Braindump

netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Output:

1 CLOSE_WAIT 1 established)
1 Foreign
3 FIN_WAIT1
3 LAST_ACK
13 ESTABLISHED
17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT

Dig out more information about a specific ip address:

# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

2 LAST_ACK 2 LISTEN
4 FIN_WAIT1
14 ESTABLISHED
91 TIME_WAIT
130 FIN_WAIT2

Busy server can give out more information:

# netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n

Output:

15 CLOSE_WAIT 37 LAST_ACK
64 FIN_WAIT_1
65 FIN_WAIT_2
1251 TIME_WAIT
3597 SYN_SENT
5124 ESTABLISHED

Get List Of All Unique IP Address To print list of all unique IP address connected to server, enter:

# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

To print total of all unique IP address, enter:

# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l

Output:

449

Find Out If Box is Under DoS Attack or Not If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:

# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Output:

1 10.0.77.52 2 10.1.11.3
4 12.109.42.21
6 12.191.136.3
.....
...
....
13 202.155.209.202
18 208.67.222.222
28 0.0.0.0
233 127.0.0.1

You can simply block all abusive IPs using iptables or just null route them.
Get Live View of TCP Connections

You can use tcptrack command to display the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
Display Summary Statistics for Each Protocol

Simply use netstat -s:

# netstat -s | less # netstat -t -s | less
# netstat -u -s | less
# netstat -w -s | less
# netstat -s

Output: Ip:

88354557 total packets received 0 forwarded
0 incoming packets discarded
88104061 incoming packets delivered
96037391 requests sent out
13 outgoing packets dropped
66 fragments dropped after timeout
295 reassemblies required
106 packets reassembled ok
66 packet reassembles failed
34 fragments failed

Icmp:

18108 ICMP messages received 58 input ICMP message failed.
ICMP input histogram:
destination unreachable: 7173
timeout in transit: 472
redirects: 353
echo requests: 10096
28977 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 18881
echo replies: 10096

Tcp:

1202226 active connections openings 2706802 passive connection openings
7394 failed connection attempts
47018 connection resets received
23 connections established
87975383 segments received
95235730 segments send out
681174 segments retransmited
2044 bad segments received.
80805 resets sent

Udp:

92689 packets received 14611 packets to unknown port received.
0 packet receive errors
96755 packets sent

TcpExt:

48452 invalid SYN cookies received 7357 resets received for embryonic SYN_RECV sockets
43 ICMP packets dropped because they were out-of-window
5 ICMP packets dropped because socket was locked
2672073 TCP sockets finished time wait in fast timer
441 time wait sockets recycled by time stamp
368562 delayed acks sent
430 delayed acks further delayed because of locked socket
Quick ack mode was activated 36127 times
32318597 packets directly queued to recvmsg prequeue.
741479256 packets directly received from backlog
1502338990 packets directly received from prequeue
18343750 packets header predicted
10220683 packets header predicted and directly queued to user
17516622 acknowledgments not containing data received
36549771 predicted acknowledgments
102672 times recovered from packet loss due to fast retransmit
Detected reordering 1596 times using reno fast retransmit
Detected reordering 1 times using time stamp
8 congestion windows fully recovered
32 congestion windows partially recovered using Hoe heuristic
19 congestion windows recovered after partial ack
0 TCP data loss events
39951 timeouts after reno fast retransmit
29653 timeouts in loss state
197005 fast retransmits
186937 retransmits in slow start
131433 other TCP timeouts
TCPRenoRecoveryFail: 20217
147 times receiver scheduled too late for direct processing
29010 connections reset due to unexpected data
365 connections reset due to early user close
6979 connections aborted due to timeout

Display Interface Table You can easily display dropped and total transmitted packets with netstat for eth0:

# netstat --interfaces=eth0

Output:

Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2040929 0 0 0 3850539 0 0 0 BMRU

Posted by Mario at 11:59 AM | Permalink | Comments (7)

LiSt Open Files (LSOF) is a Linux utility that allows you to view current network connections and the files associated with them.

LSOF provides verbose output and is useful in tracking down all sorts of information. For example, it allows you to see what program is operating on an open port, which daemons have established connections, and what ports are open on your server.

While similar in many ways to utilities like netstat and fuser, LSOF has many unique options that let you find specific information on ports, users, processes, and files.

Getting and installing LSOF

On many Linux systems, LSOF will be installed by default. Try running lsof -v to see whether the program exists on your system. If it doesn't, you will need to download one of the many packages available and install it yourself. Source and binary versions are available here, while distribution-specific packages are available from locations such as Rpmfind.net and are included in databases for apt-get, up2date, and urpmi.

If you are installing from source, download the tarball and perform these commands:

tar xpfz lsof_4.64.tar.gz
cd lsof_4.64
tar xpf lsof_4.64_src.tar
cd lsof_4.64_src
./Configure linux make

During the configuration, you have the option of running an inventory to verify that all the files necessary for compilation are present. You will be asked if you want to customise the installation. This shouldn't be necessary on most Linux platforms, so answering no is fine. If you encounter any problems running LSOF later, you may want to come back and try some customisation. Customisation may also be needed if you upgrade or modify your kernel.

After running make, the executable lsof should appear in the directory. There is no default make install rule, so you can create your own or just copy lsof to your directory of choice. Keep in mind that you may need to modify its permissions to be setuid-root if you want regular users to be able to see all open files. Not that this is necessarily recommended, but it's good to remember, since the output generated when LSOF is run as root will be different from the output generated when it's run by a normal user account.

Looking at network connections

As its name indicates, LSOF deals with open files on a Linux system. An open file can be a regular file, a directory, a library, a stream, or a network socket. You can take advantage of various LSOF options, depending on what you're looking for.

Running lsof by itself will output all open files corresponding to every active process on the box. This can be quite lengthy, so it's best to know what you are looking for in advance. You can get a quick rundown of the options with lsof -h, and the man page goes into much further detail. Let's take a look at some common switches and what they will show us.

lsof -i

The lsof -i command lists all open files associated with Internet connections. It is similar in format to netstat -a -p and will look something like Listing A.

By default, LSOF lists detailed information about each connection. In Listing A, we see the command or program involved, the process ID (PID), the user running the command, the file descriptor (FD), the type of connection, the device number, the Internet protocol, and the name of the file or Internet address. The -i option can be useful when you're attempting to secure your Linux box. You can quickly determine what ports are open and listening for incoming connections. LSOF will also associate them with a program name. Thus, you can quickly identify unnecessary security risks and shut them down.

Ports that are awaiting connections have the keyword LISTEN appended to them. These are ports that are open and accepting connections. Note that LSOF will not distinguish between ports that are completely open and ones that have filters applied. The keyword ESTABLISHED indicates that a connection on the given port has been made. In Listing A, there is an SSH session from labrat.remote.net to test.com. You can see multiple processes associated with the sshd daemon. The main daemon, PID 597, handles incoming requests and forks itself as needed. PID 8545 was spawned by sshd and is responsible for the 8547 process. The only noticeable difference between 8545 and 8547, besides the PID, is in the user field. Notice that lhutz is the user who has remotely logged in to this box. This is useful information that goes beyond merely presenting network connections.

You can narrow your search by specifying a particular port, service, or host name using techniques such as:

lsof -i :587
lsof -i :smtp
lsof -i @labrat.remote.net

LSOF will then output all matching connections. The above examples will list connections listening or established on port 587, list connections associated with the well-known service SMTP, and list connections coming from or going to the host labrat.remote.net, respectively. These techniques are handy if you know what you are looking for in advance. You can watch and see whether inbound SMTP connections are taking too long, possibly causing timeouts. You can verify that the service is in fact running and what port it is listening on. And you can see if anyone from a certain device is connected to your system, whether it is via SSH, Telnet, FTP, or just about any other way possible.

lsof -p 409

LSOF will also accept a PID and output all open files it is using. In this particular instance, we performed an lsof -I to determine what PID number NameD (BIND DNS service) was operating under. Once we discovered it was 409, we issued the command lsof -p 409. The output is shown in Listing B.

You'll notice the different FDs, or file descriptors, right away. The cwd variable represents the current working directory of the process; txt defines the program text, which is the executable itself; mem is a file held in memory, in this case a library; the 4 and 21 represent files in use by this particular process; and the u designator defines them as having both read and write access. These all help you determine whether something physically exists on the system, is being used by the process, or is being held in memory.

lsof +d

The command lsof +d /var/log/apache/ is similar to fuser. It basically associates open files with their processes. In this case, we are looking at all regular files in the /var/log/apache/ directory. The output would look something like Listing C. In this example, Apache is keeping track of two sets of log files, an access and an error log for two domains. As you can see, there are some differences between regular files and Internet connections. For one thing, the TYPE is now REG, indicating a regular file. Also, a SIZE variable is present, which indicates the actual size in bits the file takes up. Notice too that the DEV variable indicates they all use the same device, in this example, a single hard drive. The +d flag that was issued with LSOF tells the command not to leave the top-level directory, while +D would perform a recursive check on all subdirectories.

lsof -F <...>

The -F switch provides an excellent way to format LSOF output. This built-in feature allows you to pipe information directly into external programs, such as a Perl script, a C program, or even a monitoring program like MRTG. You do this by specifying which fields you would like printed. For example, lsof -F pcfn would print the process ID, the command name, the file descriptor, and the filename. Many options are available, and this can save you time in working with the raw data yourself.

We've covered just a few of the options LSOF provides, but the man page covers the full spectrum of LSOF capabilities. Some LSOF commands may be processor intensive, due to the sheer number of processes on a system, so be as selective as possible when running commands.

Summary

LSOF is an excellent utility for managing and tracking network connections on your Linux system. Although a number of utilities can perform similar functions, none is quite as robust as LSOF. With LSOF, you can list open ports, identify connections currently being made to your system, and determine what resources a process is using. Not only that, but you can also determine what processes a particular user has and find detailed information about file and directory usage.

Posted by Mario at 11:56 AM | Permalink | Comments (0)

Rails on Plesk

Hi, folks! It seems a few of y’all might be interested in hearing how to get Ruby on Rails set up on a Plesk server. I did it last month, and it wasn’t terribly difficult, so I thought I’d write a quick guide to the process.
But first, two quick caveats:
1. I did this on a server running PSA 7.5.2 on Red Hat Enterprise Linux 3. The process is probably the same for other Red Hat/Fedora versions, but it might be a bit different on other distros or FreeBSD.
2. I’m assuming that you are comfortable with compiling and installing software from source. If that’s not something you’re familiar with, there is great little howto here that can help you get started.

Step one: Install Ruby

You need Ruby 1.8.2 or later to run rails. If your OS vendor supplies a packaged version for you, use that. Otherwise, you’ll need to download the latest source from ruby-lang.org) and compile it yourself. I didn’t do anything unusual on my ruby installation; just ./configure, make, and make install.

Step two: Install the FCGI Development Kit

There are three pieces of FastCGI software that must be installed on your server to run rails applications: The FastCGI development kit, the mod_fastcgi Apache module, and the Ruby FastCGI bindings. We’ll do the first one now. You can download it from fastcgi.com. This one is just like the Ruby installation: ./configure, make, and make install.

Step three: Install mod_fastcgi

Mod_fastcgi doesn’t have an automated installation process, so this one is a bit more complicated:
1. Download the source code from fastcgi.com and extract it into /usr/local/src.
2. cd mod_fastcgi-2.4.2
3. cp Makefile.AP2 Makefile (this is required since we’re using apache 2.x, not 1.3)
4. Open Makefile in your favorite editor. Change the line that says top_dir = /usr/local/apache2 to top_dir = /usr/lib/httpd
5. make
6. make install

Step four: Install RubyGems

RubyGems is the ruby package manager (If you’re familiar with Perl’s CPAN module, RubyGems is basically the same idea). It can be downloaded from rubyforge.
RubyGems doesn’t use GNU autoconf or automake, so the installation command is a bit different: instead of ./configure, make, and make install, you just do ruby setup.rb all.

Step five: Install Rails, Ruby-FCGI and Ruby-MySQL

Once you have Ruby and RubyGems installed, getting rails is easy: just gem install rails. It will ask you whether it should install some dependencies; say “y” to all of them. When that’s done, gem install fcgi to get the Ruby FastCGI bindings, and gem install mysql to get the Ruby MySQL bindings.

Step six: Configure Apache

To make Apache use the FastCGI module, copy this into /etc/httpd/conf.d/fastcgi.conf:
LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiWrapper on
FastCgiConfig -idle-timeout 900
Restart apache, and you’re done!

Wait—two more quick notes!

1. This guide only covers server-wide configuration; there are a few tricks to setting up individual rails apps in Plesk as well. If an article about setting up an individual rails app would be helpful to you, drop me a line and I’ll see what I can do. (Update: The follow-up article is available here)

2. This guide is only based on my own experience. If you use it, and find ways that it could be better or more complete, leave a response, and by all means, I’ll do my best to fix it.

Posted by Mario at 12:08 AM | Permalink

gpasswd -a user cron

Posted by Mario at 07:33 AM | Permalink

Next, you need to make sure the proxy server itself supports all the HTTP methods Subversion uses. Some proxy servers do not support these methods by default: PROPFIND, REPORT, MERGE, MKACTIVITY, CHECKOUT. In general, solving this depends on the particular proxy software. For Squid, the config option is

# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
#
#Default:
# none
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

(Squid 2.4 and later already knows about PROPFIND.)

Posted by Mario at 08:30 AM | Permalink

See "here.":http://gentoo-wiki.com/Masked

Posted by Mario at 09:41 AM | Permalink

Il est possible de trouver un mini guide subversion ici

Posted by Mario at 05:06 PM | Permalink

Gentoo really shines, however, when a user needs a newer version of a piece of software. Let's say I'm using the bluefish HTML editor, for example, and a bug is annoying me. A newer version of bluefish might be available in Portage, Gentoo's software package management system, so I might be able to ask for the upgrade. Gentoo has a handy command called etcat that can determine what's available: >> etcat versions bluefish

Posted by Mario at 11:22 PM | Permalink

The AMD64 edition of the 2004.2 release is best described as poorly tested -- following the installation instructions did not produce a working operating system for me, but I was able to figure out some ways around the mistakes in the documentation thanks to some tips on the Gentoo forums. The LiveCD, as it has done for all previous versions, did not properly detect and install the kernel module for the 3Com Gigabit Ethernet LAN chip integrated into the ASUS K8V Deluxe motherboard (curiously, the x86 edition does not have a problem with this). Fortunately it loads properly via modprobe, and from previous experience I already knew that the module name was sk98lin. On my first attempt to get the AMD64 edition installed on an Athlon 64 system using the above-mentioned mainboard, I was not successful -- I'll try again when I have some spare time, but for now I can't recommend the AMD64 edition to any but the most experienced GNU/Linux or FreeBSD veterans who are able to trace and resolve errors in configuration and compiling. You can also scour the forums for help if you have another working machine with a Web browser. You'll probably find everything you need after an hour or so of searching and reading, but one should not have to read forums, newsgroups, or mailing lists to install an operating system. The documentation should be accurate and the software should be properly tested and fully functional, and in the instance that it is not fully functional, it should at least be predictable.

Posted by Mario at 01:58 PM | Permalink

This is how I do it. I don't store the 1-min avg since I only do the update every 5 minutes and it wouldn't really make much sense to do so. Also, I'm not (currently) using SNMP to get the value, but it should be fairly easy to modify to use SNMP. *Create*

rrdtool create /var/db/rrd/loadavg.rrd \
  DS:5min:GAUGE:600:U:U   \
  DS:15min:GAUGE:600:U:U  \
  RRA:AVERAGE:0.5:1:576   \
  RRA:AVERAGE:0.5:6:672   \
  RRA:AVERAGE:0.5:24:744  \
  RRA:AVERAGE:0.5:288:732 \
  RRA:MAX:0.5:1:576       \
  RRA:MAX:0.5:6:672       \
  RRA:MAX:0.5:24:744      \
  RRA:MAX:0.5:288:732

*Update*

#!/usr/local/bin/bash
PATH=/bin:/usr/bin:/usr/local/bin

echo $(uptime | sed -e 's/^.*load average.*: //' -e 's/ //g' | \
awk -F, "{ printf(\"update /var/db/rrd/loadavg.rrd N:%f:%f\", \$2, \$3)}")
| rrdtool -

*Graph*

#!/usr/local/bin/bash
PATH=/bin:/usr/bin:/usr/local/bin

tstamp=`date`
rrdtool graph /var/www/localhost/stats/loadavg-day.png \
  --start now-1day \
  --vertical-label "Load averages" \
  --title "Load averages for the past day" \
  --width 600 \
  --height 200 \
  --alt-autoscale-max \
  --lower-limit 0 \
  DEF:5minavg=/var/db/rrd/loadavg.rrd:5min:AVERAGE \
  AREA:5minavg#0000dd:"5-min load avgs" \
  GPRINT:5minavg:AVERAGE:"Avg\:%3.2lf" \
  GPRINT:5minavg:MAX:"Max\:%3.2lf\n" \
  COMMENT:"$tstamp\r"

Continue reading "RRD Tool - System Load Stats" »

Posted by Mario at 09:15 PM | Permalink

Some good script to set up and chroot jail for users http://www.jmcresearch.com/projects/jail/

Posted by Mario at 11:37 AM | Permalink

Reference on IP CIDR notation: ex: 100.100.100.100/24 http://itadmin.appfa.auckland.ac.nz/FAQ/Network/IP-CIDR.htm and a chart: http://bradthemad.ath.cx/tech/notes/cidr_subnets.php

Posted by Mario at 11:16 AM | Permalink

netstat -t will list all actives connections on a Linux server. See man netstat for more info.

Posted by Mario at 01:16 PM | Permalink

mount -t smbfs -o username=YOURUSER,password=YOURPASSWORD //YOURSERVER/SHARE /newhome

Posted by Mario at 10:37 AM | Permalink

SpamAssassin-ClamAV-Procmail-Howto - FalkoTimme.com work with Postfix or Sendmail

Posted by Mario at 09:46 AM | Permalink

SWSoft Forum - Backup Restore How do I make a fullserver backup with ip's etc. everything and restore it on another clean plesk 6 server without losing any up to date data?

/usr/local/psa/bin/psadump -F -f - | split -b 1000m - dump.

backup your old plesk system and restore to another clean pesk system using

cat dump.* | /usr/local/psa/bin/psarestore -m map_file -s shells_map_file -f - 

Posted by Mario at 11:38 AM | Permalink

World Domination Plan - phase debtakeover Tool to convert from other distib to debian. Live...

Posted by Mario at 10:58 AM | Permalink

GREG'S PLACE v4 : Nrg2Iso linux utils for converting cd image generated by Nero Burning Rom to ISO format

Posted by Mario at 09:47 AM | Permalink

DNS - GODADDY Nameserver wont work so I use DNS Hosting Go to the Go Daddy web site at http://www.godaddy.com/ Click the My Account link. Login using your login name or customer number and password. Once you logged into your account. Click the link labeled, Domain List in the GOTO section. Click on the domain name that you wish to use for your nameservers. Locate Domain Host Information at the bottom. Use the link named click here to add. Enter the first nameserver with its IP address. Click Register Name Server. Enter the second nameserver with its IP address. Click Register Name Server. Please allow 24-48 hours for the nameservers to be registered over the Internet. Or, you are able to change the nameservers information for your domain name instantly within Go Daddy. YOU MUST enter a second nameserver. If you only have one ip use it for both ns1.yourdomain.com and ns2.yourdomain.com You won't have redundency but you can find a friend later on to run your secondary.

Posted by Mario at 11:37 PM | Permalink

Outport - Welcome

Posted by Mario at 03:55 PM | Permalink

rsync backup to a central backup server with 7 day incremental

#!/bin/sh

# This script does personal backups to a rsync backup server. You will end up
# with a 7 day rotating incremental backup. The incrementals will go
# into subdirectories named after the day of the week, and the current
# full backup goes into a directory called "current"
# tridge@linuxcare.com

# directory to backup
BDIR=/home/$USER

# excludes file - this contains a wildcard pattern per line of files to exclude
EXCLUDES=$HOME/cron/excludes

# the name of the backup machine
BSERVER=owl

# your password on the backup server
export RSYNC_PASSWORD=XXXXXX


########################################################################

BACKUPDIR=`date  %A`
OPTS="--force --ignore-errors --delete-excluded --exclude-from=$EXCLUDES 
      --delete --backup --backup-dir=/$BACKUPDIR -a"

export PATH=$PATH:/bin:/usr/bin:/usr/local/bin

# the following line clears the last weeks incremental directory
[ -d $HOME/emptydir ] || mkdir $HOME/emptydir
rsync --delete -a $HOME/emptydir/ $BSERVER::$USER/$BACKUPDIR/
rmdir $HOME/emptydir

# now the actual transfer
rsync $OPTS $BDIR $BSERVER::$USER/current

backup to a spare disk I do local backups on several of my machines using rsync. I have an extra disk installed that can hold all the contents of the main disk. I then have a nightly cron job that backs up the main disk to the backup. This is the script I use on one of those machines.

    #!/bin/sh

    export PATH=/usr/local/bin:/usr/bin:/bin

    LIST="rootfs usr data data2"

    for d in $LIST; do
	mount /backup/$d
	rsync -ax --exclude fstab --delete /$d/ /backup/$d/
	umount /backup/$d
    done

    DAY=`date " %A"`
    
    rsync -a --delete /usr/local/apache /data2/backups/$DAY
    rsync -a --delete /data/solid /data2/backups/$DAY

The first part does the backup on the spare disk. The second part backs up the critical parts to daily directories. I also backup the critical parts using a rsync over ssh to a remote machine. mirroring vger CVS tree The vger.rutgers.edu cvs tree is mirrored onto cvs.samba.org via anonymous rsync using the following script.

    #!/bin/bash

    cd /var/www/cvs/vger/
    PATH=/usr/local/bin:/usr/freeware/bin:/usr/bin:/bin

    RUN=`lps x | grep rsync | grep -v grep | wc -l`
    if [ "$RUN" -gt 0 ]; then
	    echo already running
	    exit 1
    fi

    rsync -az vger.rutgers.edu::cvs/CVSROOT/ChangeLog $HOME/ChangeLog

    sum1=`sum $HOME/ChangeLog`
    sum2=`sum /var/www/cvs/vger/CVSROOT/ChangeLog`

    if [ "$sum1" = "$sum2" ]; then
	    echo nothing to do
	    exit 0
    fi

    rsync -az --delete --force vger.rutgers.edu::cvs/ /var/www/cvs/vger/
    exit 0

Note in particular the initial rsync of the ChangeLog to determine if anything has changed. This could be omitted but it would mean that the rsyncd on vger would have to build a complete listing of the cvs area at each run. As most of the time nothing will have changed I wanted to save the time on vger by only doing a full rsync if the ChangeLog has changed. This helped quite a lot because vger is low on memory and generally quite heavily loaded, so doing a listing on such a large tree every hour would have been excessive. automated backup at home I use rsync to backup my wifes home directory across a modem link each night. The cron job looks like this

    #!/bin/sh
    cd ~susan
    {
    echo
    date
    dest=~/backup/`date  %A`
    mkdir $dest.new
    find . -xdev -type f \( -mtime 0 -or -mtime 1 \) -exec cp -aPv "{}"
    $dest.new \;
    cnt=`find $dest.new -type f | wc -l`
    if [ $cnt -gt 0 ]; then
      rm -rf $dest
      mv $dest.new $dest
    fi
    rm -rf $dest.new
    rsync -Cavze ssh . samba:backup
    } >> ~/backup/backup.log 2>&1

note that most of this script isn't anything to do with rsync, it just creates a daily backup of Susans work in a ~susan/backup/ directory so she can retrieve any version from the last week. The last line does the rsync of her directory across the modem link to the host samba. Note that I am using the -C option which allows me to add entries to .cvsignore for stuff that doesn't need to be backed up. Fancy footwork with remote file lists One little known feature of rsync is the fact that when run over a remote shell (such as rsh or ssh) you can give any shell command as the remote file list. The shell command is expanded by your remote shell before rsync is called. For example, see if you can work out what this does:

	rsync -avR remote:'`find /home -name "*.[ch]"`' /tmp/

note that that is backquotes enclosed by quotes (some browsers don't show that correctly).

Posted by Mario at 09:26 PM | Permalink

Widexl - Advanced .htaccess tutorial for to password protect web pages and the configuration from your web server.

Posted by Mario at 08:40 PM | Permalink

Linux System Startup | Linux Gazette Today you can purchase a Linux distribution, install it and use it without really understanding much about the operating system itself. This article looks inside the startup sequence of a Linux system on a PC. The geek word for starting up a computer is bootstrapping. The short version is booting or boot. The initial part of this process is performed by code stored in ROM. This is code that is general in nature rather than being specific to Linux. Its task is to load the Linux-specific loader and turn control over to it. Boot Loaders The boot loader is the program loaded by the ROM (either the BIOS on the motherboard or device-specific code like on a SCSI disk controller board). There are two popular boot loaders for PCs. LILO is the traditional loader and GRUB is the newer one. Each program has the task of grabbing some configuration information, loading the Linux (or other) kernel and turning over control. The most significant difference between LILO and GRUB is how it gets the configuration information. The configuration for LILO is saved in a static form by running the lilo command. This information is written to either the master boot record (MBR) of the disk or to the boot record of the Linux root partition. The configuration information used by the lilo command is normally stored in /etc/lilo.conf. Here is a sample configuration file.

boot=/dev/hda   # boot loader to MBR
root=/dev/hda1  # root partition
install=/boot/boot.b
map=/boot/map
delay=50        # 5 second delay before auto-boot
image=/vmlinuz  # kernel
  label=linux   # name to refer to entry
  read-only
image=/vmlinuz.old      # backup entry
  label=old
  read-only

In this example, there are two possible kernels to boot: /vmlinuz and /vmlinuz.old. At the LILO prompt you can select between them by entering linux to select the current one or old to select the backup one. Pressing the TAB key at the LILO prompt will list these options. If you rebuild your kernel or want to make any other change you will need to rerun the lilo command to re-read the configuration file and re-install LILO with this new configuration information. GRUB reads the configuration file at boot time. The MBR is only 512 bytes. The portion of GRUB that is installed in the MBR does some basic initialization of the system, figures out how to access the boot drive and then loads the rest of GRUB from the drive. GRUB is installed by the grub-install program. There should be a man or info page available with the details. The grub info page is also very helpful. The configuration file is generally located in the /boot/grub directory. SuSE puts it in menu.lst and Red Hat in grub.conf. Here is a sample configuration file:

default 0
timeout 8
gfxmenu (hd0,1)/boot/message

title Linux
    kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 desktop showopts
    initrd (hd0,1)/boot/initrd

title Failsafe
    kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 showopts ide=nodma apm=off acpi=o
ff vga=normal nosmp noapic maxcpus=0 3
    initrd (hd0,1)/boot/initrd

title Memory Test
    kernel (hd0,1)/boot/memtest.bin

If you are sharing the computer with a proprietary OS from Redmond, take note that those people don't realize there are other operating systems available. That means that when you install their system the just overwrite the MBR. If you install their software first followed by Linux, all should be okay and you will be able to boot either OS. Run Levels Run levels offer you an array of system configurations. Unless told otherwise, the system will come up at the default run level which is typically level 3 or level 5. You can alter this behavior by entering the label name in LILO or the word boot in GRUB followed by the word single at the boot loader prompt. There are seven standard run levels: 0 through 6. Level 0 means shutdown, level 1 is single-user mode and level 6 means reboot. The other levels are available at your discretion to set up various system configurations. The most typical is to use run level 3 as a fully-operational system without the GUI (X) running and level 5 like level 3 with the GUI. On many systems, there is a run level called S which is like run level 1 but requires the root password to be entered. This is there for security reasons. The contents of the file /etc/inittab determine what action is to be taken at each run level and also specifies the default run level. Here is a sample of what might appear in /etc/inittab:

#
# /etc/inittab
#
# This is the main configuration file of /sbin/init, which
# is executed by the kernel on startup.
#

# The default runlevel
id:5:initdefault:

# /etc/init.d/rc takes care of runlevel handling
#
# runlevel 0  is  System halt   (Do not use this for initdefault!)
# runlevel 1  is  Single user mode
# runlevel 2  is  Local multiuser without remote network (e.g. NFS)
# runlevel 3  is  Full multiuser with network
# runlevel 4  is  Not used
# runlevel 5  is  Full multiuser with network and xdm
# runlevel 6  is  System reboot
#
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6

# what to do in single-user mode
ls:S:wait:/etc/init.d/rc S
~~:S:respawn:/sbin/sulogin

# what to do when CTRL-ALT-DEL is pressed
ca::ctrlaltdel:/sbin/shutdown -r -t 4 now

# getty-programs for the normal runlevels
# :::
# The "id" field  MUST be the same as the last
# characters of the device (after "tty").
1:2345:respawn:/sbin/mingetty --noclear tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

The line id:5:initdefault: sets the default run level to 5. The lines of this form l1:1:wait:/etc/init.d/rc 1 invoke the script /etc/init.d/rc passing it the run level as an argument. This script then starts the processes associated with the specific run level (and stops other processes). All of the scripts to control each process are also located in the /etc/init.d directory. Typically, which processes are to be started and stopped at each run level are located in sub-directories (for example, rc5.d for run level 5) of /etc/init.d. In each of these runlevel-specific directories, symbolic links are used to identify the processes. Link names starting with K refer to processes that are to be stopped (killed) and link names starting with S refer to those which are to be started. The links are accessed alphabetically which means the kill scripts are run first and the order of the scripts within the kill and start lists are controlled by using a 2-digit number immediately following the K or S. I said typically as this is the standard way to handle this information. Some vendors use slightly different schemes but, in all cases, the generainit program are what controls the whole process. If you are familiar with how UNIX handles startup, this is very similar to System V Init. If there were no problems encountered along the way your system should now be at the chosen run level. Once the system is up and running you can change run levels by logging on as root and using the init command. For example, to change to run level 3, you would enter init 3.

Posted by Mario at 10:36 PM | Permalink

FrontPage - cornerhost wiki

Posted by Mario at 01:57 PM | Permalink

From now on, the exim script will not operate unless the modules Tie::IxHash and Date::Calc are both installed. It will just silently exit if this is not the case.

Posted by Mario at 08:28 PM | Permalink

this installation applies to *nix OS's first off you need to be root.. root@lysp:~# perl -MCPAN -e shell if its your first time you will need to answer a bunch of questions, what you have on your system, most which can be answered as default, and then where in the world you are, this will set up your closest mirror for getting the CPAN sources. now, lets install a module.: cpan> install Net::IRC the install procedure is install Module::submodule

Posted by Mario at 08:24 PM | Permalink

The Linux Cookbook: Tips and Techniques for Everyday Use: Finding Files 8.2.3 Finding Files in a Directory Tree by Modification Time To find files last modified during a specified time, use find with the `-mtime' or `-mmin' options; the argument you give with `-mtime' specifies the number of 24-hour periods, and with `-mmin' it specifies the number of minutes. * To list the files in the `/usr/local' directory tree that were modified exactly 24 hours ago, type: $ find /usr/local -mtime 1 RET * To list the files in the `/usr' directory tree that were modified exactly five minutes ago, type: $ find /usr -mmin 5 RET To specify a range of time, precede the number you give with either a plus sign (` ') to match times that are equal to or greater than the given argument, or a hyphen or minus sign (`-') to match times that are equal to or less than the given argument. * To list the files in the `/usr/local' directory tree that were modified within the past 24 hours, type: $ find /usr/local -mtime -1 RET * To list the files in the `/usr' directory tree that were modified within the past five minutes, type: $ find /usr -mmin -5 RET Include the `-daystart' option to measure time from the beginning of the current day instead of 24 hours ago. * To list all of the files in your home directory tree that were modified yesterday, type: $ find ~ -mtime 1 -daystart RET * To list all of the files in the `/usr' directory tree that were modified one year or longer ago, type: $ find /usr -mtime 356 -daystart RET * To list all of the files in your home directory tree that were modified from two to four days ago, type: $ find ~ -mtime 2 -mtime -4 -daystart RET In the preceding example, the combined options `-mtime 2' and `-mtime -4' matched files that were modified between two and four days ago. To find files newer than a given file, give the name of that file as an argument to the `-newer' option. * To find files in the `/etc' directory tree that are newer than the file `/etc/motd', type: $ find /etc -newer /etc/motd RET To find files newer than a given date, use the trick described in the find Info documentation: create a temporary file in `/tmp' with touch whose timestamp is set to the date you want to search for, and then specify that temporary file as the argument to `-newer'. * To list all files in your home directory tree that were modified after May 4 of the current year, type: $ touch -t 05040000 /tmp/timestamp RET $ find ~ -newer /tmp/timestamp RET In this example, a temporary file called `/tmp/timestamp' is written; after the search, you can remove it (see section Removing Files and Directories). NOTE: You can also find files that were last accessed a number of days after they were modified by giving that number as an argument to the `-used' option. This is useful for finding files that get little use--files matching `-used 100', say, were accessed 100 or more days after they were last modified.

Posted by Mario at 09:34 AM | Permalink

EasyTAG

Posted by Mario at 12:34 PM | Permalink

type this command hwbrowser & this shows you what hardware you have. click on the cdrom tab and note the device then do rm -f /dev/cdrom and do ln -s /dev/hdX /dev/cdrom where hdX is the device that hwbrowser tells you it is.

Posted by Mario at 10:26 AM | Permalink

"spamassassin":http://www.spamassassin.org/dist/sql/README "Postfix - Courrier Imap - MySql":http://www.high5.net/howto/ "Apache Config":http://www.unix-girl.com/geeknotes/apache_virtual_host_conf.html "Pure FTP":http://www.pureftpd.org/README.Virtual-Users "ProFTPD":http://groups.google.com/groups?q=virtual+user++ftp&hl=en&lr=&ie=UTF-8&oe=utf-8&selm=71z%25a.742110%24ro6.15224438%40news2.calgary.shaw.ca&rnum=5 " ISP-Planet Guide to Building an ISP":http://isp-planet.com/resources/isp_guide/index.html "Scripts and Patches for Internet Service Providers":http://www.westnet.com/providers/

Posted by Mario at 12:00 PM | Permalink

42go ISP-Manager

Posted by Mario at 10:59 AM | Permalink

The Perfect Setup - Debian

Posted by Mario at 10:32 AM | Permalink

Disk Usage FAQ

This will give you a list of non-hidden folders in the current directory, the number of KB used by each of them, and sort them by size. If you have very large hidden files/folders (files/folders starting with a dot (.) are considered hidden), then you can use this somewhat more complex command to get the same sort of list as before, except including hidden files:

/bin/ls -la | awk '{print $9}' | grep -v '^\.\./$' | grep -v '^\./$' | xargs du -sk | sort -n

better use du -sh then du -sk... it's more lisible

Posted by Mario at 07:19 PM | Permalink

NewsForge | Setting up server tools for spam- and virus-free mail interesting Article...

Posted by Mario at 01:14 PM | Permalink

utiliser mutt (mutt.org) et entrer la commande suivante: mutt -n -F /dev/null -s "sujet" -a fichier.123 email@domaine.com < /dev/null

Posted by Mario at 02:45 PM | Permalink

Si jamais : rpmdb: unable to join the environment error: db4 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db3 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm alors run this before running apt-get: export LD_ASSUME_KERNEL=2.2.5 c'est un probleme avec le kernel 2.6-test et rpm.

Posted by Mario at 09:26 AM | Permalink

Automating rsync with a Simple Expect Script Expect is a great tool in a system administrators arsenal and can be used to easily automate tasks that require periodic user input. This can allow the administrator to make better use of their time than watching the application or utility to spot the next time it requires input. In the following example expect is used to automate the inputing of a password for a series of rsync commands tunneled through ssh. The script automates a series of rsync operations using only the password for access to the remote host so that the security of the two machines is not reduced by making the source machine trust the destination machine in any way (for example .rhosts or a ssh key with an empty pass phrase). The script reads a password from the user and then holds that password in a variable for use each time the ssh application that rsync is using as a tunnel asks for it. The "stty -echo" prevents the password from being echoed to the screen when it is typed in and the "stty echo" turns it back on. #!/usr/bin/expect -f spawn date expect "#" send_user "The password for HOSTNAME: " stty -echo expect_user -re "(.*)\n" {set PASSPH $expect_out(1,string)} send_user "\n" stty echo set timeout -1 spawn date expect "#" spawn rsync -ave ssh --numeric-ids HOSTNAME:/etc /sdc/ expect "password:" { send "$PASSPH\n"} expect "#" spawn date expect "#" spawn rsync -ave ssh --numeric-ids HOSTNAME:/admin /sdc/ expect "password:" { send "$PASSPH\n"} expect "#" spawn date expect "#" spawn rsync -ave ssh --numeric-ids HOSTNAME:/home /sdd expect "password:" { send "$PASSPH\n"} expect "#" spawn date expect "#" spawn rsync -ave ssh --numeric-ids HOSTNAME:/mail /sdd expect "password:" { send "$PASSPH\n"} expect "#" spawn date expect "#" spawn rsync -ave ssh --numeric-ids HOSTNAME:/work /sdc/ expect "password:" { send "$PASSPH\n"} expect "#" spawn date expect "#"

Posted by Mario at 10:37 AM | Permalink

ONLamp.com: Improving User Passwords with apg [Oct. 30, 2003]

Continue reading "Improving User Passwords with apg" »

Posted by Mario at 11:11 AM | Permalink

CVS homedir Joey shows you how to keep track of everything with CVS. I keep my life in a CVS repository. For the past two years, every file I've created and worked on, every e-mail I've sent or received and every config file I've tweaked have all been checked into my CVS archive. When I tell people about this, they invariably respond, ``You're crazy!''

Continue reading "CVS for All" »

Posted by Mario at 11:07 AM | Permalink

SourceForge.net: Project Info - PSMON - Process Monitoring Daemon psmon is a *NIX process monitoring daemon which may optionally be run as a standalone program. Allows slaying and respawning of critical processes which die, or exceed pre-determined TTL, concurrent instances and or memory or CPU usage.

Continue reading "PSMON" »

Posted by Mario at 01:00 PM | Permalink

System Management

Posted by Mario at 10:28 AM | Permalink

run redhat-config-packages from Terminal windows (as root)

Posted by Mario at 08:36 PM | Permalink

Signal Value Action Comment or death of controlling process SIGINT 2 Term Interrupt from keyboard SIGQUIT 3 Core Quit from keyboard SIGILL 4 Core Illegal Instruction SIGABRT 6 Core Abort signal from abort(3) SIGFPE 8 Core Floating point exception SIGKILL 9 Term Kill signal SIGSEGV 11 Core Invalid memory reference SIGPIPE 13 Term Broken pipe: write to pipe with no readers SIGALRM 14 Term Timer signal from alarm(2) SIGTERM 15 Term Termination signal SIGUSR1 30,10,16 Term User-defined signal 1 SIGUSR2 31,12,17 Term User-defined signal 2 SIGCHLD 20,17,18 Ign Child stopped or terminated SIGCONT 19,18,25 Continue if stopped SIGSTOP 17,19,23 Stop Stop process SIGTSTP 18,20,24 Stop Stop typed at tty SIGTTIN 21,21,26 Stop tty input for background process SIGTTOU 22,22,27 Stop tty output for background process

Posted by Mario at 11:13 AM | Permalink

Here's how to disable Linux services, according to Dennis: * First, find them: netstat -nlp -inet * Next, disable them: chconfig $SERVICE off * To edit them: inetd.conf OR xinetd.d/* * Finally, double-check with: nmap (from remote machine) You can restrict access in several ways: * Bind services to specific interfaces, via their config files * Use the hosts.allow command * Implement belts and suspenders such as ipchains, iptables, and ipfwadm Bastille, Tripwire, AIDE, and Samhain You should also run Bastille � an interactive lockdown/hardening script � assuming that it supports the distro you're using. Currently, Bastille provides support for Red Hat, SuSE, Debian, Mandrake, and TurboLinux distros of Linux, along with HP-UX and Mac OS X. "Bastille Linux provides feedback to administrators about security during installation. The focus is on proper configuration," concurs Spire Security's Lindstrom. As opposed to configuration issues, most other approaches to vulnerabilities today focus on software bugs, he says. Dennis considers Tripwire � a long-standing security solution � to be rather antiquated, in comparison to the newer AIDE. He recommends the installation of both AIDE and Samhain, an open source security project from Lunapark that includes a network console, stealth option, and LDAP authentication. 'Jail Services' and Other Firewalls Virtually no one would dispute the merits of network firewalls with packet detection. For added layers of protection, though, Dennis advises the use of "jail services" such as chroot, Linux capabilities (Lcap), User Mode Linux (UML), VMware, and dedicated hardware. "You can think of all of these as firewalling processes, too. One caveat, though, is that chroot isn't root safe. Also, UML and other VMs may cost too much in [terms of] performance," he adds. Get Rid of Deprecated Protocols You should also swap out older and less secure "deprecated protocols" with newer alternatives, says Dennis, who suggests the following replacements: Protocol Alternative POP/IMAP POPS/IMAP (SSL) telnet ssh/scp/sftp rdist rsync -e ssh NIS resync /etc/passwd.group) LDAP over SSL NFS Still a question mark No Panacea for Cryptography Available cryptographies include FreeS/WAN, Kerberos, OpenSSH, and several more. As Dennis sees it, each still has pros and cons. For example, FreeS/WAN, a freeware edition of IPSEC VPNs, "potentially secures deprecated protocols." It is also interoperable with other IPSEC implementations. On the other hand, FreeS/WAN is "NAT hostile," he charges. Lindstrom also doesn't detect any type of panacea out there for cryptography. "It is nice to know that there is a freeware version of IPSEC VPNs. But the problem of encryption adoption isn't the dollar cost. It's the management and performance issues," Lindstrom maintains. Security Is Nothing Without Physical Side Without solid physical security, even the most battened down OS can be compromised in an instant. "Physical security really depends on the situation," Lindstrom says. "Laptops should be under lock and key when not in the user's possession. Sensitive data should be locked up in data centers or other appropriately controlled areas. Access to and from these rooms should be controlled and monitored. Environmental controls should be in place to protect against disasters. Locking I/O devices such as keyboards and monitors is a good idea."

Posted by Mario at 09:33 AM | Permalink

Par exemple sur la station rouler: -startx ensuite: xhost 172.x.x.x pour ajouter la machine remote ensuite sur la machine remote apres s'�tre connect� par ssh: DISPLAY=hostworkstation:0 ; export DISPLAY

Posted by Mario at 11:04 AM | Permalink