Thursday, March 24, 2011

Inodes Linux /Unix


=> File type (executable, block special etc)
=> Permissions (read, write etc)
=> Owner
=> Group
=> File Size
=> File access, change and modification time (remember UNIX or Linux never stores file creation time, this is favorite question asked in UNIX/Linux sys admin job interview)
=> File deletion time
=> Number of links (soft/hard)
=> Extended attribute such as append only or no one can delete file including root user (immutability)
=> Access Control List (ACLs)
Each inode is identified by a unique inode number within the file system. Inode is also know as index number.

How do I see file inode number?

[root@rajat Desktop]# stat Amazon\ Web\ Services.pdf 
  File: `Amazon Web Services.pdf'
  Size: 1968423   Blocks: 3848       IO Block: 4096   regular file
Device: 803h/2051d Inode: 262327      Links: 1
Access: (0644/-rw-r--r--)  Uid: (  500/   rajat)   Gid: (  500/   rajat)
Access: 2011-03-25 10:22:30.192428487 +0530
Modify: 2010-06-01 00:34:44.000000000 +0530
Change: 2011-03-21 23:20:08.933990061 +0530

[root@rajat Desktop]#ls -i Amazon\ Web\ Services.pdf 
262327 Amazon Web Services.pdf 





Zombie Process Linux

A process can be sleeping in kernel code. Usually that's because of faulty hardware or a badly written driver- or maybe a little of both. A device that isn't set to the interrupt the driver thinks it is can cause this, for example- the driver is waiting for something its never going to get. The process doesn't ignore your signal- it just never gets it.
A zombie process doesn't react to signals because it's not really a process at all- it's just what's left over after it died. What's supposed to happen is that its parent process was to issue a "wait()" to collect the information about its exit. If the parent doesn't (programming error or just bad programming), you get a zombie. The zombie will go away if its parent dies- it will be "adopted" by init which will do the wait()- so if you see one hanging about, check its parent; if it is init, it will be gone soon, if not the only recourse is to kill the parent..which you may or may not want to do.
* Finally, a process that is being traced (by a debugger, for example) won't react to the KILL either.

We can find out zombie process by :-
Use top or ps command:

# top
OR
# ps aux | awk '{ print $8 " " $2 }' | grep -w Z

#ps -el | grep Z

How do I kill zombie process?
You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.

You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104:
# kill -9 4104
*Please note that kill -9 does not guarantee to kill a zombie process

How do I automate zombie process killing?
Write a script and schedule as a cron job.

 `ps jauxww | grep Z | grep -v PID | awk ‘{print $3}’`; do for every in `ps auxw | grep $each | grep cron | awk ‘{print $2}’`; do kill -9 $every; done; done

Wednesday, March 23, 2011

Firefox 4 for fedora 14


#vi /etc/yum.repos.d/firefox.repo

# Place this file in your /etc/yum.repos.d/ directory

[fedora-firefox4]
name=Firefox 4 Web Browser
baseurl=http://repos.fedorapeople.org/repos/spot/firefox4/fedora-$releasever/$basearch/
enabled=1
gpgcheck=0

[root@rajat yum.repos.d]# yum install firefox4
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
fedora-firefox4                                          | 3.0 kB     00:00     
fedora-firefox4/primary_db                               |  15 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package firefox4.i686 0:4.0-2.fc14 set to be installed
--> Processing Dependency: gecko-libs(x86-32) = 2.0-1 for package: firefox4-4.0-2.fc14.i686
--> Processing Dependency: libmozalloc.so for package: firefox4-4.0-2.fc14.i686
--> Running transaction check
---> Package xulrunner2.i686 0:2.0-1.fc14 set to be installed
--> Processing Dependency: sqlite >= 3.7.4 for package: xulrunner2-2.0-1.fc14.i686
--> Running transaction check
---> Package sqlite.i686 0:3.7.4-1.fc14 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch        Version             Repository              Size
================================================================================
Installing:
 firefox4          i686        4.0-2.fc14          fedora-firefox4         17 M
Installing for dependencies:
 xulrunner2        i686        2.0-1.fc14          fedora-firefox4        8.7 M
Updating for dependencies:
 sqlite            i686        3.7.4-1.fc14        fedora-firefox4        329 k

Transaction Summary
================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 26 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
fedora-firefox4/prestodelta                              | 8.9 kB     00:00     
Processing delta metadata
Package(s) data still to download: 26 M
(1/3): firefox4-4.0-2.fc14.i686.rpm                      |  17 MB     18:54     
(2/3): sqlite-3.7.4-1.fc14.i686.rpm                      | 329 kB     00:18     
(3/3): xulrunner2-2.0-1.fc14.i686.rpm                    | 8.7 MB     08:43     
--------------------------------------------------------------------------------
Total                                            16 kB/s |  26 MB     28:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : sqlite-3.7.4-1.fc14.i686                                 1/4 
  Installing     : xulrunner2-2.0-1.fc14.i686                               2/4 
  Installing     : firefox4-4.0-2.fc14.i686                                 3/4 
  Cleanup        : sqlite-3.6.23.1-1.fc14.i686                              4/4 

Installed:
  firefox4.i686 0:4.0-2.fc14                                                    

Dependency Installed:
  xulrunner2.i686 0:2.0-1.fc14                                                  

Dependency Updated:
  sqlite.i686 0:3.7.4-1.fc14                                                    

Complete!
[root@rajat yum.repos.d]# 

Application-->Internet-->Firefox4



:)

Wednesday, March 16, 2011

Enable Quota on RHEL/CentOS

Quota is used for limiting the disk usage for users or groups.

###To verify that the quota is enabled in the kernel###
#grep CONFIG_QUOTA /boot/config-`uname -r`
CONFIG_QUOTA=y
CONFIG_QUOTA_NETLINK_INTERFACE=y
# CONFIG_QUOTA_DEBUG is not set
CONFIG_QUOTA_TREE=y
CONFIG_QUOTACTL=y
[root@rajat rajat]#

Create user :
#useradd rajat
#passwd latar


Edit /etc/fstab :
From :
/dev/sda5 /home ext3 defaults 1 2
To :
/dev/sda5 /home ext3 defaults,usrquota,grpquota 1 2


Remount the disk (make sure it’s not in use) :
#mount -o remount /home

Check if usrquota and grpquota are enabled :
#mount | grep /home

Create quota files :
#quotacheck -cvug /home

This creates /home/aquota.user and /home/aquota.group

Check quota :
#quotacheck -avug

Enable quota for user1 :

#edquota user1
Edit soft and hard limits (1000 = 1 MB) or inode values.

Check the quota for user1 :
#quota user1

Enable quota :
#quotaon -avug

In addition :

Through a cron, run everynight when the filesystem is not used :
#quotaoff -avug && quotacheck -avug && quotaon --avug

Get quota stats :
#repquota -a

Wednesday, March 9, 2011

Install your own Video chat room CentOS AMIs

wget http://download.camfrog.com/get.php?type=fasl

[root@rajat ]# yum localinstall camfrogserver-5.0-4.noarch.rpm --nogpgcheck
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
Setting up Local Package Process
Examining camfrogserver-5.0-4.noarch.
rpm: camfrogserver-5.0-4.noarch
Marking camfrogserver-5.0-4.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package camfrogserver.noarch 0:5.0-4 set to be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch       Version     Repository                       Size
================================================================================
Installing:
 camfrogserver     noarch     5.0-4       /camfrogserver-5.0-4.noarch     3.8 M

Transaction Summary
================================================================================
Install       1 Package(s)

Total size: 3.8 M
Installed size: 3.8 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : camfrogserver-5.0-4.noarch                               1/1
Certificate generated successfully, cert file name: /etc/camfrogserver.d/cert.pem, configuration file /etc/camfrogserver.d/cf_server.conf updated

***

Thank you for installing Camfrog Advanced Server for Linux.

Before you start Camfrog Server for the first time you must agree to the Camfrog Terms Of Service (TOS) and EULA at /etc/camfrogserver.d/CamfrogTOS.txt.
The TOS may be updated.  Please visit http://www.camfrog.com/terms.phtml for the most current TOS.
If you disagree with the Camfrog EULA or Terms of Service do not start Camfrog Server and uninstall it immediately.

***

The default config file is located in /etc/camfrogserver.d/cf_server.conf.sample

For the /etc/rc.d/init.d/camfrogserver startup script configuration settings please check /etc/sysconfig/camfrogserver.

Use the "service camfrogserver start" command to start server.


Installed:
  camfrogserver.noarch 0:5.0-4                                                 

Complete!
[root@rajat ]# cd /etc/camfrogserver.d
#cp cf_server.conf.sample cf_server.conf
#vi cf_server.conf
SSL_certificate_param=SiChE8xIyj3coZIATfXvf
# Enable remote access protocol. You can control your server using Windows-base$
remote_control_enabled=on
# Username/password for remote console access (full server management)
remote_control_login=rajat
remote_control_password=rajat

Port to open at AWS Management Console
6000:6010 tcp
5000:15000 udp
6005 udp
5999 tcp

[root@rajat camfrogserver.d]# service camfrogserver restart
Shutting down Camfrog server:                              [  OK  ]
Starting up Camfrog server daemon:                         [  OK  ]
[root@rajat camfrogserver.d]#

Now download Camfrog Advanced Server to your PC, and  Install it

Open Camfrog Advanced Server > Server Options > Change Server :)



Wednesday, February 16, 2011

Swap file in RedHat /CentOS /Fedora

$ dd if=/dev/zero of=/swapfile0 bs=1024 count=524288

Setup the swap area on the file you created.

$ mkswap /swapfile0

Enable the file for swapping

$ swapon /swapfile0

Permanently enable the swap file on boot.
Add the following lines to /etc/fstab.

/swapfile0 swap swap defaults 0 0
          

Check that the swap file is working the the free command. Also,
reboot too to make sure the swap file works on restart and that
/etc/fstab was correctly configured.

Disable SSH root login


Here is the step by step procedure to disable/deny direct root login via SSH

1. Login to the server as Root
2. Edit /etc/ssh/sshd_config

    Look for the line,

  PermitRootLogin=Yes
 
and then change the value of it to,

  PermitRootLogin=No 

3. Restart the sshd service and make sure its turned on
    service sshd restart        or     /etc/init.d/sshd restart
   
    service sshd status

Recover Bad Superblock in RedHat / CentOS /Fedora Filesystem


If  you get a ¨Damaged Superblock¨ error message at filesystem (fsck) check in Linux Server, Usually fsck will not be able to repair the file system due to bad super block. In these situations, we can recover the damaged super block from the backup. 

Solution:


There are backups of the Superblock located on several positions and we can restore them with a simple command in a Linux server


By default in Linux, the file system creates the backup of  super block in the following locations:

193, 3276, 9804, 16840, 22976 and 29912.


Note: 193 is only on older systems  in many cases. 3276 is the most current position for the first backup

When you get this "damaged superblock or bad superblock error" and if  you get a root-prompt in a recovery console, then issue the following command:

# e2fsck -b 3276 /dev/sda5

Now the System will check the filesystem with the information stored in that backup superblock and if the check was successful it will restore the backup to position 0.

If this is not successful, then try using the other copy of Superblock backup (Refer the backup location of superblock above)


Monday, February 7, 2011

How to make a secure tunnel connection to a Cent OS from a MAC client through ssh

Let's say that you are on a coffe in down-town where you have wi-fi and your laptop with you, and you want to browse secure. You should know that a wireless connection is always unsecure, because anybody can sniff your packets and find out what you're doing on your laptop.

The Cent OS that we are going to use, has a ssh server up and running and connected to internet. So the tunneling that we are going to make can route any applications that supports SOCKS5 proxy.

So let's connect to our ssh server by using terminal:



Now we can setup any applications that supports SOCKS5 proxy to use this secure ssh tunneling.

Example:

Setting up Firefox browser to use our SOCKS5 proxy connection.

We open up firefox and go to preferences: Firefox->preferences, which is different by your version of Firefox. We go to Advanced tab and then Network and we click Settings.



We click manual proxy configuration like in this image, then onsocks input we enter localhost and on the port input we enter 10000 that we used to setup our SOCKS5 proxy tunneling. Then we click OK.


We can check now that we are using ssh tunneling by running a website that shows our ip adress, likehttp://www.ip-adress.com and we should see the Cent OS ip adress.

Monday, January 24, 2011

IPTABLES on CentOS / Fedora / RedHat

Since kernel version 2.4, there is a built in system for package filtering known as Netfilter. To use Netfilter, during kernel compiling CONFIG_NETFILTER must be included. Also ip_forward must be enabled:
echo 1 > /proc/sys/net/ipv4/ip_forward
Package filtering works on Internet layer of TCP/IP protocol. Filtering rules can be defined based on a transport layer header(port number) and connection layer (source IP address). During filtering, package content is not being checked.
Netfilter filtering chains work in kernel mode. In user mode works special tool called – iptables, which requires root user privilegies and it's used to configure:
- filter chains,
- NAT tables,
- mangle tables.
Netfilter uses three filters, INPUT, OUTPUT, FORWARD, realised in form of chains. Each chain contains a set of rules that filters packages. If some package sattisfies a rule, an action gets to be applied, like accepting or rejecting package.
Iptables commands:
-A (Add rule to the end of chain).
-D (Delete rule from chain).
-R (Replace rule in chain).
-I (Add numeric rule in chain).
-L (List rules).
-F (Delete all rules from chain).
Deleting the chains:
# iptables -F INPUT
# iptables -F OUTPUT
# iptables -F FORWARD
Here are some basic examples of iptables usage.
1. Blocking IP with iptables:
# iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
# iptables -A OUTPUT -d xxx.xxx.xxx.xxx -j DROP
* instead xxx.xxx.xxx.xxx www.abc.com can be added.
2. Opening ports:
First thing you need to do is check if ports are already opened. It's done using nmap, free program, and it's distributed in most distros.
# nmap -sT xxx.xxx.xxx.xxx
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap run completed -- 1 IP address scanned in 0.941 seconds.
As we see, on this list port 25 is not opened. Let's open port 25 for SMTP traffic.
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
3. Enabling other hosts to ping:
# iptables -A INPUT -p icmp -s xxx.xxx.xxx.xxx/xx –icmp-type echo-request -j ACCEPT
# iptables -A INPUT -p icmp -d xxx.xxx.xxx.xxx/xx –icmp-type echo-reply -j ACCEPT
4. Restricting access by time of the day:
# iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d xxx.xxx.xxx.xxx --dport 22 -m state
--state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 18:00
--days Mon,Tue,Wed,Thu,Fri -j ACCEPT  

5. Keeping logs about rejected packages:

# iptables -A OUTPUT -j LOG
# iptables -A OUTPUT -j DROP
# iptables -A INPUT -j LOG
# iptables -A INPUT -j DROP
# iptables -A FORWARD -j LOG
# iptables -A FORWARD -j DROP

Tuesday, January 11, 2011

Crontab for Fedora / RedHat / CentOS / Ubuntu

Crontab can run scripts at regular intervals and perform various tasks. Those intervals can be from 1 minute to 1 year, repeatedly.

To list current crontabs:

# crontab -l


You can create a crontab file by entering the following terminal command:

 # crontab -e


A crontab file has six fields for specifying minute, hour, day of month, month, day of week and the command to be run at that interval:

#################################################################
#minute (0-59),                                                 #
#|      hour (0-23),                                            #
#|      |       day of the month (1-31),                        #
#|      |       |       month of the year (1-12),               #
#|      |       |       |       day of the week (0-6 with 0=Sun)#
#|      |       |       |       |       commands                #
#################################################################


Some examples:

* * * * * #Runs every minute
*/5 * * * * #Runs at every 5 minutes
30 * * * * #Runs at 30 minutes past the hour
45 6 * * * #Runs at 6:45 am every day
45 18 * * * #Runs at 6:45 pm every day
00 1 * * 0 #Runs at 1:00 am every Sunday
00 1 * * 7 #Runs at 1:00 am every Sunday
00 1 * * Sun #Runs at 1:00 am every Sunday
30 8 1 * * #Runs at 8:30 am on the first day of every month
00 0-23/2 02 07 * #Runs every other hour on the 2nd of July

You can also use some special strings:

@reboot #Runs at boot
@yearly #Runs once a year [0 0 1 1 *]
@annually #Runs once a year [0 0 1 1 *]
@monthly #Runs once a month [0 0 1 * *]
@weekly #Runs once a week [0 0 * * 0]
@daily #Runs once a day [0 0 * * *]
@midnight #Runs once a day [0 0 * * *]
@hourly #Runs once an hour [0 * * * *]

You can use multiple commands for the same crontab:

@daily &&


Specifying a crontab file to use

# crontab -u

Example:
# crontab -u tux ~/crontab

-would set Tux's crontab file to that of the file named "crontab" residing in Tux's home directory.

To remove a crontab file for current user:
# crontab -r

Monday, January 10, 2011

Command Line Wi-Fi for Fedora

[rajat@localhost ~]$ uname -a
Linux localhost.localdomain 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux


[root@localhost rajat]# iwlist eth1 scan
eth1      Scan completed :
          Cell 01 - Address: 00:90:4C:91:00:01
                    ESSID:"DevEnablers"
                    Mode:Managed
                    Frequency:2.437 GHz (Channel 6)
                    Quality:1/5  Signal level:-82 dBm  Noise level:-93 dBm
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
what is available in your area.

#iwconfig eth1 essid network-essid

ESSID your route name
NETWORK-ESSID An SSID is a 32-character alphanumeric key uniquely identifying a wireless LAN.

#iwconfig eth1 freq 2.422G
#iwconfig eth1 channel 6


Frequency:2.437 GHz (Channel 6)

iwlist eth1 frequency
eth1      13 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Current Channel:6

[root@localhost rajat]# iwlist eth1 bitrate
eth1      12 available bit-rates :
      1 Mb/s
      2 Mb/s
      5.5 Mb/s
      6 Mb/s
      9 Mb/s
      11 Mb/s
      12 Mb/s
      18 Mb/s
      24 Mb/s
      36 Mb/s
      48 Mb/s
      54 Mb/s
          Current Bit Rate=8 Mb/s

Set the maximum number of retries

#iwlist eth1 retry 8

Set maximum lifetime 300 millisecond

#iwconfig eth1 retry lifetime 300m

Set maximum fragment size

#iwconfig eth1 frag 512

Some cards may not apply these settings changes immediately.

#iwconfig eth1 commit

Monday, January 3, 2011

Command line BitTorrent client Fedora / RedHat /CentOS

BitTorrent is the name of a peer-to-peer (P2P) file distribution protocol, and of a free software implementation of that protocol.



[root@example ~]# python -V
Python 2.7

[root@example ~]# yum install bittorrent -y


[root@example ~]# rpm -qa |grep bittorrent
bittorrent-4.4.0-15.fc14.noarch


[root@example rajat]# bittorrent-curses CD704DCEEA6555A6DA95E8EB233E1956C825B8AE.torrent