To keep your shell session live even after dropping ssh connection to remote server

I guess, we all come across situations like, dropping your ssh remote server connection in middle of transferring file/folder, running fsck, executing a script, kernel recompilation..etc.   There are many reason that you say for dropping your ssh connection. It can be an network issue, firewall issue, system corrupt…etc.

There are two ways to avoid this, nohub  and another one is screen. Based on my experience, I would say nohub is useful only when you execute/run a script.

But screen has many advantages and features over nohub, so its a advisable one in a production server environment. screen allows you to run  the process continuously on remote machine even after connection drops.

*) Install screen utility on your machine.
yum install screen (linux)
apt-get install (ubuntu)

*) Start screen session:
screen or screen -S <nameyoursession>

[BALAJI@devils ~]$ screen -ls
No Sockets found in /var/run/screen/S-BALAJI.
[BALAJI@devils ~]$ screen -S monitor
[detached from 3664.monitor]

*)Detach the current session:
now you are in the session, so you can run your commands there. If you want to come back to your norml SSH session, press ctrl+a to release,and then  press d to detach the session.

*)To list the session already started.
#  screen -ls

[BALAJI@devils ~]$ screen -ls
There is a screen on:
3664.monitor    (Detached)
1 Socket in /var/run/screen/S-BALAJI.
To re-attach the session:
# screen -r <session name>

[BALAJI@devils ~]$ screen -r 3664.monitor

*)Create more sessions:
When you are already in a session, press ctrl+a, and then c to create new session. You can create n number of sessions in this way.

*) Accessing different sessions:
Press ctrl+a, and then press n(next session) or p(previous session).

*)To terminate the session:

Enter “exit” or press ctrl+d.

Thats all about screen. Let us start to have a habit of using screen session to make job easy 🙂

Read Full Post »

MBR tricks with Linux

MBR tricks with Linux:

The funny thing about the MBR is that it really isn’t covered much in tutorials about installing Linux, however, it is a very crucial thing on your hard disk, and learning how to manipulate it is a very good skill indeed.

What is the MBR?

The MBR is an acronym that stands for Master Boot Record. It has two main functions: firstly, it holds the partition table of a disk, and secondly it can optionally contain executable code that the BIOS runs when the computer first starts up.

MBR structure

The MBR is located in the first 512 bytes of the disk (the first sector). It’s organized as follows (taken from Wikipedia):
Size (bytes) Description
446 Executable code section
4 Optional Disk signature
2 Usually nulls
64 Partition table
2 MBR signature

So what does this tell us? The most important thing to note is the overall size (512 bytes) and the executable code section (the first 446 bytes). Using this information you can do some fairly useful tasks.
Uses
Backing up a partition table

Probably one of the most useful things to do is to backup your partition table. This could be useful if you’re planning to edit your partition table but don’t want to lose the entire thing. To back it up, we’re going to use the dd utility. To back up the MBR, enter the following at a Linux prompt:
dd if=/dev/hda of=/mbrbackup.bin bs=512 count=1

How does this work? if= refers to the input file. In this case it’s your hard drive device, /dev/hda. (If you hard drive isn’t /dev/hda for some reason, substitute it with the correct device.) of= refers to — you guessed it — the output file. In this case dd will create a new file in the root directory of the filesystem and save the contents of the MBR to this. bs refers to the block size (sector). Since the MBR is 512 bytes, you want to set it to that. Finally, count refers to the number of sectors to copy. There’s only one MBR, so the count is set to 1. Now you should copy this file to an external device, because if the partition table gets damaged or erased, you won’t be able to access the partition where you saved the file!

Restoring the MBR is equally easy:
dd if=/mbrbackup.bin of=/dev/hda bs=512 count=1

(This guide assumes you’ve already copied the mbrbackup.bin file from your backup media onto the current root partition.)
Erasing the partition table

If your partition table is for some reason toast and you just want to wipe it and start over, losing all your data, just write zeroes over the first 512 bytes of the disk:
dd if=/dev/zero of=/dev/hda bs=512 count=1

(However, if you wanted to write zeroes over the entire drive, you would just use dd if=/dev/zero of=/dev/hda.)
Conclusion

This guide is nothing new; these commands have existed for quite some time. However, it seems like many Linux tutorials neglect this topic, which is sad because it is very useful to be able to manipulate the first 512 bytes on your hard disk and understand how it all works.

Read Full Post »

SSH security

For added security, I modified the .bashrc profile for any users that may have shell access, and added the following, so that when the user logs in, it sends out an email, letting you know that someone has logged in.

echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” you@yourdomain.com

Of course, you need to modify the (Yourservername) and you@yourdomain.com part.

This little code gets added into the .bashrc file for the user you want to report. For example, if the user logging in was named tedsite, you would add this to:

/home/tedsite/.bashrc

I was getting an error though once I tried it:

-bash: mail: command not found

This was fixed easily on the Centos system, by running the following from the command line:

yum install mailx

If you wanted to apply this to the root account, you would edit this file:

/root/.bashrc

A quick note, its best to use an email address that is not on your current server.

🙂

Read Full Post »

Install Ghostscript

What is Ghostscript:
========================

hostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements thegraphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output.

Installation :
====================

Download source at http://www.ghostscript.com/awki/Releases

./configure
make
make install

Done:)

cd /usr/local/src/
wget http://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/gs863/ghostscript-8.63.tar.gz
tar zxf ghostscript-8.63.tar.gz
cd ghostscript-8.63
./configure
make
make install

🙂

Read Full Post »

Change server main or primary IP address

How to change server main or primary IP address:
=========================================

To change the main or primary server IP under Linux => as root => edit the IP information in the following files and reboot server:

/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/hosts

If you have any question, please drop me a note and I will help.

🙂

Read Full Post »

Create strong password

Tips to create a strong password:
================================

Your password is a critical part of keeping your information secure. Following these tips can help you create a stronger password — one that’s more difficult to guess.

1. Complexity is key. You can make your password more complex by making it longer (at least eight characters), as well as using a mix of characters as described below.

2. Use a combination of upper- and lower-case letters, numbers, and special characters. You may also use one or more of the following characters: _-’.,@:?!()$\/.

3. Use passwords that are easy for you to remember, but difficult for anyone else to guess. Personal information such as your birthdate, address, or child’s name can easily be discovered by anyone who knows you or has access to your wallet.

4. Avoid using words that can be found in the dictionary.

5. Try using the underscore to create a “passphrase” — a password made up of several words, such as “My_cat_Fluffy_is_2_years_old.”

6. Or, think of a phrase you like and convert it to a password by using the first letter of each word (as well as numbers) and mixing upper- and lower-case. In the case of the above example, your password could be “McFi2YO.”

7. Use different passwords for different systems. That way, if one becomes compromised, the others remain secure.

8. Change your password periodically. Security sites recommend your password be changed every 30-60 days.

🙂

Read Full Post »

Reset Mysql root password..

First, stop mysql server

/etc/init.d/mysql.server stop

Start mysql in safe mode

/usr/local/mysql/bin/mysqld_safe –user=root –skip-grant-tables –skip-networking &

Now the mysql will be running in the background in safe mode. You will be able to login as root by just using:

mysql -u root

Once you got in you can use the following commands to reset the root password.

UPDATE mysql.user SET Password=PASSWORD(‘qaz123′) WHERE User=’root’; //Here password is qaz123

FLUSH PRIVILEGES;

Now just quit from the mysql prompt and try using the new password

mysql -u root -p

When it ask for password, provide the new password. It will work.

🙂

Read Full Post »

Nagios Plugins Installation:

Before proceeding the Plugin installtion, plz install Nagios.
The steps are HERE 🙂

Plugins Installation:
========================

At this point the Nagios installation is complete. However, it is not very useful at its current state, because it lacks the actual monitoring applications. These applications, the duty of which is to check whether a particular monotired service is functioning properly, are called plugins. Nagios comes with a default set of such plugins, but they have to be downloaded and installed seperately. (Please visit the Nagios Web site for the latest download URL.)

Download the latest Nagios Plugins package and decompress it. You will need to run the configure script that is provided in order to prepare the package for compilation on your system. You will find that that the plugins are installed in a fashion similar to the actual Nagios program. Once again, you can just run configure if you are OK with the default settings for the username, group, and directory where Nagios is installed.

Type the following script on a single line:

root@ducati:~/tmp/nagios/nagiosplug-1.3-beta1# ./configure
–prefix=/usr/local/nagios –with-nagios-user=nagios –with-nagios-group=nagios

You might get notifications about missing programs or Perl modules while configure is running. These are mostly OK, unless you specifically need the mentioned application to monitor a service.

Once configure is complete, compile all of the plugins.

root@ducati:~/tmp/nagios/nagiosplug-1.3-beta1# make all

If no errors were reported, you are ready to install the plugins.

root@ducati:~/tmp/nagios/nagiosplug-1.3-beta1# make install

The plugins will be installed in the libexec directory of your Nagios base directory (/usr/local/nagios/libexec, in my case).

root@ducati:~/tmp/nagios/nagiosplug-1.3-beta1# cd /usr/local/nagios/libexec/

There are a few rules that all Nagios plugins should implement, making them suitable for use by Nagios. All plugins provide a –help option that displays information about the plugin and how it works. This feature helps a lot when you’re trying to monitor a new service using a plugin you haven’t used before.

For instance, to learn how the check_ssh plugin works, run the following command.

root@ducati:/usr/local/nagios/libexec# ./check_ssh -h

check_ssh (nagios-plugins 1.3.0-alpha1) 1.1.1.1
The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
Copyright (c) 1999 Remi Paulmier (remi@sinfomic.fr)

Usage:
check_ssh -t [timeout] -p [port] check_ssh -V prints version info
check_ssh -h prints more detailed help
by default, port is 22
root@ducati:/usr/local/nagios/libexec#

This shows us that the check_ssh plugin accepts one required parameter host, and two optional paramters, timeout and port.

There’s nothing especially complicated about the plugins. In fact, you can run the plugins manually to check services on the console.

root@ducati:/usr/local/nagios/libexec# ./check_ssh http://www.example.com
SSH ok – protocol version 1.99- – server version

Nagios Post-Install Configuration:
================================

Now that both Nagios and the plugins are installed, we are almost ready to start monitoring our servers. However, Nagios will not even start before we configure it properly.

Let’s start by taking a look the sample configuration files.

root@ducati:~/tmp/nagios# cd /usr/local/nagios/etc
root@ducati:/usr/local/nagios/etc# ls -1
cgi.cfg-sample
checkcommands.cfg-sample
contactgroups.cfg-sample
contacts.cfg-sample
dependencies.cfg-sample
escalations.cfg-sample
hostgroups.cfg-sample
hosts.cfg-sample
misccommands.cfg-sample
nagios.cfg-sample
resource.cfg-sample
services.cfg-sample
timeperiods.cfg-sample

Since these are sample files, the Nagios authors added a .cfg-sample suffix to each file. First, we need to copy or rename each one to *.cfg, so that the software can use them properly. (If you don’t change the configuration filenames, Nagios will still try to access them with the .cgi extension, and not be able to find them. The authors must have wanted to ensure that everyone create their own custom configuration files.)

Before renaming the sample files, I like to take a backup of them, just in case I need to refer to them later.

root@ducati:/usr/local/nagios/etc# mkdir sample
root@ducati:/usr/local/nagios/etc# cp *.cfg-sample sample/

You can either rename each file manually, or use the following command to take care of them all at once.

Type the following script on a single line:

root@ducati:/usr/local/nagios/etc# for i in *cfg-sample; do mv $i
`echo $i | sed -e s/cfg-sample/cfg/`; done;

The following is what you should end up with in the etc directory.

root@ducati:/usr/local/nagios/etc# ls -1
cgi.cfg
checkcommands.cfg
contactgroups.cfg
contacts.cfg
dependencies.cfg
escalations.cfg
hostgroups.cfg
hosts.cfg
misccommands.cfg
nagios.cfg
resource.cfg
sample/
services.cfg
timeperiods.cfg

First we will start with the main configuration file, nagios.cfg. You can pretty much leave everything as is, becasue the Nagios installation process will make sure the file paths used in the configuration file are correct. There’s one option, however, that you might want to change. The check_external_commands is set to 0 by default. If you would like to be able to change the way Nagios works, or directly run commands through the Web interface, you might want to set this to 1. There are still some other options you need to set in cgi.cfg to configure which usernames are allowed to run external commands.

In order to get Nagios running, you will need to modify all but a few of the sample configuration files. Configuring Nagios to monitor your servers is not as difficult as it looks; I have found that the best approach to configuring Nagios properly the first time is to use the debugging mode of the Nagios binary. You can run Nagios in this mode by running:

root@ducati:/usr/local/nagios/etc# ../bin/nagios -v nagios.cfg

This command will go through the configuration files and report any errors that were found. Start fixing the errors one by one, and run the command again to find the next error. For our purposes, I will disable all hosts and services definitions that come with the sample configuration files and merely use the files as templates for our own hosts and services. We will keep most of the files as is, and remove the following (we will create them from scratch):

hosts.cfg
services.cfg
contacts.cfg
contactgroups.cfg
hostgroups.cfg
dependencies.cfg
escalations.cfg

We will not be going into the more advanced configuration that requires using dependencies.cfg and escalations.cfg, so just remove these two files so that the sample configuration in these do not stop Nagios from starting up. Still, Nagios requires that these files are present in the etc directory, so create two empty files and name them dependencies.cfg and escalations.cfg by running the following as root.

root@ducati:/usr/local/nagios/etc# touch dependencies.cfg
root@ducati:/usr/local/nagios/etc# touch escalations.cfg

We now have all of the configuration files we need and are ready to start configuring them to suit our monitoring needs. In my next article, I will cover the configuration file basics, how to define services to be monitored, how to configure Nagios to notify people when a service is down, and how to configure and use the Web interface that comes with Nagios.

Until then, Happy Hacking.
Web Resources:

Official Nagios Web Site: http://www.nagios.org
Official NetSaint Web Site: http://www.netsaint.org
Nagios Plugins: http://nagiosplug.sourceforge.net
Nagios ScreenShots: http://www.nagios.org/screenshot.php
htpasswd man Page: http://www.rt.com/man/htpasswd.1.html

Read Full Post »

Installing Nagios:

What is Nagios?:
======================

“Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better” (from nagios.org). This is the same tool that used to be called NetSaint until recently. Although the NetSaint site is still up, all future development will be done on Nagios.

Nagios has an impressive list of features that include:

* Monitoring of network services such as HTTP, SMTP, SSH, Telnet, etc.
* Monitoring of server resources, such as disk usage and load averages.
* Real time notification of failures via email, pager, etc.
* A very informative Web interface that makes it very easy to identify problem hosts.
* Licensed under the GNU GPL.

Nagios runs on Unix and its variants and optionally requires a Web server to be installed (for the Web interface).

Installing and Configuring Nagios:
================================

Download the latest Nagios package and the latest Nagios plugins to a temporary location. For this article we will be using ~/tmp/nagios.

root@ducati:~/tmp/nagios# ls
nagios-1.0b5.tar.gz nagiosplug-1.3-beta1.tar.gz

First we will install the main Nagios application. Start by decompressing the tar.gz archive.

root@ducati:~/tmp/nagios# tar xfvz nagios-1.0b5.tar.gz

This will decompress the archive and we will end up with a nagios-1.0b5 directory. (The filename and the name of the directory created will differ, depending on when and which version you download.) Go into this new directory:

root@ducati:~/tmp/nagios# cd nagios-1.0b5
root@ducati:~/tmp/nagios/nagios-1.0b5#

At this point, we need to decide where on our system we want to install Nagios. You can install Nagios anywhere, but the best approach to selecting the location is to stick with the default installation directory (/usr/local/nagios), because the documentation always refers to this directory. This will make it easier to solve problems that we might have.

Create the directory where you would like to install Nagios.

root@ducati:~/tmp/nagios/nagios-1.0b5# mkdir /usr/local/nagios

At this point, we need to create a user and a group that our Nagios application will run as. You can use “root” for this purpose, but since it’s not required, we might as well not use it, for better security. In order to make maintaining Nagios easier, we will dedicate a new username and group to it. The user and the group that we will create are both called “nagios.”

root@ducati:~/tmp/nagios/nagios-1.0b5# useradd nagios

If you don’t have the useradd command on your system, try the adduser command. On some systems, adduser is an interactive command that expects you to answer a few questions before creating the account. Please refer to the man page for the command you’re using for more information.

root@ducati:~/tmp/nagios/nagios-1.0b5# groupadd nagios

On some systems, adduser will create the matching group; on other systems you will need to edit the /etc/group file to add the group by hand. Please refer to the documentation on your system for more information.

Once we have created the user and the group, we can now start the actual installation process. First we need to specify some parameters and create the Makefile that will be used to compile and install the software.

Type the following script on a single line without line breaks:

root@ducati:~/tmp/nagios/nagios-1.0b5# ./configure –prefix=/usr/local/nagios
–with-cgiurl=/nagios/cgi-bin –with-htmurl=/nagios/ –with-nagios-user=nagios
–with-nagios-grp=nagios

If you have opted to install Nagios in /usr/local/nagios and the user and group you have created are both “nagios,” you might as well just run ./configure with no parameters, since the above values are the default values configure will assume. You can also run configure –help to see a lot more options you can use.

Once configure completes, it will display a summary of all parameters that were used during the configuration. Make sure everything is OK, and run configure again with the correct options, if necessary.

There’s also a very high chance of getting a warning about the lack of GD libraries from Boutell. You can go back and install GD if it’s not installed. If you already have it on your system and configure can’t find it, you can use the –with-gd-lib and –with-gd-inc options to specify the exact directories where your gd include and library files are located. If, after trying all of these, you’re still getting the warning about GD, the configuration script suggests just giving up on using the components that require GD and living with it. I believe this is a good approach if you’re installing Nagios for the first time. The GD library is only used in a few CGIs that create dynamic images from the service statistics. The application is still very useful without these graphics. You can always go back and reinstall the application when you’re more comfortable with GD and Nagios.

Now it’s time to actually compile the software. This is done as follows (if you’re not logged in as “root,” you need to switch to the “root” user at this point):

root@ducati:~/tmp/nagios/nagios-1.0b5# make all

This step will take a while to complete, especially on a slower machine. If there were no problems during the compilation, you will receive a “Compile finished” notification. Right now, all of our software is compiled and ready to be installed to the directories that we have specified in configure.

We will run three install commands to install various components in place. First we need to install the main program files and directories in /usr/local/nagios. This step is required.

root@ducati:~/tmp/nagios/nagios-1.0b5# make install

Now, optionally, we can install the startup script so that Nagios starts automatically at boot time. This script will also allow us to start, stop, restart, and reload Nagios conveniently. This is accomplished as follows:

root@ducati:~/tmp/nagios/nagios-1.0b5# make install-init

On my system (which is running Slackware 8.0), this installs a nagios script in /etc/rc.d. Depending on your distribution, this file might also be installed in /etc/rc.d/init.d/. The configurator should take care of this. On my system, I have renamed this file to rc.nagios, which conforms better to the naming structure for Slackware. On FreeBSD, the file would need to live in /usr/local/etc/rc.d and be renamed nagios.sh for it to work properly.

If you take a look into the /usr/local/nagios directory right now, you will see that there are four directories.

root@ducati:~/tmp/nagios/nagios-1.0b5# ls /usr/local/nagios/
bin sbin share var

The bin directory contains a single file, nagios, that is the core of the package. This application does the actual monitoring. The sbin directory contains the CGI scripts that will be used in the Web-based interface. Inside of the share directory, you can find the HTML files and documentation. Finally, the var directory is where Nagios will be storing its information, once it starts running.

In order to be able to use Nagios, we need a couple of configuration files. These files go into the etc directory, which will be created when you run the following:

root@ducati:~/tmp/nagios/nagios-1.0b5# make install-config

This command also creates a sample copy of each required configuration file and puts them into the etc directory.

🙂

The steps to install Nagios Plugin is HERE🙂

Read Full Post »

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port:

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port
==============================================

Required utilities:
=======================

You can spawn FastCGI processes using a dispatcher script or using spawn-fcgi utility, which is used to spawn remote FastCGI processes. spawn-fcgi included with lighttpd web server. You can grab source code from lighttpd.net or simply install it using lighttpd as follows (you need EPEL repo enabled under RHEL / CentOS / Fedora Linux):
# yum install lighttpd-fastcgi
# cp /usr/bin/spawn-fcgi /tmp
# yum remove lighttpd-fastcgi
# mv /tmp/spawn-fcgi /usr/bin/spawn-fcgi

lighttpd-fastcgi is FastCGI module and spawning helper for lighttpd and PHP configuration.

How do spawning php as TCP/IP remote app?
==========================================

Use /usr/bin/spawn-fcgi as follows, enter:

# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache
You can also jail php, using following syntax (make sure /var/run/ and /usr/bin/php-cgi exists inside jail directory):
# /usr/bin/spawn-fcgi -c /httpdjail -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache — /usr/bin/php-cgi

Where,

* -f /usr/bin/php-cgi: Filename of the fcgi-application
* -a 192.168.1.10 : Bind to ip address
* -p 9000 : Bind to tcp-port
* -P /var/run/php-cgi.fastcgi.pid: Name of PID-file for spawed process
* -c /httpdjail : Chroot to directory (security feature)
* -u apache : Change to user-id (security feature – drop root user privileges to apache user)
* -g apache : Change to group-id (security feature – drop root group privileges to apache group)

Configure Apache 2 mod_fastcgi connect to external PHP fcgi application:
============================================

Above command will run php fcgi on 192.168.1.10:9000. Here is our sample setup:

1. 192.168.1.10 port 9000 : PHP FastCGI server
2. 192.168.1.11 port 9000 : Python or Ruby on rails cgi process
3. 202.54.1.20 port 80 : Apache 2 running mod_fastcgi (DocumentRoot set to /webroot/http)

Open your httpd.conf on 202.54.1.20, enter:

# vi /etc/httpd/conf/httpd.conf

Locate your domain VirtualHost configuration and append following two directives:

AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -host 192.168.1.10:9000

Here is complete snippet from one my box:
=========================

ServerAdmin webmaster@abcd.com
DocumentRoot /webroot/http
ServerName abcd.com
ErrorLog logs/abcd.com-error_log
CustomLog logs/abcd.com-access_log common
AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -host 192.168.1.10:9000

Save and close the file. Restart httpd:
# service httpd restart
Make sure iptables is configured to allow communication between public and private fastcgi server.

How do I configure PHP FastCGI via UNIX sockets?
==============================

UNIX sockets are faster as compare to TCP/IP sockets. However, they do not support remote spawning. Create /tmp/php.socket as follows:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -s /tmp/php.socket -u apache -g apache
Add following configuration to your httpd.conf virtual host:

AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -socket /tmp/php.socket

Save and close the file. Restart httpd, type:
# service httpd restart

mod_fastcgi has lots of other options. Please refer to Apache and mod_fastcgi documentation for further information.

🙂

Read Full Post »