ffmpeg commands

FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec – the leading audio/video codec library. FFmpeg is free software and is licensed under the LGPL or GPL depending on your choice of configuration options.
FFmpeg supports most of the popular formats, we don’t need to worry a lot about that. Formats supported by FFmpeg include MPEG, MPEG-4 (Divx), ASF, AVI, Real Audio/Video and Quicktime. To see a list of all the codecs/formats supported by FFmpeg, run the following command:

ffmpeg -formats

1. X11 grabbing

FFmpeg can grab the X11 display.

ffmpeg -f x11grab -s cif -i :0.0 /tmp/out.mpg

0.0 is display.screen number of your X11 server, same as the DISPLAY environment variable.

ffmpeg -f x11grab -s cif -i :0.0+10,20 /tmp/out.mpg

0.0 is display.screen number of your X11 server, same as the DISPLAY environment variable. 10 is the x-offset and 20 the y-offset for the grabbing.

ffmpeg -f x11grab -r 25 -s 800x600 -i :0.0 /tmp/outputFile.mpg

2. Convert Pictures To Movie

First, rename your pictures to follow a numerical sequence. For example, img1.jpg, img2.jpg, img3.jpg,… Then you may run:

ffmpeg -f image2 -i img%d.jpg /tmp/a.mpg

Notice that `%d’ is replaced by the image number.
`img%03d.jpg' means the sequence `img001.jpg', `img002.jpg', etc…
If you have large number of pictures to rename, you can use the following command to ease the burden. The command, using the bourne shell syntax, symbolically links all files in the current directory that match *jpg to the `/tmp' directory in the sequence of `img001.jpg', `img002.jpg' and so on.

x=1; for i in *jpg; do counter=$(printf %03d $x); ln "$i" /tmp/img"$counter".jpg; x=$(($x+1)); done

If you want to sequence them by oldest modified first, substitute $(ls -r -t *jpg) in place of *jpg.
Then run:

ffmpeg -f image2 -i /tmp/img%03d.jpg /tmp/a.mpg

The same logic is used for any image format that ffmpeg reads.

3. Video Conversions

Quick and dirty convert to flv

ffmpeg -i inputfile.mp4 outputfile.flv

This converts any media ffmpeg handles to flash. It would actually convert anything to anything, it’s based on the file extension. It doesn’t do ANY quality control, sizing, etc, it just does what it thinks is best.
Convert .flv to .3gp

ffmpeg -i file.flv -r 15 -b 128k -s qcif -acodec amr_nb -ar 8000 -ac 1 -ab 13 -f 3gp -y out.3gp

Download YouTube videos as .flv and convert them to .3gp for your mobile phone.
Convert AVI to iPhone MP4

ffmpeg -i [source].avi -f mp4 -vcodec mpeg4 -b 250000 -s 480?320 -acodec aac -ar 24000 -ab 64 -ac 2 [destination].mp4

for 4:3 aspect:

ffmpeg -i source-xvid.avi -s 480x320 -aspect 4:3 -b 768k -ab 64k -ar 22050 -r 30000/1001 OUT.mp4

for 16:9:

ffmpeg -i source-xvid.avi -s 480x320 -aspect 16:9 -b 768k -ab 64k -ar 22050 -r 30000/1001 OUT.mp4

Create a video that is supported by youtube:

ffmpeg -i mymovie.mpg -ar 22050 -acodec libmp3lame -ab 32K -r 25 -s 320x240 -vcodec flv
mytarget.flv

Takes an mpeg video and coverts it to a youtube compatible flv file.
The -r 25 sets the frame rate for PAL, for NTSC use 29.97

4. Audio Conversion

Convert RM file to mp3

ffmpeg -i input.rm -acodec libmp3lame -ab 96k output.mp3

Adjust the bitrate (-ab) as necessary. If omitted FFmpeg will use a default of 64 kb/s.
Converting WMV to MP3 using FFMPEG

ffmpeg -i audio1.wmv audio1.mp3

This will convert audio1.wmv file to audio1.mp3
Converting WMV to FLV using FFMPEG

ffmpeg -i audio1.wmv audio1.flv

This will convert audio1.wmv file to audio1.flv, this will generate only audio content
Converting AMR to MP3 using FFMPEG

ffmpeg -i audio1.amr -ar 22050 audio1.mp3

This will convert audio1.amr file to audio1.mp3 having audio rate 22.05 Khz
Converting aac to mp3 using FFMPEG

ffmpeg -i audio1.aac -ar 22050 -ab 32 audio1.mp3

This will convert audio1.aac to audio1.mp3 having audio rate 22.05 Khz and Audio BitRate 32Khz
Converting aac to mp3 using FFMPEG with MetaData

ffmpeg -i audio1.aac -ar 22050 -ab 32 -map_meta_data audio1.mp3:audio1.aac audio1.mp3

This will convert audio1.aac to audio1.mp3 having audio rate 22.05 Khz and Audio BitRate 32Khz and will copy the meta data from .aac file to .mp3 file

5. Audio Extraction

ffmpeg -i video.avi -f mp3 audio.mp3

Dumping Audio stream from flv (using ffmpeg)

ffmpeg -i input.flv -f mp3 -vn -acodec copy ouput.mp3

6. Record Audio and Video from webcam

To record video run ffmpeg with arguments such as these:

ffmpeg -f video4linux2 -s 320x240 -i /dev/video0 out.mpg

To record both audio and video run ffmpeg with arguments such as these:

ffmpeg -f oss -i /dev/dsp -f video4linux2 -s 320x240 -i /dev/video0 out.mpg

7. Copy Only A Part Of Video

Cut out a piece of film from a file. Choose an arbitrary length and starting time.

ffmpeg -vcodec copy -acodec copy -i orginalfile -ss 00:01:30 -t 0:0:20 newfile

-vcodec, you choose what video codec the new file should be encoded with. Run ffmpeg -formats E to list all available video and audio encoders and file formats.
copy, you choose the video encoder that just copies the file.
-acodec, you choose what audio codec the new file should be encoded with.
copy, you choose the audio encoder that just copies the file.
-i originalfile, you provide the filename of the original file to ffmpeg
-ss 00:01:30, you choose the starting time on the original file in this case 1 min and 30 seconds into the film
-t 0:0:20, you choose the length of the new film
newfile, you choose the name of the file created.

8. Join Multiple Video Files

A few multimedia containers (MPEG-1, MPEG-2 PS, DV) allow to join video files by merely concatenating them.
Hence you may concatenate your multimedia files by first transcoding them to these privileged formats, then using the humble cat command (or the equally humble copy under Windows), and finally transcoding back to your format of choice.

mkfifo orig1.mpg
mkfifo orig2.mpg
ffmpeg -i input1.avi -sameq -y orig1.mpg
ffmpeg -i input2.avi -sameq -y orig2.mpg

Merge files

cat orig1.mpg orig2.mpg | ffmpeg -f mpeg -i - -vcodec copy -acodec copy merged.mpg

Merge and convert to avi

cat orig1.mpg orig2.mpg | ffmpeg -f mpeg -i - -sameq -vcodec mpeg4 -acodec libmp3lame merged.avi

Notice that you should either use -sameq or set a reasonably high bitrate for your intermediate and output files, if you want to preserve video quality.
Also notice that you may avoid the huge intermediate files by taking advantage of named pipes, should your platform support it:

9. Removing Synchronization Problems Between Audio and Video

ffmpeg -i source_audio.mp3 -itsoffset 00:00:10.2 -i source_video.m2v target_video.flv

This assumes that there is a 10.2 sec delay between the video and the audio (delayed).
To extract the original video into a audio and video composites look at the command on extracting audio and video from a movie
Here is more information of how to use ffmpeg:
http://www.ffmpeg.org/ffmpeg-doc.html


ffmpeg is a multiplatform, open-source library for video and audio files. Useful and amazing commands covering almost all needs: video conversion, sound extraction, encoding file for iPod or PSP, and more.

Getting infos from a video file

ffmpeg -i video.avi

Turn X images to a video sequence

ffmpeg -f image2 -i image%d.jpg video.mpg

This command will transform all the images from the current directory (named image1.jpg, image2.jpg, etc…) to a video file named video.mpg.

Turn a video to X images

ffmpeg -i video.mpg image%d.jpg

This command will generate the files named image1.jpg, image2.jpg, …
The following image formats are also availables : PGM, PPM, PAM, PGMYUV, JPEG, GIF, PNG, TIFF, SGI.

Encode a video sequence for the iPpod/iPhone

ffmpeg -i source_video.avi input -acodec aac -ab 128kb -vcodec mpeg4 -b 1200kb -mbd 2 -flags +4mv+trell -aic 2 -cmp 2 -subcmp 2 -s 320x180 -title X final_video.mp4

Explanations :

• Source : source_video.avi
• Audio codec : aac
• Audio bitrate : 128kb/s
• Video codec : mpeg4
• Video bitrate : 1200kb/s
• Video size : 320px par 180px
• Generated video : final_video.mp4

Encode video for the PSP

ffmpeg -i source_video.avi -b 300 -s 320x240 -vcodec xvid -ab 32 -ar 24000 -acodec aac final_video.mp4

Explanations :

• Source : source_video.avi
• Audio codec : aac
• Audio bitrate : 32kb/s
• Video codec : xvid
• Video bitrate : 1200kb/s
• Video size : 320px par 180px
• Generated video : final_video.mp4

Extracting sound from a video, and save it as Mp3

ffmpeg -i source_video.avi -vn -ar 44100 -ac 2 -ab 192 -f mp3 sound.mp3

Explanations :

• Source video : source_video.avi
• Audio bitrate : 192kb/s
• output format : mp3
• Generated sound : sound.mp3

Convert a wav file to Mp3

ffmpeg -i son_origine.avi -vn -ar 44100 -ac 2 -ab 192 -f mp3 son_final.mp3

Convert .avi video to .mpg

ffmpeg -i video_origine.avi video_finale.mpg

Convert .mpg to .avi

ffmpeg -i video_origine.mpg video_finale.avi

Convert .avi to animated gif(uncompressed)

ffmpeg -i video_origine.avi gif_anime.gif

Mix a video with a sound file

ffmpeg -i son.wav -i video_origine.avi video_finale.mpg

Convert .avi to .flv

ffmpeg -i video_origine.avi -ab 56 -ar 44100 -b 200 -r 15 -s 320x240 -f flv video_finale.flv

Convert .avi to dv

ffmpeg -i video_origine.avi -s pal -r pal -aspect 4:3 -ar 48000 -ac 2 video_finale.dv

Or:

ffmpeg -i video_origine.avi -target pal-dv video_finale.dv

Convert .avi to mpeg for dvd players

ffmpeg -i source_video.avi -target pal-dvd -ps 2000000000 -aspect 16:9 finale_video.mpeg

Explanations :

• target pal-dvd : Output format
• ps 2000000000 maximum size for the output file, in bits (here, 2 Gb)
• aspect 16:9 : Widescreen

Compress .avi to divx

ffmpeg -i video_origine.avi -s 320x240 -vcodec msmpeg4v2 video_finale.avi

Compress Ogg Theora to Mpeg dvd

ffmpeg -i film_sortie_cinelerra.ogm -s 720x576 -vcodec mpeg2video -acodec mp3 film_terminée.mpg

Compress .avi to SVCD mpeg2

NTSC format:

ffmpeg -i video_origine.avi -target ntsc-svcd video_finale.mpg

PAL format:

ffmpeg -i video_origine.avi -target pal-svcd video_finale.mpg

Compress .avi to VCD mpeg2

NTSC format:

ffmpeg -i video_origine.avi -target ntsc-vcd video_finale.mpg

PAL format:

ffmpeg -i video_origine.avi -target pal-vcd video_finale.mpg

Multi-pass encoding with ffmpeg

ffmpeg -i fichierentree -pass 2 -passlogfile ffmpeg2pass fichiersortie-2

Find a webhost with ffmpeg enabled

Zimbra 6 on CentOS 5 Email and Calendars

Zimbra is a groupware system that provides email, calendaring, integrated antivirus and spam filtering, and more for multiple domains. Available in several editions, this guide will help you get the Open Source Edition installed on your CentOS 5

# yum install gmp compat-libstdc++-33 sysstat sudo libidn wget

Before proceeding, make sure your /etc/hosts file has valid entries. For reference, your file should resemble the following:
File: /etc/hosts

127.0.0.1     localhost.localdomain     localhost
10.30.56.8   mail.yeswedeal.com        mail

64 Bit OS
#wget http://files2.zimbra.com/downloads/6.0.8_GA/zcs-6.0.8_GA_2661.RHEL5_64.20100820052503.tgz

32 Bit OS
# wget http://files2.zimbra.com/downloads/6.0.8_GA/zcs-6.0.8_GA_2661.RHEL5.20100820051652.tgz

#tar -xzf zcs-6.0.8_GA_2661.RHEL5_64.20100820052503.tgz
#cd zcs-6.0.8_GA_2661.RHEL5_64.20100820052503
#./install.sh --platform-override

You appear to be installing packages on a platform different
than the platform for which they were built.

This platform is CentOS5
Packages found: RHEL5
This may or may not work.

Using packages for a platform in which they were not designed for
may result in an installation that is NOT usable. Your support
options may be limited if you choose to continue.


Install anyway? [N] Y 

You may receive a warning similar to the one shown below. Enter "Y" to proceed.

Before the install begins, you may receive a warning similar to the one shown below:
DNS ERROR resolving MX for archimedes.palegray.net It is suggested that the domain name have an MX record configured in DNS Change domain name? [Yes] No It is recommended (but not required) that the fully qualified domain name for your system (yeswedeal.com) have an MX record pointing to it. You may wish to visit your DNS control panel and add such a record now, or proceed if you won't be receiving mail for your FQDN on this system (for example, if you'll be receiving email for your base domain or others).
The install will continue, probably requiring a few minutes to perform various tasks. You'll be asked which components of the Zimbra package you'd like to install. For the purposes of this tutorial, choose the default values for each ("Y" or "N" depending on which letter is in the brackets).
Once the installation has completed, you'll be presented with an admin menu next.

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-store:                            Enabled
        +Create Admin User:                    yes
        +Admin user to create:                 admin@yeswedeal.com

******* +Admin Password                        UNSET
        +Enable automated spam training:       yes
        +Spam training user:                   spam.abc@yeswedeal.com

        +Non-spam(Ham) training user:          ham.abcd@yeswedeal.com

        +Global Documents Account:             wiki@yeswedeal.com
        +SMTP host:                            yeswedeal.com 

        +Web server HTTP port:                 80
        +Web server HTTPS port:                443
        +Web server mode:                      http
        +IMAP server port:                     143
        +IMAP server SSL port:                 993
        +POP server port:                      110
        +POP server SSL port:                  995
        +Use spell check server:               yes
        +Spell server URL:                     http://yeswedeal.com:7780/aspell.php
        +Configure for use with mail proxy:    FALSE
        +Configure for use with web proxy:     FALSE

   4) zimbra-mta:                              Enabled
   5) zimbra-snmp:                             Enabled
   6) zimbra-logger:                           Enabled
   7) zimbra-spell:                            Enabled
   8) Default Class of Service Configuration:
   r) Start servers after configuration        yes
   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help) 3

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       yes
   3) Admin user to create:                    admin@yeswedeal.com

** 4) Admin Password                           UNSET
   5) Enable automated spam training:          yes
   6) Spam training user:                      spam.abc@yeswedeal.com

   7) Non-spam(Ham) training user:             ham.abcd@yeswedeal.com

   8) Global Documents Account:                wiki@yeswedeal.com

   9) SMTP host:                               yeswedeal.com
  10) Web server HTTP port:                    80
  11) Web server HTTPS port:                   443
  12) Web server mode:                         http
  13) IMAP server port:                        143
  14) IMAP server SSL port:                    993
  15) POP server port:                         110
  16) POP server SSL port:                     995
  17) Use spell check server:                  yes
  18) Spell server URL:                        http://yeswedeal.com:7780/aspell.php
  19) Configure for use with mail proxy:       FALSE
  20) Configure for use with web proxy:        FALSE

Select, or 'r' for previous menu [r] 4 

You can configure various options here; but, the most important option is the one for setting the administrator password. Enter "4" to set it, choosing a strong password comprised of letters, numbers, and non-alphanumeric characters. After setting the admin password, enter "r" to return to the main menu. You will be asked to apply the new configuration. Type "a" and press enter. You may then allow the program to proceed with the remaining installation steps.
After installation has completed, you'll need to start zimbra with the following command:

#service zimbra start
To have Zimbra start on every boot, enter the following command:

#chkconfig zimbra on

you may wish to reboot your Linode to make sure everything comes back up properly. After doing so, visit the Zimbra admin URL in your browser. It will be in the form https://yeswedeal.com:7071/. You'll need to accept the SSL certificate presented to access the admin panel, which you may then use to continue configuring your new Zimbra server. Enjoy!

Monitor System Logs with Logwatch on Cent OS /RedHat /Fedora /Ubuntu

Logwatch is a utility used to monitor system logs and create reports. These reports include failed login attempts, successful login attempts, and storage space used/available.

For Fedora/CentOS/RedHat
#yum install logwatch
For Ubuntu
$sudo apt-get install logwatch

Configure Logwatch 

Once you have installed Logwatch, you will need to configure it to email you the reports it generates. You are encouraged to look through the entire configuration, but you may safely use Logwatch after editing the lines below.
File: /usr/share/logwatch/default.conf/logwatch.conf

Output = mail
Format = html
MailTo = rajat@yeswedeal.com
MailFrom = logwatch@yeswedeal.com

These directives tell Logwatch to email you reports in an HTML format. The MailTo and MailFrom directives should be valid email addresses.
Issue the following command to test your logwatch installation:

logwatch

Once you have issued this command, you will need to check your email to make sure that logwatch is working. Be sure to check your spam folder as these emails may be seen as spam.

Adding a Cron Job for Logwatch

You can add a cron job for Logwatch in order to receive daily emails of new reports. You can add a new entry to your crontab by running crontab -e. The following example cron job runs Logwatch at 1 AM each day, issuing you an email report of the daily activity:

# m h dom mon dow   command
0 1  * * *          /usr/sbin/logwatch

Congratulations! You can now monitor system logs with Logwatch!

Biggest installed packages in Fedora

Quick tip to see which are the biggest currently installed packages on your Fedora box:
 

rpm -qa --queryformat '%10{size}-%{name}-%{version}\n' | sort -k1,1n

You might also be interested in fslint:
 
yum install fslint

It lists packages by size, and it will autoselect dependencies for packages you want to delete

Linux Files and File Permission

Linux files are setup so access to them is controlled. There are three types of access: read write execute Each file belongs to a specific user and group. Access to the files is controlled by user, group, and what is called other. The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category. File names and permission characters File names can be up to 256 characters long with "-", "_", and "." characters along with letters and numbers. When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax: 1 2 3 4 5 6 7 8 9 10 File User Permissions Group Permissions Other Permissions Type Read Write Execute Read Write Execute Read Write Execute d r w e r w e r w e

• Character 1 is the type of file: - is ordinary, d is directory, l is link.
• Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
• Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
• Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute
  

There are 5 possible characters in the permission fields. They are:

• r = read - This is only found in the read field.
• w = write - This is only found in the write field.
• x = execute - This is only found in the execute field.
• s = setuid - This is only found in the execute field.
• If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.
  

Examples

Type "ls -l" and a listing like the following is displayed:

total 10
drwxrwxrwx	4	rajat	team	122	Dec 12 18:02	Projects
-rw-rw-rw-	1	rajat	team	1873	Aug 23 08:34	test
-rw-rw-rw-	1	rajat	team	1234	Sep 12 11:13	datafile

Which means the following:

Type and	# of	Files's	File's	Size in	Date of last	Filename
Permission field	Links	Owner	Group	Bytes	modification
|	|	|	|	|	|	|
drwxrwxrwx	4	rajat	team	122	Dec 12 18:02	Projects

The fields are as follows:

1. Type field: The first character in the field indicates a file type of one of the following:
   • d = directory
   • l = symbolic link
   • s = socket
   • p = named pipe
   • - = regular file
   • c= character (unbuffered) device file special
   • b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is rajat.
5. The group the file belongs to. In our example, the group is team.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
   

Set User Identification Attribute

The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user ID bit set.

-rws--x--x   1 root    root    14024 Sep  9 2010 donefile
-rwxr-sr-x   1 root   mail    12072 Aug 16 2010 lockfile

The files donefile and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.

For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.

Directory Permissions

There are two special bits in the permissions field of directories. They are:

• s - Set group ID
• t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
  

Save text attribute

The /tmp directory is typically world-writable and looks like this in a listing:

drwxrwxrwt   13 root     root         4096 Apr 15 08:05 tmp

Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file.

To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is

1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
   

Directory Set Group ID

If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.

This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called sample and add the users Tom and Jerry to the group sample. The directory sampledir can be created with the set GID bit set and Tom and Jerry although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.

The following command will set the GID bit on a directory:
chmod g+s sampledir
The directory listing of the directory "sampledir":
drwxrwsr-x 2 Tom sample 1674 Sep 17 1999 sampledir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "sampledir" to belong to the group "sample" .

Examples

Below are examples of making changes to permissions:

chmod u+x myfile	Gives the user execute permission on myfile.
chmod +x myfile	Gives everyone execute permission on myfile.
chmod ugo+x myfile	Same as the above command, but specifically specifies user, group and other.
chmod 400 myfile	Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access.
chmod 764 myfile	Gives user full access, group read and write access, and other read access.
chmod 751 myfile	Gives user full access, group read and execute permission, and other, execute permission.
chmod +s myfile	Set the setuid bit.
chmod go=rx myfile	Remove read and execute permissions for the group and other.

Below are examples of making changes to owner and group:

chown Jerry test1	Changes the owner of the file test1 to the user Jerry.
chgrp Jerry test1	Changes the file test1 to belong to the group "jerry".

Note: Linux files were displayed with a default tab value of 8 in older Linux versions. That means that file names longer than 8 may not be displayed fully if you are using an old Linux distribution. There is an option associated with the ls command that solves this problem. It is "-T". Ex: "ls al -T 30" to make the tab length 30.

Umask Settings

The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:

• 777 - Executable files
• 666 - Text files
  

These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.

The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:

        666 Default Permission for text file
       -022 Minus the umask value
      -----
        644 Allowed Permissions

Therefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.

-rw-r--r--   1 root     workgrp          14233 Apr  24 10:32 textfile.txt

A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.

Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.

How to identify Open Ports in Red Hat/CentOS/Fedora/Ubuntu server with nmap

Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and commandline modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.
Install nmap in Fedora /CentOS/ RedHat

#yum install nmap -y
 
Install nmap in ubuntu
$sudo apt-get install nmap

Nmap examples

Here are some Nmap usage examples, from the simple and routine to a little more complex and esoteric. Some actual IP addresses and domain names are used to make things more concrete. In their place you should substitute addresses/names from your own network.. While I don’t think port scanning other networks is or should be illegal, some network administrators don’t appreciate unsolicited scanning of their networks and may complain. Getting permission first is the best approach.
For testing purposes, you have permission to scan the host scanme.nmap.org. This permission only includes scanning via Nmap and not testing exploits or denial of service attacks. To conserve bandwidth, please do not initiate more than a dozen scans against that host per day. If this free scanning target service is abused, it will be taken down and Nmap will report Failed to resolve given hostname/IP: scanme.nmap.org. These permissions also apply to the hosts scanme2.nmap.org, scanme3.nmap.org, and so on, though those hosts do not currently exist.
#nmap -v scanme.nmap.org

Starting Nmap 5.21 ( http://nmap.org ) at 2010-10-06 18:02 IST
Initiating Ping Scan at 18:02
Scanning scanme.nmap.org (64.13.134.52) [4 ports]
Completed Ping Scan at 18:02, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:02
Completed Parallel DNS resolution of 1 host. at 18:02, 0.29s elapsed
Initiating SYN Stealth Scan at 18:02
Scanning scanme.nmap.org (64.13.134.52) [1000 ports]
Discovered open port 21/tcp on 64.13.134.52
Discovered open port 143/tcp on 64.13.134.52
Discovered open port 53/tcp on 64.13.134.52
Discovered open port 22/tcp on 64.13.134.52
Discovered open port 443/tcp on 64.13.134.52
Discovered open port 25/tcp on 64.13.134.52
Discovered open port 110/tcp on 64.13.134.52
Discovered open port 80/tcp on 64.13.134.52
Discovered open port 8008/tcp on 64.13.134.52
Discovered open port 8010/tcp on 64.13.134.52
Discovered open port 119/tcp on 64.13.134.52
Completed SYN Stealth Scan at 18:03, 34.78s elapsed (1000 total ports)
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.043s latency).
Not shown: 986 filtered ports
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp
53/tcp    open   domain
70/tcp    closed gopher
80/tcp    open   http
110/tcp   open   pop3
113/tcp   closed auth
119/tcp   open   nntp
143/tcp   open   imap
443/tcp   open   https
8008/tcp  open   http
8010/tcp  open   xmpp
31337/tcp closed Elite

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 35.48 seconds
           Raw packets sent: 3986 (175.360KB) | Rcvd: 71 (3024B

This option scans all reserved TCP ports on the machine scanme.nmap.org . The -v option enables verbose mode.

#nmap -sS -O scanme.nmap.org/24



Launches a stealth SYN scan against each machine that is up out of the 256 IPs on “class C” sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.

#nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127


Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.

#nmap -v -iR 100000 -Pn -p 80


Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -Pn since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.

Cacti Network Graphing Tool RedHat / CentOS / Fedora Install and Configure

Cacti is a network graphing tool similar to MRTG. How do I install and configure common options to collect SNMP data and various other data (such as system load, network link status, hard disk space, logged in users etc) into an RRD?

From the official project site:

Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.

Required software(s)

You need to install the following software on RHEL / Fedora / CentOS Linux:

1. MySQL Server : Store cacti data.
2. NET-SNMP server - SNMP (Simple Network Management Protocol) is a protocol used for network management.
3. PHP with net-snmp module - Access SNMP data using PHP.
4. Apache / lighttpd / ngnix webserver : Web server to display graphs created with PHP and RRDTOOL.

Install the software

First  to install mysql, apache and php:
# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd

Configure MySQL server

First, set root password:
# mysqladmin -u root password NEWPASSWORD

Create cacti MySQL database

Create a database called cacti, enter:
# mysql -u root -p -e 'create database cacti'
Create a user called cacti with a password called catipass, enter:
# mysql -u root -p

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'catipass;
mysql> FLUSH privileges;
mysql> \q

Install snmpd

Type the following command to install net-snmpd
# yum install net-snmp-utils php-snmp net-snmp-libs
Configure snmpd, open /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf
Append / modify it as follows (see snmpd.conf man page for details):

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:
# /etc/init.d/snmpd start
# chkconfig snmpd on
Make sure you are getting information from snmpd:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Sample ouptut:

IP-MIB::ipAdEntIfIndex.10.10.9.108 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:
# yum install cacti

Install cacti tables

Type the following command to find out cacti.sql path:
# rpm -ql cacti | grep cacti.sql
Sample output:

/var/www/cacti/cacti.sql

Type the following command to install cacti tables (you need to type the cacti user password):
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7g/cacti.sql

Configure cacti

Open /etc/cacti/db.php file, enter:
# vi /etc/cacti/db.php
Make changes as follows:

 
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cactipass";
$database_port = "3306";
 

Save and close the file.

Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:
# vi /etc/httpd/conf.d/cacti.conf
You need to update allow from line. Either set to ALL or your LAN subnet to allow access to cacti:

 
#
# Cacti: An rrd based graphing tool
#
Alias /cacti    /usr/share/cacti
  Directory /usr/share/cacti 

Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/8 

Directory

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:
# service httpd restart

Setup cacti cronjob

Open /etc/cron.d/cacti file, enter:
# vi /etc/cron.d/cacti
Uncomment the line:

*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.

Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:
http://your.example.com/cacti/
OR
http://your.server.ip.address/cacti/
Just follow on screen instructions. The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.
=> Click on Devices
=> Select Localhost
=> Make sure SNMP options are selected as follows:

Fig.01: SNMP configuration

Finally, click on Save button.

How do I create SNMP graphs?

Click on "Create Graphs for this Host" link on top right side.
Select SNMP - Interface Statistics
Select a graph type (such as In/Out bytes with total bandwidth)
Finally, click on Create button.

How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:

Fig.02: Cacti in Action - Memory, CPU and Network Usage

(Fig.02: Cacti in action)

Fig.03: Cacti in Action Disk, Load average and User stats

MySQLTuner - High-performance MySQL optimization script

Running MySQLTuner:

MySQLTuner using the following command

# wget http://mysqltuner.com/mysqltuner.pl

To run the script, simply make it executable and run it:

# chmod +x mysqltuner.pl
# ./mysqltuner.pl

Enter your administrative username and password
Output you can see as follows

Bandwidth Monitoring Tools For CentOS /RHEL / Fedora.

Bandwidthd

BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address’s utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.

Project Home Page :- http://bandwidthd.sourceforge.net/
Bmon

bmon is a portable bandwidth monitor and rate estimator running on various operating systems. It supports various input methods for different architectures. Various output modes exist including an interactive curses interface,lightweight HTML output but also formatable ASCII output.

Bwbar

bwbar is a small C-based program for Linux-based machines which produces bandwidth usage statistics for a network interfaces. It was originally written by H. Peter Anvin, and I (Brian Towne) modified it somewhat to better suit my needs. The original program was released under the GPL. A number of people have asked for the modified program and its source, so I have created this page.

bwm

This is a very tiny bandwidth monitor (not X11). Can monitor up to 16 interfaces in the in the same time, and shows totals too.

bwm-ng

small and simple console-based bandwidth monitor.Bandwidth Monitor NG is a small and simple console-based live bandwidth monitor.

Project Home Page :- http://www.gropp.org/?id=projects&sub=bwm-ng
Cacti

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Project Home Page :- http://cacti.net/
cbm

cbm — the color bandwidth meter — is a small program to display the traffic currently flowing through your network devices.

dstat

Dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat and ifstat. Dstat overcomes some of their limitations and adds some extra features, more counters and flexibility. Dstat is handy for monitoring systems during performance tuning tests, benchmarks or troubleshooting.

Project Home Page :- http://dag.wieers.com/home-made/dstat/
EtherApe

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.

Project Home Page :- http://etherape.sourceforge.net/
gdesklets

gDesklets is a system for bringing mini programs (desklets), such as weather forecasts, news tickers, system information displays, or music player controls, onto your desktop, where they are sitting there in a symbiotic relationship of eye candy and usefulness. The possibilities are really endless and they are always there to serve you whenever you need them, just one key-press away. The system is not restricted to one desktop environment, but currently works on most of the modern Unix desktops (including GNOME, KDE, Xfce).

Project Home Page :- http://www.gdesklets.de/
GKrellM

GKrellM is a single process stack of system monitors which supports applying themes to match its appearance to your window manager, Gtk, or any other theme.

Project Home Page :- http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html
ipband

ipband is a pcap based IP traffic monitor. It tallies per-subnet traffic and bandwidth usage and starts detailed logging if specified threshold for the specific subnet is exceeded. If traffic has been high for a certain period of time, the report for that subnet is generated which can be appended to a file or e-mailed. When bandwidth usage drops below the threshold, detailed logging for the subnet is stopped and memory is freed.

Project Home Page :- http://ipband.sourceforge.net/
iftop

iftop does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question “why is our ADSL link so slow”.

Project Home Page :- http://www.ex-parrot.com/pdw/iftop/
iperf

Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.

ipfm

IP Flow Meter (IPFM) is a bandwidth analysis tool, that measures how much bandwidth specified hosts use on their Internet link.

Project Home Page :- http://robert.cheramy.net/ipfm/
ifstat

ifstat is a tool to report network interfaces bandwith just like vmstat/iostat do for other system counters.

Project Home Page :- http://gael.roualland.free.fr/ifstat/
ibmonitor

ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all
interfaces.

Project Home Page :- http://ibmonitor.sourceforge.net/
ipaudit

IPAudit monitors network activity on a network by host, protocol and port.IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip
addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).

Project Home Page :- http://ipaudit.sourceforge.net/
IPTraf

IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

Project Home Page :- http://iptraf.seul.org/
IFStatus

IFStatus was developed for Linux users that are usually in console mode. It is a simple, easy to use program for displaying commonly needed / wanted statistics in real time about ingoing and outgoing traffic of multiple network interfaces that is usually hard to find, with a simple and effecient view. It is the substitute for PPPStatus and EthStatus projects.

jnettop

Jnettop is a traffic visualiser, which captures traffic going through the host it is running from and displays streams sorted by bandwidth they use.

Project Home Page :- http://jnettop.kubs.info/wiki/
MRTG

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.

Project Home Page :- http://oss.oetiker.ch/mrtg/
moodss

moodss is a graphical monitoring application. It is modular so that the code accessing the monitored objects is completely separate from the application core. The core takes care of managing modules (loading and unloading),displaying modules data through sortable tables and diverse graphical viewers, handling user set threshold conditions with email alerts, recording and browsing data history from a database.moodss can even predict the future, using sophisticated statistical methods and artificial neural networks, and therefore be used for capacity planning.

Project Home Page :- http://moodss.sourceforge.net/
monitord

A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface.

Project Home Page :- http://sourceforge.net/projects/monitord/
Netmrg

NetMRG is a tool for network monitoring, reporting, and graphing. Based on RRDTOOL, the best of open source graphing
systems, NetMRG is capable of creating graphs of any parameter of your network.

Project Home Page :- http://www.netmrg.net
nload

nload is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in-and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.

Project Home Page :- http://www.roland-riegel.de/nload/index.html
ntop

ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Default protocol list (this is user configurable).

Project Home Page :- http://www.ntop.org
netspeed

Netspeed is just a little GNOME-applet that shows how much traffic occurs on a specified network device (for example eth0). You get the best impression of it, if you look at the screenshots below.

Netwatch

Netwatch is a Linux program created to aid in monitoring Network Connections. It is based on a program called “statnet” but has been substantially modified for its Ethernet emphasis. It is a dynamic program which displays the Ethernet status based each the connection’s activity. It has the capability of monitoring hundreds of site statistics simultaneously. The connection’s port number (Well Known Service) and destination address are available as well. There are options which allow router statistics to be measured on simple networks (with one router). External network communication is counted and transfer rates are displayed.

Project Home Page :- http://www.slctech.org/~mackay/netwatch.html
NOCOL

NOCOL is a popular system and network monitoring (network management) software that runs on Unix systems and can
monitor network and system devices. It uses a very simple architecture and is very flexible for adding new network management modules

Project Home Page :- http://www.netplex-tech.com/nocol/
NeTraMet

NeTraMet is an open-source (GPL) implementation of the RTFM architecture for Network Traffic Flow Measurement,
developed and supported by Nevil Brownlee at the University of Auckland. Nevil also developed a version of NeTraMet
which uses the CoralReef library to read packet headers. This ‘CoralReef NeTraMet meter’ can work with any CoralReef
data source; it has been tested on both CAIDA and NLANR trace files, and on DAG and Apptel ATM interface cards.

Project Home Page :- http://freshmeat.net/projects/netramet/
NetPIPE

NetPIPE is a protocol independent performance tool that visually represents the network performance under a variety of
conditions. It performs simple ping-pong tests, bouncing messages of increasing size between two processes, whether
across a network or within an SMP system. Message sizes are chosen at regular intervals, and with slight perturbations, to provide a complete test of the communication system. Each data point involves many ping-pong tests to provide an accurate timing. Latencies are calculated by dividing the round trip time in half for small messages ( <64 Bytes ).

Project Home Page :- http://www.scl.ameslab.gov/netpipe/
netperf

Netperf is a benchmark that can be use to measure various aspect of networking performance. The primary foci are bulk
(aka unidirectional) data transfer and request/response performance using either TCP or UDP and the Berkeley Sockets interface. As of this writing, the tests available either unconditionally or conditionally

Project Home Page :- http://www.netperf.org/netperf/
potion

This is a console utility which will listen on an interface using libpcap, aggregate the traffic into flows and display the top (as many as can fit on your screen) flows with their average throughput. A flow is identified ip protocol, source ip, source port, destination ip, destination port, and type of service flag.

pktstat

Display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. Also accepts filter expressions á la tcpdump.

Project Home Page :- http://www.adaptive-enterprises.com.au/~d/software/pktstat/
RTG

RTG is a flexible, scalable, high-performance SNMP statistics monitoring system. It is designed for enterprises and service providers who need to collect time-series SNMP data from a large number of targets quickly. All collected data is inserted into a relational database that provides a common interface for applications to generate complex queries and reports. RTG includes utilities that generate configuration and target files, traffic reports, 95th percentile reports and graphical data plots. These utilities may be used to produce a web-based interface to the data.

Project Home Page :- http://rtg.sourceforge.net/
speedometer

Monitor network traffic or speed/progress of a file transfer. The program can be used for cases like: how long it will take for my 38MB transfer to finish, how quickly is another transfer going, How fast is the upstream on this ADSL line and how fast can I write data to my filesystem.

Project Home Page :- http://excess.org/speedometer/
Spong

Spong is a simple system-monitoring package written in Perl. It features client based monitoring, monitoring of network services, results displayed via the Web or console, history of problems, and flexible messaging when problems occur.

Project Home Page :- http://spong.sourceforge.net/
slurm

slurm started as a pppstatus port to FreeBSD. As I ripped off several functions

SNIPS

SNIPS (System & Network Integrated Polling Software) is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performance, syslogs, radius servers, BGP peers, etc. New monitors can be added easily (via a C or Perl API).

Project Home Page :- http://www.navya.com/software/snips/
tcpflow

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way
that is convenient for protocol analysis or debugging. A program like tcpdump shows a summary of packets seen on the
wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. tcpflow understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery.

Project Home Page :- http://www.circlemud.org/~jelson/software/tcpflow/
vnstat

vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s).vnStat isn’t a packet sniffer. The traffic information is analyzed from the /proc -filesystem, so vnStat can be used without root permissions. However at least a 2.2.x kernel is required.

Project Home Page :- http://humdi.net/vnstat/
WMND

Shows a graph of incoming/outgoing traffic, activity indicators for rx/tx and current/maximum rate for rx/tx in bytes or packets.Tailored for use with WindowMaker, it will as well work with any other window manager though.

Project Home Page :- http://dockapps.org/file.php/id/178

Memory use by which process Centos / RHEL /Fedora

#ps aux | awk '{if ($5 != 0 ) print $2,$5,$6,$11}' | sort -k2n

5 Step Jboss set up RHEL/Cent OS 5.X

Step:1:-  yum install mysql mysql-server java-1.6.0-openjdk -y
Step:2:- service mysqld start
Step:3:- wget  http://sourceforge.net/projects/jboss/files/JBoss/JBoss-6.0.0.M4/jboss-as-
distribution-6.0.0.20100721-M4.zip/download
Step:4:- unzip jboss-as-distribution-6.0.0.20100721-M4.zip
Step:5:- /opt/jboss/bin/run.sh

http://yourdomain.com:8080 

Install Latest postgresql using yum from pgsqlrpms

[root@ip-173-201-21-11 ~]# wget http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-centos-8.4-2.noarch.rpm
[root@ip-173-201-21-11 ~]# rpm -ivh pgdg-centos-8.4-2.noarch.rpm
[root@ip-173-201-21-11 ~]# yum install postgresql postgresql-devel postgresql-server postgis pgadmin postgresql-contrib
[root@ip-173-201-21-11 ~]# chkconfig postgresql on
[root@ip-173-201-21-11 ~]# service postgresql initdb
[root@ip-173-201-21-11 ~]# chkconfig postgresql on && service postgresql start
[root@ip-173-201-21-11 ~]# psql --version
psql (PostgreSQL) 8.4.4
contains support for command-line editing

#########################################
vi /var/lib/pgsql/data/postgresql.conf
# – Connection Settings -
listen_addresses = ‘*’
port = 5432

CPULOAD and send email to admin

This script is very useful for system admins, it checks Cpuload and get info of which process takes the cpuload, if cpuload is or above 70%  it sends alert email to admin
==============================
#!/bin/bash
# Shell script to monitor or watch the high cpu-load
# It will send an email to $ADMIN, if the (cpu load is in %) percentage
# of cpu-load is >= 70%
# If you have any suggestion or question please email to raviindiangnu org
# set admin email so that you can get email
# set alert level 70% is default
# you can set it to string LOAD with your value
AWK=/bin/awk
SAR=/usr/bin/sar
GREP=/bin/grep
TR=/usr/bin/tr
HEAD=/usr/bin/head
PS=/bin/ps
SORT=/bin/sort
HOSTNAME=yeswedeal.com
SED=/bin/sed
LOAD=70
CAT=/bin/cat
MAILFILE=/tmp/mailviews$$
MAILER=/bin/mail
mailto=”rajatjpatel@yeswedeal.com”
for path in $PATHS
do
CPU_LOAD=`$SAR -P ALL 1 2 | $GREP ‘Average.*all’ | $AWK -F” ” ‘{ print 100.0 -$NF}’`
echo $CPU_LOAD
if [[ $CPU_LOAD > $LOAD ]];
then
PROC=`$PS -eo pcpu,pid -o comm= | $SORT -k1 -n -r | $HEAD -1`
echo “Please check your processess on ${HOSTNAME} the value of cpu load is $CPU_LOAD % & $PROC” > $MAILFILE
$CAT $MAILFILE | $MAILER -s “CPU Load is $CPU_LOAD % on ${HOSTNAME}” $mailto
fi
done
=============================
After  end of  schedule cron job for this script like below
*/30 * * * * /bin/sh /root/cpuload.sh >/dev/null 2>&1

How to install GeoIP and mod_geoip2 on RHEL/Cent OS for apache

How to install GeoIP and mod_geoip2 on centos for apache
1) yum install GeoIP GeoIP-devel GeoIP-data zlib-devel
2) mkdir /usr/local/share/GeoIP
3) Download the latest Country and City database files from maxmind
cd /usr/local/share/GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoIP.dat.gz
gunzip GeoLiteCity.dat.gz
4) yum install httpd-devel apr-devel
5) wget http://geolite.maxmind.com/download/geoip/api/mod_geoip2/
6) tar xvzf mod_geoip2_1.2.5.tar.gz && cd mod_geoip2_1.2.5
7) apxs -i -a -L/usr/lib64 -I/usr/include -lGeoIP -c mod_geoip.c
8) Enabling mod-geoip
Nothing’s going to work unless mod-geoip is enabled in your apache configuration. You’ll need the following lines in your httpd.conf file (located on CentOS systems at /etc/httpd/conf/httpd.conf)
IfModule mod_geoip.c
GeoIPEnable On
GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat Standard
GeoIPDBFile /usr/local/share/GeoIP/GeoLiteCity.dat Standard
IfModule
9) Restart Apache so your changes will take effect by entering the following command.
#/etc/init.d/httpd restart
10) /usr/local/bin/geoipupdate

Install tomcat6 in 3 step Cent OS

cd /etc/yum.repos.d
wget 'http://www.jpackage.org/jpackage50.repo'
yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps
service tomcat6 start
 http://localhost:8080