Thursday, December 30, 2010

Why do I receive "unable connect to socket: No route to host (113)"

■ Error : Why do I receive "unable connect to socket: No route to host (113)"
■ OS Environment : Linux[RHEL, Centos]
■ Application: vncviewer 
■ Resolution : 

  •  Please check the firewall in the linux server.  Please allow the ports 5801,5901 and 6001 in the iptables or firewall. 
  • Then restart the firewall and try to connect to the server. 
  • Disable firewall.
  • Make sure proper gateway is setup for all defined routes.



Flow diagram of systemtap debugging scripting tool


■ Requirement : Flow diagram of systemtap debugging scripting tool
■ OS Environment : Linux[RHEL, Centos]
■ Application: systemtap
■ Implementation Steps : 

Systemtap: Scripting tool to debug and monitor the whole system processes or any events.

Installation step : 

yum install kernel-devel
yum install kernel-debuginfo
yum install systemtap















Usage Syntax :

-------------
probe {handler}

Where event is kernel.function, process.statement, timer.ms, begin, end etc

and handler can be filtering/control statement and
helper function : log, printf, pid etc
-------------


Example :

$cat hellworld.stp
probe begin
{
print("This is hello world\n")
exit()
}


Execution of above script :

$ stap hellworld.stp 
This is hello world
$ cat primecheck.stp
function isprime (x) {
if (x < 2) return 0
for (i = 2; i < x; i++) {
if (x % i == 0) return 0
if (i * i > x) break
}
return 1
}

probe begin {
for (i = 0; i < 50; i++)
if (isprime (i)) printf("%d\n", i)
exit()
}


stap-authorize-signing-cert stap-report
$ stap primecheck.stp
2
3
5
7
11
13
17
19
23
29
31
37
41
43
47




Tuesday, December 28, 2010

How to remotely access the linux desktop from any linux or windows machine?

■ Requirement : How to remotely access the linux desktop from any linux or windows machine
■ OS Environment : Linux[RHEL, Centos]
■ Application: vncserver, vncviewer
■ Implementation Steps : 

1. On server-linux(Which will be accessed) : yum install vnc*
2. On client-linux(who will access the remote desktop of the server ) : yum install vncviewer
3. On server, execute following command  :

$vncpasswd

Set password to access over vnc.

4. Edit /etc/sysconfig/vncservers

VNCSERVERS="1:root"

5. Enable at boot level :

$ chkconfig vncserver on

6. Start VNC server :

$ service vncserver start

7. If firewall present, allow port 5901.

9. Edit /root/.vnc/xstartup and comment following lines :

#unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc

10. On client :

Execute command : 

$vncviewer

Enter IP of the server and password of the server. Now remote desktop will appear. OR you can access the rdesktop like :

$vncviewer IP_of_SERVER:1

Access from windows client : 
           To access the server from windows machine please install vncviewer on it and execute the binary. Then put IP of the server and password. that's it.



Wednesday, December 22, 2010

How to configure autofs with NFS4?

■ Requirement : install & configure autofs
■ OS Environment : Linux[RHEL, Centos]
■ Application:autofs
■ Implementation Steps : 

1. On NFS client machine do the following :

$ yum install autofs

2. Edit /etc/auto.master & and put like :

/home /etc/auto.home --timeout=60

4. Edit /etc/auto.home and put following :

* -fstype=nfs,rw,nosuid,soft,fsid=0 IPof_nfs_server:/home/&

5. Start autofs :

$/etc/init.d/autofs start

Tuesday, December 21, 2010

How to install and configure NFSv4 server and client on linux mach4ine?

■ Requirement : Install & Configure NFSv4
■ OS Environment : NFS client - RHEL 5, NFS SERVER - RHEL 6
■ Application: nfsv4
■ Assumption : 

  •            Client IP= 10.65.211.15, 
  •            NFS server IP =10.65.211.12, 
  •            FS Share Directory : /var/nfs4testing

■ Implementation Steps : 

How NFS Works :

       NFS consists of at least two main parts: a server and one or more clients. The client remotely accesses the data that is stored on the server machine. In order for this to function properly a few processes have to be configured and running.

The server has to be running the following daemons:

Daemon Description :

      nfsd : The NFS daemon which services requests from the NFS clients.
      mountd  : The NFS mount daemon which carries out the requests that nfsd passes on to it.
      rpcbind :This daemon allows NFS clients to discover which port the NFS server is using.

  The client can also run a daemon, known as nfsiod. The nfsiod daemon services the requests from the NFS server. This is optional, and improves performance, but is not required for normal and correct operation.

A. NFS server configuration for nfs4 :

$ yum install nfs-utils nfs4-acl-tools portmap
$ cat /etc/exports
/var/nfs4testing/ 10.65.211.15(rw,sync,fsid=0) 

$chkconfig nfs on
$ chkconfig portmap on

$ cat /etc/hosts.deny | grep portmap
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
portmap:ALL

$ cat /etc/hosts.allow| grep 10.65.211
portmap:10.65.211.0/24
portmap:10.65.192.0/24

Verify that following daemons are running on server : 

$ rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 896 status
100024 1 tcp 899 status
100011 1 udp 1000 rquotad
100011 2 udp 1000 rquotad
100011 1 tcp 1003 rquotad
100011 2 tcp 1003 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 60156 nlockmgr
100021 3 udp 60156 nlockmgr
100021 4 udp 60156 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 tcp 51539 nlockmgr
100021 3 tcp 51539 nlockmgr
100021 4 tcp 51539 nlockmgr
100005 1 udp 603 mountd
100005 1 tcp 606 mountd
100005 2 udp 603 mountd
100005 2 tcp 606 mountd
100005 3 udp 603 mountd
100005 3 tcp 606 mountd

B. NFS client configure for NFSv4 : -

$ yum install nfs-utils
$ mount -t nfs 10.65.211.12:/ /mounted/

Monday, December 20, 2010

Which desktop is used by my linux machine?

■ Requirement : Find which desktop is installed on linux
■ OS Environment : Linux[RHEL, Centos]
■ Implementation Steps : 

          Check the directory : /usr/share/xsessions. It has been defined there. You can also execute the following command to get the result.

$  find /usr/share/xsessions -name "*.desktop" -exec basename "{}" .desktop ";"
gnome


Saturday, November 13, 2010

How to convert from ext3 to ext2 file system?

■ Requirement : How to convert from ext3 to ext2 file system
■ OS Environment : Linux[RHEL, Centos]
■ Application: tune3fs
■ Assumption : FS is on /dev/hda and mounted on /home
■ Implementation Steps : 

1. Unmount file-system : 

$umount /dev/hda1

2. Now change the file system type to ext2 by typing the following command :

$ tune2fs -O ^has_journal /dev/hda1

3. Verify that there are no error:

$e2fsck -y /dev/hda1

4. Mount the file system to original mount point (for example /home or /mnt):

mount -t ext2 /dev/hda1 /home

5. Go to mount point and remove .journal file

$ rm -f .journal

How to convert ext2 to ext3 file system?

■ Requirement : How to convert ext2 to ext3 file system
■ OS Environment : Linux[RHEL, Centos]
■ Application: tune2fs
■ Implementation Steps : 

       The ext2 or second extended filesystem is a file system for the Linux kernel, and the ext3 is a journaled file system. The ext3’s main advantage over ext2 is journaling which improves reliability and eliminates the need to check the file system after an unclean shutdown. Journaling process file system log convert file system during disk, if any problem arise it will be reconstructed it will be done by tune2fs tune to ext3 file system,While the power failure occur, Journalism File system restore pre-crash data store on the disk. It will also restore unsaved data.

1. unmount hda1 and tune it by journel like :

2.  Enable journalling : 

$ tune2fs -c 0 -i 30 -j /dev/hda1

3. then mount it.

NOTE :
c : number of mounts after which the filesystem will be checked by e2fsck. If it's is 0 or -1, the number of times the filesystem is mounted will be disregarded by e2fsck and the kernel
i : Adjust the maximal time between two filesystem checks. Use it with c option.


Wednesday, November 10, 2010

How to enable swap space on xen VPS?

■ Requirement : Enable swap space on xen VPS
■ OS Environment : Linux[RHEL, Centos]
■ Application:mkswap
■ Implementation Steps : 

dd if=/dev/zero of=/swap bs=1024 count=1048576
$ mkswap /swap
$ chmod 0600 /swap

Edit /etc/fstab & put following entry :

/swap swap swap defaults,noatime 0 0

$swapon -a
$ free -m

Tuesday, November 9, 2010

Why I did encounter error " ftp: connect: Connection refused" ?

■  Error  : "ftp: connect: Connection refused"
■ OS Environment : Linux[RHEL, Centos]
■ Application: pure-ftpd, iptables
■ Resolution : 

    If you get this type of error message, please check the server's firewall first. I have faced this error message during connecting to the FTP server. In my case, passive ports ranges were not enabled in the FTP and iptables firewall.

PassivePortRange 30000 50000

Add the above line in the ftp configuration file,

Enable them in the iptables like :

iptables -A INPUT -p tcp --destination-port 30000:50000 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 30000:50000 -j ACCEPT

Execute following commands 

$service iptables save
$ service iptables restart
$ /etc/init.d/pure-ftpd restart

       Another important point is that you may connect to the server through "active mode [server will connect to the client]" through the FTP client(like filezilla). Just enable the option a the FTP client and retry to connect.

Monday, November 8, 2010

How to stop core file generation in the server from php?

■ Requirement : stop core file generation in the server from php
■ OS Environment : Linux[RHEL, Centos]
■ Application: ulimit
■ Implementation Steps : 

          A core file records memory image of running process.when a php process is killed, apache creates core files under your account.These core files take too much of space on server.There is no harm on deleting these files.You can get rid off these core files by modifying the httpd start up file.

Edit /usr/sbin/httpd and make ulimit like below :

ulimit -c 0 



eth0 errors +WARNINGS packets is + outside range

■ Error : eth0 error "WARNINGS: packets is outside range"
■ OS Environment : Linux[RHEL, Centos]
■ Application: ethtool
■ Symptom  :

  Following messages had been received from munin monitoring service :

eth0 errors
WARNINGs: packets is 1.52 (outside range [:1]).

■  Investigation : 
            My basic concept is, either eth0 is being overloaded or isn't compatible with kernel or OS. So, I checked the settings of the eth0 and RX(receive) and TX(transmit) packet errors and I found that there is error at RX. It looks like below :

$ethtool eth0
[...]
RX packets:162432463 errors:3770202 dropped:0 overruns:0
frame:3770202
TX packets:258975594 errors:0 dropped:0 overruns:0 carrier:0
[....]

You can use other commands to check the continuous traffic statistics of the card like :

$ watch -n 1 cat /proc/net/dev
$ sar -n DEV|more
$ netstat -plan --interfaces=eth0

I contacted the owner of the server and he assured me that the maximum speed of the NIC is 1GB/sec.

■ Resolution :

Increased speed to 1 Gbs. 

$ethtool -s eth0 speed 1000 duplex full

Sunday, November 7, 2010

How to access the webalizer from the outside of the cpanel?

■ Requirement : How to access the webalizer from the outside of the cpanel
■ OS Environment : Linux[RHEL, Centos]
■ Application:cpanel
■ Assumption : domain is domain.com
■ Implementation Steps : 

$ /scripts/whoowns domain.com
domain
$  cd ~domain
$ cd public_html/
$ pwd
/home/domian/public_html
$ ln -s /home/domian/tmp/webalizer stats
$ chown domain. stats
$ chmod 755 ~domain/tmp -R

Now access http://domain.com/stats

Thursday, November 4, 2010

How to change admin password in the table of the mysql database?

■ Requirement : How to change admin password in the table of the mysql database
■ OS Environment : Linux[RHEL, Centos]
■ Application: mysql
■ Implementation Steps : 


mysql> update agb_book_auth set password=MD5("newwpass") where username="admin";

Where table agb_book_auth contains admin and password attributes.

OR :

mysql> update wp_users set user_pass = 'b15a2021cb835426552c5d8599d5c7ab' where user_login = 'admin';
mysql> flush privileges;


Plesk configuration files path + linux?

■ Requirement :  Location of plex configuration files
■ OS Environment : Linux[RHEL, Centos]
■ Application:plex
■ Implementation Steps : 

Here are the paths :

Plesk Config & Binary file

Linux :

===========================================================
# Plesk tree
PRODUCT_ROOT_D - /usr/local/psa
==================================================
# Directory of SysV-like Plesk initscripts
PRODUCT_RC_D - /etc/init.d

/etc/psa/psa.conf // common config file
/etc/psa/.psa.shadow // admin password file
/var/log // common log file
/etc/local/psa/admin/logs //plesk log file
================================================

# Directory for config files
PRODUCT_ETC_D - /usr/local/psa/etc
================================================

# Virtual hosts directory
HTTPD_VHOSTS_D - /var/www/vhosts
/var/www/vhosts//anon_ftp , cgi-bin, conf, error_docs , httpdocs, httpsdocs , pd , private , statistics-->/logs(domain logs), subdomains , web

Domain based httpd.conf file:- /var/www/vhosts/
conf/httpd.include
Doc root : /var/www/vhosts/
/httpdocs
===============================================

# Apache configuration files directory
HTTPD_CONF_D - /etc/httpd/conf/httpd.conf //server based
/var/www/vhosts/
conf/httpd.include // domain based
------------------------------------------------------------------------------------------------------------
# Apache include files directory
HTTPD_INCLUDE_D - /etc/httpd/conf.d/mailman.conf , perl.conf, python.conf , webalizer.conf, zz010_psa_httpd.conf, fcgid.conf, manual.conf , php.conf, ssl.conf, welcome.conf
------------------------------------------------------------------------------------------------------------
# Apache binary files directory
HTTPD_BIN_D - /usr/bin
--------------------------------------------------------------------------------------------------------------
#Apache log files directory
HTTPD_LOG_D - /var/log/httpd
-----------------------------------------------------------------------------------------------------------
#apache startup script
HTTPD_SERVICE httpd
/etc/init.d/httpd [start|stop|restart|status]


================================================

# Qmail directory
QMAIL_ROOT_D /var/qmail

# Location of qmail maildirs
QMAIL_MAILNAMES_D /var/qmail/mailnames/
/var/qmail/mailnames/
/mail a/c/Maildir/new,cur,tmp
# Path to rblsmtpd
RBLSMTPD /usr/sbin/rblsmtpd

# Courier-IMAP
COURIER_IMAP_ROOT_D /

/etc/init.d/qmail [status,start,stop,restart] //service control

================================================
# Proftpd
FTPD_CONF /etc/proftpd.conf
FTPD_CONF_INC /etc/proftpd.include
FTPD_BIN_D /usr/bin
FTPD_VAR_D /var/run/proftpd
FTPD_SCOREBOARD /var/run/proftpd/scoreboard

Log file :- /var/log/xferlog
Service control :- /etc/init.d/proftpd [start,stop,status,restart]
================================================
# Bind
NAMED_RUN_ROOT_D /var/named/run-root/etc/named.conf
/var/named/run-root/var/
// db record

Service control :- /etc/init.d/named [status,start,stop,restart]
log:- /var/log/messages
===============================================

# Webalizer
WEB_STAT /usr/bin/webalizer
===============================================
# Logrotate
LOGROTATE /usr/local/psa/logrotate/sbin/logrotate
===============================================
# MySQL
MYSQL_VAR_D /var/lib/mysql
MYSQL_BIN_D /usr/bin

Service control:- /etc/rc.d/init.d /mysqld [start,stop,restart,status]
log :- /var/log/messages
===============================================
# PostgreSQL
PGSQL_DATA_D /var/lib/pgsql/data
PGSQL_BIN_D /usr/bin
===============================================
# Backups directory
DUMP_D /var/lib/psa/dumps
===============================================
# Mailman directories
MAILMAN_ROOT_D /usr/lib/mailman
MAILMAN_VAR_D /var/lib/mailman
===============================================
# Python binary
PYTHON_BIN /usr/bin/python2.3

# Tomcat root directory
CATALINA_HOME /usr/share/tomcat5

# DrWeb
DRWEB_ROOT_D /opt/drweb
DRWEB_ETC_D /etc/drweb

# GnuPG binary
GPG_BIN /usr/bin/gpg

# Tar binary
TAR_BIN /bin/tar
===============================================
# Curl certificates
CURL_CA_BUNDLE_FILE /usr/share/curl/curl-ca-bundle.crt
=========================================================
# AWStats
AWSTATS_ETC_D /etc/awstats
AWSTATS_BIN_D /var/www/cgi-bin/awstats
AWSTATS_TOOLS_D /usr/share/awstats
AWSTATS_DOC_D /var/www/html/awstats
===============================================
# openssl binary
OPENSSL_BIN /usr/bin/openssl

LIB_SSL_PATH /lib/libssl.so
LIB_CRYPTO_PATH /lib/libcrypto.so

CLIENT_PHP_BIN /usr/local/psa/bin/php-cli
--------------------------------------------------------------------------------------------------
Psa Spammasion:-
/usr/local/psa/admin/bin/spamd --status
--stop
--start
--------------------------------------------------------------------------------------------------


How to delete file using inode number?

■ Requirement : How to delete file using inode number
■ OS Environment : Linux[RHEL, Centos]
■ Application: find, inode
■ Implementation Steps : 

To view the inode number :

$ ls -il

Assume indoe is 782263 :

Delete file which has inode  782263 :

$ find . -inum 782263 -exec rm -f {} \;




Wednesday, November 3, 2010

How to setup loop device?

■ Requirement : How to setup loop device?
■ OS Environment : Linux[RHEL, Centos]
■ Implementation Steps : 

         In Unix-like operating systems, a loop device, vnd (vnode disk), or lofi (loopback file interface) is a pseudo-device that makes a file accessible as a block device.


$losetup /dev/loop0 example.img
$ mount /dev/loop0 /home/you/dir


     The second command mounts the device on the directory /home/you/dir. The overall effect of executing these two commands is that the content of the file is used as a file system rooted at the mount point.

The mount utility is usually capable of handling the entire procedure:

mount -o loop example.img /home/you/dir

a fatal error or timeout occurred while processing this directive while accessing cpanel

■ Error : a fatal error or timeout occurred while processing this directive during accessing  cpanel
■ OS Environment : Linux[RHEL, Centos]
■ Symptom : 

Just check the cpanel log file and you'll get the clue from there. I got following messages :

$  tail -f /usr/local/cpanel/logs/error_log

[2010-11-03 15:16:46 -0700] warn [branding::include] Encountered error in branding::include: Branding::include(index.html) failed: can't write into /home/j279259/.cpanel/nvdata.cache: Disk quota exceeded at /usr/local/cpanel/Cpanel/NVData.pm line 60

■ Solution :

Increased disk space


How to use strace command in linux?

■ Requirement : strace usage
■ OS Environment : Linux[RHEL, Centos]
■ Application: strace 
■ Implementation Steps :  

             strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.

Arguments and returned value :

Each line in the trace contains the system call name, followed by its arguments in parentheses and its return value. An example from stracing the command ''cat /dev/null'' is:

open("/dev/null", O_RDONLY) = 3

Errors (typically a return value of -1) have the errno symbol and error string appended.

open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory)


Examples :

strace -s ls
strace -o output_file ls
strace -o outputfile -d ls
strace -e expr

like
strace -e trace=set
strace -e trace=open
strace -e trace=read
strace -e trace=file
strace -e trace=process
strace -e trace=network
strace -e trace=signal
strace -e trace=ipc
strace -e trace=desc //descriptors
strace -e read=set

For example, to see all input activity on file descriptors 3 and 5 use
-e read=3,5
For example, to see all output activity on file descriptors 3 and 5 use
-e write=3,5

-p pid //Attach to the process with the process ID pid and begin tracing

example : strace -e trace=network -p 4009

-u username //Run command with the user ID , group ID , and supplementary groups of username
===============

Special Use :

==================
1. Find out which config files a program reads on startup :-

strace php 2>&1 | grep php.ini
strace -e open php 2>&1 | grep php.ini

2. Why does this program not open my file?

$ strace -e open,access 2>&1 | grep your-filename

Look for an open() or access() syscall that fails

3. What is that process doing RIGHT NOW?

Ever had a process suddenly hog lots of CPU? Or had a process seem to be hanging?

strace -p 15427

4. What is taking time?

strace -c -p 11084

5. Can't I connect to that server?

strace -e poll,select,connect,recvfrom,sendto nc www.yahoo.com 80
================

Note :

-------------------------
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d' //
List processes by % cpu usage

ps -C firefox-bin -L -o pid,tid,pcpu,state //
List all threads for a particular process

watch -n.1 'cat /proc/interrupts' //
Watch changeable data continuously
--------------------------

How to view binary file in linux?

Guys,

Ans :

====
hexdump /bin/ps //in hexadecimal format
od /bin/ps //in octal format
strings /bin/ps //in human readable
====

check :)

What's the exact path of system call functions in linux?

■ Requirement : What's the exact path of system call functions in linux?
■ OS Environment : Linux[RHEL, Centos]
■ Solution  : 
            Where are the system call fuctions stored : /usr/src/linux/kernel/sys_call.S many of the system calls can be found in /usr/src/linux/kernel/sys.c Some system calls, like fork, have their own source file (e.g., kernel/fork.c).


How to load new shared libraries on linux?

■ Requirement : How to load new shared libraries on linux
■ OS Environment : Linux[RHEL, Centos]
■ Assumption : adding pgsql libs
■ Implementation Steps : 

1. As root, edit file /etc/ld.so.conf. Add a line like /usr/local/pgsql/lib
2. Then run command :

$  /sbin/ldconfig

3.In a bash shell, type :

$ export LD_LIBRARY_PATH=/usr/local/pgsql/lib

4. In a csh shell, type

$ setenv LD_LIBRARY_PATH /usr/local/pgsql/lib

Monday, November 1, 2010

How to install tcpwrapper on linux server?

Guys,

Ans : yum install tcpd

Or From sources :

#Download (HTTP): http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.tar.gz
#Download (FTP): ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz
Download MD5 sum: e6fa25f71226d090f34de3f6b122fb5a

#Additional Downloads
Required Patch (Fixes some build issues and adds building a shared library): http://www.linuxfromscratch.org/patches/blfs/svn/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch


Installation of TCP Wrapper

Install TCP Wrapper with the following commands:

patch -Np1 -i ../tcp_wrappers-7.6-shared_lib_plus_plus-1.patch &&
sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c &&
make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux

This package does not come with a test suite.

Now, as the root user:

make install

Note : sed -i -e ... scaffold.c: This command removes an obsolete C declaration which causes the build to fail if using GCC >= 3.4.x.

that's it :)

Secure Linux Using TCP Wrappers or Protect the daemons using TCP wrappers on Linux??

Guys,

TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .

Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.

When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:

1. It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.

2. It checks the /etc/hosts.deny file and if a matching rule is found, it deny's the connection.

Points to remember

Rules in hosts.allow takes precedence over rules in hosts.deny . Which means if a matching rule is found in hosts.allow file, the remote_mc is allowed access to the service even if there is a matching deny rule in hosts.deny file.
You can have only one rule per service in hosts.allow and hosts.deny file.
If there are no matching rules in either of the files or if the files don't exist, then the remote_mc is allowed access to the service.
Any changes to hosts.allow and hosts.deny file takes immediate effect.

Rule Syntax
The syntax for both hosts.allow and hosts.deny file takes the following form:

daemon : client [:option1:option2:...]

Where daemon can be a combination of ssh daemon, ftp daemon, portmap daemon and so on. Basically any service which has support for libwrap.a library compiled into it is a good candidate for utilizing the services of TCP Wrappers.

client is a comma separated list of hostnames, host IP addresses, special patterns or special wildcards which identify the hosts effected by that rule.

options is an optional action like say sending mail to the administrator when this rule is matched, log to a particular file and so on. It can be a colon separated list of actions too.

Examples of using TCP Wrappers

I want to allow SSH access to hosts in a particular domain say xyz.com and deny access to all the others. I enter the following rule in the hosts.allow file.

sshd : .xyz.com

... and in the hosts.deny file I include the rule:

sshd : ALL

The next rule denys FTP access to all the hosts in the abc.co.in domain as well as hosts in the 192.168.1.0 network.

#FILE: /etc/hosts.deny
vsftpd : 192.168.1. , .abc.co.in : spawn /bin/echo `/bin/date` access denied >> /var/log/vsftpd.log : deny

The backslash (\) in the above rule is used to break the line and prevents the failure of the rule due to length.

spawn and deny are options. Spawn launches a shell command as a child process. In the above rule, spawn logs a message to the vsftpd log file each time the rule matches. deny is optional if you are including this rule in the hosts.deny file.

Note: The last line in the files hosts.allow and hosts.deny must be a new line character. Or else the rule will fail.
For example, you can use spawn option to send mail to the admin when ever a deny rule is matched.

Wildcards :-

You can use wildcards in the client section of the rule to broadly classify a set of hosts. These are the valid wildcards that can be used.

ALL - Matches everything
LOCAL - Matches any host that does not contain a dot (.) like localhost.
KNOWN - Matches any host where the hostname and host addresses are known or where the user is known.
UNKNOWN - Matches any host where the hostname or host address are unknown or where the user is unknown.
PARANOID - Matches any host where the hostname does not match the host address.
Patterns

You can also use patterns in the client section of the rule . Some examples are as follows:

ALL : .xyz.com

Matches all hosts in the xyz.com domain . Note the dot (.) at the beginning.

ALL : 123.12.

Matches all the hosts in the 123.12.0.0 network. Note the dot (.) in the end of the rule.

ALL : 192.168.0.1/255.255.255.0

IP address/Netmask can be used in the rule.

ALL : *.xyz.com

Asterisk * matches entire groups of hostnames or IP addresses.

sshd : /etc/sshd.deny

If the client list begins with a slash (/), it is treated as a filename. In the above rule, TCP wrappers looks up the file sshd.deny for all SSH connections.

sshd : ALL EXCEPT 192.168.0.15

If the above rule is included in the /etc/hosts.deny file, then it will allow ssh connection for only the machine with the IP address 192.168.0.15 and block all other connections. Here EXCEPT is an operator.

Note: If you want to restrict use of NFS and NIS then you may include a rule for portmap . Because NFS and NIS depend on portmap for their successful working. In addition, changes to portmap rules may not take effect immediately.

Suppose I want to log all connections made to SSH with a priority of emergency. See my previous post to know more on logging. I could do the following:

sshd : .xyz.com : severity emerg

Note: You can use the options allow or deny to allow or restrict on a per client basis in either of the files hosts.allow and hosts.deny

in.telnetd : 192.168.5.5 : deny
in.telnetd : 192.168.5.6 : allow

Shell Commands :-


As mentioned above, you can couple the rules to certain shell commands by using the following two options.

spawn - This option launches a shell command as a child process. For example, look at the following rule:

sshd : 192.168.5.5 : spawn /bin/echo `/bin/date` from %h >> /var/log/ssh.log : deny

Each time the rule is satisfied, the current date and the clients hostname %h is appended to the ssh.log file.

twist - This is an option which replaces the request with the specified command. For example, if you want to send to the client trying to connect using ssh to your machine, that they are prohibited from accessing SSH, you can use this option.

sshd : client1.xyz.com : twist /bin/echo "You are prohibited from accessing this service!!" : deny

When using spawn and twist, you can use a set of expressions. They are as follows :
%a — The client's IP address.
%A — The server's IP address.
%c — Supplies a variety of client information, such as the username and hostname, or the username and IP address.
%d — The daemon process name.
%h — The client's hostname (or IP address, if the hostname is unavailable).
%H — The server's hostname (or IP address, if the hostname is unavailable).
%n — The client's hostname. If unavailable, unknown is printed. If the client's hostname and host address do not match, paranoid is printed.
%N — The server's hostname. If unavailable, unknown is printed. If the server's hostname and host address do not match, paranoid is printed.
%p — The daemon process ID.
%s — Various types of server information, such as the daemon process and the host or IP address of the server.
%u — The client's username. If unavailable, unknown is printed.

Try :)

Saturday, October 30, 2010

Fatal error: Out of memory (allocated +) (tried to allocate + bytes) ?

Guys,

Please increase the memory size in php.ini file. If it does not work just put following directives in the httpd.conf file and restart apache :

====
RLimitMEM 447392422
RLimitCPU 240
====

You may have increased the RLimitMEM size since above has in bytes.

OR : You can set -1 at ini_set('memory_limit', '-1'); This has in the configuration file of the script.

Try :)

Thursday, October 28, 2010

DATABASE ERROR: CONNECTION FAILED! + roundcube

Guys,

If you get this error just rectify the login details in the /usr/local/cpanel/base/roundcube/config/db.inc.php file since it's clear the DB connection error.

Example :

------
root@2red [/usr/local/cpanel/base/roundcube]# cat config/db.inc.php | grep roundcube
$rcmail_config['db_dsnw'] = 'mysql://roundcube:DB_PASSWORDlocalhost/roundcube';
// postgres example: 'pgsql://roundcube:pass@localhost/roundcubemail';
root@2red [/usr/local/cpanel/base/roundcube]#
------

PS: Name of the roundcube database : roundcube
DB username : roundcube
DB password : DB_PASSWORD //it has in /root/.my.cnf file

Also give grant privileges to that db.

That's it try :)

How to install roundcube in the cpanel server?

Guys,

I referred the following steps :

-----------
cd /usr/local/cpanel/base
rm -rf roundcube*
mysql -p -e 'drop database roundcube';
chattr -i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr -i /usr/local/cpanel/base/webmaillogin.cgi
/scripts/upcp

cd /usr/local/cpanel/base
wget http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.4.2/roundcubemail-0.4.2.tar.gz/download
tar -zxvf roundcube.tar.gz
rm -rf roundcube.tar.gz
mv -f roundcubemail-0.1-rc1 roundcube
cd roundcube
chmod -R 777 temp
chmod -R 777 logs
-----------
mysql -e "CREATE DATABASE roundcube;" -pDATABASEPASSWORD
mysql -e "use roundcube; source SQL/mysql.initial.sql;" -pDATABASEPASSWORD


Now lets sort out the configuration


cd config
mv db.inc.php.dist db.inc.php
mv main.inc.php.dist main.inc.php

Now open db.inc.php

nano db.inc.php

Find

$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';


Replace with

$rcmail_config['db_dsnw'] = 'mysql://root:DATABASEPASSWORD@localhost/roundcube';



Now Open main.inc.php

nano main.inc.php

Find

$rcmail_config['default_host'] = '';


Replace with

$rcmail_config['default_host'] = 'localhost';
-----------
Now we have to configure cPanel to show roundcube in the theme. Please note this is for the X theme(default) only!! If you use another theme please skip the next part and see below.

cd /usr/local/cpanel/base/roundcube/skins/default/images/
cp --reply=yes roundcube_logo.png /usr/local/cpanel/base/frontend/x/images/roundcube_logo.png
cp --reply=yes roundcube_logo.png /usr/local/cpanel/base/webmail/x/images/roundcube_logo.png
cd /usr/local/cpanel/base
wget http://www.hostgeekz.com/files/hostgeekz/HGpatch-roundcube-0.1-rc1
patch -p0 < HGpatch-roundcube-0.1-rc1
----------

chattr +i /usr/local/cpanel/base/frontend/x/webmaillogin.html
chattr +i /usr/local/cpanel/base/webmaillogin.cgi
-----------

try.

Sunday, October 24, 2010

How to migrate Plesk data manually with Plesk Migration Manager?

Manually migration?

[How to] How to migrate Plesk data manually with Plesk Migration Manager?
Article ID: 1152
Last Review: Nov,24 2009 Author: Bezborodova Anastasiya
Last updated by: Bezborodova Anastasiya APPLIES TO:
Plesk 8.x for Linux/Unix
Plesk 9.x for Linux/Unix
Resolution
To do this follow the steps below:

1. Upload migration agent and modules to the source server. For example for Parallels Plesk Panel, there are two folders: /usr/local/psa/PMM/agents/shared and /usr/local/psa/PMM/agents/PleskX. Use the command below to copy the Migration Manager:

destination ~# scp -r /usr/local/psa/PMM/agents/shared/* /usr/local/psa/PMM/agents/PleskX/* root@source:/temporary_migration_directory/

2. Login to source server and change to directory /temporary_migration_directory.
Run migration agent (PleskX.pl) with parameter --help to get all available options of the migration agent. Start dumping with options you need. For example:

source ~# cd /temporary_migration_directory
temporary_migration_directory ~# chmod 755 PleskX.pl
temporary_migration_directory ~# ./PleskX.pl --dump-all

3. This will create dump configuration file dump.xml and content dump archives in current directory /temporary_migration_directory.

4. On the destination server create directory /work_dir and copy file dump.xml from /temporary_migration_directory to it.:

source ~# scp /temporary_migration_directory/dump.xml root@destination:/work_dir/

5. On destination Parallels Plesk Panel 8 create subdirectory /work_dir/archives and copy other content dump files to this directory:

source ~# scp -r /temporary_migration_directory/* root@destinationPPP8:/work_dir/archives/

On destination Parallels Plesk Panel 9 dump.xml and all other content files should locate in the same directory. So copy all other files into /work_dir/:

source ~# scp -r /temporary_migration_directory/* root@destinationPPP9:/work_dir/

6. Deploy the data through Parallels Plesk Panel GUI.

Login to Parallels Plesk Panel (PPP) as administrator and change to the Migration Manager page. The page is Server -> Migration Manager in PPP version 8.x and Home -> Migration Manager in PPP version 9.x

Click button "Start a new migration" and choose "Data import" in PPP version 8.x or "Transfer data already processed by the migration agent and located on the local host." in PPP version 9.x.

In version 8.x pay attention for choosing correct Working directory for the data importing, it should the directory where you put the data to be restored (/work_dir).
In version 9.x put location of dump.xml file in the "Migration data file location" field. It should be /work_dir/dump.xml.

Additional information
In Parallels Plesk Panel version 9 restoration logs of manual migration are located on page Backup Manager at Home -> Backup Manager. So that is normal that you you see the Home page after specifying "Migration data file location" and click Next.


try :)

How to reduce server's load?

You can refer following steps to deal with to reduce server's load :

=======
1 )netstat -plan | grep :80 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n

2) netstat -plan | grep :25 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n

3) pstree -paul

4) cd /tmp

5) rm -f dos-* sess_* .spamassassin*

6) find . -user nobody -exec rm -f '{}' \;

7) ps -C exim -fH ewww

8) ps -C exim -fH eww |grep home

9) netstat -ntu | grep ':' | awk '{print $5}' | awk '{sub("::ffff:","");print}' | cut -f1 -d ':' | sort | uniq -c | sort -n

10) mysqladmin proc |grep Sleep |awk {'print $4'}|cut -d_ -f 1|sort|uniq -c|sort -nk 1

11) ps -C exim -fH ewww

12) for i in `ipcs -s | awk '{print $2}'`; do (ipcrm -s $i); done

13) for i in `mysqladmin proc |grep Sleep |cut -d " " -f 2`; do mysqladmin kill $i; done

14) exim -bp |grep "*** frozen ***" |awk '{print $3}' |xargs exim -Mrm

15) exiqgrep -z -i | xargs exim -Mrm;exiqgrep -o 432000 -i | xargs exim -Mrm
=======

Try :)

How to check server's resource usage?

You can use following script :

======
root@magneto [/var/log]# cat resusage.sh
#!/bin/bash
top -b -c -n 1 >topresult
while read line
do
awk '{if( $9 >= 20 ) print $2 ":" $9 ":" $12 }' $line
done <"topresult"
root@magneto [/var/log]

cron :

* * * * * /bin/bash /var/log/resusage.sh 1>>/var/log/server_resusagewq.log

========================
flush log :

root@magneto [/var/log]# cat flush_server_resusage.sh
#!/bin/bash

rm -f /var/log/server_resusage.log
touch /var/log/server_resusage.log
echo "===================`date`===================" >>/var/log/server_resusage.log
root@magneto [/var/log]#

cron :
0 1 * * * /bin/bash /var/log/flush_server_resusage.sh

=========================

try :)
======

How to login into the server using bash script?

Here is the script :

===
#!/bin/bash

HOST="remote-hostname"
USER="remote-user"
PASS="remore-user-password"
CMD=$@

VAR=$(expect -c "
spawn ssh -o StrictHostKeyChecking=no $USER@$HOST $CMD
match_max 100000
expect \"*?assword:*\"
send -- \"$PASS\r\"
send -- \"\r\"
expect eof
")
echo "==============="
echo "$VAR"
===

Try :)

How to recursively change the permission of the files?

Use the following commands :

----------
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
----------

Try :)

How to get system information using bash script?

Here is the script that you can use :

--------
#!/bin/bash
# grabsysinfo.sh - A simple menu driven shell script to to get information about your
# Linux server / desktop.
# Author: Vivek Gite
# Date: 12/Sep/2007

# Define variables
LSB=/usr/bin/lsb_release

# Purpose: Display pause prompt
# $1-> Message (optional)
function pause(){
local message="$@"
[ -z $message ] && message="Press [Enter] key to continue..."
read -p "$message" readEnterKey
}

# Purpose - Display a menu on screen
function show_menu(){
date
echo "---------------------------"
echo " Main Menu"
echo "---------------------------"
echo "1. Operating system info"
echo "2. Hostname and dns info"
echo "3. Network info"
echo "4. Who is online"
echo "5. Last logged in users"
echo "6. Free and used memory info"
echo "7. exit"
}

# Purpose - Display header message
# $1 - message
function write_header(){
local h="$@"
echo "---------------------------------------------------------------"
echo " ${h}"
echo "---------------------------------------------------------------"
}

# Purpose - Get info about your operating system
function os_info(){
write_header " System information "
echo "Operating system : $(uname)"
[ -x $LSB ] && $LSB -a || echo "$LSB command is not insalled (set \$LSB variable)"
#pause "Press [Enter] key to continue..."
pause
}

# Purpose - Get info about host such as dns, IP, and hostname
function host_info(){
local dnsips=$(sed -e '/^$/d' /etc/resolv.conf | awk '{if (tolower($1)=="nameserver") print $2}')
write_header " Hostname and DNS information "
echo "Hostname : $(hostname -s)"
echo "DNS domain : $(hostname -d)"
echo "Fully qualified domain name : $(hostname -f)"
echo "Network address (IP) : $(hostname -i)"
echo "DNS name servers (DNS IP) : ${dnsips}"
pause
}

# Purpose - Network inferface and routing info
function net_info(){
devices=$(netstat -i | cut -d" " -f1 | egrep -v "^Kernel|Iface|lo")
write_header " Network information "
echo "Total network interfaces found : $(wc -w <<<${devices})"

echo "*** IP Addresses Information ***"
ip -4 address show

echo "***********************"
echo "*** Network routing ***"
echo "***********************"
netstat -nr

echo "**************************************"
echo "*** Interface traffic information ***"
echo "**************************************"
netstat -i

pause
}

# Purpose - Display a list of users currently logged on
# display a list of receltly loggged in users
function user_info(){
local cmd="$1"
case "$cmd" in
who) write_header " Who is online "; who -H; pause ;;
last) write_header " List of last logged in users "; last ; pause ;;
esac
}

# Purpose - Display used and free memory info
function mem_info(){
write_header " Free and used memory "
free -m

echo "*********************************"
echo "*** Virtual memory statistics ***"
echo "*********************************"
vmstat
echo "***********************************"
echo "*** Top 5 memory eating process ***"
echo "***********************************"
ps auxf | sort -nr -k 4 | head -5
pause
}
# Purpose - Get input via the keyboard and make a decision using case..esac
function read_input(){
local c
read -p "Enter your choice [ 1 - 7 ] " c
case $c in
1) os_info ;;
2) host_info ;;
3) net_info ;;
4) user_info "who" ;;
5) user_info "last" ;;
6) mem_info ;;
7) echo "Bye!"; exit 0 ;;
*)
echo "Please select between 1 to 7 choice only."
pause
esac
}

# ignore CTRL+C, CTRL+Z and quit singles using the trap
trap '' SIGINT SIGQUIT SIGTSTP

# main logic
while true
do
clear
show_menu # display memu
read_input # wait for user input
done
--------

PS: Please note that Vivek Gite has written this script and you can modify as per your choice.

Try :)

Meaning of special characters in bash scripting?

Guys, You can refer the following information for the bash scripting :

===========
1. Basic : Special charecter :
# --> to comment
; --> command separator.
;; --> terminator, used after "case".

like :

case "$variable" in
abc) echo "\$variable = abc" ;;
xyz) echo "\$variable = xyz" ;;
esac
----------
. --> used to create hidden file and denotes current directory.
" -->partial quoting.
' --> full quoting.
\ -->escape [backslash]
/ -->Filename path separator [forward slash]
` -->command substitution. The `command` construct makes available the output of command for assignment to a variable.
: -->null command [colon]
! --> reverse
* -->wild card [asterisk] and arithmetic multiplication.
$ -->Variable substitution (contents of a variable) and end-of-line.
${} --> Parameter substitution.
$*, $@ --> positional parameters.
$$ -->process ID variable.
{} --> Block of code.

{} --> placeholder for text. ex : ls . | xargs -i -t cp ./{} $1
{} \; --> pathname.
[ ] -->test, array element,range of characters.
> &> >& >> < <> --> redirection.

Example :

scriptname >filename redirects the output of scriptname to file filename. Overwrite filename if it already exists.

command &>filename redirects both the stdout and the stderr of command to filename.

command >&2 redirects stdout of command to stderr.

scriptname >>filename appends the output of scriptname to file filename. If filename does not already exist, it is created.

\<, \> --> word boundary , ex : bash$ grep '\' textfile
| --> pipe , echo ls -l | sh

>| --> force redirection

|| and & , && --> logical operator, & = Run job in background
- --> option, ls -al
^ --> beginning-of-line
Ctl-A -->Moves cursor to beginning of line of text (on the command-line).
Ctl-b -- >Backspace
Ctl-E -->Moves cursor to end of line of text (on the command-line).
Ctl-C -->Break. Terminate a foreground job.
Ctl-D -->Log out from a shell
Ctl-F -->Moves cursor forward one character position (on the command-line).
Ctl-B -->Moves cursor backward one character position (on the command-line).
Ctl-H -->Erases characters the cursor backs over while backspacing.
Ctl-I -->Horizontal t
Ctl-L --> clear the terminal screen
Ctl-P -->old command that has been executed.
Ctl-O -->Issues a newline (on the command-line).
Ctl-y --> PASTE
===========

Try to test :)

How to create fork bomb?

Here is the script to create fork bomb on linux machine.

Please note that once you execute this script, the load of the server will be automatically increased and it'll be hanged.

--------
---
#/bin/sh
$0 &
$0
---
--------

Prevention : http://www.cyberciti.biz/tips/linux-limiting-user-process.html

Try :)

Who is using more cpu resources on the linux server?

Guys, Here is the script that you can use :

----
This script is used to identify overloading script (http & non-http scripts)...

----
#!/bin/bash

echo
echo "Date/Time CPU% ProcessID ScriptPath"
echo =======================================================================
ps auxw | grep -v root | grep -v /mysql/ | awk '{printf "%d %d\n",$2,$3}' | \
( while read psid cpu; do

if [ $cpu -gt 2 ]; then
lsof -p $psid | grep /home | grep -v sess_ | awk '{print $9}' | \
( while read script_path; do

date +"%m/%d/%Y %H:%M:%S $cpu $psid $script_path"
date +"%m/%d/%Y %H:%M:%S,$cpu,$psid,$script_path" >> /root/sshd-script-overload.log
#mail -s "DDOS ALRT: ESTAB atk on domain.com from $ips ($num conn). Atkr blocked." root < /dev/null > /dev/null

done
)

fi
done

)
echo
----

try :)

How to send mail using bash script?

You can use following script to send mail(Pls change the e-mail address and its content)
--------
#!/bin/bash
# script to send simple email
# email subject
SUBJECT="SET-EMAIL-SUBJECT"
# Email To ?
EMAIL="admin@somewhere.com"
# Email text/message
EMAILMESSAGE="/tmp/emailmessage.txt"
echo "This is an email message test"> $EMAILMESSAGE
echo "This is email text" >>$EMAILMESSAGE
# send an email using /bin/mail
/bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
-------

try :)

Addition, multiplication etc in bash script?

========
#!/bin/bash
x=5 # initialize x to 5
y=3 # initialize y to 3

add=$(($x + $y)) # add the values of x and y and assign it to variable add
sub=$(($x - $y)) # subtract the values of x and y and assign it to variable sub
mul=$(($x * $y)) # multiply the values of x and y and assign it to variable mul
div=$(($x / $y)) # divide the values of x and y and assign it to variable div
mod=$(($x % $y)) # get the remainder of x / y and assign it to variable mod
========

try :)

How to fetch line by line from the file using bash script?

Guys,

I used following scripts :

----
#!/bin/bash
while read line
do
echo-e "$ line \ n"
done ----

where file name is "file.txt".

Try :)

Convert mp4 file to flv ?

use following linux command :

--------
/usr/local/bin/mencoder "video.mp4" -o "video.flv" -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -srate 22050 -ofps 24 -vf harddup
--------

Input file name :video.mp4
Output file name : video.flv

try :)

How to convert mpg file to flv file using ffmpeg or mencoder?

Here are the steps those I once used :

=====
I converted the video using ffmpeg command line as below.
----------
ffmpeg -i lions.mpg lions-ffmpeg.flv
----------

PS: input file name : lions.mpg

The video was converted fine.

Then I converted the video using mencoder using the command mentioned below.

-------------
mencoder lions.mpg -o lions-mencoder.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -vf scale=450:400 -srate 22050
--------------

Then I generated a thumbnail using ffmpeg command mentioned below.

-------------
ffmpeg -i lions-ffmpeg.flv -ss 1 -t 00:00:01 -s 120x90 -r 1 -f mjpeg lions.jpg
-------------

Then I added meta data to the video.

-------------
flvtool2 -U -P lions-ffmpeg.flv
hasKeyframes: true
hasMetadata: true
duration: 9.976
cuePoints:
audiosamplerate: 44000
audiodatarate: 63.0167957356935
datasize: 482188
---------------
=====

Try :)

How to Install PAE kernel?

To install PAE kernel, use yum command:

1.
--------
yum install kernel-PAE
---------

Just reboot the server and make sure you boot with PAE kernel i.e. 2.6.18-8.1.15.el5PAE:

2.
---------
reboot
---------

First, update to the latest current kernel, then install the correct -devel package --

3.
---------
yum update kernel
yum install kernel-devel
---------

Finally, reboot and ensure that you are now running kernel-2.6.18-164.11.1.el5 by "uname -a" command.
===========

kernel-PAE-debuginfo rpm build for : RedHat EL 5. For other distributions click here.

Name : kernel-PAE-debuginfo

Version : 2.6.18
Vendor : Red Hat, Inc_
Release : 164.19.1.el5
Date : 2010-05-24 23:43:01
Group : Development/Debug
Source RPM : kernel-2.6.18-164.19.1.el5.src.rpm
Size : 409.63 MB


========
src :

http://rpm.pbone.net/index.php3/stat/4/idpl/14130160/dir/redhat_el_5/com/kernel-PAE-debuginfo-2.6.18-164.19.1.el5.i686.rpm.html
==========

Try :)

Friday, October 1, 2010

Can't connect to X11 window server using ':0.0' as the value of the DISPLAY variable

Guys, The steps didn't work on our server but it worked for some other guys.

=======
From one xterm run "su oracle-user" then run "export DISPLAY=localhost:0.0"
From another xterm run: "xhost +" and then from the first xterm run the installer.

$ xhost + # this allows any host to connect to the local X11 session
=======

Try :)

How to install oracle database 10g on linux server?

Guys, I referred following steps to do the same :


Oracle 10G Installations on linux 64 or 32 arch) :-

==========

1. Minimum Requirement 40 GB Hard disk and 512 RAM.
2. Check following latest packages has been installed on 32 bit linux machine :-

Note : Please note that try search in google like "download name + rpm". As an example : download Imlib _ + rpm. Then download latest rpm and use "rpm -Uvh package name " to install them. Always try download from pbone.com

.....................
Binutils-2.15.92.0.2-10.EL4
Compat-db-4.1.25-9
Control-center-2.8.0-12
Gcc-3.4.3-9.EL4
Gcc-c++-3.4.3-9.EL4
Glibc-2.3.4-2
Glibc-common-2.3.4-2
Gnome-libs-1.4.1.2.90-44.1
Libstdc++-3.4.3-9.EL4
Libstdc++-devel-3.4.3-9.EL4
Make-3.80-5
Pdksh-5.2.14-30
Sysstat-5.0.5-1
Xscreensaver-4.18-5.rhel4.2
libaio-0.3.9
.......................

3. For 64 bit architechture following packages must be there :

Note : please note that try search in google like "download name + x86_64.rpm". As an example : download Imlib _ x86_64.rpm. Then download latest rpm and use "rpm -Uvh package name " to install them. Always try download from pbone.com. It's very fast and reliable.

====
gcc-3.4.4-2.x86_64.rpm
gcc-c++-3.4.4-2.x86_64.rpm
Libstdc++-devel-3.4.4-2.x86_64.rpm
Cpp-3.4.4-2.x86_64.rpm
Glibc-devel-2.3.4-2.13.x86_64.rpm
Glibc-headers-2.3.4-2.13.x86_64.rpm
Glibc-kernheaders-2.4-9.1.98.EL.x86_64.rpm
gnome-libs-1.4.1.2.90-44.1.x86_64.rpm
Compat-db-4.1.25-9.x86_64.rpm
ORBit-0.5.17-14.x86_64.rpm
Gtk+-1.2.10-33.x86_64.rpm
Imlib-1.9.13-23.x86_64.rpm
Libpng10-1.0.16-1.x86_64.rpm
Gdk-pixbuf-0.22.0-16.el4.x86_64.rpm
Libungif-4.1.3-1.x86_64.rpm
sysstat-5.0.5-1.x86_64.rpm
====

3a). Make sure following Kernel parameters has been tuned :

=====
shmmax = 2147483648
shmmni = 4096
shmall = 2097152
shmseg = 10
semmsl = 250
semmns = 32000
semopm = 100
semmni = 128
file-max = 65536
ip_local_port_range = 1024 65000
rmem_default = 262144
rmem_max = 262144
wmem_default = 262144
wmem_max = 262144
=======

Run :
=======
/sbin/sysctl -p
=======

3b) Add the following lines to the /etc/security/limits.conf file:

==========
* soft nproc 2047
* hard nproc 16384
* soft nofile 1024
* hard nofile 65536
==========

Add the following line to the /etc/pam.d/login file, if it does not already exist:

==========
session required pam_limits.so
==========

Disable secure linux by editing the /etc/selinux/config file, making sure the SELINUX flag is set as follows:

=========
SELINUX=disabled
=========

4. Creating Oracle User Accounts :
As a root user :

=========
groupadd dba
groupadd oinstall
useradd -c "Oracle software owner" -g oinstall -G dba oracle
passwd oracle
=========

Note : //option -G : oracle is supplemntary user in the group dba

5. Creating directories :

=========
mkdir /u01/app /u01/app/oracle /u01/oradata
chown oracle:oinstall /u01/app /u01/app/oracle /u01/oradata
chmod 775 /u01/app /u01/app/oracle /u01/oradata
=========

6. Download the oracle database source file for 64 or 32 bit linux machine. Here is the site :

-----
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
-----

a). Download the Oracle 10g release 2 (10.2.0.1.0) software from Oracle website.
Extract the files using following command: For 32bit installation archive

cd /usr/local/src/

unzip 10201_database_linux32.zip

b) For 64bit installation archive

gunzip 10201_database_linux_x86_64.cpio.gz
cpio -idmv <10201_database_linux_x86_64.cpio

For RHEL 5, Centos 5: Modify database/install/oraparam.ini file and add "redhat-5" to "Certified Versions" section.
Example:

[Certified Versions]
Linux=redhat-3,SuSE-9,redhat-4,UnitedLinux-1.0,asianux-1,asianux-2,redhat-5

8. Login as root and issue the following command:

=======
xhost +
=======
Note : Either use only + or use mc ip where x windows has. + will search all attached mc where x windows has.

9. Login as the oracle user and add the following lines at the end of the .bash_profile file:

-----------------------
# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1; export ORACLE_HOME
ORACLE_SID=TSH1; export ORACLE_SID
ORACLE_TERM=xterm; export ORACLE_TERM
PATH=/usr/sbin:$PATH; export PATH
PATH=$ORACLE_HOME/bin:$PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
-------------

10. cd /home/oracle
. .bash_profile //activating current settings for oracle user

Installation :


11. Log into the oracle user. If you are using X emulation then set the DISPLAY environmental variable : like

........................
su - oracle
DISPLAY=:0.0; export DISPLAY

or : DISPLAY=localhost:0.0; export DISPLAY

You may have to execute as a oracle user :

export TMP=/oratmp
export TEMPDIR=/oratmp
..............


12. Start the Oracle Universal Installer (OUI) by issuing the following command in the database directory:

Go to database directory :

cd /usr/local/src/database
./runInstaller


13. You may see x11 windows could not find error. In that case make it sure that one x11 machine has connected to your server.

If it goes fine, try to proceed further to install oracle via GUI.
==============================

A) Post-Instalation Tasks : Auto Startup and Shutdown of Database and Listener :-

Login as root and modify /etc/oratab file and change last character to Y for apropriate database.

ORCL:$ORACLE_BASE/product/10.2.0/db_1:Y

As root user create new file "oracle" (init script for startup and shutdown the database) in /etc/init.d/ directory with following content:

===============
#!/bin/bash
#
# oracle Init file for starting and stopping
# Oracle Database. Script is valid for 10g and 11g versions.
#
# chkconfig: 35 80 30
# description: Oracle Database startup script

# Source function library.

. /etc/rc.d/init.d/functions

ORACLE_OWNER="oracle"
ORACLE_HOME="$ORACLE_BASE/product/10.2.0/db_1"

case "$1" in
start)
echo -n $"Starting Oracle DB:"
su - $ORACLE_OWNER -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME"
echo "OK"
;;
stop)
echo -n $"Stopping Oracle DB:"
su - $ORACLE_OWNER -c "$ORACLE_HOME/bin/dbshut $ORACLE_HOME"
echo "OK"
;;
*)
echo $"Usage: $0 {start|stop}"
esac
==============


Execute (as root) following commands (First script change the permissions, second script is configuring execution for specific runlevels):

chmod 750 /etc/init.d/oracle
chkconfig --add oracle --level 0356


2. Auto Startup and Shutdown of Enterprise Manager Database Control :-

As root user create new file "oraemctl" (init script for startup and shutdown EM DB Console) in /etc/init.d/ directory with following content:

================
#!/bin/bash
#
# oraemctl Starting and stopping Oracle Enterprise Manager Database Control.
# Script is valid for 10g and 11g versions.
#
# chkconfig: 35 80 30
# description: Enterprise Manager DB Control startup script

# Source function library.

. /etc/rc.d/init.d/functions

ORACLE_OWNER="oracle"
ORACLE_HOME="$ORACLE_BASE/product/10.2.0/db_1"

case "$1" in
start)
echo -n $"Starting Oracle EM DB Console:"
su - $ORACLE_OWNER -c "$ORACLE_HOME/bin/emctl start dbconsole"
echo "OK"
;;
stop)
echo -n $"Stopping Oracle EM DB Console:"
su - $ORACLE_OWNER -c "$ORACLE_HOME/bin/emctl stop dbconsole"
echo "OK"
;;
*)
echo $"Usage: $0 {start|stop}"
esac
===============


Execute (as root) following commands (First script change the permissions, second script is configuring execution for specific runlevels):

chmod 750 /etc/init.d/oraemctl
chkconfig --add oraemctl --level 0356

3. You may consider to use rlwrap for comfortable work with sqlplus and rman utility :-
RPM package for RedHat compatible (x86) distribution you can download here.
RPM package for RedHat compatible (x86_64) distribution you can download here.
su -
# rpm -ivh rlwrap*.rpm
# exit
echo "alias sqlplus='rlwrap sqlplus'" >> /home/oracle/.bash_profile
echo "alias adrci='rlwrap rman'" >> /home/oracle/.bash_profile
. /home/oracle/.bash_profile
=================

That's it try :)

Thursday, September 30, 2010

How to integrate tomcat with apache on cpanel linux server?

Guys,

I didn't configure it but I am making it more available in the internet so that you can easily get the link and steps. Hope it'll help you to do the same. Here are the steps :

=======
1- Configure PATH
- vi or pico -w /etc/profile
- Add those lines after the first comments
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

JAVA_HOME=/usr/local/java/java
CATALINA_HOME=/usr/local/tomcat
PATH=$JAVA_HOME/bin:$PATH:$HOME/bin:/sbin:/usr/sbin
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/common/lib/servlet.jar:/usr/local/pgsql/share/java/postgresql.jar:../lib/struts.jar:.

- Locate the line where you see export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC and add : JAVA_HOME CATALINA_HOME CLASSPATH


2- Download SDK at http://java.sun.com/j2se/1.4.2/download.html (j2sdk-1_4_2_03-linux-i586.bin)

3- Install java SDK
- mkdir /usr/local/java
- cd /usr/local/java
- chmod u+x j2sdk-version.bin
- ./j2sdk-version.bin
- ln -s j2sdk-version java
JAVA is installed under /usr/local/java/java/

4- Download Jakarta Tomcat at http://apache.mirror.mcgill.ca/jakarta/tomcat-4/v4.1.30/bin/jakarta-tomcat-4.1.30.tar.gz

5- Install Tomcat
- tar -zxvf jakarta-tomcat-4.1.30.tar.gz
- mv jakarta-tomcat-4.1.30 /usr/local/
- cd /usr/local
- ln -s jakarta-tomcat-4.1.30 tomcat
Tomcat is installed under /usr/local/tomcat/

6- Download Jakarta ANT at http://apache.mirror.cygnal.ca/ant/binaries/apache-ant-1.6.1-bin.tar.gz

7- Install Jakarta ANT
- tar -zxvf apache-ant-1.6.1-bin.tar.gz
- mv apache-ant-1.6.1 /usr/local/
- cd /usr/local
- ln -s apache-ant-1.6.1 ant
- ln -s /usr/local/ant/bin/ant /usr/local/bin/ant
- ln -s /usr/local/ant/bin/ant /usr/sbin/

8- Download the Java Connector from CVS and build / install mod_jk
- cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic login password: anoncvs (When prompted for a password, just hit ENTER)
- cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic checkout jakarta-tomcat-connectors
- mv jakarta-tomcat-connectors /usr/local/java/
- cd /usr/local/java/jakarta-tomcat-connectors/jk/native/
- ./buildconf.sh
- ./configure --with-apxs=/usr/sbin/apxs
- make
- cp apache-1.3/mod_jk.so /etc/httpd/modules/

9- Configure httpd.conf for mod_jk
- Doing a backup : cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
- Enabling mod_jk : vi or pico -w /etc/httpd/conf/httpd.conf
After this line :
LoadModule perl_module /usr/lib/apache/libperl.so

Add :
LoadModule jk_module /usr/lib/apache/mod_jk.so

After your last AddModule line, add :
AddModule mod_jk.c

Include "/usr/local/jakarta-tomcat-4.1.30/conf/mod_jk.conf"

10- Edit/Create /usr/local/jakarta-tomcat-4.1.30/conf/mod_jk.conf
- vi or pico -w /usr/local/jakarta-tomcat-4.1.30/conf/mod_jk.conf
- Enter those lines :


LoadModule jk_module /usr/lib/apache/mod_jk.so


JkWorkersFile "/usr/local/jakarta-tomcat-4.1.30/conf/jk/workers.properties"
JkLogFile "/usr/local/jakarta-tomcat-4.1.30/logs/mod_jk.log"


JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
JkMount /servlets/* ajp13
JkMount /*.do ajp13
JkMount /manager/* ajp13


JkLogLevel emerg

11- Edit/Create /usr/local/jakarta-tomcat-4.1.30/conf/jk/workers.properties
- mkdir /usr/local/jakarta-tomcat-4.1.30/conf/jk
- vi or pico -w /usr/local/jakarta-tomcat-4.1.30/conf/jk/workers.properties
- Enter those lines :

# Setting Tomcat & Java Home
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/local/java/java
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13

12- Edit /usr/local/jakarta-tomcat-4.1.30/conf/server.xml
cd /usr/local/jakarta-tomcat-4.1.30/conf/
rm -f server.xml
vi or pico -w server.xml
Copy - Past text below :










some-site.com








13- Edit /usr/local/jakarta-tomcat-4.1.30/conf/tomcat-users.xml







14- Download and install the tomcatd script
- Download the script at http://www.linuxjava.net/howto/webapp/install_files/tomcatd
- mv tomcatd /usr/sbin
- chmod 700 /usr/sbin/tomcatd
- vi or pico -w /usr/sbin/tomcatd
- Locate any lines that contain the text : su - tomcat -c $TOMCAT_START and replace it by : $TOMCAT_START

15- FINISH !! START TOMCAT AND TEST IT :)
- service httpd restart
- tomcatd start
=======

Ref : http://www.directadmin.com/forum/archive/index.php/t-2227.html

Try :)

Wednesday, September 29, 2010

How install MRTG on linux?

Guys,

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.

Here are the steps those I followed :

====
Installing Library zlib :

................
wget http://www.gzip.org/zlib/zlib-1.1.4.tar.gz
tar -xvzf zlib-1.1.4.tar.gz
mv zlib-1.1.4 zlib
cd zlib
./configure
make
cd ..
................

Installing Library libpng :

................
wget http://public.planetmirror.com/pub/sourceforge/l/li/libpng/libpng-1.0.15.tar.gz
tar -xvzf libpng-1.0.15.tar.g
mv libpng-1.0.15 libpng
cd libpng
make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
cd ..
................

Installing Library gd :

................
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz
tar -xvzf gd-1.8.4.tar.gz
mv gd-1.8.4 gd
cd gd

perl -i~ -p -e s/gd_jpeg.o//g Makefile
make INCLUDEDIRS="-I. -I../zlib -I../libpng" \
LIBDIRS="-L../zlib -L. -L../libpng" \
LIBS="-lgd -lpng -lz -lm" \
CFLAGS="-O -DHAVE_LIBPNG"
cd ..
................

Installing MRTG:

.................
cd /usr/local/src
wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.15.0.tar.gz
gunzip -c mrtg-2.15.0.tar.gz | tar xvf -
cd mrtg-2.15.0
./configure --prefix=/usr/local/mrtg-2 \
--with-gd=/usr/local/src/gd \
--with-z=/usr/local/src/zlib \
--with-png=/usr/local/src/libpng
make
make install
.................

Configuration :-

..................
cd /usr/local/src/mrtg-2.15.0/bin

cfgmaker --global 'WorkDir: /home/yourusername/public_html/mrtg' \
--global 'Options[_]: bits,growright' \
--output /usr/local/mrtg-2/mrtg.cfg \
public@localserver
..................

setup cron :

*/5 * * * * root "env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/mrtg.cfg" --logging /var/log/mrtg.log

View the MRTG :

htpp://domain/mrtg

That's it. try :)

Monday, September 27, 2010

make: *** [install-webconf] Error 1

Guys,

I got this error message during configuring the nagios : Here is the exact error message.

=======
root@server [/usr/local/src/nagios-3.2.1]# make install-webconf
/usr/bin/install -c -m 644 sample-config/httpd.conf
/etc/httpd/conf.d/nagios.conf
/usr/bin/install: cannot create regular file `/etc/httpd/conf.d/nagios.conf':
No such file or directory
make: *** [install-webconf] Error 1
=======

Sol: As per the error message it's clear that nagios is trying to create the nagios.conf file inside the /etc/httpd.conf file. So, to resolve this problem, please make a sysmlink with the current conf.d directory of httpd daemon. Here are the steps those I followed.

1. Grep httpd daemon :

root@server [/usr/local/nagios/etc]# ps aux | grep httpd
root 6900 0.0 0.0 4204 624 pts/1 S+ 00:12 0:00 grep httpd
root 25825 0.0 0.3 17400 7520 ? Ss Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25826 0.0 0.2 16768 5152 ? S Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25828 0.0 0.5 239148 10804 ? Sl Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25830 0.0 0.5 239012 10732 ? Sl Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25832 0.0 0.5 239284 10920 ? Sl Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25852 0.0 0.5 239148 10768 ? Sl Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 25874 0.0 0.5 239148 10772 ? Sl Sep27 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root@server [/usr/local/nagios/etc]#

2. Find Document root of apache or httpd :
root@server [/usr/local/nagios/etc]# /usr/local/apache/bin/httpd -V |grep HTTPD_ROOT
-D HTTPD_ROOT="/usr/local/apache"

3. Make a symlink like :
root@server [/usr/local/nagios/etc]# ln -s /etc/httpd/conf.d /usr/local/apache/conf.d

That's it. Try to re-execute above failed command. It'll work :)

How to install nagios on cpanel or linux server?

Guys,

Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.

Nagios is an open source application that monitors for computer network problems so that they can be fixed more quickly. Nagios was designed for use with the Linux operating system, but it will also work under Unix and most Unix-based systems.

Nagios runs periodic checks on user-specified resources and services. Resources that can be monitored include memory usage, disk usage, microprocessor load, the number of currently running processes, and log files. Services that can be monitored include Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), and other common network protocols. The program can monitor environmental variables such as temperature, humidity, or barometric pressure in conjunction with the appropriate measuring hardware. A user-friendly Web-based graphical user interface is provided. An authorization system allows the administrator to restrict access as necessary.

I have referred following steps to install and configure the nagios.

Before proceeding to mention the steps let me tell some points. Here I have installed nagios on monitoring server. So, this server will monitor other remote servers. Here are the required tools for them.

[A] For monitoring server(Who will monitor others) : a)nagios b) nagios-plugin c) nrpe daemon
[B] For monitored remote server(who will be monitored) : a) nagios-plugin c) nrpe daemon
[C] Configuring monitoring server to monitor remote hosts.


Let IP of monitoring server is 64.34.203.8. and 76.74.238.165 is the IP of remote server.

Now please make it sure that following packages has installed on the server.

-------
php-mysql php-gd php-ldap php-xml gd gd-devel gcc glibc glibc-common libstdc++-devel gcc-c++perl-DBI perl-DBD-MySQL perl-Config-IniFiles rrdtool perl-rrdtool

Note : For cpanel server all the modules might have installed. You can also enable them using /scripts/easyapache or yum install mod_name
-------
============================================================================

I am mentioning step by step here :

[A] Installing and configuring the monitoring tools on monitoring server(Who will monitor others) : a)nagios b) nagios-plugin c) nrpe daemon :-

a)nagios :-

------------------
1. Login into the server via ssh and gain root access.
2. useradd nagios
3. passwd nagios
4. groupadd nagcmd
5. /usr/sbin/usermod -a -G nagcmd nagios
6. /usr/sbin/usermod -a -G nagcmd nobody

Note : here nobody is the apache user on my server(cpanel linux server). You can get the user by executing the following command :

root@server [/usr/local/src]# grep '^User' /usr/local/apache/conf/httpd.conf
User nobody
UserDir public_html
root@server [/usr/local/src]#

7. cd /usr/local/src/
8. wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.1.tar.gz
9. tar -xvzf nagios-3.2.1.tar.gz
10. cd nagios-3.2.1
11. ./configure --with-command-group=nagcmd
12. make all
13. make install
14. make install-init
15. make install-config
16. make install-commandmode
17. make install-webconf

Note: During executing "make install-webconf" you'll face following error message.

``````````````````````````````````````````````````````````
root@server [/usr/local/src/nagios-3.2.1]# make install-webconf
/usr/bin/install -c -m 644 sample-config/httpd.conf
/etc/httpd/conf.d/nagios.conf
/usr/bin/install: cannot create regular file `/etc/httpd/conf.d/nagios.conf':
No such file or directory
make: *** [install-webconf] Error 1

I hope you got the clue from this error message. So, please make a directory and link with cpanel apache conf.d like :

root@server [/usr/local/src/nagios-3.2.1]# mkdir -p /etc/httpd/conf.d
root@server [/usr/local/src/nagios-3.2.1]# ln -s /etc/httpd/conf.d /usr/local/apache/conf.d

Then execute the above webconf once again. It'll create nagios.conf file in that conf.d directory. That's it. This is for integrating the nagios with webserver.
``````````````````````````````````````````````````````````

18. htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin //provide password here.

That's it for nagios. For my case here are the content in conf.d

````````
root@server [/etc/httpd/conf.d]# ll
total 12
drwxr-xr-x 2 root root 4096 Sep 26 23:22 ./
drwxr-xr-x 18 root root 4096 Sep 26 23:17 ../
lrwxrwxrwx 1 root root 6 Sep 26 23:20 conf.d -> conf.d
-rw-r--r-- 1 root root 1010 Sep 26 23:22 nagios.conf
root@server [/etc/httpd/conf.d]#
````````

===================================

b) nagios-plugin installation :-

1. cd /usr/local/src/
2. wget wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-
plugins-1.4.11.tar.gz
3. tar -xvzf nagios-plugins-1.4.11.tar.gz
4. cd nagios-plugins-1.4.11
5. ./configure --with-nagios-user=nagios --with-nagio-group=nagios
6. make
7. make install
8. chkconfig --add nagios
9. chkconfig nagios on
10. chown nagios.nagios /usr/local/nagios
11. chown -R nagios.nagios /usr/local/nagios/libexec
12. /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

````````````````
10th command will check the configuration whether it's correct or not. If it's correct it'll show following :
..............
Total Warnings: 0
Total Errors: 0

Things look okay - No serious problems were detected during the pre-flight
check

If there is no error it means your nagios configuration is correct and you can
start nagios service.
.............

`````````````````

13. /etc/init.d/nagios start
14. ps aux | grep nagios //check whether nagios is running or not.

that's it for nagios plugin :)

===================================

c) nrpe daemon installation : --

1. cd /usr/local/src/
2. wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
3. tar -xvzf nrpe-2.12.tar.gz
4. cd nrpe-2.12

......
Make sure openssl-devel has installed on the server. Check like

root@server [/usr/local/src/nrpe-2.12]# rpm -qa | grep openssl-devel
openssl-devel-0.9.8e-12.el5_4.6
root@server [/usr/local/src/nrpe-2.12]#

Else execute : yum install openssl*
......

5. ./configure
6. make all
7. make install-plugin
8. make install-daemon
9. make install-daemon-config
10. make install-xinetd

.......
Note : Make sure that xinetd has installed on the server. Else install it like yum install xinetd
.......

11. vi /etc/xinetd.d/nrpe and disable “only_from” directive. So, the content of the file will look like :

.......
root@server [~]# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
# only_from = 127.0.0.1
}
root@server [~]#
.......

12. echo "nrpe 5666/tcp # NRPE" >> /etc/services
13. Make it sure that you have opened the above port at the firewall.
14. chkconfig xinetd on
15. service xinetd restart

op will be like :

.....
root@server [/usr/local/src/nrpe-2.12]# chkconfig --list | grep xinetd
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
root@server [/usr/local/src/nrpe-2.12]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
root@server [/usr/local/src/nrpe-2.12]#
.....

That's it.

Test the NRPE daemon locally :

16. netstat -at | grep nrpe

Here is the o/p :
........
tcp 0 0 *:nrpe *:* LISTEN

root@server [/usr/local/src/nrpe-2.12]# netstat -plan | grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:*
LISTEN 31130/xinetd
root@server [/usr/local/src/nrpe-2.12]#
........

17. /usr/local/nagios/libexec/check_nrpe -H localhost

Here is the o/p :

........
root@server [/usr/local/src/nrpe-2.12]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12
root@server [/usr/local/src/nrpe-2.12]#
........

===================================
==========================================================================================

[B] Installing and configuring the monitoring tools on monitored server (who will be monitored) : a) nagios-plugin c) nrpe daemon :----

Login into the remote server via ssh and gain root access.

a) : nagios-plugin installation :

1. cd /usr/local/src/
2. /usr/sbin/useradd nagios
3. passwd nagios
4. wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz
5. tar -xvzf nagios-plugins-1.4.15.tar.gz
6. cd nagios-plugins-1.4.15
7. ./configure
8. make
9. make install
11. chown nagios.nagios /usr/local/nagios
12. chown -R nagios.nagios /usr/local/nagios/libexec
13. Make sure that xinetd has installed on the server. Else install using : yum install xinetd

That's it :)
===================================

b) nrpe daemon installation :-


1. cd /usr/local/src/
2. wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
3. tar -xvzf nrpe-2.12.tar.gz
4. cd nrpe-2.12

......
Make sure openssl-devel has installed on the server. Check like

root@server [/usr/local/src/nrpe-2.12]# rpm -qa | grep openssl-devel
openssl-devel-0.9.8e-12.el5_4.6
root@server [/usr/local/src/nrpe-2.12]#

Else execute : yum install openssl*
......

5. ./configure
6. make all
7. make install-plugin
8. make install-daemon
9. make install-daemon-config
10. make install-xinetd

.......
Note : Make sure that xinetd has installed on the server. Else install it like yum install xinetd
.......

11. vi /etc/xinetd.d/nrpe and change the IP at the “only_from” directive. It'll be monitoring server's(who will monirot) IP. For my case it was 64.34.203.8. So, the content of the file will look like :

.......
root@server [/etc/xinetd.d]# hostname
server.loveme.com
root@server [/etc/xinetd.d]# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 64.34.203.8
}
root@server [/etc/xinetd.d]#
.......

12. echo "nrpe 5666/tcp # NRPE" >> /etc/services
13. Make it sure that you have opened the above port at the firewall.
14. chkconfig xinetd on
15. service xinetd restart

op will be like :

.....
root@server [/usr/local/src/nrpe-2.12]# chkconfig --list | grep xinetd
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
root@server [/usr/local/src/nrpe-2.12]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
root@server [/usr/local/src/nrpe-2.12]#
.....


Test the NRPE daemon locally :

16. netstat -at | grep nrpe

Here is the o/p :
........
tcp 0 0 *:nrpe *:* LISTEN

root@server [/usr/local/src/nrpe-2.12]# netstat -plan | grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:*
LISTEN 31130/xinetd
root@server [/usr/local/src/nrpe-2.12]#
........

17. /usr/local/nagios/libexec/check_nrpe -H localhost

Here is the o/p :

........
root@server [/usr/local/src/nrpe-2.12]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12
root@server [/usr/local/src/nrpe-2.12]#
........

That's it.

================================================================================


[C] Configuring monitoring server to monitor remote hosts :-

Login into the monitoring server(who will monitor) via ssh and gain root access.

1. Create a command definition: /usr/local/nagios/etc/commands.cfg

and add following entries in that file :
---
root@server [/usr/local/nagios/etc/objects]# cat /usr/local/nagios/etc/commands.cfg
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

root@server [/usr/local/nagios/etc/objects]
---

2. chown nagios. /usr/local/nagios/etc/commands.cfg
3. create the file /usr/local/nagios/etc/objects/linux-box-remote.cfg and add
following entries in that file.

........
root@server [/usr/local/nagios/etc/objects]# cat /usr/local/nagios/etc/objects/linux-box-remote.cfg
define host{
name linux-box-remote ; Name of this
template
use generic-host ; Inherit default values
check_period 24x7
check_interval 5
retry_interval 1
max_check_attempts 10
check_command check-host-alive
notification_period 24x7
notification_interval 30
notification_options d,r
contact_groups admins
register 0 ; DONT REGISTER THIS - ITS A
TEMPLATE
}

define host{
use linux-box-remote ; Inherit default values from a
template
host_name server.ubeea2.com ; The name we're giving to this
server
alias ubeea2 ; A longer name for the server
address 76.74.238.165 ; IP address of the server
}

define service{
use generic-service
host_name server.ubeea2.com
service_description CPU Load
check_command check_nrpe!check_load
}
define service{
use generic-service
host_name server.ubeea2.com
service_description Current Users
check_command check_nrpe!check_users
}
define service{
use generic-service
host_name server.ubeea2.com
service_description /dev/hda1 Free Space
check_command check_nrpe!check_hda1
}
define service{
use generic-service
host_name server.ubeea2.com
service_description Total Processes
check_command check_nrpe!check_total_procs
}
define service{
use generic-service
host_name server.ubeea2.com
service_description Zombie Processes
check_command check_nrpe!check_zombie_procs
}
root@server [/usr/local/nagios/etc/objects]#
..........

Note : Change the IP and hostname. Then call this file in the nagios.cfg file. Just add
like

4. cfg_file=/usr/local/nagios/etc/objects/linux-box-remote.cfg

Example :
........
root@server [/usr/local/nagios/etc]# grep linux-box-remote.cfg /usr/local/nagios/etc/nagios.cfg
cfg_file=/usr/local/nagios/etc/objects/linux-box-remote.cfg
........

5. chown nagios. /usr/local/nagios/etc/objects/linux-box-remote.cfg
6. check config like :
....
root@server [/usr/local/nagios/etc/objects]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Make sure warning and error are zero.
....

7. service nagios restart
8. You can add multple remote host in the linux-box-remote.cfg file. Just add another entry like second defined "host" to last one(only you have to change the hostname and services those you want to monitor).

That's it. Try :)

===================================================================================