Monday, October 1, 2012

Text Processing Tools

# diff
example:
# diff <file1> <file2>

# diff -Naur <original> <updated> > patchfile
this command will created a relatively small patch

# patch 
 example:
# patch <file-need-to-patch> <patchfile>

# cut
example:
# cut -f3 -d: /etc/passwd

# /sbin/ip addr | grep 'inet' | cut -d ' ' -f6 | cut -d / -f1
this command will cut a single piece of information which is IP address from /sbin/ip addr

# head
 example
# head  /etc/passwd
 by default will display first 10 line
# head  -n  3  /etc/passwd
will display first 3 line

# tail
 example
# tail  /etc/passwd
# tail -n  3  /etc/passwd
# tail -f  /var/log/messages
this command will keep update the message log until Ctrl + c is pressed

# wc
example
# wc <file>
to count number of lines, words, bytes or character in a file

# sort
sort line

# uniq
remove duplicate line from file

# tr
# tr 'A-Z' 'a-z'
change the upper to smaller and wise visa
Posted by at No comments:

Auto mount

/etc/auto.master provides the master configuration for autofs

Example:

/home/guests /etc/auto.guests



/etc/auto.guests file was specified in /etc/auto.master

Example using LDAP user home directories

ldapuser1     -rw     ldap.example.com:/home/guests/ldapuser1


there are wild card if you intend to auto mount all

*        ldap.example.com:/home/guests/&


After all done, just do

# service autofs reload



* note, if we mount /home/guests for using automount. the whole folder of guests will be take over by it and we unable to edit things in it
Posted by at No comments:

Centos 6 Virtual machine tools

Virtual machine manager is the graphical tool used to manage virtual machine.
it was only available in 64bit installation.
you can run the tools from Application > system tools > Virtual machine manager

Virsh command allow you to manage your virtual machine
Here are the some command to use with virsh

# virsh list
# virsh destroy <server name>
# virsh list --all
# virsh start <server name>
# virst shutdown <server name>
Posted by at No comments:

Wednesday, September 19, 2012

convert bmp to jpg


if [ -z "$1" ];then
        echo "Error: please put a file path to convert"
        exit 1
else
        CPATH="$1"
fi

find $CPATH -type f -iname \*.bmp | while read filename; do

    convert "$filename" -quality 100% "$filename".jpg && rename .bmp.jpg .jpg "$filename".jpg && rm "$filename"
done


script thanks to my Manager Lye
Posted by at No comments:

mod_evasive


mod_evasive is a plugin for Apache Web Server to prevent DOS attack.

After a few weeks of trial and error, research. mod_evasive is able to work with iptables.

Here is the installation steps:

1) yum install mod_evasive
2) vi /etc/httpd/conf.d/mod_evasive.conf

<------------------------------ mod_evasive.conf content ----------------------------------->
LoadModule evasive20_module modules/mod_evasive20.so

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
    DOSEmailNotify      sat.server@my.offgamers.lan
    DOSSystemCommand    "bash /var/lock/mod_evasive/evasive.sh %s"
    DOSLogDir           "/var/lock/mod_evasive"
    #DOSWhitelist       127.0.0.1
    #DOSWhitelist       192.168.0.*
</IfModule>
<------------------------------ mod_evasive.conf content ----------------------------------->

3) mkdir /var/lock/mod_evasive
4) chown apache:apache /var/lock/mod_evasive
* mod_evasive need to record the DOS IP address to this directory
5) vi /var/lock/mod_evasive/evasive.sh
<------------------------------ evasive.sh content ----------------------------------->
sudo /sbin/iptables -I INPUT -s $1 -j DROP
sleep 600
sudo /sbin/iptables -D INPUT -s $1 -j DROP
sudo /bin/rm -f /var/lock/mod_evasive/dos-$1
<------------------------------ evasive.sh content ----------------------------------->
How evasive.sh work?
mod_evasive detected DOS, it will execute the evasive.sh and create a file like dos-172.30.10.223 under /var/lock/mod_evasive.
the dos-* files are used to keep track the blocked IP address.
Execute evasive.sh will do the following things:
Issue iptables too drop the IP address, sleep for ten minutes, and then remove the blocked IP address, after that delete the dos-* file
under /var/lock/mod_evasive, otherwise it wouldn't re-block again.

6) visudo
Change:
Defaults requiretty -> #Defaults requiretty

Add:
Cmnd_Alias EVASIVE = /sbin/iptables, /bin/rm
apache   ALL=(ALL)   NOPASSWD: EVASIVE

7) finally restart httpd service, use watch -n 1 -d iptables -nvL and watch -n 1 -d ls -lsa /var/lock/mod_evasive to monitor how the process working


Information thanks to my Senior Voo
Posted by at 1 comment:

Friday, August 3, 2012

Setup nagios

Nagios Server

 add rpmforge into the server repo

# yum install nagios nagios-nrpe nagios-plugins nagios-plugins-nrpe perl-Nagios-Plugin
# chkconfig nagios on
# chkconfig nrpe on

Edit the /etc/httpd/conf.d/nagios.conf to remove the SSL and user authentication
# vim /etc/httpd/conf.d/nagios.conf


  1  ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi"
  2
  3  <Directory "/usr/lib64/nagios/cgi">
  4  #  SSLRequireSSL
  5     Options ExecCGI
  6     AllowOverride None
  7     Order allow,deny
  8     Allow from all
  9  #   AuthName "Nagios Access"
 10  #   AuthType Basic
 11  #   AuthUserFile /etc/nagios/htpasswd.users
 12  #   Require valid-user
 13  </Directory>
 14
 15  Alias /nagios "/usr/share/nagios"
 16
 17  <Directory "/usr/share/nagios">
 18  #  SSLRequireSSL
 19     Options None
 20     AllowOverride None
 21     Order allow,deny
 22     Allow from all
 23  #   AuthName "Nagios Access"
 24  #   AuthType Basic
 25  #   AuthUserFile /etc/nagios/htpasswd.users
 26  #   Require valid-user
 27  </Directory>
-----------------------------------------------------------------------------------

Edit /etc/nagios/cgi.cfg
# vim /etc/nagios/cgi.cfg


 use_authentication=0
 use_ssl_authentication=0
----------------------------------------------------------------------------------
# vim  /etc/nagios/objects/server.cfg



define hostgroup{
        hostgroup_name  linux-server
        alias           Linux Servers
        members         localhost,my-dns2
        }


define host{
        use                     linux-server
        host_name               my-dns2
        alias                   my-dns2
        address                 my-dns2.offgamers.lan
        }

define service{
        use                     local-service
        host_name               my-dns2
        service_description     Swap
        check_command           check_nrpe!check_swap
        }




# vim  /etc/nagios/nagios.cfg

add the location of the hosts file in the object folder


Format: cfg_file=<file_name>
Example: cfg_file=/usr/local/nagios/etc/hosts.cfg
                cfg_file=/usr/local/nagios/etc/services.cfg
                cfg_file=/usr/local/nagios/etc/commands.cfg





Nagios Client
# yum install nagios-nrpe nagios-plugins nagios-plugins-nrpe perl-Nagios-Plugin
# chkconfig nrpe on

# vim /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,172.30.10.218

at the bottom, edit the check command to suit your environment
----------------------------------------------------------------------------------





If you start Nagios server having error
use
# nagios -v /etc/nagios/nagios.cfg 
to check whats wront




Nagios Option available

http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html

Posted by at No comments:

smokeping 2.6.8 for Centos 6.3

add rpmforge into your linux repo

yum install:

  • mod_fcgid
  • httpd
  • httpd-devel
  • rrdtool
  • perl-CGI-SpedtCGI
  • fping
  • perl-RRD-Simple
  • perl
# yum install mod_fcgid httpd httpd-devel rrdtool perl-CGI-SpeedCGI fping perl-RRD-Simple perl
# yum groupinstall "Development tools"

download the smokeping package from
http://oss.oetiker.ch/smokeping/pub/

# wget http://oss.oetiker.ch/smokeping/pub/smokeping-2.6.8.tar.gz
# tar -zxvf smokeping-2.6.8.tar.gz
# mv smokeping-2.6.8  /opt/smokeping
# cd smokeping-2.6.8

then manual install perl package manually

#perl -MCPAN -e shell

> install FCGI
> install CGI::Fast
> install Config::Grammar
> install Digest::HMAC_MD5
> install Net::Telnet
> install Net::OpenSSH
> install Net::SNMP
> install Net::LDAP
> install Net::DNS
> install IO::Pty
> install LWP


other from manually install, you can run the script locate at smokeping /opt/smokeping/setup
# cd  /opt/smokeping/setup
# ./build-perl-modules.sh

after done, run to configure and make install
# cd /opt/smokeping
# ./configure --prefix=/opt/smokeping
# make install


now we go for preparing for the configuration file
# cd /opt/smokeping/etc
# for foo in *.dist; do cp $foo `basename $foo .dist`; done

#vim /etc/httpd/conf/httpd.conf

change:
DirectoryIndex index.html index.html.var
to:
DirectoryIndex index.html index.html.var smokeping.fcgi

then enable this
AddHandler cgi-script .cgi

-------------------------------------------------------------------------------------------
# vim /etc/httpd/conf.d/smokeping.conf

<Directory "/var/www/html/smokeping">
    Options +ExecCGI
</Directory>
-------------------------------------------------------------------------------------------

# mkdir /opt/smokeping/img
# chown -R apache:apache /opt/smokeping/img
# ln -s /opt/smokeping/htdocs /var/www/html/smokeping
# ln -s /opt/smokeping/img /var/www/html/smokeping

# mkdir /opt/smokeping/data

# mkdir /opt/smokeping/var

# chmod 600 /opt/smokeping/etc/smokeping_secrets
# chown -R apache:apache /var/www/html/smokeping

restart the httpd
# /etc/init.d/httpd restart

edit the smokeping config to your need
# vim /opt/smokeping/etc/config

 start the smokeping services
# ./bin/smokeping --config=/opt/smokeping/etc/config --logfile=smoke.log
Reference and help thanks to Tony from http://ai.net.nz
Posted by at 5 comments:
Subscribe to: Posts (Atom)