| Command | Description | |
| • | apropos whatis | Show commands pertinent to string. See also threadsafe |
| • | man -t man | ps2pdf - > man.pdf | make a pdf of a manual page |
| which command | Show full path name of command | |
| time command | See how long a command takes | |
| • | time cat | Start stopwatch. Ctrl-d to stop. See also sw |
| dir navigation | ||
| • | cd - | Go to previous directory |
| • | cd | Go to $HOME directory |
| (cd dir && command) | Go to dir, execute command and return to current dir | |
| • | pushd . | Put current dir on stack so you can popd back to it |
| file searching | ||
| • | alias l='ls -l --color=auto' | quick dir listing |
| • | ls -lrt | List files by date. See also newest and find_mm_yyyy |
| • | ls /usr/bin | pr -T9 -W$COLUMNS | Print in 9 columns to width of terminal |
| find -name '*.[ch]' | xargs grep -E 'expr' | Search 'expr' in this dir and below. See also findrepo | |
| find -type f -print0 | xargs -r0 grep -F 'example' | Search all regular files for 'example' in this dir and below | |
| find -maxdepth 1 -type f | xargs grep -F 'example' | Search all regular files for 'example' in this dir | |
| find -maxdepth 1 -type d | while read dir; do echo $dir; echo cmd2; done | Process each item with multiple commands (in while loop) | |
| • | find -type f ! -perm -444 | Find files not readable by all (useful for web site) |
| • | find -type d ! -perm -111 | Find dirs not accessible by all (useful for web site) |
| • | locate -r 'file[^/]*\.txt' | Search cached index for names. This re is like glob *file*.txt |
| • | look reference | Quickly search (sorted) dictionary for prefix |
| • | grep --color reference /usr/share/dict/words | Highlight occurances of regular expression in dictionary |
| archives and compression | ||
| gpg -c file | Encrypt file | |
| gpg file.gpg | Decrypt file | |
| tar -c dir/ | bzip2 > dir.tar.bz2 | Make compressed archive of dir/ | |
| bzip2 -dc dir.tar.bz2 | tar -x | Extract archive (use gzip instead of bzip2 for tar.gz files) | |
| tar -c dir/ | gzip | gpg -c | ssh user@remote 'dd of=dir.tar.gz.gpg' | Make encrypted archive of dir/ on remote machine | |
| find dir/ -name '*.txt' | tar -c --files-from=- | bzip2 > dir_txt.tar.bz2 | Make archive of subset of dir/ and below | |
| find dir/ -name '*.txt' | xargs cp -a --target-directory=dir_txt/ --parents | Make copy of subset of dir/ and below | |
| ( tar -c /dir/to/copy ) | ( cd /where/to/ && tar -x -p ) | Copy (with permissions) copy/ dir to /where/to/ dir | |
| ( cd /dir/to/copy && tar -c . ) | ( cd /where/to/ && tar -x -p ) | Copy (with permissions) contents of copy/ dir to /where/to/ | |
| ( tar -c /dir/to/copy ) | ssh -C user@remote 'cd /where/to/ && tar -x -p' | Copy (with permissions) copy/ dir to remote:/where/to/ dir | |
| dd bs=1M if=/dev/sda | gzip | ssh user@remote 'dd of=sda.gz' | Backup harddisk to remote machine | |
| rsync (Network efficient file copier: Use the --dry-run option for testing) | ||
| rsync -P rsync://rsync.server.com/path/to/file file | Only get diffs. Do multiple times for troublesome downloads | |
| rsync --bwlimit=1000 fromfile tofile | Locally copy with rate limit. It's like nice for I/O | |
| rsync -az -e ssh --delete ~/public_html/ remote.com:'~/public_html' | Mirror web site (using compression and encryption) | |
| rsync -auz -e ssh remote:/dir/ . && rsync -auz -e ssh . remote:/dir/ | Synchronize current directory with remote one | |
| ssh (Secure SHell) | ||
| ssh $USER@$HOST command | Run command on $HOST as $USER (default command=shell) | |
| • | ssh -f -Y $USER@$HOSTNAME xeyes | Run GUI command on $HOSTNAME as $USER |
| scp -p -r $USER@$HOST: file dir/ | Copy with permissions to $USER's home directory on $HOST | |
| ssh -g -L 8080:localhost:80 root@$HOST | Forward connections to $HOSTNAME:8080 out to $HOST:80 | |
| ssh -R 1434:imap:143 root@$HOST | Forward connections from $HOST:1434 in to imap:143 | |
| ssh-copy-id $USER@$HOST | Install $USER's public key on $HOST for password-less log in | |
| wget (multi purpose download tool) | ||
| • | (cd dir/ && wget -nd -pHEKk http://www.pixelbeat.org/cmdline.html) | Store local browsable version of a page to the current dir |
| wget -c http://www.example.com/large.file | Continue downloading a partially downloaded file | |
| wget -r -nd -np -l1 -A '*.jpg' http://www.example.com/dir/ | Download a set of files to the current directory | |
| wget ftp://remote/file[1-9].iso/ | FTP supports globbing directly | |
| • | wget -q -O- http://www.pixelbeat.org/timeline.html | grep 'a href' | head | Process output directly |
| echo 'wget url' | at 01:00 | Download url at 1AM to current dir | |
| wget --limit-rate=20k url | Do a low priority download (limit to 20KB/s in this case) | |
| wget -nv --spider --force-html -i bookmarks.html | Check links in a file | |
| wget --mirror http://www.example.com/ | Efficiently update a local copy of a site (handy from cron) | |
| networking (Note ifconfig, route, mii-tool, nslookup commands are obsolete) | ||
| ethtool eth0 | Show status of ethernet interface eth0 | |
| ethtool --change eth0 autoneg off speed 100 duplex full | Manually set ethernet interface speed | |
| iwconfig eth1 | Show status of wireless interface eth1 | |
| iwconfig eth1 rate 1Mb/s fixed | Manually set wireless interface speed | |
| • | iwlist scan | List wireless networks in range |
| • | ip link show | List network interfaces |
| ip link set dev eth0 name wan | Rename interface eth0 to wan | |
| ip link set dev eth0 up | Bring interface eth0 up (or down) | |
| • | ip addr show | List addresses for interfaces |
| ip addr add 1.2.3.4/24 brd + dev eth0 | Add (or del) ip and mask (255.255.255.0) | |
| • | ip route show | List routing table |
| ip route add default via 1.2.3.254 | Set default gateway to 1.2.3.254 | |
| • | host pixelbeat.org | Lookup DNS ip address for name or vice versa |
| • | hostname -i | Lookup local ip address (equivalent to host `hostname`) |
| • | whois pixelbeat.org | Lookup whois info for hostname or ip address |
| • | netstat -tupl | List internet services on a system |
| • | netstat -tup | List active connections to/from system |
| windows networking (Note samba is the package that provides all this windows specific networking support) | ||
| • | smbtree | Find windows machines. See also findsmb |
| nmblookup -A 1.2.3.4 | Find the windows (netbios) name associated with ip address | |
| smbclient -L windows_box | List shares on windows machine or samba server | |
| mount -t smbfs -o fmask=666,guest //windows_box/share /mnt/share | Mount a windows share | |
| echo 'message' | smbclient -M windows_box | Send popup to windows machine (off by default in XP sp2) | |
| text manipulation (Note sed uses stdin and stdout. Newer versions support inplace editing with the -i option) | ||
| sed 's/string1/string2/g' | Replace string1 with string2 | |
| sed 's/\(.*\)1/\12/g' | Modify anystring1 to anystring2 | |
| sed '/ *#/d; /^ *$/d' | Remove comments and blank lines | |
| sed ':a; /\\$/N; s/\\\n//; ta' | Concatenate lines with trailing \ | |
| sed 's/[ \t]*$//' | Remove trailing spaces from lines | |
| sed 's/\([`"$\]\)/\\\1/g' | Escape shell metacharacters active within double quotes | |
| • | seq 10 | sed "s/^/ /; s/ *\(.\{7,\}\)/\1/" | Right align numbers |
| sed -n '1000{p;q}' | Print 1000th line | |
| sed -n '10,20p;20q' | Print lines 10 to 20 | |
| sed -n 's/.*<title>\(.*\)<\/title>.*/\1/ip;T;q' | Extract title from HTML web page | |
| sed -i 42d ~/.ssh/known_hosts | Delete a particular line | |
| sort -t. -k1,1n -k2,2n -k3,3n -k4,4n | Sort IPV4 ip addresses | |
| • | echo 'Test' | tr '[:lower:]' '[:upper:]' | Case conversion |
| • | tr -dc '[:print:]' < /dev/urandom | Filter non printable characters |
| • | tr -s '[:blank:]' '\t' </proc/diskstats | cut -f4 | cut fields separated by blanks |
| • | history | wc -l | Count lines |
| set operations (Note you can export LANG=C for speed. Also these assume no duplicate lines within a file) | ||
| sort file1 file2 | uniq | Union of unsorted files | |
| sort file1 file2 | uniq -d | Intersection of unsorted files | |
| sort file1 file1 file2 | uniq -u | Difference of unsorted files | |
| sort file1 file2 | uniq -u | Symmetric Difference of unsorted files | |
| join -t'\0' -a1 -a2 file1 file2 | Union of sorted files | |
| join -t'\0' file1 file2 | Intersection of sorted files | |
| join -t'\0' -v2 file1 file2 | Difference of sorted files | |
| join -t'\0' -v1 -v2 file1 file2 | Symmetric Difference of sorted files | |
| math | ||
| • | echo '(1 + sqrt(5))/2' | bc -l | Quick math (Calculate φ). See also bc |
| • | echo 'pad=20; min=64; (100*10^6)/((pad+min)*8)' | bc | More complex (int) e.g. This shows max FastE packet rate |
| • | echo 'pad=20; min=64; print (100E6)/((pad+min)*8)' | python | Python handles scientific notation |
| • | echo 'pad=20; plot [64:1518] (100*10**6)/((pad+x)*8)' | gnuplot -persist | Plot FastE packet rate vs packet size |
| • | echo 'obase=16; ibase=10; 64206' | bc | Base conversion (decimal to hexadecimal) |
| • | echo $((0x2dec)) | Base conversion (hex to dec) ((shell arithmetic expansion)) |
| • | units -t '100m/9.58s' 'miles/hour' | Unit conversion (metric to imperial) |
| • | units -t '500GB' 'GiB' | Unit conversion (SI to IEC prefixes) |
| • | units -t '1 googol' | Definition lookup |
| • | seq 100 | (tr '\n' +; echo 0) | bc | Add a column of numbers. See also add and funcpy |
| calendar | ||
| • | cal -3 | Display a calendar |
| • | cal 9 1752 | Display a calendar for a particular month year |
| • | date -d fri | What date is it this friday. See also day |
| • | [ $(date -d "tomorrow" +%d) = "01" ] || exit | exit a script unless it's the last day of the month |
| • | date --date='25 Dec' +%A | What day does xmas fall on, this year |
| • | date --date='@2147483647' | Convert seconds since the epoch (1970-01-01 UTC) to date |
| • | TZ='America/Los_Angeles' date | What time is it on west coast of US (use tzselect to find TZ) |
| • | date --date='TZ="America/Los_Angeles" 09:00 next Fri' | What's the local time for 9AM next Friday on west coast US |
| locales | ||
| • | printf "%'d\n" 1234 | Print number with thousands grouping appropriate to locale |
| • | BLOCK_SIZE=\'1 ls -l | Use locale thousands grouping in ls. See also l |
| • | echo "I live in `locale territory`" | Extract info from locale database |
| • | LANG=en_IE.utf8 locale int_prefix | Lookup locale info for specific country. See also ccodes |
| • | locale | cut -d= -f1 | xargs locale -kc | less | List fields available in locale database |
| recode (Obsoletes iconv, dos2unix, unix2dos) | ||
| • | recode -l | less | Show available conversions (aliases on each line) |
| recode windows-1252.. file_to_change.txt | Windows "ansi" to local charset (auto does CRLF conversion) | |
| recode utf-8/CRLF.. file_to_change.txt | Windows utf8 to local charset | |
| recode iso-8859-15..utf8 file_to_change.txt | Latin9 (western europe) to utf8 | |
| recode ../b64 < file.txt > file.b64 | Base64 encode | |
| recode /qp.. < file.qp > file.txt | Quoted printable decode | |
| recode ..HTML < file.txt > file.html | Text to HTML | |
| • | recode -lf windows-1252 | grep euro | Lookup table of characters |
| • | echo -n 0x80 | recode latin-9/x1..dump | Show what a code represents in latin-9 charmap |
| • | echo -n 0x20AC | recode ucs-2/x2..latin-9/x | Show latin-9 encoding |
| • | echo -n 0x20AC | recode ucs-2/x2..utf-8/x | Show utf-8 encoding |
| CDs | ||
| gzip < /dev/cdrom > cdrom.iso.gz | Save copy of data cdrom | |
| mkisofs -V LABEL -r dir | gzip > cdrom.iso.gz | Create cdrom image from contents of dir | |
| mount -o loop cdrom.iso /mnt/dir | Mount the cdrom image at /mnt/dir (read only) | |
| cdrecord -v dev=/dev/cdrom blank=fast | Clear a CDRW | |
| gzip -dc cdrom.iso.gz | cdrecord -v dev=/dev/cdrom - | Burn cdrom image (use dev=ATAPI -scanbus to confirm dev) | |
| cdparanoia -B | Rip audio tracks from CD to wav files in current dir | |
| cdrecord -v dev=/dev/cdrom -audio -pad *.wav | Make audio CD from all wavs in current dir (see also cdrdao) | |
| oggenc --tracknum='track' track.cdda.wav -o 'track.ogg' | Make ogg file from wav file | |
| disk space (See also FSlint) | ||
| • | ls -lSr | Show files by size, biggest last |
| • | du -s * | sort -k1,1rn | head | Show top disk users in current dir. See also dutop |
| • | du -hs /home/* | sort -k1,1h | Sort paths by easy to interpret disk usage |
| • | df -h | Show free space on mounted filesystems |
| • | df -i | Show free inodes on mounted filesystems |
| • | fdisk -l | Show disks partitions sizes and types (run as root) |
| • | rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n | List all packages by installed size (Bytes) on rpm distros |
| • | dpkg-query -W -f='${Installed-Size;10}\t${Package}\n' | sort -k1,1n | List all packages by installed size (KBytes) on deb distros |
| • | dd bs=1 seek=2TB if=/dev/null of=ext3.test | Create a large test file (taking no space). See also truncate |
| • | > file | truncate data of file or create an empty file |
| monitoring/debugging | ||
| • | tail -f /var/log/messages | Monitor messages in a log file |
| • | strace -c ls >/dev/null | Summarise/profile system calls made by command |
| • | strace -f -e open ls >/dev/null | List system calls made by command |
| • | strace -f -e trace=write -e write=1,2 ls >/dev/null | Monitor what's written to stdout and stderr |
| • | ltrace -f -e getenv ls >/dev/null | List library calls made by command |
| • | lsof -p $$ | List paths that process id has open |
| • | lsof ~ | List processes that have specified path open |
| • | tcpdump not port 22 | Show network traffic except ssh. See also tcpdump_not_me |
| • | ps -e -o pid,args --forest | List processes in a hierarchy |
| • | ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d' | List processes by % cpu usage |
| • | ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS | List processes by mem (KB) usage. See also ps_mem.py |
| • | ps -C firefox-bin -L -o pid,tid,pcpu,state | List all threads for a particular process |
| • | ps -p 1,$$ -o etime= | List elapsed wall time for particular process IDs |
| • | last reboot | Show system reboot history |
| • | free -m | Show amount of (remaining) RAM (-m displays in MB) |
| • | watch -n.1 'cat /proc/interrupts' | Watch changeable data continuously |
| • | udevadm monitor | Monitor udev events to help configure rules |
| system information (see also sysinfo) ('#' means root access is required) | ||
| • | uname -a | Show kernel version and system architecture |
| • | head -n1 /etc/issue | Show name and version of distribution |
| • | cat /proc/partitions | Show all partitions registered on the system |
| • | grep MemTotal /proc/meminfo | Show RAM total seen by the system |
| • | grep "model name" /proc/cpuinfo | Show CPU(s) info |
| • | lspci -tv | Show PCI info |
| • | lsusb -tv | Show USB info |
| • | mount | column -t | List mounted filesystems on the system (and align output) |
| • | grep -F capacity: /proc/acpi/battery/BAT0/info | Show state of cells in laptop battery |
| # | dmidecode -q | less | Display SMBIOS/DMI information |
| # | smartctl -A /dev/sda | grep Power_On_Hours | How long has this disk (system) been powered on in total |
| # | hdparm -i /dev/sda | Show info about disk sda |
| # | hdparm -tT /dev/sda | Do a read speed test on disk sda |
| # | badblocks -s /dev/sda | Test for unreadable blocks on disk sda |
| interactive (see also linux keyboard shortcuts) | ||
| • | readline | Line editor used by bash, python, bc, gnuplot, ... |
| • | screen | Virtual terminals with detach capability, ... |
| • | mc | Powerful file manager that can browse rpm, tar, ftp, ssh, ... |
| • | gnuplot | Interactive/scriptable graphing |
| • | links | Web browser |
| • | xdg-open . | open a file or url with the registered desktop application |
linux complex commands cheat sheet
vmware keys for windows
you can register here for new serial keys
http://register.vmware.com/content/registration.html
98WDM-YMZ8F-1DQA3-49N1T
98WDN-YYY0A-1F78Q-4CHH1
http://register.vmware.com/content/registration.html
98WDM-YMZ8F-1DQA3-49N1T
98WDN-YYY0A-1F78Q-4CHH1
Nagios Monitoring linux and windows host with snmp
Documention for nagios
###########################################################################
The following documentation assusmes that you ave already got a nagios server installed frm nagios.org .
###########################################################################
install the net snmp package on you nagios server ( if not already installed )
yum install net-snmp-devel
download the snnm plugin for nagios
cd /usr/local/src
http://nagios.manubulon.com/nagios-plugins-snmp-0.6.0.tgz
./configure --prefix=/usr/local/nagios
make
make install
############################################################################
the snmp.conf flile should look some thing like this the community string is public
snmpd.conf
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
## sec.name source community
## ======== ====== =========
com2sec local localhost public
com2sec network_1 211.85.43.0/24 public
#com2sec network_2 192.168.2.0/24 public
## Access.group.name sec.model sec.name
## ================= ========= ========
group MyROGroup_1 v1 local
group MyROGroup_1 v1 network_1
group MyROGroup_2 v2c network_2
## MIB.view.name incl/excl MIB.subtree mask
## ============== ========= =========== ====
view all-mibs included .1 80
#view all included .1 80
#view system included .iso.org.dod.internet.mgmt.mib-2.system
## MIB
## group.name context sec.model sec.level prefix read write notif
## ========== ======= ========= ========= ====== ==== ===== =====
access MyROGroup_1 "" v1 noauth exact all-mibs none none
access MyROGroup_2 "" v2c noauth exact all-mibs none none
The Following is the command will help you to find ou the OID of the host that you going to query in the future !!
snmpwalk ip_address -v1 -c public > /tmp/temfile.txt
Following is the command to check process running on Linux host.
1) this will chk if the etho link is up or not
./check_snmp_int -H linuxhost -C public -n eth0 -r
2) to check uptime fo the machine
./check_snmp -H linuxhost -C public -o sysUpTimeInstance
3) to check CPU load ( 5 min )
./check_snmp -H linuxhost -C notification -o hrProcessorLoad.1 -w 80 -c 90
4.) to check disk space ( / , /home, /usr, ) do also ( snmpwalk linuxhost -v1 -c public hrStorageDescr ) to find out the partition list
./check_snmp_storage -H linuxhost -C notification -m /home -w 80% -c 90%
5) to check smtp
./check_smtp -H linuxhost -C public -w 10 -c 20
6) to check pop
./check_pop -H linuxhost -C public -w 10 -c 20
7) to check imap
./check_imap -H linuxhost -C public -w 10 -c 20
Following is the command to check process running on windows host.
1) this will chk if the etho link is up or not
./check_snmp -H windowshost -C notification -o ifDescr.2
2) to check uptime fo the machine
/check_snmp -H windowshost -C notification -o sysUpTimeInstance
3) to check CPU load ( 5 min )
./check_snmp -H windowshost -C public -o 1.3.6.1.4.1.2021.10.1.3.2
4) to check is /home disk space
./check_snmp_storage -H windowshost -C public -m /home -w 80% -c 90%
5) Swap % used is less than 80% and 90%
./check_snmp_storage -H windowshost -C public -m Swap -w 80% -c 90%
6) to check smtp
./check_smtp -H windowshost -C public -w 10 -c 20
7) to check pop
./check_pop -H windowshost -C public -w 10 -c 20
8) to check imap
./check_imap -H windowshost -C public -w 10 -c 20
Now we need chk if the following is added in the command.cfg
# 'check_snmp' command definition
define command{
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o $ARG2$
}
# 'check_http' command definition
define command{
command_name check_http
command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
}
# 'check_http' command definition
define command{
command_name check_http_tmp
command_line $USER1$/check_http -H $ARG1$
}
# 'check_pop' command definition
define command{
command_name check_pop
command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
}
# 'check_imap' command definition
define command{
command_name check_imap
command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
}
# 'check_smtp' command definition
define command{
command_name check_smtp
command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
}
#'check_snmp_int' if link is up
define command{
command_name check_snmp_int
command_line $USER1$/check_snmp_int -H $HOSTADDRESS$ -C $ARG1$ -n $ARG2$ -r
}
#'check_snmp_storage' storage space
define command{
command_name check_snmp_storage
command_line $USER1$/check_snmp_storage -H $HOSTADDRESS$ -C $ARG1$ -m $ARG2$ -w 80% -c 90%
}
Need to add the followin in the windows.cfg ( for windows host only )
############################# Hosts ###########################################
define host{
use linux-server ; Inherit default values from a Windows server template (make sure you keep this line!)
host_name server74
alias server74.dns.org
address windows_ipaddress
}
##############################################################################
define service{
use generic-service
host_name server89
service_description CPU load
check_command check_snmp!notification!hrProcessorLoad.1! -w 80 -c 90
}
# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above
define service{
use generic-service
host_name server89
service_description Uptime
check_command check_snmp!notification!sysUpTimeInstance
}
define service{
use generic-service
host_name server89
service_description ethernet link test
check_command check_snmp!notification!ifDescr.2
}
define service{
use generic-service
host_name server89
service_description check disk c drive
check_command check_snmp_storage!notification!^C:
}
define service{
use generic-service
host_name server89
service_description httpd service
check_command check_http_tmp!compose.company.com!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description smtp service
check_command check_smtp!!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description pop service
check_command check_pop!!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description IMAP service
check_command check_imap!!-w 10 -c 20
}
Need to add the following in the the linux.cfg ( for linux host only )
############################# Hosts ###########################################
define host{
use linux-server ; Inherit default values from a Windows server template (make sure you keep this line!)
host_name server74
alias server74.dns.org
address linuxhost_ipaddress
}
##############################################################################
define service{
use generic-service
host_name server74
service_description CPU load
check_command check_snmp!public!.1.3.6.1.4.1.2021.10.1.3.2
}
# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above
define service{
use generic-service
host_name server74
service_description Uptime
check_command check_snmp!public!.1.3.6.1.2.1.1.3.0
}
define service{
use generic-service
host_name server74
service_description ethernet link test
check_command check_snmp_int!public!eth0
}
define service{
use generic-service
host_name server74
service_description check disk /home
check_command check_snmp_storage!public!home
}
define service{
use generic-service
host_name server74
service_description check disk /
check_command check_snmp_storage!public!/
}
define service{
use generic-service
host_name server74
service_description check disk /var
check_command check_snmp_storage!public!/var
}
define service{
use generic-service
host_name server74
service_description check disk /usr
check_command check_snmp_storage!public!/usr
}
define service{
use generic-service
host_name server74
service_description check disk /backup
check_command check_snmp_storage!public!/backup
}
define service{
use generic-service
host_name server74
service_description httpd service
check_command check_http!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description smtp service
check_command check_smtp!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description pop service
check_command check_pop!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description IMAP service
check_command check_imap!!-w 10 -c 20
}
The following documentation assusmes that you ave already got a nagios server installed frm nagios.org .
###########################################################################
install the net snmp package on you nagios server ( if not already installed )
yum install net-snmp-devel
download the snnm plugin for nagios
cd /usr/local/src
http://nagios.manubulon.com/nagios-plugins-snmp-0.6.0.tgz
./configure --prefix=/usr/local/nagios
make
make install
############################################################################
the snmp.conf flile should look some thing like this the community string is public
snmpd.conf
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
## sec.name source community
## ======== ====== =========
com2sec local localhost public
com2sec network_1 211.85.43.0/24 public
#com2sec network_2 192.168.2.0/24 public
## Access.group.name sec.model sec.name
## ================= ========= ========
group MyROGroup_1 v1 local
group MyROGroup_1 v1 network_1
group MyROGroup_2 v2c network_2
## MIB.view.name incl/excl MIB.subtree mask
## ============== ========= =========== ====
view all-mibs included .1 80
#view all included .1 80
#view system included .iso.org.dod.internet.mgmt.mib-2.system
## MIB
## group.name context sec.model sec.level prefix read write notif
## ========== ======= ========= ========= ====== ==== ===== =====
access MyROGroup_1 "" v1 noauth exact all-mibs none none
access MyROGroup_2 "" v2c noauth exact all-mibs none none
The Following is the command will help you to find ou the OID of the host that you going to query in the future !!
snmpwalk ip_address -v1 -c public > /tmp/temfile.txt
Following is the command to check process running on Linux host.
1) this will chk if the etho link is up or not
./check_snmp_int -H linuxhost -C public -n eth0 -r
2) to check uptime fo the machine
./check_snmp -H linuxhost -C public -o sysUpTimeInstance
3) to check CPU load ( 5 min )
./check_snmp -H linuxhost -C notification -o hrProcessorLoad.1 -w 80 -c 90
4.) to check disk space ( / , /home, /usr, ) do also ( snmpwalk linuxhost -v1 -c public hrStorageDescr ) to find out the partition list
./check_snmp_storage -H linuxhost -C notification -m /home -w 80% -c 90%
5) to check smtp
./check_smtp -H linuxhost -C public -w 10 -c 20
6) to check pop
./check_pop -H linuxhost -C public -w 10 -c 20
7) to check imap
./check_imap -H linuxhost -C public -w 10 -c 20
Following is the command to check process running on windows host.
1) this will chk if the etho link is up or not
./check_snmp -H windowshost -C notification -o ifDescr.2
2) to check uptime fo the machine
/check_snmp -H windowshost -C notification -o sysUpTimeInstance
3) to check CPU load ( 5 min )
./check_snmp -H windowshost -C public -o 1.3.6.1.4.1.2021.10.1.3.2
4) to check is /home disk space
./check_snmp_storage -H windowshost -C public -m /home -w 80% -c 90%
5) Swap % used is less than 80% and 90%
./check_snmp_storage -H windowshost -C public -m Swap -w 80% -c 90%
6) to check smtp
./check_smtp -H windowshost -C public -w 10 -c 20
7) to check pop
./check_pop -H windowshost -C public -w 10 -c 20
8) to check imap
./check_imap -H windowshost -C public -w 10 -c 20
Now we need chk if the following is added in the command.cfg
# 'check_snmp' command definition
define command{
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o $ARG2$
}
# 'check_http' command definition
define command{
command_name check_http
command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
}
# 'check_http' command definition
define command{
command_name check_http_tmp
command_line $USER1$/check_http -H $ARG1$
}
# 'check_pop' command definition
define command{
command_name check_pop
command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
}
# 'check_imap' command definition
define command{
command_name check_imap
command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
}
# 'check_smtp' command definition
define command{
command_name check_smtp
command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
}
#'check_snmp_int' if link is up
define command{
command_name check_snmp_int
command_line $USER1$/check_snmp_int -H $HOSTADDRESS$ -C $ARG1$ -n $ARG2$ -r
}
#'check_snmp_storage' storage space
define command{
command_name check_snmp_storage
command_line $USER1$/check_snmp_storage -H $HOSTADDRESS$ -C $ARG1$ -m $ARG2$ -w 80% -c 90%
}
Need to add the followin in the windows.cfg ( for windows host only )
############################# Hosts ###########################################
define host{
use linux-server ; Inherit default values from a Windows server template (make sure you keep this line!)
host_name server74
alias server74.dns.org
address windows_ipaddress
}
##############################################################################
define service{
use generic-service
host_name server89
service_description CPU load
check_command check_snmp!notification!hrProcessorLoad.1! -w 80 -c 90
}
# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above
define service{
use generic-service
host_name server89
service_description Uptime
check_command check_snmp!notification!sysUpTimeInstance
}
define service{
use generic-service
host_name server89
service_description ethernet link test
check_command check_snmp!notification!ifDescr.2
}
define service{
use generic-service
host_name server89
service_description check disk c drive
check_command check_snmp_storage!notification!^C:
}
define service{
use generic-service
host_name server89
service_description httpd service
check_command check_http_tmp!compose.company.com!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description smtp service
check_command check_smtp!!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description pop service
check_command check_pop!!-w 10 -c 20
}
define service{
use generic-service
host_name server89
service_description IMAP service
check_command check_imap!!-w 10 -c 20
}
Need to add the following in the the linux.cfg ( for linux host only )
############################# Hosts ###########################################
define host{
use linux-server ; Inherit default values from a Windows server template (make sure you keep this line!)
host_name server74
alias server74.dns.org
address linuxhost_ipaddress
}
##############################################################################
define service{
use generic-service
host_name server74
service_description CPU load
check_command check_snmp!public!.1.3.6.1.4.1.2021.10.1.3.2
}
# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above
define service{
use generic-service
host_name server74
service_description Uptime
check_command check_snmp!public!.1.3.6.1.2.1.1.3.0
}
define service{
use generic-service
host_name server74
service_description ethernet link test
check_command check_snmp_int!public!eth0
}
define service{
use generic-service
host_name server74
service_description check disk /home
check_command check_snmp_storage!public!home
}
define service{
use generic-service
host_name server74
service_description check disk /
check_command check_snmp_storage!public!/
}
define service{
use generic-service
host_name server74
service_description check disk /var
check_command check_snmp_storage!public!/var
}
define service{
use generic-service
host_name server74
service_description check disk /usr
check_command check_snmp_storage!public!/usr
}
define service{
use generic-service
host_name server74
service_description check disk /backup
check_command check_snmp_storage!public!/backup
}
define service{
use generic-service
host_name server74
service_description httpd service
check_command check_http!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description smtp service
check_command check_smtp!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description pop service
check_command check_pop!!-w 10 -c 20
}
define service{
use generic-service
host_name server74
service_description IMAP service
check_command check_imap!!-w 10 -c 20
}
nagios : email notification for different email ID for different hosts
There are cases when you want to send email notification to specific email ID for specific host.
there is a configuration file called as contacts.cfg , here we need to add the following :
define contact{
contact_name cocubes
use generic-contact-1
alias cocubes
email user_name@gmail.com
}
contact_name cocubes
use generic-contact-1
alias cocubes
email user_name@gmail.com
}
contact_name is a general name you give to this contact. use --- this the set template mentioned in template.cfg
alias is a general user name
email is the email id
NOTE: open the templeate.cfg
we create a new template called generic-contact-1 , which has the following template
define contact{
name generic-contact-1 ; The name of this contact template
host_notification_period 24x7 ; host notifications can be sent anytime
host_notification_options d,u,r,f,s ; send notifications for all host states, flapping events, and scheduled downtime events
service_notification_commands notify-service-by-email ; send service notifications via email
host_notification_commands notify-host-by-email ; send host notifications via email
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL CONTACT, JUST A TEMPLATE!
}
This template basically tell nagios to only send notification if the server is down and not to send service warning.
Now that we have set the email address we have to set the host that we want to monitor
lets open the file windows.cfg
we add contacts variable to the host object
vi /usr/local/nagios/etc/objects/windows.cfg
define host{
use windows-server
host_name cocubes
alias coc.space.com
contacts cocubes
address 202.XX.XXX.XX
}
now restart nagios
email Validation script
#!/usr/bin/perl -w
use Net::SMTP;
#Create a new object with 'new'.
BEGIN {
use lib '/net/lib/perl';
require VVV::DNS;
require Net::SMTP;
}
@gl::myips = qw(
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
);
my $res = DNS::dnshandle('202.XX.XX.XX');
# list of email iDs
my $file = $ARGV[0];
open (IN, "$file") || die "Require valid filename of emailids $!\n";
my @arrids = <IN>;
close IN;
use Net::SMTP;
#Create a new object with 'new'.
BEGIN {
use lib '/net/lib/perl';
require VVV::DNS;
require Net::SMTP;
}
@gl::myips = qw(
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
202.XX.XX.XX
);
my $res = DNS::dnshandle('202.XX.XX.XX');
# list of email iDs
my $file = $ARGV[0];
open (IN, "$file") || die "Require valid filename of emailids $!\n";
my @arrids = <IN>;
close IN;
chomp @arrids;
#function to check valid email
sub valid_email {
my($id1) = @_;
if ($id1 =~ /^[\w\-\_\.]+\@[\w\-\_\.]+$/) {
print "$id1 is valid";
return 1;
} else {
print "$id1 is invalid";
return 0;
}
}
#
# 0 ==>; email is valid
# 1 ==>; email invalid
# 2 ==>; email could not be verified try later
#
sub emailid_invalid {
my($id,$mxref,$smtpbind)=@_;
print "MX HOST for domain = ". $mxref->[0] ."\n";
$smtp = Net::SMTP->new(
Host => $mxref->[0],
Timeout => 30,
LocalAddr => $smtpbind,
Debug => 1,
Hello=>'company.com',
);
unless($smtp){
print "############Could not connect to ...#########\n";
return 2;
}
#Send the MAIL command to the server.
$smtp->mail("user1\@company.com") || return(2);
print $smtp->to("$id");
my $errcode = $smtp->code();
if ( $errcode =~ /^25/ ) {
return 0;
print " this email ID is correct" ;
} elsif ($errcode =~ /^5/ ) {
return 1;
print " $errcode this email ID is incorrect" ;
} elsif ($errcode =~ /^4/ ) {
print " deffered connection ";
return 3;
}
$smtp->quit();
}
open(VALID,">", " /opt/valid");
open(INVALID,"/opt/invalid");
open(TRYAGAIN,"/opt/RETRY");
my @bindips;
foreach my $id (@arrids ) {
print "Checking ID: $id\n";
next unless (valid_email($id));
print "\nVALID Continue........\n";
my ($uname,$fulldomain) = split(/\@/, $id);
my @mxrec1 = DNS::mxrec($res,$fulldomain);
unless(scalar(@mxrec1)){
print INVALID "$id\n";
next;
}
unless(scalar @bindips){
push @bindips,@gl::myips;
}
my $smtpbind = shift(@bindips);
print STDERR "BIND as $smtpbind\n";
sleep 1;
my $ret = emailid_invalid($id,\@mxrec1,$smtpbind);
if($ret == 0){
print VALID "$id\n";
} elsif ($ret == 1) {
print INVALID "$id\n";
} elsif($ret == 2) {
print TRYAGAIN "$id\n";
} elsif($ret == 3) {
print TRYAGAIN "$id\n";
}
}
Documentation on server backup
Now On the backupserver machines
mkdir /net/serverbackup ----------> location where all the tar.gz files are stored
This scritpt will wget the flles from vairous server
vi /usr/local/bin/serverbackup
#!/bin/bash
set -x
DIR=/net/serverbackup
SERVERINFO=/net/serverbackup/serverbackupfiles
cd /net/serverbackup
if [ -d $DIR ] ;then
if [ -f $SERVERINFO ];then
for i in `cat $SERVERINFO |awk -F "|" '{print $2}'`
do
`cat $SERVERINFO |grep $i |awk -F "|" '{print $3}'``date +%Y%m%d`.tgz;
done
else
echo " serverbackupfiles does not exist "
fi
else
echo " serverbackup dir does not exist "
fi
This file (serverbackupfiles) is requied by the "serverbackup" script
cat /net/serverbackup/serverbackupfiles
|server112|wget --user=agnello --password=username http:///server112.com/serverbackup/pamserver2.
crontab -e
##for serverbackup to weget the files
0 11 * * * /usr/local/bin/serverbackup
Now On the system to be backed up
cd /net/serverbackup
ln -s /net/serverbackup /var/www/html/serverbackup
vi /usr/local/bin/serverbackupdaily
#!/bin/bash
#
set -x
backupfile1="`date '+%Y%m%d'`"
backupfile="servername.$backupfile1.tgz"
if cd /; then
tar zcf /tmp/$backupfile --exclude-from=/etc/backup/excludedaily `cat /etc/backup/BACKUPDAILY`
mv /tmp/$backupfile /net/serverbackup
chown -R web.web /net/serverbackup
fi
exit 0
vi /etc/httpd/conf/httpd.conf
#setting for serverbackup
AllowOverride AuthConfig
AuthName "serverBackup login"
AuthType Basic
AuthUserFile /net/serverbackup/.htpasswd
AuthGroupFile /dev/null
require user serverbackup
Order deny,allow
Deny from all
Allow from all
htpasswd -bc /net/serverbackup/.htpasswd serverbackup password
crontab -e
##for serverbackup
0 06 * * * /usr/local/bin/serverbackupdaily
mkdir /net/serverbackup ----------> location where all the tar.gz files are stored
This scritpt will wget the flles from vairous server
vi /usr/local/bin/serverbackup
#!/bin/bash
set -x
DIR=/net/serverbackup
SERVERINFO=/net/serverbackup/serverbackupfiles
cd /net/serverbackup
if [ -d $DIR ] ;then
if [ -f $SERVERINFO ];then
for i in `cat $SERVERINFO |awk -F "|" '{print $2}'`
do
`cat $SERVERINFO |grep $i |awk -F "|" '{print $3}'``date +%Y%m%d`.tgz;
done
else
echo " serverbackupfiles does not exist "
fi
else
echo " serverbackup dir does not exist "
fi
This file (serverbackupfiles) is requied by the "serverbackup" script
cat /net/serverbackup/serverbackupfiles
|server112|wget --user=agnello --password=username http:///server112.com/serverbackup/pamserver2.
crontab -e
##for serverbackup to weget the files
0 11 * * * /usr/local/bin/serverbackup
Now On the system to be backed up
cd /net/serverbackup
ln -s /net/serverbackup /var/www/html/serverbackup
vi /usr/local/bin/serverbackupdaily
#!/bin/bash
#
set -x
backupfile1="`date '+%Y%m%d'`"
backupfile="servername.$backupfile1.tgz"
if cd /; then
tar zcf /tmp/$backupfile --exclude-from=/etc/backup/excludedaily `cat /etc/backup/BACKUPDAILY`
mv /tmp/$backupfile /net/serverbackup
chown -R web.web /net/serverbackup
fi
exit 0
vi /etc/httpd/conf/httpd.conf
#setting for serverbackup
AllowOverride AuthConfig
AuthName "serverBackup login"
AuthType Basic
AuthUserFile /net/serverbackup/.htpasswd
AuthGroupFile /dev/null
require user serverbackup
Order deny,allow
Deny from all
Allow from all
htpasswd -bc /net/serverbackup/.htpasswd serverbackup password
crontab -e
##for serverbackup
0 06 * * * /usr/local/bin/serverbackupdaily
Script to do mysqcheck
#!/usr/bin/perl
my $a = `hostname`;
my @dbs =`mysql -u root -p[password] -e "show databases" | grep -v "Database" `;
foreach $i(@dbs){
chomp($i);
my @aa = `mysql -u root -p[password] $i -e 'show tables' |grep -v 'Tables_in_'`;
next if ($i =~/Tables_in_$i/);
foreach $r(@aa) {
chomp($r) ;
$d = `mysqlcheck -u root -p[password] $i $r` ;
print "checking table = $r of database $i \n";
if ($d =~/error/ ) {
print " the table $i is corrupted \n";
system(`/usr/local/bin/smtpmail -t a\@alertme.com -f admin\@serverone.com -h 192.168.2.105 -s "th table is courupted" -b "the table is $r of database $i on server $a is courrupted ..kindly check" `) ;
}
}
}
# this script can be run by command line to check each table on every database on every databases
my @dbs =`mysql -u root -p[password] -e "show databases" | grep -v "Database" `;
foreach $i(@dbs){
chomp($i);
my @aa = `mysql -u root -p[password] $i -e 'show tables' |grep -v 'Tables_in_'`;
next if ($i =~/Tables_in_$i/);
foreach $r(@aa) {
chomp($r) ;
$d = `mysqlcheck -u root -p[password] $i $r` ;
print "checking table = $r of database $i \n";
if ($d =~/error/ ) {
print " the table $i is corrupted \n";
system(`/usr/local/bin/smtpmail -t a\@alertme.com -f admin\@serverone.com -h 192.168.2.105 -s "th table is courupted" -b "the table is $r of database $i on server $a is courrupted ..kindly check" `) ;
}
}
}
iptables examples
# firewall.stop
# Script to flush all firewall rulesets
#
set -x
#!/bin/sh
# My system IP/set ip address of server
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming ssh only
iptables -A INPUT -p tcp -s 54.263.22.76 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 203.122.55.101 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
#allow mysql connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 208.183.110.234 --dport 3306 -m state --stateNEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#allow FTP connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --stateNEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
#open smtp port 25
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
#open port 465
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 465 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#open http port
# allow incoming connectino http
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 06.183.111.235 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 80 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
# allow outgoing connectino http
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 1024:65535 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 80 -d 306.143.211.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#open dns port
#iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -p udp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d 306.143.211.234/gc --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
##allow icmp ports
iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
####
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
# Script to flush all firewall rulesets
#
set -x
#!/bin/sh
# My system IP/set ip address of server
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming ssh only
iptables -A INPUT -p tcp -s 54.263.22.76 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 203.122.55.101 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
#allow mysql connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 208.183.110.234 --dport 3306 -m state --stateNEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#allow FTP connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --stateNEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
#open smtp port 25
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
#open port 465
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 465 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#open http port
# allow incoming connectino http
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 06.183.111.235 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 80 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT
# allow outgoing connectino http
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 1024:65535 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 80 -d 306.143.211.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#open dns port
#iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -p udp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d 306.143.211.234/gc --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
##allow icmp ports
iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
####
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
Mounting a new HDD on Linux
There are many reasons why you would need to add a new drive to your Linux box. You might have out-grown your current space limitations, or you may want to add a separate drive for a specific project or service. In any case, if you follow this guide, you should have no problems. First, you must be familiar with the naming scheme Linux uses for your drives. For purposes if this article, everything highlighted in blue is the command you must type at the terminal prompt. Anything hightlighted in red indicates changes made by a previous command or something you should pay special attention to. Anything highlighted in green is simply the standard output from a terminal or issued command. The machine used for this guide is running Red Hat Entperise Linux.
Conventional Naming
This article assumes you know the difference between primary, extended and logical partitions. In the following example, I added a SCSI hard drive with one primary partition. With that being said, I'll continue explaining the naming scheme. Linux gives each drive a 3 letter name followed by a partition number. If you are using IDE drives, these will all be named hd**. Where hd denotes the drive and the next two variables are aassociated with IDE order (primary master, primary slave, etc) and partition number. So, your primary master drive will always be named hda. If you are using SCSI drives, everything remains the same except instead of using hd, drives are named sd**. Your SCSI primary master drive will always be named sda. All of these devices reside under the /dev portion of your Linux file system. For instance, as root, you can issue the following command to view the naming combinations possible for your system. Remember, in this example, I am using SCSI hardware. If you are using IDE, simply use hd is place of sd here.
[root@roswell root]# ls /dev/sda*
/dev/sda /dev/sdab10 /dev/sdad12 /dev/sdaf14 /dev/sdah2 /dev/sdaj4 /dev/sdal6
/dev/sda1 /dev/sdab11 /dev/sdad13 /dev/sdaf15 /dev/sdah3 /dev/sdaj5 /dev/sdal7
/dev/sda10 /dev/sdab12 /dev/sdad14 /dev/sdaf2 /dev/sdah4 /dev/sdaj6 /dev/sdal8
/dev/sda11 /dev/sdab13 /dev/sdad15 /dev/sdaf3 /dev/sdah5 /dev/sdaj7 /dev/sdal9
/dev/sda12 /dev/sdab14 /dev/sdad2 /dev/sdaf4 /dev/sdah6 /dev/sdaj8 /dev/sdam
/dev/sda13 /dev/sdab15 /dev/sdad3 /dev/sdaf5 /dev/sdah7 /dev/sdaj9 /dev/sdam1
/dev/sda14 /dev/sdab2 /dev/sdad4 /dev/sdaf6 /dev/sdah8 /dev/sdak /dev/sdam10
----
Some results omitted**
----
[root@roswell root]#
Note that I omitted a large portion of the results because they were huge! Remember that this list is not dependent on the current number of hard drives in the system, but the maximum naming possibilities for any number of drives and partitions. Do not be surprised if your results are rather lengthy as well.
Creating, Mounting, and Configuration New Partitions
Before adding an extra drive, this machine had 2 physical drives. Both of them were named accordingly (sda and sdb) before the new drive was added. The second drive containing the swap partitions was automatically renamed when the new drive was added. Notice the command and output below:
[root@roswell root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 8.3G 2.4G 5.5G 30% /
/dev/sda2 99M 26M 69M 27% /boot
/dev/sdc1 16G 13G 2.3G 85% /export <-- old sdb renamed to sdc by the Linux
none 250M 0 250M 0% /dev/shm
[root@roswell root]#
This command simply lists all currently mounted drives, their names, and space usage. Notice that sdb is not presently mounted. However, we know that it exists otherwise, there would not be an sdc present. I could not add my new drive as sdc because my SCSI hotswap drive cage reserves the first two slots for 1.5" drives. So I was forced to make the new drive sdb because it is a 1.5" drive.
Setting Partitions
You should be fairly familiar with fdisk. The commands are somewhat different than it's DOS equivalent. See the following commands and output:
[root@roswell root]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help):
If there is a problem, and there is no drive associated with /dev/sdb, you will get an error message. Remember, that nothing will actually be executed until you issue a w command. It's always a good idea to read through the variables of your commands. Doing so will ensure that you aren't forgetting anything. Let's get started!
Command (m for help): p
Disk /dev/sdb: 50.0 GB, 50019202560 bytes
255 heads, 63 sectors/track, 6081 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
Command (m for help):
If you issue a p command, you will see any partitions that currently exist on the drive. You can see by the output above there are no existing partitions. This drive is un-partitionedd and unformatted. To create a new partition, is the n command.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-6081, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-6081, default 6081): 6081
Command (m for help):
In the output above notice that interval I selected for the cylinders. Using the entire range allows you create one partition across the entire drive. So, in order to create a primary partition on /dev/sdb/ we issued the following commands:
n
(creates a new partition)
p
(creates a primary partition)
1
(the number 1 denotes the partition will be /dev/sdb1)
We can check the partition specifications we just entered by using the p command again.
Command (m for help): p
Disk /dev/sdb: 50.0 GB, 50019202560 bytes
255 heads, 63 sectors/track, 6081 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 6081 48845601 83 Linux
Command (m for help):
Notice the new partition (highlighted in red). However, we must issue a w command to finalize it. If you messed anything up, you can use the d command and specify which partition you want to delete.
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@roswell root]#
Formatting
Now that the partition has been created, you need to format the drive. You can format it with almost any file system you wish. However, the most common Linux formats are ext2 and ext3. Ext3 is simply a candy coated version of ext2 that adds a logging feature. You must specify which partition to format by calling the device and partition number like this:
[root@roswell root]# mkfs -t ext3 /dev/sdb1
mke2fs 1.32 (09-Nov-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
6111232 inodes, 12211400 blocks
610570 blocks (5.00%) reserved for the super user
First data block=0
373 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@roswell root]#
What did we do there? Using the mkfs (make file system) command, we specified the type (using the -t) ext3 using the device and partition name (/dev/sdb1). You have successfull partitioned and formatted your new drive. Wait, you're not done yet. You will want to mount this partition to make it usable. You will also want this partition to mount automatically when you reboot the machine.
Mounting
In order to automatically mount a partition, you must edit the /etc/fstab file. The fstab file tells Linux where to mount all partitions located within the system. The output below shows the current fstab file before including the newly added drive:
[root@roswell root]# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
LABEL=/export /export ext3 defaults 1 2
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sdb2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
You may notice I viewed this file using vi. Vi is a simple text editor that may or may not be loaded on your Linux system. It is somewhat similar to emacs. In any case, both programs can perform the same task. We will mount the new partition as /media. Remember to create a directory named media, otherwise fstab won't be able to mount the partition. It is shown high-lighted red in the output below:
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
LABEL=/export /export ext3 defaults 1 2
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sdb1 /media ext3 defaults 1 2
/dev/sdb2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
Next, issue a simple mount command providing the partition name:
[root@roswell export]# mount /dev/sdb1
[root@roswell export]#
You're all done! You will be able to access the /media folder immediately and after the machine reboots as fstab will automatically re-mount it for you. If you want to verify the partition is successfully present and mounted, use the following commands:
[root@roswell media]# mount
/dev/sda1 on / type ext3 (rw)
none on /proc type proc (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/sda2 on /boot type ext3 (rw)
/dev/sdc1 on /export type ext3 (rw)
none on /dev/shm type tmpfs (rw)
/dev/sdb1 on /media type ext3 (rw)
[root@roswell media]#
The red line shows our new drive freshly mounted. You can check the space usage if you issue the following command.
[root@roswell media]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 8.3G 2.4G 5.5G 30% /
/dev/sda2 99M 26M 69M 27% /boot
/dev/sdc1 16G 13G 2.3G 85% /export
none 250M 0 250M 0% /dev/shm
/dev/sdb1 46G 33M 44G 1% /media
[root@roswell media]#
HAPPY MOUNTING ;)
Conventional Naming
This article assumes you know the difference between primary, extended and logical partitions. In the following example, I added a SCSI hard drive with one primary partition. With that being said, I'll continue explaining the naming scheme. Linux gives each drive a 3 letter name followed by a partition number. If you are using IDE drives, these will all be named hd**. Where hd denotes the drive and the next two variables are aassociated with IDE order (primary master, primary slave, etc) and partition number. So, your primary master drive will always be named hda. If you are using SCSI drives, everything remains the same except instead of using hd, drives are named sd**. Your SCSI primary master drive will always be named sda. All of these devices reside under the /dev portion of your Linux file system. For instance, as root, you can issue the following command to view the naming combinations possible for your system. Remember, in this example, I am using SCSI hardware. If you are using IDE, simply use hd is place of sd here.
[root@roswell root]# ls /dev/sda*
/dev/sda /dev/sdab10 /dev/sdad12 /dev/sdaf14 /dev/sdah2 /dev/sdaj4 /dev/sdal6
/dev/sda1 /dev/sdab11 /dev/sdad13 /dev/sdaf15 /dev/sdah3 /dev/sdaj5 /dev/sdal7
/dev/sda10 /dev/sdab12 /dev/sdad14 /dev/sdaf2 /dev/sdah4 /dev/sdaj6 /dev/sdal8
/dev/sda11 /dev/sdab13 /dev/sdad15 /dev/sdaf3 /dev/sdah5 /dev/sdaj7 /dev/sdal9
/dev/sda12 /dev/sdab14 /dev/sdad2 /dev/sdaf4 /dev/sdah6 /dev/sdaj8 /dev/sdam
/dev/sda13 /dev/sdab15 /dev/sdad3 /dev/sdaf5 /dev/sdah7 /dev/sdaj9 /dev/sdam1
/dev/sda14 /dev/sdab2 /dev/sdad4 /dev/sdaf6 /dev/sdah8 /dev/sdak /dev/sdam10
----
Some results omitted**
----
[root@roswell root]#
Note that I omitted a large portion of the results because they were huge! Remember that this list is not dependent on the current number of hard drives in the system, but the maximum naming possibilities for any number of drives and partitions. Do not be surprised if your results are rather lengthy as well.
Creating, Mounting, and Configuration New Partitions
Before adding an extra drive, this machine had 2 physical drives. Both of them were named accordingly (sda and sdb) before the new drive was added. The second drive containing the swap partitions was automatically renamed when the new drive was added. Notice the command and output below:
[root@roswell root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 8.3G 2.4G 5.5G 30% /
/dev/sda2 99M 26M 69M 27% /boot
/dev/sdc1 16G 13G 2.3G 85% /export <-- old sdb renamed to sdc by the Linux
none 250M 0 250M 0% /dev/shm
[root@roswell root]#
This command simply lists all currently mounted drives, their names, and space usage. Notice that sdb is not presently mounted. However, we know that it exists otherwise, there would not be an sdc present. I could not add my new drive as sdc because my SCSI hotswap drive cage reserves the first two slots for 1.5" drives. So I was forced to make the new drive sdb because it is a 1.5" drive.
Setting Partitions
You should be fairly familiar with fdisk. The commands are somewhat different than it's DOS equivalent. See the following commands and output:
[root@roswell root]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help):
If there is a problem, and there is no drive associated with /dev/sdb, you will get an error message. Remember, that nothing will actually be executed until you issue a w command. It's always a good idea to read through the variables of your commands. Doing so will ensure that you aren't forgetting anything. Let's get started!
Command (m for help): p
Disk /dev/sdb: 50.0 GB, 50019202560 bytes
255 heads, 63 sectors/track, 6081 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
Command (m for help):
If you issue a p command, you will see any partitions that currently exist on the drive. You can see by the output above there are no existing partitions. This drive is un-partitionedd and unformatted. To create a new partition, is the n command.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-6081, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-6081, default 6081): 6081
Command (m for help):
In the output above notice that interval I selected for the cylinders. Using the entire range allows you create one partition across the entire drive. So, in order to create a primary partition on /dev/sdb/ we issued the following commands:
n
(creates a new partition)
p
(creates a primary partition)
1
(the number 1 denotes the partition will be /dev/sdb1)
We can check the partition specifications we just entered by using the p command again.
Command (m for help): p
Disk /dev/sdb: 50.0 GB, 50019202560 bytes
255 heads, 63 sectors/track, 6081 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 6081 48845601 83 Linux
Command (m for help):
Notice the new partition (highlighted in red). However, we must issue a w command to finalize it. If you messed anything up, you can use the d command and specify which partition you want to delete.
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@roswell root]#
Formatting
Now that the partition has been created, you need to format the drive. You can format it with almost any file system you wish. However, the most common Linux formats are ext2 and ext3. Ext3 is simply a candy coated version of ext2 that adds a logging feature. You must specify which partition to format by calling the device and partition number like this:
[root@roswell root]# mkfs -t ext3 /dev/sdb1
mke2fs 1.32 (09-Nov-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
6111232 inodes, 12211400 blocks
610570 blocks (5.00%) reserved for the super user
First data block=0
373 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@roswell root]#
What did we do there? Using the mkfs (make file system) command, we specified the type (using the -t) ext3 using the device and partition name (/dev/sdb1). You have successfull partitioned and formatted your new drive. Wait, you're not done yet. You will want to mount this partition to make it usable. You will also want this partition to mount automatically when you reboot the machine.
Mounting
In order to automatically mount a partition, you must edit the /etc/fstab file. The fstab file tells Linux where to mount all partitions located within the system. The output below shows the current fstab file before including the newly added drive:
[root@roswell root]# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
LABEL=/export /export ext3 defaults 1 2
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sdb2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
You may notice I viewed this file using vi. Vi is a simple text editor that may or may not be loaded on your Linux system. It is somewhat similar to emacs. In any case, both programs can perform the same task. We will mount the new partition as /media. Remember to create a directory named media, otherwise fstab won't be able to mount the partition. It is shown high-lighted red in the output below:
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
LABEL=/export /export ext3 defaults 1 2
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sdb1 /media ext3 defaults 1 2
/dev/sdb2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
Next, issue a simple mount command providing the partition name:
[root@roswell export]# mount /dev/sdb1
[root@roswell export]#
You're all done! You will be able to access the /media folder immediately and after the machine reboots as fstab will automatically re-mount it for you. If you want to verify the partition is successfully present and mounted, use the following commands:
[root@roswell media]# mount
/dev/sda1 on / type ext3 (rw)
none on /proc type proc (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/sda2 on /boot type ext3 (rw)
/dev/sdc1 on /export type ext3 (rw)
none on /dev/shm type tmpfs (rw)
/dev/sdb1 on /media type ext3 (rw)
[root@roswell media]#
The red line shows our new drive freshly mounted. You can check the space usage if you issue the following command.
[root@roswell media]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 8.3G 2.4G 5.5G 30% /
/dev/sda2 99M 26M 69M 27% /boot
/dev/sdc1 16G 13G 2.3G 85% /export
none 250M 0 250M 0% /dev/shm
/dev/sdb1 46G 33M 44G 1% /media
[root@roswell media]#
HAPPY MOUNTING ;)
difference between 32 bit and 64 bit
A common question that pops up from time to time is whether someone who has a 64-bit CPU (such as an AMD64 or an Intel EM64T) should download a 64-bit or 32-bit Linux distribution. Since these processors are capable of running either one at full native speeds, what are the advantages and disadvantages to both? Here I hope to address some common issues.
Speed - Without a scientific set of benchmarks this one is really hard to measure. Some people think one distribution "feels" faster than another while others disagree. Suffice to say that no one has yet to prove scientifically that the 64-bit versions of Linux available today are significantly faster in performance than their 32-bit counterparts. Most "64-bit" versions of software are actually just recompiled versions of the 32-bit code, with no optimization that would take advantage of the new features these chips offer and perhaps boost performance. If you're looking to use 64-bit because you think it will be a major improvement in speed, I would reconsider.
Compatibility - Not all software runs on 64-bit Linux. Although there have been 64-bit native Linux distributions for several years (a year before Microsoft Windows XP64, but I digress), the software community has yet to fully embrace the technology. As of the time this post was written, there is no 64-bit version of the Macromedia Flash Plug-in for your web browser, for instance. WINE and the Java VM have been known to cause problems on some 64-bit installations as well. Not all hardware has 64-bit drivers yet. The two major display card manufacturers (ATI and Nvidia) do have X86_64 versions of their drivers, but they are sadly the exception rather than the norm.
RAM - If you plan on using a machine that has more than 4GB of RAM, you'll need to use the 64-bit version of your distribution because 32-bit operating systems are only able to handle up to 4GB, maximum*. There's just not enough memory addresses for more. This is usually not a problem for desktop users, but it might be a concern for servers or high-end workstations.
The "coolness" factor - As Apple Computer has proven in recent years, there's an awful lot people will do just because something looks or feels "cool". This is perhaps the one reason why some people choose to run 64-bit Linux: it's a neat idea. To some people the idea of running a 64-bit native** operating system on their 64-bit CPU is just too cool to pass up. These people understand the drawbacks to running a bleeding-edge system and accept the extra work involved. If this describes you, more power to you.
So which should I choose? (29 July 2008) Over the last 2 years since I wrote this thread, a lot of progress has been made and I believe at this point that 64-bit Linux distributions are pretty much identical in performance and features as their 32-bit counterparts. I say "pretty much" because there's still no native Flash player. There are ways around that. I've not had issues with Java in 64-bit in recent months, so progress was made there too.
That being said, the point I make in the beginning still stands: although 64-bit Linux distributions are now by and large on-par with their 32-bit brethren, they do not yet surpass them in performance. You're not running at as much of a deficit with 64-bit two years later, but you still don't quite have an advantage either. Now, I think, rather than strongly suggesting 32-bit I could say either will work, but neither has any significant advantage over the other. It's more a matter of personal preference.
* NOTE: The 32-bit Linux kernel can be recompiled to handle up to 64GB of RAM if you're particularly concerned about staying 32-bit.
** NOTE: Although 64-bit Linux distributions do include a natively-compiled Linux kernel and several natively-compiled key applications, not every package in a 64-bit Linux distribution is 64-bit. The 32-bit library files and many 32-bit applications still exist and are used on a regular basis, so the idea that a 64-bit distribution is "native" is really a misnomer.
Speed - Without a scientific set of benchmarks this one is really hard to measure. Some people think one distribution "feels" faster than another while others disagree. Suffice to say that no one has yet to prove scientifically that the 64-bit versions of Linux available today are significantly faster in performance than their 32-bit counterparts. Most "64-bit" versions of software are actually just recompiled versions of the 32-bit code, with no optimization that would take advantage of the new features these chips offer and perhaps boost performance. If you're looking to use 64-bit because you think it will be a major improvement in speed, I would reconsider.
Compatibility - Not all software runs on 64-bit Linux. Although there have been 64-bit native Linux distributions for several years (a year before Microsoft Windows XP64, but I digress), the software community has yet to fully embrace the technology. As of the time this post was written, there is no 64-bit version of the Macromedia Flash Plug-in for your web browser, for instance. WINE and the Java VM have been known to cause problems on some 64-bit installations as well. Not all hardware has 64-bit drivers yet. The two major display card manufacturers (ATI and Nvidia) do have X86_64 versions of their drivers, but they are sadly the exception rather than the norm.
RAM - If you plan on using a machine that has more than 4GB of RAM, you'll need to use the 64-bit version of your distribution because 32-bit operating systems are only able to handle up to 4GB, maximum*. There's just not enough memory addresses for more. This is usually not a problem for desktop users, but it might be a concern for servers or high-end workstations.
The "coolness" factor - As Apple Computer has proven in recent years, there's an awful lot people will do just because something looks or feels "cool". This is perhaps the one reason why some people choose to run 64-bit Linux: it's a neat idea. To some people the idea of running a 64-bit native** operating system on their 64-bit CPU is just too cool to pass up. These people understand the drawbacks to running a bleeding-edge system and accept the extra work involved. If this describes you, more power to you.
So which should I choose? (29 July 2008) Over the last 2 years since I wrote this thread, a lot of progress has been made and I believe at this point that 64-bit Linux distributions are pretty much identical in performance and features as their 32-bit counterparts. I say "pretty much" because there's still no native Flash player. There are ways around that. I've not had issues with Java in 64-bit in recent months, so progress was made there too.
That being said, the point I make in the beginning still stands: although 64-bit Linux distributions are now by and large on-par with their 32-bit brethren, they do not yet surpass them in performance. You're not running at as much of a deficit with 64-bit two years later, but you still don't quite have an advantage either. Now, I think, rather than strongly suggesting 32-bit I could say either will work, but neither has any significant advantage over the other. It's more a matter of personal preference.
* NOTE: The 32-bit Linux kernel can be recompiled to handle up to 64GB of RAM if you're particularly concerned about staying 32-bit.
** NOTE: Although 64-bit Linux distributions do include a natively-compiled Linux kernel and several natively-compiled key applications, not every package in a 64-bit Linux distribution is 64-bit. The 32-bit library files and many 32-bit applications still exist and are used on a regular basis, so the idea that a 64-bit distribution is "native" is really a misnomer.
using pam mysql auth instead of the system user auth
the authenitcatoin server we are going to use is saslauthd
congfig file is : /etc/sysconfig/saslauthd
the mechanism used for checking the file is pam
MECH=pam
since we want auith for our imap clinent we edit this file
/etc/pam.d/imap
username passwdcolumn=password crypt=1 auth sufficient pam_mysql.so user= passwd= host=localhost db=mailusers table=auth usercolumn=uname passwdcolumn=pword crypt=0
account required pam_mysql.so user= passwd= host=localhost db=mailusers table=auth usercolumn=uname passwdcolumn=pword crypt=0
we create the database
we add the tables :
CREATE TABLE `auth` ( `uname` VARCHAR( 30 ) NOT NULL , `pword` VARCHAR( 30 ) NOT NULL , `cid` INT NOT NULL , PRIMARY KEY ( `uname` ) ) ENGINE = MYISAM
CREATE TABLE `auth` ( `uname` VARCHAR( 30 ) NOT NULL , `pword` VARCHAR( 30 ) NOT NULL , `cid` INT NOT NULL , PRIMARY KEY ( `uname` ) ) ENGINE = MYISAM
restart saslauthd
kernel for xfs reiserfs support
http://landofthefreeish.com/how-to/enable-reiserfs-xfs-jfs-on-rhel5/
To install reiserfs using the centosplus repository
refer http://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus
edit /etc/yum.repos.d/CentOS-Base.repo
serch [centosplus]
enabled=1
includepkgs=kernel* jfsutils reiserfs-utils
add exclude=postfix-* in [base] and [update]
yum --enablerepo=centosplus install kernel
how to check fs on centos box
cat /proc/filesystems |grep reiser
possible that kernel module and not yet loaded.
modprobe reiserfs
see this doc
To install reiserfs using the centosplus repository
refer http://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus
edit /etc/yum.repos.d/CentOS-Base.repo
serch [centosplus]
enabled=1
includepkgs=kernel* jfsutils reiserfs-utils
add exclude=postfix-* in [base] and [update]
yum --enablerepo=centosplus install kernel
how to check fs on centos box
cat /proc/filesystems |grep reiser
possible that kernel module and not yet loaded.
modprobe reiserfs
Sticky Bits, SUID set , SGID set
Here we will discuss about the 3 special attributes other than the common read/write/execute.
Example:
drwxrwxrwt - Sticky Bits - chmod 1777
drwsrwxrwx - SUID set - chmod 4777
drwxrwsrwx - SGID set - chmod 2777
a1 can delete or rename the files 1.txt and 2.txt.
b2 can delete or rename the file 2.txt only.
If d4 tries to remove 1.txt
rm -f 1.txt
rm: cannot remove `1.txt': Operation not permitted
Example:
drwxrwxrwt - Sticky Bits - chmod 1777
drwsrwxrwx - SUID set - chmod 4777
drwxrwsrwx - SGID set - chmod 2777
Sticky bit
Sticky bits are mainly set on directories.
If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename a file within that directory.
Example:
Consider you have a directory " test ".
chmod it to " 777 ". This gives permissions for all the users to read, write and execute.
chmod +t test
Example: ls -al
drwxrwxrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 a1 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 b2 b2 0 Jun 11 22:52 2.txt
From the above example a1 is the owner of the test directory.a1 can delete or rename the files 1.txt and 2.txt.
b2 can delete or rename the file 2.txt only.
SUID - [ Set User ID ]
SUID bit is set for files ( mainly for scripts ).
The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it.
Example:
If a1 is the owner of the script and b2 tries to run the same script, the script runs with the ownership of a1.
If the root user wants to give permissions for some scripts to run by different users, he can set the SUID bit for that particular script.
So if any user on the system starts that script, it will run under the root ownership.
Note:
root user much be very carefull with this.
SGID - [ Set Group ID ]
If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program.
This permission set also can make a similar impact. Here the script runs under the groups ownership.
You can also set SGID for directories.
Consider you have given 2777 permission for a directory. Any files created by any users under this directory will come as follows.
Example:
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
In the above example you can see that the owner of the file 1.txt is b2 and the group owner is a1.
So both b2 and a1 will have access to the file 1.txt.
Now lets make this more intresting and complicated.
Create a directory "test". Chmod it to 2777. Add sticky bit to it.
Example:
mkdir test
chmod 2777 test
chmod +t test
ls -al test
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 test
From the above permission set you can understand that SGID and sticky bit is set for the folder "test".
Now any user can create files under the test directory.
Example:
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 c3 a1 0 Jun 11 17:30 2.txt
-rw-rw-r-- 1 d4 a1 0 Jun 11 17:30 3.txt
So all the a1 user has access to all the files under the test directory. He can edit, rename or remove the file.
b2 user has access to 1.txt only, c3 has access to 2.txt only...
If sticky bit was not set for the test directory, any user can delete any files from the test directory, since the test directory has 777 permissions.
But now it not possible.
Example:If d4 tries to remove 1.txt
rm -f 1.txt
rm: cannot remove `1.txt': Operation not permitted
Subscribe to:
Posts (Atom)