This small FAQ explain how to make linux start certain service or self made program at the boot time.
Step 1:
Edit /etc/rc.local
This script will hold your personal initialization instructions which will be loaded after all other programs are loaded.
Example:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/usr/local/apache/bin/apachectl
startsslecho Starting Apache ... Felo
service sendmail start
echo Starting Sendmail
I do hope its usefull , its simple but not everybody knows it right ?
Friday, July 27, 2007
Installing an SSL Aware APACHE server
This basic instructions to install an ssl apache server on linux are not for the faint of heart (hehehe) , i say that cause basically you need common sense and preferably some unix experience to not make mistakes on the installation, ive made dozens on installations like this, and in some cases new unknown issues appear from time to time. But overall, this steps are the normal ones to follow to compile apache from scratch
Good luck
=====================================
Installing an ssl aware apache server by unixhelper
=====================================
[Step1]
Download openssl (www.openssl.org) and modssl (www.modssl.org) You will need the latest 1.3.X apache server from www.apache.org
[Step2]
Build and make openssl
Create a folder with the name of the openssl package downloaded and cd into it , dont forget to decompress the openssl package into the folder (common sense)
$ cd openssl-0.9.7x (being x the version of the openssl package downloaded of course)
$ ./config (the openssl source package file should be decompressed into this folder already of course)
$ make
$ make install
$ cd ..
[Step3]
Now we create a modssl folder, and decompress the source package file into this folder, cd into it and run the configure command below (use common sense)
$ cd mod_ssl-2.8.16-1.3.29
$ ./configure --with-apache=../apache_1.3.X --with-ssl=../openssl-0.9.7X --prefix=/usr/local/apache
Now go into the apache folder (which should already have the apache source package decompressed into it)
$ cd ..
$ cd apache_1.3.X
[Step3]
$ CFLAGS=-DEAPI SSL_BASE=/openssl_package_folder_path/openssl-0.9.7x
$ ./configure --prefix=/usr/local/apache --enable-module=ssl=../openssl-0.9.7x --enable-module=all --enable-shared=max
make
make certificate
make install
create the self signed certificate and then start apache from: /usr/local/apache/bin/apachectl startssl
People , please understand this WILL NOT work if you dont use common sense on changind the paths & file names properly, thats why I said these instructions are for medium/advanced users. Thank me later.
Good luck
=====================================
Installing an ssl aware apache server by unixhelper
=====================================
[Step1]
Download openssl (www.openssl.org) and modssl (www.modssl.org) You will need the latest 1.3.X apache server from www.apache.org
[Step2]
Build and make openssl
Create a folder with the name of the openssl package downloaded and cd into it , dont forget to decompress the openssl package into the folder (common sense)
$ cd openssl-0.9.7x (being x the version of the openssl package downloaded of course)
$ ./config (the openssl source package file should be decompressed into this folder already of course)
$ make
$ make install
$ cd ..
[Step3]
Now we create a modssl folder, and decompress the source package file into this folder, cd into it and run the configure command below (use common sense)
$ cd mod_ssl-2.8.16-1.3.29
$ ./configure --with-apache=../apache_1.3.X --with-ssl=../openssl-0.9.7X --prefix=/usr/local/apache
Now go into the apache folder (which should already have the apache source package decompressed into it)
$ cd ..
$ cd apache_1.3.X
[Step3]
$ CFLAGS=-DEAPI SSL_BASE=/openssl_package_folder_path/openssl-0.9.7x
$ ./configure --prefix=/usr/local/apache --enable-module=ssl=../openssl-0.9.7x --enable-module=all --enable-shared=max
make
make certificate
make install
create the self signed certificate and then start apache from: /usr/local/apache/bin/apachectl startssl
People , please understand this WILL NOT work if you dont use common sense on changind the paths & file names properly, thats why I said these instructions are for medium/advanced users. Thank me later.
Adding Linux Swap Space
Adding Swap Space
Sometimes it is necessary to add more swap space after installation. For example, you may upgrade the amount of RAM in your system from 64 MB to 128 MB, but there is only 128 MB of swap space. It might be advantageous to increase the amount of swap space to 256 MB if you perform memory-intense operations or run applications that require a large amount of memory.
You have two options: add a swap partition or add a swap file. It is recommended that you add a swap partition, but sometimes that is not easy if you do not have any free space available.
To add a swap partition (assuming /dev/hdb2 is the swap partition you want to add):
The hard drive can not be in use (partitions can not be mounted, and swap space can not be enabled). The easiest way to achieve this it to boot your system in rescue mode. Refer to Chapter 8 for instructions on booting into rescue mode. When prompted to mount the filesystem, select Skip.
Alternately, if the drive does not contain any partitions in use, you can unmount them and turn off all the swap space on the hard drive with the swapoff command.
Create the swap partition using parted or fdisk. Using parted is easier than fdisk; thus, only parted will be explained. To create a swap partition with parted:
At a shell prompt as root, type the command parted /dev/hdb, where /dev/hdb is the device name for the hard drive with free space.
At the (parted) prompt, type print to view the existing partitions and the amount of free space. The start and end values are in megabytes. Determine how much free space is on the hard drive and how much you want to allocate for a new swap partition.
At the (parted) prompt, type mkpartfs part-type linux-swap start end, where part-type is one of primary, extended, or logical, start is the starting point of the partition, and end is the end point of the partition.
Warning
Changes take place immediately; be careful when you type.
Exit parted by typing quit.
Now that you have the swap partition, use the command mkswap to setup the swap partition. At a shell prompt as root, type the following:
mkswap /dev/hdb2
To enable the swap partition immediately, type the following command:
swapon /dev/hdb2
To enable it at boot time, edit /etc/fstab to include:
/dev/hdb2 swap swap defaults 0 0
The next time the system boots, it will enable the new swap partition.
After adding the new swap partition and enabling it, make sure it is enabled by viewing the output of the command cat /proc/swaps or free.
To add a swap file:
Determine the size of the new swap file and multiple by 1024 to determine the block size. For example, the block size of a 64 MB swap file is 65536.
At a shell prompt as root, type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1024 count=65536
Setup the swap file with the command:
mkswap /swapfile
To enable the swap file immediately but not automatically at boot time:
swapon /swapfile
To enable it at boot time, edit /etc/fstab to include:
/swapfile swap swap defaults 0 0
The next time the system boots, it will enable the new swap file.
After adding the new swap file and enabling it, make sure it is enabled by viewing the output of the command cat /proc/swaps or free.
Sometimes it is necessary to add more swap space after installation. For example, you may upgrade the amount of RAM in your system from 64 MB to 128 MB, but there is only 128 MB of swap space. It might be advantageous to increase the amount of swap space to 256 MB if you perform memory-intense operations or run applications that require a large amount of memory.
You have two options: add a swap partition or add a swap file. It is recommended that you add a swap partition, but sometimes that is not easy if you do not have any free space available.
To add a swap partition (assuming /dev/hdb2 is the swap partition you want to add):
The hard drive can not be in use (partitions can not be mounted, and swap space can not be enabled). The easiest way to achieve this it to boot your system in rescue mode. Refer to Chapter 8 for instructions on booting into rescue mode. When prompted to mount the filesystem, select Skip.
Alternately, if the drive does not contain any partitions in use, you can unmount them and turn off all the swap space on the hard drive with the swapoff command.
Create the swap partition using parted or fdisk. Using parted is easier than fdisk; thus, only parted will be explained. To create a swap partition with parted:
At a shell prompt as root, type the command parted /dev/hdb, where /dev/hdb is the device name for the hard drive with free space.
At the (parted) prompt, type print to view the existing partitions and the amount of free space. The start and end values are in megabytes. Determine how much free space is on the hard drive and how much you want to allocate for a new swap partition.
At the (parted) prompt, type mkpartfs part-type linux-swap start end, where part-type is one of primary, extended, or logical, start is the starting point of the partition, and end is the end point of the partition.
Warning
Changes take place immediately; be careful when you type.
Exit parted by typing quit.
Now that you have the swap partition, use the command mkswap to setup the swap partition. At a shell prompt as root, type the following:
mkswap /dev/hdb2
To enable the swap partition immediately, type the following command:
swapon /dev/hdb2
To enable it at boot time, edit /etc/fstab to include:
/dev/hdb2 swap swap defaults 0 0
The next time the system boots, it will enable the new swap partition.
After adding the new swap partition and enabling it, make sure it is enabled by viewing the output of the command cat /proc/swaps or free.
To add a swap file:
Determine the size of the new swap file and multiple by 1024 to determine the block size. For example, the block size of a 64 MB swap file is 65536.
At a shell prompt as root, type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1024 count=65536
Setup the swap file with the command:
mkswap /swapfile
To enable the swap file immediately but not automatically at boot time:
swapon /swapfile
To enable it at boot time, edit /etc/fstab to include:
/swapfile swap swap defaults 0 0
The next time the system boots, it will enable the new swap file.
After adding the new swap file and enabling it, make sure it is enabled by viewing the output of the command cat /proc/swaps or free.
Kill Child Process
Now this is an usefull and simple command, have you ever had a situation where you are programming socket daemons, or just any process in itself that could create several uncontrolled childs ?
Obviously killing the whole shell would fix the problem, but that quite savage , lets say you have several php childs running on the background and you want to kill them without killing php.
The following command will do the job: kill -9 'pidof php'
Notice: The "-9" option is the most severe kill option available
Obviously killing the whole shell would fix the problem, but that quite savage , lets say you have several php childs running on the background and you want to kill them without killing php.
The following command will do the job: kill -9 'pidof php'
Notice: The "-9" option is the most severe kill option available
Using awk to analyze logs
AWK is a neat tool that comes in most *nix OS environments, basically on this small article I show you how to use awk to analyze a log file like an access_log from apache or even a sendmail log file. This can be really usefull to analyze big log files and find in some cases, someone hammering your server with hyge traffic (DoS Attack)
What is AWK ?
awk Command
Definition: awk is a powful Unix command. It allows the user to manipulate files that are structured as columns of data and strings.
Once you understand the basics of awk you will find that it is surprisingly useful. You can use it to automate things in ways you have never thought about. It can be used for data processing and for automating the application of Unix commands. It also has many spreadsheet-type functionalities.
There are two ways to run awk. A simple awk command can be run from the command line. More complex tasks should be written as awk programs ("scripts") to a file. Examples of each are provided below.
Example: % awk 'pattern {action}' input-file > output-file
meaning: take each line of the input file; if the line contains the pattern apply the action to the line and write the resulting line to the output-file.
If the pattern is omitted, the action is applied to all lines:
% awk '{action}' input-file > output-file
By default, awk works on files that have columns of numbers or strings that are separated by white space (tabs or spaces), but the -F option can be used if the columns are separated by another character. awk refers to the first column as $1, the second column as $2, etc. The whole line referred to as $0.
Back to my example
Lets say we want to find the amount of times an specific ip address has hit your webserver,
on this example we are assuming your apache access_log is located in /usr/local/apache/logs
The full command would be:
awk '{print $1}'
This small command is really powerfull, give it a try!
What is AWK ?
awk Command
Definition: awk is a powful Unix command. It allows the user to manipulate files that are structured as columns of data and strings.
Once you understand the basics of awk you will find that it is surprisingly useful. You can use it to automate things in ways you have never thought about. It can be used for data processing and for automating the application of Unix commands. It also has many spreadsheet-type functionalities.
There are two ways to run awk. A simple awk command can be run from the command line. More complex tasks should be written as awk programs ("scripts") to a file. Examples of each are provided below.
Example: % awk 'pattern {action}' input-file > output-file
meaning: take each line of the input file; if the line contains the pattern apply the action to the line and write the resulting line to the output-file.
If the pattern is omitted, the action is applied to all lines:
% awk '{action}' input-file > output-file
By default, awk works on files that have columns of numbers or strings that are separated by white space (tabs or spaces), but the -F option can be used if the columns are separated by another character. awk refers to the first column as $1, the second column as $2, etc. The whole line referred to as $0.
Back to my example
Lets say we want to find the amount of times an specific ip address has hit your webserver,
on this example we are assuming your apache access_log is located in /usr/local/apache/logs
The full command would be:
awk '{print $1}'
This small command is really powerfull, give it a try!
Thursday, July 26, 2007
Using NMAP TOOL
Fumbling toward a hacker's-eye view of your network
Ready to see your network the way an attacker sees it?
This short series is for the network administrator who has a grasp of networking, but knows less about security. You might be the Natalie in Natalie's Graphic Design, or the all-in-one IT department / PC help desk / Webmaster. Maybe you haven't used command line tools before. But if your network has more than nine devices, you can no longer hold your network in your head. You need a way to quickly and reliably find out:
*How many computers do I have on my network, and what are their IP addresses?
*What network services (distinguished by open ports) does each computer offer?
*What operating system (OS) runs on each computer?
Answering these questions is known as enumeration, or mapping your network. Enumeration is the first thing a savvy attacker does when trying to take over your network -- so you might as well beat 'em to the punch. Enumerating your network helps you identify and close unnecessary services, improving your security. It also tells you what kinds of OS and applications you're running, so that you can keep up with the proper security patches.
Enter the port scanner, a special network-mapping tool that quickly and easily answers all three of these questions for you. Port scanners come in many flavors and prices, but in essence, a scanner sends an avalanche of packets to an IP address (or IP addresses) in order to learn which IPs are active, what ports each IP listens on, and (in some cases) what OS each IP uses. Then the scanner reports the results to you.
Nmap, short for Network Mapper, is one of the most popular and powerful port scanners on the market. Fyodor, a well-respected white hat hacker, originally created Nmap. Since its inception, many security experts have built upon Fyodor's open source tool, making it one of the most powerful and advanced port scanners around.
So how much does all this technology and power cost you? Nothing. All you need is the courage to download and install it... and a little bit of know-how, which we intend to provide in this three-part series.
Ready to get your hands dirty, and find out what's really happening on your network? Read on!
Getting and Installing Nmap
Procuring nmap is easier than saying "procuring." Just go to Fyodor's Nmap web site and look for a link labeled Download, which is near both the top and the bottom of the page. Grab the latest copy of the Nmap Windows installer. When we published this article, it was http://download.insecure.org/nmap/dist/nmap-4.20-setup.exe.
Once you've downloaded the Nmap Windows installer, you should have a file called Nmap-4.20-setup.exe in whatever directory you downloaded the file to. Double-click on this file to begin installing it. After running the installer, Nmap's End-User's License Agreement (EULA) window pops up. Read this agreement. If you choose to accept it, click I Accept. (If you don't accept the agreement, you can't use Nmap.)
After you accept its EULA, Nmap's installer presents you with a Components window. Here you can choose which parts of Nmap to install. Since you pretty much need all its components -- and the installer enables them all by default -- simply click Next to continue.
Now the installer will ask you where you want to install Nmap. We suggest you let it install into its default directory (c:\Program Files\nmap). Just click
Install.
Finally, the Nmap installer begins to install Nmap onto your computer. However, during this installation process it also has to install WinPcap, a little utility that helps Nmap do its job. When this happens, you'll see a window appear for the WinPcap Installer. Click Next. Again you'll have to read a EULA. If you choose to accept it, click I Agree. After you agree to its EULA, WinPcap installs itself. When it finishes installing, click the Finish button in the WinPcap Installer window. Finally, click Close in the Nmap Setup Window to complete your Nmap installation.
Opening the Nmap Command Line
Nmap is a command line utility. This is where you experience hackery goodness, because instead of mouse-clicking on icons like a mainstream office worker, you type commands like the few, the proud, the l33t old-sk00l coders. Here's how.
First, open the command prompt on your Windows computer. Click Start => Run. In the dialog box labeled Open, type cmd. Press Enter. Voila! Meet the command line, left over from the days when Windows was based on the antique Disk Operating System (DOS).
You should see something blinking, in front of some odd characters like these:
C:\>
The letter refers to various drives (real and virtual) on your system. If you see any letter of the alphabet other than C, type C: and press Enter.
If you followed the installation defaults, you just installed Nmap into your c:\Program Files\nmap directory. To run Nmap, you must first navigate to that directory. So, type cd\program files\nmap and press Enter. WHen you use the command line, syntax is always critical. Note the backwards slash, and the space between "program" and "files."
You are now poised to unleash Nmap's power on your network. Which we will do tomorrow, in Part 2. ##
Part 2
In Part 1 of this series, we introduced you to network scanners in general, and an excellent free one in particular, Nmap. You also learned how to obtain and install Nmap. Here in Part 2, you'll use Nmap to find out how many devices are active on your network. In Part 3, tomorrow, you'll try your first network scan, and we'll explain how to interpret the results.
This series assumes you have mastered basic concepts of networking, but do not have a lot of experience managing network security. To understand what follows, you should have a working grasp of IP addresses, subnet masks, and slash notation.
Getting Oriented on Your Own Network
If you're going to scan your whole network at once -- and you are! -- you need to know your network IP address, a single address that represents your entire network..
You can learn your network IP address easily using the command line. If you don't have your DOS prompt open, access it now (and if you don't know how to, refer to the last paragraphs of Part 1). At the blinking prompt, type ipconfig and press Enter. Your results will differ from ours in the details, but will look generally like this:
C:\Program Files\Nmap>ipconfig
Windows IP Configuration
Ethernet adapter Wireless Network Connection 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.111.34
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.39.14
C:\Program Files\Nmap>
If you or your predecessor originally designed your network using the most common subnet masks such as 255.255.255.0 (in slash notation, /24), 255.255.0.0 (/16), or 255.0.0.0 (/8), it's easy to figure out your network's IP address, since it will always end in zero. For instance, based on the sample IPCONFIG above, you know our test computer has a 192.168.111.34 address and a 255.255.255.0 or /24 subnet mask. That subnet mask indicates that the first three octets of an address designate the network. We also just mentiond that the most common subnets, such as /24, always end in a zero for the network address. So the network address of our sample computer is 192.168.111.0/24.
However, when you subdivide networks into smaller pieces using less common subnet masks, it's more difficult to find your network address without knowing how subnet masking works on a binary level . The network address won't always end in zero, so then you have to calculate it. Don't worry, though; we have a trick that will tell you your network IP address without any calculation at all.
Using the command prompt, the ROUTE command actually lists every network route on your computer. It's intended to help you figure out how your computer reaches other networks, but that's not how you'll use it today. Besides having routes to other networks, your computer also has a route to your own local network. Your computer creates this route using your local network IP address. So, we'll use the ROUTE command to display the routes to your local network, and in that way, see your network IP address.
In the command prompt, type:
route print 192*
If appropriate, eplace the "192" with the first octet of your own computer's IP address (which you learned from your IPCONFIG results). Then press Enter. Your results should resemble Figure 1 (showing your own IP addresses, of course):
Much of the ROUTE command's output lists information about your network card that we don't care about right now. In our sample output, we've displayed the line of interest in orange text. The first IP address in our output shows our network IP address: 192.168.111.0 with the subnet mask 255.255.255.0 (or 192.168.111.0/24). Similarly, your network IP address should be the first IP address you see in your output.
Presto! You now have the address you need in order to scan your entire network. So let's get back to Nmap.
How nmap counts your networked devices
We're helping you get acquainted with Nmap, but you hardly need us if you're willing to experiment a little and read a lot. To access Nmap's help file, at the command prompt just type nmap and press Enter. That's one convenient way to learn about Nmap's options.
Though nmap is a port scanner, you can use it to do many things. For starters, we'll use the ping command to automate the task of counting how many computers are currently active on your network. In the command prompt, type
nmap -sP 192.168.111.0/24
(Of course, replace our sample network's IP address with your network IP address.) You should see a result similar to this:
C:\Program Files\Nmap>nmap -sP 192.168.111.0/24
Starting Nmap 4.20 (http://www.insecure.org/nmap )
at 2007-05-08 12:18 Pacific Standard Time
Host 192.168.111.1 appears to be up.
MAC Address: 00:01:02:55:73:C3 (3com)
Host 192.168.111.3 appears to be up.
MAC Address: 00:10:5A:27:5C:44 (3com)
Host 192.168.111.254 appears to be up.
MAC Address: 00:90:7F:2E:1D:FB (WatchGuard Technologies)
Host frodolinux.hogwarts.lsstest.dyndns.org
(192.168.111.16)appears to be up.
MAC Address: 00:04:76:22:C6:65 (3 Com)
Host 192.168.111.34 appears to be up.
Host 192.168.111.126 appears to be up.
MAC Address: 00:10:4B:0E:E6:E6 (3com)
Nmap finished: 256 IP addresses (6 hosts up)
scanned in 5.797 seconds
When you ran that command, Nmap pinged every IP address in the range of the network IP address you supplied. Nmap lists information for the IPs that responded to this request. So the list of IP addresses in our sample result show networked devices that currently respond to ping requests. In this example, Nmap found the following six IPs active on our test network:
192.168.111.1
192.168.111.3
192.168.111.254
192.168.111.16
192.168.111.34
192.168.111.126
As you might guess, this is not the most accurate count possible. If you divide some segments of your network using an internal firewall, the firewall might hide any devices behind it. And devices on your network that are powered off when you scan won't respond. But the results are still useful. Repeat the command over time to learn what "normal" is on your network. If a daily scan typically returns 18 to 22 authorized devices, and one day it finds 35, you know it's time to investigate. (Maybe one of the engineers added a rogue wireless access point and now the neighboring businesses are piggybacking onto your WiFi Internet access.)
If you have many active IPs on your network, your Nmap ping results quickly scroll off the command prompt window. Here are two methods to run the same command, managing the output in different ways. You can use these methods when running any command line application:
To pause output before it scrolls off screen, add more
Example: Nmap -sP 192.168.111.0/24 more
(Press your spacebar or the Enter key to continue output)
To capture output to a text file, specify a file name
Example: Nmap -sP 192.168.111.0/24 > filename.txt
(Change "filename" to any name you like)
Using Nmap to automate your pings, rather than manually pinging hundreds of addresses yourself, is cool. You now know how many devices respond on your network. But that's not even Nmap's primary purpose! You want to use it to port scan your network. So let's do it -- in Part 3, tomorrow. ##
Part 3
Recap: Part 1 introduced port scanners in general, and Nmap in particular. You learned where to get Nmap for free, and you installed it. In Part 2, you learned your network IP address and used Nmap to count the active devices on your network. Now, in the series' conclusion, you're ready to port scan your network and interpret the results.
Nmap has many powerful options. However, you probably don't have time to learn all of Nmap's features right now. So we'll jut show you a single big ol' Nmap command, with some options switched on, that should provide almost all you want to know about your local network. Think of this command as "Nmap's greatest hits."
Here it is:
Nmap -P0 -sS -sV -O 192.168.111.0/24 > output.txt
As usual, when you try this command, replace our sample network's IP address with your own network IP. You can also change "output.txt" to any filename you like. You're naming the file where Nmap will record the output from this scan.
What does each parameter in the command do? Briefly:
-P0. This switch tells Nmap not to ping a host before scanning it. As we alluded to when we described ping in Part 2, in some exceptional cases a computer that is active won't respond to ping (for example, when guarded by a firewall). Smart little Nmap can still find these stealth computers without relying on ping.
-sS. This switch tells Nmap to perform a SYN-based port scan. SYN is short for "synchronize," the first packet sent when one computer tries to connect to another using TCP. A SYN-based port scan is the most common method, among many possible methods.
-sV. This switch tells Nmap to attempt to find the service and version information of the ports it finds open. For instance, if Nmap learns port 80 is open, it tries to discern which web server runs on that port, as well as what version. Think of these as very educated guesses. Nmap is not always right.
-O. This switch tells Nmap to guess what operating system is running on any computer it scans. This, too, is a very informed estimate, not necessarily rock-solid truth.
We assume that as your company's network administrator, you have senior management's permission to perform analytical operations on your network. If not, this type of Nmap scan can be interpreted as a hostile or provocative action, so go no farther without authorization. But if you are authorized, we encourage you to try this command now.
Type the command above in your command prompt (carefully...remember, syntax matters!) and press Enter. Depending on the size of your network, and speed of your computer, this command could complete in a minute, an hour, or longer.
When the command completes, you see a new command prompt. But you won't see any obvious results. That's because you redirected the results to a text file called output.txt (or whatever you renamed it). To see Nmap's results, open output.txt in a text editor. If you followed the default install in Part 1, you'll find output.txt in c:\program files\nmap.
Interpreting the Results of Your Scan
You just scanned your whole network, so your results could be lengthy, depending on how many active hosts are on your network. Rather than describing the entire result at once, let's take it a chunk at a time.
If you click this link for Figure 2, you'll see a sample representing results from the Nmap scan you just performed. This excerpt contains Nmap's results for one host on our sample network. Once you understand how to read this one excerpt, you'll be able to read the rest of Nmap's results. So click the link and follow along with our commentary.
The first line of this excerpt tells you that the following result correlates to the IP address, 192.168.39.1.
The second line of this excerpt says that Nmap scanned 1,659 of that host's ports during the scan. Yes, you're right: 1,659 is fewer than a host's potential 65,535 ports. To save time, by default Nmap scans only the common, well-known ports. You can force Nmap to scan all 65,535 ports if you like. However, scans that large take an extremely long time. And really, scanning the well-known ports usually tells you all you need to know about that host.
The third line of this excerpt lists four column headings: PORT, STATE, SERVICE, and VERSION. Here's what each heading means:
The PORT column represents the ports (and protocols) Nmap found on the sample host, 192.168.39.1.
The STATE column tells you whether each port is open or in some other intermediary state of open (stealth). You will never see closed ports in Nmap's results. Nmap doesn't display the port if it's closed.
The SERVICE column tells you the well-known network service that usually resides on that port. It displays the service either by formal protocol name, or listed in a sort of technical short hand. You will recognize some of these services, such as HTTP, SMTP, and FTP, from your network experience. With over a thousand possible services, you won't recognize them all. But you have a few options to help you learn what a service is. First, in Nmap's c:\program files\nmap directory, you can open a file named nmap-services in any text editor to read all the services Nmap recognizes. This list contains a longer description of most of the services that appear in the service column. If you still don't recognize a service by either its short-hand or longer description, look both up using Google. You typically find a hundred sites that explain what that service does.
The VERSION column tells you what specific program the host you scanned uses to control the service in question. It also attempts to tell you that program's version.
Now that you know what each heading is, you should be able to interpret much of what follows. A new line appears under these four headings for each open port on a scanned host.
Let's practice interpreting a few random lines from our sample excerpt. First:
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
This line tells you that the host Nmap scanned has port 25 open. Port 25 is the SMTP, or email, service port. Nmap thinks the host is probably running Microsoft's ESMTP Mail Server, version 5.0.2195.6713.
Second example:
80/tcp open http Microsoft IIS webserver 5.0
In this line, we learn that port 80, the HTTP or web service port, is open on the scanned host. According to Nmap's best guess, this port is probably running Microsoft's IIS version 5.0 Web server. This is not really rocket science, huh?
After all the lines that follow the PORT, STATE, SERVICE, VERSION columnar format, you eventually come to lines that no longer follow this format. You'll see a line that tells you the MAC address of the host that was scanned. In our example, the host uses a 3COM network card.
The next line tells you the type of device you most likely scanned. So far, we've referred to the IP we scanned as a "host" because we don't know if it's a computer, a printer, a specialized network device, or what -- until now, that is. The "Device Type" line tells you what device Nmap thinks it's found. Our example says "general purpose," which typically indicates a computer.
Finally, the remaining lines tell you what operating system Nmap thinks is running on this computer. Nmap thinks this computer runs either Windows ME, 2000, or XP.
And that is enough to get you started. You now can interpret Nmap's port scan results. Sure, if you have a large network, you may have hundreds of excerpts like this. But you interpret them all the same way. Lather, rinse, repeat.
Are you now a port scanning expert? Well, hardly. Our hope is that this small amount of interaction with Nmap has torn away any intimidating mystique that command line tools might have held for you. We hope it's whet your appetite to learn more.
Scan on a regular, recurring basis until you have a feel for what's normal on your network. Read up on results that puzzle you. Then you've dramatically increased your likelihood of spotting interlopers -- and it didn't take a penny out of your department's budget. ##
Ready to see your network the way an attacker sees it?
This short series is for the network administrator who has a grasp of networking, but knows less about security. You might be the Natalie in Natalie's Graphic Design, or the all-in-one IT department / PC help desk / Webmaster. Maybe you haven't used command line tools before. But if your network has more than nine devices, you can no longer hold your network in your head. You need a way to quickly and reliably find out:
*How many computers do I have on my network, and what are their IP addresses?
*What network services (distinguished by open ports) does each computer offer?
*What operating system (OS) runs on each computer?
Answering these questions is known as enumeration, or mapping your network. Enumeration is the first thing a savvy attacker does when trying to take over your network -- so you might as well beat 'em to the punch. Enumerating your network helps you identify and close unnecessary services, improving your security. It also tells you what kinds of OS and applications you're running, so that you can keep up with the proper security patches.
Enter the port scanner, a special network-mapping tool that quickly and easily answers all three of these questions for you. Port scanners come in many flavors and prices, but in essence, a scanner sends an avalanche of packets to an IP address (or IP addresses) in order to learn which IPs are active, what ports each IP listens on, and (in some cases) what OS each IP uses. Then the scanner reports the results to you.
Nmap, short for Network Mapper, is one of the most popular and powerful port scanners on the market. Fyodor, a well-respected white hat hacker, originally created Nmap. Since its inception, many security experts have built upon Fyodor's open source tool, making it one of the most powerful and advanced port scanners around.
So how much does all this technology and power cost you? Nothing. All you need is the courage to download and install it... and a little bit of know-how, which we intend to provide in this three-part series.
Ready to get your hands dirty, and find out what's really happening on your network? Read on!
Getting and Installing Nmap
Procuring nmap is easier than saying "procuring." Just go to Fyodor's Nmap web site and look for a link labeled Download, which is near both the top and the bottom of the page. Grab the latest copy of the Nmap Windows installer. When we published this article, it was http://download.insecure.org/nmap/dist/nmap-4.20-setup.exe.
Once you've downloaded the Nmap Windows installer, you should have a file called Nmap-4.20-setup.exe in whatever directory you downloaded the file to. Double-click on this file to begin installing it. After running the installer, Nmap's End-User's License Agreement (EULA) window pops up. Read this agreement. If you choose to accept it, click I Accept. (If you don't accept the agreement, you can't use Nmap.)
After you accept its EULA, Nmap's installer presents you with a Components window. Here you can choose which parts of Nmap to install. Since you pretty much need all its components -- and the installer enables them all by default -- simply click Next to continue.
Now the installer will ask you where you want to install Nmap. We suggest you let it install into its default directory (c:\Program Files\nmap). Just click
Install.
Finally, the Nmap installer begins to install Nmap onto your computer. However, during this installation process it also has to install WinPcap, a little utility that helps Nmap do its job. When this happens, you'll see a window appear for the WinPcap Installer. Click Next. Again you'll have to read a EULA. If you choose to accept it, click I Agree. After you agree to its EULA, WinPcap installs itself. When it finishes installing, click the Finish button in the WinPcap Installer window. Finally, click Close in the Nmap Setup Window to complete your Nmap installation.
Opening the Nmap Command Line
Nmap is a command line utility. This is where you experience hackery goodness, because instead of mouse-clicking on icons like a mainstream office worker, you type commands like the few, the proud, the l33t old-sk00l coders. Here's how.
First, open the command prompt on your Windows computer. Click Start => Run. In the dialog box labeled Open, type cmd. Press Enter. Voila! Meet the command line, left over from the days when Windows was based on the antique Disk Operating System (DOS).
You should see something blinking, in front of some odd characters like these:
C:\>
The letter refers to various drives (real and virtual) on your system. If you see any letter of the alphabet other than C, type C: and press Enter.
If you followed the installation defaults, you just installed Nmap into your c:\Program Files\nmap directory. To run Nmap, you must first navigate to that directory. So, type cd\program files\nmap and press Enter. WHen you use the command line, syntax is always critical. Note the backwards slash, and the space between "program" and "files."
You are now poised to unleash Nmap's power on your network. Which we will do tomorrow, in Part 2. ##
Part 2
In Part 1 of this series, we introduced you to network scanners in general, and an excellent free one in particular, Nmap. You also learned how to obtain and install Nmap. Here in Part 2, you'll use Nmap to find out how many devices are active on your network. In Part 3, tomorrow, you'll try your first network scan, and we'll explain how to interpret the results.
This series assumes you have mastered basic concepts of networking, but do not have a lot of experience managing network security. To understand what follows, you should have a working grasp of IP addresses, subnet masks, and slash notation.
Getting Oriented on Your Own Network
If you're going to scan your whole network at once -- and you are! -- you need to know your network IP address, a single address that represents your entire network..
You can learn your network IP address easily using the command line. If you don't have your DOS prompt open, access it now (and if you don't know how to, refer to the last paragraphs of Part 1). At the blinking prompt, type ipconfig and press Enter. Your results will differ from ours in the details, but will look generally like this:
C:\Program Files\Nmap>ipconfig
Windows IP Configuration
Ethernet adapter Wireless Network Connection 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.111.34
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.39.14
C:\Program Files\Nmap>
If you or your predecessor originally designed your network using the most common subnet masks such as 255.255.255.0 (in slash notation, /24), 255.255.0.0 (/16), or 255.0.0.0 (/8), it's easy to figure out your network's IP address, since it will always end in zero. For instance, based on the sample IPCONFIG above, you know our test computer has a 192.168.111.34 address and a 255.255.255.0 or /24 subnet mask. That subnet mask indicates that the first three octets of an address designate the network. We also just mentiond that the most common subnets, such as /24, always end in a zero for the network address. So the network address of our sample computer is 192.168.111.0/24.
However, when you subdivide networks into smaller pieces using less common subnet masks, it's more difficult to find your network address without knowing how subnet masking works on a binary level . The network address won't always end in zero, so then you have to calculate it. Don't worry, though; we have a trick that will tell you your network IP address without any calculation at all.
Using the command prompt, the ROUTE command actually lists every network route on your computer. It's intended to help you figure out how your computer reaches other networks, but that's not how you'll use it today. Besides having routes to other networks, your computer also has a route to your own local network. Your computer creates this route using your local network IP address. So, we'll use the ROUTE command to display the routes to your local network, and in that way, see your network IP address.
In the command prompt, type:
route print 192*
If appropriate, eplace the "192" with the first octet of your own computer's IP address (which you learned from your IPCONFIG results). Then press Enter. Your results should resemble Figure 1 (showing your own IP addresses, of course):
Much of the ROUTE command's output lists information about your network card that we don't care about right now. In our sample output, we've displayed the line of interest in orange text. The first IP address in our output shows our network IP address: 192.168.111.0 with the subnet mask 255.255.255.0 (or 192.168.111.0/24). Similarly, your network IP address should be the first IP address you see in your output.
Presto! You now have the address you need in order to scan your entire network. So let's get back to Nmap.
How nmap counts your networked devices
We're helping you get acquainted with Nmap, but you hardly need us if you're willing to experiment a little and read a lot. To access Nmap's help file, at the command prompt just type nmap and press Enter. That's one convenient way to learn about Nmap's options.
Though nmap is a port scanner, you can use it to do many things. For starters, we'll use the ping command to automate the task of counting how many computers are currently active on your network. In the command prompt, type
nmap -sP 192.168.111.0/24
(Of course, replace our sample network's IP address with your network IP address.) You should see a result similar to this:
C:\Program Files\Nmap>nmap -sP 192.168.111.0/24
Starting Nmap 4.20 (http://www.insecure.org/nmap )
at 2007-05-08 12:18 Pacific Standard Time
Host 192.168.111.1 appears to be up.
MAC Address: 00:01:02:55:73:C3 (3com)
Host 192.168.111.3 appears to be up.
MAC Address: 00:10:5A:27:5C:44 (3com)
Host 192.168.111.254 appears to be up.
MAC Address: 00:90:7F:2E:1D:FB (WatchGuard Technologies)
Host frodolinux.hogwarts.lsstest.dyndns.org
(192.168.111.16)appears to be up.
MAC Address: 00:04:76:22:C6:65 (3 Com)
Host 192.168.111.34 appears to be up.
Host 192.168.111.126 appears to be up.
MAC Address: 00:10:4B:0E:E6:E6 (3com)
Nmap finished: 256 IP addresses (6 hosts up)
scanned in 5.797 seconds
When you ran that command, Nmap pinged every IP address in the range of the network IP address you supplied. Nmap lists information for the IPs that responded to this request. So the list of IP addresses in our sample result show networked devices that currently respond to ping requests. In this example, Nmap found the following six IPs active on our test network:
192.168.111.1
192.168.111.3
192.168.111.254
192.168.111.16
192.168.111.34
192.168.111.126
As you might guess, this is not the most accurate count possible. If you divide some segments of your network using an internal firewall, the firewall might hide any devices behind it. And devices on your network that are powered off when you scan won't respond. But the results are still useful. Repeat the command over time to learn what "normal" is on your network. If a daily scan typically returns 18 to 22 authorized devices, and one day it finds 35, you know it's time to investigate. (Maybe one of the engineers added a rogue wireless access point and now the neighboring businesses are piggybacking onto your WiFi Internet access.)
If you have many active IPs on your network, your Nmap ping results quickly scroll off the command prompt window. Here are two methods to run the same command, managing the output in different ways. You can use these methods when running any command line application:
To pause output before it scrolls off screen, add more
Example: Nmap -sP 192.168.111.0/24 more
(Press your spacebar or the Enter key to continue output)
To capture output to a text file, specify a file name
Example: Nmap -sP 192.168.111.0/24 > filename.txt
(Change "filename" to any name you like)
Using Nmap to automate your pings, rather than manually pinging hundreds of addresses yourself, is cool. You now know how many devices respond on your network. But that's not even Nmap's primary purpose! You want to use it to port scan your network. So let's do it -- in Part 3, tomorrow. ##
Part 3
Recap: Part 1 introduced port scanners in general, and Nmap in particular. You learned where to get Nmap for free, and you installed it. In Part 2, you learned your network IP address and used Nmap to count the active devices on your network. Now, in the series' conclusion, you're ready to port scan your network and interpret the results.
Nmap has many powerful options. However, you probably don't have time to learn all of Nmap's features right now. So we'll jut show you a single big ol' Nmap command, with some options switched on, that should provide almost all you want to know about your local network. Think of this command as "Nmap's greatest hits."
Here it is:
Nmap -P0 -sS -sV -O 192.168.111.0/24 > output.txt
As usual, when you try this command, replace our sample network's IP address with your own network IP. You can also change "output.txt" to any filename you like. You're naming the file where Nmap will record the output from this scan.
What does each parameter in the command do? Briefly:
-P0. This switch tells Nmap not to ping a host before scanning it. As we alluded to when we described ping in Part 2, in some exceptional cases a computer that is active won't respond to ping (for example, when guarded by a firewall). Smart little Nmap can still find these stealth computers without relying on ping.
-sS. This switch tells Nmap to perform a SYN-based port scan. SYN is short for "synchronize," the first packet sent when one computer tries to connect to another using TCP. A SYN-based port scan is the most common method, among many possible methods.
-sV. This switch tells Nmap to attempt to find the service and version information of the ports it finds open. For instance, if Nmap learns port 80 is open, it tries to discern which web server runs on that port, as well as what version. Think of these as very educated guesses. Nmap is not always right.
-O. This switch tells Nmap to guess what operating system is running on any computer it scans. This, too, is a very informed estimate, not necessarily rock-solid truth.
We assume that as your company's network administrator, you have senior management's permission to perform analytical operations on your network. If not, this type of Nmap scan can be interpreted as a hostile or provocative action, so go no farther without authorization. But if you are authorized, we encourage you to try this command now.
Type the command above in your command prompt (carefully...remember, syntax matters!) and press Enter. Depending on the size of your network, and speed of your computer, this command could complete in a minute, an hour, or longer.
When the command completes, you see a new command prompt. But you won't see any obvious results. That's because you redirected the results to a text file called output.txt (or whatever you renamed it). To see Nmap's results, open output.txt in a text editor. If you followed the default install in Part 1, you'll find output.txt in c:\program files\nmap.
Interpreting the Results of Your Scan
You just scanned your whole network, so your results could be lengthy, depending on how many active hosts are on your network. Rather than describing the entire result at once, let's take it a chunk at a time.
If you click this link for Figure 2, you'll see a sample representing results from the Nmap scan you just performed. This excerpt contains Nmap's results for one host on our sample network. Once you understand how to read this one excerpt, you'll be able to read the rest of Nmap's results. So click the link and follow along with our commentary.
The first line of this excerpt tells you that the following result correlates to the IP address, 192.168.39.1.
The second line of this excerpt says that Nmap scanned 1,659 of that host's ports during the scan. Yes, you're right: 1,659 is fewer than a host's potential 65,535 ports. To save time, by default Nmap scans only the common, well-known ports. You can force Nmap to scan all 65,535 ports if you like. However, scans that large take an extremely long time. And really, scanning the well-known ports usually tells you all you need to know about that host.
The third line of this excerpt lists four column headings: PORT, STATE, SERVICE, and VERSION. Here's what each heading means:
The PORT column represents the ports (and protocols) Nmap found on the sample host, 192.168.39.1.
The STATE column tells you whether each port is open or in some other intermediary state of open (stealth). You will never see closed ports in Nmap's results. Nmap doesn't display the port if it's closed.
The SERVICE column tells you the well-known network service that usually resides on that port. It displays the service either by formal protocol name, or listed in a sort of technical short hand. You will recognize some of these services, such as HTTP, SMTP, and FTP, from your network experience. With over a thousand possible services, you won't recognize them all. But you have a few options to help you learn what a service is. First, in Nmap's c:\program files\nmap directory, you can open a file named nmap-services in any text editor to read all the services Nmap recognizes. This list contains a longer description of most of the services that appear in the service column. If you still don't recognize a service by either its short-hand or longer description, look both up using Google. You typically find a hundred sites that explain what that service does.
The VERSION column tells you what specific program the host you scanned uses to control the service in question. It also attempts to tell you that program's version.
Now that you know what each heading is, you should be able to interpret much of what follows. A new line appears under these four headings for each open port on a scanned host.
Let's practice interpreting a few random lines from our sample excerpt. First:
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
This line tells you that the host Nmap scanned has port 25 open. Port 25 is the SMTP, or email, service port. Nmap thinks the host is probably running Microsoft's ESMTP Mail Server, version 5.0.2195.6713.
Second example:
80/tcp open http Microsoft IIS webserver 5.0
In this line, we learn that port 80, the HTTP or web service port, is open on the scanned host. According to Nmap's best guess, this port is probably running Microsoft's IIS version 5.0 Web server. This is not really rocket science, huh?
After all the lines that follow the PORT, STATE, SERVICE, VERSION columnar format, you eventually come to lines that no longer follow this format. You'll see a line that tells you the MAC address of the host that was scanned. In our example, the host uses a 3COM network card.
The next line tells you the type of device you most likely scanned. So far, we've referred to the IP we scanned as a "host" because we don't know if it's a computer, a printer, a specialized network device, or what -- until now, that is. The "Device Type" line tells you what device Nmap thinks it's found. Our example says "general purpose," which typically indicates a computer.
Finally, the remaining lines tell you what operating system Nmap thinks is running on this computer. Nmap thinks this computer runs either Windows ME, 2000, or XP.
And that is enough to get you started. You now can interpret Nmap's port scan results. Sure, if you have a large network, you may have hundreds of excerpts like this. But you interpret them all the same way. Lather, rinse, repeat.
Are you now a port scanning expert? Well, hardly. Our hope is that this small amount of interaction with Nmap has torn away any intimidating mystique that command line tools might have held for you. We hope it's whet your appetite to learn more.
Scan on a regular, recurring basis until you have a feel for what's normal on your network. Read up on results that puzzle you. Then you've dramatically increased your likelihood of spotting interlopers -- and it didn't take a penny out of your department's budget. ##
Sunday, July 22, 2007
How to use a tape drive in Linux?
Sometimes remembering the way to access your tape drive in linux aint that easy, follow this basic guide which has almost all the neccesary commands you might execute on your tape drive.
As I said, this is a very basic guide with pretty much most if not all commands you will probably execute in your tape drive on a linux environment. Enjoy
Check if tapedrive is online:
mt -f /dev/st0 status
Erase tapedrive:
mt -f /dev/st0 erase
Copy some content to a tapedrive:
tar cvf /dev/st0 /content_path/content.archive
List files on a tape:
tar tvf /dev/st0
Restore from the tape:
tar xvf /dev/st0
Restore an specific archive
tar xvf /dev/st0 /folder/archive.dmp
As I always say, hope this was usefull.
As I said, this is a very basic guide with pretty much most if not all commands you will probably execute in your tape drive on a linux environment. Enjoy
Check if tapedrive is online:
mt -f /dev/st0 status
Erase tapedrive:
mt -f /dev/st0 erase
Copy some content to a tapedrive:
tar cvf /dev/st0 /content_path/content.archive
List files on a tape:
tar tvf /dev/st0
Restore from the tape:
tar xvf /dev/st0
Restore an specific archive
tar xvf /dev/st0 /folder/archive.dmp
As I always say, hope this was usefull.
Adding a null route to a host on linux
Personally ive found this to be of great help while dealing with ddos attackers or just someone that i need to kick out completely from a server i manage.
As a webhosting company owner / administrator this is a saver and sometimes saves you time of going directly into the firewall and block someone.
This is done by adding the following line to the /etc/sysconfig/static-routes file:
any host 111.111.111.111 reject (being 111.111.111.111 the ip address to block)
When you perform a "route -n" you will see this IP with "-" as it's gateway. This will cause your server to drop all response traffic to this IP.
Destination Gateway Genmask Flags Metric Ref Use Iface
111.111.111.111 - 255.255.255.255 !H 0 - 0 -
If you wish to un-blacklist this IP in the future simply remove the aforementioned line from the static-routes file and restart the "network" service os the server.
As a webhosting company owner / administrator this is a saver and sometimes saves you time of going directly into the firewall and block someone.
This is done by adding the following line to the /etc/sysconfig/static-routes file:
any host 111.111.111.111 reject (being 111.111.111.111 the ip address to block)
When you perform a "route -n" you will see this IP with "-" as it's gateway. This will cause your server to drop all response traffic to this IP.
Destination Gateway Genmask Flags Metric Ref Use Iface
111.111.111.111 - 255.255.255.255 !H 0 - 0 -
If you wish to un-blacklist this IP in the future simply remove the aforementioned line from the static-routes file and restart the "network" service os the server.
Make a backup Using Tar in linux
This is just a small example of how you can use the TAR application with linux to generate a powerfull backup script triggered by a cron.
You will need to create an archive , either using vi or touch.
For example in this case lets say our script is called backup
vi backup
This will create the archive and open the vi editor, to add content to the archive press the I key to insert and then check out at my example here:
#--------------------------------------
#Beggining of script
#--------------------------------------
# Lets say you want to remove an old backup on autobackups folderrm /autobackups/mybackup*.*
# Now lets say you want to make the script sleep for 3 secondssleep 3
#Now you want to backup /home entirely into /autobackups using tar
tar -cvf /autobackups/home$(date +%y%m%d).tar /home
#---END---
Please notice that you are creating a tar archive with the whole content of /home and adding the date of the backup to the name of the archive. To execute this script, you need to save it , on VI press ESCAPE , then activate the CAPS LOCK and press the Z key 2 times. (zz)
You will need to give the archive execute permissions, use the following command: chmod a+x backup , basically to run the script just type ./backup considering you are on the same path of the archive. Easy does it :)
You will need to create an archive , either using vi or touch.
For example in this case lets say our script is called backup
vi backup
This will create the archive and open the vi editor, to add content to the archive press the I key to insert and then check out at my example here:
#--------------------------------------
#Beggining of script
#--------------------------------------
# Lets say you want to remove an old backup on autobackups folderrm /autobackups/mybackup*.*
# Now lets say you want to make the script sleep for 3 secondssleep 3
#Now you want to backup /home entirely into /autobackups using tar
tar -cvf /autobackups/home$(date +%y%m%d).tar /home
#---END---
Please notice that you are creating a tar archive with the whole content of /home and adding the date of the backup to the name of the archive. To execute this script, you need to save it , on VI press ESCAPE , then activate the CAPS LOCK and press the Z key 2 times. (zz)
You will need to give the archive execute permissions, use the following command: chmod a+x backup , basically to run the script just type ./backup considering you are on the same path of the archive. Easy does it :)
Tuesday, July 17, 2007
Changing the hostname to a Unix box
The following simple instructions can help you change your linux box / server hostname with ease , the first option is permanent , option number two will change the host name but changes wont be reflected after a reboot. Check it out
As described above, there are 2 ways to change the hostname of a linux box manually or by terminal ( real man do it by terminal )
This first option will save the changes even after a reboot:
Edit:
vi /etc/sysconfig/network
HOSTNAME=.
Second option:
vi /proc/sys/kernel/hostname
but that won't be saved when you reboot.
As described above, there are 2 ways to change the hostname of a linux box manually or by terminal ( real man do it by terminal )
This first option will save the changes even after a reboot:
Edit:
vi /etc/sysconfig/network
HOSTNAME=.
Second option:
vi /proc/sys/kernel/hostname
but that won't be saved when you reboot.
Using *nix bash to connect to an FTP
Have you been in the need of an automatic script that connects to a remote ftp server to copy some backups or something similar? There is no need to be a bash expert, the following simple example can give you the basics to have a fully functional ftp script on bash.
Yes, for any *nix user bash is definitely an usefull part of the operating system, the problem is not everybody has the proper programming basics to interact with bash and really exploit the great power you can find in unix based operating systems like linux or solaris.
The example below, is a simple script that will connect to server with ip address 192.168.2.191 and basically copy a dump file called myexample.dump into the remote location mentioned before as exampleremote.dump
Please notice you need to create a blank archive, lets call it ftpbash.ex
touch ftpbash.ex
Next use VI editor to edit the file:
vi ftpbash.ex
Now copy the following code:
#!/bin/sh
UPASSWD="myuser"
USER="mypass"
ftp -i -v -n 192.168.2.191 <
user $USER $UPASSWD
binary
send /myexample.dump /exampleremote.dump
bye
Next basically save the file ( CapsLock , then press Z twice)
Now to execute the script you need to give execution permissions to it, so type:
chmod a+x ftpbash.ex
To execute it just type ./ftpbash.ex
Please notice on the bash script we are sending both the user and password of the ftp server in order to complete the connection.You could use any valid ftp command on the script like in the example, the command send is a native ftp command, with this basic script im sure you could start a nice learning curve of the usefull features of bash, its a must know for any serious *nix programmer or administrator.
Yes, for any *nix user bash is definitely an usefull part of the operating system, the problem is not everybody has the proper programming basics to interact with bash and really exploit the great power you can find in unix based operating systems like linux or solaris.
The example below, is a simple script that will connect to server with ip address 192.168.2.191 and basically copy a dump file called myexample.dump into the remote location mentioned before as exampleremote.dump
Please notice you need to create a blank archive, lets call it ftpbash.ex
touch ftpbash.ex
Next use VI editor to edit the file:
vi ftpbash.ex
Now copy the following code:
#!/bin/sh
UPASSWD="myuser"
USER="mypass"
ftp -i -v -n 192.168.2.191 <
user $USER $UPASSWD
binary
send /myexample.dump /exampleremote.dump
bye
Next basically save the file ( CapsLock , then press Z twice)
Now to execute the script you need to give execution permissions to it, so type:
chmod a+x ftpbash.ex
To execute it just type ./ftpbash.ex
Please notice on the bash script we are sending both the user and password of the ftp server in order to complete the connection.You could use any valid ftp command on the script like in the example, the command send is a native ftp command, with this basic script im sure you could start a nice learning curve of the usefull features of bash, its a must know for any serious *nix programmer or administrator.
Thursday, July 12, 2007
How to Use VI editor ?
The VI editor is the most common editor on any unix environment, wether your favorite flavor of *nix is solaris or linux or freebsd vi is a must know to develop properly on the unix environments.
Modes :-
Vi has two modes insertion mode and command mode. The editor begins in command mode, where the cursor movement and text deletion and pasting occur. Insertion mode begins upon entering an insertion or change command. [ESC] returns the editor to command mode (where you can quit, for example by typing :q!). Most commands execute as soon as you type them except for "colon" commands which execute when you press the ruturn key.
Quitting :-
:x Exit, saving changes
:q Exit as long as there have been no changes
ZZ Exit and save changes if any have been made
:q! Exit and ignore any changes
Inserting Text :-
i Insert before cursor
I Insert before line
a Append after cursor
A Append after line
o Open a new line after current line
O Open a new line before current line
r Replace one character
R Replace many characters
Motion :-
h Move left
j Move down
k Move up
l Move right
w Move to next word
W Move to next blank delimited word
b Move to the beginning of the word
B Move to the beginning of blank delimted word
e Move to the end of the word
E Move to the end of Blank delimited word
( Move a sentance back
) Move a sentance forward
{ Move a paragraph back
} Move a paragraph forward
0 Move to the begining of the line
$ Move to the end of the line
1G Move to the first line of the file
G Move to the last line of the file
nG Move to nth line of the file
:n Move to nth line of the file
fc Move forward to c
Fc Move back to c
H Move to top of screen
M Move to middle of screen
L Move to botton of screen
% Move to associated ( ), { }, [ ]
Deleting Text :-
Almost all deletion commands are performed by typing d followed by a motion. For example, dw deletes a word. A few other deletes are:
x Delete character to the right of cursor
X Delete character to the left of cursor
D Delete to the end of the linedd Delete current line
:d Delete current line
Yanking Text :-
Like deletion, almost all yank commands are performed by typing y followed by a motion. For example, y$ yanks to the end of the line. Two other yank commands are
:yy Yank the current line
:y Yank the current line
Changing text :-
The change command is a deletion command that leaves the editor in insert mode. It is performed by typing c followed by a motion. For wxample cw changes a word. A few other change commands are:
C Change to the end of the line
cc Change the whole line
Putting text :-
p Put after the position or after the line
P Put before the poition or before the line
Buffers :-
Named buffers may be specified before any deletion, change, yank or put command. The general prefix has the form "c where c is any lowercase character. for example, "adw deletes a word into buffer a. It may thereafter be put back into text with an appropriate "ap.
Markers :-
Named markers may be set on any line in a file. Any lower case letter may be a marker name. Markers may also be used as limits for ranges.
mc Set marker c on this line
`c Go to beginning of marker c line.
'c Go to first non-blank character of marker c line.
Search for strings :-
/string Search forward for string
?string Search back for string
n Search for next instance of string
N Search for previous instance of string
Replace :-
The search and replace function is accomplished with the :s command. It is commonly used in combination with ranges or the :g command (below).
:s/pattern/string/flags Replace pattern with string according to flags.
g Flag - Replace all occurences of pattern
c Flag - Confirm replaces.
& Repeat last :s command
Regular Expressions :-
. (dot) Any single character except newline
* zero or more occurances of any character
[...] Any single character specified in the set
[^...] Any single character not specified in the set
^ Anchor - beginning of the line$ Anchor - end of line
\< Anchor - begining of word
\> Anchor - end of word
\(...\) Grouping - usually used to group conditions
\n Contents of nth grouping
[...] - Set Examples [A-Z] The SET from Capital A to Capital Z
[a-z] The SET from lowercase a to lowercase z
[0-9] The SET from 0 to 9 (All numerals)
[./=+] The SET containing . (dot), / (slash), =, and +
[-A-F] The SET from Capital A to Capital F and the dash (dashes must be specified first)
[0-9 A-Z] The SET containing all capital letters and digits and a space
[A-Z][a-zA-Z] In the first position, the SET from Capital A to Capital ZIn the second character position, the SET containing all letters
Regular Expression Examples /Hello/ Matches if the line contains the value Hello
/^TEST$/ Matches if the line contains TEST by itself
/^[a-zA-Z]/ Matches if the line starts with any letter
/^[a-z].*/ Matches if the first character of the line is a-z and there is at least one more of any character following it
/2134$/ Matches if line ends with 2134
/\(2135\)/ Matches is the line contains 21 or 35
Note the use of ( ) with the pipe symbol to specify the 'or' condition
/[0-9]*/ Matches if there are zero or more numbers in the line
/^[^#]/ Matches if the first character is not a # in the line
Notes:
1. Regular expressions are case sensitive
2. Regular expressions are to be used where pattern is specified
Counts :-
Nearly every command may be preceded by a number that specifies how many times it is to be performed. For example, 5dw will delete 5 words and 3fe will move the cursor forward to the 3rd occurence of the letter e. Even insertions may be repeated conveniently with thismethod, say to insert the same line 100 times.
Ranges :-
Ranges may precede most "colon" commands and cause them to be executed on a line or lines. For example :3,7d would delete lines 3-7. Ranges are commonly combined with the :s command to perform a replacement on several lines, as with :.,$s/pattern/string/g to make a replacement from the current line to the end of the file.
:n,m Range - Lines n-m
:. Range - Current line
:$ Range - Last line
:'c Range - Marker c
:% Range - All lines in file
:g/pattern/ Range - All lines that contain pattern
Files :-
:w file Write to file
:r file Read file in after line
:n Go to next file
:p Go to previos file
:e file Edit file
!!program Replace line with output from program
Other :-
~ Toggle upp and lower case
J Join lines
. Repeat last text-changing command
u Undo last change
U Undo all changes to line
Modes :-
Vi has two modes insertion mode and command mode. The editor begins in command mode, where the cursor movement and text deletion and pasting occur. Insertion mode begins upon entering an insertion or change command. [ESC] returns the editor to command mode (where you can quit, for example by typing :q!). Most commands execute as soon as you type them except for "colon" commands which execute when you press the ruturn key.
Quitting :-
:x Exit, saving changes
:q Exit as long as there have been no changes
ZZ Exit and save changes if any have been made
:q! Exit and ignore any changes
Inserting Text :-
i Insert before cursor
I Insert before line
a Append after cursor
A Append after line
o Open a new line after current line
O Open a new line before current line
r Replace one character
R Replace many characters
Motion :-
h Move left
j Move down
k Move up
l Move right
w Move to next word
W Move to next blank delimited word
b Move to the beginning of the word
B Move to the beginning of blank delimted word
e Move to the end of the word
E Move to the end of Blank delimited word
( Move a sentance back
) Move a sentance forward
{ Move a paragraph back
} Move a paragraph forward
0 Move to the begining of the line
$ Move to the end of the line
1G Move to the first line of the file
G Move to the last line of the file
nG Move to nth line of the file
:n Move to nth line of the file
fc Move forward to c
Fc Move back to c
H Move to top of screen
M Move to middle of screen
L Move to botton of screen
% Move to associated ( ), { }, [ ]
Deleting Text :-
Almost all deletion commands are performed by typing d followed by a motion. For example, dw deletes a word. A few other deletes are:
x Delete character to the right of cursor
X Delete character to the left of cursor
D Delete to the end of the linedd Delete current line
:d Delete current line
Yanking Text :-
Like deletion, almost all yank commands are performed by typing y followed by a motion. For example, y$ yanks to the end of the line. Two other yank commands are
:yy Yank the current line
:y Yank the current line
Changing text :-
The change command is a deletion command that leaves the editor in insert mode. It is performed by typing c followed by a motion. For wxample cw changes a word. A few other change commands are:
C Change to the end of the line
cc Change the whole line
Putting text :-
p Put after the position or after the line
P Put before the poition or before the line
Buffers :-
Named buffers may be specified before any deletion, change, yank or put command. The general prefix has the form "c where c is any lowercase character. for example, "adw deletes a word into buffer a. It may thereafter be put back into text with an appropriate "ap.
Markers :-
Named markers may be set on any line in a file. Any lower case letter may be a marker name. Markers may also be used as limits for ranges.
mc Set marker c on this line
`c Go to beginning of marker c line.
'c Go to first non-blank character of marker c line.
Search for strings :-
/string Search forward for string
?string Search back for string
n Search for next instance of string
N Search for previous instance of string
Replace :-
The search and replace function is accomplished with the :s command. It is commonly used in combination with ranges or the :g command (below).
:s/pattern/string/flags Replace pattern with string according to flags.
g Flag - Replace all occurences of pattern
c Flag - Confirm replaces.
& Repeat last :s command
Regular Expressions :-
. (dot) Any single character except newline
* zero or more occurances of any character
[...] Any single character specified in the set
[^...] Any single character not specified in the set
^ Anchor - beginning of the line$ Anchor - end of line
\< Anchor - begining of word
\> Anchor - end of word
\(...\) Grouping - usually used to group conditions
\n Contents of nth grouping
[...] - Set Examples [A-Z] The SET from Capital A to Capital Z
[a-z] The SET from lowercase a to lowercase z
[0-9] The SET from 0 to 9 (All numerals)
[./=+] The SET containing . (dot), / (slash), =, and +
[-A-F] The SET from Capital A to Capital F and the dash (dashes must be specified first)
[0-9 A-Z] The SET containing all capital letters and digits and a space
[A-Z][a-zA-Z] In the first position, the SET from Capital A to Capital ZIn the second character position, the SET containing all letters
Regular Expression Examples /Hello/ Matches if the line contains the value Hello
/^TEST$/ Matches if the line contains TEST by itself
/^[a-zA-Z]/ Matches if the line starts with any letter
/^[a-z].*/ Matches if the first character of the line is a-z and there is at least one more of any character following it
/2134$/ Matches if line ends with 2134
/\(2135\)/ Matches is the line contains 21 or 35
Note the use of ( ) with the pipe symbol to specify the 'or' condition
/[0-9]*/ Matches if there are zero or more numbers in the line
/^[^#]/ Matches if the first character is not a # in the line
Notes:
1. Regular expressions are case sensitive
2. Regular expressions are to be used where pattern is specified
Counts :-
Nearly every command may be preceded by a number that specifies how many times it is to be performed. For example, 5dw will delete 5 words and 3fe will move the cursor forward to the 3rd occurence of the letter e. Even insertions may be repeated conveniently with thismethod, say to insert the same line 100 times.
Ranges :-
Ranges may precede most "colon" commands and cause them to be executed on a line or lines. For example :3,7d would delete lines 3-7. Ranges are commonly combined with the :s command to perform a replacement on several lines, as with :.,$s/pattern/string/g to make a replacement from the current line to the end of the file.
:n,m Range - Lines n-m
:. Range - Current line
:$ Range - Last line
:'c Range - Marker c
:% Range - All lines in file
:g/pattern/ Range - All lines that contain pattern
Files :-
:w file Write to file
:r file Read file in after line
:n Go to next file
:p Go to previos file
:e file Edit file
!!program Replace line with output from program
Other :-
~ Toggle upp and lower case
J Join lines
. Repeat last text-changing command
u Undo last change
U Undo all changes to line
Tuesday, July 10, 2007
Linux Disk utilities
Here is a list of Linux Disk utilities
fdisk /dev/hda
(= "fixed disk". As root.) Linux hard drive partitioning utility (DOS has a utility with the same name). In the example above, I specified that I would like to partition the first harddrive on the first IDE interface, hence "hda". If I were you, i would backup any important data before using fdisk on any partition. I do not not know anybody who likes fdisk (either Linux or DOS edition)--I prefer easier to use cfdisk, see next command.
cfdisk /dev/hda
(as root) Hard drive partitioning utility, menu-based. Easier to use then the plain-vanilla fdisk (see the previous command). Physical drives can contain primary partitions (max 4 per disk), and logical partitions (no restriction on number). A primary partition can be bootable. Logical partitions must be contained within "extended partitions"; extended partitions are not usable by themselves, they are just a container for logical partitions. When partitioning a disk, I typically: (1) create a primary partition (2) make the primary partition bootable (3) create an extended partition, (4) create logical partition(s) within the extended partition.
sfdisk -l -x more
(as root) List the partition tables (including extended partitions) for all drives on my system.
parted /dev/hda
A partition manipulation utility for Linux (ext2), and DOS (FAT and FAT32) hard drive partition. It is for creation, destroying, moving, copying, shrinking, and extending partitions. You should really like to backup your data and carefully read info parted before using it.
fdformat /dev/fd0H1440
mkfs -c -t ext2 /dev/fd0
(=floppy disk format, two commands, as root) Perform a low-level formatting of a floppy in the first floppy drive (/dev/fd0), high density (1440 kB). Then make a Linux filesystem (-t ext2), checking/marking bad blocks (-c ). Making the filesystem is an equivalent to the high-level formatting. I can also format floppies to different (also non-standard) densities; try ls /dev/fd0 .I am also able to format to the default density (normally 1440k) using fdformat /dev/fd0.
badblocks /dev/fd01440 1440
(as root) Check a high-density floppy for bad blocks and display the results on the screen. The parameter "1440" specifies that 1440 blocks are to be checked. This command does not modify the floppy. badblocks can be also used to check the surface of a hard drive but I have to unmount the filesystem first to do a full read-write check:
mount [to find out which device contains the disk partition I wish to check for bad blocks] umount /dev/hda8 [unoumnt the selected partition]
badblocks -n /dev/hda8 [check the selected partition in a non-destructive read-write mode, so that my data is not erased!]
mount /dev/hda8 [mount the partition back since no info on bad blocks was printed]
If bad blocks are found, they can be marked on the hard drive so that will not be used using: e2fsck -c /dev/hda8
fsck -t ext2 /dev/hda2
(=file system check, as root) Check and repair a filesystem, e.g., after an "unclean" shutdown due to a power failure. The above example performs the check on the partition hda2, filesystem type ext2. You definitely want to unmount the partitions or boot Linux in the "single mode" to perform this (type "linux single" at the LILO prompt or use init 1 as root to enter the single user mode). If errors are found during the filesystem checkup, I accept the defaults for repair.
tune2fs -j /dev/hda2
(as root, only for kernel that support ext3--RH7.2) Adjust the tuneable parameter of an ext2 filesystem. The example above shows how to add a journal to a disk partition (hda2 in this example), effectively converting the file system to ext3 (journaling) filesystem. To complete the transition, you must also edit the file /etc/fstab and change the filesystem type from ext2 to ext3, else you may run into problems--ext2 will not mount an uncleanly shut down journaled filesystem! To check what is the type of the filesystem use mount (with no arguments) or cat /etc/mtab. Other options of tune2fs let you me add a volume label, adjust the number of mounts after which the filesystem check is performed (maximal mount count), or turn on time-based filesystem checks instead (less often used).
dd if=/dev/fd0H1440 of=floppy_image
dd if=floppy_image of=/dev/fd0H1440
(two commands, dd="data duplicator") Create an image of a floppy to the file called "floppy_image" in the current directory. Then copy floppy_image (file) to another floppy disk. Works like DOS "DISKCOPY".
mkbootdisk --device /dev/fd0 2.4.2-3
Make an emergency boot floppy. You are typically asked if you would like to make a boot disk during the system installation. The above command shows how to make it after install, on the first floppy drive (/dev/fd0). Your kernel name (needed in the command, here 2.4.2-3) can be determined either by running uname -a or ls /lib/modules .
dd if=diskboot.img of=/dev/sda
booting from a USB .Also check is sda definitely your USB drive? I would imagine that your own system drive might be /dev/sda as all SCSI, IDE and SATA drives use the /dev/sd? naming convention now.
fdisk /dev/hda
(= "fixed disk". As root.) Linux hard drive partitioning utility (DOS has a utility with the same name). In the example above, I specified that I would like to partition the first harddrive on the first IDE interface, hence "hda". If I were you, i would backup any important data before using fdisk on any partition. I do not not know anybody who likes fdisk (either Linux or DOS edition)--I prefer easier to use cfdisk, see next command.
cfdisk /dev/hda
(as root) Hard drive partitioning utility, menu-based. Easier to use then the plain-vanilla fdisk (see the previous command). Physical drives can contain primary partitions (max 4 per disk), and logical partitions (no restriction on number). A primary partition can be bootable. Logical partitions must be contained within "extended partitions"; extended partitions are not usable by themselves, they are just a container for logical partitions. When partitioning a disk, I typically: (1) create a primary partition (2) make the primary partition bootable (3) create an extended partition, (4) create logical partition(s) within the extended partition.
sfdisk -l -x more
(as root) List the partition tables (including extended partitions) for all drives on my system.
parted /dev/hda
A partition manipulation utility for Linux (ext2), and DOS (FAT and FAT32) hard drive partition. It is for creation, destroying, moving, copying, shrinking, and extending partitions. You should really like to backup your data and carefully read info parted before using it.
fdformat /dev/fd0H1440
mkfs -c -t ext2 /dev/fd0
(=floppy disk format, two commands, as root) Perform a low-level formatting of a floppy in the first floppy drive (/dev/fd0), high density (1440 kB). Then make a Linux filesystem (-t ext2), checking/marking bad blocks (-c ). Making the filesystem is an equivalent to the high-level formatting. I can also format floppies to different (also non-standard) densities; try ls /dev/fd0 .I am also able to format to the default density (normally 1440k) using fdformat /dev/fd0.
badblocks /dev/fd01440 1440
(as root) Check a high-density floppy for bad blocks and display the results on the screen. The parameter "1440" specifies that 1440 blocks are to be checked. This command does not modify the floppy. badblocks can be also used to check the surface of a hard drive but I have to unmount the filesystem first to do a full read-write check:
mount [to find out which device contains the disk partition I wish to check for bad blocks] umount /dev/hda8 [unoumnt the selected partition]
badblocks -n /dev/hda8 [check the selected partition in a non-destructive read-write mode, so that my data is not erased!]
mount /dev/hda8 [mount the partition back since no info on bad blocks was printed]
If bad blocks are found, they can be marked on the hard drive so that will not be used using: e2fsck -c /dev/hda8
fsck -t ext2 /dev/hda2
(=file system check, as root) Check and repair a filesystem, e.g., after an "unclean" shutdown due to a power failure. The above example performs the check on the partition hda2, filesystem type ext2. You definitely want to unmount the partitions or boot Linux in the "single mode" to perform this (type "linux single" at the LILO prompt or use init 1 as root to enter the single user mode). If errors are found during the filesystem checkup, I accept the defaults for repair.
tune2fs -j /dev/hda2
(as root, only for kernel that support ext3--RH7.2) Adjust the tuneable parameter of an ext2 filesystem. The example above shows how to add a journal to a disk partition (hda2 in this example), effectively converting the file system to ext3 (journaling) filesystem. To complete the transition, you must also edit the file /etc/fstab and change the filesystem type from ext2 to ext3, else you may run into problems--ext2 will not mount an uncleanly shut down journaled filesystem! To check what is the type of the filesystem use mount (with no arguments) or cat /etc/mtab. Other options of tune2fs let you me add a volume label, adjust the number of mounts after which the filesystem check is performed (maximal mount count), or turn on time-based filesystem checks instead (less often used).
dd if=/dev/fd0H1440 of=floppy_image
dd if=floppy_image of=/dev/fd0H1440
(two commands, dd="data duplicator") Create an image of a floppy to the file called "floppy_image" in the current directory. Then copy floppy_image (file) to another floppy disk. Works like DOS "DISKCOPY".
mkbootdisk --device /dev/fd0 2.4.2-3
Make an emergency boot floppy. You are typically asked if you would like to make a boot disk during the system installation. The above command shows how to make it after install, on the first floppy drive (/dev/fd0). Your kernel name (needed in the command, here 2.4.2-3) can be determined either by running uname -a or ls /lib/modules .
dd if=diskboot.img of=/dev/sda
booting from a USB .Also check is sda definitely your USB drive? I would imagine that your own system drive might be /dev/sda as all SCSI, IDE and SATA drives use the /dev/sd? naming convention now.
Sunday, July 8, 2007
How to Change Password?
The command to change your password on unix is passwd. The system will prompt you to enter your current password, then a new one. Your chosen password will be checked against a password cracking program, and if it is too easy to crack you will have to try again. Use a mixture of upper and lower case letters, numbers and punctuation characters.
How to setup an SSH tunnel?
SSH is a powerful daemon that can do much more than simply log you into a server. One particularly useful function it provides is tunneling, whereby you can connect a client on your computer to a remote server and run a service you might not otherwise be able to access.
Tunneling will only work for applications that run over a TCP-based protocol and that allow you to specify what port the client should connect to. It is quite simple to setup a tunnel; all you have to do is tell SSH which port on your computer (the local port) is to be connected to which port on the remote server (the remote port), and then tell your client to use that local port. By default clients usually go straight to the remote port.
Commandline SSH :-
The basic form of the command is:ssh -L:localhost: where is an unused high-number port on your pc, eg. 2300, 14328 or 45000 is the well-known port for the service you wish to useand is one of CSE's general access servers, eg. hummel, wagner or weillthen point your local client's port configuration to localhost:. There are variations on this basic form which you can experiment with, see the manpage.
PuTTY :-
*In the side menu click on Connection->SSH->Tunnels .
*if you will be running X11 programs, select X11 Forwarding. Leave X Display Location as localhost:0
*do not select 'local ports accept connections from other hosts' under Port Forwarding unless you have a particular reason for doing so
*under Add New Forwarded Port fill in the values for Source Port and Destination, select Local.
*click Add and Open
SSHWinclient :-
*In the top bar click on Edit->Settings->Profile Settings->Tunneling
*click Add
*enter a Display Name if you desire
*leave Type as TCP
*fill in the values for the Listen Port (local port), Destination host and port
*select Allow Local Connection only and click OK
*select Tunnel X11 if you will be running X11 programs
*select Enable for SSH1 connections, click OK
Tunneling will only work for applications that run over a TCP-based protocol and that allow you to specify what port the client should connect to. It is quite simple to setup a tunnel; all you have to do is tell SSH which port on your computer (the local port) is to be connected to which port on the remote server (the remote port), and then tell your client to use that local port. By default clients usually go straight to the remote port.
Commandline SSH :-
The basic form of the command is:ssh -L
PuTTY :-
*In the side menu click on Connection->SSH->Tunnels .
*if you will be running X11 programs, select X11 Forwarding. Leave X Display Location as localhost:0
*do not select 'local ports accept connections from other hosts' under Port Forwarding unless you have a particular reason for doing so
*under Add New Forwarded Port fill in the values for Source Port and Destination, select Local.
*click Add and Open
SSHWinclient :-
*In the top bar click on Edit->Settings->Profile Settings->Tunneling
*click Add
*enter a Display Name if you desire
*leave Type as TCP
*fill in the values for the Listen Port (local port), Destination host and port
*select Allow Local Connection only and click OK
*select Tunnel X11 if you will be running X11 programs
*select Enable for SSH1 connections, click OK
Friday, July 6, 2007
Load Balancing Using Round Robin
Creating a Load Balancing effect with DNS servers is easier than you might think. Maybe if you have ever heard of the term round robin algorythms you have an idea of what im talking about. Find out a detail article of load balancing using DNS servers like BIND.
Configure Round Robin
We take for granted that you already have multiple servers and that you are in need og dividing your load between servers. The most typical load balacing scenarios are applied on web servers, however you can do it with Mail Servers or other type of services as needed.
Balancing Mail
You can balance your mail simply adding different mail hosts with the same mail priority, like in the case below, you will notice 3 instances of mail servers with a priority of 10. This simply will divide the load between the 3 servers.
Define multiple MX records with the same priority
; zone file fragment IN MX 10 mail.example.com.
IN MX 10 mail1.example.com.
IN MX 10 mail2.example.com
.....
mail IN A 192.168.0.1
mail1 IN A 192.168.0.2
mail2 IN A 192.168.0.3
The name server will deliver the MX records in the order defined by the rrset-order and the receiving SMTP software will select one based on its algorithm. In some cases the SMTP alogithm may work against the definition of the rrset-order statement. Current versions of sendmail (8.13.x), Exim (4.44) and Postfix (2.1 or 2.2) all have definitive references to indicate they randomly select equal preference servers (Postfix allows control of the behaviour with the smtp_randomize_addresses parameter) and consequentially may use an address which the rrset-order has carefully tried to change! qmail, courier-mta and Microsoft (Exchange and IIS SMTP) documentation do not appear to have definitive references to indicate how they handle this case.
2. The alternate approach is to define multiple A records with the same name and different IP addresses.
; zone file fragment
IN MX 10 mail.example.com
.....
mail IN A 192.168.0.4
IN A 192.168.0.5
IN A 192.168.0.6
In this case the load-balancing effect is under the control of BIND and the rrset-order record. In order to avoid problems if the receiving mail system does reverse look up as a spam check then the PTR records for 192.168.0.4, 192.168.0.5, 192.168.0.6 above must all define to mail.example.com.
In all the above cases each mail server must be capable of handling and synchronising the load for all the mail boxes served by the domain, using some appropriate back-end to do this or by defining all but one server to be a relay or forwarder.
Balancing Other Services
Assuming you want to load share your ftp or web services then you simply define multiple A records with the same name and different IPs as in the example below.
; zone file fragment
ftp IN A 192.168.0.4
ftp IN A 192.168.0.5
ftp IN A 192.168.0.6
www IN A 192.168.0.7
www IN A 192.168.0.8
; or use this format which gives exactly the same result
ftp IN A 192.168.0.4
IN A 192.168.0.5
IN A 192.168.0.6
www IN A 192.168.0.7
IN A 192.168.0.8
The DNS will deliver all the IP addresses defined, the first IP address in the list will be in a default round robin (controlled by the rrset 'named.conf' directive). The FTP and WEB servers must all be exact replicas of each other in this scenario.
Controlling the order of RRs
You can control the order of RR that BIND supplies in response to queries by use of a rrset-order option which works for any set of equal records. The default behaviour is defined to be random-cyclic - a random selection of the initial order thereafter cyclic (round-robin). Experimentation with BIND 9.3.0 showed that the default is cyclic.
rrset-order
rrset-order { order_spec ; [ order_spec ; ... ]
rrset-order defines the order in which multiple records of the same type are returned. This works for any record type in which the records are similar. RRSET-ORDER IS FULLY IMPLEMENTED IN BIND > 9.2.3. The default is defined to be a random-cyclic order (the starting address is randomly chosen and thereafter round-robin order). Note: Experimentation showed the default to be pure cyclic.
The full specification of rrset-order is shown below. An 'order_spec' is defined as:
class class_name ][ type type_name ][ name "domain_name"] order ordering;
Where 'class_name' is the record class e.g. IN (default is 'any'), type is the resource record type (if none specified defaults to 'any'), domain_name limits the statement to a specific domain suffix and defaults to root (all domains), order is a key word and ordering may take one of the following values:
* fixed - records are returned in the order they are defined in the zone file
* random - records are returned in a random order
* cyclic - records are returned in a round-robin fashion
Examples
Defines that all equal records for all domains will be returned in random order.
rrset-order {order random;};
Defines that all equal MX records for all example.com will be returned in random order all others in cyclic order.
rrset-order {type MX order random name "example.com"; order cyclic};
This statement may be used in a view or a global options clause.
Effectiveness of DNS Load Balancing
Assuming the interest in controlling the order is to load balance across multiple servers supporting a single service - the real question is how effective can the DNS system be in providing this balancing?
The effects of caching will distort the effectiveness of any IP address allocation algorithm unless a 0 TTL is used which has the effect of significantly increasing the load on the DNS (and is not always implemented consistently). In this case the cure may be worse than the disease Good news we have good load balancing on our web servers. Bad news we need 17 more DNS servers!. Intuitively, and without running any experiments to verify, we would suggest that given a normal TTL (12 hours or more) and ANY IP allocation algorithm other than a single static list, loads should be reasonably balanced (measured by request arrivals at destination IPs) given the following assumptions:
1. traffic is balanced over a number of DNS caches i.e. traffic originates from a number of ISPs or customer locations. Specifically there are no PATHOLOGICAL patterns where 90% (or some large'ish number) of the load originates from a particular cache/service).
2. the volume of traffic is reasonably high - since PATHOLOGICAL patterns are more likely in small traffic volumes.
What DNS load balancing cannot do is to account for service loading e.g. certain transactions may generate very high CPU or resource loads. For this type of control only a local load balancer - one which measures response times - will be effective.
Finally on this topic if you still consider that a DNS solution will do the trick if only you could control the order of IP address generation you can use the BIND 9 SDB API to achieve the result.
Configure Round Robin
We take for granted that you already have multiple servers and that you are in need og dividing your load between servers. The most typical load balacing scenarios are applied on web servers, however you can do it with Mail Servers or other type of services as needed.
Balancing Mail
You can balance your mail simply adding different mail hosts with the same mail priority, like in the case below, you will notice 3 instances of mail servers with a priority of 10. This simply will divide the load between the 3 servers.
Define multiple MX records with the same priority
; zone file fragment IN MX 10 mail.example.com.
IN MX 10 mail1.example.com.
IN MX 10 mail2.example.com
.....
mail IN A 192.168.0.1
mail1 IN A 192.168.0.2
mail2 IN A 192.168.0.3
The name server will deliver the MX records in the order defined by the rrset-order and the receiving SMTP software will select one based on its algorithm. In some cases the SMTP alogithm may work against the definition of the rrset-order statement. Current versions of sendmail (8.13.x), Exim (4.44) and Postfix (2.1 or 2.2) all have definitive references to indicate they randomly select equal preference servers (Postfix allows control of the behaviour with the smtp_randomize_addresses parameter) and consequentially may use an address which the rrset-order has carefully tried to change! qmail, courier-mta and Microsoft (Exchange and IIS SMTP) documentation do not appear to have definitive references to indicate how they handle this case.
2. The alternate approach is to define multiple A records with the same name and different IP addresses.
; zone file fragment
IN MX 10 mail.example.com
.....
mail IN A 192.168.0.4
IN A 192.168.0.5
IN A 192.168.0.6
In this case the load-balancing effect is under the control of BIND and the rrset-order record. In order to avoid problems if the receiving mail system does reverse look up as a spam check then the PTR records for 192.168.0.4, 192.168.0.5, 192.168.0.6 above must all define to mail.example.com.
In all the above cases each mail server must be capable of handling and synchronising the load for all the mail boxes served by the domain, using some appropriate back-end to do this or by defining all but one server to be a relay or forwarder.
Balancing Other Services
Assuming you want to load share your ftp or web services then you simply define multiple A records with the same name and different IPs as in the example below.
; zone file fragment
ftp IN A 192.168.0.4
ftp IN A 192.168.0.5
ftp IN A 192.168.0.6
www IN A 192.168.0.7
www IN A 192.168.0.8
; or use this format which gives exactly the same result
ftp IN A 192.168.0.4
IN A 192.168.0.5
IN A 192.168.0.6
www IN A 192.168.0.7
IN A 192.168.0.8
The DNS will deliver all the IP addresses defined, the first IP address in the list will be in a default round robin (controlled by the rrset 'named.conf' directive). The FTP and WEB servers must all be exact replicas of each other in this scenario.
Controlling the order of RRs
You can control the order of RR that BIND supplies in response to queries by use of a rrset-order option which works for any set of equal records. The default behaviour is defined to be random-cyclic - a random selection of the initial order thereafter cyclic (round-robin). Experimentation with BIND 9.3.0 showed that the default is cyclic.
rrset-order
rrset-order { order_spec ; [ order_spec ; ... ]
rrset-order defines the order in which multiple records of the same type are returned. This works for any record type in which the records are similar. RRSET-ORDER IS FULLY IMPLEMENTED IN BIND > 9.2.3. The default is defined to be a random-cyclic order (the starting address is randomly chosen and thereafter round-robin order). Note: Experimentation showed the default to be pure cyclic.
The full specification of rrset-order is shown below. An 'order_spec' is defined as:
class class_name ][ type type_name ][ name "domain_name"] order ordering;
Where 'class_name' is the record class e.g. IN (default is 'any'), type is the resource record type (if none specified defaults to 'any'), domain_name limits the statement to a specific domain suffix and defaults to root (all domains), order is a key word and ordering may take one of the following values:
* fixed - records are returned in the order they are defined in the zone file
* random - records are returned in a random order
* cyclic - records are returned in a round-robin fashion
Examples
Defines that all equal records for all domains will be returned in random order.
rrset-order {order random;};
Defines that all equal MX records for all example.com will be returned in random order all others in cyclic order.
rrset-order {type MX order random name "example.com"; order cyclic};
This statement may be used in a view or a global options clause.
Effectiveness of DNS Load Balancing
Assuming the interest in controlling the order is to load balance across multiple servers supporting a single service - the real question is how effective can the DNS system be in providing this balancing?
The effects of caching will distort the effectiveness of any IP address allocation algorithm unless a 0 TTL is used which has the effect of significantly increasing the load on the DNS (and is not always implemented consistently). In this case the cure may be worse than the disease Good news we have good load balancing on our web servers. Bad news we need 17 more DNS servers!. Intuitively, and without running any experiments to verify, we would suggest that given a normal TTL (12 hours or more) and ANY IP allocation algorithm other than a single static list, loads should be reasonably balanced (measured by request arrivals at destination IPs) given the following assumptions:
1. traffic is balanced over a number of DNS caches i.e. traffic originates from a number of ISPs or customer locations. Specifically there are no PATHOLOGICAL patterns where 90% (or some large'ish number) of the load originates from a particular cache/service).
2. the volume of traffic is reasonably high - since PATHOLOGICAL patterns are more likely in small traffic volumes.
What DNS load balancing cannot do is to account for service loading e.g. certain transactions may generate very high CPU or resource loads. For this type of control only a local load balancer - one which measures response times - will be effective.
Finally on this topic if you still consider that a DNS solution will do the trick if only you could control the order of IP address generation you can use the BIND 9 SDB API to achieve the result.
Disable directory browsing , APACHE
One of the "must do's" on setting a secure apache webserver environment is to disable directory browsing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary. If you have some basic knowledge of vi editor follow this steps
If you are on an RPM installation of Apache (which i dont really recommend) you will find the apache configuration
file probably here:
/etc/httpd/conf/httpd.conf
If you are using apache from the source tar balls ( like real men ) probably you will find the configuration file here:
/usr/local/apache/conf/httpd.conf
Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:
Options All FollowSymLinks MultiViews
Restart your apache webserver and thats it
If you are on an RPM installation of Apache (which i dont really recommend) you will find the apache configuration
file probably here:
/etc/httpd/conf/httpd.conf
If you are using apache from the source tar balls ( like real men ) probably you will find the configuration file here:
/usr/local/apache/conf/httpd.conf
Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:
Options All FollowSymLinks MultiViews
Restart your apache webserver and thats it
How to Restrict users in thier home directory?
Problem:
Traditionally, the best way to "lock down" users to their home directory is to use a "change rooted environment". However, this is expensive (resource wise) and sometimes not a very "nice" way to secure a server on a user per user basis.
For V-hosters, most of your concern lies in the simple feat of keeping customers from poking around your system, and other user's home dirs--without limiting their ability to execute binaries in their normal system path.
Solution:
To set up your system to use it... just do this:
chmod 700 /home -R
Not sure about that though. you might want a second oppinion.'Edit: That will work for home directory, as for system files I dont think that will work since many things have to be readable to work
Traditionally, the best way to "lock down" users to their home directory is to use a "change rooted environment". However, this is expensive (resource wise) and sometimes not a very "nice" way to secure a server on a user per user basis.
For V-hosters, most of your concern lies in the simple feat of keeping customers from poking around your system, and other user's home dirs--without limiting their ability to execute binaries in their normal system path.
Solution:
To set up your system to use it... just do this:
chmod 700 /home -R
Not sure about that though. you might want a second oppinion.'Edit: That will work for home directory, as for system files I dont think that will work since many things have to be readable to work
Some Unix Commands.
Directory:- pwd, cd, mkdir, rmdir, rm -rf
Display the current directory path you are in.
pwd
Change directories
cd directory
cd path\to\directory
Create a new directory
mkdir directory_name
Delete an empty directory
rmdir directory_name
Delete a directory and all sub directories/files.
rm -rf directory_name
----------
Files :- ls, ls -l,ls -la, cp, mv, rm, rm -i
List files in a directory
ls
ls -l
ls -al
copy a file to another filename.
cp filename1 filename2
move or rename a file.
mv filename1 filename2
mv filename1 directory\filename2
Delete a file (with rm you will not usually get a prompt to confirm)
rm filename
rm -i filename
--------------
Shortcuts :- cd, alias
Go to a directory within your home directory.
cd ~/directory
Change to your home directory
cd (by itself)
Display the current directory path you are in.
pwd
Change directories
cd directory
cd path\to\directory
Create a new directory
mkdir directory_name
Delete an empty directory
rmdir directory_name
Delete a directory and all sub directories/files.
rm -rf directory_name
----------
Files :- ls, ls -l,ls -la, cp, mv, rm, rm -i
List files in a directory
ls
ls -l
ls -al
copy a file to another filename.
cp filename1 filename2
move or rename a file.
mv filename1 filename2
mv filename1 directory\filename2
Delete a file (with rm you will not usually get a prompt to confirm)
rm filename
rm -i filename
--------------
Shortcuts :- cd, alias
Go to a directory within your home directory.
cd ~/directory
Change to your home directory
cd (by itself)
Go back 1 directory in the tree
cd ..
Create your own shortcuts for a command
alias shortcut='full command'
See a list of shortcuts that you have already created.
alias (by itself)
----------------
Search :- find, grep
Locate a file on the shell (looking in all sub directories)
find . -name filename -print
look for a file that contains a specific word and/or phrase .
grep word file(s)
grep blowfish *
-------------------
Getting Help :- man, apropox
Look up in the manual for information on a command
man command
Getting help when you have an idea of what to do but do not know what the relavent command is.
apropos word
-----------------------
Extract archives :- tar, unzip, gunzip
decompress a .tar.gz file:
tar -zxvf filename
decompress a .tar file:
tar -xvf filename
decompress a .zip file:
unzip filename
decompress a .gz file:
gunzip filename
-----------------
System :- ps, kill, uptime
Display basic information about current running processes.
ps x
Display more detailed information about runnging processes including memory/process usage.
ps ux
Kill a process corresponding to a PID number.
kill -15 #PID (Only use kill -9 #pid if your bot does not respond to a kill -15 #pid signal)
kill -9 #PID
kill -9 11542
Kill / Terminate all running processes in your account.
kill -15 -1
kill -9 -1
The uptime shell command shows the time since the system was last booted, the number of active user processes and a final column showing something called load averages. The 3 Values for load averages are taken from the last 1, 5 and 15 minutes and represent CPU utilisation.Ideally a load average below 1 is ideal, when you start to commonly see averages above 2 you should consider investing in a new server or upgrades to current hardware. You will notice high load average by poor response times from the machine.
uptime
-----------------
Chmod :-
Chmod changes the access privaledges on a file making it readable, writable and/or executable. It defines which users may have access to a file and how much access they have.
This column shows what access a file already has and is split into 3 sections, which can be represented by letters.
User Group Others/Everyone
- rw- r-- r--
u The User who owns the file (this means “you.”)
g The Group the file belongs to.
o The Other users.
a All of the above (an abbreviation for ugo)
To change the access permissions of a file you use the command chmod as discussed a little later.
Letter Correspnding Number Definition
r 1 Permission to Read a file (list a directory).
w 2 Permission for Writing to and deleting files and/or directories.
x 4 Permission to eXecute (run) a file.
The octal (0-7) value is calculated by adding up the values for each digit
User (rwx) = 4+2+1 = 7
Group(rx) = 4+1 = 5
Others (rx) = 4+1 = 5
chmod mode = 755
change the permissions on a file.
chmod who=permission(s) filename
chmod numbers filename
We will show you some examples of both these mothods using this file:
permissions before Commands permissions after
-rwxr-xr-x chmod 700 file.conf -rwx------
-rwxr-xr-x chmod go= file.conf -rwx------
-rwxr-xr-x chmod u=rw file.conf -rw-r-xr-x
-rwxr-xr-x chmod 555 file.conf -r-xr-xr-x
Personally i prefer using the numbers as opposed to letters to represent permissions on a file.
---------------
About yourself :- whoami, passwd, quota, du, last
Display what username you are currently logged on under
whoami
Change your password
passwd
Display your current quota on the shell
quota -v
Display current disk usage of a filename and/or directory. Without an option it will use the current directory. du -s will only give a total.
du filename/directory
Shows a list of your last logins
last YourUsername
----------------
Accessing external sites :- ftp, wget, lynx, telnet
Accessing an ftp site from your shell
ftp hostname
ftp ftp.url.org
common commands to remeber using ftp are get, dir, cd. You can type help command at any time while using ftp on your shell.
Getting a file directly from an http or ftp site without logging in.
wget file
wget ftp://somewebsite.com/filename.zip
wget http://www.somwhere.org/download/file.tar.gz
Browse the web from an ordinary terminal, type H at any time to learn more about lynx
lynx
To connect to a remote host you can use telnet as follows:
telnet hostname
--------------------
Please report inaccuracies or errors that I have made to hemant@allaboutunix.com
Subscribe to:
Posts (Atom)