Pages

Wednesday, December 29, 2010

SERVER CONFIGURATION FILE SYNTAX CHECKING COMMANDS

SERVER CONFIGURATION FILE SYNTAX CHECKING COMMANDS
Basically configuring servers in Linux/*nix include editing of configuration files and saving them. Once editing the files if any syntax error is there and when we start the service they will show some wearied errors which we cant resolve.
For counter attacking this type of issues for each service there will be one command to check this syntax errors before starting of the service/server, I have collected these commands from my experience and from some of my friends. Please feel free to comment on this if you know some other commands so that I will update my post.

SSHD server check for syntax error
=========================
sshd -t

FTP server check for syntax error
=========================
#vsftpd

DNS server check for syntax error
==========================

For checking syntax errors in main configuration file..
#named-checkconf main-config-file

Example:
#named-checkconf named.conf
Syntax OK

#named-checkzone domain zonefile-loc

Example:
#named-checkzone example.com /var/named/chroot/var/named/exaple-zone.frd

SAMBA server check for syntax error
=============================
#testparm

APACHE server check for syntax error
=============================
httpd -t

For virtual hosts

httpd -t -D DUMP_VHOSTS

TCP Wrappers check for syntax error
============================
tcpdchk
tcpdchk -v

Postfox server check for syntax error
============================
postfix check
postfix -vv


LIGHTTPD server check for syntax error
=============================
lighttpd -t -f /etc/lighttpd/lighttpd.conf

Squid server check for syntax error
==========================
squid -k check
squid -k parse

NAGIOS server check for syntax error
====================================
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Friday, December 24, 2010

Automatic Login through SSH

[root@server2~]#ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.2.202
21
root@192.168.2.202's password:
Now try logging into the machine, with "ssh '192.168.2.202'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@server2~]#ssh 192.168.2.202
Last login: Thu Dec 23 18:25:19 2010 from 192.168.2.200
[root@server3 ~]#

Monday, December 6, 2010

How to connect, install and configure TATA Photon in Linux

This post explains how to connect your Tata photon dongle to a Redhat Linux system. It works on other Redhat distributions like Fedora, CentOS too.

The procedure is explained in step by steps below.

Steps.
1. Connect / Plug your photon+ to the system and wait till it gets ditected.
2. Open a terminal, run a command "dmesg" and check it is showing the modem name as HUAWEI.
3. Run another command "sudo wvdial" and its will create a config file in /etc/wvdial.conf, something like shown below.
(if u dont have wvdial, you can download it from open.alumnit.ca)

by running "cat /etc/wvdial.conf"
or you can edit it using the commadn "vi /etc/wvdial.conf"

#
[Dialer Defaults]
Modem = /dev/modem
Baud = 115200
Modem Type = Analog Modem
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
[Dialer info]
Init9 = AT&V
[Dialer photon+]
Modem = /dev/modem
Baud = 115200
Modem Type = Analog Modem
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Phone =
Username =
Password =
Auto DNS = off
#

some of the field may be already filled.

4. In terminal, connect by "wvdial".
5. Using Network Manager applet is more easier and is automatic whenever you plug the card.
6. In Network Manager, U can create profile by configuring network -> analog POTS -> setup.
   Fill the data as you need. leave the IP & gateways as defaults. Type user's name/pass phrase and dial number
   (usually user name/pass phrase are your phone number & dial number is *777).
5. connect the profile and check its working.
6. Thats it. Now check your mails!

How to install and configure a mail server using Postfix + Dovecot + squirrelmail in linux

This post helps to install and configure a mail server with postfix as MTA[ (Mail Transfer agent), Dovecot as MDA (Mail Delivery Agent) and Squirrel mail as MUA (Mail User
Agent). This is a simple basic configuration without much advanced configurations. This is tested in Redhat linux and will also work in other redhat disrtos like
fedora, centos etc.


Assuming you have a configured yumserver. Else use the rpms.
#yum install postfix* dovecot* Squirrelmail*

Steps

1. Configure the DNS eg: example.com

2. Select the defalt MTA as postfix. Most systems it will be Sendmail.

#alternatives     --config    mta
Select postfix.

3. open the configuration file of Postfix and edit the following.

#vi /etc/postfix/main.cf
edit the following

 1. my domain
 2. my hostname
 3. inet_interfaces

and reload the service.

4. Configure the Squirrel mail
#cd /usr/share/squirrelmail/config/

run the perl file
#./conf.pl

Give
 1.Domain name
 2.host name [FQDN]
 3.protocol

5. Configure the dovecot
#vi /etc/dovecot.conf

protocols = imap

save it and restart the service.

#service dovecot restart
#chkconfig dovecot on

6. Add the MX entry to DNS. Dont fotget to give the priority.

7. Resolve the hostname in /etc/hosts.

8. Start the httpd [apache]

9. Thats it. you can now access the webmail through

http://example.com/webmail

User administration in redhat linux

User administration in Linux

In Linux there are three type of users.

1. Super user or root user
Super user or the root user is the most powerful user. He is the administrator user.

2. System users
System users are the users created by the softwares or applications. For example if we install Apache it will create a user apache. This kind of users are
known as system users.

3. Normal users
Normal users are the users created by root user. They are normal users like John, Ramu etc. Only the root user has the permission to create or remove a user.

In linux systems every user will have a unique user ID. It is known as UID. The Range of UIDs will be as follows:

1. Root user          UID will be "0"

2. Systems users      UID will be "1 - 499"

3. Normal users       UID will be "500 - 60000"
The range of MIN_GID and MAX_GID is specified in the file  "/etc/login.defs".

#########
There are three important files a user administrator should be aware of.

1. "/etc/passwd"
2. "/etc/shadow"
3. "/etc/group"

Each of the above mentioned files have specific formats.

1. "/etc/passwd"

The first line will be like this.
root:x:0:0:root:/root:/bin/bash

There are seven fields in it with each separated by ":"
Fields are as follows,

User_name:Pointer_to_Shadow_file:UID:Comment:GID:Home_Directory:Login_shell

1. User_name is the name of the user.
2. Pointer to shadow file is the pointer to the "/etc/shadow" where the encrypted password for that user is stored.
3. UID is the user ID.
4. GID is the goup ID for the user.
5. Comment is a field where we can add some info about that user. Suppose if the user is a group leader, we can specify it there.
6. Home_dir denotes the path of users home directory. By default for root user it'll be "/root" and for normal user it'll be "/home/user_name".
7. Default login shell will be "/bin/bash". If we want to change it to korn shell edit it to "/bin/ksh". If no login shell is required for that user then give
"/sbin/nologin"

2. "/etc/shadow"

Shadow file contains the user's encrypted password and password aging options.

The first line will be like this
root:$1fdsfsgsdfsdkffefje:14757:0:99999:7:::

The fields are as  follows,

1. User_name
2. Encrypted password
3. Days since that password was last changed.
4. Days after which password must be changed.
5. Days before password is to expire that user is warned.
6. Days after the password is expires that the user is disabled.
7. Days since the account is disabled.
8. A reserved field.

3. "/etc/group"

Contains information about groups in the system.

The first line will be like this
root:x:0:root

The fields are as follows.

1. Group_name, the name of the group
2. The encrypted group password
3. GID, Group ID
4. User_list, all the group member's user names. Separated by commas.

How to create a user?

In linux a user can be created with specific UID, GID, comment, Home directory and login shell. The options are as follows.

The command to add a user is #adduser or #useradd. Actually useradd is the real command and adduser is a soft link to the useradd command. But the usage of
both are same.

A command to add a user with all the fields we mentioned before is as follows.
#useradd -u UID  -g GID/Group_name -c COMMENT -d Home_dir  -s LOGIN SHELL  User_name

An example:

#useradd -u 555 -g linux  -c Teamlead -d /teamleads/john -s /bin/ksh john
Prior to the executing of the above command you should create the group 'linux'.

You can also add -p for password and -G for secondary groups which we will see later.
If u want to add the password, u 've to give the password in encrypted form.

For example,
#useradd -p encrypted_password Joseph

#########
How to create a group?

There are two kinds of users in linux. They are,

1. Primary group
2. Secondary group

When we create a user a group also will be created in the same name of the user. Suppose we creating a user abc with uid 540, then a group abc will be created
with same gid. And if the user abc creates a file xyz, it's owner will be user abc and group will be group abc. That is abc is its primary group. Thats normally
all the files and directories created by a user belongs to its primary group.

But what if the user needs access to the directories created by other groups? or a user has to supervise a number of groups? then comes the secondary group concept.
All the other groups are added as the secondary groups of that user.

The command to add a group is #groupadd

eg:

#groupadd group_name
#groupadd -g 540 linux

Suppose we want to create a user rahul with linux, java, hp, ibm as  secondary groups, it can be done as follows

#useradd  -G linux,java,hp,ibm  rahul
You have to specify all the secondary groups in single command, not one after one in different commands.

But you can appended the secondary groups to a user using the  -a option with usermod command.

For example,
A user john is a member of groups linux and java. We can append the group ibm to him as follows.

#usermod -a -G ibm john

Checking the groups of a user

#groups username
Will list all groups that the user belongs to.

How to set a password for a group?

#groupadd  linux
#gpasswd linux

the password will be saved in "/etc/gshadow".

To change the name of a group
#groupmod -n newname oldname

#########
Switching users

sometimes we may need to switch between users.
The command for switching is #su

1. #su
Switches to root user. But only gets privileges.

2. #su -
Switches to root user. Gets privileges and home directory access.

1. su raju
Switches to user raju

2. su - raju
gets also home dir access of raju.

If you are logined as root user and switching to normal user, you wont be prompted for the password. But you'll be prompted for password if otherwise.


Creating more users and setting passwords using a for loop.

Suppose we have to create 5 users linux1 to linux5 whose primary group is linux. And password same as their username.

First you have to create a group linux.
#groupadd linux

then

for i in 1 2 3 4 5
do
useradd - g linux  linux$i
echo linux$i | passwd --stdin linux$i
done

Creating more than 10 users
Suppose we have to create 25 users linux1 to linux25 whose primary group is linux. And password same as their username.

First you have to create a group linux.
#groupadd linux

then

for i in $(seq 1 1 25)
do
useradd - g linux  linux$i
echo linux$i | passwd --stdin linux$i
done

Modifying existing users

We can also modify the existing user with #usermod command.
for example,

#usermod -u 555 -g linux  -c Teamlead -d /teamleads/john -s /bin/ksh john

We can change the login name of a user using the option  -l
Syntax is as follows

#usermod -l new_name  old_name

Locking and unlocking the users

#usermod -L username
Executing the above command will lock the user with username.

#usermod -U username
Executing the above command will unlock the user with username.

#########
Removing a user
we can remove a user using #userdel command

For example,

#userdel user_name
the above command will remove the user but not his home directory. This is for taking back up of the files from it in case needed.

#userdel -r user_name
the above commad will remove the user as well as user's home directory.

#########
Deleting the password of a user or allowing password less login for a user

#passwd -d u_name

How to install and configure Nagios Monitoring tool in redhat linux rhel5 or centos

This article will help you to install and configure Nagios monitoring tool in redhat linux or other redhat distributions like fedora, centos etc.

Nagios Installation :
Installing packages. Apache, PHP, GCC & GD


Installing Apache web server:
#yum -y install httpd*
set hostname in FQDN
#service httpd on


Installing PHP, GCC and GD:
#yum -y install php*
#yum -y install gcc*
#yum -y install gd*

Getting the package:
Get the latest packages from net. Mov it to some directory and untar them.

#wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz
#mv nagios-3.2.0.tar.gz  /usr/local/src
#tar xvf nagios-3.2.0.tar.gz

#wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
#mv nagios-plugins-1.4.14.tar.gz/usr/local/src
#tar xvf nagios-plugins-1.4.14.tar.gz

Adding nagios user and setting password for that user:
#useradd nagios
#passwd nagios
usermod -a -G nagios apache              //To permit the commands through web interface.

Configuration of Nagios:
cd /usr/local/src/nagios-3.2.0

./configure
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf

Admin account setting for nagios:
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin          /passwd  for web interface
give passwd
service httpd restart

Nagios Plugin installation:
install nagios - pluggin

cd /usr/local/src/nagios-plugins-1.4.14
./configure
make
make install

Creating entry in /etc/init.d/:
chkconfig --add nagios
chkconfig nagios on

Checking the configuration:
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Nagios Alert Plugin - Mozilla Addon:
Name : Nagios Checker
[give name and url]

Configuring remotehost in nagios:
cp /usr/local/nagios/etc/objects/localhost.cfg  /usr/local/nagios/etc/objects/remotehost.cfg
[comment the hostgroup entries in order to prevent duplicate entries]
[change the localhost entries to the remote machine hostname and IP address.]

How to configure syslog server or a centralized log server in redhat linux rhel5 or centos

This article will explain installing and configuring a syslog log server in redhat enterprise linux. It'll work in other redhat distributions like centos, fedora etc.

Centralized log server (syslog server)

Suppose we have a server and 5 client machines. And we want to monitor the logs of all those client machines. In situations like this, we will use centralized server as a log server. Whatever events are happening in client machines, the logs will be sent to the server. So that we can monitor all the logs from a centralized server. We make use of syslog service for this.

Configuration of server machine(syslog server)

Service name: syslog
configuration file: /etc/sysconfig/syslog

Steps:

1. Open the /etc/sysconfig/syslog file and add "-r" option to the variable SYSLOGD_OPTIONS as shown below.

[root@server ~]# cat /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".
[root@server ~]#

2. Restart the syslog service.

[root@server ~]# service syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
[root@server ~]#

Configuration for client machines

service name: syslog
Configuration file: /etc/syslog.conf

Steps:

1. Open the configuration file /etc/syslog.conf and add an entry to redirect the logs to the remote server.

[root@vm1 ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

*.* @192.168.0.19

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
##authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog

# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

[root@vm1 ~]#

2. Restart the service

[root@vm1 ~]# service syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
[root@vm1 ~]#

Checking:

In server open a terminal and watch /var/log/messages and restart syslog service in client. You can see the log from clinet coming to server.

[root@server ~]# tail -f /var/log/messages

Oct 15 14:42:30 vm1 kernel: Kernel logging (proc) stopped.
Oct 15 14:42:30 vm1 kernel: Kernel log daemon terminating.
Oct 15 14:42:31 vm1 exiting on signal 15
Oct 15 14:42:31 vm1 syslogd 1.4.1: restart.
Oct 15 14:42:31 vm1 kernel: klogd 1.4.1, log source = /proc/kmsg started.

Fields in log from remote machine:

Date Hostname Name_of_the_application: Actual_log_message