Sunday, September 18, 2011

Linux NAT

If you are running a recent 2.6 Linux Kernel this four step process should work for you. This has been specifically tested on Fedora Core 3, 4, 5, and 6, but should work on any modern Linux distribution. All of these commands must be executed as the root user. First you need to tell your kernel that you want to allow IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
Then you'll need to configure iptables to forward the packets from your internal network, on /dev/eth1, to your external network on /dev/eth0. You do this will the following commands:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
You should now be NATing. You can test this by pinging an external address from one of your internal hosts. The last step is to ensure that this setup survives over a reboot. Obviously you should only do these last two steps if your test is a success.

Search Engine Installation and Configaration

Introduction
htdig is a webpage search engine licensed under the GNU Public License. It uses a very simple configuration file to allow it to search only the webpages you specify. For example, you can exclude the cgi-bin or a testing directory from the search engine. In addition to installing it on a webserver, some programs use it as a search engine plugin such as Glade, the GTK+ User Interface Builder. In addition, it will create a searchable database of any website. You just supply to URL.
Installing htdig
  1. Download the latest version from the htdig ftp server.
  2. tar -xvfz htdig-3.1.5.tar.gz
  3. cd htdig-3.1.5
  4. ./configure
  5. make
  6. make install

Configuring htdig

Once you have htdig installed, you must make a few changes to the configuration file and the HTML templates into which the search results are embedded.

Configuration File

The configuration file for htdig is located at /opt/www/htdig/conf/htdig.conf. It is pretty self-explanitory. The main attributes you need to configure are as follows. It will work if you leave the defaults for the other options or change them if you wish.
Attribute Value Example
start_url URL of your site http://www.mywebsite.com
exclude_urls Directories you do not want searched separated by white spaces /cgi-bin/ /testing/
adminstrator Email address of administrator admin@mywebsite.com
search_results_header HTML file to be used as header of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/header.html /home/httpd/search/header.html
search_results_footer HTML file to be used as footer of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/footer.html /home/httpd/search/footer.html
nothing_found_file HTML file to be displayed if there is no match to search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/nomatch.html /home/httpd/search/nomatch.html
syntax_error_file HTML file to be displayed if there is a syntax error in the search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/syntax.html /home/httpd/search/syntax.html
HTML Templates

If you don’t want to use the default look-and-feel of htdig, you can edit the following files to use the look-and-feel of your website. The paths may be different if you choose to change the paths of them in your configuration file.
  • /opt/www/htdig/common/header.html
  • /opt/www/htdig/common/footer.html
  • /opt/www/htdig/common/nomatch.html
  • /opt/www/htdig/common/syntax.html
Post-installation and configuration
  1. Next, you must setup the search database by running the script /opt/www/htdig/bin/rundig.
  2. Copy the default search.html and images from /opt/www/htdocs/htdig to a directory named htdig off of your webRoot. If the images are not in this directory, they will not appear unless you configure it otherwise it htdig.conf.
  3. Copy /opt/www/cgi-bin/htsearch to the cgi-bin for your webserver.
  4. Test the search engine by opening search.html in your browser and entering a search string.
  5. Because the search engine uses a database to return results, the database must be rebuilt with the rundig command used in step 1 every time any pages are added to the website.
  6. If you want to configure anything else, refer the the htdig website. Pretty much everything is configurable with htdig.

Wednesday, September 14, 2011

Monitor ALL eth0 Traffic Except My Own SSH Session tcpdump:

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?

The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:
tcpdump -i eth0  -s 1500 port not 22
You can skip additional ports too:
tcpdump -i eth0  -s 1500 port not 22 and port not 53
You can also use ip or hostname:
tcpdump -i eth0 port not 22 and host 1.2.3.4

See also:

man tcpdump

Wednesday, August 17, 2011

Linux password policy

Linux password lockout policy can be configured using PAM "Pluggable Authentication Modules" to lock a user’s account temporarily if they attempt to bruteforce into an account by trying various password combinations. This configuration uses the pam_tally2.so module. Bruteforce hacking is a method to find a user’s password by trying to login with various password combinations. By having a password lockout policy such users can be locked out of their account if a certain number of incorrect passwords are entered. While trying this tutorial in your system make sure you have the file /lib/security/pam_tally2.so if it isn’t there trying this out will lock all user accounts even if you enter the correct password.
Using a text editor open the following file
/etc/pam.d/system-auth
add the following text to the second line.
auth required pam_tall2.so deny=3 unlock_time=3600
The above statement will lock an user account if incorrect passwords are entered three or more times as specified in the deny option. The account will be unlocked after 3600 seconds as specified in the unlock_time option. Choose the number of incorrect attempts and unlock time wisely. There is also another option which will enforce this policy for the root user.
auth required pam_tall2.so deny=3 unlock_time=3600 even_deny_root
The even_deny_root will lockout the root user also. So use this option with caution. After this is done add another line in the account section in the same file
account required pam_tally2.so
Save the /etc/pam.d/system-auth file, before testing your configuration open another terminal and try to login as any user with a CORRECT password, if you’re unable to login at this stage there is something wrong with the /etc/pam.d/system-auth file. If you’re able to login successfully try by logging in using the correct username and wrong password. Each time you try execute the following command as root to find the number of authentication failure attempts.
pam_tally2
or
pam_tally2 -u username
to see information regarding a specific user (Replace username with the actual user).
If you enter the incorrect password for certain number of times the following message will appear as soon as the username is entered
Account locked due to 4 failed login attempts
To manually unlock the account before the unlock_time use the following command
pam_tally2 -u username -r
A more conservative usage of the above command is to deduct the number of times the user has logged in unsuccessfully. For example, if the password retries is 3 and user Alice has tried logging in with an incorrect password 4 times, using the above command to unlock the account will give another 3 tries for the username Alice which might give more attempts for a potential hacker. Instead the incorrect attempts counter value can be set to 2 so that Alice has just one more attempt.
pam_tally2 -u username --reset=2
will set the incorrect password counter for the user to 2.
In case the root user is locked out and you immediately need to login as root, boot your system into single user mode and execute the following command.
pam_tally2 -u root -r

Monday, May 9, 2011

Disable the fsck on boot

  1. Boot the system from boot disc 1 or an ISO image of the installation media
  2. Once the system has successfully booted from the ISO image and the Red Hat Enterprise Linux boot screen will appears, type: "linux rescue" without the quotes, and hit enter at the prompt.
  3. Select "Continue" when prompted to allow the rescue environment to mount Red Hat Enterprise Linux installation under /mnt/sysimage directory.
  4. Type "chroot /mnt/sysimage"
  5. Then edit /etc/fstab
  6. In this file, in the very last column for each mount point, there is a number.  Changing this number to a 0 (zero) will make it so that it does not try to fsck that mount point on boot.
  7. Save the file
  8. Reboot or CTRL+D

Saturday, April 2, 2011

Set Up A Feng Office Suite Web Server Fedora /Centos / RedHat

Feng Office allows businesses to manage project tasks, billing, documents, communication with co-workers, customers and vendors, schedule meetings and events, and share every kind of electronic information.

#yum install  mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin

#service httpd start
#service mysqld start
#mysql_secure_installation (set up root password)
#wget http://downloads.sourceforge.net/project/opengoo/fengoffice/fengoffice_1.7.4/fengoffice_1.7.4.zip
#unzip fengoffice_1.7.4.zip -d /var/www/html/

Open Firefox http://localhost/feng_community



[root@rajat feng_community]# chmod 777 config/
[root@rajat feng_community]# chmod 777 cache/
[root@rajat feng_community]# chmod 777 upload/
[root@rajat feng_community]# chmod 777 tmp/









your Office online have fun




Sunday, March 27, 2011

How to Rollback Package Updates/Installation on Fedora /RedHat/ CentOS

Fedora 14, like FC14, uses yum for package management. yum is built on top of rpm, and pirut, pup, and yumex are graphical interfaces built on top of yum. Together, these tools provide a simple-to-use, powerful package management system.

One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it's worthwhile enabling this feature on most systems.

Here's cut-to-the-chase directions on using this feature:

  1. To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.

  2. To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.

  3. Install, erase, and update packages to your heart's content, using pup, pirut, yumex, yum, rpm, and the yum automatic update service.

  4. If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specifier. Some examples: rpm -Uhv --rollback '3:00 pm', rpm -Uhv --rollback '4 hours ago', rpm -Uhv --rollback 'March 25'.

Friday, March 25, 2011

Top Command Linux


When you need to see the running processes on your Linux in real time, you have top as your tool for that.
top also displays other info besides the running processes, like free memory both physical and swap
Usage
top [options]
Options
-d ss.tt
Delay -- Specifies the seconds and tenths of seconds of delay between the updates of the info showed on the screen, being the default 3 seconds
-i
Starts top with the last remembered 'i' state reversed. When this toggle is Off, tasks that are idled or zombied will not be displayed.
-n n
Specifies the maximum number of iterations, or frames, top should produce before ending.
-p n
Monitor only processes with specified process IDs. This option can be given up to 20 times, or you can provide a comma delimited list with up to 20 pids. Co-mingling both approaches is permitted. This is a command-line option only. And should you wish to return to normal operation, it is not necessary to quit and and restart top -- just issue the '=' interactive command.
-s
- Secure - Runs top in secure mode, restricting the commands you can use while top is running even for root
-S (Sum)
Starts top with the last remembered 'S' state reversed. When 'Cumulative mode' is On, each process is listed with the cpu time that it and its dead children have used. See the 'S' interactive command for additional information regarding this mode.
Description of the fields
a: PID -- Process Id
The task's unique process ID, which periodically wraps, though never restarting at zero.
b: PPID -- Parent Process Pid
The process ID of a task's parent.
c: RUSER -- Real User Name
The real user name of the task's owner.
d: UID -- User Id
The effective user ID of the task's owner.
e: USER -- User Name
The effective user name of the task's owner.
f: GROUP -- Group Name
The effective group name of the task's owner.
g: TTY -- Controlling Tty
The name of the controlling terminal. This is usually the device (serial port, pty, etc.) from which the process was started, and which it uses for input or output. However, a task need not be associated with a terminal, in which case you'll see '?' displayed.
h: PR -- Priority
The priority of the task.
i: NI -- Nice value
The nice value of the task. A negative nice value means higher priority, whereas a positive nice value means lower priority. Zero in this field simply means priority will not be adjusted in determining a task's dispatchability./dd>
j: P -- Last used CPU (SMP)
A number representing the last used processor. In a true SMP environment this will likely change frequently since the kernel intentionally uses weak affinity. Also, the very act of running top may break this weak affinity and cause more processes to change CPUs more often (because of the extra demand for cpu time).
k: %CPU -- CPU usage
The task's share of the elapsed CPU time since the last screen update, expressed as a percentage of total CPU time. In a true SMP environment, if 'Irix mode' is Off, top will operate in 'Solaris mode' where a task's cpu usage will be divided by the total number of CPUs. You toggle 'Irix/Solaris' modes with the 'I' interactive command.
l: TIME -- CPU Time
Total CPU time the task has used since it started. When 'Cumulative mode' is On, each process is listed with the cpu time that it and its dead children has used. You toggle 'Cumulative mode' with 'S', which is a command-line option and an interactive command. See the 'S' interactive command for additional information regarding this mode.
m: TIME+ -- CPU Time, hundredths
The same as 'TIME', but reflecting more granularity through hundredths of a second.
n: %MEM -- Memory usage (RES)
A task's currently used share of available physical memory.
o: VIRT -- Virtual Image (kb)
The total amount of virtual memory used by the task. It includes all code, data and shared libraries plus pages that have been swapped out.
VIRT = SWAP + RES.
p: SWAP -- Swapped size (kb)
The swapped out portion of a task's total virtual memory image.
q: RES -- Resident size (kb)
The non-swapped physical memory a task has used.
RES = CODE + DATA.
r: CODE -- Code size (kb)
The amount of physical memory devoted to executable code, also known as the 'text resident set' size or TRS.
s: DATA -- Data+Stack size (kb)
The amount of physical memory devoted to other than executable code, also known as the 'data resident set' size or DRS.
t: SHR -- Shared Mem size (kb)
The amount of shared memory used by a task. It simply reflects memory that could be potentially shared with other processes.
u: nFLT -- Page Fault count
The number of major page faults that have occurred for a task. A page fault occurs when a process attempts to read from or write to a virtual page that is not currently present in its address space. A major page fault is when disk access is involved in making that page available.
v: nDRT -- Dirty Pages count
The number of pages that have been modified since they were last written to disk. Dirty pages must be written to disk before the corresponding physical memory location can be used for some other virtual page.
w: S -- Process Status
The status of the task which can be one of:
'D' = uninterruptible sleep
'R' = running
'S' = sleeping
'T' = traced or stopped
'Z' = zombie
Tasks shown as running should be more properly thought of as 'ready to run' -- their task_struct is simply represented on the Linux run-queue. Even without a true SMP machine, you may see numerous tasks in this state depending on top's delay interval and nice value.
x: Command -- Command line or Program name
Display the command line used to start a task or the name of the associated program. You toggle between command line and name with 'c', which is both a command-line option and an interactive command.
When you've chosen to display command lines, processes without a command line (like kernel threads) will be shown with only the program name in parentheses, as in this example:
( mdrecoveryd )
Either form of display is subject to potential truncation if it's too long to fit in this field's current width. That width depends upon other fields selected, their order and the current screen width.
Note: The 'Command' field/column is unique, in that it is not fixed-width. When displayed, this column will be allocated all remaining screen width (up to the maximum 512 characters) to provide for the potential growth of program names into command lines.
y: WCHAN -- Sleeping in Function
Depending on the availability of the kernel link map ('System.map'), this field will show the name or the address of the kernel function in which the task is currently sleeping. Running tasks will display a dash ('-') in this column.
Note: By displaying this field, top's own working set will be
increased by over 700Kb. Your only means of reducing that overhead
will be to stop and restart top.
z: Flags -- Task Flags
This column represents the task's current scheduling flags which are expressed in hexadecimal notation and with zeros suppressed. These flags are officially documented in . Less formal documentation can also be found on the 'Fields select' and 'Order fields' screens.
Interactive commands
While top is running you may issue some options that will interact immediately with top these options are:
h
Help, displays a summary of command that will modify the behavior of top
k
Kills a process, you will be able to kill only your own processes, unless you are running top as root
n
Once this command is entered top will ask you how many lines you want on your screen, if you enter 0 top will display as much as it can
q
Exits top
r
Change the priority of a process, as well as with k you will only be able to act on your own processes unless you are root
W
Writes the current configuration to your personal configuration file, which is $HOME/.toprc


Thursday, March 24, 2011

Inodes Linux /Unix


=> File type (executable, block special etc)
=> Permissions (read, write etc)
=> Owner
=> Group
=> File Size
=> File access, change and modification time (remember UNIX or Linux never stores file creation time, this is favorite question asked in UNIX/Linux sys admin job interview)
=> File deletion time
=> Number of links (soft/hard)
=> Extended attribute such as append only or no one can delete file including root user (immutability)
=> Access Control List (ACLs)
Each inode is identified by a unique inode number within the file system. Inode is also know as index number.

How do I see file inode number?

[root@rajat Desktop]# stat Amazon\ Web\ Services.pdf 
  File: `Amazon Web Services.pdf'
  Size: 1968423   Blocks: 3848       IO Block: 4096   regular file
Device: 803h/2051d Inode: 262327      Links: 1
Access: (0644/-rw-r--r--)  Uid: (  500/   rajat)   Gid: (  500/   rajat)
Access: 2011-03-25 10:22:30.192428487 +0530
Modify: 2010-06-01 00:34:44.000000000 +0530
Change: 2011-03-21 23:20:08.933990061 +0530

[root@rajat Desktop]#ls -i Amazon\ Web\ Services.pdf 
262327 Amazon Web Services.pdf 





Zombie Process Linux

A process can be sleeping in kernel code. Usually that's because of faulty hardware or a badly written driver- or maybe a little of both. A device that isn't set to the interrupt the driver thinks it is can cause this, for example- the driver is waiting for something its never going to get. The process doesn't ignore your signal- it just never gets it.
A zombie process doesn't react to signals because it's not really a process at all- it's just what's left over after it died. What's supposed to happen is that its parent process was to issue a "wait()" to collect the information about its exit. If the parent doesn't (programming error or just bad programming), you get a zombie. The zombie will go away if its parent dies- it will be "adopted" by init which will do the wait()- so if you see one hanging about, check its parent; if it is init, it will be gone soon, if not the only recourse is to kill the parent..which you may or may not want to do.
* Finally, a process that is being traced (by a debugger, for example) won't react to the KILL either.

We can find out zombie process by :-
Use top or ps command:

# top
OR
# ps aux | awk '{ print $8 " " $2 }' | grep -w Z

#ps -el | grep Z

How do I kill zombie process?
You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.

You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104:
# kill -9 4104
*Please note that kill -9 does not guarantee to kill a zombie process

How do I automate zombie process killing?
Write a script and schedule as a cron job.

 `ps jauxww | grep Z | grep -v PID | awk ‘{print $3}’`; do for every in `ps auxw | grep $each | grep cron | awk ‘{print $2}’`; do kill -9 $every; done; done

Wednesday, March 23, 2011

Firefox 4 for fedora 14


#vi /etc/yum.repos.d/firefox.repo

# Place this file in your /etc/yum.repos.d/ directory

[fedora-firefox4]
name=Firefox 4 Web Browser
baseurl=http://repos.fedorapeople.org/repos/spot/firefox4/fedora-$releasever/$basearch/
enabled=1
gpgcheck=0

[root@rajat yum.repos.d]# yum install firefox4
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
fedora-firefox4                                          | 3.0 kB     00:00     
fedora-firefox4/primary_db                               |  15 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package firefox4.i686 0:4.0-2.fc14 set to be installed
--> Processing Dependency: gecko-libs(x86-32) = 2.0-1 for package: firefox4-4.0-2.fc14.i686
--> Processing Dependency: libmozalloc.so for package: firefox4-4.0-2.fc14.i686
--> Running transaction check
---> Package xulrunner2.i686 0:2.0-1.fc14 set to be installed
--> Processing Dependency: sqlite >= 3.7.4 for package: xulrunner2-2.0-1.fc14.i686
--> Running transaction check
---> Package sqlite.i686 0:3.7.4-1.fc14 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch        Version             Repository              Size
================================================================================
Installing:
 firefox4          i686        4.0-2.fc14          fedora-firefox4         17 M
Installing for dependencies:
 xulrunner2        i686        2.0-1.fc14          fedora-firefox4        8.7 M
Updating for dependencies:
 sqlite            i686        3.7.4-1.fc14        fedora-firefox4        329 k

Transaction Summary
================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 26 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
fedora-firefox4/prestodelta                              | 8.9 kB     00:00     
Processing delta metadata
Package(s) data still to download: 26 M
(1/3): firefox4-4.0-2.fc14.i686.rpm                      |  17 MB     18:54     
(2/3): sqlite-3.7.4-1.fc14.i686.rpm                      | 329 kB     00:18     
(3/3): xulrunner2-2.0-1.fc14.i686.rpm                    | 8.7 MB     08:43     
--------------------------------------------------------------------------------
Total                                            16 kB/s |  26 MB     28:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : sqlite-3.7.4-1.fc14.i686                                 1/4 
  Installing     : xulrunner2-2.0-1.fc14.i686                               2/4 
  Installing     : firefox4-4.0-2.fc14.i686                                 3/4 
  Cleanup        : sqlite-3.6.23.1-1.fc14.i686                              4/4 

Installed:
  firefox4.i686 0:4.0-2.fc14                                                    

Dependency Installed:
  xulrunner2.i686 0:2.0-1.fc14                                                  

Dependency Updated:
  sqlite.i686 0:3.7.4-1.fc14                                                    

Complete!
[root@rajat yum.repos.d]# 

Application-->Internet-->Firefox4



:)

Wednesday, March 16, 2011

Enable Quota on RHEL/CentOS

Quota is used for limiting the disk usage for users or groups.

###To verify that the quota is enabled in the kernel###
#grep CONFIG_QUOTA /boot/config-`uname -r`
CONFIG_QUOTA=y
CONFIG_QUOTA_NETLINK_INTERFACE=y
# CONFIG_QUOTA_DEBUG is not set
CONFIG_QUOTA_TREE=y
CONFIG_QUOTACTL=y
[root@rajat rajat]#

Create user :
#useradd rajat
#passwd latar


Edit /etc/fstab :
From :
/dev/sda5 /home ext3 defaults 1 2
To :
/dev/sda5 /home ext3 defaults,usrquota,grpquota 1 2


Remount the disk (make sure it’s not in use) :
#mount -o remount /home

Check if usrquota and grpquota are enabled :
#mount | grep /home

Create quota files :
#quotacheck -cvug /home

This creates /home/aquota.user and /home/aquota.group

Check quota :
#quotacheck -avug

Enable quota for user1 :

#edquota user1
Edit soft and hard limits (1000 = 1 MB) or inode values.

Check the quota for user1 :
#quota user1

Enable quota :
#quotaon -avug

In addition :

Through a cron, run everynight when the filesystem is not used :
#quotaoff -avug && quotacheck -avug && quotaon --avug

Get quota stats :
#repquota -a

Wednesday, March 9, 2011

Install your own Video chat room CentOS AMIs

wget http://download.camfrog.com/get.php?type=fasl

[root@rajat ]# yum localinstall camfrogserver-5.0-4.noarch.rpm --nogpgcheck
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
Setting up Local Package Process
Examining camfrogserver-5.0-4.noarch.
rpm: camfrogserver-5.0-4.noarch
Marking camfrogserver-5.0-4.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package camfrogserver.noarch 0:5.0-4 set to be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch       Version     Repository                       Size
================================================================================
Installing:
 camfrogserver     noarch     5.0-4       /camfrogserver-5.0-4.noarch     3.8 M

Transaction Summary
================================================================================
Install       1 Package(s)

Total size: 3.8 M
Installed size: 3.8 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : camfrogserver-5.0-4.noarch                               1/1
Certificate generated successfully, cert file name: /etc/camfrogserver.d/cert.pem, configuration file /etc/camfrogserver.d/cf_server.conf updated

***

Thank you for installing Camfrog Advanced Server for Linux.

Before you start Camfrog Server for the first time you must agree to the Camfrog Terms Of Service (TOS) and EULA at /etc/camfrogserver.d/CamfrogTOS.txt.
The TOS may be updated.  Please visit http://www.camfrog.com/terms.phtml for the most current TOS.
If you disagree with the Camfrog EULA or Terms of Service do not start Camfrog Server and uninstall it immediately.

***

The default config file is located in /etc/camfrogserver.d/cf_server.conf.sample

For the /etc/rc.d/init.d/camfrogserver startup script configuration settings please check /etc/sysconfig/camfrogserver.

Use the "service camfrogserver start" command to start server.


Installed:
  camfrogserver.noarch 0:5.0-4                                                 

Complete!
[root@rajat ]# cd /etc/camfrogserver.d
#cp cf_server.conf.sample cf_server.conf
#vi cf_server.conf
SSL_certificate_param=SiChE8xIyj3coZIATfXvf
# Enable remote access protocol. You can control your server using Windows-base$
remote_control_enabled=on
# Username/password for remote console access (full server management)
remote_control_login=rajat
remote_control_password=rajat

Port to open at AWS Management Console
6000:6010 tcp
5000:15000 udp
6005 udp
5999 tcp

[root@rajat camfrogserver.d]# service camfrogserver restart
Shutting down Camfrog server:                              [  OK  ]
Starting up Camfrog server daemon:                         [  OK  ]
[root@rajat camfrogserver.d]#

Now download Camfrog Advanced Server to your PC, and  Install it

Open Camfrog Advanced Server > Server Options > Change Server :)



Wednesday, February 16, 2011

Swap file in RedHat /CentOS /Fedora

$ dd if=/dev/zero of=/swapfile0 bs=1024 count=524288

Setup the swap area on the file you created.

$ mkswap /swapfile0

Enable the file for swapping

$ swapon /swapfile0

Permanently enable the swap file on boot.
Add the following lines to /etc/fstab.

/swapfile0 swap swap defaults 0 0
          

Check that the swap file is working the the free command. Also,
reboot too to make sure the swap file works on restart and that
/etc/fstab was correctly configured.

Disable SSH root login


Here is the step by step procedure to disable/deny direct root login via SSH

1. Login to the server as Root
2. Edit /etc/ssh/sshd_config

    Look for the line,

  PermitRootLogin=Yes
 
and then change the value of it to,

  PermitRootLogin=No 

3. Restart the sshd service and make sure its turned on
    service sshd restart        or     /etc/init.d/sshd restart
   
    service sshd status

Recover Bad Superblock in RedHat / CentOS /Fedora Filesystem


If  you get a ¨Damaged Superblock¨ error message at filesystem (fsck) check in Linux Server, Usually fsck will not be able to repair the file system due to bad super block. In these situations, we can recover the damaged super block from the backup. 

Solution:


There are backups of the Superblock located on several positions and we can restore them with a simple command in a Linux server


By default in Linux, the file system creates the backup of  super block in the following locations:

193, 3276, 9804, 16840, 22976 and 29912.


Note: 193 is only on older systems  in many cases. 3276 is the most current position for the first backup

When you get this "damaged superblock or bad superblock error" and if  you get a root-prompt in a recovery console, then issue the following command:

# e2fsck -b 3276 /dev/sda5

Now the System will check the filesystem with the information stored in that backup superblock and if the check was successful it will restore the backup to position 0.

If this is not successful, then try using the other copy of Superblock backup (Refer the backup location of superblock above)


Monday, February 7, 2011

How to make a secure tunnel connection to a Cent OS from a MAC client through ssh

Let's say that you are on a coffe in down-town where you have wi-fi and your laptop with you, and you want to browse secure. You should know that a wireless connection is always unsecure, because anybody can sniff your packets and find out what you're doing on your laptop.

The Cent OS that we are going to use, has a ssh server up and running and connected to internet. So the tunneling that we are going to make can route any applications that supports SOCKS5 proxy.

So let's connect to our ssh server by using terminal:



Now we can setup any applications that supports SOCKS5 proxy to use this secure ssh tunneling.

Example:

Setting up Firefox browser to use our SOCKS5 proxy connection.

We open up firefox and go to preferences: Firefox->preferences, which is different by your version of Firefox. We go to Advanced tab and then Network and we click Settings.



We click manual proxy configuration like in this image, then onsocks input we enter localhost and on the port input we enter 10000 that we used to setup our SOCKS5 proxy tunneling. Then we click OK.


We can check now that we are using ssh tunneling by running a website that shows our ip adress, likehttp://www.ip-adress.com and we should see the Cent OS ip adress.

Monday, January 24, 2011

IPTABLES on CentOS / Fedora / RedHat

Since kernel version 2.4, there is a built in system for package filtering known as Netfilter. To use Netfilter, during kernel compiling CONFIG_NETFILTER must be included. Also ip_forward must be enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward
Package filtering works on Internet layer of TCP/IP protocol. Filtering rules can be defined based on a transport layer header(port number) and connection layer (source IP address). During filtering, package content is not being checked.
Netfilter filtering chains work in kernel mode. In user mode works special tool called – iptables, which requires root user privilegies and it's used to configure:
- filter chains,
- NAT tables,
- mangle tables.
Netfilter uses three filters, INPUT, OUTPUT, FORWARD, realised in form of chains. Each chain contains a set of rules that filters packages. If some package sattisfies a rule, an action gets to be applied, like accepting or rejecting package.
Iptables commands:
-A (Add rule to the end of chain).
-D (Delete rule from chain).
-R (Replace rule in chain).
-I (Add numeric rule in chain).
-L (List rules).
-F (Delete all rules from chain).
Deleting the chains:
# iptables -F INPUT
# iptables -F OUTPUT
# iptables -F FORWARD
Here are some basic examples of iptables usage.
1. Blocking IP with iptables:
# iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
# iptables -A OUTPUT -d xxx.xxx.xxx.xxx -j DROP
* instead xxx.xxx.xxx.xxx www.abc.com can be added.
2. Opening ports:
First thing you need to do is check if ports are already opened. It's done using nmap, free program, and it's distributed in most distros.
# nmap -sT xxx.xxx.xxx.xxx
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap run completed -- 1 IP address scanned in 0.941 seconds.
As we see, on this list port 25 is not opened. Let's open port 25 for SMTP traffic.
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
3. Enabling other hosts to ping:
# iptables -A INPUT -p icmp -s xxx.xxx.xxx.xxx/xx –icmp-type echo-request -j ACCEPT
# iptables -A INPUT -p icmp -d xxx.xxx.xxx.xxx/xx –icmp-type echo-reply -j ACCEPT
4. Restricting access by time of the day:
# iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d xxx.xxx.xxx.xxx --dport 22 -m state
--state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00
--days Mon,Tue,Wed,Thu,Fri -j ACCEPT  

5. Keeping logs about rejected packages:

# iptables -A OUTPUT -j LOG
# iptables -A OUTPUT -j DROP
# iptables -A INPUT -j LOG
# iptables -A INPUT -j DROP
# iptables -A FORWARD -j LOG
# iptables -A FORWARD -j DROP

Tuesday, January 11, 2011

Crontab for Fedora / RedHat / CentOS / Ubuntu

Crontab can run scripts at regular intervals and perform various tasks. Those intervals can be from 1 minute to 1 year, repeatedly.

To list current crontabs:

# crontab -l


You can create a crontab file by entering the following terminal command:

 # crontab -e


A crontab file has six fields for specifying minute, hour, day of month, month, day of week and the command to be run at that interval:

#################################################################
#minute (0-59),                                                 #
#|      hour (0-23),                                            #
#|      |       day of the month (1-31),                        #
#|      |       |       month of the year (1-12),               #
#|      |       |       |       day of the week (0-6 with 0=Sun)#
#|      |       |       |       |       commands                #
#################################################################


Some examples:

* * * * * #Runs every minute
*/5 * * * * #Runs at every 5 minutes
30 * * * * #Runs at 30 minutes past the hour
45 6 * * * #Runs at 6:45 am every day
45 18 * * * #Runs at 6:45 pm every day
00 1 * * 0 #Runs at 1:00 am every Sunday
00 1 * * 7 #Runs at 1:00 am every Sunday
00 1 * * Sun #Runs at 1:00 am every Sunday
30 8 1 * * #Runs at 8:30 am on the first day of every month
00 0-23/2 02 07 * #Runs every other hour on the 2nd of July

You can also use some special strings:

@reboot #Runs at boot
@yearly #Runs once a year [0 0 1 1 *]
@annually #Runs once a year [0 0 1 1 *]
@monthly #Runs once a month [0 0 1 * *]
@weekly #Runs once a week [0 0 * * 0]
@daily #Runs once a day [0 0 * * *]
@midnight #Runs once a day [0 0 * * *]
@hourly #Runs once an hour [0 * * * *]

You can use multiple commands for the same crontab:

@daily &&


Specifying a crontab file to use

# crontab -u

Example:
# crontab -u tux ~/crontab

-would set Tux's crontab file to that of the file named "crontab" residing in Tux's home directory.

To remove a crontab file for current user:
# crontab -r

Monday, January 10, 2011

Command Line Wi-Fi for Fedora

[rajat@localhost ~]$ uname -a
Linux localhost.localdomain 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux


[root@localhost rajat]# iwlist eth1 scan
eth1      Scan completed :
          Cell 01 - Address: 00:90:4C:91:00:01
                    ESSID:"DevEnablers"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality:1/5  Signal level:-82 dBm  Noise level:-93 dBm
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
what is available in your area.

#iwconfig eth1 essid network-essid

ESSID your route name
NETWORK-ESSID An SSID is a 32-character alphanumeric key uniquely identifying a wireless LAN.

#iwconfig eth1 freq 2.422G
#iwconfig eth1 channel 6


Frequency:2.437 GHz (Channel 6)

iwlist eth1 frequency
eth1      13 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Current Channel:6

[root@localhost rajat]# iwlist eth1 bitrate
eth1      12 available bit-rates :
      1 Mb/s
      2 Mb/s
      5.5 Mb/s
      6 Mb/s
      9 Mb/s
      11 Mb/s
      12 Mb/s
      18 Mb/s
      24 Mb/s
      36 Mb/s
      48 Mb/s
      54 Mb/s
          Current Bit Rate=8 Mb/s

Set the maximum number of retries

#iwlist eth1 retry 8

Set maximum lifetime 300 millisecond

#iwconfig eth1 retry lifetime 300m

Set maximum fragment size

#iwconfig eth1 frag 512

Some cards may not apply these settings changes immediately.

#iwconfig eth1 commit

Monday, January 3, 2011

Command line BitTorrent client Fedora / RedHat /CentOS

BitTorrent is the name of a peer-to-peer (P2P) file distribution protocol, and of a free software implementation of that protocol.



[root@example ~]# python -V
Python 2.7

[root@example ~]# yum install bittorrent -y


[root@example ~]# rpm -qa |grep bittorrent
bittorrent-4.4.0-15.fc14.noarch


[root@example rajat]# bittorrent-curses CD704DCEEA6555A6DA95E8EB233E1956C825B8AE.torrent