What is EGroupware?

EGroupware is a free enterprise ready groupware software for your network. It enables you to manage contacts, appointments, todos and many more for your whole business.

limitipconn module For Apache ( Debian GNU/Linux)

Use limitipconn module to limit maximum connections to web site.

step 1) Install apache2-mod-limitipconn_0.22-1_i386 module

step 2) limitipconn is enabled in mod_enabled and following lines are added in the apache2.conf file.

< IfModule mod_limitipconn.c >
< Location / >
MaxConnPerIP 5
# exempting images from the connection limit is often a good
# idea if your web page has lots of inline images, since these
# pages often generate a flurry of concurrent image requests
NoIPLimit image/*
< /Location >
< /IfModule >

Virtualization, RHEL 5.1

RHEL 5.1 will bring hardware virtualization feature improvements, paravirtualized drivers, the Xen 3.0.5 hypervisor and features like non-uniform memory access (NUMA) topology and loopback removal. Also, 5.1 will support live moves of virtual machines in clusters, along the lines of the functionality of VMware's VMotion.

Users of older versions of Red Hat are not being left out of the virtualization loop. Red Hat added some Xen support features to Red Hat Enterprise Linux 4.5.


The 4.5 option will have limitations. RHEL 4.5 includes virtualization support, so you have the choice of full virt or paravirt. Anything prior to RHEL 4.5 will run out of the box but will need full virtualization. You'll need a new chip. You don't have to touch the code, but you won't get the performance you get with RHEL 5.

VMware is way ahead of all the others in features and robustness, but VMware doesn't have a product that scales well. There are definitely limitations in high-availability, so most people are just virtualizing file servers at this point and not databases and performance-intensive apps.

To get the most out of RHEL 5's virtualization support options, these recommendations:

* Secure RHEL 5 platform layer before installing any virtual machines or applications.
* Run SELinux to run in enforcing mode.
* Remove or disable any unwanted services, like AutoFS, NFS, FTP, WWW, NIS, telnetd, sendmail and so on.
* Only add the minimum number of user accounts needed for platform management.
* Avoid running applications on dom0/Hypervisor, because running apps in dom0 may impact virtual machine performance.
* Use a central location for a virtual machine installation, which will make it easier to move to shared storage later on.

Postfix(MTA) appln corrupt ( OS: RHEL4)

If your postfix (MTA) stopped working or corrupt and not sure how to upgrade or downgrade it for better performance???

Here follows the solution for that :

step 1 : Query installed appln to know version details ( use following command )

command # rpm -qi postfix

step 2: Search for updated RPM of Postix ( if have subscription use www.rhn.redhat.com) and download to local machine

step 3: Query to list postfix related files using following command as a root

command# rpm -ql postfix

step 4: better backup files ( output of above command ) which are essential like, Configuration files /etc/postfix and mail queue /var/spool/postfix using command {cp -a source destination}

step 5: simulate RPM package installation before installing to machine. This will help to identify dependances error and file conflicts error.

command # rpm -Uvh --test postfix-2.2.x-RHEL.rpm

step 6: If found no error on above command , Now you can go for installing RPM using following command

command # rpm -Uvh postfix-2.2.x-RHEL.rpm

step 7 : To release mail queue built on the system when MTA was corrput. we need to requeue mails to flow again by following command

command # postsuper -r ALL

step 8 : Give a look on maillog to check for mail delivery to domain.

command #tail -f /var/log/maillog

Note : if you want to downgrade MTA, use this command instead of step 5 and rest of steps are same.

command # rpm -Uvh --test --oldpackage postfix-2.2.x-RHEL.rpm

command # rpm -Uvh --oldpackage postfix-2.2.x-RHEL.rpm

Troubleshooting Tools: Diagnosis DNS

In this Troubleshooting Tools for DNS, Given a record name, and a record type, you will receive a report detailing all possible answers. This is accomplished by traversing the DNS tree from the root examining all possible routes that a client could travel, calculating percentage probabilities on the way.

Visit squish.net DNS checker... :http://www.squish.net/dnscheck/

Red Hat Linux Tips and Tricks

We know that top is a very powerful tool for monitoring running processes. Now we investigate the power of mutliple sections during an active session of top.

1. At the command-line, type top.
2. Activate multiple sections by using "shift+a"
3. The interface will now display four sections. Use the lower-case "a" to toggle between sections. Notice in the top left hand corner you will see the active section identifier: 1:Def, 2:Job, 3:Mem, 4:Usr
4. To add color to section 1:Def.
1. Press "a" to toggle to section 1:Def.
2. Press "z" to toggle color on and off. Notice that you can toggle from one section to the other to add a different color scheme to each section.
5. Highlight the sort fields in section 1:Def.
1. Press "a" to toggle to section 1:Def.
2. Make sure color is activated by pressing "z".
3. Press ""x" to toggle the highlight feature of the sort fields. You may not recognize the highlighting right away, but by holding down the left Shift key and using the < and > keys, you can move the sort field left and right respectively.

Red Hat Linux Tips and Tricks

We know that the out-of-the-box resources should be a primary tool of any system administrator. We also know that navigating from one node to the other using "info" in search of information can be frustrating.

For example, you want information on configuring grub.conf. You find that running the command "info grub" displays a long menu of options, including one that applies to configuration. You get there by using the hypertext navigation method, placing the cursor on the line that reads "* Configuration" and then hitting the ENTER key.

How would you slice out or print just the "Configuration" node to file?

Answer: If you would like to print the Configuration node to a text file, run the following command:

# info grub Configuration -o mynewfilename.txt

You now have a single text file named "mynewfilename.txt" with the information from the Configuration node of info. This can be done with any node you would like to slice out of info pages into a more manageable and specific text file.

All you have to know about RPM

The RPM Package Manager (http://www.rpm.org/) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.
RPM is free software, released under the GNU GPL.RPM is a core component of many Linux distributions, such as Red Hat Enterprise Linux, the Fedora Project, SUSE Linux Enterprise, openSUSE, CentOS, Mandriva Linux, and many others. It is also used on many other operating systems as well, and the RPM format is part of the Linux Standard Base.

For simply install a package do:

rpm -i package.rpm

Where "-i" is the Install parameter and "package.rpm" is the RPM you're installing. You can add more parameters to the above command,try this:

rpm -ivh package.rpm

The "-v" is for verbose and "-h" for the hashing marks. It'll print some "#" when unpacking and then installs the package. You can use "--percent" instead of "-h" if you want.

The above command is maybe the first RPM command you've learned. Upgrading to a New package can be done in 2 ways, the Freshen way and by executing:

rpm -Uvh new-package.rpm

Note that the "-U" Upgrading option simple removes the old and installed package, then install the new one. The "-Uvh" can be used to install a package too, if the package does not exist on your system the new-package.rpm will be installed.

Now imagine the situation where the new version of Samba you've just installed is not compatible with your applications, what to do? Answer: Upgrade to the old version. You can call this a "Downgrade" if you want. The command for install the Old package will be:

rpm -Uvh --oldpackage Samba-old-version.rpm

Where "--oldpackage" option says that Samba package version is older than the one installed. The command will remove the installed version and then install the Samba-old-ver.rpm.

For More hands on Refer To :

http://fedoranews.org/alex/tutorial/rpm/

Content Management Systems (CMS)

A content management system (CMS) is computer software used to create, edit, manage, and publish content in a consistently organized fashion. CMSs are frequently used for storing, controlling, versioning, and publishing industry-specific documentation such as news articles, operators' manuals, technical manuals, sales guides, and marketing brochures. The content managed may include computer files, image media, audio files, electronic documents, and Web content.


Web content management system

A Web content management system is a CMS designed to simplify the publication of Web content to Web sites, in particular allowing content creators to submit content without requiring technical knowledge of HTML or the uploading of files.

Details of few CMSs

1. Joomla!

Joomla is a free, open source content management system for publishing content on the world wide web and intranets. The system includes features such as page caching to improve performance, RSS feeds, printable versions of pages, news flashes, blogs, polls, website searching, and language internationalization. Joomla is licensed under the GPL, and is the result of a fork of Mambo.

It is written in the PHP programming language and uses the MySQL database by default.

2.Plone (software)

Plone is a free and open source content management system built on top of the Zope application server. It is suited for an internal website or may be used as a server on the Internet, playing such roles as a document publishing system and groupware collaboration tool.

Plone is released under the GNU General Public License (GPL) and is designed to be extensible. Major development is conducted periodically during special meetings called Plone Sprints. Additional functionality is added to Plone with Products, which may be distributed through the Plone website or otherwise. The Plone Foundation owns and protects all copyrights and trademarks. Plone also has legal backing from the council of the Software Freedom Law Center.





Refer for more :

CMS
List of CMS
Joomla!
Plone

Commands from Remote Shell: rsh

The remote shell command rsh allows you to execute a command on a remote machine without actually logging onto that machine. The command rsh uses the same .rhosts file as does rlogin, yet while rlogin will prompt you for a password if it has trouble with the .rhost file, both rsh and rcp require a properly functioning .rhosts file. If the .rhosts files is not properly configured, these commands will issue an error message and quit.

leo$ rsh user@server command

example :

leo$ rsh user@server df -h

How to mount a USB flash drive in GNU/Linux

Ubuntu "Hardy" detects Sony Ericsson Mobile but not auto mounts it's 1 GB card, might be the only case with my Linux Box. Because previously it use to auto mount.

Following command list USB devices that are detected by system.

# lsusb ( list USB devices )
Bus 002 Device 007: ID 0457:0151
Bus 002 Device 002: ID 8086:1120 Sony Ericsson ...........blah blah
Bus 002 Device 001: ID 0000:0000
Bus 001 Device 001: ID 0000:0000



# fdisk -l

which ( FDISK ) will list all the devices including the USB devices detected by GNU/Linux. Then you can use the mount command to mount it at a specific location.

MRTG - The Multi Router Traffic Grapher

MRTG applications is useful to monitor network and as well as servers utilizations( like CPU, Memory, Disk etc) by seeing MRTG graphs.

MIB MRTG refers to MIB ( Residing in memory, MIBs are data structures that are constantly updated via the SNMP daemon ) counter values as counter values.

Dependencies of MRTG
____________________

* SNMP
* HTTP

Configuring Simple SNMP on a Linux Server


1) Save the old configuration file

[root@leo]# cd /etc/snmp/
[root@leo]# mv snmpd.conf snmpd.conf.old
[root@leo]# vi snmpd.conf


2) Enter the following line in the new configuration file to set the Read Only community string to secrect123.

###snmpd.conf file ########

rocommunity secrect123

## sec.name source community
## ======== ====== =========
com2sec local localhost secrect123
com2sec network_1 10.16.1.0/24 secrect123
com2sec network_2 10.16.2.0/24 secrect123

## Access.group.name sec.model sec.name
## ================= ========= ========
group MyROGroup_1 v1 local
group MyROGroup_1 v1 network_1
group MyROGroup_2 v2c network_2

## MIB.view.name incl/excl MIB.subtree mask
## ============== ========= =========== ====
view all-mibs included .1 80

## MIB
## group.name context sec.model sec.level prefix read write notif
## ========== ======= ========= ========= ====== ==== ===== =====
access MyROGroup_1 "" v1 noauth exact all-mibs none none
access MyROGroup_2 "" v2c noauth exact all-mibs none none


3) start SNMP services on each reboot with the chkconfig command

[root@leo]# chkconfig snmpd on
[root@leo]#

4) Start SNMP to load the current configuration file.

[root@leo]# service snmpd start



5) Test SNMP

[root@leo]# snmpwalk -v 1 -c secrect123 localhost system

[root@leo]# snmpwalk -v 1 -c secrect123 localhost interface



Configuring MRTG


1) Use MRTG's cfgmaker command to create a configuration file named mrtg.cfg for the server using a Read Only community string of secrect123. Place all data files in the directory /var/www/mrtg.

[root@leo]# cfgmaker --output=/etc/mrtg/mrtg.cfg \
--global "workdir: /var/www/mrtg" -ifref=ip \
--global 'options[_]: growright,bits' \secrect123@localhost

2) Use MRTG's indexmaker command to create a Web index page using your new mrtg.cfg file as a guide. The MRTG Web GUI expects to find the index file in the default MRTG Web directory of /var/www/mrtg/, so the format of the command would be.

[root@leo]# indexmaker --output=/var/www/mrtg/index.html \ /etc/mrtg/mrtg.cfg


3) Add MRTG line in /etc/cron.d/mrtg and restart crond daemon

0-59/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

4) Run MRTG using /etc/mrtg/mrtg.cfg as your argument three times.

[root@leo]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
[root@leo]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
[root@leo]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg


Configuring Apache To Work With MRTG

MRTG is useful because it can provide a graphical representation of your server's performance statistics via a Web browser.

1)
#add lines at end to /etc/httpd/conf/httpd.conf

< Location /mrtg >
Order deny,allow
Deny from all
Allow from localhost 10.16.1.0/24
< /Location >

2) restart httpd daemon to run with new configuration


3) URL : http://localhost/mrtg

GNU Freetalk - console based Jabber client

Looking for a New IM client ?

Here you can try this "GNU Freetalk - console based Jabber client".

Freetalk is a console based Jabber client. It features a readline interface with completion of buddy names, commands, and even ordinary English words. Freetalk is extensible, configurable, and scriptable through a Guile interface.

Firefox / Sunbird/ Thunderbird/ SeaMonkey Add-ons

Firefox/Sunbird/Thunderbird/SeaMonkey Add-ons allows you to customize application as per your taste. It's just few simple steps which enables your interested plug-in/themes/download/ on your application.

Below Find URL's For particular Add-on and there category

Firefox Add-ons
Sunbird Add-ons
Thunderbird Add-ons
SeaMonkey Add-ons


Firefox Add-ons: Browse Web Development

Firebug

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page..

FireFTP

FireFTP is a free, secure, cross-platform FTP client for Mozilla Firefox which provides easy and intuitive access to FTP servers.

Html Validator

HTML Validator is a Mozilla extension that adds HTML validation inside Firefox and Mozilla. The number of errors of a HTML page is seen on the form of an icon in the status bar when browsing. The extension can validate the HTML sent by the server or the HTML in the memory (after Ajax execution) ...

JavaScript Debugger
Venkman is the code name for Mozilla's JavaScript Debugger. Venkman aims to provide a powerful JavaScript debugging environment for Mozilla based browsers.

Basket note Pads :note-taking application

This multi-purpose note-taking application helps you to:

* Easily take all sort of notes
* Collect research results and share them
* Centralize your project data and reuse it
* Quickly organize your thoughts in idea boxes
* Keep track of your information in a smart way
* Make intelligent To Do lists


download here

URL Redirect

Redirect Directive

Description: Sends an external redirect asking the client to fetch a different URL
Syntax: Redirect [status] URL-path URL
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Base
Module: mod_alias

The Redirect directive maps an old URL into a new one by asking the client to refetch the resource at the new location.

The old URL-path is a case-sensitive (%-decoded) path beginning with a slash. A relative path is not allowed. The new URL should be an absolute URL beginning with a scheme and hostname.

Example:

vi /etc/apache2/apache2.conf
RewriteEngine on

Redirect /service http://foo2.bar.com/service

If the client requests http://myserver/service/foo.txt, it will be told to access http://foo2.bar.com/service/foo.txt instead.


Meta Refresh URL Redirect

Meta Refresh URL Redirect is an example of a meta refresh URL redirect.
The code is,

< meta http-equiv="refresh" content="5;url=http://www.foo.org" />

This method displays the new page that the refresh points to by 5 seonds.


PHP URL Redirect

The code for redirect URL, code goes at the top of the page.
<?php
header("location:http://www.foo.org/index.php");
exit;
?>

AniLinux: run-parts : run scripts or programs in a directory

AniLinux: run-parts : run scripts or programs in a directory

sure!!

Gnuplot

Gnuplot is a portable command-line driven interactive data and function plotting utility for UNIX, IBM OS/2, MS Windows, DOS, Macintosh, VMS, Atari and many other platforms. The software is copyrighted but freely distributed (i.e., you don't have to pay for it). It was originally intended as to allow scientists and students to visualize mathematical functions and data. It does this job pretty well, but has grown to support many non-interactive uses, including web scripting and integration as a plotting engine for third-party applications like Octave. Gnuplot has been supported and under development since 1986.

Gnuplot supports many types of plots in either 2D and 3D. It can draw using lines, points, boxes, contours, vector fields, surfaces, and various associated text. It also supports various specialized plot types.

K3b - The CD/DVD Kreator for Linux - optimized for KDE - licensed under the GPL

K3b is easy to burn data files/ images etc to CD/DVD in Linux Ubuntu. k3b is compatible with other distro's like Fedora etc.
More details www.k3b.og

Shell Scripting: Read entries from administrative database

While scripting it is necessary to gather entries from administrative database such as passwd, group files or services, protocols or networks etc. Traditionally grep is choice of all UNIX administrators but recently I found GNU getent command. The command is quick, saves time:

The getent program gathers entries from the specified administrative database using the specified search keys. For example:

$ getent passwd vivek
$ getnet group admins
$ getent protocols vrrp
$ getent services www

Overall, it supports following databases:

* ahosts
* ahostsv4
* ahostsv6
* aliases
* ethers
* group
* hosts
* netgroup
* networks
* passwd
* protocols
* rpc services
* shadow

Adding New NIS users

New NIS users can be created by logging into the NIS server and creating
the new user account. In this case, you'll create a user account called
nisuser and give it a new password.

Once this is complete, you then have to update the NIS domain's
authentication files by executing the make command in the /var/yp
directory.

This procedure makes all NIS-enabled, nonprivileged accounts become
automatically accessible via NIS, not just newly created ones. It also
exports all the user's characteristics stored in the /etc/passwd and
/etc/group files, such as the login shell, the user's group, and home
directory.

[root@by]# useradd -g users nisuser
[root@by]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@by]# cd /var/yp
[root@by]# make
[root@by]#

You can check to see if the user's authentication information has been
updated by using the ypmatch command, which should return the user's
encrypted password string.

[root@by]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::604:1100::/home/nisuser:/bin/sbash


You can also use the getent command, which has similar syntax. Unlike
ypmatch, getent doesn't provide an encrypted password when run on an NIS
server, it just provides the user's entry in the /etc/passwd file. On a
NIS client, the results are identical with both showing the encrypted
password.

[root@by]# getent passwd nisuser
nisuser:x:604:1100::/home/nisuser:/bin/bash
[root@by]#

Broadband speed test with servers

What is Speedtest.net?

Speedtest.net is a free broadband speed test with servers located all over the world. Compare your results with others and easily share them.

Mounting NFS Filesystems

Using mount command

# mount servername.domain:/media/export /media/local
or
# mount 192.168.10.10:/media/export /media/local

Note :
servername.domain is hostname of the NFS fileserver.
192.168.10.10 is IP of remote m/c.
/media/export is remote machines filesystem.
/media/local is local machines mount point ( if not exist created using mkdir /media/local)

Using /etc/fstab

An alternate way to mount an NFS share from another machine is to add a line to the /etc/fstab file.

The general syntax for the line in /etc/fstab is as follows:

servername.domain:/media/export /media/local nfs rsize=8192,wsize=8192,timeo=14,intr

Using autofs

Autofs uses the automount daemon to manage your mount points by only mounting them dynamically when they are accessed.

configuration file /etc/auto.master

Refer pages to configure and run autofs http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch29_:_Remote_Disk_Access_with_NFS

LaTeX – A document preparation system

LaTeX is a high-quality typesetting system; it includes features designed for the production of technical and scientific documentation. LaTeX is the de facto standard for the communication and publication of scientific documents. LaTeX is available as free software.

Getting LaTeX for Linux:
Your system distribution or vendor has probably provided a TeX system including LaTeX. Check your usual software source for a TeX package.

ccPublisher (http://wiki.creativecommons.org/CcPublisher )

ccPublisher (http://wiki.creativecommons.org/CcPublisher) is a tool that does two things: it will help you tag your audio and video files with information about your license and it allows you to upload Creative Commons-licensed audio and video works to the Internet Archive for free hosting. You also have the option of publishing the licensed and tagged audio works on your own site.

ccPublisher is licensed the GNU GPL v2.


file-sharing service:logos from http://www.freecreations.org/logos.html

Cause of default aliases to MTA-postfix

In the setup of two mail exchangers and a mail server using postfix ( MTA - mail transfer agent ). As per DNS mx record mails flow from mail exchangers to mail server vice versa.

okay. see what this /etc/aliases file does with postfix.

vi /etc/aliases
####sample of aliases ############
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: root
# General redirections for pseudo accounts.
bin: root
daemon: root
adm: root
lp: root
########### end ################

above file gives daemon and related aliases details. take a example, system daemons generates a log mail to aliases uid. interesting by default system daemons mails go to local machine . but postfix appends domain to name and mail exchangers keep a transport record that used to rely mail to subdomains. in above scenario system local mails are route between mail exchanger and mail server and this is pile up mail queue and slow down delivery. following changes will make local mail to delivery to local only.


modified aliases file to avoid piling of mail queue.
vi /etc/aliases
#########sample of aliases ########
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster@localhost
postmaster: root@localhost
# General redirections for pseudo accounts.
bin: root@localhost
daemon: root@localhost
adm: root@localhost
lp: root@localhost
############## end ###############

vi/vim Editor Commands

When First time dealt with Linux OS, it was Red hat 6.0 something I guess. After struggling to install Red Hat on hardware 32 MB RAM and 4 GB of hard disk. First Programming instruction started writing a HELLO foot print using vi. Vi is a text editor, it can be used to edit all kinds of plain text. It is especially useful for editing programs. You might thinking why am I writing this details in this posting...just because still I prefer vi and know beginners problems dealing with vi. here we go to make it simple.

General Startup
To use vi: vi filename
To exit vi and save changes: ZZ or :wq
To exit vi without saving changes: :q!
To enter vi command mode: [esc]
To Replace string [esc] : %s!root!root@localhost!cg

Other

http://www.cs.colostate.edu/helpdocs/vi.html

Postfix client restrction and SMTP reverse domain lookup

Add following line to main.cf file.

% vi /etc/postfix/main.cf

################start####################
#reject unless the hostname has valid syntax.
#reject unless the host has a valid MX or A record in DNS.
#reject unless the host is fully qualified.
#Postfix will allow dotted quads that are not wrapped in square brackets (à la [
127.28.29.1]) even though it violates the RFC.
# look up the hostname in the file mapname and reject or accept as appropriate.

smtpd_helo_required = yes

smtpd_helo_restrictions = reject_invalid_hostname, reject_unknown_hostname, reje
ct_non_fqdn_hostname, permit_mynetworks


######reverse dns lookup ##############

smtpd_client_restrictions = hash:/etc/postfix/client_restrictions, reject_unknow
n_client, reject_maps_rbl
maps_rbl_domains = bl.spamcop.net, rbl-plus.mail-abuse.org
################end####################



%vi /etc/postfix/client_restrictions
################start####################
# Whoops, we need to talk to these machines
# but they has no reverse DNS set up:
10.0.10.1 OK
10.0.10.5 OK

# Reject these guys, they keep sending us junk mail
# and won't take us off their lists
spam_central.com REJECT

################end####################


% Test postfix for changes

[leo@linux]$ telnet 192.164.1.30 25
Trying 192.168.1.30...
Connected to test.domain.org (192.168.1.30).
Escape character is '^]'.
220 *******************************2*****
MAIL FROM:leo@anilinux.org
250 2.1.0 Ok
RCPT TO: user@domain.org
250 2.1.5 Ok
DATA
354 End data with .
test data
.
250 2.0.0 Ok: queued as CE6F53A4084
Quit
221 2.0.0 Bye
Connection closed by foreign host.



[leo@linux]$ telnet 192.164.1.30 25
Trying 192.168.1.30...
Connected to test.domain.org (192.168.1.30).
Escape character is '^]'.
220 *******************************2*****
MAIL FROM:leo@anilinux.org
250 2.1.0 Ok
RCPT TO: user@domain.org
450 4.7.1 Client host rejected: cannot find your hostname, [domain.org]
quit
221 2.0.0 Bye
Connection closed by foreign host.

Controlling Jobs in Linux

% Stop and restart a Job
If you find your Linux machine is slow due to lots of daemons running on it and want some process to get more CPU time to finish up fast. here we go to controlling jobs.
leo@gnu:~$ kill -s STOP 5846 ###5846 is PID of the running process
leo@gnu:~$ ps x | grep daemon_wallpapoz
5846 ? Tl 0:14 python /usr/bin/daemon_wallpapoz
leo@gnu:~$ kill -s CONT 5846
leo@gnu:~$ ps x | grep wall
5846 ? Sl 0:14 python /usr/bin/daemon_wallpapoz

% Starting a Job in the Background
Attaching an ampersand to the end of a command will cause that command to run in the background.
For example:
leo@gnu# xcalc &
This command causes the xcalculator to run, also it frees up the bash prompt so you can perform other tasks.
You can also use this method when starting X-Windows
leo@gnu# startx &
This will start X-Windows, but it will also free up that console that was used to start X-Windows.

% Stopping (Pausing) a Job
Press CTRL+z to stop a job.

% Listing Jobs
You may list jobs and their status by running the "jobs" command.
[leo@gnu]# jobs
[1]+ Stopped less /etc/lilo.conf
[leo@gnu]#

% Resuming a Stopped Job [%1]
You may resume a stopped job by typing %jobnumber as follows:
[leo@gnu]# %1
An alternate method :
[leo@gnu]# fg %1

% Placing a Job in the Background [%1 &]
You may place a stopped job in the background by typing %jobnumber & as follows:
[leo@gnu]# %1 &
An alternate method :
[root@server /root]# bg %1

% Killing a stopped Job [kill %1]
You may kill a stopped job by typing kill %jobnumber as follows:
[leo@gnu]# kill %1

% The nohup Utility [nohup cmd &]
The nohup utility will run as a process that is detached from your console. If you close your console, the nohup process will keep running in the background.
[leo@gnu]# nohup scan_ip.sh &

% Capturing Output [script]
The "script" command will put you into a new shell and it will log all the output for you into the file called "typescript". When you are done collecting data, you may type "exit" to get out of this script shell.

Restrict user's other than admin group to do SU ( super user ) on RHEL

By default all user's of Linux OS can do SU ( super user) and attempt to get root privileges ( if they are able to crack root password). We can avoid this by creating a group (i.e Admin) and assigning SU privilege to that group.

vi /etc/pam.d/su

### Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/$ISA/pam_wheel.so use_uid group=Admin

Note:group=Admin need to added after use_uid to group access to SU.

Configuring And Troubleshooting HDLC On Point-To-Point Links

R1#show interface serial 1
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set

R3#show int serial1
Serial1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.12.13.3/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set

At this point, each partner in the PTP link can ping the other.

R1#ping 172.12.13.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms

R3#ping 172.12.13.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms



If one of the routers is running another encapsulation type, the physical interfaces will still be up, but the line protocol will go down and IP connectivity will be lost. To illustrate, I'll change the encapsulation type on R3's Serial1 interface to the Point-To-Point Protocol (PPP).

R3(config-if)#exit
R3(config)#int serial 1
R3(config-if)#encapsulation ppp


R3#show interface serial 1
Serial1 is up, line protocol is down

R3#ping 172.12.13.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R1#show interface serial 1
Serial1 is up, line protocol is down

R1#ping 172.12.13.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

The encapsulation mismatch has brought the line protocol down, and to bring it back up, we simply need to make the encapsulation types match again.

add alias in .bashrc

To avoid typing long commands with there arguments.
here .bashrc minimizes ones burden of typing at CLI.

$vi /home/user/.bashrc

##add following alias into .bashrc file
##--------------------------------------
alias runing='ps -ef | grep -i $1'
alias email='ssh -l username servername'

$source .bashrc

$type runing

runing is aliased to `ps -ef | grep -i $1'


example:
$runing bash
$email

alien - Convert or install an alien binary package

alien is a program that converts between Red Hat rpm, Debian deb, Stam‐
pede slp, Slackware tgz, and Solaris pkg file formats. If you want to
use a package from another linux distribution than the one you have
installed on your system, you can use alien to convert it to your pre‐
ferred package format and install it. It also supports LSB packages.

Here are some examples of the use of alien:

alien --to-deb package.rpm
Convert the package.rpm into a package.deb

alien --to-rpm package.deb
Convert the package.deb into a package.rpm

alien -i package.rpm
Convert the package.rpm into a package.deb (converting to a .deb
package is default, so you need not specify --to-deb), and install
the generated package.

alien --to-deb --to-rpm --to-tgz --to-slp foo.deb bar.rpm baz.tgz
Creates 9 new packages. When it is done, foo bar and baz are avail‐
able in all 4 package formats.

Wallpapoz tool enables your Gnome desktop to have different wallpapers

Install & Run Daemon

$wget
http://darkstar.ist.utl.pt/getdeb/wa/
wallpapoz_0.4.1-1~getdeb1_all.deb

$sudo dpkg -i wallpapoz_0.4.1-1~getdeb1_all.deb

$wallpapoz

$/usr/bin/daemon_wallpapoz &

$ps -ef | grep -i wallpapoz | grep -v grep

check daemon is running in background.

More Information

http://wallpapoz.akbarhome.com/index.html

tr - translate or delete characters

translate upper to lower or delete characters

localhost$echo UUU | tr [:upper:] [:lower:]

localhost$tr [:upper:] [:lower:] < file

localhost$cat file | tr [:upper:] [:lower:]

localhost$cat file | tr [:upper:] [:lower:] > tmpfile

run-parts : run scripts or programs in a directory

I kept updating my cron to automate some routine tasks. however noticed many a things in cron are not giving results to my expectation. Was kept suspecting cron is not working or got corrupted.But found errors in crontab entries using run-parts .

here we see how cron and run-scripts works


cron
----
Cron daemon to execute and scheduled commands.
At start it search in cron spool area: /var/spool/cron/ and After that cron.{d,hourly,daily,monthly} and log in /var/log/cron.


Cron Related commands
---------------------

Usage: /etc/init.d/cron {start|stop|restart|reload|force-reload}

usage: crontab [-u user] file
crontab [-u user] { -e | -l | -r }
(default operation is replace, per 1003.2)
-e (edit user's crontab)
-l (list user's crontab)
-r (delete user's crontab)


run-parts
---------
run-parts runs all the executable files named within constraints described below, found in directory directory.Other files and directories are silently ignored.


Usage: run-parts [OPTION]... DIRECTORY
--test print script names which would run, but don't run them.
--list print names of all valid files (can not be used with
--test)
-v, --verbose print script names before running them.
--report print script names if they produce output.
--reverse reverse execution order of scripts.
--exit-on-error exit as soon as a script returns with a non-zero exit
code.
--lsbsysinit validate filenames based on LSB sysinit specs.
-u, --umask=UMASK sets umask to UMASK (octal), default is 022.
-a, --arg=ARGUMENT pass ARGUMENT to scripts, use once for each argument.
-V, --version output version information and exit.
-h, --help display this help and exit.


example :

#run-parts --list /etc/cron.hourly ( list files to executed by run-parts )
#run-parts --test /etc/cron.hourly ( list and test files inside directory )
#run-parts /etc/cron.hourly ( executes files and there output to stdout )

Cisco 3725

telnet router.domain
give passwd
en
give enable passwd
Get #
# sh runn ;To show the running config
# sh conf ;To show the config

To add acl to Internet ( here Internet is access list name for inbond traffic)

# conf t
ip access-list extended internet
permit tcp any host 192.16.1.200 eq 25

permit ssh from 159.133.12 net to 49 subnet

permit tcp 159.133.12.0 255.255.255.0 192.16.49.0 255.255.255.0 eq 22
no deny ip any any
deny ip any any
ctrl z


to write the config to flash
# wr mem


To add acl to Externet ( Externet is access list name for outbond traffic)

# conf t
ip access-list extended externet
deny tcp host 192.16.1.200 any eq port no

deny port 422 to 159.133.12 net from 49 subnet of tifr

deny tcp 192.16.49.0 255.255.255.0 159.133.12.0 255.255.255.0 eq 422
no permit ip any any
permit ip any any

ctrl z


to write the config to flash
# wr mem
# sh int fastethernet 0/1

to see tx load and rx load and crc

tips for new Ubuntu users

1.Ubuntu Tweak Software to Change Hidden Desktop Settings

$ cd /tmp; wget http://ubuntu-tweak.googlecode.com/files/ubuntu-tweak_0.2.4-ubuntu2_all.deb
$ sudo dpkg -i ubuntu-tweak_0.2.4-ubuntu2_all.deb
$ ubuntu-tweak &


2.gconf-editor - an editor for the GConf configuration system

$ gconf-editor &

Linux Iptables Limit the number of incoming tcp connection / syn-flood attacks

step 1:

Enable iptables in 3,4 & 5 run level

/sbin/chkconfig iptables --list

/sbin/chkconfig iptables on

/sbin/service iptables status

/sbin/service iptables start


step 2:
Basics of iptables

/sbin/iptables -L

/sbin/iptables -vL

/sbin/iptables -nL

/sbin/iptables -t nat -L

/sbin/iptables -F


step 2:
#run this script
# incoming syn-flood protection

iptables -N SYN_FLOOD
iptables -A INPUT -p tcp --syn -j SYN_FLOOD
iptables -A SYN_FLOOD -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A SYN_FLOOD -j DROP

#Limiting the incoming icmp ping request:

iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:
iptables -A INPUT -p icmp -j DROP
iptables -A OUTPUT -p icmp -j ACCEPT




* -N : create user chain.
* -A : append chain rule
* INPUT : INPUT table handles inbond (traffic from inside to outside) traffic
* OUTPUT : OUTPUT table handles outbond (traffic from inside to outside) traffic
* LOG : write log with prefix PING-DROP in file /var/log/syslog
* --syn : Only match TCP packets with the SYN bit set and the ACK,RST and
FIN bits cleared. Such packets are used to request TCP connec‐
tion initiation.
* ‐‐limit rate: Maximum average matching rate: specified as a number, with an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix; the default is 3/hour.

* ‐‐limit‐burst number:
Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.


* ACCEPT :means to let the packet through.

* DROP : means to drop the packet on the floor.

* QUEUE : means to pass the packet to userspace.

* RETURN :
means stop traversing this chain and resume at the next rule in the previous
(calling) chain. If the end of a built-in chain is reached or a rule
in a built-in chain with target RETURN is matched, the target specified
by the chain policy determines the fate of the packet.

extract RAR archives in Ubuntu

Like other archives, RAR files are data containers, they store one or several files in the compressed form. After you downloaded RAR file from Internet, you need to unpack its contents in order to use it.

after downloading RAR acrchive on my Desktop, went to unpack it with unrar-free .
unrar-free failed to extract .rar archives. Was thought may RAR archive got corrupted. In that way tried to unpack many RAR archives and failed to do so.

Finally a unrar worked.

here goes steps to unpack RAR with unrar

Install unrar using apt-get

#apt-get install unrar

Test Archives

#unrar t compressfiles.rar

Extract files to current directory

#unrar e compressfiles.rar