc/home/httpd/html/horde/ingo/config/prefs.php S.5....Tc/etc/printcap
7. 10 netstat examples :Netstatcommanddisplaysvariousnetworkrelatedinformationsuchasnetwork connections,routingtables,interfacestatistics,masqueradeconnections,multicastmembershipsetc.,
UNIX/Linux:10NetstatCommandExamples
Netstatcommanddisplaysvariousnetworkrelatedinformationsuchasnetworkconnections,routingtables, interfacestatistics,masqueradeconnections,multicastmembershipsetc., Inthisarticle,letusreview10practicalunixnetstatcommandexamples.
1.ListAllPorts(bothlisteningandnonlisteningports)
Listallportsusingnetstata #netstata|more ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN udp00*:bootpc*:*
ActiveUNIXdomainsockets(serversandestablished) ProtoRefCntFlagsTypeStateINodePath unix2[ACC]STREAMLISTENING6135/tmp/.X11unix/X0 unix2[ACC]STREAMLISTENING5140/var/run/acpid.socket
Listalltcpportsusingnetstatat #netstatat ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN tcp00localhost:ipp*:*LISTEN tcp00*:smtp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN Listalludpportsusingnetstatau #netstatau ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState udp00*:bootpc*:* udp00*:49119*:* udp00*:mdns*:*
2.ListSocketswhichareinListeningState
Listonlylisteningportsusingnetstatl #netstatl ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:ipp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN udp00*:49119*:* ListonlylisteningTCPPortsusingnetstatlt #netstatlt ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN tcp00*:smtp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN
ListonlylisteningUDPPortsusingnetstatlu #netstatlu ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState udp00*:49119*:* udp00*:mdns*:* ListonlythelisteningUNIXPortsusingnetstatlx #netstatlx ActiveUNIXdomainsockets(onlyservers) ProtoRefCntFlagsTypeStateINodePath unix2[ACC]STREAMLISTENING6294private/maildrop unix2[ACC]STREAMLISTENING6203public/cleanup unix2[ACC]STREAMLISTENING6302private/ifmail unix2[ACC]STREAMLISTENING6306private/bsmtp
3.Showthestatisticsforeachprotocol
Showstatisticsforallportsusingnetstats #netstats Ip: 11150totalpacketsreceived 1withinvalidaddresses 0forwarded 0incomingpacketsdiscarded 11149incomingpacketsdelivered 11635requestssentout Icmp: 0ICMPmessagesreceived 0inputICMPmessagefailed. Tcp: 582activeconnectionsopenings 2failedconnectionattempts 25connectionresetsreceived Udp: 1183packetsreceived 4packetstounknownportreceived. ..... ShowstatisticsforTCP(or)UDPportsusingnetstatst(or)su #netstatst
#netstatsu
4.DisplayPIDandprogramnamesinnetstatoutputusingnetstatp
netstatpoptioncanbecombinedwithanyothernetstatoption.ThiswilladdthePID/ProgramNametothe netstatoutput.Thisisveryusefulwhiledebuggingtoidentifywhichprogramisrunningonaparticularport. #netstatpt ActiveInternetconnections(w/oservers) ProtoRecvQSendQLocalAddressForeignAddressStatePID/Programname tcp10rameshlaptop.loc:47212192.168.185.75:wwwCLOSE_WAIT2109/firefox tcp00rameshlaptop.loc:52750lax:wwwESTABLISHED2109/firefox
5.Dontresolvehost,portandusernameinnetstatoutput
Whenyoudontwantthenameofthehost,portorusertobedisplayed,usenetstatnoption.Thiswilldisplayin
numbers,insteadofresolvingthehostname,portname,username. Thisalsospeedsuptheoutput,asnetstatisnotperforminganylookup. #netstatan Ifyoudontwantonlyanyoneofthosethreeitems(ports,orhosts,orusers)toberesolved,usefollowing commands. #netsatanumericports

#netsatanumerichosts #netsatanumericusers
6.Printnetstatinformationcontinuously
netstatwillprintinformationcontinuouslyeveryfewseconds. #netstatc ActiveInternetconnections(w/oservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00rameshlaptop.loc:36130101101181225.ama:wwwESTABLISHED tcp11rameshlaptop.loc:52564101.11.169.230:wwwCLOSING tcp00rameshlaptop.loc:43758server101101432:wwwESTABLISHED tcp11rameshlaptop.loc:42367101.101.34.101:wwwCLOSING ^C
7.FindthenonsupportiveAddressfamiliesinyoursystem
netstatverbose
Attheend,youwillhavesomethinglikethis. netstat:nosupportforÀFIPX'onthissystem. netstat:nosupportforÀFAX25'onthissystem. netstat:nosupportforÀFX25'onthissystem. netstat:nosupportforÀFNETROM'onthissystem.
8.Displaythekernelroutinginformationusingnetstatr
#netstatr KernelIProutingtable DestinationGatewayGenmaskFlagsMSSWindowirttIface 192.168.1.0*255.255.255.0U000eth2 linklocal*255.255.0.0U000eth2 default192.168.1.10.0.0.0UG000eth2
Note:Usenetstatrntodisplayroutesinnumericformatwithoutresolvingforhostnames.
9.Findoutonwhichportaprogramisrunning
#netstatap|grepssh (Notallprocessescouldbeidentified,nonownedprocessinfo willnotbeshown,youwouldhavetoberoottoseeitall.) tcp10devdb:ssh101.174.100.22:39213CLOSE_WAIT tcp10devdb:ssh101.174.100.22:57643CLOSE_WAIT
Findoutwhichprocessisusingaparticularport: #netstatan|grep':80'
10.Showthelistofnetworkinterfaces
#netstati KernelInterfacetable IfaceMTUMetRXOKRXERRRXDRPRXOVRTXOKTXERRTXDRPTXOVRFlg eth01500000000000BMU
eth2150002619600026883600BMRU lo16436040004000LRU
Displayextendedinformationontheinterfaces(similartoifconfig)usingnetstatie: #netstatie KernelInterfacetable eth0Linkencap:EthernetHWaddr00:10:40:11:11:11 UPBROADCASTMULTICASTMTU:1500Metric:1 RXpackets:0errors:0dropped:0overruns:0frame:0 TXpackets:0errors:0dropped:0overruns:0carrier:0 collisions:0txqueuelen:1000 RXbytes:0(0.0B)TXbytes:0(0.0B) Memory:f6ae0000f6b00000
8. Manage packages using apt* commands :These13practicalexamplesexplainshowtomanage packagesusingaptget,aptcache,aptfileanddpkgcommands.
HowToManagePackagesUsingaptget,aptcache,aptfileanddpkg Commands(With13PracticalExamples)
Debianbasedsystems(includingUbuntu)usesapt*commandsformanagingpackagesfromthecommandline. Inthisarticle,usingApache2installationasanexample,letusreviewhowtouseapt*commandstoview,install, remove,orupgradepackages.
1.aptcachesearch:SearchRepositoryUsingPackageName
IfyouareinstallingApache2,youmayguessthatthepackagenameisapache2.Toverifywhetheritisavalid packagename,youmaywanttosearchtherepositoryforthatparticularpackagenameasshownbelow. Thefollowingexampleshowshowtosearchtherepositoryforaspecificpackagename. $aptcachesearchâpache2$ apache2ApacheHTTPServermetapackage
2.aptcachesearch:SearchRepositoryUsingPackageDescription
Ifyoudontknowtheexactnameofthepackage,youcanstillsearchusingthepackagedescriptionasshownbelow. $aptcachesearch"ApacheHTTPServer" apache2ApacheHTTPServermetapackage apache2docApacheHTTPServerdocumentation apache2mpmeventApacheHTTPServereventdrivenmodel apache2mpmpreforkApacheHTTPServertraditionalnonthreadedmodel apache2mpmworkerApacheHTTPServerhighspeedthreadedmodel apache2.2commonApacheHTTPServercommonfiles
3.aptfilesearch:SearchRepositoryUsingaFilenamefromthePackage
Sometimesyoumayknowtheconfigurationfilename(or)theexecutablenamefromthepackagethatyouwould liketoinstall. Thefollowingexampleshowsthatapache2.conffileispartoftheapache2.2commonpackage.Searchthe repositorywithaconfigurationfilenameusingaptfilecommandasshownbelow. $aptfilesearchapache2.conf
apache2.2common:/etc/apache2/apache2.conf apache2.2common:/usr/share/doc/apache2.2common/examples/apache2/apache2.conf.gz
4.aptcacheshow:BasicInformationAboutaPackage
Followingexampledisplaysbasicinformationaboutapache2package. $aptcacheshowapache2 Package:apache2 Priority:optional Maintainer:UbuntuCoreDevelopers OriginalMaintainer:DebianApacheMaintainers Version:2.2.112ubuntu2.3 Depends:apache2mpmworker(>=2.2.112ubuntu2.3) |apache2mpmprefork(>=2.2.112ubuntu2.3) |apache2mpmevent(>=2.2.112ubuntu2.3) Filename:pool/main/a/apache2/apache2_2.2.112ubuntu2.3_all.deb Size:46350 Description:ApacheHTTPServermetapackage TheApacheSoftwareFoundation'sgoalistobuildasecure,efficientand extensibleHTTPserverasstandardscompliantopensourcesoftware. Homepage:http://httpd.apache.org/
5.aptcacheshowpkg:DetailedInformationAboutaPackage
aptcacheshowdisplaysbasicinformationaboutapackage.Useaptcacheshowpkgtodisplaydetailed
informationaboutapackageasshownbelow. $aptcacheshowpkgapache2 Package:apache2 Versions: 2.2.112ubuntu2.3(/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jauntyupdates_main_binaryi386_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_jauntysecurity_main_binaryi386_Packages) DescriptionLanguage: File:/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jauntyupdates_main_binaryi386_Packages MD5:d24f049cd70ccfc178dd8974e4b1ed01 ReverseDepends: squirrelmail,apache2 squid3cgi,apache2 phpmyadmin,apache2 maharaapache2,apache2 ipplan,apache2 Dependencies: 2.2.112ubuntu2.3apache2mpmworker(182.2.112ubuntu2.3)apache2mpmprefork(182.2.112ubuntu2.3) apache2mpmevent(22.2.112ubuntu2.3) 2.2.112ubuntu2apache2mpmworker(182.2.112ubuntu2)apache2mpmprefork(182.2.112ubuntu2)apache2 mpmevent(22.2.112ubuntu2) Provides: 2.2.112ubuntu2.3 2.2.112ubuntu2 ReverseProvides: apache2mpmitk2.2.6021build4.3 apache2mpmworker2.2.112ubuntu2.3 apache2mpmprefork2.2.112ubuntu2.3 apache2mpmprefork2.2.112ubuntu2 apache2mpmevent2.2.112ubuntu2
6.aptfilelist:ListalltheFilesLocatedInsideaPackage
Useaptfilelisttodisplayallthefileslocatedinsidetheapache2packageasshownbelow. $aptfilelistapache2|more apache2:/usr/share/bug/apache2/control apache2:/usr/share/bug/apache2/script apache2:/usr/share/doc/apache2/NEWS.Debian.gz apache2:/usr/share/doc/apache2/README.Debian.gz apache2:/usr/share/doc/apache2/changelog.Debian.gz ...
7.aptcachedepends:ListallDependentPackages
Beforeinstallation,ifyouliketoviewallthedependentpackages,useaptcachedependsasshownbelow. $aptcachedependsapache2 apache2 |Depends:apache2mpmworker |Depends:apache2mpmprefork Depends:apache2mpmevent
8.dpkgl:IsthePackageAlreadyInstalled?
Beforeinstallingapackage,youmaywanttomakesureitisnotalreadyinstalledasshownbelowusingdpkgl command. $dpkgl|grepiapache
9.aptgetinstall:InstallaPackage
Finally,installthepackageusingaptgetinstallasshownbelow. $sudoaptgetinstallapache2 [sudo]passwordforramesh:

ThefollowingNEWpackageswillbeinstalled: apache2apache2mpmworkerapache2utilsapache2.2commonlibapr1 libaprutil1libpq5 0upgraded,7newlyinstalled,0toremoveand26notupgraded.
10.dpkgl:VerifyWhetherthePackagegotSuccessfullyInstalled
Afterinstallingthepackage,usedpkgltomakesureitgotinstalledsuccessfully. $dpkgl|grepapache iiapache22.2.112ubuntu2.3ApacheHTTPServermetapackage iiapache2mpmworker2.2.112ubuntu2.3ApacheHTTPServerhighspeedthreadedmod iiapache2utils2.2.112ubuntu2.3utilityprogramsforwebservers iiapache2.2common2.2.112ubuntu2.3ApacheHTTPServercommonfiles
11.aptgetremove:DeleteaPackage
Useaptgetpurgeoraptgetremovetodeleteapackageasshownbelow. $sudoaptgetpurgeapache2
(or) $sudoaptgetremoveapache2 Thefollowingpackageswereautomaticallyinstalledandarenolongerrequired: apache2utilslinuxheaders2.6.2811libapr1apache2.2common linuxheaders2.6.2811genericapache2mpmworkerlibpq5libaprutil1
Use'aptgetautoremove'toremovethem. ThefollowingpackageswillbeREMOVED: apache2 0upgraded,0newlyinstalled,1toremoveand26notupgraded. Removingapache2...
aptgetremovewillnotdeletetheconfigurationfilesofthepackage aptgetpurgewilldeletetheconfigurationfilesofthepackage
12.aptgetuinstall:UpgradeaSpecificPackage
Thefollowingexampleshowshowtoupgradeonespecificpackage. $sudoaptgetuinstallapache2 Readingpackagelists...Done Buildingdependencytree Readingstateinformation...Done apache2isalreadythenewestversion. Thefollowingpackageswereautomaticallyinstalledandarenolongerrequired: linuxheaders2.6.2811linuxheaders2.6.2811generic Use'aptgetautoremove'toremovethem. 0upgraded,0newlyinstalled,0toremoveand26notupgraded.
13.aptgetuupgrade:UpgradeallPackages
Toupgradeallthepackagestoitslatestversion,useaptgetuupgradeasshownbelow. $sudoaptgetuupgrade Thefollowingpackageswillbeupgraded: libglib2.00libglib2.0datalibicu38libsmbclientlibwbclient0 openoffice.orgbasecoreopenoffice.orgcalcopenoffice.orgcommon openoffice.orgcoreopenoffice.orgdrawopenoffice.orgemailmerge openoffice.orggnomeopenoffice.orggtkopenoffice.orgimpress openoffice.orgmathopenoffice.orgstylehumanopenoffice.orgwriter pythonunosambacommonsmbclientttfopensymboltzdata 26upgraded,0newlyinstalled,0toremoveand0notupgraded.
9. Modprobe command examples :modprobeutilityisusedtoaddloadablemodulestotheLinuxkernel. Youcanalsoviewandremovemodulesusingmodprobecommand.
LinuxmodprobeCommandExamplestoView,Install,RemoveModules
modprobeutilityisusedtoaddloadablemodulestotheLinuxkernel.Youcanalsoviewandremove modulesusingmodprobecommand. Linuxmaintains/lib/modules/$(unamer)directoryformodulesanditsconfigurationfiles(except /etc/modprobe.confand/etc/modprobe.d). InLinuxkernel2.6,the.komodulesareusedinsteadof.ofilessincethathasadditionalinformation thatthekernelusestoloadthemodules.Theexampleinthisarticlearedonewithusingmodprobe onUbuntu.
1.ListAvailableKernelModules
modprobelwilldisplayallavailablemodulesasshownbelow.
$modprobel|less kernel/arch/x86/kernel/cpu/mcheck/mceinject.ko kernel/arch/x86/kernel/cpu/cpufreq/e_powersaver.ko kernel/arch/x86/kernel/cpu/cpufreq/p4clockmod.ko kernel/arch/x86/kernel/msr.ko kernel/arch/x86/kernel/cpuid.ko kernel/arch/x86/kernel/apm.ko kernel/arch/x86/kernel/scx200.ko kernel/arch/x86/kernel/microcode.ko kernel/arch/x86/crypto/aesi586.ko kernel/arch/x86/crypto/twofishi586.ko
2.ListCurrentlyLoadedModules
Whiletheabovemodprobecommandshowsallavailablemodules,lsmodcommandwilldisplayall modulesthatarecurrentlyloadedintheLinuxkernel.
$lsmod|less soundcore72641snd ppdev66880 snd_page_alloc91561snd_pcm psmouse561800 lp89640
3.InstallNewmodulesintoLinuxKernel
Inordertoinsertanewmoduleintothekernel,executethemodprobecommandwiththemodule name. FollowingexampleloadsvmhgfsmoduletoLinuxkernelonUbuntu.
$sudomodprobevmhgfs
Onceamoduleisloaded,verifyitusinglsmodcommandasshownbelow.
$lsmod|grepvmhgfs vmhgfs507720
Themodulefilesarewith.koextension.IfyouliketoknowthefullfilelocationofaspecificLinux kernelmodule,usemodprobecommandanddoagrepofthemodulenameasshownbelow.
$modprobe|grepvmhgfs misc/vmhgfs.ko $cd/lib/modules/2.6.3114generic/misc $lsvmhgfs* vmhgfs.ko
Note:YoucanalsouseinsmodforinstallingnewmodulesintotheLinuxkernel.
4.LoadNewModuleswiththeDifferentNametoAvoidConflicts
Consider,insomecasesyouaresupposedtoloadanewmodulebutwiththesamemodulename anothermodulegotalreadyloadedfordifferentpurposes. Ifforsomestrangereasons,themodulenameyouaretryingtoloadintothekernelisgettingused (withthesamename)byadifferentmodule,thenyoucanloadthenewmoduleusingadifferent name. Toloadamodulewithadifferentname,usethemodprobeoptionoasshownbelow.

$sudomodprobevmhgfsovm_hgfs $lsmod|grepvm_hgfs
vm_hgfs507720
5.RemovetheCurrentlyLoadedModule
IfyouveloadedamoduletoLinuxkernelforsometestingpurpose,youmightwanttounload (remove)itfromthekernel. Usemodproberoptiontounloadamodulefromthekernelasshownbelow.
modprobervmhgfs
10. Ethtool examples :Ethtoolutilityisusedtoviewandchangetheethernetdevice parameters.TheseexampleswillexplainhowyoucanmanipulateyourethernetNICcardusing ethtool. 9LinuxethtoolExamplestoManipulateEthernetCard(NICCard) Ethtoolutilityisusedtoviewandchangetheethernetdeviceparameters.
1.ListEthernetDeviceProperties
Whenyouexecuteethtoolcommandwithadevicename,itdisplaysthefollowinginformationabout theethernetdevice.
#ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Advertisedautonegotiation:Yes Speed:100Mb/s Duplex:Full Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:on SupportsWakeon:d Wakeon:d Linkdetected:yes
Thisaboveethtooloutputdisplaysethernetcardpropertiessuchasspeed,wakeon,duplexandthe linkdetectionstatus.Followingarethethreetypesofduplexesavailable. Fullduplex:Enablessendingandreceivingofpacketsatthesametime.Thismodeisusedwhenthe ethernetdeviceisconnectedtoaswitch. Halfduplex:Enableseithersendingorreceivingofpacketsatasinglepointoftime.Thismodeis usedwhentheethernetdeviceisconnectedtoahub. Autonegotiation:Ifenabled,theethernetdeviceitselfdecideswhethertouseeitherfullduplexor halfduplexbasedonthenetworktheethernetdeviceattachedto.
2.ChangeNICParameterUsingethtoolOptionsautoneg
Theaboveethtooleth0outputdisplaysthattheAutonegotiationparameterisinenabledstate.You
candisablethisusingautonegoptionintheethtoolasshownbelow.
#ifdowneth0 eth0device:BroadcomCorporationNetXtremeIIBCM5709GigabitEthernet(rev20) eth0configuration:ethbuspci0000:0b:00.0 #ethtoolseth0autonegoff #ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:Unknown!(65535) Duplex:Unknown!(255) Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g Linkdetected:no #ifupeth0
Aftertheabovechange,youcouldseethatthelinkdetectionvaluechangedtodownandauto negotiationisinoffstate.
3.ChangetheSpeedofEthernetDevice
#ethtoolseth0speed100autonegoff
Usingethtoolyoucanchangethespeedoftheethernetdevicetoworkwiththecertainnetwork devices,andthenewlyassignspeedvalueshouldbewithinthelimitedcapacity.
#ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:Unknown!(65535) Duplex:Unknown!(255) Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g
Linkdetected:no
Onceyouchangethespeedwhentheadapterisonline,itautomaticallygoesoffline,andyouneedto bringitbackonlineusingifupcommand.
#ifupeth0 eth0device:BroadcomCorporationNetXtremeIIBCM5709GigabitEthernet(rev20) eth0configuration:ethbuspci0000:0b:00.0 Checkingfornetworktimeprotocoldaemon(NTPD):running #ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:100Mb/s Duplex:Full Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g Linkdetected:yes
Asshownintheaboveoutput,thespeedchangedfrom1000Mb/sto100Mb/sandautonegotiation parameterisunset. TochangetheMaximumTransmissionUnit(MTU),refertoourifconfig examples article.
4.DisplayEthernetDriverSettings
#ethtoolieth0 driver:bnx2 version:2.0.1suse firmwareversion:1.9.3 businfo:0000:04:00.0
ethtoolioptiondisplaysdriverversion,firmwareversionandbusdetailsasshownbelow.
5.DisplayAutonegotiation,RXandTXofeth0
Viewtheautonegotiationdetailsaboutthespecificethernetdeviceasshownbelow.
#ethtoolaeth0 Pauseparametersforeth0: Autonegotiate:on RX:on TX:on
6.DisplayNetworkStatisticsofSpecificEthernetDevice
UseethtoolSoptiontodisplaythebytestransfered,received,errors,etc,asshownbelow.
#ethtoolSeth0 NICstatistics: rx_bytes:74356477841 rx_error_bytes:0
tx_bytes:110725861146 tx_error_bytes:0 rx_ucast_packets:104169941 rx_mcast_packets:138831 rx_bcast_packets:59543904 tx_ucast_packets:118118510 tx_mcast_packets:10137453 tx_bcast_packets:2221841 tx_mac_errors:0 tx_carrier_errors:0 rx_crc_errors:0 rx_align_errors:0 tx_single_collisions:0 tx_multi_collisions:0 tx_deferred:0 tx_excess_collisions:0 tx_late_collisions:0 tx_total_collisions:0 rx_fragments:0 rx_jabbers:0 rx_undersize_packets:0 rx_oversize_packets:0 rx_64_byte_packets:61154057 rx_65_to_127_byte_packets:55038726 rx_128_to_255_byte_packets:426962 rx_256_to_511_byte_packets:3573763 rx_512_to_1023_byte_packets:893173 rx_1024_to_1522_byte_packets:42765995 rx_1523_to_9022_byte_packets:0 tx_64_byte_packets:3633165 tx_65_to_127_byte_packets:51169838 tx_128_to_255_byte_packets:3812067 tx_256_to_511_byte_packets:113766 tx_512_to_1023_byte_packets:104081 tx_1024_to_1522_byte_packets:71644887 tx_1523_to_9022_byte_packets:0 rx_xon_frames:0 rx_xoff_frames:0 tx_xon_frames:0 tx_xoff_frames:0 rx_mac_ctrl_frames:0 rx_filtered_packets:14596600 rx_discards:0 rx_fw_discards:0
7.TroubleshoottheEthernetConnectionIssues
Whenthereisaproblemwiththenetworkconnection,youmightwanttocheck(orchange)the ethernetdeviceparametersexplainedintheaboveexamples,whenyouseefollowingissuesinthe outputofethtoolcommand. SpeedandDuplexvalueisshownasUnknown LinkdetectionvalueisshownasNo
Uponsuccessfulconnection,thethreeparametersmentionedabovegetsappropriatevalues.i.eSpeed isassignedwithknownvalue,DuplexbecomeeitherFull/Half,andtheLinkdetectionbecomesYes. Aftertheabovechanges,iftheLinkDetectionstillsaysNo,checkwhetherthereareanyissuesin thecablesthatrunsfromtheswitchandthesystem,youmightwanttodigintothataspectfurther. Tocaptureandanalyzepacketsfromaspecificnetworkinterface,usetcpdump utility .
8.IdentifySpecificDeviceFromMultipleDevices(BlinkLEDPortofNICCard)
Letusassumethatyouhaveamachinewithfourethernetadapters,andyouwanttoidentifythe physicalportofaparticularethernetcard.(Forexample,eth0). Useethtooloptionp,whichwillmakethecorrespondingLEDofphysicalporttoblink.

#ethtoolpeth0
9.MakeChangesPermanentAfterReboot
Ifyouvechangedanyethernetdeviceparametersusingtheethtool,itwillalldisappearafterthenext reboot,unlessyoudothefollowing. Onubuntu,youhavetomodify/etc/network/interfacesfileandaddallyourchangesasshown below.
#vim/etc/network/interfaces postupethtoolseth2speed1000duplexfullautonegoff
Theabovelineshouldbethelastlineofthefile.Thiswillchangespeed,duplexandautonegofeth2 devicepermanently. OnSUSE,modifythe/etc/sysconfig/network/ifcfgethidfileandincludeanewscriptusing POST_UP_SCRIPTvariableasshownbelow.Includethebelowlineasthelastlineinthe correspondingeth1adpaterconfigfile.

#vim/etc/sysconfig/network/ifcfgethid POST_UP_SCRIPT='eth1'
Then,createanewfilescripts/eth1asshownbelowunder/etc/sysconfig/networkdirectory.Make surethatthescripthasexecutepermissionandensurethattheethtoolutilityispresentunder/sbin directory.

#cd/etc/sysconfig/network/ #vimscripts/eth1 #!/bin/bash /sbin/ethtoolsduplexfullspeed100autonegoff
11. NFS mount using exportfs :ThisisalinuxbeginnersguidetoNFSmountusingexportfs.This explainshowtoexportafilesystemtoaremotemachineandmountitbothtemporarilyand permanently.
LinuxBeginnersGuidetoNFSMountUsing Exportfs
UsingNFS(NetworkFileSystem),youcanmountadiskpartitionofaremotemachineasifitisalocaldisk.This articleexplainshowtoexportafilesystemtoaremotemachineandmountitbothtemporarilyandpermanently.
1.ExportFileSystemtoRemoteServerusingexportfs
Toexportadirectorytoaremotemachine,dothefollowing. exportfsREMOTEIP:PATH REMOTEIPIPoftheremoteservertowhichyouwanttoexport. :delimiter PATHPathofdirectorythatyouwanttoexport.
2.MountRemoteServerFileSystemasaLocalStorage
Tomounttheremotefilesystemonthelocalserver,dothefollowing. mountREMOTEIP:PATHPATH Explanation REMOTEIPIPoftheremoteserverwhichexportedthefilesystem :delimeter PATHPathofdirectorywhichyouwanttoexport.
3.UnmountRemoteFileSystem
UmounttheremotefilesystemmountedonthelocalserverusingthenormalumountPATH.Formoreoptionrefer toumount command examples .
4.UnexporttheFileSystem
Youcanchecktheexportedfilesystemasshownbelow. #exportfs /publicdatawebserver.pq.net Tounexportthefilesystem,usetheuoptionasshownbelow. #exportfsuREMOTEIP:PATH Afterunexporting,checktomakesureitisnotavailableforNFSmountasshownbelow. #exportfs
5.MakeNFSExportPermanentAcrossSystemReboot
Exportcanbemadepermanentbyaddingthatentryinto/etc/exportsfile. #cat/etc/exports /publicdatawebserver.pq.net
6.MaketheMountPermanentAcrossReboot
mountcanbemadepermanentbyaddingthatentryinto/etc/fstabfile. #cat/etc/fstab webserver.pq.net:/publicdata/mydataext3defaults00
12. Change timezone :DependingonyourLinuxdistribution,useoneofthemethodsexplainedin thisarticletochangethetimezoneonyoursystem. HowTo:2MethodsToChangeTimeZoneinLinux
Question:WhenIinstalledtheLinuxOS,Iforgottosetthepropertimezone.HowdoI changethetimezoneonmyLinuxdistribution.IuseCentOS(RedHatLinux).But,canyouplease
explainmehowtodothisonallLinuxdistributionswithsomeclearexamples. Answer:UseoneofthefollowingmethodstochangethetimezoneonyourLinuxsystem.Oneof thesemethodsshouldworkforyoudependingontheLinuxdistributionyouareusing.
Method1:ChangeTimeZoneUsing/etc/localtimeFile
#date MonSep1722:59:24UTC2010
Forthisexample,assumethatyourcurrenttimezoneisUTCasshownbelow.Youwouldliketo changethistoPacificTime. Onsomedistributions(forexample,CentOS),thetimezoneiscontrolledby/etc/localtimefile. Deletethecurrentlocaltimefileunder/etc/directory

#cd/etc #rmlocaltime
AllUStimezonesarelocatedunderunderthe/usr/share/zoneinfo/USdirectoryasshownbelow.
#ls/usr/share/zoneinfo/US/ AlaskaArizonaEasternHawaiiMichiganPacific AleutianCentralEastIndianaIndianaStarkeMountainSamoa
Note:Forothercountrytimezones,browsethe/usr/share/zoneinfodirectory LinkthePacificfilefromtheaboveUSdirectorytothe/etc/localtimedirectoryasshownbelow.
#cd/etc #lns/usr/share/zoneinfo/US/Pacificlocaltime
NowthetimezoneonyourLinuxsystemischangedtoUSPacifictimeasshownbelow.
#date MonSep1723:10:14PDT2010
Method2:ChangeTimeZoneUsing/etc/timezoneFile
Onsomedistributions(forexample,Ubuntu),thetimezoneiscontrolledby/etc/timezonefile. Forexample,yourcurrenttimezonemightbeUSEasterntime(NewYork)asshownbelow.
#cat/etc/timezone America/New_York
TochangethistoUSPacifictime(LosAngeles),modifythe/etc/timezonefileasshownbelow.
#vim/etc/timezone America/Los_Angeles
Also,setthetimezonefromthecommandlineusingtheTZvariable.
#exportTZ=America/Los_Angeles
13. Install phpMyAdmin :phpMyAdminisawebbasedtoolwritteninPHPtomanagetheMySQL database.Apartfromviewingthetables(andotherdbobjects),youcanperformlotofDBAfunctions throughthewebbasedinterface.YoucanalsoexecuteanySQLqueryfromtheUI. HowTo:5StepstoInstallphpMyAdminonLinux
DoyouhaveaMySQLdatabaseinyourenvironment?Didyouknowthattheeasy(and mosteffective)waytomanageMySQLdatabaseisusingphpMyAdmin? phpMyAdminisawebbasedtoolwritteninPHPtomanagetheMySQLdatabase.Apartfromviewing thetables(andotherdbobjects),youcanperformlotofDBAfunctionsthroughthewebbased
interface.YoucanalsoexecuteanySQLqueryfromtheUI. ThisarticlewillprovidestepbystepinstructionsonhowtoinstallandconfigurephpMyAdminon Linuxdistributions.
1.phpMyAdminPrerequisites
MakesureyouhavePHP 5 (or above) installed .

#phpv PHP5.3.2(cli)(built:May19201003:43:49)
MakesureyouhaveMySQL 5 (or above) installed .

#mysqlV mysqlVer14.14Distrib5.1.47,forpclinuxgnu(i686)usingreadline5.1
MakesureApache is installed andrunning. PHP5Modules IfyoudonthavePHP ,IrecommendthatyouinstallPHPfromsource.Followingistheconfigure commandIexecutedwhileinstallingPHPfromsource.ThisincludesalltherequiredPHPmodules forphpMyAdmin.

./configurewithapxs2=/usr/local/apache2/bin/apxswithmysqlwithbz2withzlibenablezipenablembstring withmcrypt
IfyoudontcompilePHP5withtheaboveoptions,youllgetfollowingerrormessagefrom phpMyAdminwebinterface. GZipGZipcompressionanddecompressionrequiresfunctions(gzencode)whichareunavailableon thissystem. Bzip2Bzip2compressionanddecompressionrequiresfunctions(bzopen,bzcompress)whichare unavailableonthissystem. ZIPZipdecompressionrequiresfunctions(zip_open)whichareunavailableonthissystem. ZIPZipcompressionrequiresfunctions(gzcompress)whichareunavailableonthissystem.
2.DownloadandInstallphpmyadmininApacheDocumentRoot
IdentifyyourApachesDocumentRoot.
#grepDocumentRoot/usr/local/apache2/conf/httpd.conf DocumentRoot/usr/local/apache2/htdocs
DownloadthelatestversionofphpMyAdmin.CurrentlythestableversionofphpMyAdminis3.3.7
#cd/usr/local/apache2/htdocs #tarxvfzphpMyAdmin3.3.7alllanguages.tar.gz #mvphpMyAdmin3.3.7alllanguagesphpmyadmin
3.SecurethephpmyadminDirectoryCreatephpmyuser
CreatephpmyUnixuser.
#adduserphpmy #passwdphpmy
CheckwhichuserandgroupisusedbyApache.
#egrep'User|Group'/usr/local/apache2/conf/httpd.conf Userdaemon Groupdaemon
Modifythephpmyadmindirectorysuserownershiptophpmyuser.
#cd/usr/local/apache2/htdocs
#chownRphpmy.daemonphpmyadmin/
4.UpdatephpMyAdminconfig.incfromWizard
Youneedtosetuptheconfig.incfileproperlyforphpMyAdmintowork.Youcaneithercreateand editthisfilemanually,orusetheconfigphpMyAdmininstallersetupwizard.Irecommendthatyou usethesetupwizard,asitisverystraightforward.Todothat,youshouldcreatethefollowing dummyconfig.incwithproperpermission.
#cd/usr/local/apache2/htdocs/phpmyadmin/ #mkdirconfig #chmodo+rwconfig #cpconfig.sample.inc.phpconfig/config.inc.php #chmodo+wconfig/config.inc.php
Now,invokethephpMyAdminsetupwizardfromthebrowserusingtheURL:http://{yourip address}/phpmyadmin/setup/index.php.Thiswillshowthefollowingsetupwizard. Fig:phpMyAdminSetupWizard ClickonNewServer,whichwilldisplayfollowingserverwizard. Fig:phpMyAdminCreateNewServer Filloutfollowinginformationinthenewserverscreen.Leaveotherfieldstodefaultvalues. VerboseNameoftheServerGivesomedescriptiveservername. PasswordforConfigAuthEntertheMySQLrootpasswordhere. AuthenticationTypeThedefaultselectioniscookie.Justusethat. ClickonSavetosavetheconfiguration.Youmightseefollowingwarningmessages.Ignoreitfornow. UseSSLYoushoulduseSSLconnectionsifyourwebserversupportsit PHPextensiontouseYoushouldusemysqliforperformancereasons BlowfishsecretYoudidnthaveblowfishsecretsetandhaveenabledcookieauthentication,soakey wasautomaticallygeneratedforyou.Itisusedtoencryptcookies;youdontneedtorememberit.
5.Launchphpmyadmin
InvokephpMyAdminfromthebrowserusingtheURL:http://{yourip address}/phpmyadmin/index.php IfyouveinstalledphpMyAdminonaLinuxdesktopdistribution,youcanalsoaccessphpMyAdmin usingthelocalhostURL:http://localhost/phpmyadmin/index.php LoginwithyourMySQLrootpassword.i.euserootforphpmyadminusername.UseMySQLroots passwordforphpmyadminpassword. IfyouseetheCannotloadmcryptextension.PleasecheckyourPHPconfiguration.message,you didntcompileyourPHPwithmcrypt.Makesureyouhavelibmcryptandlibmcryptdevelpackages installedonyourLinuxbeforeyoucompilePHPwithwithmcryptoption. Youwillalsoseethemessage:Directoryconfig,whichisusedbythesetupscript,stillexistsinyour phpMyAdmindirectory.YoushouldremoveitoncephpMyAdminhasbeenconfigured. Justlikethemessagesays,removetheconfigdirectory.
#cd/usr/local/apache2/htdocs/phpmyadmin #rmrfconfig
Aftermovingtheconfigdirectory,ifyougotosetup/index.phpurl,youllseefollowingmessage.This isagoodthing,asyouvealreadyconfiguredthephpMyAdmin.
Cannotloadorsaveconfiguration.PleasecreatewebserverwritablefolderconfiginphpMyAdmin topleveldirectoryasdescribedindocumentation.Otherwiseyouwillbeonlyabletodownloador displayit. OnceyouveloggedinyoushouldbeabletomanagealltheMySQLdatabasesfromyourbrowser. 14. Setup squid to control internet access :Squidisaproxycachingserver.Youcanusesquidto controlinternetaccessatwork.ThisguidewillgiveajumpstartonhowtosetupsquidonLinuxto restrictinternetaccessinannetwork.
HowToUseSquidProxyCacheServerToControl InternetAccess
Tweet Squidisaproxycachingserver.IfyouareLinuxsysadmin,youcanusesquidtocontrolinternet accessatyourworkenvironment. ThisbeginnersguidewillgiveajumpstartonhowtosetupsquidonLinuxtorestrictinternetaccess inannetwork.
InstallSquid
Youshouldinstallthefollowingthreesquidrelatedpackagesonyoursystem. squid squidcommon squidlangpack OnDebianandUbuntu,useaptitudetoinstallsquidasshownbelow.OnCentOS,useyumtoinstall thesquidpackage.

$sudoaptitudeinstallsquid
CheckConfigurationandStartupscripts
Apartfrominstallingthesquidrelatedpackages,italsocreatesthe/etc/squid/squid.confand /etc/init.d/squidstartupscript. BydefaultSquidrunson3128port.Youcanverifythisfromthesquid.conffile.Youcanalsosetthe visible_hostnameparameterinyoursquid.conf,whichwillbeusedinerror_log.Ifyoudontdefine, squidgetsthehostnamevalueusinggethostname()function.
#vim/etc/squid/squid.conf visible_hostnameubuntuserver httpd_port3128
Note:Thehttpportnumber(3128)specifiedinthesquid.confshouldbeenteredintheproxysetting sectionintheclientbrowser.IfsquidisbuiltwithSSL,youcanusehttps_portoptioninside squid.conftodefinehttpssquid.
StartSquidandViewLogs
#servicesquidstart squidstart/running,process11743
StarttheSquidproxycachingserverasshownbelow. Squidmaintainsthreelogfiles(access.log,cache.logandstore.log)under/var/log/squiddirectory. Fromthe/var/log/squid/access.log,youcanviewwhoaccessedwhichwebsiteatwhattime.
Followingistheformatofthesquidaccess.logrecord.
timeelapsedremotehostcode/statusbytesmethodURLrfc931peerstatus/peerhost
Todisablelogginginsquid,updatethesquid.confwiththefollowinginformation.
#todisableaccess.log cache_access_log/dev/null #todisablestore.log cache_store_lognone #todisablecache.log cache_log/dev/null
SquidUsage1:RestrictAccesstoSpecificWebsites
Thisishowyoucanrestrictfolksfrombrowsingcertainwebsitewhentheyareconnectedtoyour networkusingyourproxyserver. Createafilecalledrestricted_sitesandlistallsitesthatyouwouldwanttorestricttheaccess.
#vim/etc/squid/restricted_sites www.yahoo.com mail.yahoo.com
Modifythesquid.conftoaddthefollowing.
#vim/etc/squid/squid.conf aclRestrictedSitesdstdomain"/etc/squid/restricted_sites" http_accessdenyRestrictedSites
Note:Youcanalsoconfiguresquidasatransparentproxyserver,whichwelldiscussinaseparate article.Also,refertoourearlierarticleonhowtoblockipaddressusing fail2ban andiptables.
SquidUsage2:AllowAccesstoWebsitesOnlyDuringSpecificTime
Someorganizationmightwanttoallowemployeestosurfordownloadfromtheinternetonlyduring specifictimeperiods. Thesquid.confconfigurationshownbelowwillallowinternetaccessforemployeesonlybetween 9:00AMand18:00duringweekdays.

#vim/etc/squid/squid.conf aclofficial_hourstimeMTWHF09:0018:00 http_accessdenyall http_accessallowofficial_hours
SquidUsage3:RestrictAccesstoParticularNetwork
Insteadofrestrictingspecificsites,youcanalsoprovideaccessonlytocertainnetworkandblock everythingelse.Theexamplebelow,allowsaccessonlytothe192.168.1.*internalnetwork.
#vim/etc/squid/squid.conf aclbranch_officessrc192.168.1.0/24 http_accessdenyall http_accessallowbranch_offices
ForaLinuxbasedintrusiondetectionsystem,refertoourtripwirearticle.
SquidUsage4:UseRegularExpressiontoMatchURLs
Youcanalsouseregularexpressiontoallowordenywebsites. Firstcreateablocked_sitesfileswithalistofkeywords.
#cat/etc/squid/blocked_sites soccer movie www.example.com
Modifythesquid.conftoblockanysitesthathasanyofthesekeywordsintheirurl.
#vim/etc/squid/squid.conf aclblocked_sitesurl_regexi"/etc/squid/blocked_sites" http_accessdenyblocked_sites http_accessallowall
Intheaboveexample,ioptionisusedforignoringcaseformatching.So,whileaccessingthe websites,squidwilltrytomatchtheurlwithanyofthepatternmentionedintheaboveblocked_sites fileanddeniestheaccesswhenitmatches.
SARGSquidAnalysisReportGenerator
#togeneratethereportfortoday sargreporttoday #ondailybasis sargreportdaily #onweeklybasis sargreportweekly #onmonthlybasis sargreportmonthly
DownloadandinstallSARGtogeneratesquidusagereports. Usethesargreportscommandtogeneratereportsasshownbelow.
Note:Addthesargreporttothecrontab. Thereportsgeneratedbysargarestoredunder/var/www/squidreports.Thesearehtmlreportscan youcanviewfromabrowser.

$ls/var/www/squidreports Dailyindex.hyml $ls/var/www/squidreports/Daily 2010Aug282010Aug28imagesindex.html
15. Add new swap space :Usedd,mkswapandswaponcommandstoaddswapspace.Youcan eitheruseadedicatedharddrivepartitiontoaddnewswapspace,orcreateaswapfileonan existingfilesystemanduseitasswapspace. UNIX/Linux:2WaystoAddSwapSpaceUsingdd,mkswapandswapon Tweet Question:IwouldliketoaddmoreswapspacetomyLinuxsystem.Canyouexplainwithclear examplesonhowtoincreasetheswapspace? Answer:Youcaneitheruseadedicatedharddrivepartitiontoaddnewswapspace,orcreateaswap fileonanexistingfilesystemanduseitasswapspace.
Howmuchswapspaceiscurrentlyusedbythesystem?
#freek totalusedfreesharedbufferscached Mem:3082356204370010386560509761646268
Freecommanddisplaystheswapspace.freekshowstheoutputinKB.
/+buffers/cache:3464562735900 Swap:419295604192956
Swaponcommandwithoptions,displaysthecurrentswapspaceinKB.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601
Swapons,issameasthefollowing.
#cat/proc/swaps FilenameTypeSizeUsedPriority /dev/sda2partition419295601
Method1:UseaHardDrivePartitionforAdditionalSwapSpace
Ifyouhaveanadditionalharddisk,(orspaceavailableinanexistingdisk),createapartitionusing fdiskcommand.Letusassumethatthispartitioniscalled/dev/sdc1 Nowsetupthisnewlycreatedpartitionasswapareausingthemkswapcommandasshownbelow.
#mkswap/dev/sdc1
Enabletheswappartitionforusageusingswaponcommandasshownbelow.
#swapon/dev/sdc1
Tomakethisswapspacepartitionavailableevenafterthereboot,addthefollowinglinetothe /etc/fstabfile.
#cat/etc/fstab /dev/sdc1swapswapdefaults00
Verifywhetherthenewlycreatedswapareaisavailableforyouruse.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601 /dev/sdc1partition104856802 #freek totalusedfreesharedbufferscached Mem:30823563022364599920520562646472 /+buffers/cache:3238362758520 Swap:524152405241524
Note:Intheoutputofswaponscommand,theTypecolumnwillsaypartitioniftheswapspaceis createdfromadiskpartition.
Method2:UseaFileforAdditionalSwapSpace
Ifyoudonthaveanyadditionaldisks,youcancreateafilesomewhereonyourfilesystem,anduse thatfileforswapspace. Thefollowingddcommandexamplecreatesaswapfilewiththenamemyswapfileunder/root directorywithasizeof1024MB(1GB).

#ddif=/dev/zeroof=/root/myswapfilebs=1Mcount=1024 1024+0recordsin 1024+0recordsout #lsl/root/myswapfile rwrr1rootroot1073741824Aug1423:47/root/myswapfile
Changethepermissionoftheswapfilesothatonlyrootcanaccessit.
#chmod600/root/myswapfile
Makethisfileasaswapfileusingmkswapcommand.
#mkswap/root/myswapfile Settingupswapspaceversion1,size=1073737kB
Enablethenewlycreatedswapfile.
#swapon/root/myswapfile
Tomakethisswapfileavailableasaswapareaevenafterthereboot,addthefollowinglinetothe /etc/fstabfile.
#cat/etc/fstab /root/myswapfileswapswapdefaults00
Verifywhetherthenewlycreatedswapareaisavailableforyouruse.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601 /root/myswapfilefile104856802 #freek totalusedfreesharedbufferscached Mem:30823563022364599920520562646472 /+buffers/cache:3238362758520 Swap:524152405241524
Note:Intheoutputofswaponscommand,theTypecolumnwillsayfileiftheswapspaceis createdfromaswapfile. Ifyoudontwanttoreboottoverifywhetherthesystemtakesalltheswapspacementionedinthe /etc/fstab,youcandothefollowing,whichwilldisableandenablealltheswappartitionmentioned inthe/etc/fstab

#swapoffa #swapona
16. Install and configure snort :Snortisafreelightweightnetworkintrusiondetectionsystemfor bothUNIXandWindows.Thisarticleexplainshowtoinstallsnortfromsource,writerules,and performbasictesting.
Snort:5StepstoInstallandConfigureSnorton Linux
SnortisafreelightweightnetworkintrusiondetectionsystemforbothUNIXandWindows. Inthisarticle,letusreviewhowtoinstallsnortfromsource,writerules,andperformbasictesting.
1.DownloadandExtractSnort
Downloadthelatestsnortfreeversionfromsnort website .Extractthesnortsourcecodetothe/usr/srcdirectoryas shownbelow. #cd/usr/src
#wgetOsnort2.8.6.1.tar.gzhttp://www.snort.org/downloads/116 #tarxvzfsnort2.8.6.1.tar.gz
Note:WealsodiscussedearlieraboutTripwire(Linuxhostbasedintrusiondetectionsystem) andFail2ban(Intrusionpreventionframework)
2.InstallSnort
Beforeinstallingsnort,makesureyouhavedevpackagesoflibpcapandlibpcre. #aptcachepolicylibpcap0.8dev libpcap0.8dev: Installed:1.0.02ubuntu1 Candidate:1.0.02ubuntu1
#aptcachepolicylibpcre3dev libpcre3dev: Installed:7.83 Candidate:7.83
Followthestepsbelowtoinstallsnort. #cdsnort2.8.6.1
#./configure #make #makeinstall
3.VerifytheSnortInstallation
Verifytheinstallationasshownbelow. #snortversion
,,_*>Snort!<* o")~Version2.8.6.1(Build39) ''''ByMartinRoesch&TheSnortTeam:http://www.snort.org/snort/snortteam Copyright(C)19982010Sourcefire,Inc.,etal. UsingPCREversion:7.820080905
4.Createtherequiredfilesanddirectory
Youhavetocreatetheconfigurationfile,rulefileandthelogdirectory. Createthefollowingdirectories: #mkdir/etc/snort
#mkdir/etc/snort/rules #mkdir/var/log/snort
Createthefollowingsnort.confandicmp.rulesfiles: #cat/etc/snort/snort.conf include/etc/snort/rules/icmp.rules

#cat/etc/snort/rules/icmp.rules alerticmpanyany>anyany(msg:"ICMPPacket";sid:477;rev:3;)
TheabovebasicruledoesalertingwhenthereisanICMPpacket(ping). Followingisthestructureofthealert: <RuleActions><Protocol><SourceIPAddress><SourcePort><DirectionOperator><DestinationIPAddress> <Destination>(ruleoptions)
Table:Rulestructureandexample Structure RuleActions Protocol SourceIPAddress SourcePort DirectionOperator DestinationIP Address DestinationPort (ruleoptions)
Example alert icmp any any > any any (msg:ICMPPacket;sid:477; rev:3;)
5.Executesnort
Executesnortfromcommandline,asmentionedbelow. #snortc/etc/snort/snort.confl/var/log/snort/ TrypingingsomeIPfromyourmachine,tocheckourpingrule.Followingistheexampleofasnortalertforthis ICMPrule. #head/var/log/snort/alert [**][1:477:3]ICMPPacket[**] [Priority:0] 07/2720:41:57.230345>l/llen:0l/ltype:0x2000:0:0:0:0:0 pkttype:0x4proto:0x800len:0x64 209.85.231.102>209.85.231.104ICMPTTL:64TOS:0x0ID:0IpLen:20DgmLen:84DF Type:8Code:0ID:24905Seq:1ECHO AlertExplanation Acoupleoflinesareaddedforeachalert,whichincludesthefollowing: Messageisprintedinthefirstline. SourceIP DestinationIP Typeofpacket,andheaderinformation. Ifyouhaveadifferentinterfaceforthenetworkconnection,thenusedevioption.Inthisexamplemynetwork interfaceisppp0. #snortdevippp0c/etc/snort/snort.confl/var/log/snort/
ExecutesnortasDaemon
AddDoptiontorunsnortasadaemon. #snortDc/etc/snort/snort.confl/var/log/snort/
AdditionalSnortinformation
Defaultconfigfilewillbeavailableatsnort2.8.6.1/etc/snort.conf Defaultrulescanbedownloadedfrom:http://www.snort.org/snortrules
17. Register RHEL/OEL linux to support :IfyouhavepurchasedsupportfromOracleforyour Linux,youcanregistertooraclesupportnetwork(ULN)usingup2dateasexplainedhere.
HowtoRegisterRHEL/OELLinuxtoOracleSupport(ULN)usingup2date
Question:IhavepurchasedLinuxsupportforRHELandOELfromOraclecorporation. HowdoIregistermyLinuxsystemtoOraclesupportnetworktodownloadandupdatepackages? Canyouexplainmewithstepbystepinstruction? Answer:AfterpurchasingLinuxsupportfromOracle,youshouldregisteryourLinuxsystemwith OraclesUnbreakableLinuxNetworkusingup2dateutilityasexplainedinthisarticle.
1.Launchup2dateregisterWizard
#up2dateregister
Typethefollowingfromthecommandline,whichwillinvoketheUnbreakableLinuxNetwork Registrationwizardasshownbelow.
2.RegistertoOracleULNusingOracleCSINumber
Ifyoualreadyhaveauid/pwdtotheULNnetwork,enterithere.Ifyoudonthaveanexisting accountonULN,theuid/pwdinformationyouenterinthisstepwillbeusedtocreateanewaccount foryou. MakesuretoenteravalidCSInumber.WhenyoupurchasedtheLinuxsupportfromOracle,you wouldvereceivedaCSInumber.
3.RegisteraSystemProfileHardwareInfo

Theup2datewillautomaticallycollectthefollowinginformationaboutyoursystemandusethisto createasystemprofile. Hostname IPaddress MemorySize CPUModelandSpeed RHELorOELVersion
4.RegisteraSystemProfilePackagesInfo
Theup2datewillautomaticallycollectinformationaboutalltheinstalledpackagesandassociateit withthecorrespondingsystemprofile.laterthisinfoisusedtodeterminewhetherapackageneeds tobeupdatedornot.
5.SendProfileInformationtoOracleNetwork(ULN)
Ontheconfirmationscreen,clickonNexttosendtheprofileinformation(includinghardwareand packagesinfo)toOraclesULN. Makesureyoursystemcantalktolinux.oracle.com.Ifnot,thisstepwillfail.
6.RHEL/OELRegistrationSuccessfulwithULN
Oncetheregistrationiscompleted,youllgetthefollowingconfirmationscreen. >Add your comment
Linuxprovidesseveralpowerful
18. tftpboot setup :YoucaninstallLinuxfromnetworkusingPXEbyinstallingandconfiguring tftpbootserverasexplainedhere.

HowTo:10StepstoConfiguretftpbootServerinUNIX/Linux(ForinstallingLinuxfromNetworkusingPXE) byB AL AK RIS H NA N M ARIYAPPA N onJULY22,2010
Inthisarticle,letusdiscussabouthowtosetuptftpboot,includinginstallationof necessarypackages,andtftpbootconfigurations. TFTPbootserviceisprimarilyusedtoperformOSinstallationonaremotemachineforwhichyou donthavethephysicalaccess.InordertoperformtheOSinstallationsuccessfully,thereshouldbea waytoreboottheremoteservereitherusingwakeonlanorsomeonemanuallyrebootingitor someotherways. Inthosescenarios,youcansetupthetftpbootservicesaccordinglyandtheOSinstallationcanbe doneremotely(youneedtohavetheautoyastconfigurationfiletoautomatetheOSinstallation steps). StepbystepprocedureispresentedinthisarticlefortheSLES10SP3in64bitarchitecture.However, thesestepsareprettymuchsimilartoanyotherLinuxdistributions. Thefollowingpackagesneedstobeinstalledforthetftpbootsetup. dhcpservicespackages:dhcp3.0.77.5.20.x86_64.rpmanddhcpserver3.0.77.5.20.x86_64.rpm tftpbootpackage:tftp0.481.6.x86_64.rpm pxebootpackage:syslinux3.1120.14.26.x86_64.rpm
RequiredPackages
PackageInstallation
Installthepackagesforthedhcpserverservices:
$rpmivhdhcp3.0.77.5.20.x86_64.rpm Preparing...###########################################[100%] 1:dhcp###########################################[100%] $rpmivhdhcpserver3.0.77.5.20.x86_64.rpm Preparing...###########################################[100%] 1:dhcp###########################################[100%] $rpmivhtftp0.481.6.x86_64.rpm $rpmivhsyslinux3.1120.14.26.x86_64.rpm
Afterinstallingthesyslinuxpackage,pxelinux.0filewillbecreatedunder/usr/share/pxelinux/ directory.Thisisrequiredtoloadinstallkernelandinitrdimagesontheclientmachine. Verifythatthepackagesaresuccessfullyinstalled.

$rpmqa|grepdhcp $rpmqa|greptftp
DownloadtheappropriatetftpserverfromtherepositoryofyourrespectiveLinuxdistribution.
Stepstosetuptftpboot Step1:Create/tftpbootdirectory
#mkdir/tftpboot/
Createthetftpbootdirectoryunderrootdirectory(/)asshownbelow.
Step2:Copythepxelinuximage
PXELinuximagewillbeavailableonceyouinstalledthesyslinuxpackage.Copythisto/tftpboot pathasshownbelow.
#cp/usr/share/syslinux/pxelinux.0/tftpboot
Step3:CreatethemountpointforISOandmounttheISOimage
LetusassumethatwearegoingtoinstalltheSLES10SP3Linuxdistributiononaremoteserver.If youhavetheSUSE10SP3DVDinsertitinthedriveormounttheISOimagewhichyouhave.Here, theisoimagehasbeenmountedasfollows:
#mkdir/tftpboot/sles10_sp3 #mountoloopSLES10SP3DVDx86_64.iso/tftpboot/sles10_sp3
RefertoourearlierarticleonHow to mount and view ISO files . Copytheinitrdtothetftpbootdirectoryasshownbelow.

#cd/tftpboot/sles10_sp3/boot/x86_64/loader #cpinitrdlinux/tftpboot/
Step4:Copythevmlinuzandinitrdimagesinto/tftpboot
Step5:Createpxelinux.cfgDirectory
Createthedirectorypxelinux.cfgunder/tftpbootanddefinethepxebootdefinitionsfortheclient.
#mkdir/tftpboot/pxelinux.cfg #cat>/tftpboot/pxelinux.cfg/default defaultlinux labellinux kernellinux appendinitrd=initrdshowoptsinstmode=nfsinstall=nfs://192.168.1.101/tftpboot/sles10_sp3/
Thefollowingoptionsareusedfor, kernelspecifieswheretofindtheLinuxinstallkernelontheTFTPserver. installspecifiesbootargumentstopasstotheinstallkernel. Aspertheentriesabove,thenfsinstallmodeisusedforservinginstallRPMsandconfigurationfiles. So,havethenfssetupinthismachinewiththe/tftpbootdirectoryintheexportedlist.Youcanadd theautoyastoptionwiththeautoyastconfigurationfiletoautomatetheOSinstallationsteps otherwiseyouneedtodorunthroughtheinstallationstepsmanually.
Step6:Changetheownerandpermissionfor/tftpbootdirectory
Assignnobody:nobodyto/tftpbootdirectory.
#chownnobody:nobody/tftpboot #chmod777/tftpboot
Step7:Modify/etc/dhcpd.conf
Modifythe/etc/dhcpd.confasshownbelow.
#cat/etc/dhcpd.conf ddnsupdatestylenone; defaultleasetime14400; filename"pxelinux.0"; #IPaddressofthedhcpservernothingbutthismachine.
nextserver192.168.1.101; subnet192.168.1.0netmask255.255.255.0{ #ipdistributionrangebetween192.168.1.1to192.168.1.100 range192.168.1.1192.168.1.100; defaultleasetime10; maxleasetime10; }
Specifytheinterfacein/etc/syslinux/dhcpdtolistendhcprequestscomingfromclients.
#cat/etc/syslinux/dhcpd|grepDHCPD_INTERFACE DHCPD_INTERFACE=eth1;
Here,thismachinehastheipaddressof192.168.1.101ontheeth1device.So,specifyeth1forthe DHCPD_INTERFACEasshownabove. Onarelatednote,refertoourearlierarticleabout7 examples to configure network interface using ifconfig.
Step8:Modify/etc/xinetd.d/tftp
Modifythe/etc/xinetd.d/tftpfiletoreflectthefollowing.Bydefaultthevaluefordisableparameter isyes,pleasemakesureyoumodifyittonoandyouneedtochangetheserver_argsentrytos /tftpboot.

#cat/etc/xinetd.d/tftp servicetftp{ socket_type=dgram protocol=udp wait=yes user=root server=/usr/sbin/in.tftpd server_args=s/tftpboot disable=no }
Step9:Nochangesin/etc/xinetd.conf
Thereisnoneedtomodifytheetc/xinetd.conffile.Usethedefaultvaluesspecifiedinthexinetd.conf file.
Step10:Restartxinetd,dhcpdandnfsservices
Restarttheseservicesasshownbelow.
#/etc/init.d/xinetdrestart #/etc/init.d/dhcpdrestart #/etc/init.d/nfsserverrestart
Afterrestartingthenfsservices,youcanviewtheexporteddirectorylist(/tftpboot)bythefollowing command,
#showmounte
Finally,thetftpbootsetupisreadyandnowtheclientmachinecanbebootedafterchangingthefirst bootdeviceasnetworkintheBIOSsettings. Ifyouencounteranytftperror,youcandothetroubleshootingbyretrievingsomefilesthroughtftpd service. Retrievesomefilefromthetftpservertomakesuretftpserviceisworkingproperlyusingthetftp client.Letusthatassumethatsample.txtfileispresentunder/tftpbootdirectory.

$tftpv192.168.1.101cgetsample.txt
19. Delete all iptables rules :Whenyouarestartingtosetupiptables,youmightwanttodelete (flush)alltheexistingiptablesasshownhere.

HowtoViewandDeleteIptablesRulesListandFlush bySATH IYA MO ORT HY onJULY16,2010
Question:HowdoIviewallthecurrentiptablesrules?OnceIviewit,isthereawayto deleteallthecurrentrulesandstartfromscratch? Answer:Usetheiptableslistoptiontoview,andiptablesflushoptiontodeletealltherulesasshown below.Youshouldhaverootpermissiontoperformthisoperation.
1.View/ListAlliptablesRules
#iptableslist
Whenyouwanttocheckwhatrulesareiniptables,uselistoptionasshownbelow.
Example1:Iptableslistoutputshowingnorules
#iptableslist ChainINPUT(policyACCEPT) targetprotoptsourcedestination ChainFORWARD(policyACCEPT) targetprotoptsourcedestination ChainOUTPUT(policyACCEPT) targetprotoptsourcedestination
Theaboveoutputshowschainheaders.Asyousee,therearenorulesinit.
Example2:Iptableslistoutputshowingsomerules
#iptableslist ChainINPUT(policyACCEPT) targetprotoptsourcedestination ChainFORWARD(policyACCEPT) targetprotoptsourcedestination
Whenthereisaruletodisablepingreply,youhavetheiptableslistoutputaslikethefollowing.You canseetheruleintheOUTPUTchain.
ChainOUTPUT(policyACCEPT) targetprotoptsourcedestination DROPicmpanywhereanywhereicmpechorequest
2.DeleteiptablesRulesusingflushoption
#iptablesflush
Whenyouwanttodeletealltherules,usetheflushoptionasshownbelow. Afterdoingthis,youriptableswillbecomeempty,andtheiptableslistoutputwilllooklikewhatis shownintheexample1. Youcanalsodelete(flush)aparticulariptablechainbygivingthechainnameasanargumentas shownbelow.
#iptablesflushOUTPUT
20. Disable ping replies :Someonecanfloodthenetworkwithpingf.Ifpingreplyisdisabledas explainedherewecanavoidthisflooding.

HowToDisablePingRepliesinLinuxusingicmp_echo_ignore_all bySATH IYA MO ORT HY onJULY9,2010
Youmaywanttodisablepingrepliesformanyreasons,maybeforasecurityreason,or toavoidnetworkcongestion. SomeonecanfloodthenetworkwithpingfasshowninPingExample5inourearlierPing Tutorialarticle.Ifpingreplyisdisabledwecanavoidthisflooding.
DisablepingreplyTemporarily
Youcantemporarilydisablethepingreplyusingthefollowingmethod.
#echo"1">/proc/sys/net/ipv4/icmp_echo_ignore_all
Pleasenotethatthissettingwillbeerasedafterthereboot.Todisablepingreplypermanently(even afterthereboot),followthestepmentionedbelow. Also,toenablethepingreplyback,setthevalueto0asshownbelow.

#echo"0">/proc/sys/net/ipv4/icmp_echo_ignore_all
DisablepingreplyPermanently
net.ipv4.icmp_echo_ignore_all=1
Youcanpermanentlydisablethepingreplyusingthefollowingmethod. Step1:Editthesysctl.conffileandaddthefollowingline. Step2:Executesysctlptoenforcethissettingimmediately.

#sysctlp
Theabovecommandloadsthesysctlsettingsfromthesysctl.conffile. Afterthepingreplyisdisabledusingoneoftheabovemethod,whensomebodytriestopingyour machinetheywillendupwaitingwithoutgettingapingreplypacketevenwhenthemachineisup andrunning. 21. Block ip address using fail2ban :Fail2banisaintrusionpreventonframeworkthatscanslog filesforvariousservices(SSH,FTP ,SMTP ,Apache,etc.,)andbanstheIPthatmakestoomany passwordfailures.Italsoupdatesiptlesfirewallrulestorejecttheseipaddresses.
Fail2BanHowto:BlockIPAddressUsingFail2banandIPTables byS ELVAG ANES HA N S onJULY2,2010
Fail2banscanslogfilesforvariousservices(SSH,FTP ,SMTP ,Apache,etc.,)andbanstheIPthat makestoomanypasswordfailures.Italsoupdatesthefirewallrulestorejecttheseipaddresses. Fail2banisanintrusionpreventionframeworkwritteninthePythonprogramminglanguage. MainpurposeofFail2banistopreventbruteforceloginattacks. Also,refertoourearlierarticleonTripwire(Linuxhostbasedintrusiondetectionsystem).
InstallFail2ban
Toinstallfail2banfromsource,downloaditfromsourceforge.. UseaptgettoinstallFail2banonaDebianbasedsystemasshownbelow.
#aptgetinstallfail2ban
YoucanalsoinstallFail2banmanuallybydownloadingthefail2ban deb package .

#dpkgifail2ban_0.8.11_all.deb
Howtoconfigurefail2ban
AllFail2banconfigurationfilesarelocatedunderthe/etc/fail2bandirectory.
/etc/fail2ban/fail2ban.conf
Mainpurposeofthisfileistoconfigurefail2banlogrelateddirectives. Loglevel:Setthelogleveloutput. logtarget:Specifythelogfilepath ActionstakenbytheFail2banareloggedinthe/var/log/fail2ban.logfile.Youcanchangethe verbosityintheconffiletooneof:1ERROR,2WARN,3INFOor4DEBUG.
/etc/fail2ban/jail.conf
jail.conffilecontainsthedeclarationoftheserviceconfigurations.Thisconfigurationfileisbrokenup intodifferentcontexts.TheDEFAULTsettingsapplytoallsections. ThefollowingDEFAULTsectionofjail.confsaysthatafterfivefailedaccessattemptsfromasingleIP addresswithin600secondsor10minutes(findtime),thataddresswillbeautomaticallyblockedfor 600seconds(bantime).

[DEFAULT] ignoreip=127.0.0.1 maxretry=5 findtime=600 bantime=600
ignoreip:ThisisaspaceseparatedlistofIPaddressesthatcannotbeblockedbyfail2ban. maxretry:Maximumnumberoffailedloginattemptsbeforeahostisblockedbyfail2ban. bantime:Timeinsecondsthatahostisblockedifitwascaughtbyfail2ban(600seconds=10 minutes).
ServiceConfigurations
[ssh] enabled=true port=ssh filter=sshd logpath=/var/log/auth.log action=iptables
Bydefault,someservicesareinsertedastemplates.Followingisanexampleofthesshservices section.
enabled:Enablethefail2bancheckingforsshservice port:serviceport(referredin/etc/servicesfile) filter:Nameofthefiltertobeusedbytheservicetodetectmatches.Thisnamecorrespondstoafile namein/etc/fail2ban/filter.d;withoutthe.confextension.Forexample:filter=sshdrefersto /etc/fail2ban/filter.d/sshd.conf. logpath:Thelogfilethatfail2banchecksforfailedloginattempts. Action:Thisoptiontellsfail2banwhichactiontotakeonceafiltermatches.Thisnamecorresponds toafilenamein/etc/fail2ban/action.d/withoutthe.confextension.Forexample:action=
iptablesrefersto/etc/fail2ban/action.d/iptables.conf. Fail2banwillmonitorthe/var/log/auth.logfileforfailedaccessattempts,andifitfindsrepeated failedsshloginattemptsfromthesameIPaddressorhost,fail2banstopsfurtherloginattemptsfrom thatIPaddress/hostbyblockingitwithfail2baniptablesfirewallrule.
Fail2banFilters
Thedirectory/etc/fail2ban/filter.dcontainsregularexpressionsthatareusedtodetectbreakin attempts,passwordfailures,etc.,forvariousservices. Forexample: sshd.confFail2bansshrelatedfilters apacheauth.confFail2banapacheservicefilters Wecanalsoaddourownregularexpressiontofindunwantedaction.
Fail2banActions
Thedirectory/etc/fail2ban/action.dcontainsdifferentscriptsdefiningactionswhichwillexecute onceafiltermatches.Onlyonefilterisallowedperservice,butitispossibletospecifyseveral actions,onseparatelines. Forexample: IPtables.confblock&unblockIPaddress Mail.confSendingmailtoconfigureduser
Start/StopFail2banService
#/etc/init.d/fail2banstop #/etc/init.d/fail2banstart
AftermakingconfigurationchangesstopandstarttheFail2bandaemonasshownbelow.
22. Package management using dpkg :Ondebian,youcaninstallorremovedebpackagesusing dpkgutility.
Debian:HowtoInstallorRemoveDEBPackages Usingdpkg
bySASIKALA onJUNE18,2010
Question:Iwouldliketoknowhowtoinstall,uninstall,verifydebpackagesonDebian.Canyouexplainmewithan example? Answer:Usedpkgtoinstallandremoveadebpackageasexplainedbelow. OnDebian,dpkg(Debianpackagesystem)allowsyoutoinstallandremovethesoftwarepackages.dpkgisthe simplestwaytoinstallanduninstallapackage. DebiannowsuppliesatoolnamedApt(forAPackageTool)andaptitudetohelptheadministratorstoaddor removesoftwaremoreeasily.RefertoourearlierManage packages using aptget formoredetails.
InstallingaDebUsingdpkgi
syntax: dpkgipackagefilename
iistoinstallapackage.
ThefollowingexampleinstallstheDebianpackagefortcltool. $dpkgitcl8.4_8.4.192_amd64.deb Selectingpreviouslydeselectedpackagetcl8.4. (Readingdatabase...94692filesanddirectoriescurrentlyinstalled.) Unpackingtcl8.4(fromtcl8.4_8.4.192_amd64.deb)... Settinguptcl8.4(8.4.192)... Processingtriggersformenu... Processingtriggersformandb... Youcanverifytheinstallationofpackageusingdpkglpackagenameasshownbelow. $dpkgl|grep'tcl' iitcl8.48.4.192Tcl(theToolCommandLanguage)v8.4runt Theabovecommandshowsthattclpackageisinstalledproperly.iispecifiesstatusinstalledokinstalled.
UninstallingaDebusingdpkgr
dpkgwithroptionremovestheinstalledpackage. $dpkgrtcl8.4 (Readingdatabase...94812filesanddirectoriescurrentlyinstalled.) Removingtcl8.4... Processingtriggersformandb... Processingtriggersformenu... Nowlistthepackageandcheckthestatus. #dpkgl|grep'tcl' rctcl8.48.4.192Tcl(theToolCommandLanguage)v8.4runt rcstandsforremovedokconfigfiles.Theremoveactiondidntpurgetheconfigurationfiles.Thestatusofeach installedpackagewillbeavailablein/var/lib/dpkg/status.Statusoftcl8.4packagelookslike, Package:tcl8.4 Status:deinstallokconfigfiles Priority:optional Section:interpreters InstalledSize:3308 Thefollowingcommandisusedtopurgethepackagecompletely. $dpkgPtcl8.4 (Readingdatabase...94691filesanddirectoriescurrentlyinstalled.) Removingtcl8.4... Purgingconfigurationfilesfortcl8.4... Processingtriggersformenu... $dpkgl|grep'tcl' $ Sothepackageiscompletelyremoved,andthestatusinthe/var/lib/dpkg/statusisgivenbelow. Package:tcl8.4 Status:purgeoknotinstalled Priority:optional Section:interpreters
23. Alfresco content management system :Alfrescoisthebestopensourcecontentmanagement system.EverythingyouneedtoknowtoinstallandconfigureAlfrescoisexplainedhere.

12StepstoInstallandConfigureAlfrescoonUNIX/Linux byRAM ES H NATARAJA N onMAY24,2010
Alfrescoisthebestopensourcecontentmanagementsystem.Thishasarocksoliddocument managementfoundation,withseveralfunctionalitybuiltontopofit.Alfrescoprovideswebbased contentmanagement,collaborationplatform,ContentManagementInteroperabilityServices(CMIS), recordsmanagementandimagemanagement. Alfrescohasenterpriseeditionandfreecommunityedition.Seethedifferencebetweenthemhere.If youhaveaninhouseITteam,justgowiththeAlfrescocommunityedition.Itisstraightforwardto installandconfigureAlfresco. Inthisarticle,letusreviewhowtoinstallandconfigurealfrescocommunityeditiononUNIX/ Linuxplatformusing12easysteps.
1.InstallAlfrescoCommunityTomcatBundle
#cd~
DownloadAlfrescofromthecommunity edition download page .

#wgetOalfrescocommunitytomcat3.3.tar.gzhttp://dl.alfresco.com/release/community/build2765/alfresco communitytomcat3.3.tar.gz?dl_file=release/community/build2765/alfrescocommunitytomcat3.3.tar.gz #mkdir/opt/alfresco/ #cd/opt/alfresco/ #tarxvfz~/alfrescocommunitytomcat3.3.tar.gz
2.ModifyAlfrescoGlobalProperties
alf_dataparameteridentifiesthelocationofalfrescodatastore,whereallthedocumentswillbe stored.Makesurethisispointingtoanabsolutepathasshownbelow.Initiallythisdirectorywillnot bepresent.Thisalf_datadirectorywillbecreatedwhenwestartthealfrescoforthe1sttime.

#vi/opt/alfresco/tomcat/shared/classes/alfrescoglobal.properties dir.root=/opt/alfresco/alf_data #lsl/opt/alfresco/alf_data ls:/opt/alfresco/alf_data:Nosuchfileordirectory
3.VerifyMySQLconnectorisinstalled
Justdoublechecktomakesurethemysqlconnectorisinstalledintheproperlocation,asshown below.
#lsl/opt/alfresco/tomcat/lib/mysqlconnectorjava5.1.7bin.jar rwxrxrx1rootroot709922Jan1211:59/opt/alfresco/tomcat/lib/mysqlconnectorjava5.1.7bin.jar
4.CreatetheAlfrescoMySQLdatabases
IfyoudonthaveMySQL,installitasusingyum groupinstall ,orbasedonLAMP install article,or basedonmysql rpm article. AfterinstallingMySQL,createthealfrescodatabaseusingthedb_setup.sqlscriptasshownbelow.

#cd/opt/alfresco/extras/databases/mysql
#mysqlurootp<db_setup.sql Enterpassword: #lsl/var/lib/mysql/alfresco/ total4 rwrw1mysqlmysql54May711:25db.opt
5.VerifythatAlfrescoMySQLdatabasesgotcreated
#mysqlurootp Enterpassword: mysql>showdatabases; ++ |Database| ++ |information_schema| |alfresco| |mysql| |test| ++ 4rowsinset(0.00sec) mysql>
6.Updatethedb.urlintheglobalpropertyfiles
Updatethedb.urlparameterinthealfrescoglobal.propertiesfiletopointtolocalhost:3306asshown below.
#vi/opt/alfresco/tomcat/shared/classes/alfrescoglobal.properties db.url=jdbc:mysql://localhost:3306/alfresco
7.StartAlfrescoServer
Startthealfrescoserver.Thiswillstartthetomcatapplicationserverthatwasbundledwiththe alfresco.
#cd/opt/alfresco #./alfresco.shstart UsingCATALINA_BASE:/opt/alfresco/tomcat UsingCATALINA_HOME:/opt/alfresco/tomcat UsingCATALINA_TMPDIR:/opt/alfresco/tomcat/temp UsingJRE_HOME:/usr/java/jdk1.6.0_18
Whilethealfrescotomcatserverisstartingup,checkthe/opt/alfresco/alfresco.logforanypossible issues. Whenalfresco.shisexecutedforthe1sttime,itwilldosomedatabasesetup,andyoullseefollowing messagesinthealfresco.log(onlythe1sttime). Executingdatabasescript/opt/alfresco/tomcat/temp/Alfresco/*.sql Allexecutedstatements:/opt/alfresco/tomcat/temp/Alfresco/*.sql Appliedpatch[org.alfresco.repo.admin.patch.PatchExecuter] LookforthelineinthelogfilewhereitsaysAlfrescostarted,whichindicatesthatAlfrescowas startedsuccessfully. Followingarefewsamplelinesfromalfresco.log.
#tailf/opt/alfresco/alfresco.log 21:29:25,431INFO[org.alfresco.repo.domain.schema.SchemaBootstrap]Executingdatabasescript /opt/alfresco/tomcat/temp/Alfresco/AlfrescoSchemaMySQLInnoDBDialectUpdate3892772511531851057.sql(Copied
fromclasspath:alfresco/dbscripts/create/3.3/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate3.3 RepoTables.sql). 21:29:27,245INFO[org.alfresco.repo.domain.schema.SchemaBootstrap]Allexecutedstatements: /opt/alfresco/tomcat/temp/Alfresco/AlfrescoSchemaMySQLInnoDBDialectAll_Statements4724137490855924607.sql. ===Appliedpatch=== ID:patch.dbV3.00CreateActivitiesExtras RESULT: Scriptcompleted ===================================== 21:30:03,756INFO[org.alfresco.service.descriptor.DescriptorService]AlfrescoJVMv1.6.0_21b06;maximumheapsize 910.250MB 21:30:03,756INFO[org.alfresco.service.descriptor.DescriptorService]Alfrescostarted(Community):Currentversion 3.3.0(2765)schema4009Originallyinstalledversion3.3.0(2765)schema4009
8.Verifythealf_datadirectorycreation
Whenyoustartthealfrescoforthe1sttime,itwillcreatethealfrescodatarepositoryasshown below.
#lsl/opt/alfresco/alf_data total32 drwxrxrx2rootroot4096Mar2516:26audit.contentstore drwxrxrx2rootroot4096Mar2516:26contentstore drwxrxrx2rootroot4096Mar2516:26contentstore.deleted drwxrxrx3rootroot4096Mar2516:26luceneindexes
9.VerifythatAlfrescoServerisRunning
Makesurealfrescoserverisrunningsuccessfully.Viewthealfresco.logfiletomakesurethereareno errors.
#psef|grepialf root928015116:25pts/000:00:30/usr/java/jdk1.6.0_18/bin/javaXms128mXmx512m XX:MaxPermSize=160mserverDalfresco.home=.Dcom.sun.management.jmxremote Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Djava.util.logging.config.file=/opt/alfresco/tomcat/conf/logging.properties Djava.endorsed.dirs=/opt/alfresco/tomcat/endorsedclasspath:/opt/alfresco/tomcat/bin/bootstrap.jar Dcatalina.base=/opt/alfresco/tomcatDcatalina.home=/opt/alfresco/tomcat Djava.io.tmpdir=/opt/alfresco/tomcat/temporg.apache.catalina.startup.Bootstrapstart #tailf/opt/alfresco/alfresco.log
10.LogintoAlfrescoExplorerorAlfrescoShare
AlfrescohastwowaystoaccesstheapplicationAlfrescoExplorerandAlfrescoShare. Gotohttp://localhost:8080/alfrescotolaunchtheAlfrescoexplorer Gotohttp://localhost:8080/sharetolaunchtheAlfrescoshare Defaultalfrescoadministratoruid/pwdisadmin/admin.Changeitimmediatelyafteryoulogin.
11.Changethedefaultpasswordforthealfrescodatabase
Usethemysqlupdatecommandtochangethepasswordforthealfrescouserasshownbelow.
#mysqlurootpmysql Enterpassword: Readingtableinformationforcompletionoftableandcolumnnames YoucanturnoffthisfeaturetogetaquickerstartupwithA WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis51 Serverversion:5.0.77Sourcedistribution
Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>UPDATEuserSETpassword=PASSWORD('donttellanybody')WHEREuser='alfresco'; QueryOK,2rowsaffected(0.00sec) Rowsmatched:2Changed:2Warnings:0 mysql>
12.Modifytheconfigurationfiletoreflectthenewalfrescopassword.
Updatethedb.passwordparameterinthealfrescoglobal.propertiesfileasshownbelow.
#vi/opt/alfresco/tomcat/shared/classes/alfrescoglobal.properties db.name=alfresco db.username=alfresco db.password=donttellanybody
Afterthis,stop/startMySQLdatabaseandrestartAlfrescoTomcatserver.Asafinalstep,makesureto takeabackupofalfrescomysqldatabaseusingmysqldumpormysqlhotcopyand/opt/alfresco directory.

#servicemysqldrestart #/opt/alfresco/alfresco.shstop #/opt/alfresco/alfresco.shstart
24. Bugzilla bug tracking system :Bugzillaisthebestopensourcebugtrackingsystem.Everything youneedtoknowtoinstallandconfigureBugzillaisexplainedhere.

StepbyStepBugzillaInstallationGuideforLinux byRAM ES H NATARAJA N onMAY17,2010
Bugzillaisthebestopensourcebugtrackingsystem.Verysimpletousewithlotoffeatures.Bugzilla allowsyoutotrackthebugsandcollaboratewithdevelopersandotherteamsinyourorganization effectively. ThisisadetailedstepbystepbugzillainstallationguideforLinux.
1.VerifyPerlVersion
#perlv
Makesureyourperlversionis>=5.8.1asshownbelow.
Thisisperl,v5.8.8builtfori386linuxthreadmulti
MostLinuxdistributionscomeswithperl.Ifyoudonthaveitonyours,downloadandinstallitfrom correspondingdistributionwebsite.
2.InstallMySQLDatabase
MakesureyourMySQLversionis>=4.1.2asshownbelow.
#mysqlV mysqlVer14.12Distrib5.0.77,forredhatlinuxgnu(i686)usingreadline5.1
Ifyoudonthavemysql,installitasusingyum groupinstall ,orbasedonLAMP install article,or basedonmysql rpm article.
3.InstallApache
Ifyoualreadyhaveapacheinstalled,makesureyouareabletoaccessitbyusinghttp://{yourip address}. Ifyoudonthaveapache,installisusingyumbasedonLAMP install article,orinstall apache from source.
4.DownloadlatestBugzillatarball
#cd~
Downloadthelateststablereleasefrombugzilla download page .Extractthebugzilla*.tar.gzfileto theapachedocumentrootdirectoryasshownbelow.

#wgethttp://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla3.6.tar.gz #cd/var/www/html #tarxvfz/usr/save/bugzilla3.4.6.tar.gz
5.Executethebugzillachecksetup.pl
Bugzillachecksetup.plprogramwillverifywhetheralltherequiredperlmodulesareinstalled.This willalsodisplayalistofallmissingbugzillamodulesthatneedstobeinstalled. Youcanrunthechecksetup.plprogramasmanytimesasyoulikeuntilyouveverifiedallthe requiredperlmodulesareinstalled. Followingistheoutputof1strunofchecksetup.pl,whereishaslistedallthemissingoptionaland requiredmodules.
#cd/var/www/html/bugzilla3.4.6 #./checksetup.plcheckmodules COMMANDSTOINSTALLOPTIONALMODULES: GD:/usr/bin/perlinstallmodule.plGD Chart:/usr/bin/perlinstallmodule.plChart::Base TemplateGD:/usr/bin/perlinstallmodule.plTemplate::Plugin::GD::Image GDTextUtil:/usr/bin/perlinstallmodule.plGD::Text GDGraph:/usr/bin/perlinstallmodule.plGD::Graph XMLTwig:/usr/bin/perlinstallmodule.plXML::Twig MIMEtools:/usr/bin/perlinstallmodule.plMIME::Parser libwwwperl:/usr/bin/perlinstallmodule.plLWP::UserAgent PatchReader:/usr/bin/perlinstallmodule.plPatchReader PerlMagick:/usr/bin/perlinstallmodule.plImage::Magick perlldap:/usr/bin/perlinstallmodule.plNet::LDAP AuthenSASL:/usr/bin/perlinstallmodule.plAuthen::SASL RadiusPerl:/usr/bin/perlinstallmodule.plAuthen::Radius SOAPLite:/usr/bin/perlinstallmodule.plSOAP::Lite HTMLParser:/usr/bin/perlinstallmodule.plHTML::Parser HTMLScrubber:/usr/bin/perlinstallmodule.plHTML::Scrubber EmailMIMEAttachmentStripper:/usr/bin/perlinstallmodule.plEmail::MIME::Attachment::Stripper EmailReply:/usr/bin/perlinstallmodule.plEmail::Reply TheSchwartz:/usr/bin/perlinstallmodule.plTheSchwartz DaemonGeneric:/usr/bin/perlinstallmodule.plDaemon::Generic mod_perl:/usr/bin/perlinstallmodule.plmod_perl2
YOUMUSTRUNONEOFTHEFOLLOWINGCOMMANDS(dependingonwhichdatabaseyouuse): PostgreSQL:/usr/bin/perlinstallmodule.plDBD::Pg MySQL:/usr/bin/perlinstallmodule.plDBD::mysql Oracle:/usr/bin/perlinstallmodule.plDBD::Oracle COMMANDSTOINSTALLREQUIREDMODULES(You*must*runallthesecommandsandthenrerunchecksetup.pl): /usr/bin/perlinstallmodule.plCGI /usr/bin/perlinstallmodule.plDigest::SHA /usr/bin/perlinstallmodule.plDate::Format /usr/bin/perlinstallmodule.plDateTime /usr/bin/perlinstallmodule.plDateTime::TimeZone /usr/bin/perlinstallmodule.plTemplate /usr/bin/perlinstallmodule.plEmail::Send /usr/bin/perlinstallmodule.plEmail::MIME /usr/bin/perlinstallmodule.plEmail::MIME::Encodings /usr/bin/perlinstallmodule.plEmail::MIME::Modifier /usr/bin/perlinstallmodule.plURI Toattemptanautomaticinstallofeveryrequiredandoptionalmodulewithonecommand,do: /usr/bin/perlinstallmodule.plall
6.Executebugzillainstallmodule.pl
Assuggestedbytheoutputofthechecksetup.pl,youcanexecutetheinstallmodule.pltoinstallall bugzillarequiredandoptionalperlmodules.
#/usr/bin/perlinstallmodule.plall
Pleasereviewtheoutputoftheaboveinstallmodule.pltomakesureeverythinggotinstallproperly. Thereisapossibilitythatsomeofthemodulesfailedtoinstall(maybebecausesomerequiredOS packagesweremissing). Executethechecksetup.pltoverifywhetherallthemodulesgotinstalledproperly. Followingistheoutputof2ndrunofthechecksetup.pl:

#./checksetup.plcheckmodules COMMANDSTOINSTALLOPTIONALMODULES: GD:/usr/bin/perlinstallmodule.plGD Chart:/usr/bin/perlinstallmodule.plChart::Base TemplateGD:/usr/bin/perlinstallmodule.plTemplate::Plugin::GD::Image GDTextUtil:/usr/bin/perlinstallmodule.plGD::Text GDGraph:/usr/bin/perlinstallmodule.plGD::Graph XMLTwig:/usr/bin/perlinstallmodule.plXML::Twig PerlMagick:/usr/bin/perlinstallmodule.plImage::Magick SOAPLite:/usr/bin/perlinstallmodule.plSOAP::Lite mod_perl:/usr/bin/perlinstallmodule.plmod_perl2 YOUMUSTRUNONEOFTHEFOLLOWINGCOMMANDS(dependingonwhichdatabase youuse): PostgreSQL:/usr/bin/perlinstallmodule.plDBD::Pg
MySQL:/usr/bin/perlinstallmodule.plDBD::mysql Oracle:/usr/bin/perlinstallmodule.plDBD::Oracle
7.InstallmissingPerlModules
Asweseefromtheabovechecksetup.ploutput,someoftheoptionalmodulesandrequiredmodule installedwasnotcompletedwhenwerantheinstallmodule.pl. So,wehavetoinstallthemissingmodulesmanuallyonebyonetofigureouttheissuesandfixit onebyone. RefertotheTroubleshootingSectionattheendforlistofalltheissuesthatIfacedwhileinstalling theperlmodulesrequiredforbugzilla(alongwiththesolutiononhowtofixthoseissues).
8.Finalchecksetup.plcheckmodulesverification
Executechecksetup.plcheckmodulesagainasshownbelowasfinalverificationtomakesureallthe modulesgotinstalledsuccessfully.
#./checksetup.plcheckmodules *ThisisBugzilla3.4.6onperl5.8.8 *RunningonLinux2.6.18164.el5PAE#1SMPThuSep304:10:44EDT2009 Checkingperlmodules... CheckingforCGI.pm(v3.21)ok:foundv3.49 CheckingforDigestSHA(any)ok:foundv5.48 CheckingforTimeDate(v2.21)ok:foundv2.24 CheckingforDateTime(v0.28)ok:foundv0.55 CheckingforDateTimeTimeZone(v0.71)ok:foundv1.17 CheckingforDBI(v1.41)ok:foundv1.52 CheckingforTemplateToolkit(v2.22)ok:foundv2.22 CheckingforEmailSend(v2.00)ok:foundv2.198 CheckingforEmailMIME(v1.861)ok:foundv1.903 CheckingforEmailMIMEEncodings(v1.313)ok:foundv1.313 CheckingforEmailMIMEModifier(v1.442)ok:foundv1.903 CheckingforURI(any)ok:foundv1.54 CheckingavailableperlDBDmodules... CheckingforDBDPg(v1.45)notfound CheckingforDBDmysql(v4.00)ok:foundv4.013 CheckingforDBDOracle(v1.19)notfound ThefollowingPerlmodulesareoptional: CheckingforGD(v1.20)ok:foundv2.44 CheckingforChart(v1.0)ok:foundv2.4.1 CheckingforTemplateGD(any)ok:foundv1.56 CheckingforGDTextUtil(any)ok:foundv0.86 CheckingforGDGraph(any)ok:foundv1.44 CheckingforXMLTwig(any)ok:foundv3.34 CheckingforMIMEtools(v5.406)ok:foundv5.427 Checkingforlibwwwperl(any)ok:foundv5.834 CheckingforPatchReader(v0.9.4)ok:foundv0.9.5 CheckingforPerlMagick(any)ok:foundv6.2.8 Checkingforperlldap(any)ok:foundv0.4001 CheckingforAuthenSASL(any)ok:foundv2.1401 CheckingforRadiusPerl(any)ok:foundv0.17 CheckingforSOAPLite(v0.710.06)ok:foundv0.711
CheckingforHTMLParser(v3.40)ok:foundv3.65 CheckingforHTMLScrubber(any)ok:foundv0.08 CheckingforEmailMIMEAttachmentStripper(any)ok:foundv1.316 CheckingforEmailReply(any)ok:foundv1.202 CheckingforTheSchwartz(any)ok:foundv1.10 CheckingforDaemonGeneric(any)ok:foundv0.61 Checkingformod_perl(v1.999022)ok:foundv2.000004
9.Createlocalconfigfileusingchecksetup.pl
Executechecksetup.plwithoutanyargument,whichwillcreatealocalconfigfileinthecurrent directory.Thelocalconfigfilecontainsthekeyconfigurationparametersusedbythebugzilla(for example,mysqldbusernameandpassword).
#./checksetup.pl Reading./localconfig... ThisversionofBugzillacontainssomevariablesthatyoumaywantto changeandadapttoyourlocalsettings.Pleaseeditthefile ./localconfigandrerunchecksetup.pl. Thefollowingvariablesarenewto./localconfigsinceyoulastran checksetup.pl:create_htaccess,webservergroup,db_driver,db_host,db_name,db_user,db_pass,db_port,db_sock, db_check,index_html,cvsbin,interdiffbin,diffpath,site_wide_secret
10.Modifythelocalconfigfile.
TheonlythingyouneedtomodifythelocalconfigfileisMySQLdatabasedbpasswordbychanging the$db_passvariableasshownbelow.
#vi./localconfig $db_pass='Bugs4All';
11.Modify/etc/my.cnftoincreasebugzillaattachmentsize
Setthemax_allowed_packetto4Minthe/etc/my.cnftoincreasebugzillaattachmentsize.
#cat/etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql #Defaulttousingoldpasswordformatforcompatibilitywithmysql3.x #clients(thoseusingthemysqlclient10compatibilitypackage). old_passwords=1 #Disablingsymboliclinksisrecommendedtopreventassortedsecurityrisks; #todoso,uncommentthisline: #symboliclinks=0 #Allowpacketsupto4MB max_allowed_packet=4M [mysqld_safe] logerror=/var/log/mysqld.log pidfile=/var/run/mysqld/mysqld.pid
Restartthemysqldafterthischange.
#servicemysqldrestart
12.Createbugsmysqluser
Addbugzillauser(bugs)tothemysqldatabaseasshownbelow.
#mysqlurootp mysql>GRANTSELECT,INSERT, UPDATE,DELETE,INDEX,ALTER,CREATE,LOCKTABLES, CREATETEMPORARYTABLES,DROP ,REFERENCESONbugs.* TObugs@localhostIDENTIFIEDBY'Bugs4All'; mysql>FLUSHPRIVILEGES;
13.Createthebugzilladatabase
Executethechecksetup.pl(withoutanyarguments)againtocreatethemysqlbugzilladatabase. Sincethelocalconfigfilealreadyexist,thesecondtimewhenyouexecutethechecksetup.pl,itwill createthemysqldatabasebasedontheinformationfromlocalconfigfile.
#./checksetup.pl Creatingdatabasebugs... BuildingSchemaobjectfromdatabase... Addingnewtablebz_schema... InitializingthenewSchemastorage... Addingnewtableattach_data... Addingnewtableattachments... Addingnewtablebug_group_map... Addingnewtablebug_see_also... Addingnewtablebug_severity... Addingnewtablebug_status... Insertingvaluesintothe'priority'table: Insertingvaluesintothe'bug_status'table: Insertingvaluesintothe'rep_platform'table: Creating./datadirectory... Creating./data/attachmentsdirectory... Creating./data/duplicatesdirectory... Addingforeignkey:attachments.bug_id>bugs.bug_id... Addingforeignkey:attachments.submitter_id>profiles.userid... Addingforeignkey:bug_group_map.bug_id>bugs.bug_id...
14.Createbugzillaadministratoraccount.
Attheendofthe./checksetup.plexecution,itwilldetectthatyoudonthaveanadminsitrator accountandrequestyoutoenteradministrationlogininformationasshownbelow.
Lookslikewedon'thaveanadministratorsetupyet.Eitherthisis yourfirsttimeusingBugzilla,oryouradministrator'sprivileges mighthaveaccidentallybeendeleted. Entertheemailaddressoftheadministrator:ramesh@thegeekstuff.com Entertherealnameoftheadministrator:RameshNatarajan Enterapasswordfortheadministratoraccount:NotRealPwd Pleaseretypethepasswordtoverify:welcome
ramesh@thegeekstuff.comisnowsetupasanadministrator. Creatingdefaultclassification'Unclassified'... Creatinginitialdummyproduct'TestProduct'... NowthatyouhaveinstalledBugzilla,youshouldvisitthe'Parameters' page(linkedinthefooteroftheAdministratoraccount)toensureit issetupasyouwishthisincludessettingthe'urlbase'optionto thecorrectURL.
15.Configureapacheformod_perl
Renamethebugzilladirectory.(i.eremovetheversionnumberinit)
#cd/var/www/html #mvbugzilla3.4.6/bugzilla
Addthefollowingtwolinestohttpd.conf
#tail2/etc/httpd/conf/httpd.conf PerlSwitchesI/var/www/html/bugzillaI/var/www/html/bugzilla/libwT PerlConfigRequire/var/www/html/bugzilla/mod_perl.pl
VerifytheGroupinhttpd.confmatchesthewebservergroupinlocalconfig
#cd/var/www/html/bugzilla/ #grepwebservergrouplocalconfig $webservergroup='apache'; #grepGroup/etc/httpd/conf/httpd.conf Groupapache
16.Finalchecksetup.plexecution
Executethechecksetup.plagain.
#./checksetup.pl Reading./localconfig... Removingexistingcompiledtemplates... Precompilingtemplates...done. Fixingfilepermissions... NowthatyouhaveinstalledBugzilla,youshouldvisitthe'Parameters' page(linkedinthefooteroftheAdministratoraccount)toensureit issetupasyouwishthisincludessettingthe'urlbase'optionto thecorrectURL.
17.Logintobugzillaandcompleteonetimesetup.
Starttheapache,gotohttp://{youripaddress}/bugzillaandloginusingtheadministratoraccount youcreatedabove. FromthebugzillaUI,atthefooter>Administration>Parameters>RequiredSettingssection> Filloutfollowinginformation: maintainer:ramesh@thegeekstuff.com urlbase:http://{youripaddress}/ Note:Dependingonyoursetup,goto>UserAuthentication>andyoumightwanttochange requiredloginandemailregexpparameter.
TroubleshootingBugzillaInstallIssues Issue1:DBD::mysqlmodulefailed
TheDBD:mysqlperlmodulefailedwiththemysql.h:Nosuchfileordirectoryerrormessageas shownbelow.
#/usr/bin/perlinstallmodule.plDBD::mysql dbdimp.h:22:49:error:mysql.h:Nosuchfileordirectory dbdimp.h:23:45:error:mysqld_error.h:Nosuchfileordirectory dbdimp.h:25:49:error:errmsg.h:Nosuchfileordirectory Infileincludedfromdbdimp.c:20: dbdimp.h:144:error:expectedspecifierqualifierlistbeforeMYSQL dbdimp.h:236:error:expectedspecifierqualifierlistbeforeMYSQL_RES
Solution1:installmysqldevel
Errormessagemysql.h:Nosuchfileordirectoryisbecausemysqldevelpackagewasmissingas shownbelow.
#rpmqa|grepimysql MySQLpython1.2.11 mysql5.0.774.el5_4.2 mysqlconnectorodbc3.51.26r11271.el5 mysqlserver5.0.774.el5_4.2 libdbidbdmysql0.8.1a1.2.2 perlDBDMySQL3.00072.el5
Installthemysqldevelpackageasshownbelow.
#yuminstallmysqldevel #rpmqa|grepi"mysqldevel" mysqldevel5.0.774.el5_4.2
DBD::mysqlinstallationwillgothroughwithoutanyissuesnow.
#/usr/bin/perlinstallmodule.plDBD::mysql
Issue2:GDfailedwithmissinggdlibconfig/libgd
InstallingGDmodulefailedwiththefollowingerrormessage.
#/usr/bin/perlinstallmodule.plGD **UNRECOVERABLEERROR** Couldnotfindgdlibconfiginthesearchpath.Pleaseinstalllibgd2.0.28orhigher. Ifyouwanttotrytocompileanyway,pleasererunthisscriptwiththeoptionignore_missing_gd. Runningmaketest Makehadsomeproblems,maybeinterrupted?Won'ttest Runningmakeinstall Makehadsomeproblems,maybeinterrupted?Won'tinstall
Solution2:Installgddevelpackage
Installlibgd(i.egddevelpackage)asshownbelowtofixtheGDmoduleissue.
#yuminstallgddevel #rpmqa|grepgd gd2.0.339.4.el5_4.2 gddevel2.0.339.4.el5_4.2
GDgotinstalledwithoutanyissuesafterinsingallinggddevelpackage.
#/usr/bin/perlinstallmodule.plGD
Issue3:TwigFailedwithexpat.herror
Twigmodulefailedtoinstallwiththeerrormessageexpat.h:Nosuchfileordirectoryasshown below.
#/usr/bin/perlinstallmodule.plXML::Twig Expat.xs:12:19:error:expat.h:Nosuchfileordirectory Expat.xs:60:error:expectedspecifierqualifierlistbeforeXML_Parser
Solution3:InstallexpatandexpatdevelforTwig
Installexpatandexpatdevelpackageasshownbelow.
#yuminstallexpat #yuminstallexpatdevel
NowinstallTwigwithoutanyissues.
#/usr/bin/perlinstallmodule.plXML::Twig
Issue4:Image::Magickfailedtoinstall
Image::Magickinstallationfailedwithmagick/MagickCore.h:Nosuchfileordirectoryerror messageasshownbelow.
#/usr/bin/perlinstallmodule.plImage::Magick Note(probablyharmless):NolibraryfoundforlMagickCore Magick.xs:64:31:error:magick/MagickCore.h:Nosuchfileordirectory Magick.xs:171:error:expectedspecifierqualifierlistbeforeMagickRealType Magick.xs:192:error:expectedspecifierqualifierlistbeforeImageInfo Magick.xs:214:error:MagickNoiseOptionsundeclaredhere(notinafunction) Magick.xs:214:warning:missinginitializer
Solution4:Image::Magickfailedtoinstall
MakesurefollowingImageMagicrelatedpackagesarepresent.
#rpmqa|grepiImage ImageMagick6.2.8.04.el5_1.1 ImageMagickc++devel6.2.8.04.el5_1.1 ImageMagickdevel6.2.8.04.el5_1.1 ImageMagickc++6.2.8.04.el5_1.1 ImageMagickperl6.2.8.04.el5_1.1
Inmycase,ImageMagicdevelwasmissing.So,installeditasshownbelow.Afterthat,Image::Magick perlmodulegotinstalledsuccessfully.
#yuminstallImageMagickdevel #/usr/bin/perlinstallmodule.plImage::Magick
Issue5:SOAP::Litefailedtoinstall
SOAP::LitemodulefailedtoinstallwithCannotlocateversion.pmin@INCmessageasshown below.
#/usr/bin/perlinstallmodule.plSOAP::Lite Failedtest'useSOAP::Lite;'att/SOAP/Data.tline5. Triedtouse'SOAP::Lite'. Error:Can'tlocateversion.pmin@INC
Solution5:Installversion.pmrequiredforSOAP::Lite
Installedversion.pmasshownbelow.Afterthis,SOAP::Litegotinstalledwithoutanyissue.
#perlMCPANe'installversion' #/usr/bin/perlinstallmodule.plSOAP::Lite
Issue6(andSolution6):mod_perlwasmissing
Dontinstallmod_perlusing/usr/bin/perlinstallmodule.plmod_perl2.Insetad,useyumtoinstall mod_perlasshownbelow.
#yuminstallmod_perl
Issue7:Apachestartfailed
StartingapachefailedwithCannotlocateTemplate/Config.pmin@INCerrormessage.
#servicehttpdrestart Stoppinghttpd:[OK] Startinghttpd:Syntaxerroronline994of/etc/httpd/conf/httpd.conf: Can'tlocateTemplate/Config.pmin@INC
Solution7:InstallTemplateToolKitasshownbelow
InstallTemplateToolkittofixtheaboveapacheerrormessage
#cpan cpan>i/TemplateToolkit/ DistributionA/AB/ABEL/EidolonDriverTemplateToolkit0.01.tar.gz DistributionA/AB/ABW/TemplateToolkit1.07.tar.gz DistributionA/AB/ABW/TemplateToolkit2.22.tar.gz DistributionI/IN/INGY/TemplateToolkitSimple0.03.tar.gz 4itemsfound cpan>installA/AB/ABW/TemplateToolkit2.22.tar.gz
Issue8:Apachestartfailedagain
StartingapachefailedwithCannotlocateDateTime/Locale.pmin@INCerrormessage.
#servicehttpdrestart Stoppinghttpd:[OK] Startinghttpd:Syntaxerroronline994of/etc/httpd/conf/httpd.conf: Can'tlocateDateTime/Locale.pmin@INC
Solution8:InstallDateTime/Locale.pmasshownbelow
InstallDateTime/Locale.pmtofixtheaboveapacheerrormessage
#cpan cpan>installDateTime:Locale
Also,inyourapacheerror_logifyouseeDigest/SHA.pmissue,youshouldinstallitasshownbelow.
#tailf/etc/httpd/logs/error_log Can'tlocateDigest/SHA.pmin@INC(@INCcontains: #cpan cpan>installDigest::SHA
25.
Rpm, deb, dpot and msi packages :Thisarticleexplainshowtoviewandextractfilesfrom
variouspackagetypesusedbydifferentLinux/UNIXdistributions.
HowtoViewandExtractFilesfromrpm,deb,depotandmsiPackages bySA SIKA LA onAPRIL19,2010
Question:HowdoIvieworextractthefilesthatarebundledinsidethepackagesofvarious operatingsystem.Forexample,Iwouldliketoknowhowtoview(andextract)thecontentofarpm, ordeb,ordepot,ormsifile. Answer:Youcanusetoolslikerpm,rpm2cpio,ar,dpkg,tar,swlist,swcopy,lessmsiasexplained below.
1.RPMpackageinRedhat/CentOS/Fedora
ListingthefilesfromaRPMpackageusingrpmqlp
$rpmqlpovpc2.1.10.rpm /usr/src/ovpc/5.10.0 /usr/src/ovpc/ovpc2.1.10/examples /usr/src/ovpc/ovpc2.1.10/examples/bin /usr/src/ovpc/ovpc2.1.10/examples/lib /usr/src/ovpc/ovpc2.1.10/examples/test . . . /usr/src/ovpc/ovpc2.1.10/pcs
RPMstandsforRedHatpackagemanager.Thefollowingexampleshowshowtoviewthefiles availableinaRPMpackagewithoutextractingorinstallingtherpmpackage.
Explanationofthecommand:rpmqlpovpc2.1.10.rpm rpmcommand qquerytherpmfile llistthefilesinthepackage pspecifythepackagename
ExtractingthefilesfromaRPMpackageusingrpm2cpioandcpio
$rpm2cpioovpc2.1.10.rpm|cpioidmv ./usr/src/ovpc/5.10.0 ./usr/src/ovpc/ovpc2.1.10/examples ./usr/src/ovpc/ovpc2.1.10/examples/bin ./usr/src/ovpc/ovpc2.1.10/examples/lib ./usr/src/ovpc/ovpc2.1.10/examples/test . . . ./usr/src/ovpc/ovpc2.1.10/pcs $ls. usr
RPMisasortofacpioarchive.First,converttherpmtocpioarchiveusingrpm2cpiocommand. Next,usecpiocommandtoextractthefilesfromthearchiveasshownbelow.
2.DebpackageinDebian
debistheextensionofDebiansoftwarepackageformat.*.debisalsousedinotherdistributionsthat
arebasedonDebian.(forexample:Ubuntuuses*.deb)
Listingthefilesfromadebianpackageusingdpkgc
dpkgisthepackagemanagerfordebian.Sousingdpkgcommandyoucanlistandextractthe packages,asshownbelow. Toviewthecontentof*.debfile:
$dpkgcovpc_1.06.943_i386.deb drxrxrxroot/root02010022510:54./ drxrxrxroot/root02010022510:54./ovpc/ drxrxrxroot/root02010022510:54./ovpc/pkg/ drxrxrxroot/root02010022510:54./ovpc/pkg/lib/ drxrxrxroot/root02010022510:48./ovpc/pkg/lib/header/ rxrxrxroot/root1302009102917:06./ovpc/pkg/lib/header/libov.so . . . rxrxrxroot/root1312009102917:06./ovpc/pkg/etc/conf drxrxrxroot/root02010022510:54./ovpc/pkg/etc/conf/log.conf
Extractingthefilesfromadebianpackageusingdpkgx
Usedpkgxtoextractthefilesfromadebpackageasshownbelow.
$dpkgxovpc_1.06.943_i386.deb/tmp/ov $ls/tmp/ov ovpc
DEBfilesareararchives,whichalwayscontainsthethreefilesdebianbinary,control.tar.gz,and data.tar.gz.Wecanusearcommandandtarcommandtoextractandviewthefilesfromthedeb package,asshownbelow. First,extractthecontentof*.debarchivefileusingarcommand.

$arvxovpc_1.06.943_i386.deb xdebianbinary xcontrol.tar.gz xdata.tar.gz $
Next,extractthecontentofdata.tar.gzfileasshownbelow.
$tarxvzfdata.tar.gz ./ ./ovpc/ ./ovpc/pkg/ ./ovpc/pkg/lib/ ./ovpc/pkg/lib/header/ ./ovpc/pkg/lib/header/libov.so . . ./ovpc/pkg/etc/conf ./ovpc/pkg/etc/conf/log.con
3.DepotpackageinHPUX
Listingthefilesfromadepotpackageusingtarandswlist
DEPOTfileisaHPUXSoftwareDistributorCatalogDepotfile.HPUXdepotsarejustatarfile,with someadditionalinformationasshownbelow.
$tartfovcsw_3672.depot OcswServer/MGR/etc/ OcswServer/MGR/etc/opt/ OcswServer/MGR/etc/opt/OV/ OcswServer/MGR/etc/opt/OV/share/ OcswServer/MGR/etc/opt/OV/share/conf/ OcswServer/MGR/etc/opt/OV/share/conf/OpC/ OcswServer/MGR/etc/opt/OV/share/conf/OpC/opcctrlovw/
swlistisaHPUXcommandwhichisusedtodisplaytheinformationaboutthesoftware.Viewthe contentofthedepotpackageasshownbelowusingswlistcommand.
$swlistlfiles/root/ovcsw_3672.depot #Initializing... #Contactingtarget"osgsw"... # #Target:osgsw:/root/ovcsw_3672.depot # #OcswServer8.50.000OcswServerproduct #OcswServer.MGR9.00.140OcsServerOvw /etc /etc/opt /etc/opt/OV /etc/opt/OV/share /etc/opt/OV/share/conf /etc/opt/OV/share/conf/OpC
Extractingthefilesfromadepotpackageusingswcopy
Swcopycommandcopiesormergessoftware_selectionsfromasoftwaresourcetooneormore softwaredepottarget_selections.Usinguncompressoptioninswcopy,youcanextractthefilesfroma depotsoftwarepackage.
$swcopyxuncompress_files=truexenforce_dependencies=falses/root/ovcsw_3672.depot\*@/root/extracted/ $ls/root/extracted MGRcatalogosmsw.log $
Sincedepotfilestarfiles,youcanextractusingnormaltarextractionasshownbelow.
$tarxvffilename
26. Backup using rsnapshot :Youcanbackupeitheralocalhostorremotehostusingrsnapshot rsyncutility.rsnapshotusesthecombinationofrsyncandhardlinkstomaintainfullbackupand incrementalbackups.Onceyouvesetupandconfiguredrsnapshot,thereisabsolutelyno maintenanceinvolvedinit.rsnapshotwillautomaticallytakecareofdeletingandrotatingtheold backups.

HowToBackupRemoteLinuxHostUsingrsnapshotrsyncUtility byRAM ES H NATARAJA N onSEPTEMBER16,2009
Inthepreviousarticlewereviewedhowtobackup local unix host usingrsnapshotutility. Inthisarticle,letusreviewhowtobackupremoteLinuxhostusingthisutility.
1.SetupKeyBasedAuthentication
Asweveexplainedearliersetupthekeybasedauthenticationasexplainedeitherinsshkeygen and sshcopyidarticleoropenSSHarticle.
[root@localhost]#sshkeygen [root@localhost]#sshcopyidi~/.ssh/id_rsa.pubremotehost
2.Verifythepasswordlessloginbetweenservers
Logintotheremotehostfromlocalhostwithoutenteringthepassword.
[root@localhost]#sshremotehost Lastlogin:SunMar1516:45:402009fromlocalhost [root@remotehost]#
3.ConfigurersnapshotandspecifyRemoteHostBackupDirectories
Defineyourremotehostdestinationbackupdirectoriesin/etc/rsnapshot.confasshownbelow.In thisexample, root@remotehost:/etcSourcedirectoryontheremotehostthatshouldbebackedup.i.eremote backupdestinationdirectory. remotehostbackup/destinationdirectorywherethebackupoftheremotehostwillbestored. Pleasenotethatthisdirectorywillbecreatedunderlocalhost/.snapshots/{internal.n}/directoryas showninthelaststep.
#vi/etc/rsnapshot.conf backuproot@remotehost:/etc/remotehostbackup/exclude=mtab,exclude=core
4.TestrsnapshotConfiguration
PerformconfigurationtesttomakesurersnapshotissetupproperlyandreadytoperformLinuxrsync backup.
#rsnapshotconfigtest SyntaxOK
5.AddCrontabEntryforrsnapshot
Onceyouveverifiedthatthersynchourlyanddailybackupconfigurationsaresetupproperlyinthe rsnapshotcwrsyncutility,itistimetosetthispuppyupinthecrontabasshownbelow.
#crontabe 0*/4***/usr/local/bin/rsnapshothourly 3023***/usr/local/bin/rsnapshotdaily
CheckoutLinux crontab examples articletounderstandhowtosetupandconfigurecrontab.
6.Manuallytesttheremotehostbackuponce
[root@localhost]#/usr/local/bin/rsnapshothourly [root@localhost]#lsl/.snapshots/hourly.0/ total8 drwxrxrx3rootroot4096Jul2204:19remotehostbackup drwxrxrx3rootroot4096Jul1305:07localhost
[root@localhost]#lsl/.snapshots/hourly.0/remotehostbackup/ total4 drwxrxrx93rootroot4096Jul2203:36etc
TroubleshootingTips
Problem:rsnapshotfailedwithERROR:/usr/bin/rsyncreturned20asshownbelow.
[root@localhost]#/usr/local/bin/rsnapshothourly rsyncerror:receivedSIGINT,SIGTERM,orSIGHUP(code20)atrsync.c(260) [receiver=2.6.8] rsnapshotencounteredanerror!Theprogramwasinvokedwiththeseoptions: /usr/local/bin/rsnapshothourly ERROR:/usr/bin/rsyncreturned20whileprocessingcopyman@192.168.2.2:/etc/
Solution:Thistypicallyhappenswhentheuserswhoisperformingthersnapshot(rsync)doesnthave accesstotheremotedirectorythatyouaretryingtobackup.Makesuretheremotehostbackup directoryhasappropriatepermissionfortheuserwhoistryingtoexecutethersnapshot. 27. Create Linux user :Thisarticleexplainshowtocreateuserswithdefaultconfiguration,create userswithcustomconfiguration,createusersinteractively,andcreatingusersinbulk.

TheUltimateGuidetoCreateUsersinLinux/Unix byRAM ES H NATARAJA N onJUNE24,2009
CreatingusersinLinuxorUnixsystemisaroutinetaskforsystemadministrators. Sometimesyoumaycreateasingleuserwithdefaultconfiguration,orcreateasingleuserwith customconfiguration,orcreateseveralusersatsametimeusingsomebulkusercreationmethod. Inthisarticle,letusreviewhowtocreateLinuxusersin4differentmethodsusinguseradd, adduserandnewuserscommandwithpracticalexamples.
Method1:LinuxuseraddCommandCreateUserWithDefault Configurations
Thisisafundamentallowleveltoolforusercreation.Tocreateuserwithdefaultconfigurations useuseraddasshownbelow.
Syntax:#useraddLOGINNAME
Whilecreatingusersasmentionedabove,allthedefaultoptionswillbetakenexceptgroupid.To viewthedefaultoptionsgivethefollowingcommandwiththeoptionD.
$useraddD GROUP=1001 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=no
GROUP:Thisistheonlyoptionwhichwillnotbetakenasdefault.Becauseifyoudontspecifyn optionagroupwithsamenameastheuserwillbecreatedandtheuserwillbeaddedtothatgroup.
Toavoidthatandtomaketheuserasthememberofthedefaultgroupyouneedtogivetheoption n. HOME:Thisisthedefaultpathprefixforthehomedirectory.Nowthehomedirectorywillbecreated as/home/USERNAME. INACTIVE:1bydefaultdisablesthefeatureofdisablingtheaccountoncetheuserpasswordhas expired.Tochangethisbehavioryouneedtogiveapositivenumberwhichmeansifthepassword getsexpiredafterthegivennumberofdaystheuseraccountwillbedisabled. EXPIRE:Thedateonwhichtheuseraccountwillbedisabled. SHELL:Usersloginshell. SKEL:Contentsoftheskeldirectorywillbecopiedtotheusershomedirectory. CREATE_MAIL_SPOOL:Accordingtothevaluecreatesordoesnotcreatethemailspool.
Example1:Creatinguserwithallthedefaultoptions,andwithhisowngroup.
#useraddramesh #passwdramesh Changingpasswordforuserramesh. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully. #grepramesh/etc/passwd ramesh:x:500:500::/home/ramesh:/bin/bash #grepramesh/etc/group ramesh:x:500: [Note:defaultuseraddcommandcreatedrameshasusernameandgroup]
Followingexamplecreatesuserrameshwithgroupramesh.UseLinuxpasswdcommandtochange thepasswordfortheuserimmediatelyafterusercreation.
Example2:Creatinganuserwithallthedefaultoptions,andwiththedefaultgroup.
#useraddnsathiya #grepsathiya/etc/passwd sathiya:x:511:100::/home/sathiya:/bin/bash #grepsathiya/etc/group [Note:Norowsreturned,asgroupsathiyawasnotcreated] #grep100/etc/group users:x:100: [Note:useraddncommandcreatedusersathiyawithdefaultgroupid100] #passwdsathiya Changingpasswordforusersathiya. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully. [Note:Alwayssetthepasswordimmediatelyafterusercreation]
Example3:Editingthedefaultoptionsusedbyuseradd.
Thefollowingexampleshowshowtochangethedefaultshellfrom/bin/bashto/bin/kshduring
usercreation.
Syntax:#useraddDshell=<SHELLNAME> #useraddD GROUP=100 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel [Note:Thedefaultshellis/bin/bash] #useraddDs/bin/ksh #useraddD GROUP=100 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/ksh SKEL=/etc/skel [Note:Nowthedefaultshellchangedto/bin/ksh] #adduserpriya #greppriya/etc/passwd priya:x:512:512::/home/priya:/bin/ksh [Note:Newusersaregettingcreatedwith/bin/ksh] #useraddDs/bin/bash [Note:Setitbackto/bin/bash,astheaboveisonlyfortestingpurpose]
Method2:LinuxuseraddCommandCreateUsersWithCustom Configurations
Insteadofacceptingthedefaultvalues(forexample,group,shelletc.)thatisgivenbytheuseradd commandasshownintheabovemethod,youcanspecifycustomvaluesinthecommandlineas parameterstotheuseraddcommand.
Syntax:#useradds<SHELL>md<HomeDir>g<Group>UserName
sSHELL:Loginshellfortheuser. m:Createusershomedirectoryifitdoesnotexist. dHomeDir:Homedirectoryoftheuser. gGroup:Groupnameornumberoftheuser. UserName:Loginidoftheuser.
Example4:CrateLinuxUserwithCustomConfigurationsUsinguseraddCommand
Thefollowingexamplecreatesanaccount(lebron)withhomedirectory/home/king,defaultshellas /bin/cshandwithcommentLeBronJames.
#useradds/bin/cshmd/home/kingc"LeBronJames"grootlebron
#greplebron/etc/passwd lebron:x:513:0:LeBronJames:/home/king:/bin/csh
Note:Youcangivethepasswordusingpoption,whichshouldbeencryptedpassword.Oryoucan usethepasswdcommandtochangethepasswordoftheuser.
Method3:LinuxadduserCommandCreateUsersInteractively
Syntax:#adduserUSERNAME
Thesearethefriendliertoolstothelowleveluseradd.BydefaultitchoosestheDebianpolicyformat forUIDandGID.Averysimplewayofcreatinguserinthecommandlineinteractivelyisusing addusercommand.
Example5:CreatinganUserInteractivelyWithadduserCommand
#adduserspidey Addinguser`spidey'... Addingnewgroup`spidey'(1007)... Addingnewuser`spidey'(1007)withgroup`spidey'... Creatinghomedirectory`/home/spidey'... Copyingfilesfrom`/etc/skel'... EnternewUNIXpassword: RetypenewUNIXpassword: passwd:passwordupdatedsuccessfully Changingtheuserinformationforspidey Enterthenewvalue,orpressENTERforthedefault FullName[]:PeterParker RoomNumber[]: WorkPhone[]: HomePhone[]: Other[]: Istheinformationcorrect?[y/N]y
Method4:LinuxnewusersCommandCreatingbulkusers
Sometimesyoumaywanttotocreatemultipleusersatthesametime.Usinganyoneoftheabove3 methodsforbulkusercreationcanbeverytediousandtimeconsuming.Fortunately,Linuxoffersa waytouploadusersusingnewuserscommand.Thiscanalsobeexecutedinbatchmodeasitcannot askanyinput.

#newusersFILENAME
Thisfileformatissameasthepasswordfile.
loginname:password:uid:gid:comment:home_dir:shell
Example6:CreatingLargeNumberofUsersUsingnewusersCommand
IfSimpsonfamilydecidestojoinyourorganizationandneedaccesstoyourLinuxserver,youcan createaccountforallofthemtogetherusingnewuserscommandasshownbelow.
#cathomerfamily.txt homer:HcZ600a9:1008:1000:HomerSimpson:/home/homer:/bin/bash marge:1enz733N:1009:1000:MargeSimpson:/home/marge:/bin/csh bart:1y5eJr8K:1010:1000:BartSimpson:/home/bart:/bin/ksh lisa:VGz638i9:1011:1000:LisaSimpson:/home/lisa:/bin/sh maggie:5lj3YGQo:1012:1000:MaggieSimpson:/home/maggie:/bin/bash
Note:Whilespecifyingpasswordsforusers,pleasefollowthepassword best practices including the 84 password rule thatwediscussedawhileback. NowcreateaccountsforSimpsonsfamilytogetherusingthenewuserscommandasshownbelow.

#newusershomerfamily.txt
28. Mount and view ISO file :ISOfilesaretypicallyusedtodistributetheoperatingsystem.Most ofthelinuxoperatingsystemthatyoudownloadwillbeonISOformat.Thisexplainshowtoview andmountanyISOfilebothasregularuseandasrootuser.

HowToMountandViewISOFileasRootandRegularUserinLinux byRAM ES H NATARAJA N onJUNE22,2009
ISOstandsforInternationalOrganizationforStandardization,whichhasdefinedthe formatforadiskimage.Insimpletermsisofileisadiskimage. ISOfilesaretypicallyusedtodistributetheoperatingsystem.Mostofthelinuxoperatingsystemthat youdownloadwillbeonISOformat. IfyouhavedownloadedanLinuxISOfileyoutypicallyburnitontoaCDorDVDasISOimage.Once youveburnedtheISOimageinaCDorDVD,youcanbootthesystemtoinstalltheLinuxOS. Butsometimes,youmayjustwanttomounttheISOfileandviewthecontentwithoutburningitto CDorDVD.InthisarticleletusreviewhowtoMount&Viewisofileasrootandregularuserin LinuxOperatingsystem.
1.HowtomountisofileswithoutwritingittoCD/DVD?
Ifyouhavedownloadeda*.isofilefromawebsite(forexample,anyLinuxOSdistribution),youcan viewthecontentoftheisofilewithoutwritingasanisotoaCDorDVDasexplainedbelow usingmountoloop..Pleasenotethataloopdeviceisapseudodevicewhichwillmakeanisofile accessibletotheuserablockdevice.

Syntax:#mountISOFILEMOUNTPOINToloop $su #mkdir/tmp/mnt #mountoloop/downloads/ubuntu9.04desktopi386.iso/tmp/mnt #cd/tmp/mnt #lsl
Formountingyouneedtobeloggedinasrootoryoushouldhavesudopermission.Readbelowto findouthowtomountisofileasregularnonrootuser.
2.Howtomountorviewanisofileasanonrootuser?
Anonrootusercanalsomountafile,evenwithoutsudopermission.Usingmidnightcommanderyou canmounttheisofile.Actually,itisreallynotmountingthefile.Butyoucanviewtheisofilecontent
justlikeviewingsomeotherfiles.RefertoourpreviousarticlethatexplainsaboutLinux mc midnight commander .
Stepstoviewisofileinmidnightcommander:
1. Openmidnightcommand(mc). 2. NavigatetothepathwhereISOfileexist. 3. Clickontheisofile,itwillenterintotheisofileaslikeanormaldirectoryandnowyouwillbe seeingthecontentofthefile. 4. Toviewthenormalfileorthefileoftheiso,Press<F3>whenyourcursorisonthefile.
3.Howtosolvetheissueisoisnotablockdeviceerror?
Whilemountinganisofileyoumaygetthefollowingerror:
mount:file.isoisnotablockdevice(maybetryòloop'?)
Problem:
#mount/downloads/Fedora11i386DVD.iso/tmp/mnt mount:/downloads/Fedora11i386DVD.isoisnotablockdevice(maybetryòloop'?)
Solution:Asitissuggestedbythemountcommand,usetheoloopastheoption.
#mount/downloads/Fedora11i386DVD.iso/tmp/mntoloop
4.Howtoupdatethecontentofanisofile?
ISOfilecontentcannotbeupdatedoncetheISOfileiscreated.Onlywaytodoasofnowis,
Stepstoupdatetheisofile.
1. Extractallthefilesfromtheiso. 2. Updatethecontent.i.eAddorremoveanyindividualfilesinsidetheisofile. 3. Createanotherisowiththeupdatedfiles.
5.Extractingfilesfromtheisofileasrootuser?
Mounttheisofileasrootuser,andnavigatetothedirectorytocopytherequiredfilesfromiso.
Stepstomountandextracttheisofileasrootuser.
1. Mounttheisofileasrootuser.
#mount/downloads/debian501i386DVD1.iso/tmp/mntoloop
2. Navigatetothemounteddirectory.
#cd/tmp/mnt
3. Copytherequiredfiles.
#cpsomefileinsideiso/home/test
6.Extractingfilesfromtheisofileasnormaluser?
Viewthecontentofthefileasnonrootuserinmidnight commander ,andthencopyitusing midnightcommandercommandsorusingshellcommands.
Stepstoextractthecontentfromisofileasnonrootuser.
1. 2. 3. 4.
openmc. Navigatetothedirectorywheretheisofileislocated. Selecttheisofileandpressentertoviewthecontentoftheisofile. Whenyouareinsidetheisofile,youwillbeabletoviewthecontentsofit.Tocopyaparticularfile fromtheisofileyoucanusetheshellcommandsinshellpromptas.

$cpsomefileinsideiso/tmp/mnt
5. Youcanalsodothiscopyusingthemccommands. 29. Manage password expiration and aging :Linuxchagecommandcanbeusedtoperformseveral practicalpasswordagingactivitiesincludinghowtoforceuserstochangetheirpassword.
7ExamplestoManageLinuxPasswordExpirationandAgingUsingchage byD HI NE SHKUM AR MA NI KA NNA N onAPRIL23,2009
Bestpracticerecommendsthatuserskeepchangingthepasswordsataregularinterval.Buttypically developersandotherusersofLinuxsystemwontchangethepasswordunlesstheyareforcedto changetheirpassword. Itsthesystemadministratorsresponsibilitytofindawaytoforcedeveloperstochangetheir password.Forcinguserstochangetheirpasswordwithagunontheirheadisnotanoption!.While mostsecurityconscioussysadminsmaybeeventemptedtodothat. InthisarticleletusreviewhowyoucanuseLinuxchagecommandtoperformseveralpractical passwordagingactivitiesincludinghowtoforceuserstochangetheirpassword. Ondebian,youcaninstallchagebyexecutingthefollowingcommand:

#aptgetinstallchage
PhotoCourtesy:mattblaze
Note:Itisveryeasytomakeatypoonthiscommand.Insteadofchageyoumayenduptypingitas change.Pleaserememberchagestandsforchangeage.i.echagecommandabbreviationissimilar tochmod,chownetc.,
1.Listthepasswordanditsrelateddetailsforanuser
Syntax:chagelistusername(or)chagelusername $chagelistdhinesh Lastpasswordchange:Apr01,2009 Passwordexpires:never Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:99999 Numberofdaysofwarningbeforepasswordexpires:7
Asshownbelow,anyusercanexecutethechagecommandforhimselftoidentifywhenhis passwordisabouttoexpire.
Ifuserdhineshtriestoexecutethesamecommandforuserramesh,hellgetthefollowingpermission deniedmessage.
$chagelistramesh chage:permissiondenied
Note:However,arootusercanexecutechagecommandforanyuseraccount. WhenuserdhineshchangeshispasswordonApr23rd2009,itwillupdatetheLastpassword changevalueasshownbelow. Pleaserefertoourearlierarticle:Best Practices and Ultimate Guide For Creating Super Strong
Password,whichwillhelpyoutofollowthebestpracticeswhilechangingpasswordforyouraccount.
$date ThuApr2300:15:20PDT2009 $passwddhinesh EnternewUNIXpassword: RetypenewUNIXpassword: passwd:passwordupdatedsuccessfully $chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:never Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:99999 Numberofdaysofwarningbeforepasswordexpires:7
2.SetPasswordExpiryDateforanuserusingchageoptionM
Rootuser(systemadministrators)cansetthepasswordexpirydateforanyuser.Inthefollowing example,userdhineshpasswordissettoexpire10daysfromthelastpasswordchange. PleasenotethatoptionMwillupdatebothPasswordexpiresandMaximumnumberofdays betweenpasswordchangeentriesasshownbelow.
Syntax:#chageMnumberofdaysusername #chageM10dhinesh #chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
3.PasswordExpiryWarningmessageduringlogin
Bydefaultthenumberofdaysofwarningbeforepasswordexpiresissetto7.So,intheabove example,whentheuserdhineshtriestologinonApr30,2009hellgetthefollowingmessage.
$sshdhinesh@testingserver dhinesh@testingserver'spassword: Warning:yourpasswordwillexpirein3days
4.UserForcedtoChangePasswordafterExpiryDate
Ifthepasswordexpirydatereachesanduserdoesntchangetheirpassword,thesystemwillforcethe usertochangethepasswordbeforetheloginasshownbelow.
$sshdhinesh@testingserver dhinesh@testingserver'spassword: Youarerequiredtochangeyourpasswordimmediately(passwordaged) WARNING:Yourpasswordhasexpired.
Youmustchangeyourpasswordnowandloginagain! Changingpasswordfordhinesh (current)UNIXpassword: EnternewUNIXpassword: RetypenewUNIXpassword:
5.SettheAccountExpiryDateforanUser
YoucanalsousechagecommandtosettheaccountexpirydateasshownbelowusingoptionE.The dategivenbelowisinYYYYMMDDformat.ThiswillupdatetheAccountexpiresvalueasshown below.
#chageE"20090531"dhinesh #chageldhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:never Accountexpires:May31,2009 Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
6.ForcetheuseraccounttobelockedafterXnumberofinactivitydays
Typicallyifthepasswordisexpired,usersareforcedtochangeitduringtheirnextlogin.Youcanalso setanadditionalcondition,whereafterthepasswordisexpired,iftheusernevertriedtologinfor10 days,youcanautomaticallylocktheiraccountusingoptionIasshownbelow.Inthisexample,the Passwordinactivedateissetto10daysfromthePasswordexpiresvalue. Onceanaccountislocked,onlysystemadministratorswillbeabletounlockit.
#chageI10dhinesh #chageldhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:May13,2009 Accountexpires:May31,2009 Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
7.Howtodisablepasswordagingforanuseraccount
Toturnoffthepasswordexpirationforanuseraccount,setthefollowing: m0willsettheminimumnumberofdaysbetweenpasswordchangeto0 M99999willsetthemaximumnumberofdaysbetweenpasswordchangeto99999 I1(numberminusone)willsetthePasswordinactivetonever E1(numberminusone)willsetAccountexpirestonever.
#chagem0M99999I1E1dhinesh #chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:never Passwordinactive:never
Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:99999 Numberofdaysofwarningbeforepasswordexpires:7
ThisarticlewaswrittenbyDhineshkumarManikannan.Heisworkingat bk Systems (p) Ltd ,and interestedincontributingtotheopensource.TheGeekStuffwelcomesyourtipsand guest articles 30. ifconfig examples :Interfaceconfiguratorcommandifconfigisusedtoinitializethenetwork interfaceandtoenableordisabletheinterfacesasshowninthese7examples.
Ifconfig:7ExamplesToConfigureNetworkInterface byRAM ES H NATARAJA N onMARCH9,2009
ThisarticleiswrittenbyLakshmananG Ifconfigcommandisusedtoconfigurenetworkinterfaces.ifconfigstandsforinterfaceconfigurator. Ifconfigiswidelyusedtoinitializethenetworkinterfaceandtoenableordisabletheinterfaces. Inthisarticle,letusreview7commonusagesofifconfigcommand.
Photocourtesyofnew1mproved
1.ViewNetworkSettingsofanEthernetAdapter
#ifconfigeth0 eth0Linkencap:EthernetHWaddr00:2D:32:3E:39:3B inetaddr:192.168.2.2Bcast:192.168.2.255Mask:255.255.255.0 inet6addr:fe80::21d:92ff:fede:499b/64Scope:Link UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1 RXpackets:977839669errors:0dropped:1990overruns:0frame:0 TXpackets:1116825094errors:8dropped:0overruns:0carrier:0 collisions:0txqueuelen:1000 RXbytes:2694625909(2.5GiB)TXbytes:4106931617(3.8GiB) Interrupt:185Baseaddress:0xdc00
Ifconfig,wheninvokedwithnoargumentswilldisplayallthedetailsofcurrentlyactiveinterfaces.If yougivetheinterfacenameasanargument,thedetailsofthatspecificinterfacewillbedisplayed.
2.DisplayDetailsofAllinterfacesIncludingDisabledInterfaces
#ifconfiga
3.DisableanInterface
#ifconfigeth0down
4.EnableanInterface
#ifconfigeth0up
5.AssignipaddresstoanInterface
#ifconfigeth0192.168.2.2
Assign192.168.2.2astheIPaddressfortheinterfaceeth0. ChangeSubnetmaskoftheinterfaceeth0.
#ifconfigeth0netmask255.255.255.0
ChangeBroadcastaddressoftheinterfaceeth0.
#ifconfigeth0broadcast192.168.2.255
Assignipaddress,netmaskandbroadcastatthesametimetointerfaceeht0.
#ifconfigeth0192.168.2.2netmask255.255.255.0broadcast192.168.2.255
6.ChangeMTU
ThiswillchangetheMaximumtransmissionunit(MTU)toXX.MTUisthemaximumnumberof octetstheinterfaceisabletohandleinonetransaction.ForEthernettheMaximumtransmissionunit bydefaultis1500.
#ifconfigeth0mtuXX
7.Promiscuousmode
Bydefaultwhenanetworkcardreceivesapacket,itcheckswhetherthepacketbelongstoitself.If not,theinterfacecardnormallydropsthepacket.Butinpromiscuousmode,thecarddoesntdrop thepacket.Instead,itwillacceptallthepacketswhichflowsthroughthenetworkcard. Superuserprivilegeisrequiredtosetaninterfaceinpromiscuousmode.Mostnetworkmonitortools usethepromiscuousmodetocapturethepacketsandtoanalyzethenetworktraffic. Followingwillputtheinterfaceinpromiscuousmode.
#ifconfigeth0promisc
Followingwillputtheinterfaceinnormalmode.
#ifconfigeth0promisc
31. Oracle db startup an sthudown :EverysysadminshouldknowsomebasicDBAoperations.This explainshowtoshutdownandstarttheoracledatabase.

OracleDatabaseStartupandShutdownProcedure byRAM ES H NATARAJA N onJANUARY26,2009
PhotocourtesyofRob Shenk
ForaDBA,startingupandshuttingdownoforacledatabaseisaroutineandbasicoperation. SometimesLinuxadministratororprogrammermayendupdoingsomebasicDBAoperationson developmentdatabase.So,itisimportantfornonDBAstounderstandsomebasicdatabase administrationactivities. Inthisarticle,letusreviewhowtostartandstopanoracledatabase.
HowToStartupOracleDatabase
1.Logintothesystemwithoracleusername
Typicaloracleinstallationwillhaveoracleasusernameanddbaasgroup.OnLinux,dosutooracle asshownbelow.
$suoracle
2.Connecttooraclesysdba
MakesureORACLE_SIDandORACLE_HOMEaresetproperlyasshownbelow.
$env|grepORA ORACLE_SID=DEVDB ORACLE_HOME=/u01/app/oracle/product/10.2.0
Youcanconnectusingeither/assysdbaoranoracleaccountthathasDBAprivilege.
$sqlplus'/assysdba' SQL*Plus:Release10.2.0.3.0ProductiononSunJan1811:11:282009 Copyright(c)1982,2006,Oracle.AllRightsReserved. Connectedto: OracleDatabase10gEnterpriseEditionRelease10.2.0.3.0Production WiththePartitioningandDataMiningoptions SQL>
3.StartOracleDatabase
ThedefaultSPFILE(serverparameterfile)islocatedunder$ORACLE_HOME/dbs.Oraclewilluse thisSPFILEduringstartup,ifyoudontspecifyPFILE. Oraclewilllookfortheparameterfileinthefollowingorderunder$ORACLE_HOME/dbs.Ifanyone ofthemexist,itwillusethatparticularparameterfile. 1. spfile$ORACLE_SID.ora 2. spfile.ora 3. init$ORACLE_SID.ora TypestartupattheSQLcommandprompttostartupthedatabaseasshownbelow.
SQL>startup ORACLEinstancestarted. TotalSystemGlobalArea812529152bytes FixedSize2264280bytes VariableSize960781800bytes DatabaseBuffers54654432bytes RedoBuffers3498640bytes Databasemounted. Databaseopened. SQL>
IfyouwanttostartupOraclewithPFILE,passitasaparameterasshownbelow.
SQL>STARTUPPFILE=/u01/app/oracle/product/10.2.0/dbs/init.ora
Followingthreemethodsareavailabletoshutdowntheoracledatabase: 1. NormalShutdown 2. ShutdownImmediate 3. ShutdownAbort
HowToShutdownOracleDatabase
1.NormalShutdown
Duringnormalshutdown,beforetheoracledatabaseisshutdown,oraclewillwaitforallactiveusers todisconnecttheirsessions.Astheparametername(normal)suggest,usethisoptiontoshutdown thedatabaseundernormalconditions.
SQL>shutdown Databaseclosed. Databasedismounted. ORACLEinstanceshutdown. SQL>
2.ShutdownImmediate
Duringimmediateshutdown,beforetheoracledatabaseisshutdown,oraclewillrollbackactive transactionanddisconnectallactiveusers.Usethisoptionwhenthereisaproblemwithyour databaseandyoudonthaveenoughtimetorequestuserstologoff.
SQL>shutdownimmediate; Databaseclosed. Databasedismounted. ORACLEinstanceshutdown. SQL>
3.ShutdownAbort
Duringshutdownabort,beforetheoracledatabaseisshutdown,allusersessionswillbeterminated immediately.Uncomittedtransactionswillnotberolledback.Usethisoptiononlyduringemergency situationswhentheshutdownandshutdownimmediatedoesntwork.
$sqlplus'/assysdba' SQL*Plus:Release10.2.0.3.0ProductiononSunJan1811:11:332009 Copyright(c)1982,2006,Oracle.AllRightsReserved. Connectedtoanidleinstance. SQL>shutdownabort ORACLEinstanceshutdown. SQL>
32. PostgreSQL install and configure :SimilartomySQL,postgreSQLisveryfamousandfeature packedfreeandopensourcedatabase.Thisisajumpstartguidetoinstallandconfigurepostgresql fromsourceonLinux.

9StepstoInstallandConfigurePostgreSQLfromSourceonLinux byRAM ES H NATARAJA N onAPRIL9,2009
SimilartomySQL,postgreSQLisveryfamousandfeaturepackedfreeandopensourcedatabase. EarlierwevediscussedseveralinstallationsincludingLAMP stack installation ,Apache2 installation from source ,PHP5 installation from source andmySQL installation . Inthisarticle,letusreviewhowtoinstallpostgreSQLdatabaseonLinuxfromsourcecode.
Step1:DownloadpostgreSQLsourcecode
FromthepostgreSQL download site ,choosethemirror site thatislocatedinyourcountry.

#wgethttp://wwwmaster.postgresql.org/redir/198/f/source/v8.3.7/postgresql8.3.7.tar.gz
Step2:InstallpostgreSQL
#tarxvfzpostgresql8.3.7.tar.gz #cdpostgresql8.3.7 #./configure checkingforsgmlspl...no configure:creating./config.status config.status:creatingGNUmakefile config.status:creatingsrc/Makefile.global config.status:creatingsrc/include/pg_config.h config.status:creatingsrc/interfaces/ecpg/include/ecpg_config.h config.status:linking./src/backend/port/tas/dummy.stosrc/backend/port/tas.s config.status:linking./src/backend/port/dynloader/linux.ctosrc/backend/port/dynloader.c config.status:linking./src/backend/port/sysv_sema.ctosrc/backend/port/pg_sema.c config.status:linking./src/backend/port/sysv_shmem.ctosrc/backend/port/pg_shmem.c config.status:linking./src/backend/port/dynloader/linux.htosrc/include/dynloader.h config.status:linking./src/include/port/linux.htosrc/include/pg_config_os.h config.status:linking./src/makefiles/Makefile.linuxtosrc/Makefile.port #make make[3]:Leavingdirectory`/usr/save/postgresql8.3.7/contrib/spi' rmrf./testtablespace mkdir./testtablespace make[2]:Leavingdirectory`/usr/save/postgresql8.3.7/src/test/regress' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/src' makeCconfigall make[1]:Enteringdirectory`/usr/save/postgresql8.3.7/config' make[1]:Nothingtobedoneforàll'. make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/config' AllofPostgreSQLsuccessfullymade.Readytoinstall. #makeinstall makeCtest/regressinstall make[2]:Enteringdirectory`/usr/save/postgresql8.3.7/src/test/regress' /bin/sh../../../config/installshcpg_regress'/usr/local/pgsql/lib/pgxs/src/test/regress/pg_regress' make[2]:Leavingdirectory`/usr/save/postgresql8.3.7/src/test/regress' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/src' makeCconfiginstall make[1]:Enteringdirectory`/usr/save/postgresql8.3.7/config' mkdirp/usr/local/pgsql/lib/pgxs/config /bin/sh../config/installshcm755./installsh'/usr/local/pgsql/lib/pgxs/config/installsh' /bin/sh../config/installshcm755./mkinstalldirs'/usr/local/pgsql/lib/pgxs/config/mkinstalldirs' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/config' PostgreSQLinstallationcomplete.
PostgreSQL./configureoptions Followingarevariousoptionsthatcanbepassedtothe./configure: prefix=PREFIXinstallarchitectureindependentfilesinPREFIX.Defaultinstallationlocationis /usr/local/pgsql enableintegerdatetimesenable64bitintegerdate/timesupport
enablenls[=LANGUAGES]enableNativeLanguageSupport disableshareddonotbuildsharedlibraries disablerpathdonotembedsharedlibrarysearchpathinexecutables disablespinlocksdonotusespinlocks enabledebugbuildwithdebuggingsymbols(g) enableprofilingbuildwithprofilingenabled enabledtracebuildwithDTracesupport enabledependturnonautomaticdependencytracking enablecassertenableassertionchecks(fordebugging) enablethreadsafetymakeclientlibrariesthreadsafe enablethreadsafetyforceforcethreadsafetydespitethreadtestfailure disablelargefileomitsupportforlargefiles withdocdir=DIRinstallthedocumentationinDIR[PREFIX/doc] withoutdocdirdonotinstallthedocumentation withincludes=DIRSlookforadditionalheaderfilesinDIRS withlibraries=DIRSlookforadditionallibrariesinDIRS withlibs=DIRSalternativespellingofwithlibraries withpgport=PORTNUMchangedefaultportnumber[5432] withtclbuildTclmodules(PL/Tcl) withtclconfig=DIRtclConfig.shisinDIR withperlbuildPerlmodules(PL/Perl) withpythonbuildPythonmodules(PL/Python) withgssapibuildwithGSSAPIsupport withkrb5buildwithKerberos5support withkrbsrvnam=NAMEdefaultserviceprincipalnameinKerberos[postgres] withpambuildwithPAMsupport withldapbuildwithLDAPsupport withbonjourbuildwithBonjoursupport withopensslbuildwithOpenSSLsupport withoutreadlinedonotuseGNUReadlinenorBSDLibeditforediting withlibeditpreferredpreferBSDLibeditoverGNUReadline withosspuuiduseOSSPUUIDlibrarywhenbuildingcontrib/uuidossp withlibxmlbuildwithXMLsupport withlibxsltuseXSLTsupportwhenbuildingcontrib/xml2 withsystemtzdata=DIRusesystemtimezonedatainDIR withoutzlibdonotuseZlib withgnuldassumetheCcompilerusesGNUld[default=no] PostgreSQLInstallationIssue1: Youmayencounterthefollowingerrormessagewhileperforming./configureduringpostgreSQL installation.
#./configure checkingforlreadline...no checkingforledit...no configure:error:readlinelibrarynotfound Ifyouhavereadlinealreadyinstalled,seeconfig.logfordetailsonthe
failure.Itispossiblethecompilerisn'tlookingintheproperdirectory. Usewithoutreadlinetodisablereadlinesupport.
PostgreSQLInstallationSolution1: Installthereadlinedevelandlibtermcapdeveltosolvetheaboveissue.
#rpmivhlibtermcapdevel2.0.846.1.i386.rpmreadlinedevel5.11.1.i386.rpm warning:libtermcapdevel2.0.846.1.i386.rpm:HeaderV3DSAsignature:NOKEY,keyID1e5e0159 Preparing...###########################################[100%] 1:libtermcapdevel###########################################[50%] 2:readlinedevel###########################################[100%]
Step3:VerifythepostgreSQLdirectorystructure
Aftertheinstallation,makesurebin,doc,include,lib,manandsharedirectoriesarecreatedunder thedefault/usr/local/pgsqldirectoryasshownbelow.
#lsl/usr/local/pgsql/ total24 drwxrxrx2rootroot4096Apr823:25bin drwxrxrx3rootroot4096Apr823:25doc drwxrxrx6rootroot4096Apr823:25include drwxrxrx3rootroot4096Apr823:25lib drwxrxrx4rootroot4096Apr823:25man drwxrxrx5rootroot4096Apr823:25share
Step4:CreatepostgreSQLuseraccount
#adduserpostgres #passwdpostgres Changingpasswordforuserpostgres. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully.
Step5:CreatepostgreSQLdatadirectory
Createthepostgresdatadirectoryandmakepostgresuserastheowner.
#mkdir/usr/local/pgsql/data #chownpostgres:postgres/usr/local/pgsql/data #lsld/usr/local/pgsql/data drwxrxrx2postgrespostgres4096Apr823:26/usr/local/pgsql/data
Step6:InitializepostgreSQLdatadirectory
BeforeyoucanstartcreatinganypostgreSQLdatabase,theemptydatadirectorycreatedintheabove stepshouldbeinitializedusingtheinitdbcommandasshownbelow.
#supostgres #/usr/local/pgsql/bin/initdbD/usr/local/pgsql/data/ Thefilesbelongingtothisdatabasesystemwillbeownedbyuserpostgres Thisusermustalsoowntheserverprocess. Thedatabaseclusterwillbeinitializedwithlocaleen_US.UTF8. ThedefaultdatabaseencodinghasaccordinglybeensettoUTF8. Thedefaulttextsearchconfigurationwillbesetto"english".
fixingpermissionsonexistingdirectory/usr/local/pgsql/data...ok creatingsubdirectories...ok selectingdefaultmax_connections...100 selectingdefaultshared_buffers/max_fsm_pages...32MB/204800 creatingconfigurationfiles...ok creatingtemplate1databasein/usr/local/pgsql/data/base/1...ok initializingpg_authid...ok initializingdependencies...ok creatingsystemviews...ok loadingsystemobjects'descriptions...ok creatingconversions...ok creatingdictionaries...ok settingprivilegesonbuiltinobjects...ok creatinginformationschema...ok vacuumingdatabasetemplate1...ok copyingtemplate1totemplate0...ok copyingtemplate1topostgres...ok WARNING:enabling"trust"authenticationforlocalconnections Youcanchangethisbyeditingpg_hba.conforusingtheAoptionthe nexttimeyouruninitdb. Success.Youcannowstartthedatabaseserverusing: /usr/local/pgsql/bin/postgresD/usr/local/pgsql/data or /usr/local/pgsql/bin/pg_ctlD/usr/local/pgsql/datallogfilestart
Step7:ValidatethepostgreSQLdatadirectory
MakesureallpostgresDBconfigurationfiles(Forexample,postgresql.conf)arecreatedunderthe datadirectoryasshownbelow.
$lsl/usr/local/pgsql/data total64 drwx5postgrespostgres4096Apr823:29base drwx2postgrespostgres4096Apr823:29global drwx2postgrespostgres4096Apr823:29pg_clog rw1postgrespostgres3429Apr823:29pg_hba.conf rw1postgrespostgres1460Apr823:29pg_ident.conf drwx4postgrespostgres4096Apr823:29pg_multixact drwx2postgrespostgres4096Apr823:29pg_subtrans drwx2postgrespostgres4096Apr823:29pg_tblspc drwx2postgrespostgres4096Apr823:29pg_twophase rw1postgrespostgres4Apr823:29PG_VERSION drwx3postgrespostgres4096Apr823:29pg_xlog rw1postgrespostgres16592Apr823:29postgresql.conf
Step8:StartpostgreSQLdatabase
UsethepostgrespostmastercommandtostartthepostgreSQLserverinthebackgroundasshown below.
$/usr/local/pgsql/bin/postmasterD/usr/local/pgsql/data>logfile2>&1& [1]2222
$catlogfile LOG:databasesystemwasshutdownat2009040823:29:50PDT LOG:autovacuumlauncherstarted LOG:databasesystemisreadytoacceptconnections
Step9:CreatepostgreSQLDBandtesttheinstallation
Createatestdatabaseandconnecttoittomakesuretheinstallationwassuccessfulasshownbelow. Onceyoustartusingthedatabase,takebackupsfrequentlyasmentionedinhow to backup and restore PostgreSQL article.
$/usr/local/pgsql/bin/createdbtest $/usr/local/pgsql/bin/psqltest Welcometopsql8.3.7,thePostgreSQLinteractiveterminal. Type:\copyrightfordistributionterms \hforhelpwithSQLcommands \?forhelpwithpsqlcommands \gorterminatewithsemicolontoexecutequery \qtoquit test=#
33. Magic SysRq key :HaveyouwonderedwhattheSysRqkeyonyourkeyboarddoes.Hereisone useforit.YoucansafelyrebootLinuxusingthemagicSysRqkeyasexplainedhere.

SafeRebootOfLinuxUsingMagicSysRqKey byRAM ES H NATARAJA N onDECEMBER11,2008
ThisisaguestpostwrittenbyLakshmananG. Ifyouareworkingonkerneldevelopment,ordevicedrivers,orrunningacodethatcouldcause kernelpanic,SysRqkeywillbeveryvaluable.ThemagicSysRqkeyisakeycombinationintheLinux kernelwhichallowstheusertoperformvariouslowlevelcommandsregardlessofthesystemsstate. Itisoftenusedtorecoverfromfreezes,ortorebootacomputerwithoutcorruptingthefilesystem. ThekeycombinationconsistsofAlt+SysRq+commandkey.InmanysystemstheSysRqkeyisthe printscreenkey. First,youneedtoenabletheSysRqkey,asshownbelow.

echo"1">/proc/sys/kernel/sysrq
PhotocourtesyofKCIvey
ListofSysRqCommandKeys

FollowingarethecommandkeysavailableforAlt+SysRq+commandkey. kKillsalltheprocessrunningonthecurrentvirtualconsole. sThiswillattempttosyncallthemountedfilesystem. bImmediatelyrebootthesystem,withoutunmountingpartitionsorsyncing. eSendsSIGTERMtoallprocessexceptinit. mOutputcurrentmemoryinformationtotheconsole.
iSendtheSIGKILLsignaltoallprocessesexceptinit rSwitchthekeyboardfromrawmode(themodeusedbyprogramssuchasX11),toXLATEmode. ssyncallmountedfilesystem. tOutputalistofcurrenttasksandtheirinformationtotheconsole. uRemountallmountedfilesystemsinreadonlymode. oShutdownthesystemimmediately. pPrintthecurrentregistersandflagstotheconsole. 09Setstheconsoleloglevel,controllingwhichkernelmessageswillbeprintedtoyourconsole. fWillcalloom_killtokillprocesswhichtakesmorememory. hUsedtodisplaythehelp.Butanyotherkeysthantheabovelistedwillprinthelp. Wecanalsodothisbyechoingthekeystothe/proc/sysrqtriggerfile.Forexample,toreboota systemyoucanperformthefollowing.
echo"b">/proc/sysrqtrigger
PerformaSaferebootofLinuxusingMagicSysRqKey
ToperformasaferebootofaLinuxcomputerwhichhangsup,dothefollowing.Thiswillavoidthe fsckduringthenextrebooting.i.ePressAlt+SysRq+letterhighlightedbelow. unRaw(takecontrolofkeyboardbackfromX11, tErminate(sendSIGTERMtoallprocesses,allowingthemtoterminategracefully), kIll(sendSIGILLtoallprocesses,forcingthemtoterminateimmediately), Sync(flushdatatodisk), Unmount(remountallfilesystemsreadonly), reBoot. ThisarticlewaswrittenbyLakshmananG.Heisworkingin bk Systems (p) Ltd ,andinterestedin contributingtotheopensource.TheGeekStuffwelcomesyourtipsand guest articles 34. Wakeonlan Tutorial :UsingWakeonlanWOL,youcanturnontheremoteserverswhereyou donthavephysicalaccesstopressthepowerbutton.
WOLWakeonlanGuide:TurnOnServersRemotelyWithoutPhysicalAccess byRAM ES H NATARAJA N onNOVEMBER27,2008
PhotocourtesyofJamison Judd ThisisaguestpostwrittenbySathiyaMoorthy. Wakeonlan(wol)enablesyoutoswitchONremoteserverswithoutphysicallyaccessingit. WakeonlansendsmagicpacketstowakeonLANenabledethernetadaptersandmotherboardsto switchonremotecomputers. Bymistake,whenyoushutdownasysteminsteadofrebooting,youcanuseWakeonlantopoweron theserverremotely.Also,Ifyouhaveaserverthatdontneedtobeupandrunning247,youcan turnoffandturnontheserverremotelyanytimeyouwant. ThisarticlegivesabriefoverviewofWakeOnLANandinstructionstosetupWakeonlanfeature.
OverviewofWakeOnLAN
YoucanuseWakeonlanwhenamachineisconnectedtoLAN,andyouknowtheMACaddressofthat machine. YourNICshouldsupportwakeonlanfeature,anditshouldbeenabledbeforethe shutdown.Inmostcases,bydefaultwakeonlanisenabledontheNIC. Youneedtosendthemagicpacketfromanothermachinewhichisconnectedtothesamenetwork( LAN).Youneedrootaccesstosendmagicpacket.wakeonlanpackageshouldbeinstalledonthe machine. Whenthesystemcrashesbecauseofpowerfailure,forthefirsttimeyoucannotswitchonyour machineusingthisfacility.Butafterthefirstfirstbootyoucanusewakeonlantoturniton,ifthe servergetsshutdownforsomereason. WakeonLanisalsoreferredaswol.
CheckwhetherwolissupportedontheNIC
ExecutethefollowingethtoolcommandintheserverwhichyouwanttoswitchONfromaremote place.
#ethtooleth0 Settingsforeth0: Supportedports:[TPMII] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full Advertisedautonegotiation:Yes Speed:100Mb/s Duplex:Full Port:MII PHYAD:1 Transceiver:internal Autonegotiation:on SupportsWakeon:pumbg[Note:checkwhetherflaggispresent] Wakeon:g[Note:gmeanenabled.dmeansdisabled] Currentmessagelevel:0x00000001(1) Linkdetected:yes
IfSupportsWakeonisg,thenthesupportforwolfeatureisenabledontheNICcard.
EnablingwoloptionontheEthernetCard
#ethtoolseth0wolg
BydefaulttheWakeonwillbesettoginmostofthemachines.Ifnot,useethtooltosetthegflagto thewoloptionoftheNICcardasshownbelow. Note:Youshouldexecuteethtoolasroot,elseyoumaygetfollowingerrormessage.

$/sbin/ethtooleth0 Settingsforeth0: Cannotgetdevicesettings:Operationnotpermitted Cannotgetwakeonlansettings:Operationnotpermitted Currentmessagelevel:0x000000ff(255) Cannotgetlinkstatus:Operationnotpermitted
Installwakeonlanpackageonadifferentmachine
Installthewakeonlanpackageinthemachinefromwhereyouneedtosendthemagicpacketto
switchonyourserver.
#aptgetinstallwakeonlan
35.
List hardware spec using lshw :ls+hw=lshw,whichliststhehardwarespecsofyoursystem.
HowToGetHardwareSpecsofYourSystemUsinglshwHardwareLister byRAM ES H NATARAJA N onDECEMBER22,2008
ThisisaguestpostwrittenbySathiyaMoorthy. lshw(HardwareLister)commandgivesacomprehensivereportaboutallhardwareinyoursystem. Thisdisplaysdetailedinformationaboutmanufacturer,serialnumberofthesystem,motherboard, CPU,RAM,PCIcards,disks,networkcardetc., Usinglshw,youcangetinformationaboutthehardwarewithouttouchingascrewdrivertoopenthe serverchassis.Thisisalsoveryhelpfulwhentheserverislocatedinaremotedatacenter,whereyou donthavephysicalaccesstotheserver. Inourpreviousarticle,wediscussedabouthowtodisplayhardwareinformationonlinux usingdmidecode command .Inthisarticle,letusreviewhowtoviewthehardwarespecifications usinglshwcommand.
Photocourtesyofviagallery.com
Downloadlshw
DownloadthelatestversionoflshwfromHardware Lister website .Extractthesourcecodetothe /usr/srcasshownbelow.

#cd/usr/src #wgethttp://ezix.org/software/files/lshwB.02.13.tar.gz #gzipdlshwB.02.13.tar.gz #tarxvflshwB.02.13.tar
Note:Toinstalltheprecompiledversion,downloaditfromHardware Lister website .
Installlshw
#make
Installlshwasshownbelow.Thiswillinstalllshwinthe/usr/sbindirectory.
#makeinstall makeCsrcinstall make[1]:Enteringdirectory`/usr/src/lshwB.02.13/src' makeCcoreall make[2]:Enteringdirectory`/usr/src/lshwB.02.13/src/core' make[2]:Nothingtobedoneforàll'. make[2]:Leavingdirectory`/usr/src/lshwB.02.13/src/core' g++L./core/gWl,asneededolshwlshw.ollshwlresolv installpdm0755///usr/sbin installpm0755lshw///usr/sbin installpdm0755///usr/share/man/man1 installpm0644lshw.1///usr/share/man/man1
installpdm0755///usr/share/lshw installpm0644pci.idsusb.idsoui.txtmanuf.txt///usr/share/lshw make[1]:Leavingdirectory`/usr/src/lshwB.02.13/src'
lshwOutputLayout
Whenexecutinglshwwithoutoption,youwillgetdetailedinformationonthehardware configurationofthemachineintextformat.Followingisthestructureoflshwoutput.
systeminformation motherboardinformation cpuinformation cache,logicalcpu memory capacity,totalsize,individualbankinformation pcislotinformation ideslotinformation diskinformation totalsize,partition, usbslotinformation network
Followingisthepartialoutputoflshwcommand.
#lshw|head localhost description:RackMountChassis product:PowerEdge2850 vendor:DellComputerCorporation serial:1234567 width:32bits capabilities:smbios2.3dmi2.3smp1.4smp configuration:boot=normalchassis=rackmountcpus=2uuid=12345 *core description:Motherboard
Note:lshwmustberunasroottogetafullreport.lshwwilldisplaypartialreportwithawarning messageasshownbelowwhenyouexecuteitfromanonrootuser.
jsmith@localhost~>/usr/sbin/lshw WARNING:youshouldrunthisprogramassuperuser.
lshwClasses
Togetinformationaboutaspecifichardware,youcanuseclassoption.Followingclassescanbe usedwiththeclassoptioninthelshwcommand.
address bridge bus communication disk display generic input memory multimedia network
power printer processor storage system tape volume
GetInformationabouttheDisksusinglshw
Theexamplebelowwilldisplayalltheinformationaboutthedisksonthesystem.Thisindicatesthat the/dev/sdaisaSCSIDisk,RAID1configurationwithatotalcapacityof68G.
#lshwclassdisk *disk description:SCSIDisk product:LD0RAID169G vendor:MegaRAID physicalid:2.0.0 businfo:scsi@0:2.0.0 logicalname:/dev/sda version:516A size:68GiB(73GB) capabilities:partitionedpartitioned:dos configuration:ansiversion=2signature=000e1213
GetInformationaboutPhysicalMemory(RAM)oftheSystem
Pleasenotethatonlypartialoutputisshownbelow.
#lshwclassmemory *memory description:SystemMemory size:512MB capacity:2GB *bank:8 description:DIMMSynchronous[empty] *bank:9 description:DIMMSynchronous size:512MB width:32bits
GenerateCompactHardwareReportUsinglshw
Bydefaultlshwcommandgeneratesmultipagedetailedreport.Togenerateacompactreportuse shortoptionasshownbelow.Onlypartialoutputisshownbelow.
#lshwshort H/WpathDeviceClassDescription ======================================================= systemPowerEdge2850 /0bus12345 /0/0memory64KiBBIOS /0/400processorIntel(R)Xeon(TM)CPU3.40GHz /0/400/700memory16KiBL1cache /0/400/701memory1MiBL2cache /0/400/702memoryL3cache
/0/400/1.1processorLogicalCPU /0/1000memory4GiBSystemMemory /0/1000/0memory1GiBDIMMSynchronous400MHz(2.5ns) /0/1000/1memory1GiBDIMMSynchronous400MHz(2.5ns) /0/100/6/0/4eth2network82546EBGigabitEthernetController(Copper) /0/100/6/0/4.1eth3network82546EBGigabitEthernetController(Copper) /0/100/6/0.2bridge6700PXHPCIExpresstoPCIBridgeB /0/100/6/0.2/2busThorLightPulseFibreChannelHostAdapter /0/100/1ebridge82801PCIBridge /0/100/1e/ddisplayRadeonRV100QY[Radeon7000/VE]
GenerateHTMLorXMLHardwareReportUsinglshw
YoucangenerateaHTMLorXMLoutputfromthelshwcommanddirectlyasshownbelow.
#lshwhtml>hwinfo.html #lshwxml>hwinfo.xml
ThisarticlewaswrittenbySathiyaMoorthy,developerof enterprise postgres query analyser ,an efficienttoolforparsingpostgresqllogtogeneratehtmlreport,whichcanbeusedforfinetuningthe postgressettings,andsqlqueries.TheGeekStuffwelcomesyourtipsand guest articles . 36. View hardware spec using dmidecode :dmidecodecommandreadsthesystemDMItableto displayhardwareandBIOSinformationoftheserver.Apartfromgettingcurrentconfigurationofthe system,youcanalsogetinformationaboutmaximumsupportedconfigurationofthesystemusing dmidecode.Forexample,dmidecodegivesboththecurrentRAMonthesystemandthemaximum RAMsupportedbythesystem.
HowToGetHardwareInformationOnLinuxUsingdmidecodeCommand byRAM ES H NATARAJA N onNOVEMBER10,2008
PhotocourtesyofB Naveen Kumar dmidecodecommandreadsthesystemDMItabletodisplayhardwareandBIOSinformationofthe server.Apartfromgettingcurrentconfigurationofthesystem,youcanalsogetinformationabout maximumsupportedconfigurationofthesystemusingdmidecode.Forexample,dmidecodegives boththecurrentRAMonthesystemandthemaximumRAMsupportedbythesystem. Thisarticleprovidesanoverviewofthedmidecodeandfewpracticalexamplesonhowtouse dmidecodecommand.
1.Overviewofdmidecode
Distributed Management Task Force maintainstheDMI specification andSMBIOS specification .The outputofthedmidecodecontainsseveralrecordsfromtheDMI(DesktopManagementinterface) table. FollowingistherecordformatofthedmidecodeoutputoftheDMItable.
RecordHeader:Handle{recordid},DMItype{dmitypeid},{recordsize}bytes RecordValue:{multilinerecordvalue}
recordid:UniqueidentifierforeveryrecordintheDMItable. dmitypeid:Typeoftherecord.i.eBIOS,Memoryetc.,
recordsize:SizeoftherecordintheDMItable. multilinerecordvalues:MultilinerecordvalueforthatspecificDMItype. Sampleoutputofdmidecodecommand:

#dmidecode|head15 #dmidecode2.9 SMBIOS2.3present. 56structuresoccupying1977bytes. Tableat0x000FB320. Handle0xDA00,DMItype218,11bytes OEMspecificType HeaderandData: DA0B00DAB0001703082800 Handle0x0000,DMItype0,20bytes BIOSInformation Vendor:DellComputerCorporation Version:A07 ReleaseDate:01/13/2004
GetthetotalnumberofrecordsintheDMItableasshownbelow:
#dmidecode|grep^Handle|wcl 56 (or) #dmidecode|grepstructures 56structuresoccupying1977bytes.
2.DMITypes
DMITypeidwillgiveinformationaboutaparticularhardwarecomponentofyoursystem.Following commandwithtypeid4willgettheinformationaboutCPUofthesystem.
#dmidecodet4 #dmidecode2.9 SMBIOS2.3present. Handle0x0400,DMItype4,35bytes ProcessorInformation SocketDesignation:Processor1 Type:CentralProcessor Family:Xeon Manufacturer:Intel ID:290F0000FFFBEBBF Signature:Type0,Family15,Model2,Stepping9 Flags: FPU(Floatingpointunitonchip) VME(Virtualmodeextension) DE(Debuggingextension) PSE(Pagesizeextension) TSC(Timestampcounter) MSR(Modelspecificregisters)
FollowingarethedifferentDMItypesavailable.
TypeInformation 0BIOS 1System 2BaseBoard 3Chassis 4Processor 5MemoryController 6MemoryModule 7Cache 8PortConnector 9SystemSlots 10OnBoardDevices 11OEMStrings 12SystemConfigurationOptions 13BIOSLanguage 14GroupAssociations 15SystemEventLog 16PhysicalMemoryArray 17MemoryDevice 1832bitMemoryError 19MemoryArrayMappedAddress 20MemoryDeviceMappedAddress 21BuiltinPointingDevice 22PortableBattery 23SystemReset 24HardwareSecurity 25SystemPowerControls 26VoltageProbe 27CoolingDevice 28TemperatureProbe 29ElectricalCurrentProbe 30OutofbandRemoteAccess 31BootIntegrityServices 32SystemBoot 3364bitMemoryError 34ManagementDevice 35ManagementDeviceComponent 36ManagementDeviceThresholdData 37MemoryChannel 38IPMIDevice 39PowerSupply
Insteadoftype_id,youcanalsopassthekeywordtothetoptionofthedmidecodecommand. Followingaretheavailablekeywords.
KeywordTypes bios0,13 system1,12,15,23,32 baseboard2,10 chassis3
processor4 memory5,6,16,17 cache7 connector8 slot9
Forexample,togetallthesystembaseboardrelatedinformationexecutethefollowingcommand, whichwilldisplaythetype_id2and10
#dmidecodetbaseboard #dmidecode2.9 SMBIOS2.3present. Handle0x0200,DMItype2,9bytes BaseBoardInformation Manufacturer:DellComputerCorporation ProductName:123456 Version:A05 SerialNumber:..CN123456789098. Handle0x0A00,DMItype10,14bytes OnBoardDevice1Information Type:SCSIController Status:Enabled Description:LSILogic53C1030Ultra320SCSI OnBoardDevice2Information Type:SCSIController Status:Enabled Description:LSILogic53C1030Ultra320SCSI OnBoardDevice3Information Type:Video Status:Enabled Description:ATIRageXLPCIVideo OnBoardDevice4Information Type:Ethernet Status:Enabled Description:BroadcomGigabitEthernet1 OnBoardDevice5Information Type:Ethernet Status:Enabled Description:BroadcomGigabitEthernet2
3.GetPhysicalMemory(RAM)informationusingdmidecode
WhatisthemaximumRAMsupportedbythesystem?Inthisexample,thissystemcansupport maximum8GBofRAM.
#dmidecodet16 #dmidecode2.9 SMBIOS2.3present. Handle0x1000,DMItype16,15bytes PhysicalMemoryArray Location:SystemBoardOrMotherboard Use:SystemMemory
ErrorCorrectionType:MultibitECC MaximumCapacity:8GB ErrorInformationHandle:NotProvided NumberOfDevices:4
HowmuchmemorycanIexpandto?From/proc/meminfoyoucanfindoutthetotalcurrent memoryofyoursystemasshownbelow.
#grepMemTotal/proc/meminfo MemTotal:1034644kB
Inthisexample,thesystemhas1GBofRAM.Isthis1x1GB(or)2x512MB(or)4x256MB?This canbefiguredoutbypassingthetypeid17tothedmidecodecommandasshownbelow.Pleasenote intheexamplebelow,ifyouhavetoexpandupto8GBofmaximumRAM,youneedtoremovethe existing512MBfromslot1and2,anduse2GBRAMonallthe4memoryslots.

#dmidecodet17 #dmidecode2.9 SMBIOS2.3present. Handle0x1100,DMItype17,23bytes MemoryDevice ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:512MB[Note:Slot1has512MBRAM] FormFactor:DIMM Set:1 Locator:DIMM_1A BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns) Handle0x1101,DMItype17,23bytes MemoryDevice ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:512MB[Note:Slot2has512MBRAM] FormFactor:DIMM Set:1 Locator:DIMM_1B BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns) Handle0x1102,DMItype17,23bytes MemoryDevice
ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:NoModuleInstalled[Note:Slot3isempty] FormFactor:DIMM Set:2 Locator:DIMM_2A BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns) Handle0x1103,DMItype17,23bytes MemoryDevice ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:NoModuleInstalled[Note:Slot4isempty] FormFactor:DIMM Set:2 Locator:DIMM_2B BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns)
4.GetBIOSinformationusingdmidecode
#dmidecodetbios #dmidecode2.9 SMBIOS2.3present. Handle0x0000,DMItype0,20bytes BIOSInformation Vendor:DellComputerCorporation Version:A07 ReleaseDate:01/13/2004 Address:0xF0000 RuntimeSize:64kB ROMSize:4096kB Characteristics: ISAissupported PCIissupported PNPissupported BIOSisupgradeable BIOSshadowingisallowed ESCDsupportisavailable BootfromCDissupported Selectablebootissupported EDDissupported
JapanesefloppyforToshiba1.2MBissupported(int13h) 5.25"/360KBfloppyservicesaresupported(int13h) 5.25"/1.2MBfloppyservicesaresupported(int13h) 3.5"/720KBfloppyservicesaresupported(int13h) 8042keyboardservicesaresupported(int9h) Serialservicesaresupported(int14h) CGA/monovideoservicesaresupported(int10h) ACPIissupported USBlegacyissupported LS120bootissupported BIOSbootspecificationissupported Functionkeyinitiatednetworkbootissupported Handle0x0D00,DMItype13,22bytes BIOSLanguageInformation InstallableLanguages:1 en|US|iso88591 CurrentlyInstalledLanguage:en|US|iso88591
5.ViewManufacturer,ModelandSerialnumberoftheequipmentusingdmidecode
Youcangetinformationaboutthemake,modelandserialnumberoftheequipmentasshownbelow:
#dmidecodetsystem #dmidecode2.9 SMBIOS2.3present. Handle0x0100,DMItype1,25bytes SystemInformation Manufacturer:DellComputerCorporation ProductName:PowerEdge1750 Version:NotSpecified SerialNumber:1234567 UUID:4123454C41231123812312345603431 WakeupType:PowerSwitch Handle0x0C00,DMItype12,5bytes SystemConfigurationOptions Option1:NVRAM_CLR:ClearusersettableNVRAMareasandsetdefaults Option2:PASSWD:Closetoenablepassword Handle0x2000,DMItype32,11bytes SystemBootInformation Status:Noerrorsdetected
37. Use the support effectively :Companiesspendlotofcashonsupportmainlyfortworeasons:1) Togethelpfromvendorstofixcriticalproductionissues2)Tokeepuptodatewiththelatestversion ofthesoftwareandsecuritypatchesreleasedbythevendors.Inthisarticle,Ivegiven10practical tipsforDBAs,sysadminsanddeveloperstousetheirhardwareandsoftwaresupporteffectively.
10TipstoUseYourHardwareandSoftware VendorSupportEffectively
byRAMESHNATARAJAN onSEPTEMBER29,2008 Photocourtesyofwraithtdk
Companiespurchasesupportformostoftheirenterprisehardwares(servers,switches,routers,firewallsetc.,)and softwares(databases,OS,applications,frameworksetc.,).Theyspendlotofcashonsupportmainlyfortwo reasons:1)Togethelpfromvendorstofixcriticalproductionissues2)Tokeepuptodatewiththelatestversionof thesoftwareandsecuritypatchesreleasedbythevendors.Inthisarticle,Ivegiven10practicaltipsforDBAs, sysadminsanddeveloperstousetheirhardwareandsoftwaresupporteffectively.
1.UsetheKnowledgeBase
Mostvendorshavededicatedsupportwebsiteincludingaseparateknowledgebasesectionwithlotofwhitepapers, bestpracticedocuments,troubleshootingtipsandtricks.Usetheknowledgebasesectionofsupportwebsitetolearn andexpandyourknowledge.Mostofthetime,thebestpossiblesolutiontosolveaspecificproblemcanbefound fromtheknowledgebaseorforumofyourvendorsupportwebsite.Forexample,whenyouhaveanissuesettingup AutomaticStorageManagementduringOracle11ginstallation,Oraclessupportwebsitemetalink,willgiveyou appropriatesolutionthansearchingGoogle.
2.Usesupportwebsitetocreateticket
Insteadofcallingthesupportoverphone,usetheirwebsitetocreateaticket.Itis noteasytoexplaincomplextechnicalissueindetailtothesupportpersonover phone.Evenwhenyoutaketimetoexplaintheissueindetailoverphone,theymay stillmisslotofdetailsorwritetheissuedescriptionlittledifferently.Thiswillcause unnecessarydelay,asyouvetoexplaintheproblemagaintothesupportengineer whowillbeassignedtotheticket.Ifyoucreatetheticketyourselffromtheir website,youcanuploadallthesupportingmaterialsandcopy/pastetheerror message.Afteryoucreateaticketfromtheirwebsite,callthesupporttofollowupandmakesureanengineeris gettingassignedtoitimmediately.Iftheydonthaveasupportwebsite,askthemwhetheryoucancreateaticketby sendinganemail.
3.Explaintheissueindetail
Provideasmuchasinformationpossibleintheticketdescription.Dontassumethat thesupportengineerwillunderstandtheissuejustbylookingattheerrormessage youveprovided.Providingasmuchasinformationupfrontintheticketwillhelp youavoidlotofwastedtimegoingbackandforthexplainingtheissuesindetailto thesupport.Provideaclearstepbystepinstructionsonhowtoreproducetheissue.
4.Dosomeresearchanddebuggingbeforesubmittingthe ticket
Beforecreatingaticket,performsomebasicdebuggingtoeliminatesomeofthecommonissues.Attachrelatedlog filesanddebuggingoutputtotheticket.Ifyouveworkedwithyourvendorbefore,youllhaveagoodideaofallthe basiclogfilesandtestingtheymayaskyoutoperform.Dontwaitforthemtoaskthesamethingagain.Goahead
anddothosebasictestingyourselfandattachallthelogfilestotheticket.
5.Dontwastetimewithfirstlevelofsupport
Dealingwithfirstlevelofsupportiswasteoftimeforcomplexissues.Ifyouvedone#2,#3and#4mentioned aboveproperly,callthesupportanddemandthemtoescalateittothesecondlevelofsupport.Iftheydontrespond properly,escalatetheissuethroughvendorsaccountmanagerassignedtoyourcompany.
6.Usesupportforyourresearchproject
Dontjustcallsupportonlyforproductionissues.Callthemevenforyourresearchproject.Forexample,ifyouare performingaprototypeofanewsoftwarethatwasreleasedbyyourvendor,callthesupporttogettheirhelpwhen yougetstuck.Whenyouaretestingtheirnewbleedingedgesoftware,thatwasreleasedrecently,mostofthe vendorswillevenassignadedicatedresourcetohelpyouresolvetheissue,astheywanttofixalltheissuesintheir newsoftwareassoonasposible.
7.Setupyoursupportprofile
Anytimeyoucreateaticket,youmayhavetorepeatedlyentersomebasicinformationrelatedtoyouraccountand environment.Mostofthesupportsitehastheabilitytosetupaprofilewithallthebasicinformation,whichyoucan usewhenyouarecreatingaticket.Thiswillspeeduptheticketcreationprocess.
8.Setupsupportaccessforadmins
MakesureallyourDBAs,sysadminsandseniordevelopershaveaccesstothesupportwebsite.Ifyouaretheonly personwhohasaccesstosupportwebsite,identifyanotherbackupresourceforyouandmakesuretheyknowhow toaccessthesupportwebsitetocreateaticket,whenyouarenotavailable.Also,createaseparatesupportaccess documentwithvendorssupporttelephonenumber,youraccountnumber,supportwebsiteURLandputitina sharedareawherealladminscanaccessit.
9.Subscribetosecurityalert
ItisveryimportantforDBAs,sysadmins,andseniordeveloperstosubscribetothesecurityalertsfromthesupport website.Ifthereareanycriticalsecurityupdatesthataffectsyourhardwareandsoftware,itshouldbeimmediately testedontestenvironmentandmovedtoproduction.Ihaveseenadminswhoreceivethesecurityalerts,butdont readthoseemailsconsistently.Itisveryimportanttoactonsecurityalertsfromyourvendorsimmediately.
10.Getofficialdocumentationanddiagnosticstools
Usesupporttogetofficialdocumentationforyourhardwareandsoftware.Callyourvendorsupportandaskfor diagnosticstoolsandbestpracticedocumentsformaintainingyourhardwareandsoftware.Mostofushatetoread documentation.Butexperienceddevelopersandadminsunderstandthatreadingofficialdocumentationof hardwareandsoftwarewillgivethemindepthunderstandingabouttheproduct.
Doyouusesupportfromyourhardwareandsoftwarevendors?Ifyouhaveanytips,pleaseleaveacomment. Ifyoulikedthisarticle,pleasebookmarkitondeliciousandstumbleit.
38. Install/Upgrade LAMP using Yum :InstallingLAMPstackusingyumisagoodoptionfor beginnerswhodontfeelcomfortableinstallingfromsource.Also,InstallingLAMPstackusingyumis
agoodchoice,ifyouwanttokeepthingssimpleandjustusethedefaultconfiguration.
HowToInstallOrUpgradeLAMP:Linux,Apache,MySQLandPHPStackUsingYum byRAM ES H NATARAJA N onSEPTEMBER15,2008
PreviouslywediscussedabouthowtoinstallApache andPHPfromsource.Installing LAMPstackfromsourcewillgiveyoufullcontroltoconfiguredifferentparameters. InstallingLAMPstackusingyumisveryeasyandtakesonlyminutes.Thisisagoodoptionfor beginnerswhodontfeelcomfortableinstallingfromsource.Also,InstallingLAMPstackusingyumis agoodchoice,ifyouwanttokeepthingssimpleandjustusethedefaultconfiguration.
1.InstallApacheusingYum
#rpmqa|grephttpd [Note:Iftheabovecommanddidnotreturnanything, installapacheasshownbelow] #yuminstallhttpd
VerifythatApachegotinstalledsuccessfully
#rpmqa|grepihttp httpdtools2.2.91.fc9.i386 httpd2.2.91.fc9.i386
Enablehttpdservicetostartautomaticallyduringsystemstartupusingchkconfig.StarttheApache asshownbelow.
#chkconfighttpdon #servicehttpdstart Startinghttpd:[OK]
2.UpgradeApacheusingYum
IfyouveselectedwebserverpackageduringLinuxinstallation,Apacheisalreadyinstalledonyour Linux.Inwhichcase,youcanupgradeApachetothelatestversionasshownbelow. CheckwhetherApacheisalreadyinstalled.
#rpmqa|grepihttp httpdtools2.2.83.i386 httpd2.2.83.i386 [Note:ThisindicatesthatApache2.2.8versionisinstalledalready] #yumcheckupdatehttpd Loadedplugins:refreshpackagekit httpd.i3862.2.91.fc9updates [Note:ThisindicatesthatthelatestApacheversion2.2.9 isavailableforupgrade]
CheckwhetherlatestversionofApacheisavailableforinstallationusingyum.
UpgradeApachetolatestversionusingyum.
#yumupdatehttpd
Outputoftheyumupdatehttpdcommand:
Loadedplugins:refreshpackagekit SettingupUpdateProcess
ResolvingDependencies >Runningtransactioncheck >Packagehttpd.i3860:2.2.91.fc9settobeupdated >ProcessingDependency:httpdtools=2.2.91.fc9forpackage:httpd >Runningtransactioncheck >Packagehttpdtools.i3860:2.2.91.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Updating: httpdi3862.2.91.fc9updates975k httpdtoolsi3862.2.91.fc9updates69k TransactionSummary =============================================================== ============== Install0Package(s) Update2Package(s) Remove0Package(s) Totaldownloadsize:1.0M Isthisok[y/N]:y DownloadingPackages: (1/2):httpdtools2.2.91.fc9.i386.rpm|69kB00:00 (2/2):httpd2.2.91.fc9.i386.rpm|975kB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Updating:httpdtools[1/4] Updating:httpd[2/4] Cleanup:httpd[3/4] Cleanup:httpdtools[4/4] Updated:httpd.i3860:2.2.91.fc9httpdtools.i3860:2.2.91.fc9 Complete!
VerifywhethertheApachegotupgradedsuccessfully.
#rpmqa|grepihttp
httpdtools2.2.91.fc9.i386 httpd2.2.91.fc9.i386 [Note:ThisindicatesthatApachewasupgradedto2.2.9successfully]
3.InstallMySQLusingYum
Yumisverysmarttoidentifyallthedependenciesandinstallthoseautomatically.Forexample,while
installingmysqlserverusingyum,italsoautomaticallyinstallsthedependedmysqllibs,perlDBI, mysql,perlDBDMySQLpackagesasshownbelow.
#yuminstallmysqlserver
Outputofyuminstallmysqlservercommand:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagemysqlserver.i3860:5.0.51a1.fc9settobeupdated >ProcessingDependency:libmysqlclient_r.so.15formysqlserver >ProcessingDependency:libmysqlclient.so.15formysqlserver >ProcessingDependency:perlDBIforpackage:mysqlserver >ProcessingDependency:mysql=5.0.51a1.fc9forpackage:mysqlserver >ProcessingDependency:libmysqlclient.so.15forpackage:mysqlserver >ProcessingDependency:perl(DBI)forpackage:mysqlserver >ProcessingDependency:perlDBDMySQLforpackage:mysqlserver >ProcessingDependency:libmysqlclient_r.so.15forpackage:mysqlserver >Runningtransactioncheck >Packagemysql.i3860:5.0.51a1.fc9settobeupdated >Packagemysqllibs.i3860:5.0.51a1.fc9settobeupdated >PackageperlDBDMySQL.i3860:4.0058.fc9settobeupdated >PackageperlDBI.i3860:1.6071.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: mysqlserveri3865.0.51a1.fc9fedora9.8M Installingfordependencies: mysqli3865.0.51a1.fc9fedora2.9M mysqllibsi3865.0.51a1.fc9fedora1.5M perlDBDMySQLi3864.0058.fc9fedora165k perlDBIi3861.6071.fc9updates776k TransactionSummary =============================================================== ============== Install5Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:15M Isthisok[y/N]:y DownloadingPackages: (1/5):perlDBDMySQL4.0058.fc9.i386.rpm|165kB00:00
(2/5):perlDBI1.6071.fc9.i386.rpm|776kB00:00 (3/5):mysqllibs5.0.51a1.fc9.i386.rpm|1.5MB00:00 (4/5):mysql5.0.51a1.fc9.i386.rpm|2.9MB00:00 (5/5):mysqlserver5.0.51a1.fc9.i386.rpm|9.8MB00:01 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:mysqllibs[1/5] Installing:perlDBI[2/5] Installing:mysql[3/5] Installing:perlDBDMySQL[4/5] Installing:mysqlserver[5/5] Installed:mysqlserver.i3860:5.0.51a1.fc9 DependencyInstalled: mysql.i3860:5.0.51a1.fc9mysqllibs.i3860:5.0.51a1.fc9 perlDBDMySQL.i3860:4.0058.fc9perlDBI.i3860:1.6071.fc9 Complete!
VerifywhetherMySQLgotinstalledproperly.
#rpmqa|grepimysql phpmysql5.2.62.fc9.i386 mysqllibs5.0.51a1.fc9.i386 mysqlserver5.0.51a1.fc9.i386 perlDBDMySQL4.0058.fc9.i386 mysql5.0.51a1.fc9.i386 #mysqlV
mysqlVer14.12Distrib5.0.51a,forredhatlinuxgnu(i386)usingreadline5.0
ConfigureMySQLtostartautomaticallyduringsystemstartup.
#chkconfigmysqldon #servicemysqldstart
StartMySQLservice. Thefirsttimewhenyoustartmysqld,itwillgiveadditionalinformationmessageindicatingto performpostinstallconfigurationasshownbelow.

InitializingMySQLdatabase: InstallingMySQLsystemtables...OK Fillinghelptables...OK Tostartmysqldatboottimeyouhavetocopy supportfiles/mysql.servertotherightplaceforyoursystem PLEASEREMEMBERTOSETAPASSWORDFORTHEMySQLrootUSER! Todoso,starttheserver,thenissuethefollowingcommands: /usr/bin/mysqladminurootpassword'newpassword' /usr/bin/mysqladminuroothdevdbpassword'newpassword' Alternativelyyoucanrun:/usr/bin/mysql_secure_installation
whichwillalsogiveyoutheoptionofremovingthetest databasesandanonymoususercreatedbydefault.Thisis highlyrecommendedforproductionservers. Seethemanualformoreinstructions. YoucanstarttheMySQLdaemonwith: cd/usr;/usr/bin/mysqld_safe& YoucantesttheMySQLdaemonwithmysqltestrun.pl cdmysqltest;perlmysqltestrun.pl Pleasereportanyproblemswiththe/usr/bin/mysqlbugscript! ThelatestinformationaboutMySQLisavailableonthewebat http://www.mysql.com SupportMySQLbybuyingsupport/licensesathttp://shop.mysql.com StartingMySQL:[OK]
4.PerformMySQLpostinstallationactivities
Afterthemysqlinstallation,youcanlogintomysqlrootaccountwithoutprovidinganypasswordas shownbelow.
#mysqluroot WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis2 Serverversion:5.0.51aSourcedistribution Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>
Tofixthisproblem,youneedtoassignapasswordtomysqlrootaccountasshownbelow.Execute mysql_secure_installationscript,whichperformsthefollowingactivities: Assigntherootpassword Removetheanonymoususer Disallowrootloginfromremotemachines Removethedefaultsampletestdatabase

#/usr/bin/mysql_secure_installation
Outputofmysql_secure_installationscript:
NOTE:RUNNINGALLPARTSOFTHISSCRIPTISRECOMMENDEDFORALLMySQL SERVERSINPRODUCTIONUSE!PLEASEREADEACHSTEPCAREFULLY! InordertologintoMySQLtosecureit,we'llneedthecurrent passwordfortherootuser.Ifyou'vejustinstalledMySQL,and youhaven'tsettherootpasswordyet,thepasswordwillbeblank, soyoushouldjustpressenterhere. Entercurrentpasswordforroot(enterfornone): OK,successfullyusedpassword,movingon... SettingtherootpasswordensuresthatnobodycanlogintotheMySQL rootuserwithouttheproperauthorisation.
Setrootpassword?[Y/n]Y Newpassword:[Note:Enterthemysqlrootpasswordhere] Reenternewpassword: Passwordupdatedsuccessfully! Reloadingprivilegetables.. ...Success! Bydefault,aMySQLinstallationhasananonymoususer,allowinganyone tologintoMySQLwithouthavingtohaveauseraccountcreatedfor them.Thisisintendedonlyfortesting,andtomaketheinstallation goabitsmoother.Youshouldremovethembeforemovingintoa productionenvironment. Removeanonymoususers?[Y/n]Y ...Success! Normally,rootshouldonlybeallowedtoconnectfrom'localhost'.This ensuresthatsomeonecannotguessattherootpasswordfromthenetwork. Disallowrootloginremotely?[Y/n]Y ...Success! Bydefault,MySQLcomeswithadatabasenamed'test'thatanyonecan access.Thisisalsointendedonlyfortesting,andshouldberemoved beforemovingintoaproductionenvironment. Removetestdatabaseandaccesstoit?[Y/n]Y Droppingtestdatabase... ...Success! Removingprivilegesontestdatabase... ...Success! Reloadingtheprivilegetableswillensurethatallchangesmadesofar willtakeeffectimmediately. Reloadprivilegetablesnow?[Y/n]Y ...Success! Cleaningup... Alldone!Ifyou'vecompletedalloftheabovesteps,yourMySQL installationshouldnowbesecure. ThanksforusingMySQL!
VerifytheMySQLpostinstallactivities:
#mysqluroot ERROR1045(28000):Accessdeniedforuser'root'@'localhost'(usingpassword:NO) [Note:rootaccesswithoutpasswordisdenied] #mysqlurootp Enterpassword:
WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis13 Serverversion:5.0.51aSourcedistribution Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>showdatabases; ++ |Database| ++ |information_schema| |mysql| ++ 2rowsinset(0.00sec) [Note:testdatabaseisremoved]
5.UpgradeMySQLusingYum
CheckwhetherMySQLisalreadyinstalled.
#rpmqa|grepimysql
CheckwhetheralatestversionofMySQLisavailableforinstallationusingyum.
#yumcheckupdatemysqlserver #yumupdatemysqlserver #yuminstallphp
UpgradeMySQLtolatestversionusingyum.
6.InstallPHPusingYum
Outputofyuminstallphp:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagephp.i3860:5.2.62.fc9settobeupdated >ProcessingDependency:phpcommon=5.2.62.fc9forpackage:php >ProcessingDependency:phpcli=5.2.62.fc9forpackage:php >Runningtransactioncheck >Packagephpcommon.i3860:5.2.62.fc9settobeupdated >Packagephpcli.i3860:5.2.62.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: phpi3865.2.62.fc9updates1.2M Installingfordependencies: phpclii3865.2.62.fc9updates2.3M phpcommoni3865.2.62.fc9updates228k TransactionSummary
=============================================================== ============== Install3Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:3.8M Isthisok[y/N]:y DownloadingPackages: (1/3):phpcommon5.2.62.fc9.i386.rpm|228kB00:00 (2/3):php5.2.62.fc9.i386.rpm|1.2MB00:00 (3/3):phpcli5.2.62.fc9.i386.rpm|2.3MB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:phpcommon[1/3] Installing:phpcli[2/3] Installing:php[3/3] Installed:php.i3860:5.2.62.fc9 DependencyInstalled:phpcli.i3860:5.2.62.fc9phpcommon.i3860:5.2.62.fc9 Complete!
Verifythatphpgotinstalledsuccessfully.
#rpmqa|grepiphp phpcli5.2.62.fc9.i386 php5.2.62.fc9.i386 phpcommon5.2.62.fc9.i386
InstallMySQLmoduleforPHP .
#yumsearchphpmysql Loadedplugins:refreshpackagekit ===========Matched:phpmysql============= phpmysql.i386:AmoduleforPHPapplicationsthatuseMySQLdatabases #yuminstallphpmysql
Outputofyuminstallphpmysql:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagephpmysql.i3860:5.2.62.fc9settobeupdated >ProcessingDependency:phppdoforpackage:phpmysql >Runningtransactioncheck >Packagephppdo.i3860:5.2.62.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved
=============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: phpmysqli3865.2.62.fc9updates81k Installingfordependencies: phppdoi3865.2.62.fc9updates62k TransactionSummary =============================================================== ============== Install2Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:143k Isthisok[y/N]:y DownloadingPackages: (1/2):phppdo5.2.62.fc9.i386.rpm|62kB00:00 (2/2):phpmysql5.2.62.fc9.i386.rpm|81kB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:phppdo[1/2] Installing:phpmysql[2/2] Installed:phpmysql.i3860:5.2.62.fc9 DependencyInstalled:phppdo.i3860:5.2.62.fc9 Complete!
IfyouneedadditionalPHPmodules,installthemusingyumasshownbelow.
#yuminstallphpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd
7.UpgradePHPusingYum
#rpmqa|grepiphp
CheckwhetherPHPisinstalled. CheckwhetheralatestversionofPHPisavailableforinstallationusingyum.
#yumcheckupdatephp #yumupdatephp
UpgradePHPtothelatestversionusingyum. UpgradeanyadditionalPHPmodulesthatyouveinstalledusingyum.
#yumcheckupdatephpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd #yumupdatephpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd
VerifythePHPinstallationbycreatingatest.phpfileasshownbelow.
#cat/var/www/html/test.php <?phpinfo();?>
Invokethetest.phpfromthebrowserhttp://{lampserverip}/test.php,whichwilldisplayallPHP configurationinformationandtheinstalledmodules. Ifyoulikedthisarticle,pleasebookmarkitondel.icio.usandStumbleit. 39. Template to track your hardware assests :Ifyouaremanagingmorethanoneequipmentin yourorganization,itisveryimportanttodocumentandtrackALLinformationabouttheservers effectively.Inthisarticle,Ihavelisted36attributesthatneedstobetrackedforyourequipments, withanexplanationonwhyitneedstobetracked.Ihavealsoprovidedaspreadsheettemplatewith thesefieldsthatwillgiveyouajumpstart.
36ItemsToCaptureForPracticalHardwareAssetTracking byRAM ES H NATARAJA N onAUGUST18,2008
Ifyouaremanagingmorethanoneequipmentinyourorganization,itisveryimportant todocumentandtrackALLinformationabouttheserverseffectively.Inthisarticle,Ihavelisted36 attributesthatneedstobetrackedforyourequipments,withanexplanationonwhyitneedstobe tracked.Ihavealsoprovidedaspreadsheettemplatewiththesefieldsthatwillgiveyouajumpstart. Beforegettingintothedetailsofwhatneedstobetracked,letuslookatfewreasonsonwhyyou shoulddocumentALLyourequipments. IdentifyingWhatneedstobetrackedisfarmoreimportantthanHowyouaretrackingit.Dontget trappedintoresearchingthebestavailableassettrackingsoftware.Keepitsimpleanduseaspread sheetfortracking.Onceyouhavedocumentedeverything,lateryoucanalwaysfindasoftwareand exportthisdatatoit. Sysadminshatestodocumentanything.Theywouldratherspendtimeexploringcoolnew technologythandocumentingtheircurrenthardwareandenvironment.But,aseasonedsysadmin knowsthatspendingtimetodocumentthedetailsabouttheequipemnts,isgoingtosavelotoftime inthefuture,whenthereisaproblem. Neverassumeanything.Whenitcomestodocumentation,themoredetailsyoucanaddisbetter. Dontcreatedocumentbecauseyourbossisinsistingonit.Instead,createthedocumentbecauseyou trulybelieveitwilladdvaluetoyouandyourteam.Ifyoudocumentwithoutunderstandingor believingthepurpose,youwillessentiallyleaveoutlotofcriticaldetails,whichwilleventuallymake thedocumentworthless. OnceyouvecapturedtheattributesmentionedbelowforALLyourservers,switches,firewallsand otherequipments,youcanusethismasterlisttotrackanyfutureenterprisewide implementation/changes.Fore.g.Ifyouarerollingoutanewbackupstrategythroughoutyour enterprise,addanewcolumncalledbackupandmarkitasYesorNo,totrackwhetherthatspecific actionhasbeenimplementedonthatparticularequipment. Ihavearrangedthe36itemsinto9differentgroupsandprovidedasamplevaluenexttothefield namewithinparenthesis.Thesefieldsandgroupingsarejustguidelines.Ifrequired,modifythis accordinglytotrackadditionalattributesspecifictoyourenvironment.
Equipment Detail
(1)Description(ProductionCRMDBServer)Thisfieldshouldexplainthepurposeofthis equipment.EvenanonITpersonshouldbeabletoidentifythisequipmentbasedonthisdescription. (2)HostName(prodcrmdbsrv)TherealhostnameoftheequipmentasdefinedattheOSlevel. (3)Department(Sales)Whichdepartmentdoesthisequipmentbelongto? (4)Manufacturer(DELL)Manufactureroftheequipment.
(5)Model(PowerEdge2950)Modeloftheequipment. (6)Status(Active)Thecurrentstatusoftheequipment.Usethisfieldtoidentifywhetherthe equipmentisinoneofthefollowingstate: ActiveCurrentlyinuse RetiredOldequipment,notgettingusedanymore AvailableOld/Newequipment,readyandavailableforusage (7)Category(Server)Iprimarilyusethistotrackthetypeofequipment.Thevalueinthisfield couldbeoneofthefollowingdependingtheequipment: Server Switch PowerCircuit Router Firewalletc.
Tag/Serial#
Fortrackingpurpose,differentvendorsusedifferentnamesfortheserialnumbers.i.eSerialNumber, PartNumber,AssetNumber,ServiceTag,ExpressCodeetc.Fore.g.DELLtrackstheirequipment usingServiceTagandExpresscode.So,ifmajorityoftheequipmentsinyourorganizationareDELL, itmakesensetohaveseparatecolumnsforServiceTagandExpressCode. (8)SerialNumber (9)PartNumber (10)ServiceTAG (11)ExpressCode (12)CompanyAssetTAGEveryorganizationmayhavetheirownwayoftrackingthesystemusing barcodeorcustomassettrackingnumber.Usethisfieldtotracktheequipmentusingthecode assignedbyyourcompany
Location
(13)PhysicalLocation(LosAngeles)Usethisfieldtospecifythephysicallocationoftheserver.If youhavemultipledatacenterindifferentcities,usethecitynametotrackit. (14)Cage/Room#Thecageorroomnumberwherethisequipmentislocated. (15)Rack#Iftherearemultipleracksinsideyourdatacenter,specifytherack#wherethe equipmentislocated.Ifyourrackdoesnthaveanynumbers,createyourownnumberingschemefor therack. (16)RackPositionThisindicatestheexactlocationoftheserverwithintherack.fore.g.the serverlocatedatthebottomoftherackhastherackpositionof#1andtheoneaboveis#2.
Network
(17)PrivateIP(192.168.100.1)Specifytheinternalipaddressoftheequipment. (18)PublicIPSpecifytheexternalipaddressoftheequipment. (19)NIC(GB1,Slot1/Port1) Trackingthisinformationisveryhelpful,whensomeoneaccidentallypullsacablefromtheserver(If thisneverhappenedtoyou,itisonlyamatteroftimebeforeithappens).Usingthisfieldvalue,you willknowexactlywheretopluginthecable.Iftheserverhasmorethanonenetworkconnection, specifyalltheNICsusingacommaseparatedvalue. Inthisexample(GB1,Slot1/Port1),theserverhastwoethernetcablesconnected.Firstone connectedtotheonboardNICmarkedasGB1.SecondoneconnectedtothePort#1ontheNIC card,insertedtothePCISlot#1. Evenwhentheserverhasonlyoneethernetcableconnected,specifytheport#towhichitis
connected.Fore.g.MostoftheDELLserverscomeswithtwoonboardNIClabeledasGB1andGB2. So,youshouldknowtowhichNICyouveconnectedyourethernetcable. (20)Switch/Port(Switch1/Port10,Switch4/Port15)UsingtheNICfieldabove,youvetrackedthe exactportwhereoneendoftheethernetcableisconnectedontheserver.Now,youshouldtrack wheretheotherendofthecableisconnectedto.Inthisexamplethecableconnectedtotheserveron theGB1isconnectedtothePort10onSwitch1.ThecableconnectedtotheserveronPort#1ofPCI Slot#1isconnectedtothePort15onSwitch4. (21)NagiosMonitored?(Yes)Usethisfieldtoindicatewhetherthisequipmentisgetting monitoredthroughanymonitoringsoftware.
Storage
OS Detail
(22)SAN/NASConnected?(Yes)Usethisfieldtotrackwhetheraparticularserverisconnectedto anexternalstorage. (23)TotalDriveCount(4)Thisindicatesthetotalnumberofinternaldrivesontheserver.This cancomeveryhandyforcapacitymanagement.fore.g.Someofthedellserverscomesonlywith6 slotsforinternalharddrives.Inthisexample,justbylookingatthedocument,weknowthatthere are4diskdrivesintheserversandyouhaveroomtoadd2morediskdrives. (24)OS(Linux)UsethisfieldtotracktheOSthatisrunningontheequipment.Fore.g.Linux, Windows,CiscoIOSetc. (25)OSVersion(RedHatEnterpriseLinuxASrelease4(NahantUpdate5))Theexactversionof theOS.
Warranty
Purchase & Lease
(26)WarrentyStartDate (27)WarrentyEndDate (28)DateofPurchaseIfyouhavepurchasedtheequipment,filloutthedateofpurchaseandthe price. (29)PurchasePrice (30)LeaseBeginDateIfyouhaveleasedtheequipment,filloutalltheleasedetails. (31)LeaseExpiryDate (32)LeasingCompanyThecompanywhoownstheleaseonthisequipment. (33)BuyOutOption($1)Isthisadollaronebuyout(or)FairMarketValuepurchase?Thiswill giveyouanideaonwhethertostartplanningforanewequipmentaftertheleaseexpirydateorto keeptheexistingequipment. (34)MonthlyLeasePayment
Additional Information
(35)URLIfthisisawebserver,givetheURLtoaccessthewebapplicationrunningonthesystem. Ifthisisaswitchorrouter,specifytheadminURL. (36)NotesEnteradditionalnotesabouttheequipmentthatdoesntfitunderanyoftheabove fields.Itmaybeverytemptingtoaddusernameandpasswordfieldstothisspreadsheet.Forsecurity reasons,neverusethisspreadsheettostoretherootoradministratorpasswordoftheequipment. Asset Tracking Excel Template 1.0 Thisexceltemplatecontainsallthe36fieldsmentionedaboveto giveyouajumpstartontrackingequipmentsinyourenterprise.Ifyouconvertthisspreadsheetto otherformatsusedbydifferenttools,sendittomeandIlladdithereandgivecredittoyou.Ihope youfindthisarticlehelpful.Forwardthistoappropriatepersoninyourorganizationwhomaybenefit fromthisarticlebytrackingtheequipmentseffectively.Also,IfyouthinkIvemissedanyattributeto
trackintheabovelist,pleaseletmeknow. Ifyoulikedthisarticle,pleasebookmarkitondel.icio.us,DiggandStumbleusingthelinkprovided belowunderWhatNext?section. 40. Disable SELinux :IfyoudontunderstandhowSELinuxworksandthefundamentaldetailson howtoconfigureit,keepingitenabledwillcauselotofissues.Untilyouunderstandthe implementationdetailsofSELinuxyoumaywanttodisableittoavoidsomeunnecessaryissuesas explainedhere.
4EffectiveMethodstoDisableSELinuxTemporarilyorPermanently byRAM ES H NATARAJA N onJUNE1,2009
OnsomeoftheLinuxdistributionSELinuxisenabledbydefault,whichmaycausesome unwantedissues,ifyoudontunderstandhowSELinuxworksandthefundamentaldetailsonhowto configureit.IstronglyrecommendthatyouunderstandSELinuxandimplementitonyour environment.But,untilyouunderstandtheimplementationdetailsofSELinuxyoumaywantto disableittoavoidsomeunnecessaryissues. TodisableSELinuxyoucanuseanyoneofthe4differentmethodsmentionedinthisarticle. TheSELinuxwillenforcesecuritypoliciesincludingthemandatoryaccesscontrolsdefinedbytheUS DepartmentofDefenceusingtheLinuxSecurityModule(LSM)definedintheLinuxKernel.Every filesandprocessinthesystemwillbetaggedwithspecificlabelsthatwillbeusedbytheSELinux. YoucanuselsZandviewthoselabelsasshownbelow.
#lsZ/etc/ rwrrrootrootsystem_u:object_r:etc_t:s0a2ps.cfg rwrrrootrootsystem_u:object_r:adjtime_t:s0adjtime rwrrrootrootsystem_u:object_r:etc_aliases_t:s0aliases drwxrxrootrootsystem_u:object_r:auditd_etc_t:s0audit drwxrxrxrootrootsystem_u:object_r:etc_runtime_t:s0blkid drwxrxrxrootrootsystem_u:object_r:bluetooth_conf_t:s0bluetooth drwxrootrootsystem_u:object_r:system_cron_spool_t:s0cron.d rwrwrrootdisksystem_u:object_r:amanda_dumpdates_t:s0dumpdates
Method1:DisableSELinuxTemporarily
#cat/selinux/enforce 1 #echo0>/selinux/enforce #cat/selinux/enforce
TodisableSELinuxtemporarilyyouhavetomodifythe/selinux/enforcefileasshownbelow.Please notethatthissettingwillbegoneaftertherebootofthesystem.
YoucanalsousesetenforcecommandasshownbelowtodisableSELinux.Possibleparametersto setenforcecommandsare:Enforcing,Permissive,1(enable)or0(disable).
#setenforce0
Method2:DisableSELinuxPermanently
TodisabletheSELinuxpermanently,modifythe/etc/selinux/configandsettheSELINUX=disabled asshownbelow.Oneyoumakeanychangestothe/etc/selinux/config,reboottheserverforthe changestobeconsidered.
#cat/etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0
FollowingarethepossiblevaluesfortheSELINUXvariableinthe/etc/selinux/configfile enforcingTheSecurityPolicyisalwaysEncoforced permissiveThisjustsimulatestheenforcingpolicybyonlyprintingwarningmessagesandnotreally enforcingtheSELinux.ThisisgoodtofirstseehowSELinuxworksandlaterfigureoutwhatpolicies shouldbeenforced. disabledCompletelydisableSELinux FollowingarethepossiblevaluesforSELINUXTYPEvariableinthe/etc/selinux/configfile.This indicatesthetypeofpoliciesthatcanbeusedfortheSELinux. targetedThispolicywillprotectedonlyspecifictargetednetworkdaemons. strictThisisformaximumSELinuxprotection.
Method3:DisableSELinuxfromtheGrubBootLoader
Ifyoucantlocate/etc/selinux/configfileonyoursystem,youcanpassdisableSELinuxbypassingit asparametertotheGrubBootLoaderasshownbelow.
#cat/boot/grub/grub.conf default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu titleEnterpriseLinuxEnterpriseLinuxServer(2.6.1892.el5PAE) root(hd0,0) kernel/boot/vmlinuz2.6.1892.el5PAEroroot=LABEL=/rhgbquietselinux=0 initrd/boot/initrd2.6.1892.el5PAE.img titleEnterpriseLinuxEnterpriseLinuxServer(2.6.1892.el5) root(hd0,0) kernel/boot/vmlinuz2.6.1892.el5roroot=LABEL=/rhgbquietselinux=0 initrd/boot/initrd2.6.1892.el5.img
Method4:DisableOnlyaSpecificServiceinSELinuxHTTP/Apache
IfyouarenotinterestedindisabilitythewholeSELinux,youcanalsodisableSELinuxonlyfora specificservice.Forexample,dodisableSELinuxforHTTP/Apacheservice,modify thehttpd_disable_transvariableinthe/etc/selinux/targeted/booleansfile. Setthehttpd_disable_transvariableto1asshownbelow.
#grephttpd/etc/selinux/targeted/booleans httpd_builtin_scripting=1 httpd_disable_trans=1 httpd_enable_cgi=1 httpd_enable_homedirs=1 httpd_ssi_exec=1 httpd_tty_comm=0 httpd_unified=1
SetSELinuxbooleanvalueusingsetseboolcommandasshownbelow.MakesuretorestarttheHTTP serviceafterthischange.
#setseboolhttpd_disable_trans1 #servicehttpdrestart
41. Install PHP5 from source :ThisisastepbystepguidetoinstallPHP5fromsourceonUNIX environment.

InstructionGuidetoInstallPHP5fromSourceonLinux byRAM ES H NATARAJA N onJULY31,2008
AllLinuxdistributionscomeswithPHP .However,itisrecommendedtodownloadlatest PHPsourcecode,compileandinstallonLinux.ThiswillmakeiteasiertoupgradePHPonan ongoingbasisimmediatelyafteranewpatchorreleaseisavailablefordownloadfromPHP .This articleexplainshowtoinstallPHP5fromsourceonLinux. Apachewebservershouldalreadybeinstalled.RefertomypreviouspostonHow to install Apache 2 on Linux .IfyouareplanningtousePHPwithMySQL,youshouldhaveMySQLalreadyinstalled.I wroteaboutHow to install MySQL on Linux .
1.Prerequisites
2.DownloadPHP
DownloadthelatestsourcecodefromPHP Download page.Currentstablereleaseis5.2.6.Movethe sourceto/usr/local/srcandextractisasshownbelow.

#bzip2dphp5.2.6.tar.bz2 #tarxvfphp5.2.6.tar
3.InstallPHP
ViewallconfigurationoptionsavailableforPHPusing./configurehelp(twohypheninfrontof help).Themostcommonlyusedoptionisprefix={installdirname}toinstallPHPonauser defineddirectory.

#cdphp5.2.6 #./configurehelp
Inthefollowingexample,PHPwillbecompiledandinstalledunderthedefaultlocation /usr/local/libwithApacheconfigurationandMySQLsupport.
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql #make #makeinstall #cpphp.inidist/usr/local/lib/php.ini
4.Configurehttpd.confforPHP
<FilesMatch"\.ph(p[26]?|tml)$">
Modifythe/usr/local/apache2/conf/httpd.conftoaddthefollowing:
SetHandlerapplication/xhttpdphp </FilesMatch>
Makesurethehttpd.confhasthefollowinglinethatwillgetautomaticallyinsertedduringthePHP installationprocess.
LoadModulephp5_modulemodules/libphp5.so
Restarttheapacheasshownbelow:
#/usr/local/bin/apache2/apachectlrestart
5.VerifyPHPInstallation
Createatest.phpunder/usr/local/apache2/htdocswiththefollowingcontent
#vitest.php <?phpphpinfo();?>
Gotohttp://localhost/test.php,whichwillshowadetailedinformationaboutallthePHP configurationoptionsandPHPmodulesinstalledonthesystem.
6.Troubleshootingduringinstallation
Error1:configure:error:xml2confignotfound: Whileperformingthe./configureduringPHPinstallation,youmaygetthefollowingerror:
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql Configuringextensions checkingwhethertoenableLIBXMLsupport...yes checkinglibxml2installdir...no checkingforxml2configpath... configure:error:xml2confignotfound.Pleasecheckyourlibxml2installation.
Installthelibxml2develandzlibdevelasshownbelowtothefixthisissue.
#rpmivh/home/downloads/linuxiso/libxml2devel2.6.262.1.2.0.1.i386.rpm/home/downloads/linuxiso/zlibdevel 1.2.33.i386.rpm Preparing...###########################################[100%] 1:zlibdevel###########################################[50%] 2:libxml2devel###########################################[100%]
Error2:configure:error:CannotfindMySQLheaderfiles. Whileperformingthe./configureduringPHPinstallation,youmaygetthefollowingerror:
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql checkingforMySQLUNIXsocketlocation.../var/lib/mysql/mysql.sock configure:error:CannotfindMySQLheaderfilesunderyes. NotethattheMySQLclientlibraryisnotbundledanymore!
InstalltheMySQLdevelcommunitypackageasshownbelowtofixthisissue.
#rpmivh/home/downloads/MySQLdevelcommunity5.1.250.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLdevelcommunity###########################################[100%]
42. Install MySQL from source :ThisisastepbystepguidetoinstallMySQLfromsourceonUNIX environment.

HowtoInstallMySQLonLinux byRAM ES H NATARAJA N onJULY6,2008
MostoftheLinuxdistrocomeswithMySQL.IfyouwantuseMySQL,myrecommendationisthat youdownloadthelatestversionofMySQLandinstallityourself.Lateryoucanupgradeittothe latestversionwhenitbecomesavailable.Inthisarticle,Iwillexplainhowtoinstallthelatestfree
communityeditionofMySQLonLinuxplatform.
1.DownloadthelateststablerelaseofMySQL
DownloadmySQLfrommysql.com.PleasedownloadthecommunityeditionofMySQLforyour appropriateLinuxplatform.IdownloadedtheRedHatEnterpriseLinux5RPM(x86).Makesureto downloadMySQLServer,ClientandHeadersandlibrariesfromthedownloadpage. MySQLclientcommunity5.1.250.rhel5.i386.rpm MySQLservercommunity5.1.250.rhel5.i386.rpm MySQLdevelcommunity5.1.250.rhel5.i386.rpm
2.RemovetheexistingdefaultMySQLthatcamewiththeLinuxdistro
[localhost]#rpmqa|grepimysql mysql5.0.222.1.0.1 mysqlclient103.23.584.RHEL4.1 [localhost]#rpmemysqlnodeps warning:/etc/my.cnfsavedas/etc/my.cnf.rpmsave [localhost]#rpmemysqlclient10
DonotperformthisonansystemwheretheMySQLdatabaseisgettingusedbysomeapplication.
3.InstallthedownloadedMySQLpackage
InstalltheMySQLServerandClientpackagesasshownbelow.
[localhost]#rpmivhMySQLservercommunity5.1.250.rhel5.i386.rpmMySQLclientcommunity5.1.25 0.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLclientcommunity###########################################[50%] 2:MySQLservercommunity###########################################[100%]
ThiswillalsodisplaythefollowingoutputandstarttheMySQLdaemonautomatically.
PLEASEREMEMBERTOSETAPASSWORDFORTHEMySQLrootUSER! Todoso,starttheserver,thenissuethefollowingcommands: /usr/bin/mysqladminurootpassword'newpassword' /usr/bin/mysqladminuroothmedica2password'newpassword' Alternativelyyoucanrun: /usr/bin/mysql_secure_installation whichwillalsogiveyoutheoptionofremovingthetest databasesandanonymoususercreatedbydefault.Thisis stronglyrecommendedforproductionservers. Seethemanualformoreinstructions. Pleasereportanyproblemswiththe/usr/bin/mysqlbugscript! ThelatestinformationaboutMySQLisavailableathttp://www.mysql.com/ SupportMySQLbybuyingsupport/licensesfromhttp://shop.mysql.com/ StartingMySQL.[OK] Givingmysqld2secondstostart
InstalltheHeaderandLibrariesthatarepartoftheMySQLdevelpackages.
[localhost]#rpmivhMySQLdevelcommunity5.1.250.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLdevelcommunity###########################################[100%]
Note:WhenIwascompilingPHPwithMySQLoptionfromsourceontheLinuxsystem,itfailedwith thefollowingerror.InstallingtheMySQLdevelcommunitypackagefixedthisproblemininstalling PHPfromsource.
configure:error:CannotfindMySQLheaderfilesunderyes. NotethattheMySQLclientlibraryisnotbundledanymore!
4.PerformpostinstallsecurityactivitiesonMySQL.
Atabareminimumyoushouldsetapasswordfortherootuserasshownbelow:
[localuser]#/usr/bin/mysqladminurootpassword'My2Secure$Password'
Thebestoptionistorunthemysql_secure_installationscriptthatwilltakecareofallthetypical securityrelateditemsontheMySQLasshownbelow.Onahighlevelthisdoesthefollowingitems: Changetherootpassword Removetheanonymoususer Disallowrootloginfromremotemachines Removethedefaultsampletestdatabase

[localhost]#/usr/bin/mysql_secure_installation NOTE:RUNNINGALLPARTSOFTHISSCRIPTISRECOMMENDEDFORALLMySQL SERVERSINPRODUCTIONUSE!PLEASEREADEACHSTEPCAREFULLY! InordertologintoMySQLtosecureit,we'llneedthecurrent passwordfortherootuser.Ifyou'vejustinstalledMySQL,and youhaven'tsettherootpasswordyet,thepasswordwillbeblank, soyoushouldjustpressenterhere. Entercurrentpasswordforroot(enterfornone): OK,successfullyusedpassword,movingon... SettingtherootpasswordensuresthatnobodycanlogintotheMySQL rootuserwithouttheproperauthorisation. Youalreadyhavearootpasswordset,soyoucansafelyanswer'n'. Changetherootpassword?[Y/n]Y Newpassword: Reenternewpassword: Passwordupdatedsuccessfully! Reloadingprivilegetables.. ...Success! Bydefault,aMySQLinstallationhasananonymoususer,allowinganyone tologintoMySQLwithouthavingtohaveauseraccountcreatedfor them.Thisisintendedonlyfortesting,andtomaketheinstallation goabitsmoother.Youshouldremovethembeforemovingintoa productionenvironment. Removeanonymoususers?[Y/n]Y ...Success! Normally,rootshouldonlybeallowedtoconnectfrom'localhost'.This ensuresthatsomeonecannotguessattherootpasswordfromthenetwork. Disallowrootloginremotely?[Y/n]Y ...Success! Bydefault,MySQLcomeswithadatabasenamed'test'thatanyonecan access.Thisisalsointendedonlyfortesting,andshouldberemoved beforemovingintoaproductionenvironment. Removetestdatabaseandaccesstoit?[Y/n]Y Droppingtestdatabase... ...Success! Removingprivilegesontestdatabase...
...Success! Reloadingtheprivilegetableswillensurethatallchangesmadesofar willtakeeffectimmediately. Reloadprivilegetablesnow?[Y/n]Y ...Success! Cleaningup... Alldone!Ifyou'vecompletedalloftheabovesteps,yourMySQL installationshouldnowbesecure. ThanksforusingMySQL!
5.VerifytheMySQLinstallation:
YoucanchecktheMySQLinstalledversionbyperformingmysqlVasshownbelow:
[localhost]#mysqlV mysqlVer14.14Distrib5.1.25rc,forredhatlinuxgnu(i686)usingreadline5.1
ConnecttotheMySQLdatabaseusingtherootuserandmakesuretheconnectionissuccessfull.
[localhost]#mysqlurootp Enterpassword: WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis13 Serverversion:5.1.25rccommunityMySQLCommunityServer(GPL) Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>
FollowsthestepsbelowtostopandstartMySQL
[localhost]#servicemysqlstatus MySQLrunning(12588)[OK] [localhost]#servicemysqlstop ShuttingdownMySQL.[OK] [localhost]#servicemysqlstart StartingMySQL.[OK]
43. Launch Linux clients on windows :IfyouareusingSSHclienttoconnecttoLinuxserverfrom yourWindowslaptop,sometimesitmaybenecessarytolaunchUIapplicationontheremoteLinux server,buttodisplaytheUIonthewindowslaptop.CygwincanbeusedtoinstallsoftwareonLinux fromWindowsandlaunchLinuxXclientsoftwareonWindows.

LaunchsoftwareinstallersonLinuxfromWindowsusingCygwin byRAM ES H NATARAJA N onJUNE18,2008
IfyouareusingSSHclienttoconnecttoLinuxserverfromyourWindowslaptop,sometimesitmay benecessarytolaunchUIapplicationontheremoteLinuxserver,buttodisplaytheUIonthe windowslaptop.Followingaretwotypicalreasonstoperformthisactivity: 1. InstallsoftwareonLinuxfromWindows:TolaunchaUIbasedinstallertoinstallsoftwareon remoteLinuxserverfromwindowslaptop.Fore.g.ADBAmightwanttoinstalltheOracleonthe LinuxserverwhereonlytheSSHconnectiontotheremoteserverisavailableandnottheconsole. 2. LaunchLinuxXclientsoftwareonWindows:TolaunchXClientsoftware(fore.g.xclock)located
onyourremoteLinuxservertotheWindowslaptop. Cygwincanbeusedtoperformtheaboveactivities.Following15stepsexplainshowtoinstall CygwinandlaunchsoftwareinstallersonLinuxfromWindows.GotoCygwinanddownloadthe setup.exe.Launchthesetup.exeontheWindowsandfollowthestepsmentionedbelow. 1.WelcomeScreen.ClicknextontheCygwininstallationwelcomescreen. 2. Chooseadownloadsource.SelecttheInstallfrominternetoption 3.ChooseInstallationdirectory.IselectedC:\cygwinasshownbelow.Thisisthelocationwhere theCygwinsoftwarewillbeinstalledontheWindows. 4.SelectLocalPackageInstalldirectory.Thisisthedirectorywheretheinstallationfileswillbe downloadedandstored. 5.SelectConnectionType.Ifyouareconnectedtointernetviaproxy,entertheinformation.Ifnot, selectDirectConnection. 6.Chooseadownloadsite.Youcaneitherchooseadownloadsitethatisclosertoyouorleavethe defaultselection. 7. DownloadProgress.Thisscreenwilldisplaytheprogressofthedownload. 8. SelectPackagestoinstall.Irecommendthatyouleavethedefaultselectionhere. 9. InstallationProgress.Thisscreenwilldisplaytheprogressoftheinstallation. 10. InstallationCompletion. 11.StarttheCygwinBashShellonWindows.Clickoncygwinicononthedesktop(or)Clickon Start>AllPrograms>Cygwin>CygwinBashshell,whichwilldisplaytheCygwinBashShell window. 12.StarttheXServeronWindows.FromtheCygwinBashShell,typestartxtostarttheXServeras shownbelow.OncetheXServerisstarted,leavethiswindowopenanddonotcloseit. 13.Xtermwindow:startxfromtheabovestepwillopenanewxtermwindowautomaticallyas shownbelow. 14.SSHtotheremoteLinuxhostfromtheXtermwindowasshownbelow.Pleasenotethatyou shouldpasstheYparametertossh.YparameterenablestrustedX11forwarding.
jsmith@windowslaptop~ $sshYljsmithremotehost<Thisisfromthextermonwindowslaptop> jsmith@remotehost'spassword: Warning:Noxauthdata;usingfakeauthenticationdataforX11forwarding. Lastlogin:ThuJun1222:36:042008from192.168.1.102 /usr/bin/xauth:creatingnewauthorityfile/home/jsmith/.Xauthority [remotehost]$xclock&<Notethatyouarestartingxclockonremotelinuxserver> [1]12593 [remotehost]$
15.xclockonwindowslaptop.FromtheLinuxhost,launchthexclocksoftwareasshownabove, whichwilldisplaythexclockonthewindowslaptopasshownbelow. UsethesamemethodexplainedabovetolaunchanysoftwareinstalleronLinux(fore.g.Oracle databaseinstaller)andgetitdisplayedontheWindowslaptop.
HelpmespreadthenewsaboutTheGeekStuff.
Pleaseleaveyourcommentsandfeedbackregardingthisarticle.Ifyoulikethispost,Iwouldreally appreciateifyoucansubscribetoRSSfeedandspreadthewordaroundaboutTheGeekStuffblog byaddingittodel.icio.usorDiggthroughthelinkbelow.
44. IPCS :IPCallowstheprocessestocommunicatewitheachanother.Theprocesscanalso communicatebyhavingafileaccessibletoboththeprocesses.Processescanopen,andread/write thefile,whichrequireslotofI/Ooperationthatconsumestime.ThisexplainsdifferenttypesofIPCS andprovides10IPCScommandexamples.
10IPCSCommandExamples(WithIPC Introduction)
bySASIKALA onAUGUST12,2010
IPCstandsforInterprocessCommunication. Thistechniqueallowstheprocessestocommunicatewitheachanother. Sinceeachprocesshasitsownaddressspaceanduniqueuserspace,howdoestheprocesscommunicateeach other? TheanswerisKernel,theheartoftheLinuxoperatingsystemthathasaccesstothewholememory.Sowecan requestthekerneltoallocatethespacewhichcanbeusedtocommunicatebetweenprocesses. Theprocesscanalsocommunicatebyhavingafileaccessibletoboththeprocesses.Processescanopen,and read/writethefile,whichrequireslotofI/Ooperationthatconsumestime.
DifferentTypesofIPCS
TherearevariousIPCswhichallowsaprocesstocommunicatewithanotherprocesses,eitherinthesamecomputer ordifferentcomputerinthesamenetwork. PipesProvidesawayforprocessestocommunicatewitheachanotherbyexchangingmessages.Namedpipes provideawayforprocessesrunningondifferentcomputersystemstocommunicateoverthenetwork. SharedMemoryProcessescanexchangevaluesinthesharedmemory.Oneprocesswillcreateaportionof memorywhichotherprocesscanaccess. MessageQueueItisastructuredandorderedlistofmemorysegmentswhereprocessesstoreorretrievedata.
SemaphoresProvidesasynchronizingmechanismforprocessesthatareaccessingthesameresource.Nodatais
passedwithasemaphore;itsimplycoordinatesaccesstosharedresources.
10IPCSCommandExample
ipcsisaUNIX/Linuxcommand,whichisusedtolisttheinformationabouttheinterprocesscommunicationipcs commandprovidesareportonSystemVIPCS(Messagequeue,Semaphore,andSharedmemory).
IPCSExample1:ListalltheIPCfacility
ipcscommandwithaoptionlistsalltheIPCfacilitieswhichhasreadaccessforthecurrentprocess.Itprovides detailsaboutmessagequeue,semaphoreandsharedmemory. #ipcsa
SharedMemorySegments keyshmidownerpermsbytesnattchstatus 0xc616cc441056800768oracle66040960 0x0103f577323158020root6649661 0x0000270f325713925root66612
SemaphoreArrays keysemidownerpermsnsems 0x0103eefd0root6641 0x0103eefe32769root6641 0x4b0d45141094844418oracle660204 MessageQueues keymsqidownerpermsusedbytesmessages 0x000005a432768root64400
AlltheIPCfacilityhasuniquekeyandidentifier,whichisusedtoidentifyanIPCfacility.
IPCSExample2:ListalltheMessageQueue
ipcswithoptionq,listsonlymessagequeuesforwhichthecurrentprocesshasreadaccess. $ipcsq
MessageQueues keymsqidownerpermsusedbytesmessages 0x000005a432768root64400
IPCSExample3.ListalltheSemaphores
ipcssoptionisusedtolisttheaccessiblesemaphores. #ipcss
SemaphoreArrays keysemidownerpermsnsems 0x0103eefd0root6641 0x0103eefe32769root6641 0x4b0d45141094844418oracle660204
IPCSExample4.ListalltheSharedMemory
ipcsmoptionwithipcscommandliststhesharedmemories. #ipcsm
SharedMemorySegments keyshmidownerpermsbytesnattchstatus 0xc616cc441056800768oracle66040960 0x0103f577323158020root6649661 0x0000270f325713925root66612
IPCSExample5.DetailedinformationaboutanIPCfacility
ipcsioptionprovidesdetailedinformationaboutanipcfacility. #ipcsqi32768
MessageQueuemsqid=32768 uid=0gid=0cuid=0cgid=0mode=0644 cbytes=0qbytes=65536qnum=0lspid=0lrpid=0 send_time=Notset rcv_time=Notset change_time=ThuAug513:30:222010
Optioniwithqprovidesinformationaboutaparticularmessagequeue.Optioniwithsprovidessemaphore details.Optioniwithmprovidesdetailsaboutasharedmemory.
IPCSExample6.ListstheLimitsforIPCfacility
ipcsloptiongivesthesystemlimitsforeachipcfacility. #ipcsml
SharedMemoryLimits maxnumberofsegments=4096 maxsegsize(kbytes)=67108864 maxtotalsharedmemory(kbytes)=17179869184 minsegsize(bytes)=1
Theabovecommandgivesthelimitsforsharedmemory.lcanbecombinedwithqandstoviewthelimitsfor messagequeueandsemaphoresrespectively. SingleoptionlgivesthelimitsforallthreeIPCfacilities. #ipcsl
IPCSExample7.ListCreatorandOwnerDetailsforIPCFacility
ipcscoptionlistscreatoruseridandgroupidandowneruseridandgroupid.Thisoptioncanbecombinedwithm, sandqtoviewthecreatordetailsforspecificIPCfacility. #ipcsmc
SharedMemorySegmentCreators/Owners shmidpermscuidcgiduidgid 1056800768660oracleoinstalloracleoinstall 323158020664rootrootrootroot 325713925666rootrootrootroot
IPCSExample8.ProcessidsthataccessedIPCfacilityrecently
ipcspoptiondisplayscreatorid,andprocessidwhichaccessedthecorrespondingipcfacilityveryrecently. #ipcsmp
SharedMemoryCreator/Lastop shmidownercpidlpid 1056800768oracle167645389 323158020root23542354 325713925root2066620668
palsocanbecombinedwithm,sorq.
IPCSExample9.LastAccessedTime
ipcstoptiondisplayslastoperationtimeineachipcfacility.Thisoptioncanalsobecombinedwithm,sorqto printforspecifictypeofipcfacility.Formessagequeue,toptiondisplayslastsentandreceivetime,forshared memoryitdisplayslastattached(portionofmemory)anddetachedtimestampandforsemaphoreitdisplayslast operationandchangedtimedetails. #ipcsst
SemaphoreOperation/ChangeTimes semidownerlastoplastchanged 0rootThuAug512:46:522010TueJul1310:39:412010 32769rootThuAug511:59:102010TueJul1310:39:412010 1094844418oracleThuAug513:52:592010ThuAug513:52:592010
IPCSExample10.Statusofcurrentusage
ipcswithucommanddisplayscurrentusageforalltheIPCfacility.Thisoptioncanbecombinedwithaspecific
optiontodisplaythestatusforaparticularIPCfacility. #ipcsu
SharedMemoryStatus segmentsallocated30 pagesallocated102 pagesresident77 pagesswapped0 Swapperformance:0attempts0successes SemaphoreStatus usedarrays=49 allocatedsemaphores=252 Messages:Status allocatedqueues=1 usedheaders=0 usedspace=0bytes
45. Logical Volume Manager :UsingLVMwecancreatelogicalpartitionsthatcanspanacrossone ormorephysicalharddrives.YoucancreateandmanageLVMusingvgcreate,lvcreate,andlvextend lvm2commandsasshownhere.

HowToCreateLVMUsingvgcreate,lvcreate,andlvextendlvm2Commands byB AL AK RIS H NA N M ARIYAPPA N onAUGUST5,2010
LVMstandsforLogicalVolumeManager. WithLVM,wecancreatelogicalpartitionsthatcanspanacrossoneormorephysicalharddrives. First,theharddrivesaredividedintophysicalvolumes,thenthosephysicalvolumesarecombined togethertocreatethevolumegroupandfinallythelogicalvolumesarecreatedfromvolumegroup. TheLVMcommandslistedinthisarticleareusedunderUbuntuDistribution.But,itisthesamefor otherLinuxdistributions. Beforewestart,installthelvm2packageasshownbelow.

$sudoaptgetintalllvm2
TocreateaLVM,weneedtorunthroughthefollowingsteps. SelectthephysicalstoragedevicesforLVM CreatetheVolumeGroupfromPhysicalVolumes CreateLogicalVolumesfromVolumeGroup
SelectthePhysicalStorageDevicesforLVMUsepvcreate,pvscan,pvdisplay Commands
$sudopvcreate/dev/sda6/dev/sda7 Physicalvolume"/dev/sda6"successfullycreated Physicalvolume"/dev/sda7"successfullycreated
Inthisstep,weneedtochoosethephysicalvolumesthatwillbeusedtocreatetheLVM.Wecan createthephysicalvolumesusingpvcreatecommandasshownbelow.
Asshownabovetwophysicalvolumesarecreated/dev/sda6and/dev/sda7. Ifthephysicalvolumesarealreadycreated,youcanviewthemusingthepvscancommandasshown below.

$sudopvscan PV/dev/sda6lvm2[1.86GB] PV/dev/sda7lvm2[1.86GB] Total:2[3.72GB]/inuse:0[0]/innoVG:2[3.72GB]
Youcanviewthelistofphysicalvolumeswithattributeslikesize,physicalextentsize,totalphysical extentsize,thefreespace,etc.,usingpvdisplaycommandasshownbelow.
$sudopvdisplay Physicalvolume PVName/dev/sda6 VGName PVSize1.86GB/notusable2.12MB Allocatableyes PESize(KByte)4096 TotalPE476 FreePE456 AllocatedPE20 PVUUIDm67TXfEY6w6LuXNNB6kU4Lwnk8NjjZfv Physicalvolume PVName/dev/sda7 VGName PVSize1.86GB/notusable2.12MB Allocatableyes PESize(KByte)4096 TotalPE476 FreePE476 AllocatedPE0 PVUUIDb031x06rejBcBubE2CeCXGjObu0Boo0x
Note:PEPhysicalExtentsarenothingbutequalsizedchunks.Thedefaultsizeofextentis4MB.
CreatetheVolumeGroupUsevgcreate,vgdisplayCommands
Volumegroupsarenothingbutapoolofstoragethatconsistsofoneormorephysicalvolumes.Once youcreatethephysicalvolume,youcancreatethevolumegroup(VG)fromthesephysicalvolumes (PV). Inthisexample,thevolumegroupvol_grp1iscreatedfromthetwophysicalvolumesasshown below.

$sudovgcreatevol_grp1/dev/sda6/dev/sda7 Volumegroup"vol_grp1"successfullycreated
LVMprocessesthestorageintermsofextents.Wecanalsochangetheextentsize(fromthedefault size4MB)usingsflag. vgdisplaycommandliststhecreatedvolumegroups.

$sudovgdisplay Volumegroup VGNamevol_grp1 SystemID Formatlvm2 MetadataAreas2
MetadataSequenceNo1 VGAccessread/write VGStatusresizable MAXLV0 CurLV0 OpenLV0 MaxPV0 CurPV2 ActPV2 VGSize3.72GB PESize4.00MB TotalPE952 AllocPE/Size0/0 FreePE/Size952/3.72GB VGUUIDKk1ufBrT15bSWe5270KDfZshUXFUYBvR
LVMCreate:CreateLogicalVolumesUselvcreate,lvdisplaycommand
Now,everythingisreadytocreatethelogicalvolumesfromthevolumegroups.lvcreatecommand createsthelogicalvolumewiththesizeof80MB.
$sudolvcreatel20nlogical_vol1vol_grp1 Logicalvolume"logical_vol1"created
Uselvdisplaycommandasshownbelow,toviewtheavailablelogicalvolumeswithitsattributes.
$sudolvdisplay Logicalvolume LVName/dev/vol_grp1/logical_vol1 VGNamevol_grp1 LVUUIDap8sZ2WqE16401KupmDbnO2P7gx1HwtQ LVWriteAccessread/write LVStatusavailable #open0 LVSize80.00MB CurrentLE20 Segments1 Allocationinherit Readaheadsectorsauto currentlysetto256 Blockdevice252:0
Aftercreatingtheappropriatefilesystemonthelogicalvolumes,itbecomesreadytouseforthe storagepurpose.
$sudomkfs.ext3/dev/vol_grp1/logical_vol1
LVMresize:ChangethesizeofthelogicalvolumesUselvextendCommand
Wecanextendthesizeofthelogicalvolumesaftercreatingitbyusinglvextendutilityasshown below.Thechangesthesizeofthelogicalvolumefrom80MBto100MB.
$sudolvextendL100/dev/vol_grp1/logical_vol1 Extendinglogicalvolumelogical_vol1to100.00MB Logicalvolumelogical_vol1successfullyresized
Wecanalsoaddadditionalsizetoaspecificlogicalvolumeasshownbelow.
$sudolvextendL+100/dev/vol_grp1/logical_vol1 Extendinglogicalvolumelogical_vol1to200.00MB
Logicalvolumelogical_vol1successfullyresized
46. 15 Tcpdump examples :tcpdumpisanetworkpacketanalyzer.tcpdumpallowsustosavethe packetsthatarecaptured,sothatwecanuseitforfutureanalysis.Thesavedfilecanbeviewedby thesametcpdumpcommand.Wecanalsouseopensourcesoftwarelikewiresharktoreadthe tcpdumppcapfiles.

PacketAnalyzer:15TCPDUMPCommandExamples bySA SIKA LA onAUGUST25,2010
tcpdumpcommandisalsocalledaspacketanalyzer. tcpdumpcommandwillworkonmostflavorsofunixoperatingsystem.tcpdumpallowsustosave thepacketsthatarecaptured,sothatwecanuseitforfutureanalysis.Thesavedfilecanbeviewed bythesametcpdumpcommand.Wecanalsouseopensourcesoftwarelikewiresharktoreadthe tcpdumppcapfiles. Inthistcpdumptutorial,letusdiscusssomepracticalexamplesonhowtousethetcpdump command.
1.Capturepacketsfromaparticularethernetinterfaceusingtcpdumpi
Whenyouexecutetcpdumpcommandwithoutanyoption,itwillcaptureallthepacketsflowing throughalltheinterfaces.ioptionwithtcpdumpcommand,allowsyoutofilteronaparticular ethernetinterface.

$tcpdumpieth1 14:59:26.608728IPxx.domain.netbcp.net.52497>valh4.lell.net.ssh:.ack540win16554 14:59:26.610602IPresolver.lell.net.domain>valh4.lell.net.24151:42781/0/0(73) 14:59:26.611262IPvalh4.lell.net.38527>resolver.lell.net.domain:26364+PTR?244.207.104.10.inaddr.arpa.(45)
Inthisexample,tcpdumpcapturedallthepacketsflowsintheinterfaceeth1anddisplaysinthe standardoutput. Note:Editcaputilityisusedtoselectorremovespecificpacketsfromdumpfileandtranslatethem intoagivenformat.
2.CaptureonlyNnumberofpacketsusingtcpdumpc
Whenyouexecutetcpdumpcommanditgivespacketsuntilyoucancelthetcpdumpcommand.Using coptionyoucanspecifythenumberofpacketstocapture.
$tcpdumpc2ieth0 listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 14:38:38.184913IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P1457255642:1457255758(116)ack 1561463966win63652 14:38:38.690919IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P116:232(116)ack1win63652 2packetscaptured 13packetsreceivedbyfilter 0packetsdroppedbykernel
Theabovetcpdumpcommandcapturedonly2packetsfrominterfaceeth0. Note: Mergecap and TShark :Mergecapisapacketdumpcombiningtool,whichwillcombine multipledumpsintoasingledumpfile.Tsharkisapowerfultooltocapturenetworkpackets,which canbeusedtoanalyzethenetworktraffic.Itcomeswithwiresharknetworkanalyzerdistribution.
3.DisplayCapturedPacketsinASCIIusingtcpdumpA
ThefollowingtcpdumpsyntaxprintsthepacketinASCII.
$tcpdumpAieth0
tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 14:34:50.913995IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P1457239478:1457239594(116)ack 1561461262win63652 E.....@.@..]..i...9...*.V ...]...P ....h....E...>{..U=...g. ......G..7\+KA....A...L. 14:34:51.423640IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P116:232(116)ack1win63652 E.....@.@..\..i...9...*.V ..*]...P ....h....7......X..!....Im.S.g.u:*..O&....^#Ba... E..(R.@.|.....9...i.*...]...V ..*P ..OWp........
Note:Ifconfigcommandisusedtoconfigurenetworkinterfaces
4.DisplayCapturedPacketsinHEXandASCIIusingtcpdumpXX
Someusersmightwanttoanalysethepacketsinhexvalues.tcpdumpprovidesawaytoprintpackets inbothASCIIandHEXformat.
$tcpdumpXXieth0 18:52:54.859697IPzz.domain.innetbcp.net.63897>valh4.lell.net.ssh:.ack232win16511 0x0000:0050569c35a30019bb1c0c0008004500.PV .5.........E. 0x0010:0028042a40007906c89c10b5aaf60f9a.(.*@.y......... 0x0020:69c4f999001657db6e08c712ea2e5010i.....W.n.....P . 0x0030:407fc9760000000000000000@..v........ 18:52:54.877713IP10.0.0.0>allsystems.mcast.net:igmpqueryv3[maxresptime1s] 0x0000:0050569c35a300000000000008004600.PV .5.........F. 0x0010:00240000000001023ad30a000000e000.$......:....... 0x0020:0001940400001101ebfe000000000300................ 0x0030:000000000000000000000000............
5.Capturethepacketsandwriteintoafileusingtcpdumpw
tcpdumpallowsyoutosavethepacketstoafile,andlateryoucanusethepacketfileforfurther analysis.
$tcpdumpw08232010.pcapieth0 tcpdump:listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 32packetscaptured 32packetsreceivedbyfilter 0packetsdroppedbykernel
woptionwritesthepacketsintoagivenfile.Thefileextensionshouldbe.pcap,whichcanberead byanynetworkprotocol analyzer.
6.Readingthepacketsfromasavedfileusingtcpdumpr
Youcanreadthecapturedpcapfileandviewthepacketsforanalysis,asshownbelow.
$tcpdumpttttrdata.pcap 2010082221:35:26.57179300:50:56:9c:69:38(ouiUnknown)>Broadcast,ethertypeUnknown(0xcafe),length74: 0x0000:0200000affff0000ffff0c003c000000............<... 0x0010:00000000010000803e9e290000000000........>.)..... 0x0020:00000000ffffffffad00996b06000050...........k...P 0x0030:569c6938000000008e070000V .i8........ 2010082221:35:26.571797IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.50570:P800464396:800464448(52)ack 203316566win71 2010082221:35:26.571800IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.50570:P52:168(116)ack1win71 2010082221:35:26.584865IPvalh5.lell.net.ssh>11.154.12.255.netbiosns:NBTUDPPACKET(137):QUERY; REQUEST;BROADC
7.CapturepacketswithIPaddressusingtcpdumpn
Inalltheaboveexamples,itprintspacketswiththeDNSaddress,butnottheipaddress.The followingexamplecapturesthepacketsanditwilldisplaytheIPaddressofthemachinesinvolved.
$tcpdumpnieth0 15:01:35.170763IP10.0.19.121.52497>11.154.12.121.ssh:P105:157(52)ack18060win16549 15:01:35.170776IP11.154.12.121.ssh>10.0.19.121.52497:P23988:24136(148)ack157win113 15:01:35.170894IP11.154.12.121.ssh>10.0.19.121.52497:P24136:24380(244)ack157win113
8.Capturepacketswithproperreadabletimestampusingtcpdumptttt
$tcpdumpnttttieth0 2010082215:10:39.162830IP10.0.19.121.52497>11.154.12.121.ssh:.ack49800win16390 2010082215:10:39.162833IP10.0.19.121.52497>11.154.12.121.ssh:.ack50288win16660 2010082215:10:39.162867IP10.0.19.121.52497>11.154.12.121.ssh:.ack50584win16586
9.ReadpacketslongerthanNbytes
Youcanreceiveonlythepacketsgreaterthannnumberofbytesusingafiltergreaterthrough tcpdumpcommand
$tcpdumpwg_1024.pcapgreater1024
10.Receiveonlythepacketsofaspecificprotocoltype
Youcanreceivethepacketsbasedontheprotocoltype.Youcanspecifyoneoftheseprotocols fddi,tr,wlan,ip,ip6,arp,rarp,decnet,tcpandudp.Thefollowingexamplecapturesonlyarppackets flowingthroughtheeth0interface.
$tcpdumpieth0arp tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 19:41:52.809642arpwhohasvalh5.lell.nettellvalh9.lell.net 19:41:52.863689arpwhohas11.154.12.1tellvalh6.lell.net 19:41:53.024769arpwhohas11.154.12.1tellvalh7.lell.net
11.ReadpacketslesserthanNbytes
Youcanreceiveonlythepacketslesserthannnumberofbytesusingafilterlessthroughtcpdump command
$tcpdumpwl_1024.pcapless1024
12.Receivepacketsflowsonaparticularportusingtcpdumpport
Ifyouwanttoknowallthepacketsreceivedbyaparticularportonamachine,youcanusetcpdump commandasshownbelow.
$tcpdumpieth0port22 19:44:44.934459IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P18932:19096(164)ack105win71 19:44:44.934533IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P19096:19260(164)ack105win71 19:44:44.934612IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P19260:19424(164)ack105win71
13.CapturepacketsforparticulardestinationIPandPort
ThepacketswillhavesourceanddestinationIPandportnumbers.Usingtcpdumpwecanapply filtersonsourceordestinationIPandportnumber.Thefollowingcommandcapturespacketsflows ineth0,withaparticulardestinationipandportnumber22.
$tcpdumpwxpackets.pcapieth0dst10.181.140.216andport22
14.CaptureTCPcommunicationpacketsbetweentwohosts
Iftwodifferentprocessfromtwodifferentmachinesarecommunicatingthroughtcpprotocol,wecan capturethosepacketsusingtcpdumpasshownbelow.
$tcpdumpwcomm.pcapieth0dst16.181.170.246andport22
Youcanopenthefilecomm.pcapusinganynetworkprotocolanalyzertooltodebuganypotential issues.
15.tcpdumpFilterPacketsCaptureallthepacketsotherthanarpandrarp
Intcpdumpcommand,youcangiveand,orandnotconditiontofilterthepacketsaccordingly.
$tcpdumpieth0notarpandnotrarp 20:33:15.479278IPresolver.lell.net.domain>valh4.lell.net.64639:269291/0/0(73) 20:33:15.479890IPvalh4.lell.net.16053>resolver.lell.net.domain:56556+PTR?255.107.154.15.inaddr.arpa.(45) 20:33:15.480197IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P540:1504(964)ack1win96 20:33:15.487118IPzz.domain.innetbcp.net.63897>valh4.lell.net.ssh:.ack540win16486 20:33:15.668599IP10.0.0.0>allsystems.mcast.net:igmpqueryv3[maxresptime1s]
47. Manage partition using fdisk :Usingfdiskyoucancreateamaximumoffourprimarypartition, deleteanexistingpartition,orchangeexistingpartition.Usingfidskyouareallowedtocreatea maximumoffourprimarypartition,andanynumberoflogicalpartitions,basedonthesizeofthe disk.

7LinuxfdiskCommandExamplestoManageHardDiskPartition byB AL AK RIS H NA N M ARIYAPPA N onSEPTEMBER14,2010
OnLinuxdistributions,fdiskisthebesttoolto managediskpartitions.fdiskisatextbasedutility. Usingfdiskyoucancreateanewpartition,deleteanexisting partition,orchangeexistingpartition. Usingfidskyouareallowedtocreateamaximumoffourprimary partition,andanynumberoflogicalpartitions,basedonthesizeof thedisk. Keepinmindthatanysinglepartitionrequiresaminimumsizeof 40MB. Inthisarticle,letusreviewhowtousefdiskcommandusing practicalexamples. Warning:Dontdelete,modify,oraddpartition,ifyoudontknow whatyouaredoing.Youwillloseyourdata!
1.ViewAllExistingDiskPartitionsUsingfdiskl
Beforeyoucreateanewpartition,ormodifyanexistingpartition, youmightwanttoviewallavailablepartitioninthesystem. Usefdiskltoviewallavailablepartitionsasshownbelow.

#fdiskl Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS
/dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda626622904195186683Linux /dev/sda729053147195186683Linux /dev/sda83148326493977182Linuxswap/Solaris /dev/sda93265528316217586bW95FAT32
Theabovewilllistpartitionsfromalltheconnectedharddisks.Whenyouhavemorethanonedisk onthesystem,thepartitionslistareorderedbythedevices/devname.Forexample,/dev/sda, /dev/sdb,/dev/sdcandsoon.
2.ViewPartitionsofaSpecificHardDiskusingfdiskl/dev/sd{a}
Toviewallpartitionsofthe/dev/sdaharddisk,dothefollowing.
#fdiskl/dev/sda
ViewallfdiskCommandsUsingfdiskCommandm
Usefdiskcommandm,toviewallavailablefdiskcommandsasshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):m Commandaction atoggleabootableflag beditbsddisklabel ctogglethedoscompatibilityflag ddeleteapartition llistknownpartitiontypes mprintthismenu naddanewpartition ocreateanewemptyDOSpartitiontable pprintthepartitiontable qquitwithoutsavingchanges screateanewemptySundisklabel tchangeapartition'ssystemid uchangedisplay/entryunits vverifythepartitiontable wwritetabletodiskandexit xextrafunctionality(expertsonly)
3.DeleteaHardDiskPartitionUsingfdiskCommandd
Letusassumethatyouliketocombineseveralpartitions(forexample,/dev/sda6,/dev/sda7and /dev/sda8)intoasinglediskpartition.Todothis,youshouldfirstdeleteallthoseindividual partitions,asshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024,
andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda626622904195186683Linux /dev/sda729053147195186683Linux /dev/sda83148326493977182Linuxswap/Solaris /dev/sda93265528316217586bW95FAT32 Command(mforhelp):d Partitionnumber(19):8 Command(mforhelp):d Partitionnumber(18):7 Command(mforhelp):d Partitionnumber(17):6 Command(mforhelp):w Thepartitiontablehasbeenaltered! Callingioctl()torereadpartitiontable. WARNING:Rereadingthepartitiontablefailedwitherror16:Deviceorresourcebusy. Thekernelstillusestheoldtable.Thenewtablewillbeusedat thenextrebootorafteryourunpartprobe(8)orkpartx(8) Syncingdisks.
4.CreateaNewDiskPartitionwithSpecificSizeUsingfdiskCommandn
Onceyouvedeletedalltheexistingpartitions,youcancreateanewpartitionusingallavailable spaceasshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs
(e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):n Firstcylinder(26625283,default2662): Usingdefaultvalue2662 Lastcylinder,+cylindersor+size{K,M,G}(26623264,default3264): Usingdefaultvalue3264
Intheaboveexample,fdiskncommandisusedtocreatenewpartitionwiththespecificsize.While creatinganewpartition,itexpectsfollowingtwoinputs. Startingcylindernumberofthepartitiontobecreate(Firstcylinder). Sizeofthepartition(or)thelastcylindernumber(Lastcylinder,+cylindersor+size). Pleasekeepinmindthatyoushouldissuethefdiskwritecommand(w)afteranymodifications.

Command(mforhelp):w Thepartitiontablehasbeenaltered! Callingioctl()torereadpartitiontable. WARNING:Rereadingthepartitiontablefailedwitherror16:Deviceorresourcebusy. Thekernelstillusestheoldtable.Thenewtablewillbeusedat thenextrebootorafteryourunpartprobe(8)orkpartx(8) Syncingdisks.
Afterthepartitioniscreated,formatitusingthemkfs command asshownbelow.

#mkfs.ext3/dev/sda7
5.ViewtheSizeofanexistingPartitionUsingfdisks
Asshownbelow,fdisksdisplaysthesizeofthepartitioninblocks.
#fdisks/dev/sda7 4843566
Theaboveoutputcorrespondstoabout4900MB.
6.ToggletheBootFlagofaPartitionUsingfdiskCommanda
Fdiskcommanddisplaysthebootflagofeachpartition.Whenyouwanttodisableorenabletheboot flagonthecorrespondingpartition,dothefollowing. Ifyoudontknowwhyareyouaredoingthis,youllmessupyoursystem.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem
/dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):a Partitionnumber(17):5 Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda519602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):
Asseenabove,thebootflagisdisabledonthepartition/dev/sda5.
7.FixPartitionTableOrderUsingfdiskExpertCommandf
Whenyoudeletealogicalpartition,andrecreateitagain,youmightseethepartitionoutoforder issue.i.ePartitiontableentriesarenotindiskordererrormessage. Forexample,whenyoudeletethreelogicalpartitions(sda6,sda7andsda8),andcreateanew partition,youmightexpectthenewpartitionnametobesda6.But,thesystemmightvecreatedthe newpartitionassda7.Thisisbecause,afterthepartitionsaredeleted,sda9partitionhasbeenmoved assda6andthefreespaceismovedtotheend. Tofixthispartitionorderissue,andassignsda6tothenewlycreatedpartition,executetheexpert commandfasshownbelow.
$fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK)
Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):x Expertcommand(mforhelp):f Done. Expertcommand(mforhelp):w Thepartitiontablehasbeenaltered! Callingioctl()torereadpartitiontable. WARNING:Rereadingthepartitiontablefailedwitherror16:Deviceorresourcebusy. Thekernelstillusestheoldtable.Thenewtablewillbeusedat thenextrebootorafteryourunpartprobe(8)orkpartx(8) Syncingdisks.
Oncethepartitiontableorderisfixed,youllnotgetthePartitiontableentriesarenotindiskorder errormessageanymore.
#fdiskl Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda626623264484356683Linux /dev/sda73265528316217586bW95FAT32
48. VMWare fundamentals :Atsomepointeverysysadminshoulddealwithvirtualization. VMWareisaverypopularchoisetovirtualizeyourserverenvironment.Thisarticlewillprovidethe fundamentalinformationforyoutogetajumpstartonVMWare.

VMwareVirtualizationFundamentalsVMwareServerandVMwareESXi byRAM ES H NATARAJA N onJUNE2,2010
WearestartinganewseriesofarticlesonVMwarethatwillhelpyouinstall,configure andmaintainVMwareenvironments. InthisfirstpartoftheVMwareseries,letusdiscussthefundamentalconceptsofvirtualizationand reviewtheVMwarevirtualizationimplementationoptions. Followingarefewreasonswhyyoumightwanttothinkaboutvirtualizationforyourenvironment. Runmultipleoperationsystemsononeserver.Forexample,insteadofhavingdevelopmentserver andQAserver,youcanrunbothdevelopmentandQAonasingleserver. YoucanhavemultipleflavoursofOSononeserver.Forexample,youcanrun2LinuxOS,1Windows OSonasingleserver. MultipleOSrunningontheserversharesthehardwareresourcesamongthem.Forexample,CPU, RAM,networkdevicesaresharedamongdevelopmentserverandQAserverrunningonthesame hardware. Allocatehardwareresourcestodifferentapplicationsbasedontheutilization.Forexample,ifyou have8GBofRAMontheserver,youcanassignlessRAMtoonevirtualmachine(2GBto developmentserver)andmoreRAM(6GBtoQAserver)toanothervirtualmachinethatisrunning onthatserver Highavailabilityandbusinesscontinuity.IfVMwareisimplementedproperly,youcanmigratea virtualmachinefromoneservertoanotherserverquicklywithoutanydowntime. Thisreducestheoperationalcostandpowerconsumption.Forexample,insteadofbuyingand runningtwoservers,youwillbeusingonlyoneserverandrunbothdevelopmentandQAonit. Onahighlevel,therearetwowaysforyoutogetstartedonthevirtualizationusingVMware products.BothoftheseareavailableforfreefromVMware.
1.VMwareServer
VMwareServerrunsontopofanexistinghostoperatingsystem(eitherLinuxorWindows).Thisisa goodoptiontogetstarted,asyoucanuseanyoftheexistinghardwarealongwithitsOS.VMware serveralsosupport64bithostandguestoperatingsystem.YoualsogetVMwareInfrastructureweb accessmanagementinterfaceandVirtualMachineconsole. Fig:VirtualMachinerunningontopofVMwareServer VMwareESXiisbasedonthehypervisorarchitecture.VMwareESXirunsdirectlyonthehardware withouttheneedofanyhostoperatingsystem,whichmakesisextremelyeffectiveintermsof performance.ThisisthebestoptiontoimplementVMwareforproductionusage. Fig:VirtualMachinerunningontopofVMwareESXi FollowingaresomeofthekeyfeaturesofVMwareESXi: Memorycompression,overcommitmentanddeduplication. builtinhighavailablewithNICteamingandHBAmultipathing. IntelligentCPUvirtualization
2.VMwareESXi
Highlycompatiblewithvariousservershardware,storageandOS. AdvancedsecuritywithVMSafe,VMKernelprotectionandencryption. Easymanagementusingvsphereclient,vCenterserverandcommandlineinterface 49. Rotate the logs automatically :Manginglogfilesisanimportatpartofsysadminlife.logrotate makeiteasybyallowingyoutosetupautomaticalogrotationbasedonseveralconfigurations.Using logrotateyoucanalsoconfigureittoexecutecustomshellscriptsimmediatelyafterlogrotation.
HowTo:TheUltimateLogrotateCommand Tutorialwith10Examples
byBALAKRISHNANMARIYAPPAN onJULY14,2010
ManaginglogfileseffectivelyisanessentialtaskforLinuxsysadmin. Inthisarticle,letusdiscusshowtoperformfollowinglogfileoperationsusingUNIXlogrotateutility. Rotatethelogfilewhenfilesizereachesaspecificsize Continuetowritetheloginformationtothenewlycreatedfileafterrotatingtheoldlogfile Compresstherotatedlogfiles Specifycompressionoptionfortherotatedlogfiles Rotatetheoldlogfileswiththedateinthefilename Executecustomshellscriptsimmediatelyafterlogrotation Removeolderrotatedlogfiles
1.LogrotateConfigurationfiles
Followingarethekeyfilesthatyoushouldbeawareofforlogrotatetoworkproperly. /usr/sbin/logrotateThelogrotatecommanditself. /etc/cron.daily/logrotateThisshellscriptexecutesthelogrotatecommandeveryday. $cat/etc/cron.daily/logrotate #!/bin/sh
/usr/sbin/logrotate/etc/logrotate.conf EXITVALUE=$? if[$EXITVALUE!=0];then /usr/bin/loggertlogrotate"ALERTexitedabnormallywith[$EXITVALUE]" fi exit0
/etc/logrotate.confLogrotationconfigurationforallthelogfilesarespecifiedinthisfile. $cat/etc/logrotate.conf weekly rotate4 create include/etc/logrotate.d /var/log/wtmp{ monthly minsize1M
create0664rootutmp rotate1 }
/etc/logrotate.dWhenindividualpackagesareinstalledonthesystem,theydropthelogrotationconfiguration informationinthisdirectory.Forexample,yumlogrotateconfigurationinformationisshownbelow. $cat/etc/logrotate.d/yum /var/log/yum.log{ missingok notifempty size30k yearly create0600rootroot }
2.Logrotatesizeoption:Rotatethelogfilewhenfilesizereachesaspecificlimit
Ifyouwanttorotatealogfile(forexample,/tmp/output.log)forevery1KB,createthelogrotate.confasshown below. $catlogrotate.conf /tmp/output.log{ size1k create700balabala rotate4 } Thislogrotateconfigurationhasfollowingthreeoptions: size1klogrotaterunsonlyifthefilesizeisequalto(orgreaterthan)thissize. createrotatetheoriginalfileandcreatethenewfilewithspecifiedpermission,userandgroup. rotatelimitsthenumberoflogfilerotation.So,thiswouldkeeponlytherecent4rotatedlogfiles. Beforethelogrotation,followingisthesizeoftheoutput.log: $lsl/tmp/output.log rwrr1balabala258682010060921:19/tmp/output.log Now,runthelogrotatecommandasshownbelow.Optionsspecifiesthefilenametowritethelogrotatestatus. $logrotates/var/log/logstatuslogrotate.conf Note:wheneveryouneedoflogrotationforsomefiles,preparethelogrotateconfigurationandrunthelogroate commandmanually. Afterthelogrotation,followingisthesizeoftheoutput.log: $lsl/tmp/output* rwrr1balabala258682010060921:20output.log.1 rwx1balabala02010060921:20output.log Eventuallythiswillkeepfollowingsetupofrotatedlogfiles. output.log.4. output.log.3 output.log.2 output.log.1 output.log Pleaserememberthatafterthelogrotation,thelogfilecorrespondstotheservicewouldstillpointtorotatedfile (output.log.1)andkeepsonwritinginit.Youcanusetheabovemethod,ifyouwanttorotate theapacheaccess_logorerror_logevery5MB.
Ideally,youshouldmodifythe/etc/logrotate.conftospecifythelogrotateinformationforaspecificlogfile. Also,ifyouarehavinghugelogfiles,youcanuse:10 Awesome Examples for Viewing Huge Log Files in Unix
3.Logrotatecopytruncateoption:Continuetowritetheloginformationinthenewly createdfileafterrotatingtheoldlogfile.
$catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 }
copytruncateinstructlogrotatetocreatesthecopyoftheoriginalfile(i.erotatetheoriginallogfile)andtruncates theoriginalfiletozerobytesize.Thishelpstherespectiveservicethatbelongstothatlogfilecanwritetothe properfile. Whilemanipulatinglogfiles,youmightfindthesed substitute ,sed delete tipshelpful.
4.Logrotatecompressoption:Compresstherotatedlogfiles
Ifyouusethecompressoptionasshownbelow,therotatedfileswillbecompressedwithgziputility. $catlogrotate.conf /tmp/output.log{ size1k copytruncate create700balabala rotate4 compress } Outputofcompressedlogfile: $ls/tmp/output* output.log.1.gzoutput.log
5.Logrotatedateextoption:Rotatetheoldlogfilewithdateinthelogfilename
$catlogrotate.conf /tmp/output.log{ size1k copytruncate create700balabala dateext rotate4 compress }
Aftertheaboveconfiguration,youllnoticethedateintherotatedlogfileasshownbelow. $lslrt/tmp/output* rwrr1balabala89802010060922:10output.log20100609.gz rwxrwxrwx1balabala02010060922:11output.log Thiswouldworkonlyonceinaday.Becausewhenittriestorotatenexttimeonthesameday,earlierrotatedfile willbehavingthesamefilename.So,thelogrotatewontbesuccessfulafterthefirstrunonthesameday. Typicallyyoumightusetailftoviewtheoutputofthelogfileinrealtime.Youcanevencombine multiple tail f outputanddisplayitonsingleterminal.
6.Logrotatemonthly,daily,weeklyoption:Rotatethelogfileweekly/daily/monthly
Fordoingtherotationmonthlyonce,
$catlogrotate.conf /tmp/output.log{ monthly copytruncate rotate4 compress }
Addtheweeklykeywordasshownbelowforweeklylogrotation. $catlogrotate.conf /tmp/output.log{ weekly copytruncate rotate4 compress } Addthedailykeywordasshownbelowforeverydaylogrotation.Youcanalsorotatelogshourly. $catlogrotate.conf /tmp/output.log{ daily copytruncate rotate4 compress }
7.Logrotatepostrotateendscriptoption:Runcustomshellscriptsimmediatelyafter logrotation
Logrotateallowsyoutorunyourowncustomshellscriptsafteritcompletesthelogfilerotation.Thefollowing configurationindicatesthatitwillexecutemyscript.shafterthelogrotation. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress postrotate /home/bala/myscript.sh endscript }
8.Logrotatemaxageoption:Removeolderrotatedlogfiles
Logrotateautomaticallyremovestherotatedfilesafteraspecificnumberofdays.Thefollowingexampleindicates thattherotatedlogfileswouldberemovedafter100days. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress maxage100 }
9.Logrotatemissingokoption:Dontreturnerrorifthelogfileismissing
Youcanignoretheerrormessagewhentheactualfileisnotavailablebyusingthisoptionasshownbelow. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress missingok }
10.Logrotatecompresscmdandcompressextoption:Sspecifycompressioncommand forthelogfilerotation
$catlogrotate.conf /tmp/output.log{ size1k copytruncate create compress compresscmd/bin/bzip2 compressext.bz2 rotate4 }
Followingcompressionoptionsarespecifiedabove: compressIndicatesthatcompressionshouldbedone. compresscmdSpecifywhattypeofcompressioncommandshouldbeused.Forexample:/bin/bzip2 compressextSpecifytheextensionontherotatedlogfile.Withoutthisoption,therotatedfilewouldhavethe defaultextensionas.gz.So,ifyouusebzip2compressioncmd,specifytheextensionas.bz2asshownintheabove example.
50. Passwordless SSH login setup :Usingsshkeygenandsshcopyidyoucansetuppasswordless logintoremoteLinuxserver.sshkeygencreatesthepublicandprivatekeys.sshcopyidcopiesthe localhostspublickeytotheremotehostsauthorized_keysfile. 3StepstoPerformSSHLoginWithoutPasswordUsingsshkeygen&sshcopyid
YoucanlogintoaremoteLinuxserverwithoutenteringpasswordin3simplestepsusingssky keygenandsshcopyidasexplainedinthisarticle. sshkeygencreatesthepublicandprivatekeys.sshcopyidcopiesthelocalhostspublickeytothe remotehostsauthorized_keysfile.sshcopyidalsoassignsproperpermissiontotheremotehosts home,~/.ssh,and~/.ssh/authorized_keys. Thisarticlealsoexplains3minorannoyancesofusingsshcopyidandhowtousesshcopyidalong
withsshagent.
Step1:Createpublicandprivatekeysusingsshkeygenonlocalhost
jsmith@localhost$[Note:Youareonlocalhosthere] jsmith@localhost$sshkeygen Generatingpublic/privatersakeypair. Enterfileinwhichtosavethekey(/home/jsmith/.ssh/id_rsa):[Enterkey] Enterpassphrase(emptyfornopassphrase):[Pressenterkey] Entersamepassphraseagain:[Pessenterkey] Youridentificationhasbeensavedin/home/jsmith/.ssh/id_rsa. Yourpublickeyhasbeensavedin/home/jsmith/.ssh/id_rsa.pub. Thekeyfingerprintis: 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9jsmith@localhost
Step2:Copythepublickeytoremotehostusingsshcopyid
jsmith@localhost$sshcopyidi~/.ssh/id_rsa.pubremotehost jsmith@remotehost'spassword: Nowtryloggingintothemachine,with"ssh'remotehost'",andcheckin: .ssh/authorized_keys tomakesurewehaven'taddedextrakeysthatyouweren'texpecting.
Note:sshcopyidappendsthekeystotheremotehosts.ssh/authorized_key.
Step3:Logintoremotehostwithoutenteringthepassword
jsmith@localhost$sshremotehost Lastlogin:SunNov1617:22:332008from192.168.1.2 [Note:SSHdidnotaskforpassword.] jsmith@remotehost$[Note:Youareonremotehosthere]
Theabove3simplestepsshouldgetthejobdoneinmostcases. WealsodiscussedearlierindetailaboutperformingSSHandSCPfromopenSSH to openSSH without enteringpassword. IfyouareusingSSH2,wediscussedearlieraboutperformingSSHandSCPwithoutpassword fromSSH2 to SSH2 ,fromOpenSSH to SSH2 andfromSSH2 to OpenSSH .
Usingsshcopyidalongwiththesshadd/sshagent
jsmith@localhost$sshcopyidiremotehost /usr/bin/sshcopyid:ERROR:Noidentitiesfound
WhennovalueispassedfortheoptioniandIf~/.ssh/identity.pubisnotavailable,sshcopyidwill displaythefollowingerrormessage.
Ifyouhaveloadedkeystothesshagentusingthesshadd,thensshcopyidwillgetthekeysfrom thesshagenttocopytotheremotehost.i.e,itcopiesthekeysprovidedbysshaddLcommandtothe remotehost,whenyoudontpassoptionitothesshcopyid.

jsmith@localhost$sshagent$SHELL jsmith@localhost$sshaddL Theagenthasnoidentities.
jsmith@localhost$sshadd Identityadded:/home/jsmith/.ssh/id_rsa(/home/jsmith/.ssh/id_rsa) jsmith@localhost$sshaddL sshrsaAAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow==/home/jsmith/.ssh/id_rsa jsmith@localhost$sshcopyidiremotehost jsmith@remotehost'spassword: Nowtryloggingintothemachine,with"ssh'remotehost'",andcheckin: .ssh/authorized_keys tomakesurewehaven'taddedextrakeysthatyouweren'texpecting. [Note:ThishasaddedthekeydisplayedbysshaddL]
ThreeMinorAnnoyancesofsshcopyid
Followingarefewminorannoyancesofthesshcopyid. 1. Defaultpublickey:sshcopyiduses~/.ssh/identity.pubasthedefaultpublickeyfile(i.ewhenno valueispassedtooptioni).Instead,Iwishitusesid_dsa.pub,orid_rsa.pub,oridentity.pubas defaultkeys.i.eIfanyoneofthemexist,itshouldcopythattotheremotehost.Iftwoorthreeof themexist,itshouldcopyidentity.pubasdefault. 2. Theagenthasnoidentities:WhenthesshagentisrunningandthesshaddLreturnsTheagent hasnoidentities(i.enokeysareaddedtothesshagent),thesshcopyidwillstillcopythemessage Theagenthasnoidentitiestotheremotehostsauthorized_keysentry. 3. Duplicateentryinauthorized_keys:Iwishsshcopyidvalidatesduplicateentryontheremote hostsauthorized_keys.Ifyouexecutesshcopyidmultipletimesonthelocalhost,itwillkeep appendingthesamekeyontheremotehostsauthorized_keysfilewithoutcheckingforduplicates. Evenwithduplicateentrieseverythingworksasexpected.But,Iwouldliketohavemy authorized_keysfileclutterfree. Ifyoulikethisarticle,pleasebookmarkitonDeliciousandStumbleit.

50 Systemadmin Work

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

50 Systemadmin Work

Hochgeladen von

Copyright:

Verfügbare Formate

50UNIX/LinuxSysadminTutorials

1. Disk to disk backup using dd command : 6ExamplestoBackupLinuxUsingddCommand(IncludingDisktoDisk) Warning:Whileusingddcommand,ifyouarenotcareful,andifyoudontknowwhatyouaredoing, youwillloseyourdata!

Theabovecreatestheimageofaharddisk/dev/hda.ReferourearlierarticleHow to view initrd.imageformoredetails.

Torestoreaharddiskwiththeimagefileofananotherharddisk,usethefollowingddcommand example. Theimagefilehdadisk.imgfile,istheimageofa/dev/hda,sotheabovecommandwillrestorethe imageof/dev/hdato/dev/hdb.

Usingddcommand,youcancreateacopyofthefloppyimageveryquickly.Ininputfile,givethe floppydevicelocation,andintheoutputfile,givethenameofyourfloppyimagefileasshown below.

sent122bytesreceived505bytes114.00bytes/sec totalsizeis45305958speedupis72258.31 $lslrt total39088 rwxrxrx1rootroot4096Sep211:35Basenames

Password: receivingfilelist...done deletingnewfile.txt ./ sent26bytesreceived390bytes48.94bytes/sec totalsizeis45305958speedupis108908.55

3. Three sysadmin rules :Ifyouareasysadmin,youcant(andshouldnt)breakthesethreesysadmin rules.

Modifythe/etc/fstab,andaddthekeywordusrquotaandgrpquotatothecorrespondingfilesystem thatyouwouldliketomonitor. Thefollowingexampleindicatesthatbothuserandgroupquotacheckisenabledon/home filesystem

Intheabovecommand: a:Checkallquotaenabledfilesystem v:Verbosemode u:Checkforuserdiskquota g:Checkforgroupdiskquota Theabovecommandwillcreateaaquotafileforuserandgroupunderthefilesystemdirectoryas shownbelow.

Oncetheedquotacommandopensthequotasettingsforthespecificuserinaeditor,youcansetthe followinglimits: softandhardlimitfordiskquotasizefortheparticularuser. softandhardlimitforthetotalnumberofinodesthatareallowedfortheparticularuser.

root56648800540100 nobody1448003000 ramesh141935200168600 john266040017200

5. Troubleshoot using dmesg :Usingdmesgyoucanviewbootupmessagesthatdisplaysinformation aboutthehardwaredevicesthatthekerneldetectsduringbootprocess.Thiscanbehelpfulduring troubleshootingprocess.

e4:1f:13:62:ff:58 eth1:BroadcomNetXtremeIIBCM57091000BaseT(C0)PCIExpressfoundatmem98000000,IRQ114,nodeaddr e4:1f:13:62:ff:5a eth0:Linkup

6. RPM package management examples :15examplesprovidedinthisarticleexplainseverythingyou needtoknowaboutmanagingRPMpackagesonredhatbasedsystem(includingCentOS).

Withrootprivilege,youcanusetherpmcommandwithappropriateoptionstomanagetheRPMsoftwarepackages. Inthisarticle,letusreview15practicalexamplesofrpmcommand. LetustakeanrpmofMysqlClientandrunthroughallourexamples.

S.5....Tc/usr/bin/mysql S.5....Tc/usr/bin/mysql_find_rows S.5....Tc/usr/bin/mysqlaccess

Thecharacterintheaboveoutputdenotesthefollowing: SfileSizediffers MModediffers(includespermissionsandfiletype) 5MD5sumdiffers DDevicemajor/minornumbermismatch Lreadlink(2)pathmismatch UUserownershipdiffers GGroupownershipdiffers TmTimediffers

7. 10 netstat examples :Netstatcommanddisplaysvariousnetworkrelatedinformationsuchasnetwork connections,routingtables,interfacestatistics,masqueradeconnections,multicastmembershipsetc.,

numbers,insteadofresolvingthehostname,portname,username. Thisalsospeedsuptheoutput,asnetstatisnotperforminganylookup. #netstatan Ifyoudontwantonlyanyoneofthosethreeitems(ports,orhosts,orusers)toberesolved,usefollowing commands. #netsatanumericports

Attheend,youwillhavesomethinglikethis. netstat:nosupportforÀFIPX'onthissystem. netstat:nosupportforÀFAX25'onthissystem. netstat:nosupportforÀFX25'onthissystem. netstat:nosupportforÀFNETROM'onthissystem.

8. Manage packages using apt* commands :These13practicalexamplesexplainshowtomanage packagesusingaptget,aptcache,aptfileanddpkgcommands.

Finally,installthepackageusingaptgetinstallasshownbelow. $sudoaptgetinstallapache2 [sudo]passwordforramesh:

Use'aptgetautoremove'toremovethem. ThefollowingpackageswillbeREMOVED: apache2 0upgraded,0newlyinstalled,1toremoveand26notupgraded. Removingapache2...

9. Modprobe command examples :modprobeutilityisusedtoaddloadablemodulestotheLinuxkernel. Youcanalsoviewandremovemodulesusingmodprobecommand.

10. Ethtool examples :Ethtoolutilityisusedtoviewandchangetheethernetdevice parameters.TheseexampleswillexplainhowyoucanmanipulateyourethernetNICcardusing ethtool. 9LinuxethtoolExamplestoManipulateEthernetCard(NICCard) Ethtoolutilityisusedtoviewandchangetheethernetdeviceparameters.

Asshownintheaboveoutput,thespeedchangedfrom1000Mb/sto100Mb/sandautonegotiation parameterisunset. TochangetheMaximumTransmissionUnit(MTU),refertoourifconfig examples article.

Letusassumethatyouhaveamachinewithfourethernetadapters,andyouwanttoidentifythe physicalportofaparticularethernetcard.(Forexample,eth0). Useethtooloptionp,whichwillmakethecorrespondingLEDofphysicalporttoblink.

Theabovelineshouldbethelastlineofthefile.Thiswillchangespeed,duplexandautonegofeth2 devicepermanently. OnSUSE,modifythe/etc/sysconfig/network/ifcfgethidfileandincludeanewscriptusing POST_UP_SCRIPTvariableasshownbelow.Includethebelowlineasthelastlineinthe correspondingeth1adpaterconfigfile.

Then,createanewfilescripts/eth1asshownbelowunder/etc/sysconfig/networkdirectory.Make surethatthescripthasexecutepermissionandensurethattheethtoolutilityispresentunder/sbin directory.

11. NFS mount using exportfs :ThisisalinuxbeginnersguidetoNFSmountusingexportfs.This explainshowtoexportafilesystemtoaremotemachineandmountitbothtemporarilyand permanently.

12. Change timezone :DependingonyourLinuxdistribution,useoneofthemethodsexplainedin thisarticletochangethetimezoneonyoursystem. HowTo:2MethodsToChangeTimeZoneinLinux

explainmehowtodothisonallLinuxdistributionswithsomeclearexamples. Answer:UseoneofthefollowingmethodstochangethetimezoneonyourLinuxsystem.Oneof thesemethodsshouldworkforyoudependingontheLinuxdistributionyouareusing.

Forthisexample,assumethatyourcurrenttimezoneisUTCasshownbelow.Youwouldliketo changethistoPacificTime. Onsomedistributions(forexample,CentOS),thetimezoneiscontrolledby/etc/localtimefile. Deletethecurrentlocaltimefileunder/etc/directory

13. Install phpMyAdmin :phpMyAdminisawebbasedtoolwritteninPHPtomanagetheMySQL database.Apartfromviewingthetables(andotherdbobjects),youcanperformlotofDBAfunctions throughthewebbasedinterface.YoucanalsoexecuteanySQLqueryfromtheUI. HowTo:5StepstoInstallphpMyAdminonLinux

DoyouhaveaMySQLdatabaseinyourenvironment?Didyouknowthattheeasy(and mosteffective)waytomanageMySQLdatabaseisusingphpMyAdmin? phpMyAdminisawebbasedtoolwritteninPHPtomanagetheMySQLdatabase.Apartfromviewing thetables(andotherdbobjects),youcanperformlotofDBAfunctionsthroughthewebbased

interface.YoucanalsoexecuteanySQLqueryfromtheUI. ThisarticlewillprovidestepbystepinstructionsonhowtoinstallandconfigurephpMyAdminon Linuxdistributions.

MakesureyouhavePHP 5 (or above) installed .

MakesureyouhaveMySQL 5 (or above) installed .

MakesureApache is installed andrunning. PHP5Modules IfyoudonthavePHP ,IrecommendthatyouinstallPHPfromsource.Followingistheconfigure commandIexecutedwhileinstallingPHPfromsource.ThisincludesalltherequiredPHPmodules forphpMyAdmin.

Youshouldinstallthefollowingthreesquidrelatedpackagesonyoursystem. squid squidcommon squidlangpack OnDebianandUbuntu,useaptitudetoinstallsquidasshownbelow.OnCentOS,useyumtoinstall thesquidpackage.

Note:Thehttpportnumber(3128)specifiedinthesquid.confshouldbeenteredintheproxysetting sectionintheclientbrowser.IfsquidisbuiltwithSSL,youcanusehttps_portoptioninside squid.conftodefinehttpssquid.

StarttheSquidproxycachingserverasshownbelow. Squidmaintainsthreelogfiles(access.log,cache.logandstore.log)under/var/log/squiddirectory. Fromthe/var/log/squid/access.log,youcanviewwhoaccessedwhichwebsiteatwhattime.

Note:Youcanalsoconfiguresquidasatransparentproxyserver,whichwelldiscussinaseparate article.Also,refertoourearlierarticleonhowtoblockipaddressusing fail2ban andiptables.

Someorganizationmightwanttoallowemployeestosurfordownloadfromtheinternetonlyduring specifictimeperiods. Thesquid.confconfigurationshownbelowwillallowinternetaccessforemployeesonlybetween 9:00AMand18:00duringweekdays.

Intheaboveexample,ioptionisusedforignoringcaseformatching.So,whileaccessingthe websites,squidwilltrytomatchtheurlwithanyofthepatternmentionedintheaboveblocked_sites fileanddeniestheaccesswhenitmatches.

Note:Addthesargreporttothecrontab. Thereportsgeneratedbysargarestoredunder/var/www/squidreports.Thesearehtmlreportscan youcanviewfromabrowser.

Ifyoudonthaveanyadditionaldisks,youcancreateafilesomewhereonyourfilesystem,anduse thatfileforswapspace. Thefollowingddcommandexamplecreatesaswapfilewiththenamemyswapfileunder/root directorywithasizeof1024MB(1GB).

Note:Intheoutputofswaponscommand,theTypecolumnwillsayfileiftheswapspaceis createdfromaswapfile. Ifyoudontwanttoreboottoverifywhetherthesystemtakesalltheswapspacementionedinthe /etc/fstab,youcandothefollowing,whichwilldisableandenablealltheswappartitionmentioned inthe/etc/fstab

16. Install and configure snort :Snortisafreelightweightnetworkintrusiondetectionsystemfor bothUNIXandWindows.Thisarticleexplainshowtoinstallsnortfromsource,writerules,and performbasictesting.

Createthefollowingsnort.confandicmp.rulesfiles: #cat/etc/snort/snort.conf include/etc/snort/rules/icmp.rules

TheabovebasicruledoesalertingwhenthereisanICMPpacket(ping). Followingisthestructureofthealert: <RuleActions><Protocol><SourceIPAddress><SourcePort><DirectionOperator><DestinationIPAddress> <Destination>(ruleoptions)

17. Register RHEL/OEL linux to support :IfyouhavepurchasedsupportfromOracleforyour Linux,youcanregistertooraclesupportnetwork(ULN)usingup2dateasexplainedhere.

Theup2datewillautomaticallycollectthefollowinginformationaboutyoursystemandusethisto createasystemprofile. Hostname IPaddress MemorySize CPUModelandSpeed RHELorOELVersion

Theup2datewillautomaticallycollectinformationaboutalltheinstalledpackagesandassociateit withthecorrespondingsystemprofile.laterthisinfoisusedtodeterminewhetherapackageneeds tobeupdatedornot.

Ontheconfirmationscreen,clickonNexttosendtheprofileinformation(includinghardwareand packagesinfo)toOraclesULN. Makesureyoursystemcantalktolinux.oracle.com.Ifnot,thisstepwillfail.

Oncetheregistrationiscompleted,youllgetthefollowingconfirmationscreen. >Add your comment

18. tftpboot setup :YoucaninstallLinuxfromnetworkusingPXEbyinstallingandconfiguring tftpbootserverasexplainedhere.

Afterinstallingthesyslinuxpackage,pxelinux.0filewillbecreatedunder/usr/share/pxelinux/ directory.Thisisrequiredtoloadinstallkernelandinitrdimagesontheclientmachine. Verifythatthepackagesaresuccessfullyinstalled.

RefertoourearlierarticleonHow to mount and view ISO files . Copytheinitrdtothetftpbootdirectoryasshownbelow.

nextserver192.168.1.101; subnet192.168.1.0netmask255.255.255.0{ #ipdistributionrangebetween192.168.1.1to192.168.1.100 range192.168.1.1192.168.1.100; defaultleasetime10; maxleasetime10; }

Here,thismachinehastheipaddressof192.168.1.101ontheeth1device.So,specifyeth1forthe DHCPD_INTERFACEasshownabove. Onarelatednote,refertoourearlierarticleabout7 examples to configure network interface using ifconfig.

Modifythe/etc/xinetd.d/tftpfiletoreflectthefollowing.Bydefaultthevaluefordisableparameter isyes,pleasemakesureyoumodifyittonoandyouneedtochangetheserver_argsentrytos /tftpboot.