Dougie's Linux Hints: May 2014

Saturday 31 May 2014

Display the Amount of Free Space on Each Filesystem

Another old script that I came across. This one displays the amount of free space on each filesystem on a server, and displays a warning if it falls below a certain level. The output can be displayed in html format for sending as an email (via the htmmail script).

The script was written for AIX - one day I might adapt it for Linux, which has the very useful free command, but without the bells and whistle of the script below.

Save the file as fsfree.ksh, and run it from cron on a daily basis for reports on filesystem usage.


#!/bin/ksh

##################################################################

#

# fsfree.ksh

#

# Purpose: To display free space on each filesystem on a server

#          and to warn if it falls below a certain percentage.

#

# Return status:

#            0  All filesystem space is above the limit

#            1  One or more filesystems are below the limit

#            2  The script has not been correctly executed

#

# Syntax:  fsfree.ksh [ -a ] [ -g | -m | -p ] [ -h ] [-q ]

#                   [ -l limit | -f file ]

#

#          Flags

#           -a  Displays all filesystems

#

#               By default, the script will display only those

#               filesystems which are below the limit.

#

#           -f  Use the specified file to define the limits

#               for the individual filesystems

#

#               The format of the file should be:

#                    Filesystem   Limit

#

#               An initial file may be generated using the 

#               free command as follows:

#

#                    fsfree.ksh -pal 0 > limitfile.dat

#

#               The file should then be edited as appropriate

#     

#           -g  Displays total and free space in Gigabytes

#

#               Space is displayed in Kilobytes by default

#

#           -h  Output is in html format

#

#           -l  When the percentage free on the filesystem falls

#               below the value of 'limit', the filesystem will be

#               highlighted on the output.

#

#               The default limit is 10%

#

#           -m  Displays total and free space in Megabytes

#

#               Space is displayed in Kilobytes by default

#

#           -p  Total and free space is not displayed

#

#           -q  Quiet mode. No output is displayed.

#

# Author:  Douglas Milne

# Date:    13th May 2008

#

##################################################################

#

# Version 1.0    Initial Release

#

##################################################################



##################################################################

#

# VARIABLES Section

#

#

# Set default variables

#

dispall=false

htmflag=false

pcntonly=false

quietmode=false

limitsource=default

divisor=1

stype="Kb"

scale=0

dlimit=10

returnstat=0

errstring=""



# Parse the flags and change default variables accordingly

while getopts :ahpgml:f:q value

do

   case $value in

      a) dispall=true

         ;;

      h) htmflag=true

         ;;

      p) pcntonly=true

         ;;

      g) divisor=1048576

         stype="Gb"

         scale=3

         ;;

      m) divisor=1024

         stype="Mb"

         scale=3

         ;;

      l) if $(echo $OPTARG | grep -q [0-9])

         then

            dlimit=$OPTARG

            limitsource=limit

         else

            errstring="Limit must be a number between 1 and 100"

            dlimit=""

         fi

         ;;

      f) limitfile=$OPTARG

         limitsource=file

         if [ ! -f $limitfile ]

         then

            errstring="The file $limitfile does not exist"

         fi

         ;;

      q) quietmode=true

         ;;

     \?) errstring="$0: unknown option $OPTARG"

         ;;

   esac

   if [ "$value" == ":" ]

   then

      case $OPTARG in

         l) errstring="Limit argument must be included and must be a number between 1 and 100"

            ;;

         f) errstring="The name of the file may not be blank"

            ;;

     esac

   fi

done

    

shift $(expr $OPTIND - 1)


##################################################################

#

# FUNCTIONS Section

#



syntaxerr ()

##################################################################

#

#  Syntax:      syntaxerr error

#

#  error        Text describing the error

#

#  Writes a copy of the error and the syntax of the script

#  to stderr.

#

##################################################################

{

   err=$1

   echo "$err\n\nSyntax:  fsfree.ksh [ -a ] [ -g | -m | -p ] [ -h ] [-q ]\n                    [ -l limit | -f file ]\n" >&2

   exit 2

}



limitdef ()

##################################################################

#

#  Syntax:      limitdef filesystem

#

#  filesystem   A filesystem name

#

#  The function will return the limit required for the given

#  filesystem. This may be the default limit, the limit defined

#  from the command line, or the limit defined in the limitfile

#

##################################################################

{

   fs=$1

   case $limitsource in

      default) echo $dlimit

               ;;

        limit) echo $dlimit

               ;;

         file) lim=$(grep ^/ $limitfile | grep "^$fs " | sort | head -1 | awk '{print $2}' | sed -e's/\%//g')

               if [ "$lim" == "" ]

               then

                  echo $dlimit

               else

                  echo $lim

               fi

               ;;

   esac

}



display ()

##################################################################

#

#  Syntax:      display text

#

#  text         The text to display

#

#  The function will print the text to the standard output, but 

#  only if the script is not running in quiet mode

#

##################################################################

{

   text=$1

   if [ $quietmode == false ]

   then

      echo "$text"

   fi

}



##################################################################

#

# MAIN Section

#



# Error checking



if [ "$errstring" != "" ]

then

   syntaxerr "$errstring"

fi



# Display the header

if [ $htmflag == true ]

then



# If html format is required, then create the head and body of the

# html page. 

# 

# A table is used to format the output. Define the table, and output

# the header.

#

   display "<html><head>"


# Instead of below, it might be useful to cat in a standard css file instead

   display "<style> th{font:10pt Arial;font-weight:bold;color:blue;background-color:LightBlue;padding-left:10px;padding-right:10px;} p{font:10pt Arial;} li{font:10ptArial;} td{font:10pt Arial;padding-left:10px;padding-right:10px;} .normal{color:black;} .alert{color:red;font-weight:bold;} .code{font:10pt Courier;color:black;}</style>"




   display "</head><body>"

   display "<p class=\"normal\">$(hostname) filesystem status at $(date)"

   if [ $limitsource != "file" ]

   then

      display "<br><br>Limit is $dlimit%"

   fi

   display "</p>"

else

   display "\n$(hostname) filesystem status at $(date)\n"

   if [ $limitsource != "file" ]

   then

      display "Limit is $dlimit%\n"

   fi

fi



if [ $htmflag == true ]

then



# 

# A table is used to format the output. Define the table, and output

# the header.

#

   display "<table>"

   display "<tr>"

   display "<th style=\"text-align: left\">Mount Point</th>"

   if [ $pcntonly = false ]

   then

#

# Only output the total Free and Total Size headers if the -p flag

# has not been used

#

      display "<th style=\"text-align: right\">Total<br> Free ($stype)</th>"

      display "<th style=\"text-align: right\">Total<br> Size ($stype)</th>"

   fi

   display "<th style=\"text-align: right\">%age<br> Free</th>"

   if [ $limitsource == "file" ]

   then

      display "<th style=\"text-align: right\">%age<br>Limit</th>"

   fi

   display "</tr>"

else





# If html format is not required, then output the header as standard

   boldon=$(tput smso)

   boldoff=$(tput rmso)

   typeset -L20 mntpnt

   typeset -R11 free total

   typeset -R3 pcnt limit

   display "Mounted on          \c"

   if [ $pcntonly = false ]

   then

#

# Only output the total Free and Total Size headers if the -p flag

# has not been used

#

      display "    Free ($stype)   Total ($stype)\c"

   fi

   display " %Free\c"

   if [ $limitsource == "file" ]

   then

      display " Limit"

   else

      display

   fi

fi


df -k > /tmp/freedf



#

# For each filesystem in turn, read the mountpoint, total free

# space and total size

#

cat /tmp/freedf | tail +2 | awk '{print $7,$3,$2}' | while

read mntpnt free total

do

# If numeric values have been read, then calculate the output

   if $( echo $free | grep -q [0-9])

   then



# 1) Calculate the percentage of free space

      let pcnt=free\*100/total

# 2) Calculate the free and total space as Kb, Mb or Gb as required

      free=$(echo "scale=$scale; $free / $divisor" | bc)

      total=$(echo "scale=$scale; $total / $divisor" | bc)



      limit=$(limitdef $mntpnt)

# If the percentage free is less than the limit allowed, then switch on

# highlighting. For html output, use the alert class. For standard output,

# use bold type. Set the return status to 1.

      if (( pcnt <= limit ))

      then

         if [ $htmflag == true ]

         then

            class=alert

         else

            display "$boldon\c"

         fi

         returnstat=1

      else



# If the percentage free is greater than the limit allowed, then use the 

# normal html class. This irrelevalnt for non-html output

         class=normal

      fi

      if [ $dispall == true -o $pcnt -le $limit ]

      then

         if [ $htmflag == true ]

         then



# If using html output, then create a table row

            display "<tr>"

            display "<!-- Mount Point -->"

            display "<td class=\"$class\">$mntpnt</td>"

            if [ $pcntonly = false ]

            then



# Only display free and total size if they are required

 

               display "<!-- Free Space -->"

               display "<td class=\"$class\" style=\"text-align: right;\">$free</td>"

               display "<!-- Total Space -->"

               display "<td class=\"$class\" style=\"text-align: right;\">$total</td>"

            fi

            display "<!-- Percentage Free -->"

            display "<td class=\"$class\" style=\"text-align: right;\">$pcnt%</td>"

            if [ $limitsource == "file" ]

            then

               display "<!-- Limit -->"

               display "<td class=\"$class\" style=\"text-align: right\">$limit%</td>"

            fi

            display "</tr>"

         else

# If using standard output, write a row.

            display "$mntpnt  \c"

            if [ $pcntonly = false ]

# Only display free and total size if they are required

            then

               display "$free  $total  \c"

            fi

            display "$pcnt%  \c"

            if [ $limitsource == "file" ]

            then

               display "$limit%\c"

            fi



            if (( pcnt <= limit ))

            then

               display "$boldoff"

            else

               display

            fi

         fi

      fi

   else

# if the values read were not numeric, then do not perform any calcualtions

# simply output them as read.

      if [ $dispall == true ]

      then

         if [ $htmflag == true ]

         then

            class="normal"

            display "<tr>"

            display "<!-- Non numeric values read -->"

            display "<td class=\"$class\">$mntpnt</td>"

            if [ $pcntonly = false ]

            then

               display "<td class=\"$class\" style=\"text-align: right;\">$free</td>"

               display "<td class=\"$class\" style=\"text-align: right;\">$total</td>"

            fi

            display "</tr>"

         else

            if [ $pcntonly = false ]

            then

               display "$mntpnt  $free  $total"

            else

               display "$mntpnt"

            fi

         fi

      fi

   fi

done



if [ $htmflag == true ]

then

# If using html output, close the table and the html page

   display "</table></body></html>"

fi



return $returnstat



#

#############################################################

Wednesday 28 May 2014

Send HTML Format Email From Linux

The following script is very useful for sending HTML formatted emails from Linux.

Simply pipe the HTML into it, and the script adds the necessary header information before sending it on it's way. The script assumes that sendmail is installed and configured.

I wrote the original version of this script back in 2006, and it has proved so useful - for presenting daily system reports with warnings in red, for example - that I have used versions of it in most companies that I have done work for ever since.

#!/usr/bin/bash

##################################################################

#

# htmmail

#

# Purpose: To send html formatted emails 

#

# Syntax:  htmmail [-s Subject] address [address] [address...]

#

#          Subject   The subject of the email

#          address   The email address of the intended recipient

#

#          The content of the email may be included by piping it

#          into the htmmail command.

#

# Author:  Douglas Milne

# Date:    27th May 2014

#

##################################################################

#

# Version 1.0    Initial Release

#

##################################################################



# Get options

# s flag argument is the subject of the email

#

while getopts s: value

do

   case $value in

      s) SUBJECT=$2

         ;;

     \?) echo "$0: unknown option $OPTARG"

         ;;

   esac

done

         

shift $(expr $OPTIND - 1)



# Remaining arguments are email addresses to send the email

TO=$*



# Set up email header, including content type field 

# signifying html format.

# To and Subject as specified above



/usr/lib/sendmail -t << EOF

mime-version: 1.0

content-type: text/html; charset="iso-8859-1"

To: $TO

Subject: $SUBJECT



$(cat)



EOF

Monday 26 May 2014

What is RAID?

RAID stands for Redundant Array of Inexpensive (or Independent) Disks. In simple terms, RAID is a method of storing data across several disks. There are several reasons why this is a good idea:

Provides better performance
Provides redundancy in the storage system, thus providing greater reliability
Allows several smaller physical hard drive to be treated as one large logical hard drive
Allows greater flexibility in adding or removing hard drives

RAID Data Distribution Techniques

RAID is achieved via a combination of a variety of methods of distributing data across a number of disks. Individually, these allow for faster access, or for data recovery. Different RAID levels use different combinations depending on the requirements of the system requirements.

Striping

Striping distributes the data across 2 or more disks. This allows for faster access to the data as the two disks can be reading or writing data simultaneously

Mirroring

Mirroring puts a copy of the data on a second disk. New disks must be added to the system in pairs - one for data and one for the mirror. If a disk fails, the data can be recovered from the mirror.

Parity

Parity performs an Exclusive-OR (XOR) between bytes on two disks and writes the results to a third. If any of the three disks fails, the missing data can be reconstructed by performing an XOR between the two remaining disks.

RAID Levels

RAID may be implemented at different levels, depending on the levels of redundancy and performance requirements of the overriding system. These two factors trade against each other: A higher level of redundancy reduces overall performance, but increases the safety of the data and the reliability of the system.

Linear

Treats RAID hard drives as one virtual drive
No striping, mirroring or parity reconstruction
Storage is sequential
No recovery capability

0 - Striping

Implements disk striping across drives with no redundancy (no mirroring and no parity)
Very efficient
Standardized stripes across drives
Faster access
Requires a minimum of 2 disks
Should not be used for any critical system

1 - Mirroring

Implements redundancy through mirroring (but no striping. and no parity)
The same data is written to each RAID drive
Each disk has a complete copy of all of the data
If one or more of the disks fail, then the others still have the data
Very safe, but inefficient
Requires a minimum of 2 disks
Good performance

5 - Distributed Parity

Implements data reconstruction capability using parity information. Blocks are striped and parity information is therefore distributed across all drives
An alternative to mirroring
Parity information is saved instead of full data duplication
Requires a minimum of 3 disks
Good redundancy
Provides a good balance between performance and redundancy, and can be very cost-effective.
Write operations will be slow.
Use for systems that are heavily read oriented.

10 (or 1+0) - Striped Mirroring

Implements redundancy through mirroring (but no parity)
A striped copy of the data is written to half of the RAID drives, then mirrored to the other half
Each half has a complete striped copy of all of the data
If one or more of the disks fail, then the others still have the data
Requires a minimum of 4 disks
Good performance and good redundancy
Easily the best option for mission critical applications

Friday 23 May 2014

Disable CTRL-ALT-DEL On A Linux Box

Pressing the CTRL-ALT-DEL combination of keys on a Linux box forces it to reboot

This is set up within /etc/inittab.

To change how this key combination behaves, edit this file.

Search for the line:


ca::ctrlaltdel:/sbin/shutdown -t3 -r now

and change it to:


ca::ctrlaltdel:/bin/echo "CTRL-ALT-DEL is disabled"

Save the file, then run:


init q

to reload the inittab and activate the change.

How to List Sizes of Sub-Directories

Performing a simple du -h on a Linux directory produces way too much information if there are a lot of sub-directories. To find the sizes of only the directories in the current directory, which is often more useful, look at the last line of the du -h only for sub-directory. To list size of all subdirectories


for x in $(ls); do du -h $x | tail -1; done

Wednesday 21 May 2014

SSL Overview

It is important that transmissions between a web server and a browser are secure. There are three tasks that must be performed in order to do this:

Verify the identities of the hosts participating in the transmission by performing authentication procedures.
Check the integrity of the data by adding digital signatures containing a digest value - a unique value representing the data.
Secure the privacy of the transmission by encrypting it. Transactions between a browser and the sever can then be encrypted, with only the browser and the server able to decrypt the transmissions.

SSL

The protocol most often used to implement secure transmissions is the Secure Sockets Layer (SSL) protocol. SSL was originally developed by Netscape for secure transactions on the web.

SSL uses a form of public- and private-key encryption for authentication. Data is encrypted with the public key, but can only be decrypted using the private key. Once the data is authenticated, an agreed-upon cipher is used to encrypt it. Digital signatures encrypt an MD5 digest value for data to ensure integrity.

Certificates

Authentication is carried out using certificates of authority. Certificates are held by both the browser and the web server, uniquely identifying both parties in a secure transmission, and verifying that they are who they say they are. Certificates are signed by an independent certificate authority such as VeriSign, verifying that they are valid.

A certificate contains:

The public key of the server or browser that it is given to
The digital signature of the certificate authority
Identity information such as the name of the user or company running the server or browser.

SSL Session

An SSL session is set up using a handshake sequence:

The server and browser exchange certificates
A cipher is agreed upon to to encrypt the transmissions
The digest integrity check is chosen
The type of public-key encryption, usually RSA or DSA, is chosen
A unique session key is set up that is used by both the browser and the server.

Tuesday 20 May 2014

HTTP Request and Response Overview

HTTP (Hyper-Text Transfer Protocol) is probably the most important of the various protocols are used for communication over the web. When a web address is typed into a web browser, the browser requests the web page using HTTP. The browser is an HTTP Client and the server is an HTTP Server. HTTP defines a set of rules regarding how messages and other data should be formatted between servers and browsers.

The HTTP protocol can be likened to a series of questions and answers, referred to respectively as HTTP Requests and HTTP Responses.

The HTTP Request

Once the connection to the server has been opened, the HTTP client transmits a request as follows:

An opening line
A number of header lines (optional)
A blank line
A message body (optional)

The opening line is generally split into three parts

The name of the method (POST, GET, PUT, DELETE or HEAD). Method names are always uppercase.
The path to the required server resource. The path is the part of the URL after the host name, also called the request URI (a URI is like a URL, but more general).
The HTTP version being used. The HTTP version is always in uppercase and takes the form HTTP/x.x.

For example:


GET /path/to/file/index.html HTTP/1.0

This tells the server that it is receiving an HTTP request of type GET, using HTTP version 1.0, and the server resource we are using, including it's local path, is /path/to/file/index.html.

Header lines are used to send information about the request, or about the data being sent in the message body. One parameter and value pair is sent per line, separated by a colon.

For example, a header line sent from IE9 might look like:
User-Agent: Mozilla /5.0 (Compatible MSIE 9.0;Windows NT 6.1;WOW64; Trident/5.0)
Another example of a common request header is the Accept: header, which states what sort of information will be acceptable in the server's response.

For example


Accept: text/plain, text/html

This header informs the server that the sending application can accept only plain text or HTML responses.

If the HTTP request includes a message body, the header lines describe the content of the body.

For example
Content-Type: text/plain

This header informs the server that the message body contains text

In an HTTP request, the message body is where user-entered data or uploaded files are sent to the server.

The HTTP Response

The server issues an HTTP response in answer to an HTTP request.

The first line of the HTTP response i known as the status line. This consists of three parts separated by spaces:

the HTTP version. This is in the same format as for the HTTP request.
a three digit integer, called the HTTP response status code, that gives the result of the request, and
a short message known as the reason phrase describing the status code.

Typical status lines are:


HTTP/1.0 200 OK


HTTP/1.0 404 Not Found

The response status code and the reason phrase are intended as computer- and human-readable versions of the same message. The reason phrase may vary from server to server.

The first digit of the status code identifies the general category of response. Some commonly encountered HTTP Response Status codes are:

Status Code	Explanation
1** indicates an informational message only
100 - Continue	The client should send the remainder of the request
101 - Switching Protocols	The server will switch protocols to those defined following header
2** indicates success of some kind
200 - OK	The request succeeded
204 - No Content	The document contains no data
3** redirects the client to another URL
301 - Moved Permanently	The resource has permanently moved to a different URI
4** indicates an error on the client's part
401 - Not Authorized	The request needs user authorization
403 - Forbidden	The server has refused to fulfil the request
404 - Not Found	The requested resource does not exist on the server
408 - Request Timeout	The client failed to send a request in the time allowed by the server
5** indicates an error on the server's part
500 - Server Error	Due to a malfunctioning script, server configuration error or similar

The response may also contain header lines each containing a header and value pair similar to those of the HTTP request but generally containing information about the server and/or the resource being returned.

For example:


Server: Apache/2.4.5

Last Modified: Wed, 20 Nov 2013 13:33:59 GMT

Firewalls Overview

What is a firewall?

Many systems connected to the internet are open to attempts by outside users to gain unauthorized access by setting up an illegal connection to the system. A firewall prevents any direct unauthorized attempts at access.

A good foundation for network security is to set up a Linux system to operate as a firewall for the network. The firewall can be used to set up either packet filtering or proxies. Packet Filtering is the process of deciding whether or not a packet received by the firewall should be passed on to the local network. The packet filtering software checks the source and destination addresses of the packet and sends the packet on if it is allowed.

Proxies can be used to control access to specific services, such as web or FTP servers. A proxy is required for each service. For example, the web server has its own web proxy, while an FTP server has an FTP proxy. Proxies can also be used to cache commonly used data, such as web pages, so that users do not need to constantly access the originating site.

An additional task performed by firewalls is NAT (Network address translation). Network address translation redirects packets to appropriate destinations. It performs tasks such as redirecting of packets to certain hosts, forwarding packets to other networks and chaning the host source of packets to implement IP masquerading.

The current Linux kernel incorporates support for firewalls using the Netfilter (IPtables) packet filtering package, which implements both packet filtering and NAT tasks for the Linux 2.4 kernel and above.

Implementing a firewall is simply a matter of providing a series of rules to govern what kind of access should be allowed on the system. If that system is also a gateway for a private network, the system's firewall can also help protect the network from outside attacks.

Iptables

Netfilter implements packet filtering and NAT tasks separately using different tables and commands. The command used to execute both is iptables, but for NAT, add the -nat option.

With iptables, different tables of rules can be set up to select packets according to differing criteria. Netfilter supports three tables: filter, nat and mangle. Packet filtering is implemented using a filter table that holds rules for dropping or accepting packets. Network address translation operations are implemented using the nat table. Specialized changes made to packets before they are sent out, when they are received or as they are being forwarded are implemented using the mangle table.

By default, iptables operates on the filter table, which need not be specified. To list the rules use the -L (list) option. This will include a DNS lookup for hostnames, and will show port lables and hostnames. To show only numeric output and avoid the DNS lookup, use the -n (numeric output), which will show IP addresses and port numbers eg


iptables -L -n

Chain input (policy ACCEPT):

Chain forward (policy ACCEPT):

Chain output (policy ACCEPT):

To operate on the nat table, add the -t nat option eg:

iptables -t nat -L -n -v

Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 DROP       all  --  vlan2  *       0.0.0.0/0            192.168.1.0/24

Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain WANPREROUTING (0 references)

 pkts bytes target     prot opt in     out     source               destination

Monday 19 May 2014

Duties of a System Administrator

A system administrator is responsible for the day-to-day running of a computer system. Most of what a system administrator is expected to know is performed only rarely, while only a handful of tasks are performed on a day to day basis. A shrewd system administrator will automate as many of these day-to-day tasks as possible. Automation (using scripting, specialized software, system scheduling or a combination of all three) frees the administrator's time, saves money and mitigates against human error.

A system administrator's duties will vary from one organization to another, depending on factors such as the size of the system, the number of users and the purpose of the organization. Nevertheless, basic tasks remain the same, and as such, a system administrator can move from one industry to another with relative ease.

The system administrator's basic job description would be to install, support and maintain servers and other IT hardware. The administrator must also plan for and respond to service outages and other problems.

The following is an inexhaustive list of the responsibilities and duties of a system administrator:

Hardware

Hardware monitoring (both system and peripherals)
Hardware maintenance and repair (usually a call-out to hardware support)

System

System maintenance
System performance monitoring
System security
Creating file systems
Software installation and update
Creating backups and ensuring that recovery is fast and accurate
Monitor networks and communications

Users

User administration
Password and identity management

Documentation

Documentation of system and processes

Saturday 17 May 2014

The TCP/IP Protocol Suite

The TCP/IP Protocol Suite consists of many different protocols, each designed for a specific task in a TCP/IP network. The protocols are each known by an acronym.

The three basic protocols are:

Protocol	Acronym	Task
Internet Protocol	IP	Handles the actual transmissions: the packets of data with sender and receiver in each
Transmission Control Protocol	TCP	Handles receiving and sending out communications. It is designed to work cohesive messages or data, checking received packets and sorting them into their designated order, forming the original message. Data sent out is broken into separate , order-designated packets.
User Datagram Protocol	UDP	Handles receiving and sending out packets of data, but does not check their order.

The TCP and IP protocols are designed to provide stable and reliable connections that ensure that all data is reorganized into it's original order.

The UDP protocol is designed to send as much data as possible with no guarantee that packets will be received, or placed in their correct order. It is used for transmitting large amounts of data that can survive the loss of a few packets - for example, temporary images, videos and banners displayed on the internet.

Other protocols provide various network and user services. These protocols make use of either TCP or UDP protocol to send and receive packets, which, in turn, use the IP protocol to transmit the packets.

A complete list of protocols is:

Protocol	Acronym	Task
Transport
Internet Protocol	IP	Handles the actual transmissions: the packets of data with sender and receiver in each
Transmission Control Protocol	TCP	Handles receiving and sending out communications. It is designed to work cohesive messages or data, checking received packets and sorting them into their designated order, forming the original message. Data sent out is broken into separate , order-designated packets.
User Datagram Protocol	UDP	Handles receiving and sending out packets of data, but does not check their order.
Internet Control Message Protocol	ICMP	Status messages for IP.
Routing
Routing Information Protocol	RIP	Determines routing.
Open Shortest Path First	OSPF	Determines routing.
Network Address
Address Resolution Protocol	ARP	Determines unique IP address of systems.
Domain Name Service	DNS	Translates hostnames into IP addresses.
Reverse Address Resolution Protocol	RARP	Determines addresses of systems.
User Service
File Transfer Protocol	FTP	Transmits files from one system to another using TCP.
Trivial File Transfer Protocol	TFTP	Transfers files from one system to another using UDP.
Telnet		Remote login to another system on the network.
Simple Mail Transfer Protocol	SMTP	Transfers email between systems.
Remote Procedure Call	RPC	Allow programs on remote systems to communicate.
Gateway
Exterior Gateway Protocol	EGP	Provides routing for external networks.
Gateway-to-Gateway Protocol	GGP	Provides routing between internet gateways.
Interior Gateway Protocol	IGP	Provides routing for internal networks.
Network Service
Network File System	NFS	Allows mounting of file systems on remote machines.
Network Information Service	NIS	Maintains user accounts across a network.
Boot Protocol	BOOTP	Starts system using boot information on server for network.
Simple Network Management Protocol	SNMP	Provides status messages on TCP/IP configuration.
Dynamic Host Configuration Protocol	DHCP	Automatically provides network configuration information to host systems.

In a TCP/IP network, messages are broken into small components called datagrams. These are then transmitted through various routes and reassembled into their original message at the destination computer.

Datagrams can in turn be broken down into smaller components, called packets. These are the physical units that are actually transmitted. Sending messages as small components is faster and more reliable than sending them as one single large transmission. If one component is lost or corrupted, only that component must be resent. With a single large transmission, the whole message must be resent.

Configuring and Managing TCP/IP Networks

TCP/IP networks are configured and managed with a set of utilities, ifconfig, route and netstat.

Utility	Description
ifconfig	Enables full configuration of network interfaces, adding new ones and modifying others.
route	Enables full configuration of the routing tables, adding new entries and modifying others.
netstat	Provides information about the status of network connections.

Friday 16 May 2014

MySQL Configuration Files

MySQL supports three different configuration files, one for global settings, one for server specific settings, and an optional one for user-customised settings.

MySQL Global Settings

The /etc/my.cnf configuration file is used for global settings applied to both clients and servers. The /etc/my.cnf file provides information such as the data directory (/var/lib/mysql) and the log file (/var/log/mysql.log) locations, as well as the server base directory (/var/lib).

Options are specified according to different groups, usually the names of server tools, and are arranged in group segments. The group name is specified within square brackets, followed by the options.

For example:

[mysqld]

datadir=/var/lib/mysql

socket=/var/lib/mysql/mysql.sock



[mysql.server]

user=mysql

basedir=/var/lib



[safe_mysqld]

err-log=/var/log/mysqld.log

pid-file=/var/run/mysqld/mysqld.pid

The above example specifies the options for the daemon mysqld, server-options mysql.server and the MySQL startup script safe_mysqld. Database files will be placed in /var/lib/mysql. MySQL will run as the mysql user. Server tools and daemons are located in the basedir directory, /var/lib.

To see what options are currently set, you can run mysqld with the --help option
/usr/libexec/mysqld --help

MySQL Server Settings

The /var/lib/mysql/my.cnf file is used for server settings only.

MySQL User Customised Settings

The .my.cnf file allows users to customise their access to MySQL. It is located in a user's home directory.

This file contains user configuration settings such as the password used to access the database and the connection timeouts.

[client]

password=mypassword



[mysql]

no-auto-rehash

set-variable = connect_timeout=2



[mysql-hotcopy]

interactive-timeout

Thursday 15 May 2014

Install MySQL on RedHat Linux 6

1) Install the MySQL core components: yum install -y mysql mysql-server 2) Start MySQL. service mysqld start 3) Add a MySQL root user (this is an internal MySQL account and has nothing to do with the Linux root user). mysqladmin -u root password 'password' 4) Authenticate in MySQL as root. After entering the root password, a mysql> prompt will be shown

[root]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.



mysql>

5) Check the MySQL internal users. Be sure to include the semicolon at the end of the command.


mysql> select host, user, password from user;

+---------------------+------------+-------------------------------------------+

| host                | user       | password                                  |

+---------------------+------------+-------------------------------------------+

| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |

| rose.com            | root       |                                           |

| 127.0.0.1           | root       |                                           |

| localhost           |            |                                           |

| rose.com            |            |                                           |

+---------------------+------------+-------------------------------------------+

5 rows in set (0.00 sec)



mysql>

6) Create a MySQL user: mysql> CREATE USER 'mysqluser'@'localhost' IDENTIFIED BY 'mysqlpassword'; 7) Give the new user DBA permissions: mysql> GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'localhost' WITH GRANT OPTION; 8) Exit from the MySQL management interface:

mysql> quit

Bye

9) Test the new user:

[root]# mysql -u mysqlUser -p
Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 2

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.



mysql> quit
bye

Wednesday 14 May 2014

Migrating a MySQL Database To A New Red Hat Host

The location of MySQL Data is stored in /etc/my.cnf. By default, the data is stored locally in /var/lib/mysql.

To change the location of the data:

This example shows a migration from rose to martha. It assumes that the destination server has been set up with a standard LAMP environment.

Preparation

1) Log into mysql on the original host
mysql -h rose -u root -p 2) Add a new root user for the new host


mysql> CREATE USER 'root'@'martha' IDENTIFIED BY '<RootPassword>';

Query OK, 0 rows affected (0.00 sec)



mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'martha' WITH GRANT OPTION;

Query OK, 0 rows affected (0.00 sec)

where <RootPassword> is the root password

3) Check that the new user has been added. This is included in the 'mysql' database.


mysql> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A



Database changed

mysql> select host, user, password from user;

+---------------------+------------+-------------------------------------------+

| host                | user       | password                                  |

+---------------------+------------+-------------------------------------------+

| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |

| rose.com            | root       |                                           |

| 127.0.0.1           | root       |                                           |

| ::1                 | root       |                                           |

| localhost           |            |                                           |

| rose.com            |            |                                           |

| localhost           | ben        | 235814907f27996c                          |

| localhost           | test_admin | 70de51425df9d787                          |

| localhost           | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | polly      | 0d49ee5a14e0b5d7                          |

| localhost           | polly      | 0d49ee5a14e0b5d7                          |

| martha              | root       | 1afe817735574e3d                          |

+---------------------+------------+-------------------------------------------+

13 rows in set (0.00 sec)

4) Exit from MySQL


mysql> quit

Bye

Close MySQL on the Old Host

5) Make sure all users are off the database

6) Stop mysql


/etc/init.d/mysqld stop

Open MySQL on the New Host

7) On the new host, edit /etc/my.cnf, and change the value of datadir to point at the location of the data. If the data is moving, qv Change the Location of MySQL Data Storage

8) Restart mysql


/etc/init.d/mysqld start

9) Open MySQL and test that databases can be seen


[root@martha testdevdb]#  mysql -h martha -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.



mysql> show databases

    -> ;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| polly              |

| jamie              |

| mysql              |

| performance_schema |

| test               |

+--------------------+

6 rows in set (0.04 sec)



mysql> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A



Database changed

mysql> select host, user, password from user;

+---------------------+------------+-------------------------------------------+

| host                | user       | password                                  |

+---------------------+------------+-------------------------------------------+

| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |

| rose.com            | root       |                                           |

| 127.0.0.1           | root       |                                           |

| ::1                 | root       |                                           |

| localhost           |            |                                           |

| rose.com            |            |                                           |

| localhost           | ben        | 235814907f27996c                          |

| localhost           | test_admin | 70de51425df9d787                          |

| localhost           | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | polly      | 0d49ee5a14e0b5d7                          |

| localhost           | polly      | 0d49ee5a14e0b5d7                          |

| martha              | root       | 1afe817735574e3d                          |

+---------------------+------------+-------------------------------------------+

13 rows in set (0.00 sec)



mysql> quit

Bye

Reset All Root Passwords

Reset all root passwords to the standard. This can only be done by putting MySQL into skip-grant-tables mode. (qv http://www.howtoforge.com/setting-changing-resetting-mysql-root-passwords)

10) Stop MySQL and restart in skip-grant-tables mode


[root@martha testdevdb]# /etc/init.d/mysqld stop

Stopping mysqld:                                           [  OK  ]

[root@martha testdevdb]# mysqld_safe --skip-grant-tables &

[1] 19498

[root@martha testdevdb]# 130703 14:34:16 mysqld_safe Logging to '/var/log/mysqld.log'.

130703 14:34:16 mysqld_safe Starting mysqld daemon with

databases from /testdir/testdev/testdevdb

11) Login to MySQL


[root@martha testdevdb]# mysql -u root

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

12) Select the 'mysql' database


mysql> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A



Database changed

13) Set the root password for all hosts


mysql> update user set password=PASSWORD("<RootPassword>") where User='root';

Query OK, 5 rows affected (0.00 sec)

Rows matched: 5  Changed: 5  Warnings: 0

where <RootPassword> is the root password

14) Reload the privileges from the grant tables, then exit mysql


mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)



mysql> quit

Bye

15) Stop MySQL and restart without skip-grant-tables


[root@martha testdevdb]# /etc/init.d/mysqld stop

130703 14:35:56 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

Stopping mysqld:                                           [  OK  ]

[1]+  Done                    mysqld_safe --skip-grant-tables

[root@martha testdevdb]# /etc/init.d/mysqld start

Starting mysqld:                                           [  OK  ]

16) Check that the root users have been updated


[root@martha testdevdb]#  mysql -h martha -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 4

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.



mysql> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A



Database changed

mysql> select host, user, password from user;

+---------------------+------------+-------------------------------------------+

| host                | user       | password                                  |

+---------------------+------------+-------------------------------------------+

| localhost           | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |

| rose.com            | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |

| 127.0.0.1           | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |

| ::1                 | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |

| localhost           |            |                                           |

| rose.com            |            |                                           |

| localhost           | ben        | 235814907f27996c                          |

| localhost           | test_admin | 70de51425df9d787                          |

| localhost           | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | jamie      | 2a8bf64a7c1bffc4                          |

| %                   | polly      | 0d49ee5a14e0b5d7                          |

| localhost           | polly      | 0d49ee5a14e0b5d7                          |

| martha              | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |

+---------------------+------------+-------------------------------------------+

13 rows in set (0.00 sec)



mysql> quit

Bye

Force Compatibility

17) Check that all the tables are compatable with the version of MySQL


[root@martha testdevdb]# mysql_upgrade -p -u root

Enter password:

Looking for 'mysql' as: mysql

Looking for 'mysqlcheck' as: mysqlcheck

Running 'mysqlcheck with default connection arguments

Running 'mysqlcheck with default connection arguments

jamie.559_MT4                                      OK

jamie.559_MT5                                      OK

...

...

...

Running 'mysql_fix_privilege_tables'...

WARNING: NULL values of the 'character_set_client' column ('mysql.proc' table) have

been updated with a default value (latin1). Please verify if necessary.

WARNING: NULL values of the 'collation_connection' column ('mysql.proc' table) have

been updated with a default value (latin1_swedish_ci). Please verify if necessary.

WARNING: NULL values of the 'db_collation' column ('mysql.proc' table) have been

updated with default values. Please verify if necessary.

OK



[root@martha testdevdb]#  mysql -h localhost -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 181

Server version: 5.1.61 Source distribution



Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.



Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.



Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.



mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'martha' WITH GRANT OPTION;

Query OK, 0 rows affected (0.00 sec)



mysql> Bye

[root@martha testdevdb]# logout

Connection to martha closed.

root@system /testdir/testdev/testdevdb> exit

#

Setting up a Red Hat Linux Server for Crashdump

Kdump refers to crash dump. It allows a dedicated kernel to activate if the server crashes.

Configure the amount of memory to be reserved for the kdump kernel

Edit /boot/grub/grub.conf. Add add crashkernel=<size>M or crashkernel=auto to the end of the kernel line for the active kernel.

Note that the crashkernel=auto option only reserves the memory if the physical memory of the system is equal to or greater than:

2 GB on 32-bit and 64-bit x86 architectures;
2 GB on PowerPC if the page size is 4 KB, or 8 GB otherwise;
4 GB on IBM S/390.

Edit /etc/kdump.conf

The core dump can be either stored as a file in a local file system, written directly to a device, or sent over a network using the NFS (Network File System) or SSH (Secure Shell) protocol. By default, the vmcore file is stored in the /var/crash/ directory of the local file system. To change this, as root, edit the options in the /etc/kdump.conf configuration file.

Saving the core dump in a local directory

Find the line that reads #path /var/crash Unhash it, and update it with the required directory path.

Saving the core dump to a different partition

In addition to the path command above, unhash the line that reads:#ext4 /dev/sda3Change both the file system type and the device (a device name, a file system label, and UUID are all supported) as required. For example:


ext3 /dev/sda4

path /usr/local/cores

Writing the core dump file directly to a device

Unhash the line that reads#raw /dev/sda5 Replace the value with a desired device name. For example:


raw /dev/sdb1

Write the core dump file to a remote machine using NFS

Unhash the line that reads#net my.server.com:/export/tmpReplace the value with a valid hostname and directory path. For example:


net penguin.example.com:/export/cores

Write the core dump file to a remote machine using SSH

Unhash the line that reads#net user@my.server.comreplace the value with a valid username and hostname. For example:


net dougie@linuxhints.example.com

Configure the Core Collector

To reduce the size of the vmcore dump file, kdump allows you to specify a core collector to compress the data, and optionally leave out all irrelevant information. The only fully supported core collector is makedumpfile.

Enabling the core collector

As root, edit /etc/kdump.conf, and unhash the line that reads#core_collector makedumpfile -c --message-level 1 -d 31. Edit the command line options as described below.
To enable the dump file compression, add the -c parameter. For example:


core_collector makedumpfile -c

To remove certain pages from the dump, add the -d value parameter, where value is a sum of values of pages you want to omit as described in the following table:

Option	Description
1	Zero pages
2	Cache pages
4	Cache private
8	User pages
16	Free pages

For example, to remove both zero and free pages, use the following:
core_collector makedumpfile -d 17 -c

Enable kdump on startup

chkconfig kdump on

Start kdump

service kdump start So what all this does is create a small portion of memory which is reserved to run another tiny instance of linux – should the system crash the tiny linux will copy stuff to the appropriate crashdump area.

Running SSH From Within Cron

SSH does not run from within cron, because it is password authorised.

To get round this, use a script to generate the password prior to running the actual script, eg:
0 9 * * * . /.ssh-agent.sh; /home/milned/scripts/testntp.sh If the call of the ssh-agent.sh script (needed to supply the pass phrase) is omitted, it's just ssh being called inside the bash shell script.

Set Up SSH Agent Forwarding on a Server

This is part of a series of articles on Red Hat Server Hardening.

SSH is the Secure Shell protocol which can be used for command line access, file transfer and application tunnelling.

Overview

Password free access requires a public/private key pair. The server (sshd) has access to the public key, while only you and your SSH client have access to the private key. To authenticate the client convinces the server that it is in possession of the private key without actually sending it.

Private keys are protected by a pass phrase. This pass phrase is required each time the key is used. To allow repeated access without re-keying of the pass phrase, agent forwarding is used.

The SSH agent allows the pass phrase to be entered once only, e.g. at system start-up or in the originating shell and then caches the keys in memory, eliminating the need for the phrase to be entered for each access. Because the agent is forwarded the pass phrase is available for all sessions that can access the keys in the home directory, including chains of sessions.

Steps

The steps required to set up password free access are:

Generate a key pair using OpenSSH
Distribute public keys
Configure agent forwarding

Generate SSH key pair

ssh-keygen is a program in the OpenSSH package that can be used to create key pairs. RSA is the current SSH key standard; DSA and RSA1 keys can be generated for compatibility with older systems.

Use the full path to ssh-keygen to ensure the correct OpenSSH binary is used, key in a pass phrase when prompted and accept the default file locations.


> /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/milned/.ssh/id_rsa):
Created directory '/home/milned/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/milned/.ssh/id_rsa.
Your public key has been saved in /home/milned/.ssh/id_rsa.pub.
The key fingerprint is:
77:3f:47:01:92:5f:d0:fe:3e:6a:03:a4:9a:0a:18:26 milned@nyssa

Similarly DSA and RSA1 keys can be generated. Again enter a pass phrase and accept the default file locations as prompted. Using the same pass phrase for all keys will simplify operation of the SSH agent.


> /usr/bin/ssh-keygen -t dsa
> /usr/bin/ssh-keygen -t rsa1

Distribute SSH Public Keys

The public keys must be distributed to the user's authorized_keys file so that any SSH daemon with access to the user's home directory can use them.


> cd ~/.ssh
> cat *.pub > authorized_keys

Change the permissions on this file so it is not writable by other users.

> chmod go-w authorized_keys

Now check that key authentication is working, by using ssh to connect to the host you are currently logged in to using its hostname. You should be prompted for the pass phrase for one of your keys. If this is the first time you've talked to the machine you will also be asked to accept the host key, which you should do.

> ssh nyssa

The authenticity of host 'nyssa (127.0.0.1)' can't be established.

RSA key fingerprint is 85:4b:2a:53:48:52:9f:61:ed:0a:33:4a:9d:5e:d3:1a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'nyssa' (RSA) to the list of known hosts.

Enter passphrase for key '/home/milned/.ssh/id_rsa':

Last login: Thu Nov 21 17:27:35 2013 from tegan

>

SSH access is now configured to use keys rather than a password to grant access. Access to the key is controlled by a pass phrase. In the next step agent forwarding is set up so that this pass phrase only needs to be entered once.

Configure SSH Agent Forwarding

To check if there is already an agent running use ssh-add.


> /usr/bin/ssh-add -l
Could not open a connection to your authentication agent

If this command reports anything else, then there is an agent running. Otherwise, start an agent using the command:


> exec ssh-agent $SHELL

This creates a new shell process as a child of the agent with suitable environment variables set. This agent will live until you exit from this shell, and is only accessible from it.

Running ssh-add should now show the agent is present, but with no identities.


> /usr/bin/ssh-add -l
The agent has no identities

The next step is to add the keys using ssh-add. This will prompt you for the pass phrase for one of your keys, and then assuming they all have the same pass phrase, add them all to the agent:


> /usr/bin/ssh-add
Enter passphrase for /home/milned/.ssh/id_rsa:
Identity added: /home/milned/.ssh/id_rsa (/home/milned/.ssh/id_rsa)
Identity added: /home/milned/.ssh/id_dsa (/home/milned/.ssh/id_dsa)
Identity added: /home/milned/.ssh/identity (milned@nyssa)

Check the keys are available with ssh-add again, which should now report a list of key signatures.


> /usr/bin/ssh-add -l
1024 90:d1:83:5c:2a:33:9b:c7:ba:85:8e:ef:b7:c0:32:05 milned@nyssa (RSA1)
1024 9f:c0:e4:ed:f1:c4:ec:de:6e:af:4c:91:13:8d:58:45 /home/milned/.ssh/id_rsa (RSA)
1024 ab:a1:89:d7:d5:06:d2:d5:c4:18:e6:bc:65:37:96:dc /home/milned/.ssh/id_dsa (DSA)

You should now be able to use ssh to connect to any other machine which is running OpenSSH and has your home directory mounted, and not be prompted for a password. Chaining SSH connections (ssh from a to b and then from b to c) should work via agent forwarding.

Automating SSH Agent Forwarding

Rather than running the above manually, it can be built into the .bashrc file so that it starts automatically when bash is started.


> cd
> cat .bashrc
export PS1="\u@\H \w> "
PATH=$PATH:/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin

Amend .bashrc as follows:


export PS1="\u@\H \w> "
PATH=$PATH:/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin
ssh-agent > $HOME/.ssh-agent.sh
ssh_agent="$HOME/.ssh-agent.sh"
if [ -f $ssh_agent ]
then
  source $ssh_agent > /dev/null
fi
ssh-add
alias stat="perl -e'print "%o\n",(stat shift)[2] & 07777' $1"
export EDITOR=vi

Commands For Process Management

There are many tasks running at any given moment on a RedHat Server. These tasks are known as processes.

Terminology

When the server boots, many processes are started to provide services on the computer. These are known as daemons. A daemon is a process which is started in the background and provides a service on the server.

Why Do Processes Need Managing

If a process is not responding properly, you may need to send it a specific signal.

Or if a system is busy, it can be helpful to get an overview of the system to see what it is doing.

Useful commands for process management are:

Command	Use
ps	Used to show all current processes
kill	Used to send signals to processes, such as asking or forcing a process to stop.
pstree	Used to get an overview of all processes, including the relationship between parent and child processes.
killall	Used to kill all processes, based on the name of the process
top	Used to get an overview of current system activity.

Subscribe to: Posts ( Atom )

About Me

My name is Douglas Milne, and I live in Livingston, Scotland.

I have been a Unix administrator for over twenty years, beginning with Solaris back in the 1990's. I now specialise in automation of existing manual processes and procedures. I have worked with Solaris, AIX and HP Unix, and now principally work on RedHat Linux.

In this blog I will document some of the issues I have come across, using notes I have made over the years.

I believe that it is important, in documentation, to take everything from first principles, and I make no apologies for this oversimplification. If you don't like it, tough.