Thursday, October 30, 2008

Tuesday, September 30, 2008

Contents of /etc/fstab

fstab
*****

fstab is a configuration file that contains information of all the partitions and storage devices in your computer. The full path to this file is /etc/fstab.

/etc/fstab contains information of where your partitions and storage devices should be mounted and how. If you can't access your Windows partition from Linux, aren't able to mount your CD or write to your floppy as a normal user, or have problems with your CD-RW, you probably have a misconfigured /etc/fstab file. So, you can usually fix your mounting problems by editing your fstab file.

/etc/fstab is just a plain text file, you must have the root privileges before editing fstab. So, in order to edit the file, you must either log in as root or use the su command to become root.

Overview of the file

Contents of /etc/fstab will be different on different systems. But the basic structure of fstab is always the same. Here's an example of the contents of /etc/fstab:

/dev/hda2 / ext2 defaults 1 1
/dev/hdb1 /home ext2 defaults 1 2
/dev/cdrom /media/cdrom auto ro,noauto,user,exec 0 0
/dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0
proc /proc proc defaults 0 0
/dev/hda1 swap swap pri=42 0 0

Every line (or row) contains the information of one device or partition. The first column contains the device name, the second one its mount point, third its filesystem type, fourth the mount options, fifth (a number) dump options, and sixth (another number) filesystem check options. Let's take a closer look at this stuff.

1st and 2nd columns: Device and default mount point

The first and second columns should be pretty straightforward. They tell the mount command exactly the same things that you tell mount when you mount stuff manually: the device or partition, and the mount point. The mount point specified for a device in /etc/fstab is its default mount point. That is the directory where the device will be mounted if you don't specify any other mount point when mounting the device.

For example the default mount point of floppy disk drive is /media/floppy. ie, executing the following command:
# mount /dev/fd0

will mount floppy drive into /media/floppy, because that's the default mount point specified in
/etc/fstab. If there is no entry for /dev/fd0 in my fstab when I issue the command above, mount gets very confused because it doesn't know where to mount the floppy.

You can freely change the default mount points listed in /etc/fstab, just make sure the mount point is a directory that already exists on your system. If it doesn't, simply create it.

Some partitions and devices are also automatically mounted when your Linux system boots up. For example, have a look at the example fstab above. There are lines that look like this:

/dev/hda2 / ext2 defaults 1 1
/dev/hdb1 /home ext2 defaults 1 2

these lines mean that /dev/hda2 will be mounted to / and /dev/hdb1 to /home. This is done automatically when your Linux system boots up...

3rd column: Filesystem type

The third column in /etc/fstab specifies the filesystem type of the device or partition. Some of the most common filesystem types are explained below:

ext2 and ext3 : Very likely your Linux partitions are Ext3. Ext2 used to be the standard filesystem for Linux, but these days, Ext3 and ReiserFS are usually the default filesystems for almost every new Linux distro. Ext3 is a newer filesystem type that differs from Ext2 in that it's journaled, meaning that if you turn the computer off without properly shutting down, you shouldn't lose any data and your system shouldn't spend ages doing filesystem checks the next time you boot up.

reiserfs : Your Linux partitions may very well be formatted as ReiserFS. Like Ext3, ReiserFS is a journaled filesystem, but it's much more advanced than Ext3. Many Linux distros (including SuSE) have started using ReiserFS as their default filesystem for Linux partitions.

swap : The filesystem type "swap" is used in your swap partitions.

vfat and ntfs : Windows partitions are probably either Vfat or NTFS. The 9x series (95, 98, ME) all use Vfat (more widely known as FAT32), and the NT series (NT, 2000, XP) use NTFS. 2000 and XP partitions may be formatted as Vfat, too. If you want to be able to write to your Windows partitions from Linux, I suggest formatting them as Vfat, because Linux's support for writing to NTFS partitions is a bit shabby at this moment.

auto No, this isn't a filesystem type :-) The option "auto" simply means that the filesystem type is detected automatically.

4th column: Mount options

The fourth column in fstab lists all the mount options for the device or partition. This is also the most confusing column in the fstab file. There are many options available, but some of the most widely used ones are as follows :

auto and noauto
With the auto option, the device will be mounted automatically at bootup. If you take a look at the example fstab above, you'll see that the floppy and CD-ROM both have "auto" as their filesystem type, because their filesystem type may vary. One floppy might be formatted for Windows and the other for Linux's Ext2. That's why it's wise to let the system automatically detect the filesystem type of media such as floppies and cdroms. auto is the default option. If you don't want the device to be mounted automatically, use the noauto option in /etc/fstab. With noauto, the device can be mounted only explicitly.

user and nouser
These are very useful options. The user option allows normal users to mount the device, whereas nouser lets only the root to mount the device. nouser is the default, which is a major cause of headache for new Linux users. If you're not able to mount your cdrom, floppy, Windows partition, or something else as a normal user, add the user option into /etc/fstab.

exec and noexec
exec lets you execute binaries that are on that partition, whereas noexec doesn't let you do that. noexec might be useful for a partition that contains binaries you don't want to execute on your system, or that can't even be executed on your system. This might be the case of a Windows partition. exec is the default option, which is a good thing.

ro
Mount the filesystem read-only.

rw
Mount the filesystem read-write. Again, using this option might cure the headache of many new Linux users who are tearing their hair off because they can't write to their floppies, Windows partitions, or something else.

sync and async
How the input and output to the filesystem should be done. sync means it's done synchronously. If you look at the example fstab, you'll notice that this is the option used with the floppy. In plain English, this means that when you, for example, copy a file to the floppy, the changes are physically written to the floppy at the same time you issue the copy command.

However, if you have the async option in /etc/fstab, input and output is done asynchronously. Now when you copy a file to the floppy, the changes may be physically written to it long time after issuing the command. This isn't bad, and may sometimes be favorable, but can cause some nasty accidents: if you just remove the floppy without unmounting it first, the copied file may not physically exist on the floppy yet!

async is the default. However, it may be wise to use sync with the floppy, especially if you're used to the way it's done in Windows and have a tendency to remove floppies before unmounting them first.

defaults Uses the default options that are rw, suid, dev, exec, auto, nouser, and async.

5th and 6th columns: Dump and fsck options

dump is a backup utility and fsck is a filesystem check utility.

The 5th column in /etc/fstab is the dump option. Dump checks it and uses the number to decide if a filesystem should be backed up. If it's zero, dump will ignore that filesystem. If you take a look at the example fstab, you'll notice that the 5th column is zero in most cases.

The 6th column is a fsck option. fsck looks at the number in the 6th column to determine in which order the filesystems should be checked. If it's zero, fsck won't check the filesystem.

That's it....
ref: http://www.tuxfiles.org/linuxhelp/fstab.html

Monday, August 18, 2008

Compress/Uncompress Gzip, Zip, and Tar files

File Compression and Archiving

.bz2 — a file compressed with bzip2
---------------------------------------------

bzip2 and bunzip2 are file compression and decompression utilities. The bzip2 and bunzip2 utilities are newer than gzip and gunzip and are not as common yet, but they are rapidly gaining popularity. The bzip2 utility is capable of greater compression ratios than gzip. Therefore, a bzip2 file can be 10-20% smaller than a gzip version of the same file. Usually, files that have been compressed by bzip2 will have a .bz2 extension.

To compress a file using bzip2, execute the following command:
# bzip2 filename.txt (where filename.txt is the name of the file you wish to compress)

To uncompress a bzip2 file, execute the following command:
# bunzip2 filename.txt.bz2 (where filename.txt.bz2 is the name of the file you wish to uncompress)

The decompressed file from that of the compressed file as follows:

filename.bz2------becomes--filename
filename.bz -------becomes--filename
filename.tbz2 ---- becomes--filename.tar
filename.tbz ------becomes--filename.tar
anyothername --- becomes--anyothername.out

.gz — a file compressed with gzip
------------------------------------------

gzip and gunzip are GNU file compression and decompression utilities. Usually, files that have been compressed by gzip will have a .gz extension. However, sometimes you may see a file that has a .tgz extension. This is a TAR file that has been compressed by gzip. The .tgz extension is a shorthand version for the .tar.gz extension. This type of file must be uncompressed with gunzip before it can be untarred.

To compress a file using gzip, execute the following command:
# gzip filename.txt (where filename.txt is the name of the file you wish to compress)

To uncompress a gzip file, execute the following command:
# gunzip filename.txt.gz (where filename.txt.gz is the name of the file you wish to uncompress)

.tar.gz/.tgz/.tar.Z — a file compressed with Tar (Tape ARchive)
-------------------------------------------------------------------------------------

A file packaging tool included with UNIX/Linux for the purpose of assembling a collection of files into one combined file for easier archiving. It was originally designed for tape backup, but today can be used with other storage media. When run by itself, it produces files with a .tar extension. When combined with Gzip, for data compression, the resulting file extensions may be .tgz, .tar.gz or .tar.Z.

To compress a directory using tar, execute the following command:
# tar cvzf filename.tgz foldername (where foldername is the directory to be compressed and filename.tgz is the resultant compressed file)

c --- to create a tar file, writing the file starts at the beginning.
f --- specifies the filename (which follows the f) used to tar into or to tar out from.
z --- use zip/gzip to compress the tar file or to read from a compressed tar file.
v --- verbose output, show the files being stored into or restored from the tar file.

To see a tar file's table of contents use:
# tar tzf filename.tgz

t --- table of contents, see the names of all files or those specified in other command line arguments.

To uncompress a directory using tar, execute the following command:
# tar xvzf filename.tgz

x --- extract (restore) the contents of the tar file.

.zip — a file compressed with ZIP compression
---------------------------------------------------------------

To compress a file with zip, type the following:
zip -r filename.zip files (filename represents the file you are creating and files represents the files you want to put in the new file)

To extract the contents of a zip file, type:
unzip filename.zip

You can zip or gzip multiple files at the same time. List the files with a space between each one.

ref : http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/getting-started-guide/s1-zip-tar.html
http://www.debianhelp.co.uk/bzandgzfiles.htm

Saturday, July 26, 2008

Creating tmpfs and swap space after partitions have already been written

This how-to describes a process of creating a tmpfs and swap file system on your existing server, after the partition table has been written. I'll start off with a little history first. I was presented with a production server where there was only a / root partition and 500MB of swap allocated. We need to bump up RAM to 1GB, and I wanted to allocate more swap space. Also, I wanted to add an extra layer of security by making the /tmp directory noexec,nosuid. This is a nice method to counter script-kiddie attacks. It's by no means 'rock-solid', but can really help you on automated attacks. The solution is to use some disk space and create a file system. Once the file system has been created, you would mount it with special privileges.

First let's work on swap

dd if=/dev/zero of=/.swap bs=1024 count=500000
mkswap /.swap
swapon /.swap

This created a 500 MB file using dd. Once our .swap file has been created we make the swap file system and activated the swap space.

The original /etc/fstab looked like this:

/dev/hda1 /boot ext3 noauto,noatime 1 2
/dev/hda3 / reiserfs noatime 0 1
/dev/hda2 none swap sw 0 0

Now, we're going to add our additional swap space to /etc/fstab

/.swap swap swap defaults 0 0

Issuing a `top` command, we can see our swap now has: 1006028k (1GB).

Next, we're going to create a tmpfs file system

dd if=/dev/zero of=/.tmpfs bs=1024 count=250000
mkfs -t ext3 /.tmpfs
mount -o loop,noexec,nosuid,rw /.tmpfs /tmp
chmod 0777 /tmp
chmod +t /tmp

This created a 250 MB file using dd, and mounted it to our /tmp mount point. Also, we added our permissions (noexec, nosuid) options. Now, no programs can be executed in /tmp. All we need to do now is adjust /etc/fstab

/.tmpfs /tmp ext3 loop,rw,nosuid,noexec 0 0


This isn't the ideal solution, but since this was a production box, rebuilding the partition table from scratch was an extremely ugly option.

Tuesday, July 8, 2008

iptables tutorial for beginners

Introduction
---------------

Iptables is a Linux based packet filtering firewall. Iptables interfaces to the Linux netfilter module to perform filtering of network packets. This can be to deny/allow traffic filter or perform Network Address Translation (NAT). With careful configuration iptables can be a very cost effective, powerful and flexible firewall or gateway solution. Iptables is available from http://www.netfilter.org/ or via your Linux distribution.

In short, iptables is a packet filtering tool which allows system administrator to define incoming and outgoing packets to and from the system using certain rules. Iptables can be confusing it's pretty straightforward once you get the hang of it.

Rules, Chains, and Tables

Iptables rules are grouped into chains. A chain is a set of rules used to determine what to do with a packet. These chains are grouped into tables. Iptables has three built in tables filter, NAT, mangle. More tables can be added through iptables extensions.

Filter Table

The filter table is used to allow and block traffic, and contains three chains INPUT, OUTPUT, FORWARD. The input chain is used to filter packets destined for the local system. The output chain is used to filter packets created by the local system. The forward chain is used for packets passing through the system, mainly used for gateways/routers.

There are three real "chains" which iptables uses:

* INPUT
Which is used to grant or deny incoming connections to your machine.
* OUTPUT
Which is used to grant or deny outgoing connections from your machine.
* FORWARD
Which is used for forwarding packages across interfaces, only really needed (in general) when you're setting up a gateway machine.

NAT Table

The NAT table is used to setup the rules to rewrite packets allowing NAT to happen. This table also has 3 chains, PREROUTING, POSTROUTING, and OUTPUT. The prerouting chain is where packets come to prior to being parsed by the local routing table. The postrouting chain is where packets are sent after going through the local routing table.

The general form of an IP tables rule is:

iptables -A CHAIN -p tcp [options] -j ACTION

The CHAIN we've briefly covered before, "INPUT", "OUTPUT", "FORWARD", etc. Here "-A INPUT" means "append this rule to the input chain".

The "-p tcp" means this rule applies only to TCP connections, not UDP. (To specify UDP connections you'd use "-p udp" instead.)

"[options]" is where you specify what you wish to match against.

Finally "-j ACTION" is used to specify what to do to packets which match your rule. Usually an action will be one of "-j DROP" to drop the package, "-j ACCEPT", to accept the packet or "-j LOG" to log it.

Commands

The first step is to know iptables commands.

Main commands

* -A --append : Add the rule a the end of the specified chain

Code:
iptables -A INPUT ...


* -D --delete : Allow to delete a chain.
There's 2 way to use it, you can specify the number of the chain to delete or specify the rule to delete

Code:
iptables -D INPUT 1
iptables -D INPUT --dport 80 -j DROP

* -R --replace : Allow to replace the specified chain

Code:
iptables -R INPUT 1 -s 192.168.0.1 -j DROP

* -I --insert : Allow to add a chain in a specific area of the global chain

Code:
iptables -I INPUT 1 --dport 80 -j ACCEPT

* -L --list : Display the rules

Code:
iptables -L # Display all the rules of the FILTER chains
iptables -L INPUT # Display all the INPUT rules (FILTER)

* -F --flush : Delete all the rules of a chain

Code:
iptables -F INPUT # Delete all the rules of the INPUT chain
iptables -F # Delete all the rules

* -N --new-chain : Allow to create a new chain

Code:
iptables -N LOG_DROP

* -X --delete-chain : Allow to delete a chain

Code:
iptables -X LOG_DROP # Delete the LOG_DROP chain
iptables -X # Delete the chains

* -P --policy : Allow to specify to the kernel the default policy of a chain ACCEPT, REJECT, DROP ...
Code:
iptables -P INPUT DROP

Basic Uses

The most common use of iptables is to simply block and allow traffic.

Allow Traffic

Iptables allows you to allow traffic based on a number of different conditions such as Ethernet adapter, IP Address, port, and protocol.

Allow incoming TCP traffic on port 22 (ssh) for adapter eth0
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

Allow incoming TCP traffic on port 80 (HTTP) for the IP range 192.168.0.1 to 192.168.0.254.
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT

Block Traffic

Iptables can block traffic on the same conditions that traffic can be allowed.

Blocks inbound TCP traffic port 22 (ssh)
iptables -A INPUT -p tcp -m tcp --dport 22 -j DRROP

Blocks inbound TCP traffic on port 80 (HTTP) from the IP 192.168.1.100
iptables -A INPUT -s 192.168.1.100 -p tcp -m tcp --dport 80 -j DRROP

Limit Traffic

Along with allowing and denying traffic IP tables can be used to limit the number of connections allowed over time thresholds.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --update --seconds 60 --hitcount 4 -j DRROP

[:p:] this is a common set of rules used to block brute force ssh attacks. The first rule makes sure the IP connecting is added to the sshbrute list. The second rule tells iptables to check the sshbrute list and if the packet threshold is exceeded to drrop the traffic.

Common Options and Switches
-A -- adds a rule at the end of the chain
-I -- inserts the rule at the given rule number. If no rule number is given the rule is inserted at the head of the chain.
-p -- protocol of the rule
--dport the destination port to check on the rule
-i -- interface on which the packet was received.
-j -- what to do if the rule matches
-s -- source IP address of packet
-d -- destination IP address of packet

Examples :

Drop all inbound telnet traffic
iptables -I INPUT -p tcp --dport 23 -j DROP

Drop all outbound web traffic
iptables -I OUTPUT -p tcp --dport 80 -j DROP

Drop all outbound traffic to 192.168.0.1
iptables -I OUTPUT -p tcp --dest 192.168.0.1 -j DROP

Allow all inbound web traffic
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

Allow inbound HTTPS traffic from 10.2.2.4
iptables -I INPUT -s 10.2.2.4 -p tcp -m tcp --dport 443 -j DROP

Deny outbound traffic to 192.2.4.0-192.2.4.255
iptables -I OUTPUT -d 192.2.4.6.0/24 -j DROP

Allow incoming connections to port 21 from one IP address 11.22.33.44
iptables -A INPUT -p tcp -m state --state NEW --dport 21 --source 11.22.33.44

Deny all other incoming connections to port 21.
iptables -A INPUT -p tcp -m state --state NEW --dport 21 -j DROP

We used the "-m state --state NEW --dport 21" to match against new connections to port 21. Other options allow you to match against different things.

ref:
http://ubuntuforums.org/showthread.php?t=159661
http://www.higherpass.com/linux/Tutorials/Iptables-Primer/
.

Port Numbers

7/TCP,UDP Echo
15/TCP,UDP NETSTAT
20/TCP FTP—data
21/TCP FTP—control (command)
22/TCP,UDP Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding
23/TCP,UDP Telnet protocol
25/TCP,UDP Simple Mail Transfer Protocol (SMTP)
42/TCP,UDP nameserver, ARPA Host Name Server Protocol
43/TCP WHOIS protocol
53/TCP,UDP Domain Name System (DNS)
79/TCP Finger protocol
80/TCP Hypertext Transfer Protocol (HTTP)
110/TCP Post Office Protocol 3 (POP3)
115/TCP Simple File Transfer Protocol (SFTP)
143/TCP,UDP Internet Message Access Protocol (IMAP)
156/TCP,UDP SQL Service
443/TCP Hypertext Transfer Protocol over TLS/SSL (HTTPS)
514/TCP Shell
546/TCP,UDP DHCPv6 client
547/TCP,UDP DHCPv6 server
873/TCP rsync file synchronisation protocol
901/TCP Samba Web Administration Tool (SWAT)
902/TCP VMware Server Console[27]
904/TCP VMware Server Alternate
1025/TCP NFS-or-IIS
1194/TCP,UDP OpenVPN
1433/TCP,UDP Microsoft SQL Server database management system Server
2049/UDP Network File System
2082/TCP CPanel default
2083/TCP CPanel default SSL
2083/TCP CPanel default SSL
2083/TCP CPanel default SSL
2095/TCP CPanel default Web mail
2096/TCP CPanel default SSL Web mail
2096/TCP CPanel default SSL Web mail
3306/TCP,UDP MySQL database system
3690/TCP,UDP Subversion version control system
5050/TCP Yahoo! Messenger
5432/TCP,UDP PostgreSQL database system
8080/TCP Apache Tomcat
8086/TCP HELM Web Host Automation Windows Control Panel
8087/TCP SW Soft Plesk Control Panel
8443/TCP SW Soft Plesk Control Panel
33434/TCP,UDP traceroute
.

Thursday, June 19, 2008

Versus Versus

ext2 vs ext3
-------------------

The main difference is that ext3 is a journaling file system. ie, they logs changes to a journal (usually a circular log in a dedicated area) before committing them to the main file system.


Dynamic URLs vs Static URLs
------------------------------------------------

Websites that utilize databases which can insert content into a webpage by way of a dynamic script like PHP or JavaScript are increasingly popular. This type of site is considered dynamic. Many websites choose dynamic content over static content. This is because if a website has thousands of products or pages, writing or updating each static by hand is a monumental task.

There are two types of URLs: dynamic and static. A dynamic URL is a page address that results from the search of a database-driven web site or the URL of a web site that runs a script. In contrast to static URLs, in which the contents of the web page stay the same unless the changes are hard-coded into the HTML, dynamic URLs are generated from specific queries to a site's database. The dynamic page is basically only a template in which to display the results of the database query. Instead of changing information in the HTML code, the data is changed in the database.


ref: http://www.webconfs.com/dynamic-urls-vs-static-urls-article-3.php


LILO vs GRUB

-----------------------

Both are linux boot loaders. LILO is little outdated than GRUB. Now most of the linux distribution uses GRUB boot loader. Another important advantages are


  • GRUB has a more powerful, interactive command line interface. LILO, on the other hand, only allows one command with arguments.

  • LILO stores information about the location of the kernel or other operating system on the Master Boot Record (MBR). Every time a new operating system or kernel is added to the system, the Stage 1 LILO bootloader has to be manually overwritten, otherwise there is no way to boot the new OS or kernel. This method is more risky than the method used by GRUB because a mis-configured LILO configuration file may leave the system unbootable (a popular way to fix this problem is to boot from Knoppix or another live CD, chroot into the partition with mis-configured lilo.conf and correct the problem). On the other hand, correcting a mis-configured GRUB is comparatively simple as GRUB will default to its command line interface where the user can boot the system manually. This flexibility is probably the main reason why many users nowadays prefer GRUB over LILO.

  • Unlike LILO, GRUB has a web site. It also has a manual, FAQ, a bug tracker, a developer mailing list and a logo. LILO has none of those.
ref: http://lwn.net/Articles/89772/

Wednesday, May 7, 2008

MySQL in a nutshell

Introduction

MySQL is a relational database management system (RDBMS) based on SQL (Structured Query Language). I was first released in January, 1998.

In most cases the developers of database applications expect the systems administrator to be able to independently prepare a database for their applications to use. The steps to do this include:

1. Install and start MySQL.
2. Create a MySQL "root" user.
3. Create a regular MySQL user that the application will use to access the database.
4. Create your application's database.
5. Create your database's data tables.
6. Perform some basic tests of your database structure.

The /etc/my.cnf file is the main MySQL configuration file. It sets the default MySQL database location and other parameters. The typical home/SOHO user won't need to edit this file at all.According to the /etc/my.cnf file, MySQL databases are usually located in a subdirectory of the /var/lib/mysql/ directory. If you create a database named test, then the database files will be located in the directory /var/lib/mysql/test.

MySQL stores all its username and password data in a special database named mysql.

Creating a MySQL "root" Account

Only two steps are necessary for a brand new MySQL installation.

1. Make sure MySQL is started.
2. Use the mysqladmin command to set the MySQL root password. The syntax is as follows:

# mysqladmin -u root password new-password

MySQL has its own command line interpreter (CLI). You can access the MySQL CLI using the mysql command followed by the -u option for the username and -p

# mysql -u root -p

Creating a database


mysql> create database databasename;

Deleting a database

mysql> drop database databasename;

Adding user

You can add users and give privileges for user to access database using grant command.

Syntax:

mysql> grant all privileges on database.* to username@"servername" identified by 'password';

Example :
Creating a database named exampledb and creating a user named newuser with password newuser

mysql> create database exampledb
mysql> grant all privileges on exampedb.* to newuser@"servername" identified by 'newuser';
mysql> flush privileges;

For changing mysql password for the user username as root from mysql command prompt

mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newuser') WHERE Host = 'localhost' AND User = 'newuser';

How to Reset mysql root password

1. Stop mysqld
# /etc/init.d/mysql stop

2. Start mysql using skip grant tables option
# /etc/init.d/mysql start --skip-grant-tables --user=root

3. Connect to the mysqld server with this command:
# mysql -u root

4. Issue the following statements
mysql> UPDATE mysql.user SET Password=PASSWORD('newpwd') WHERE User='root';
mysql> flush privileges;

5. You should be able to connect using the new password.

Recovering / Changing Your MySQL Root Password

The steps you need are:

1) Stop MySQL
# service mysqld stop

2) Start MySQL in Safe mode with the mysqld_safe command and tell it not to read the grant tables with all the MySQL database passwords.

# mysqld_safe --skip-grant-tables --skip-networking &

3) MySQL is now running without password protection. You now have to use the familiar mysql -u root command to get the mysql> command prompt. ( -p flag is not required) As expected, you will not be prompted for a password.

# mysql -u root

4) You will now have to use the mysql database which contains the passwords for all the databases on your system and modify the root password. In this case we are setting it to ack33nsaltf1sh.

mysql> use mysql;

5) Exit MySQL and restart the mysqld daemon.

mysql> exit

# service mysqld restart

MySQL Database Backup

The syntax for backing up a MySQL database is as follows:
# mysqldump -u [username] -p[password] [database] > [backup_file]

example :
#mysqldump -u newuser -pnewuser example > example.sql

MySQL Database Restoration
#mysql -u [username] -p[password] [database] < [backup_file]

example :
#mysql -u newuser -pnewuser example < style="font-weight: bold;">Some useful mysql commands

List all your MySQL databases:
mysql> show databases;

Listing the data tables in MySQL database:
mysql> use databasename;
mysql> show tables;

example :
mysql> use exampledb;
mysql> show tables;

Viewing your mySQL database's table structure:
mysql> describe tablename;

Viewing the contents of a table:
mysql> select * from tablename limit 1;

-----------------------------------------------------------------------------------------------------------------------------------------

Monday, May 5, 2008

Some Important Definitions

http connection : http connection means the requests server receives for accessing your website. In other words http connection indicates the traffic to your website.

iptables : it is a packet filtering tool which allows system administrator to define incoming and outgoing packets to a system using certain rules.

Virtual Private Server(VPS): is a virtual private server, which is functionally identical to an isolated standalone server, with its own IP addresses, processes, files, its own users database, its own configuration files, its own applications, system libraries, and so on. Virtual Private Servers share one Hardware Node and one OS kernel. However, they are isolated from each other.Virtual Private Server 0 is used to designate the Hardware Node itself.

Virtuozzo : which allows you to create multiple isolated Virtual Private Servers on a single physical server to share hardware, licenses, and management effort with maximum efficiency.

SSH : SSH stands for Secure Shell. It is a protocol for logging on to a remote machine and executing commands on that machine. It provides secure encrypted communications between two untrusted hosts over an insecure network.

Domainkeys: DomainKeys is an email authentication technology developed by Yahoo, and is primarily used as an additional anti-spam and anti-phishing method and to prove and protect email sender identity.

fsck : The system utility fsck (for "file system check" or "file system consistency check") is a tool for checking the consistency of a file system in the Unix system.

Generally, fsck is run automatically at boot time when the system detects that a file system is in an inconsistent state, indicating a non-graceful shutdown, such as a crash or power loss. Typically, fsck utilities provide options for either interactively repairing damaged file systems (the user must decide how to fix specific problems), automatically deciding how to fix specific problems (so the user doesn't have to answer any questions), or reviewing the problems that need to be resolved on a file system without actually fixing them.

Fsck can also be run manually by the system administrator if there is believed to be a problem with the file system.

IP : The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched internetwork. IP is a network layer protocol in the Internet protocol suite and is encapsulated in a data link layer protocol (e.g., Ethernet). In short, the way in which packets of data are addressed and sent across the Internet.

Firewall : A firewall is a program configured to permit, deny, or encrypt incoming and outgoing traffic in a system based on a set of rules and other criteria.

runlevel : The term runlevel refers to a mode of operation in one of the computer. Conventionally, seven runlevels exist, numbered from zero to six, though up to ten, from zero to nine, may be used. When a computer enters runlevel zero, it halts, and when it enters runlevel six, it reboots.
Additional runlevels are as follows :

1 Single-User Mode
2 Multi-User Mode
3 Multi-User Mode with Networking
4 Unused
5 X11

spf record : SPF helps mail servers distinguish forgeries from real mail by making it possible for a domain owner to say, "I only send mail from these machines." That way, if any other machines try to send mail from that domain, the mail server knows that the FROM address is forged.

Due to the fact that a significant majority of SPAM comes from forged addresses, a new Sender Policy Framework (SPF) standard is being implemented by a number of ISPs and mail hosts, including several major providers (Hotmail, Yahoo, AOL, etc). Those providers have begun to require SPF to allow mail through their networks. Mail systems will need SPF records for their domains if they want their mail to be accepted by those providers.

Protocol - An agreed upon format for transmitting data between two devices. In short a 'rule'.

IP address - The format of an IP address is a 32-bit(4 byte) numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address. It is analogous to your telephone number in that the telephone number is used by the telephone network to direct calls to you. The IP address is used by the Internet to direct data to your computer, e.g. the data your web browser retrieves and displays when you surf the net.

Web server - A computer that delivers or "serves up" web pages which are then viewed in web browsers. Requires an Internet connection, server software, an IP address, and a domain name.

Subnet—A portion of a network sharing a particular subnet address.

Subnet mask - A 32-bit combination used to describe which portion of an address refers to the subnet and which part refers to the host.

Interface - A network connection.

Daemon : a daemon (pronounced /ˈdiːmən/ or /ˈdeɪmən/[1]) is a computer program that runs in the background, rather than under the direct control of a user; they are usually initiated as background processes. Typically daemons have names that end with the letter "d": for example, syslogd, the daemon that handles the system log, or sshd, which handles incoming SSH connections.

Transmission Control Protocl (TCP) : is the protocol that creates connections between two computer over the internet, allowing them to pass data back and forth. TCP is made to allow the transmitted data to be reassembled into the proper form when it reached its destination.

chkrootkit (Check Rootkit) : is a common Unix-based program intended to help system administrators check their system for known rootkits.

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware (e.g., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware.

Load Average : It is the average sum of the number of processes waiting in the run-queue plus the number currently executing over 1, 5, and 15 minute time periods.

.

Thursday, May 1, 2008

Useful Linux Commands

Command to find files accessed in last 30 days. will find files that is accessed in last 30 days, under root folder.
# find / type f -atime -30
----------------------------------------------------------------------------------------------------------------------------------------

List contents of a folder along with contents of its subfolder. But it will traverse only to a depth of one. ie, it will not show the contents of subfolder's subfolder.
# ls *
-----------------------------------------------------------------------------------------------------------------------------------------

To print the iptables rules along with line number.
# iptables -L --line-numbers
-----------------------------------------------------------------------------------------------------------------------------------------

To find a particular rule with rule number #; where # is the rule number you want to list
# iptables -L OUTPUT --line-numbers | grep ^#
-----------------------------------------------------------------------------------------------------------------------------------------

Change permission only for folders
# find . -type d -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------

List with 777 permission
#find . -type d -perm 777
--------------------------------------------------------------------------------------------------------------------------

To list all the processes listening to port 80
# lsof -i TCP:80|awk {'print $2'}
-----------------------------------------------------------------------------------------------------------------------------------------

To kill all the process listening to apache port 443/80
# lsof -i TCP:443|awk {'print $2'} | xargs kill -9
-----------------------------------------------------------------------------------------------------------------------------------------

Recursively chmod only directories
find . -type d -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------

Recursively set the execute bit on every directory
chmod -R a+X *
The +X flag sets the execute bit on directories only
-----------------------------------------------------------------------------------------------------------------------------------------

Recursively chmod only files
find . -type f -exec chmod 644 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------

Recursively chmod only PHP files (with extension .php)
find . -type f -name '*.php' -exec chmod 644 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------

Find all files in /home/user/demo directory
$ find /home/user/demo -print
-----------------------------------------------------------------------------------------------------------------------------------------

Now find all files in /home/user/demo directory with permission 777
$ find /home/user/demo -perm 777 -print
-----------------------------------------------------------------------------------------------------------------------------------------

Next you need to apply chmod on all these files using -exec option:
$ find /home/user/demo -perm 777 -print -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------

Command to find files modified on July 12
ll|grep dr|awk '{print $9}' > 123
for i in `cat 123`;do ls -ld $i;done|grep "Jul 12"
-----------------------------------------------------------------------------------------------------------------------------------------

How to See the SSH password guesses

First, find the PID of the listening SSH daemon process:
# ps axuww | egrep 'PID|ssh'
Now become root and attach to the running daemon with strace:
#
strace -f -e 'read,write' -p12345
----------------------------------------------------------------------------------------------------------------------------------------

Screen Command

Command to create screen:
# screen -S screen_name

To exit from screen:
Just close the shell without logout

To list all running screens:
# screen -ls

To login to a particular screen with screen name "xxxx.screen_name"
# screen -r xxxx.screen_name



Wednesday, April 30, 2008

CentOS Vs Redhat(RHEL)

1) CentOS build from the Source RPM of RHEL (from redhat)
2) RHEL get faster update then CentOS because, CentOS need to wait to get the source rpm from the RHEL repository (sometime centOS community come with their own patches, but there is very small delay when the Redhat Update)
3) CentOS free version of RHEL ( which means there is no license fee)

If you ask me, if you can get RHEL license free ( most of the planet server comes with free license), use RHEL. If you are going to pay for RHEL license fee more then 50+USD. I would use the CentOS.

NB: CentOS is RedHat Enterprise without the trade mark / copyright. The same functionality, the same OS; though RedHat Enterprise typically has a faster update cycle especially RedHat Enterprise 3 or CentOS 3
.

Saturday, March 1, 2008

Some Common Issues

Website Down
---------------

1. Domain Accesible from our end
*Check if his IP is blocked in server firewall.
*If not, check if he has changed his DNS recently. If yes, Propagation Delay.
*If not, check .htaccess file for any rules

2. Domain NOT Accessible from our end
*Check if domain is registered
*Check if domain is expired
*Check if Server is down
*Check if WebServer is running : pgrep httpd
*Check if its resolving to correct IP, if not check the NameServers using "whois"
*Check if it has got an entry in httpd.conf file
*Try renaming .htaccess file from its DocumentRoot
*Check if the folder/file permissions are correct

3. Website showing Wrong Page
*Check if its resolving to correct IP(If its recently transfered to a new server)
*Check if it has got Correct DocumentRoot in httpd.conf file
*Check if the IP address we get using host and the Virtualhost entry for domain in httpd.conf file matches
* Try clearing Browser Cache(After an upload)

4. Website showing "Internal Server Error"
*Check for permissions/ownership of index.* file
*Check the permission of parent folders
*Try renaming .htaccess file

5. Error_Log showing
a)No space left on device: Couldn't create accept lock;
This is an issue due to Semaphore Issue.
You can remove the semaphore memory using the below command

ipcs -s | grep nobody | perl -e 'while () { @a=split(/\s+/); print
`ipcrm sem $a[1]`}'

NOTE : replace nobody with your WebServer username. In some cases it can be "apache".
b)mod_security: Access denied with code 403
-This is an issue caused since mod_security module is enabled for Apache
-You need to try disabling mod_security for this domain

c) PHP Warning: mysql_connect() : Access denied for user test@localhost in filename
-Its an issue since the MySQL connection Parameters are not correctly specified
-Open the filename specified on error line and note down the username, password and host given to access the database
-Login as root user to MySQL prompt and give the "grant all" command with the respective username, password, host for the database
d)[client IP] client denied by server configuration: filename
-Its an issue since the particular IP might be denied to access the website
-Open .htaccess in the domains DocumentRoot and look for "deny from" line
-Search for the IP/Network and if found try removing it
-If not resolved, try backing up the .htaccess file

-------------------------------------------------------------------------------------------------

SSL Certificate Error
----------------------

1.Verifiying the Certificate
*Access the domain using https:// and double click on the lock at Bottom-Right Corner
*Click on View button and verify it to see if the SSL Certificate has got expired
*If its expired goto next step
2.Re-Installing the Certificate
*You can try Installing it from WHM -> "Install a SSL Certificate and Setup the Domain"
*Enter the Domain, Username and IP Address, which will fetch the certificates automatically and click on Submit
*If it fails, get the crt and key from the client
*Once you have got that, login to shell as root user and goto "/usr/share/ssl"
*Now "cd certs" and rename files domain.crt and domain.cabundle to something else
*Now "cd ../private" and rename file domain.key to something else
*Try re-installing the certificate by pasting .crt and .key from what client have send to you
*If its still showing error, ask the client to contact SSL provider and re-issue certificate and key
for the domain

-------------------------------------------------------------------------------------------------

allow_url_fopen

To enable allow_url_fopen for a single account in a server add the following into httpd.conf

php_admin_flag allow_url_fopen On

-------------------------------------------------------------------------------------------------

Friday, February 29, 2008

Basic qmail commands

These files are in location /var/qmail/bin

qmail-clean
--- clean up the queue directory

qmail-getpw -- qmail-getpw finds the user that controls a particular address, local.

qmail-inject --- preprocess and send a mail message

qmail-qread --- list outgoing messages and recipients. qmail-qread must be run either as root or with user id qmails and group id qmail.

qmail-qstat ---- summarize status of mail queue

qmail-queue -- queue a mail message for delivery. qmail-queue reads a mail message from descriptor 0. It then reads envelope information from descriptor 1. It places the message into the outgoing queue for future delivery by qmail-send.

qmail-remote -- send mail via SMTP

qmail-remote host sender recip [ recip ... ] mail-remote reads a mail message from its input and sends the message to one or more recipients at a remote host.

qmail-send ----- deliver mail messages from the queue

qmail-start - turn on mail delivery. invokes qmail-send, qmail-lspawn, qmail-rspawn, and qmail-clean. These four daemons cooperate to deliver messages from the queue.

splogger - make entries in syslog

qmail-showctl - analyze the qmail configuration files

The mail log file in the location /var/log/send/current . Here you can find the log of send/received mail.
.

Monday, February 25, 2008

Tips & Tricks

Linux Tips & Tricks

How to See the SSH password guesses

First, find the PID of the listening SSH daemon process:
# ps axuww | egrep 'PID|ssh'
Now become root and attach to the running daemon with strace:
#
strace -f -e 'read,write' -p12345

Convert 'man' pages to pdf format

Here is the way to convert man pages to PDF format
# man -t man | ps2pdf - > man.pdf

Cpanel Tips & Tricks

Installing imagemagick on a cpanel server

1. Log into your server as root
2. Create a new directory as below :
mkdir /home/cpimins
3. cd /home/cpimins
4. wget http://layer1.cpanel.net/magick.tar.gz
5. tar zxvf magick.tar.gz
6. cd magick
7. /scripts/installrpm ImageMagick
8. /scripts/installrpm ImageMagick-devel
9. sh ./install


Addhandler
apache 1.3.x vs apache 2.x

---------------------------------

PHP CGI vs Apache Module Install

There are two ways to install PHP on your server:

1) As an APACHE module: This method provides the fastest operation of PHP and is generally more compatible with scripts and other server software.

2) As a CGI binary: This method is used when security is key. When there are several web sites on one server, this method provides better tracking of each domains use of PHP. The price is slower PHP.

If you have your own server, you want to install PHP as an Apache module.

What are the steps to compile php as CGI?

Just run ./configure again and don't specify "--with-apxs" or "--with-apache".

You can see a good tutorial of installing php as cgi and as an apache module in below link

for linux :

http://blazonry.com/scripting/install_apache.php

for windows :

http://www.php-mysql-tutorial.com/install-apache-php-mysql.php
.

.htaccess

.htaccess is an access control file that provides a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof. .htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves.

Note: If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:

AccessFileName .config

Some tips about .htaccess file
-------------------------------------
CHMOD the htaccess file to 644 or (RW-R--R--)

htaccess files must be uploaded as ASCII mode, not BINARY

htaccess files affect the directory they are placed in and all sub-directories.

The use of .htaccess files can be disabled completely by setting the AllowOverride directive to "none" AllowOverride None [Options, FileInfo, AuthConfig, Limit]

.htaccess files can override the sections for the corresponding directory, but will be overriden by other types of configuration sections from the main configuration files. This fact can be used to enforce certain configurations, even in the presence of a liberal AllowOverride setting. For example, to prevent script execution while allowing anything else to be set in .htaccess you can use:


Allowoverride All



Options +IncludesNoExec -ExecCGI

Another common use of .htaccess files is to enable Server Side Includes for a particular directory. This may be done with the following configuration directives, placed in a .htaccess file in the desired directory:

Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml



Finally, you may wish to use a .htaccess file to permit the execution of CGI programs in a particular directory. This may be implemented with the following configuration:

Options +ExecCGI
AddHandler cgi-script cgi pl

To stop people from viewing a particular directory in your site, include this line in the .htaccess:
order allow,deny
deny from all

To stop everyone expect one from viewing a particular directory in your site add the following in
.htaccess file. Replace IP with the public IP of the one who you want to enable access to the link

order deny,allow
deny from all
allow from IP

You can use .htaccess file to redirect your website. Two examples using redirect rules are as follows

RewriteCond %{HTTP_HOST} ^.*mysite-1.com$ [NC]
RewriteRule ^(.*)$ http://mysite-1.myothersite.com/$1 [R=301,L]


RewriteEngine On

RewriteCond %{HTTP_HOST} ^subdomain.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.subdomain.domain.com$
RewriteRule .* http://otherdomain.com/ [r]

To redirect public_html directory to a subdirectory (for example to redirect www.domain.com to www.domain.com/test)

put the following code in a .htaccess file in public_html directory

RewriteEngine On

RewriteRule ^(.*)$ test/$1 [L]

To execute php files in the directory as php5 code
AddHandler application/x-httpd-php5 .php



Wednesday, February 13, 2008

Welcome to Art of Linux



Articles in this blog are just an overview of what they are... If you need a deeper knowledge you have stepped into a wrong location. :)