System Admin logs: April 2011

Friday, April 29, 2011

installing Webmin and pptp with ssl on openvz

This post explains installing and configuring webmin and pptp with ssl on openvz vps. The os template is centos5.

On the node :
modprobe ppp_async
modprobe ppp_deflate
modprobe ppp_mppe
vzlist -a |grep IP_of_vps
vzctl stop [VEID]
vzctl set [VEID] --features ppp:on --save
vzctl start [VEID]
vzctl set [VEID] --devices c:108:0:rw --save
vzctl exec [VEID] mknod /dev/ppp c 108 0
vzctl exec [VEID] mknod /dev/ppp c 108 0
vzctl exec [VEID] chmod 600 /dev/ppp

You need all these modules on node:
[root@dallas5 ~]# lsmod | grep ppp
ppp_mppe 39816 0
ppp_deflate 39168 0
zlib_deflate 52760 1 ppp_deflate
ppp_async 45184 0
ppp_generic 63760 4 ppp_mppe,ppp_deflate,ppp_async
slhc 39680 1 ppp_generic
crc_ccitt 35200 1 ppp_async

On the VPS:[Openvz]
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.550-1.noarch.rpm
rpm -ivh webmin-1.550-1.noarch.rpm
/etc/init.d/webmin start
chkconfig --level 35 webmin on
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.i386.rpm
rpm -ivh pptpd-1.3.4-2.rhel5.i386.rpm
/etc/init.d/pptpd start
chkconfig --level 35 pptpd on
yum install openssl openssl-devel
yum install perl-Net-SSLeay #for ssl+webmin
perl -e 'use Net::SSLeay' #testing
echo $? #testing exit status '0'

You can access the webmin at https://IP_address:10000 and do the further configuration of pptpd and ppp.

Some useful links :
http://www.webmin.com/ssl.html
http://wiki.openvz.org/PPP_in_container

Squid not starting with error visible hostname not set

[root@jlturbovps1 ~]#/etc/init.d/squid start
init_cache_dir /var/spool/squid... /etc/init.d/squid: line 62: 3944 Aborted $SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
Starting squid: /etc/init.d/squid: line 42: 3945 Aborted $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1 [FAILED]

#vi /etc/squid/squid.conf
visible_hostname GIVE_yourtour_hostname_here
:wq ##save it

Now start squid.

#/etc/init.d/squid start
init_cache_dir /var/spool/squid... Starting squid: . [ OK ]

Thats it.have fun.

Monday, April 25, 2011

How to setup url or website monitoring in nagios server

First of all create a configuration directory for writing the rules. You can also create the rules in localhost.cfg but I recommend to create a separate directory and create the files in it.

#mkdir /etc/nagios/monitor_websites
and cd to this directory

And create file host.cfg in this directory for setting the urls.
#vi host.cfg

Suppose I want to monitor three sites
www.abc.com, www.xyz.com, www.pqr.com

Configure host.cfg as below.
#vi host.cfg

define host{
host_name abc.com
alias abc
address www.abc.com
use generic-host
}

define host{
host_name xyz.com
alias xyz
address www.xyz.com
use generic-host
}

define host{
host_name pqr.com
alias pqr
address www.pqr.com
use generic-host
}

#Defining group of urls - you should add this if you want to set up an HTTP check service.
define hostgroup {
hostgroup_name monitor_websites
alias monitor_urls
members www.abc.com, www.xyz.com, www.pqr.com
}
:wq #save it

And now create the file services.cfg for setting the service ( http_check )

#vi services.cfg
## Hostgroups services ##
define service {
hostgroup_name monitor_websites
service_description HTTP
check_command check_http
use generic-service
notification_interval 0
}

Now give the permissions for directory and configuration files.
#chown -R nagios:nagios monitor_websites

List and check.
[root@mail nagios]# ll monitor_websites
total 16
-rw-r--r-- 1 nagios nagios 669 Apr 25 23:13 host.cfg
-rw-r--r-- 1 nagios nagios 253 Apr 25 23:15 services.cfg
[root@mail nagios]#

Now give the configuration directory path in main nagios configuration file.
#vi /etc/nagios/nagios.cfg
cfg_dir=/etc/nagios/monitor_websites
:wq

Now restart the nagios service.
#service nagios restart

Thats it. Check the nagios site. You are done. You rocks.

Saturday, April 23, 2011

Installing ffmpg and MENCODER on linux

I got a good site for installing and configuring ffmpg + MENCODER + Libogg + LAME MP3 Encoder
+ Libvorbis.

Hete it is : Link

Thursday, April 21, 2011

How to log a rule in iptables

This post explains how to write a rule to reject something in iptables and how to log the working of iptables

First of all enable iptables loging in /etc/syslog.conf
#vi /etc/syslog.conf
kern.*        /var/log/firewall
:wq

Restart the syslog daemon.
#service syslog restart

Create the log file specified in /etc/syslog.conf
#touch /var/log/firewall #log file.

Now Define the rules in following order. Log rule must be first.

This is a simple rule which will block response to ping.

iptables -I INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "Rejected: "
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

See the listing of rules.
[root@work1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LOG        icmp -- anywhere             anywhere            icmp echo-request LOG level warning prefix `Rejected: '
DROP       icmp -- anywhere             anywhere            icmp echo-reply
DROP       icmp -- anywhere             anywhere            icmp echo-request

Now :

Ping from any host to this machine and watch the log file.

#tail -f /var/log/firewall #will give you real time log of dropping. With prefix Rejected.

[root@work1 ~]# tail -f /var/log/firewall
Apr 21 21:50:40 work1 kernel: Rejected: IN=eth0 OUT= MAC=00:0c:29:d0:8d:f4:00:23:ae:1d:97:a0:08:00 SRC=192.168.1.99 DST=192.168.1.60 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=24589 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=135
Apr 21 21:50:45 work1 kernel: Rejected: IN=eth0 OUT= MAC=00:0c:29:d0:8d:f4:00:23:ae:1d:97:a0:08:00 SRC=192.168.1.99 DST=192.168.1.60 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=24605 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=136

Tuesday, April 19, 2011

How to install and configure phpmyadmin on redhat linux or centos linux

First of all add the rpmforge repository to user system. Explained here

Now :

[root@localhost ~]# yum install phpmyadmin

[root@localhost html]# vi /usr/share/phpmyadmin/config.inc.php

And add the blowfish secret,
$cfg['blowfish_secret'] = 'a8b7dafdferHJHJ^&U^45776TIUuiYc6d';

http://127.0.0.1/phpmyadmin/

Now edit the phpmyadmin configuration file for apache

[root@eastonch /]# vi /etc/httpd/conf.d/phpmyadmin.conf

Order Deny,Allow
Allow from all #set to allow from all. else you'll get only from localhost.

Restart the apache

[root@localhost ~]#/etc/init.d/httpd restart

Now its accessible from everywhere.

http://Public_Ip_address/phpmyadmin/

How to reset user password in mysql in redhat or centos linux

Resetting the mysql user password in safemode. Lets see how to reset the password of root user in Centos / redhat linux.

Step1 : Stop the mysql service

#/etc/init.d/mysqld stop

step2 : Enter mysql safemode

#mysqld_safe --skip-grant-tables &

Step3 : Change the password

mysql> update mysql.user set password=PASSWORD("NEWPASSWORD") where User='root';

Step4 : Flush the privileges

mysql> flush privileges;

Step5 : Its over. Now you can quit.

mysql> quit

Step6 : Start the mysql service

#/etc/init.d/mysqld start

Step7 : Restart the mysql service to confirm that the safemode has been exsited.

#/etc/init.d/mysqld restart

Friday, April 15, 2011

How to limit the connections from one ip address using iptables

The following command will block all the exceeding connections [ more than 3] from any ip address to this machine. This can be used against DDOS attack.
#iptables -A INPUT -p all -m connlimit --connlimit-above 3 -j REJECT

Suppose if you want to block only ssh connections, then use the following command.
iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

for allowing 2 telnet connections per client host

#iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT

you can also do as give below
#iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT

For limiting the number of parallel http requests to 16 per class C sized network (24 bit netmask)
#iptables -A INPUT-p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

Tuesday, April 12, 2011

understanding if, if-else, elsif, unless, for, foreach and while loops in perl scripting

The following post explains if, if-else, elsif, unless, for, foreach and while loops in perl scripting

syntax :
if ( condition ) { statement; }
if ( condition ) { statement1; } else { statement2)
if ( condition1 ) { statement1; } elsif ( condition2 ) { statement2; }
unless ( condition ) { statement;}
for (Initial_value; condition; operation_on_variable) { statement; }
for (min_value..max_value) { statement; }
foreach (@array_name) { print "$_\n"; }

See the example program for more clear view.

#!/usr/bin/perl
#Purpose - To understand the concept of conditionals.
#START
#modules used
use strict;

#Variables used
my $value1 = 5;
my $value2 = 10;
my $value3 = 15;
my $value4 = 15;
my $i = 0;
my @array = ("Linux", "Windows", "Solaris", "Unix");

    #---------------------------------------------------------------------
    #if loop
    if (1 < 2) {
        print "1 is less than 2\n";
    }

    #---------------------------------------------------------------------
    #if-else loop
    if (2 < 1){
        print "The system is mad\n";
    }
    else {
        print "2 is not less than 1, This machine is brilliant\n";
    }


    #---------------------------------------------------------------------
    #elsif loop
    if ($value3 > $value4) {
        print "$value3 is greater than $value4\n";
    }
    elsif ($value3 < $value4) {
        print "$value3 is less than $value4\n";
    }
    else {
        print "$value3 is equal to $value4\n";
    }


    #---------------------------------------------------------------------
    #unless loop
    unless ($value1 == $value2) {
        print "Oh the $value1 and $value2 are not same\n";
    }

    #---------------------------------------------------------------------
    #For loop
    for ($i=1; $i<=5; $i++) {print "$i\n";}
    for (1..5) {print "new_for_loop\n";}


    #foreach loop
    foreach (@array) {print "$_\n";}

    #---------------------------------------------------------------------
    #While loop
    while ($value1 < $value2) {
        print "$value1 is less than $value2\n";
        $value1 +=1;
        print "With 1 increment $value1\n";
    if ($value1 == $value2) {print "Now the values are same\n";}
    }

#END

Understanding push, pop, unshift, shift and sort in perl scripting

The following post explains the concepts of push, pop, unshift, shift and sort functions in perl scripting.

Array : Array is a collection of elements. its elements are numbered from 0 to n-1.

pop - Removes the last element from the array.
push - insert given element(s) to the end of the array.
unshift - Inserts the given element(s) to the beginning of the array.
shift - removes the first element of the array.
sort - sorts the array in alphabetical order.

Syntax:
pop @array_name;
push @array_name, element(s)_to_be_inserted;
unshift (@array_name, "element(s)_to_be_inserted");
shift @array_name;
my @array_name = sort @array_name;

Here is a simple example.

#!/usr/bin/perl
#Purpose - To understand the concepts of Common array functions.
#PUSH POP SHIFT UNSHIFT and SORT

#START

#Modules using
use strict;

my @array = ("1","2","3","4");
    print "The initial array elements are : @array\n";

#popping an element from the array.
my $popped_element = pop @array;
    print "The array elements after popping are : @array\n";
    print "The popped element is : $popped_element\n";

#Pushing the popped element back to the array.
push @array, $popped_element;
    print "The array elements after pushing are : @array\n";
push @array, 5, 6, 7, 8;
        print "The array elements after pushing 5, 6, 7, 8 are : @array\n";

#Unshift : Unshifting means it'll add the specified element to the begining of the array
    print "unshifting the array with element : 0\n";
unshift (@array, "0");
    print "Array elements after unshifting are : @array\n";

#shift : shift removes the first element from the array.
shift @array;
    print "The elements after the operation shift are : @array\n";

#Sorting the elements of an array.
my @array1 = ("Randeep", "Saju", "Remil", "Ajith", "Nibul" );
    print "The array1 before sorting is : @array1\n";
my @array1 = sort @array1;
    print "The array1 after sorting is : @array1\n";
#END

Saturday, April 2, 2011

How to see the load average of all the vps on the node

[root@abc ~]# vzlist -o veid,laverage
   CTID LAVERAGE
   150 0.00/0.02/0.02
   350 0.00/0.00/0.00
   450 0.00/0.05/0.06

   5095 0.00/0.05/0.04
   6970 0.01/0.09/0.06
   7170 57.00/56.97/56.91

How to change the timezone on redhat linux system

First of all take the backup of the current timezone settings
mv /etc/localtime  /etc/localtime.bkp

Now. Suppose you want to change the timezone to Asia/Kolkatta
ln -sf /usr/share/zoneinfo/Asia/Kolkatta /etc/localtime

Thats it. It should be fixed now.

Friday, April 1, 2011

Syntax of linux command rsync

Syntax of rsync :

rsync -avzh --timeout=14000 /backups/private/7545/ 178.216.48.23:/vz/private/7545/

If the ssh port of the destination server is different. Then use the following options:

rsync -avzh --rsh='ssh -p2222' --timeout=14000 /vz/private/ 208.91.129.133:/vz/private/

or

rsync -avzh -e "ssh -p 2222" --timeout=14000 /vz/private/ 208.91.129.133:/vz/private/

What is the use of screen command in linux? How to use it?

What is the use of screen command in linux? How to use it? The following post explains it.
Screen is a powerful tool useful for working in a remote environment. You can start a screen and execute the commands inside the screen. So even if the connection goes down between your system and remote system, you can later attach to the screen. The command will be working inside the screen.

Installation:
#yum install screen

#screen
Then execute the command you want

To detatch screen
press "Ctrl+a"
then press "d"

To list the sceeen sessions
#sceen -ls

[root@server ~]# screen
[detached]
[root@server ~]# screen -ls
There is a screen on:
3063.pts-0.server (Detached) #Lists the existing sceen session ids.
1 Socket in /var/run/screen/S-root.
[root@server ~]#

To attach a screen again
# screen -r screen_id
[root@server ~]# screen -r 3063.pts-0.server

To name a screen while creating
# screen -S name_of_screen

To wipe off a dead screen
#screen -wipe screen_id

If you have only one screen. You can attach it by executing
#screen -x

Pages