Thursday, November 1, 2012

Solaris 10 Live upgrade steps

 Steps for Solaris 10 Live Upgrade
 Solaris Live Upgrade significantly reduces downtime caused by an operating system upgrade
 by allowing the system administrator to upgrade the operating system, or install a Flash
 Archive, while the system is in operation. The Live Upgrade process involves creating a dupli-
 cate of the running environment and upgrading that duplicate. The current running environ-
 ment remains untouched and unaffected by the upgrade....

Prepare the disk slice and partition for live upgrade:
disk 1 Partition:
c0d0s0    /
c0d0s1    swap
c0d0s2    backup
disk 2 partition:
c0d1s0    /(i'll use it to copy root)
the partition on second disk (/copy root) is same size as the root (/) partition and it must not appear in use in “/etc/vfstab”.
This example explains how to upgrade a Solaris 10 10/08 system to the Solaris 10 5/09 release. Solaris Live Upgrade has many capabilities but for a simple situation like upgrading a system to a new Solaris release, there are three commands:
lucreate :-to create the copy
luupgrade:- to upgrade the OS on the copy
luactivate :- to choose the environment to boot

Before upgrading, you must install the Solaris Live Upgrade packages from the release to which you are upgrading. New capabilities are added to the upgrade tools, so installing the new packages from the target release is important. In this example, you will upgrade from Solaris 10 3/05 to Solaris 10 1/06, so you must get the Solaris Live Upgrade packages from the Solaris 10 1/06 DVD.
1. Install Live Upgrade package.


bash-3.00# cd /cdrom/sol_10_509_x86/Solaris_10/Tools/Installers/
bash-3.00# ./liveupgrade20 -noconsole -nodisplay
2. Run the “lucreate” command to create a copy of the active boot environment.
bash-3.00# lucreate -c active_boot -n solarisnew -m /:c0d1s0:ufs
“solaris0ld” is the active environment
“solarisnew” is inactive boot environment
3. after the new boot environment is created, now begin the upgrade procedure:
bash-3.00# luupgrade -u -n solarisnew -s /cdrom/cdrom0
4. after finished on step 3, now time to activate the new environment.
bash-3.00# luactivate solarisnew
5. reboot
 thanks.........
Posted by at No comments :

Tuesday, October 2, 2012

RBAC In Solaris System's

RBAC are the sole assignment for User's. other hand we can say that. This is equivalent of su in linux

RBAC in Solaris System's

Create a user "singh" with a profile shell and "Limited" profile:
/etc/passwd
foo:x:101:1::/export/home/singh:/usr/bin/pfsh
/etc/user_attr
singh::::type=normal;profiles=Limited
Create the "Limited" profile:
/etc/security/prof_attr
Limited:::only can run some limited commands:
/etc/security/exec_attr
Limited:suser:cmd:::/export/home/singh/bin/Address:uid=0
Create an example script:
#vi /export/home/singh/bin/Address
#!/bin/sh
/usr/sbin/ifconfig -a
:wq!
Remove default auths and profile from all users. Note – this is required so that the singh user doesn’t get the “Basic Solaris User” profile, which allows all user level binaries to be run. This however
(As root), check auths and profile of singhuser:
# auths singh
auths: singh : No authorizations
# profiles singh
 Limited
# profiles -l singh
 Limited:
 /export/home/singh/bin/Address    uid=0
As foo user, run Address command:
# su singh
# /export/home/singh/bin/Address
lo0:      <=== works as required
# ls
ls: not found   <=== as expected - singh user is limited
Posted by at No comments :

How to Add Hard drive and create partition on solaris

How to Add a Hard Drive to Solaris 10

Here’s how you would add a hard drive to Solaris 10, including the format, fdisk, partition, and then creation of the file system. Of course, you first need to actually add the hard drive physically to the machine, I’m not going to cover that – if you don’t know how to do that then the rest of the information isn’t going to help!
If you installed a drive through VMWare while the VM is running, you will need Solaris to recognize the new drive. In this case, run devfsadm, otherwise boot your system and Solaris should recognize the new drive.
# about devfsadm:- devfsadm maintains the /dev/namespace. it replace the previous suite
First, here’s the original drives (c0t0d0 & c1d1d0):
# ls /dev/rdsk/*s0 -------> search all Hdd in solaris system.  for example those
/dev/rdsk/c0d0s0 /dev/rdsk/c1d1s0
Have Solaris check for new hardware:
if new hdd is not recognize then run this command
# devfsadm
Now you can see there is a new disk on another bus (c1d1):
# ls /dev/rdsk/*s0
/dev/rdsk/c0d0s0 /dev/rdsk/c1d1s0 /dev/rdsk/c1t1d0s0
Next, we want to format the drive (which includes creating the partitions):
# format
Searching for disks…done
AVAILABLE DISK SELECTIONS:
0. c1t0d0
/pci@0,0/pci1000,30@10/cmd@0,0
1. c1d1
/pci@0,0/pci1000,30@10/cmd@1,0
Specify disk (enter its number):
Type “1″, the option for the new drive and hit “enter”. Depending on the type of disk it may be preformatted:
selecting c1d1 [disk formatted]
If your drive is not formatted, type format at the format prompt to low level format your hard drive. Next, we need to use fdisk to create the partitions, type “y” to create the default Solaris partition:
format> fdisk
No fdisk table exists. The default partition for the disk is:
a 100% “SOLARIS System” partition
Type “y” to accept the default partition, otherwise type “n” to edit the
partition table.
y
Next enter the partition menu, by typing partition:
format> partition
You can print out the current partitioning first if you like:
partition> print
Current partition table (original):
Total disk cylinders available: 1020 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 – 1020 1.99GB (1021/0/0) 4182016
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 – 0 2.00MB (1/0/0) 4096
9 unassigned wm 0 0 (0/0/0) 0
In this case, I just want to create one large partition for some extra storage so I will allocate all I can to partition 0. Note that partition 2 is used to reference the entire drive and is not a usable partition. To modify a given partition, just enter the number of the partition at the partition prompt:
partition> 0
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
Enter partition id tag[unassigned]:
Enter partition permission flags[wm]:
Enter new starting cyl[0]: 1
Enter partition size[0b, 0c, 1e, 0.00mb, 0.00gb]:5gb
And now to print the partition table again you can see what has changed:
partition> print
Current partition table (unnamed):
Total disk cylinders available: 1020 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 1 – 1019 1.99GB (1019/0/0) 4173824
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 – 1020 1.99GB (1021/0/0) 4182016
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 – 0 2.00MB (1/0/0) 4096
9 unassigned wm 0 0 (0/0/0) 0
Save your changes by writing the label to the disk:
partition> label
Ready to label disk, continue? y
Quit out of the partition prompt, and then the format prompt, which takes you back to the command prompt:
partition> quit
format> quit
#
Now we are ready to create a file system on this new partition (in this case UFS).
# newfs /dev/rdsk/c1d1s0

newfs: construct a new file system /dev/rdsk/c1t1d0s0: (y/n)? y
/dev/rdsk/c1t1d0s0: 4173824 sectors in 1019 cylinders of 128 tracks, 32 sectors
2038.0MB in 45 cyl groups (23 c/g, 46.00MB/g, 11264 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 94272, 188512, 282752, 376992, 471232, 565472, 659712, 753952, 848192,
3298432, 3392672, 3486912, 3581152, 3675392, 3769632, 3863872, 3958112,
4052352, 4146592
Make sure that the file system is clean:
# fsck /dev/rdsk/c1d1s0

** /dev/rdsk/c1d1s0
** Last Mounted on
** Phase 1 – Check Blocks and Sizes
** Phase 2 – Check Pathnames
** Phase 3a – Check Connectivity
** Phase 3b – Verify Shadows/ACLs
** Phase 4 – Check Reference Counts
** Phase 5 – Check Cylinder Groups
2 files, 9 used, 2020758 free (14 frags, 252593 blocks, 0.0% fragmentation)
Next, add the proper line to /etc/vfstab:
/dev/dsk/c1d1s0 /dev/rdsk/c1d1s0 /data ufs 2 yes -
And then mount the partition. In this case, I’m making a /data partition:
# mkdir /data
# mount /data
# df -h /data
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d1s0 4.9G 2.0M 5.0G 1% /data
Posted by at No comments :

Thursday, September 6, 2012

Openldap server and client configration in rhel6 with tls


lets see the openldap server setup configuration on rhel 6
 
In my setup 
my server name is:- node5.example.com
ipaddress is :- 192.168.0.100/24
domain name is:- example.com
openldap-server version is:- openldap-servers-2.4.23-20
my server os is:- RedHat Enterprise Linux 6.2



Step 1: first we need to install the required packages:

#yum install openldap-servers openldap-clients

here the openldap-server for configure the ldapserver and openldap-clients for configure the client..

Step2: As the configuration for LDAP is stored inside the LDAP server itself the configuration is in this /etc/openldap/slapd.d/ directory.


First of all we need set the password for administrator(we called it Manager) by using this command.

#slappasswd
password: mypasswd
retype-password: mypasswd

you’ll get something like this ”{SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV” as a result. This is the string we will have to add into config file. So we need to copy it.

Now time to open configuration file..


# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif

here we need to change domain name..

substitute “my-domain.com” with “example.com”
replace the domain by using “sed” other wise we can replace the domain in file manualy.
We can use this command to chabge this

:%s/dc=my-domain,dc=com/dc=example,dc=com/g

We now set the administrator(Manager) password..
and if you want make that encrypt then we need to add those line's over there

add these 3 lines at the end of the file “bdb.ldif” file:

olcRootPW: {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV
olcTLSCertificateFile: /etc/pki/tls/certs/example.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem

Step 4: Now we have to specify the monitoring privileges
if you want to monitoring then we need to specify those lines in this file..


#vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif

again, we have to replace the default domain name with our domain name

now can replace the default domain name manualy or by using “sed”

:%s/cn=manager,dc=my-domain,dc=com/cn=Manager,dc=example,dc=com/g

Step 5: Now its time for the Database Cache

#updatedb

othere wise automatic calculation of cache we need to copy that file in this location

#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

now set the permission for ldap user also.

#chown -Rf ldap:ldap /var/lib/ldap/


Step 6: Now we will need to set up a certificate for TLS. First we need to edit /etc/sysconfig/ldap and change SLAPD_LDAPS= options in this manner

#vim /etc/sysconfig/ldap
SLAPD_LDAPS=yes -----(default is no)

Now we need to create certificate.

There is lots of options for gen rate the certificate we can use any method.
I am going with this command.


#openssl req -new -x509 -nodes -out /etc/pki/tls/certs/example.pem -keyout /etc/pki/tls/certs/examplekey.pem -days 365

fill the required information of command

This will create the two required keys in the /etc/pki/tls/certs/ directory. We need to make them readable for the ldap user.

# chown -Rf root:ldap /etc/pki/tls/certs/example.pem
# chmod -Rf root:ldap /etc/pki/tls/certs/examplekey.pem
check the read permission for ldap user........


Step 7: Time to test our configuration

Now time to check the ldap configuration

# slaptest -u

“config file testing succeeded” answer should we come..



Step 8:  Start the ldap server

#service sladp start

lets check if our ldap server really works:

#ldapsearch -x -b ”dc=example,dc=com”

if you get a search: 2 then your on track!

Step 9: Configure the base domain
you can create this file manualy other wise download from this link

http://www.4shared.com/file/TtQTedYv/base.html

#vim /root/base.ldif


dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Hosts,dc=example,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Rpc,dc=example,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Services,dc=example,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byuser,dc=example,dc=com
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Mounts,dc=example,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Networks,dc=example,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Netgroup,dc=example,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Protocols,dc=example,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Aliases,dc=example,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byhost,dc=example,dc=com
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com




now we import our base information to the ldap directory:

#ldapadd -x -W -D ”cn=Manager,dc=example,dc=com” -f /root/base.ldif


Step 10: add the users in ldap
now time to add the users into ldap database. Fo Do that only we need to create a .ldif file and we can add it into ldap.
download the users file.

http://www.4shared.com/file/tYZhCL47/users.html


# vim /root/users.ldif

dn: uid=vishvendra,ou=People,dc=example,dc=com
uid: vishvendra
cn: vishvendra Chauhan
givenName: vishvendra Singh Chauhan
sn: 1
mail: vishvendra.singh.chauhan@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB
shadowLastChange: 12797
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 911
gidNumber: 911
homeDirectory: /home/vishvendra
gecos: Vishvendra's user
#ldapadd -x -W -D ”cn=Manager,dc=example,dc=com” -f /root/users.ldif

Now test this user's List.



Step 11: Testing the ldap server. We check is user vishvendra exists

#ldapsearch -x ”cn=vishvendra”  -b ”dc=example,dc=com”

it should be receive success result.



Ldap Client Configuration



there is only few steps for connect the client with ldap server.


First pf all we need to install the required package's on client side.

Step first:-


#yum install openldap-clients


Step Two:-
simple run the authentication command.


#authconfig-gtk or authconfig-tui or system-config-authentication

put the url of certificate. which is already shared from your server...


Now should be able to find the users in the ldap database..


#ldapsearch -x -ZZ


Ldap users migration and connectivity with outher "directories services" will coming soon......

****************************************All The Best**************************************************








Posted by at No comments :

Tuesday, September 4, 2012

website Downloading by wget command in linux

we have need to download an entire Web site, perhaps for off-line viewing,
so for do that we are using so diffrence tools. In linux we can download the entire site by using wget.
 wget can do the
use those command......

$ wget \
     --recursive \
     --no-clobber \
     --page-requisites \
     --html-extension \
     --convert-links \
     --restrict-file-names=windows \
     --domains chauhan-rhce.blogspot.com \
     --no-parent \
                   www.chauhan-rhce.blogspot.com
This command downloads the Web site www.chauhan-rhce.blogspot.com.
The options are:
  • --recursive: download the entire Web site.
  • --domains chuahan-rhce.blogspot.com: don't follow links outside website.org.
  • --no-parent: don't follow links outside the directory tutorials/html/.
  • --page-requisites: get all the elements that compose the page (images, CSS and so on).
  • --html-extension: save files with the .html extension.
  • --convert-links: convert links so that they work locally, off-line.
  • --restrict-file-names=windows: modify filenames so that they will work in Windows as well.
  • --no-clobber: don't overwrite any existing files (used in case the download is interrupted and
    resumed).


    after download the complete site you can get fun with offline site..




Posted by at No comments :

Thursday, August 30, 2012

Windows 7 God Mode

 Magic of Windows 7...................................

It is simply a new menu for navigation in windows 7 and very simple to set up.

Simply create a folder on your desktop and follow below directions.

Step 1: Right click on your desktop
Step 2: Click create folder.
Step 3:  rename this folder and name should be that, "GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}" and press enter.
Step 4: Blink as the folder changes form to look like the control panel.
Posted Image

Click on it and it opens the new menu.

Posted by at No comments :

Saturday, August 25, 2012

Unix & Linux System Administrator Reponsbilities

The roll of the System Administrator on a linux or unix like system involves a number of varied and complicated tasks. A defined and well thought out approach to these tasks is the key to running efficient and reliable systems. The following is a small list of some of the important duties of the System Administrator.
Filesystem Integrity and Free Space: A breakdown in filesystem integrity means the potential loss of critical data. As such, the System Administrator must check filesystem integrity on a regular basis and repair any inconsistencies as soon as they are found. The availability of free space is also the concern of the System Administrator. Periodic checking, daily, hourly, or as required is essential in preventing a file system from filling completely and causing downtime.
Configuration Files: Many configuration files will require modification over the lifetime of an installed system. The System Administrator must document all changes and maintain backup copies of previous revisions.
Software Installs: The System Administrator is responsible for proper installation and operation of all system software. Additionally, the removal of software is also the responsibility of the System Administrator.
User Accounts: The days when anyone with a little experience could be trusted with administrator level access are long gone. User accounts must be carefully managed and restricted to the minimum amount of access needed to fulfill job requirements.
Security: It is incumbent upon the System Administrator to perform all tasks in the most secure manner possible. This means evaluating every action taken as to its possible impact on system security. Adherence to well thought out and documented procedures will go a long way in maintaining system security.
System Monitoring: In the simplest terms the System Administrator is responsible for “knowing what is going on.” In practical terms this means keeping track of the state of each and every installed machine on an ongoing basis. Items to track include, but are not limited to: cpu load, memory usage, and reboots.
Deployment of New Systems: The more hands on “expert” level work that is required to deploy a new system, the more chances there are for something to go wrong. The process of taking a system from bare-metal to ready to use should be as automated as possible to remove the possibility of human error, not to mention a lot of repetitive work!


there Lots of Remain's Duties. these Find Out According My Experience



V.S Chauhan


Posted by at No comments :

Saturday, August 18, 2012

ls Command Use's in Linux

ls* Commands Are Even More Useful Than You May Have Thought
Everything is a file under Linux and ls* and friends can help you to dig out more information from the system than you originally thought. These Linux tips may come in handy when you need to find out information quickly without going through /proc or sysfs.

#1: lsscsi

See list SCSI devices (or hosts) and their attributes under Linux operating systems:
$ lsscsi -g
Sample outputs:
[0:0:0:0]    disk    Adaptec  RAID1-A          V1.0  /dev/sda   /dev/sg0
[0:1:0:0]    disk    SEAGATE  ST373455SS       0006  -         /dev/sg1
[0:1:1:0]    disk    SEAGATE  ST373455SS       0006  -         /dev/sg2
[1:0:0:0]    cd/dvd  TEAC     DV-28E-R         1.8A  /dev/sr0   /dev/sg3

#2: lsblk

Use this command to list block devices
# lsblk
Sample outputs:
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    1  68.3G  0 disk
├─sda1   8:1    1   716M  0 part /boot
├─sda2   8:2    1     8G  0 part [SWAP]
└─sda3   8:3    1  59.6G  0 part /
sr0     11:0    1  1024M  0 rom
To see file system type:
# lsblk -f
Sample outputs:
NAME   FSTYPE LABEL MOUNTPOINT
sda
├─sda1 ext2         /boot
├─sda2 swap         [SWAP]
└─sda3 ext4         /
sr0
To output info about permissions:
# lsblk -m
Sample outputs:
NAME     SIZE OWNER GROUP MODE
sda     68.3G root  disk  brw-rw----
├─sda1   716M root  disk  brw-rw----
├─sda2     8G root  disk  brw-rw----
└─sda3  59.6G root  disk  brw-rw----
sr0     1024M root  cdrom brw-rw----

#3: lsb_release

Use this command to see Linux distribution-specific information, enter:
# lsb_release
# lsb_release -a
Sample outputs:
LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 5.8 (Final)
Release: 5.8
Codename: Final

#4: lsusb

Use this command to see USB buses in the Linux based system and the devices connected to them:
$ lsusb
Sample outputs:
Bus 002 Device 004: ID 045e:00db Microsoft Corp. Natural Ergonomic Keyboard 4000 V1.0
Bus 002 Device 003: ID 046d:c52f Logitech, Inc. Wireless Mouse M305
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 007: ID 413c:8160 Dell Computer Corp. Wireless 365 Bluetooth
Bus 001 Device 006: ID 413c:8162 Dell Computer Corp. Integrated Touchpad [Synaptics]
Bus 001 Device 005: ID 413c:8161 Dell Computer Corp. Integrated Keyboard
Bus 001 Device 004: ID 0a5c:4500 Broadcom Corp. BCM2046B1 USB 2.0 Hub (part of BCM2046 Bluetooth)
Bus 001 Device 003: ID 0a5c:5800 Broadcom Corp. BCM5880 Secure Applications Processor
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

#5: lscpu

lscpu command shows information about CPU architecture information like number of CPUs, threads, cores and much more under Linux:
$ lscpu
Sample outputs:
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
CPU(s):                8
Thread(s) per core:    2
Core(s) per socket:    4
CPU socket(s):         1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 30
Stepping:              5
CPU MHz:               1199.000
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              8192K

#6: lspci

lspci command shows information about PCI buses in the system and devices connected to them:
$ lspci
Sample outputs:
00:00.0 Host bridge: VIA Technologies, Inc. VX800 Host Bridge (rev 14)
00:00.1 Host bridge: VIA Technologies, Inc. VX800/VX820 Error Reporting
00:00.2 Host bridge: VIA Technologies, Inc. VX800/VX820 Host Bus Control
00:00.3 Host bridge: VIA Technologies, Inc. VX800 PCI to PCI Bridge
00:00.4 Host bridge: VIA Technologies, Inc. VX800/VX820 Power Management Control
00:00.5 PIC: VIA Technologies, Inc. VX800/VX820 APIC and Central Traffic Control
00:00.6 Host bridge: VIA Technologies, Inc. VX800/VX820 Scratch Registers
00:00.7 Host bridge: VIA Technologies, Inc. VX800/VX820 North-South Module Interface Control
00:01.0 VGA compatible controller: VIA Technologies, Inc. VX800/VX820 Chrome 9 HC3 Integrated Graphics (rev 11)
00:02.0 PCI bridge: VIA Technologies, Inc. VX800/VX820 PCI Express Root Port
00:03.0 PCI bridge: VIA Technologies, Inc. VX800/VX820 PCI Express Root Port
00:03.1 PCI bridge: VIA Technologies, Inc. VX800/VX820 PCI Express Root Port
00:0f.0 IDE interface: VIA Technologies, Inc. VX800 Serial ATA and EIDE Controller
00:10.0 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.1 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.2 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.4 USB controller: VIA Technologies, Inc. USB 2.0 (rev 90)
00:11.0 ISA bridge: VIA Technologies, Inc. VX800/VX820 Bus Control and Power Management
00:11.7 Host bridge: VIA Technologies, Inc. VX8xx South-North Module Interface Control
00:13.0 PCI bridge: VIA Technologies, Inc. VX855/VX875/VX900 PCI to PCI Bridge
02:00.0 Ethernet controller: VIA Technologies, Inc. VT6120/VT6121/VT6122 Gigabit Ethernet Adapter (rev 82)
03:00.0 Ethernet controller: VIA Technologies, Inc. VT6120/VT6121/VT6122 Gigabit Ethernet Adapter (rev 82)
lspci command can be used to find out if a given PCI hardware is supported of by the currently running Linux kernel. In this example find out if Ethernet controller VT6120/VT6121/VT6122 from VIA Technologies is supported or not:
# lspci | grep VT6120
Sample outputs:
02:00.0 Ethernet controller: VIA Technologies, Inc. VT6120/VT6121/VT6122 Gigabit Ethernet Adapter (rev 82)
03:00.0 Ethernet controller: VIA Technologies, Inc. VT6120/VT6121/VT6122 Gigabit Ethernet Adapter (rev 82)
he identifier in first field 02:00.0 and 03:00.0. Now use the lspci -n as follows to get result for device 02:00.0 and 03:00.0:
# lspci -n | grep '0[2|3]:00.0'
Sample outputs:
02:00.0 0200: 1106:3119 (rev 82)
03:00.0 0200: 1106:3119 (rev 82)
Use the model id #3119 to search driver, as follows:
# grep 3119 /lib/modules/$(uname -r)/modules.alias
Sample outputs:
alias pci:v00001106d00003119sv*sd*bc*sc*i* via_velocity
You need to use via_velocity driver for VIA networking velocity family Gigabit ethernet adapter:
# modinfo via_velocity
Sample outputs:
filename:       /lib/modules/2.6.32-5-amd64/kernel/drivers/net/via-velocity.ko
description:    VIA Networking Velocity Family Gigabit Ethernet Adapter Driver
license:        GPL
author:         VIA Networking Technologies, Inc.
alias:          pci:v00001106d00003119sv*sd*bc*sc*i*
depends:        crc-ccitt
vermagic:       2.6.32-5-amd64 SMP mod_unload modversions
parm:           RxDescriptors:Number of receive descriptors (array of int)
parm:           TxDescriptors:Number of transmit descriptors (array of int)
parm:           rx_thresh:Receive fifo threshold (array of int)
parm:           DMA_length:DMA length (array of int)
parm:           IP_byte_align:Enable IP header dword aligned (array of int)
parm:           txcsum_offload:Enable transmit packet checksum offload (array of int)
parm:           flow_control:Enable flow control ability (array of int)
parm:           speed_duplex:Setting the speed and duplex mode (array of int)
parm:           ValPktLen:Receiving or Drop invalid 802.3 frame (array of int)
parm:           wol_opts:Wake On Lan options (array of int)
parm:           int_works:Number of packets per interrupt services (array of int)
parm:           rx_copybreak:Copy breakpoint for copy-only-tiny-frames (int)

#7: lshw / lshw-gtk

lshw command finds detailed information about the hardware configuration of the server or machine:
 
lshw
 
### See hardware in a compact format##
lshw -short
 
###  Only see disks and storage controllers in the system ###
lshw -class disk -class storage
 
### Only show all network interfaces in HTML fomrat ###
lshw -html -class network
 
## Graphical information about hardware configuration ###
lshw-gtk
 
Sample outputs (taken from lshw -short command):
Fig.01: lshw in actionFig.01: lshw in action

#8: ls

Use ls command to list directory contents:
 ## common examples of ls, see man page more info ##
ls
ls -l ## long format 
ls -F ## appends a character revealing the nature of a file
ls -a ## Show all files including hidden files
ls -R ## recursively lists subdirectories
ls -d ## Get info about a symbolic link or directory
ls -t ## Sort the list of files by modification time
ls -h ## Show sizes in human readable format
ls -B ## In directories, ignore files that end with ‘~’ (backup files)
ls -Z ## Display the SELinux security context
ls --group-directories-first -l ## Show directories first (group directories). Useful on server.
ls --color ##  Colorize the ls output 
ls --hide='*.txt' -l ## Hide or  ignore files whose names ends with .txt 
 

#9: lsof

Use this command list open files, network ports, active processL, and much more:
 ### command lsof command examples ##
lsof | less # List all open file
lsof -u vivek -i # See all files  opened by user "vivek"
lsof -i 4 -a -p 7007 # List all open IPv4 network files in use by the process whose PID is 7007
lsof -i TCP:80  # Find process running on tcp port 80
lsof -i 6 # List only open IPv6 network files
lsof -i 4 # List only open IPv4 network files
lsof -i TCP:1-1024 # List process open in port range 1 to 1024
lsof -i @server1.singh.com:2011-2012 # List all files using any protocol on ports 2000 to 2005 of host server1.cyberciti.biz, use:              
lsof /dev/sr0 # List all open files on device /dev/sr0
lsof /dev/dvd # Find out why my DVD drive does not eject?
lsof -i -u^root # See all files open by all users except root
lsof /etc/foobar # Find out who's looking at the /etc/foobar file?

#10: lsattr

Use lsattr to lists the file attributes on a second extended file system. Can not edit or delete the file even if you are root? Use lsattr to list file:
$ lsattr /etc/passwd
Sample outputs:
------------------- /etc/passwd
Use chattr command to write protect files under Linux operating system:
# echo 'Test' > foobar
# chattr +i foobar
# lsattr foobar
Sample outputs:
----i-------------- foobar
Try to remove (delete) foobar as root user:
# rm foobar
Sample outputs:
rm: cannot remove `foobar': Operation not permitted
Remove IMMUTABLE capability i.e. file cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file:
# chattr -i foobar

#11: lshal

Use lshal command to display items in the HAL (Hardware Abstraction Layer) device database. HAL provides an easy way for applications to discover the hardware on the system:
# lshal | less
### get info about your hardware
# lshal -u /org/freedesktop/Hal/devices/computer

Sample outputs:
udi = '/org/freedesktop/Hal/devices/computer'
  info.addons = {'hald-addon-cpufreq', 'hald-addon-acpi'} (string list)
  info.callouts.add = {'hal-storage-cleanup-all-mountpoints'} (string list)
  info.interfaces = {'org.freedesktop.Hal.Device.SystemPowerManagement'} (string list)
  info.product = 'Computer'  (string)
  info.subsystem = 'unknown'  (string)
  info.udi = '/org/freedesktop/Hal/devices/computer'  (string)
  org.freedesktop.Hal.Device.SystemPowerManagement.method_argnames = {'num_seconds_to_sleep', 'num_seconds_to_sleep', '', '', '', 'enable_power_save'} (string list)
  org.freedesktop.Hal.Device.SystemPowerManagement.method_execpaths = {'hal-system-power-suspend', 'hal-system-power-suspend-hybrid', 'hal-system-power-hibernate', 'hal-system-power-shutdown', 'hal-system-power-reboot', 'hal-system-power-set-power-save'} (string list)
  org.freedesktop.Hal.Device.SystemPowerManagement.method_names = {'Suspend', 'SuspendHybrid', 'Hibernate', 'Shutdown', 'Reboot', 'SetPowerSave'} (string list)
  org.freedesktop.Hal.Device.SystemPowerManagement.method_signatures = {'i', 'i', '', '', '', 'b'} (string list)
  org.freedesktop.Hal.version = '0.5.14'  (string)
  org.freedesktop.Hal.version.major = 0  (0x0)  (int)
  org.freedesktop.Hal.version.micro = 14  (0xe)  (int)
  org.freedesktop.Hal.version.minor = 5  (0x5)  (int)
  power_management.acpi.linux.version = '20110623'  (string)
  power_management.can_hibernate = true  (bool)
  power_management.can_suspend = true  (bool)
  power_management.can_suspend_hybrid = true  (bool)
  power_management.is_powersave_set = false  (bool)
  power_management.quirk.dpms_on = true  (bool)
  power_management.quirk.vbe_post = true  (bool)
  power_management.type = 'acpi'  (string)
  system.board.product = '0R1203'  (string)
  system.board.serial = '.XXXXXXX.CN4864304M0335.'  (string)
  system.board.vendor = 'Dell Inc.'  (string)
  system.board.version = ''  (string)
  system.chassis.manufacturer = 'Dell Inc.'  (string)
  system.chassis.type = 'Portable'  (string)
  system.firmware.release_date = '12/06/2011'  (string)
  system.firmware.vendor = 'Dell Inc.'  (string)
  system.firmware.version = 'A08'  (string)
  system.formfactor = 'laptop'  (string)
  system.hardware.primary_video.product = 1567  (0x61f)  (int)
  system.hardware.primary_video.vendor = 4318  (0x10de)  (int)
  system.hardware.product = 'Precision M6500'  (string)
  system.hardware.serial = 'XXXXXXX'  (string)
  system.hardware.uuid = 'ZZZZC-XXXXXXX-104C-XXXXXXX-YYYYY'  (string)
  system.hardware.vendor = 'Dell Inc.'  (string)
  system.hardware.version = ''  (string)
  system.kernel.machine = 'x86_64'  (string)
  system.kernel.name = 'Linux'  (string)
  system.kernel.version = '3.2.0-0.bpo.1-amd64'  (string)
  system.kernel.version.major = 3  (0x3)  (int)
  system.kernel.version.micro = 0  (0x0)  (int)
  system.kernel.version.minor = 2  (0x2)  (int)

#12: lsinitramfs

Use this command to show the content of given initramfs images. It allows one to quickly check the content of one (or multiple) specified initramfs files. This is useful to find out of if a given driver (such as RAID device driver) included in initramfs images or not:
 
lsinitramfs /boot/initrd.img-$(uname -r)  # See initramfs content of current running Linux kernel
lsinitramfs /boot/initrd.img-$(uname -r) | grep 'dm-'   # Find out if transparent encryption / decryption driver included or not
 
Sample outputs (it means I can encrypt entire hard disk under Linux and support included at the boot time):
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-snapshot.ko
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-crypt.ko
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-mirror.ko
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-region-hash.ko
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-mod.ko
lib/modules/2.6.32-5-amd64/kernel/drivers/md/dm-log.ko

#13: lsmod

Use this command to list all device driver loaded currently in the Linux Kernel:
# lsmod
Sample outputs (taken from my Asus RT-16 router running on open source Tomato firmware)
Module                  Size  Used by    Tainted: P
ohci_hcd               21552  0
ehci_hcd               40752  0
ext2                   67712  0
ext3                  136576  0
jbd                    62080  1 ext3
mbcache                 7280  2 ext2,ext3
usb_storage            50048  0
sd_mod                 27440  0
scsi_wait_scan           960  0
scsi_mod              105376  3 usb_storage,sd_mod,scsi_wait_scan
usbcore               147344  4 ohci_hcd,ehci_hcd,usb_storage
nf_nat_pptp             2592  0
nf_conntrack_pptp       6000  1 nf_nat_pptp
nf_nat_proto_gre        2128  1 nf_nat_pptp
nf_conntrack_proto_gre     4160  1 nf_conntrack_pptp
wl                   1884144  0
igs                    17936  1 wl
emf                    22720  2 wl,igs
et                     59744  0
To find out if you are running the module called ath_pci, enter (verify that module is loaded for a given device):
# lsmod | grep ath_pci

#14: lspcmcia

See information about the PCMCIA sockets and devices present in the system powered by Linux:
# lspcmcia
Sample outputs:
Socket 0 Bridge:    [yenta_cardbus]  (bus ID: 0000:03:01.0)

#15: lswm

USe this command to discover new wiimotes (Wii Remote) - the primary controller for Nintendo's Wii console. It can be used with X to control the cursor and much more:
# lswm

#16: lsdvd

Use this command for reading the contents of a DVD and printing the contents to your display and dump for further processing in external applications.
 
lsdvd     # Default output, show info in human readable 
lsdvd -a  # See information about audio streams
lsdvd -c  # See chapter information
lsdvd -s  # See subpicture information (e.g. subtitles)
lsdvd -s -t track-number
lsdvd -a -t 1
 
Sample outputs:
libdvdread: Using libdvdcss version 1.2.10 for DVD access
Disc Title: DVD_VIDEO
Title: 01, Length: 00:22:01.000 Chapters: 06, Cells: 06, Audio streams: 04, Subpictures: 21
 Audio: 1, Language: en - English, Format: ac3, Frequency: 48000, Quantization: drc, Channels: 2, AP: 0, Content: Undefined, Stream id: 0x80
 Audio: 2, Language: fr - Francais, Format: ac3, Frequency: 48000, Quantization: drc, Channels: 2, AP: 0, Content: Undefined, Stream id: 0x81
 Audio: 3, Language: de - Deutsch, Format: ac3, Frequency: 48000, Quantization: drc, Channels: 2, AP: 0, Content: Undefined, Stream id: 0x82
 Audio: 4, Language: en - English, Format: ac3, Frequency: 48000, Quantization: drc, Channels: 2, AP: 0, Content: Undefined, Stream id: 0x83
You can use mplayer to play dvd:
$ mplayer dvd://1 -dvd-device /dev/dvd

#17: lslk

Use this command to to lists all locks associated with the local files of the system:
# lslk
Sample outputs:
SRC            PID   DEV     INUM        SZ TY M         ST WH        END LEN NAME
portmap       1354 254,1  4309006         5  w 0          0  0          0   0 /var/run/portmap.pid
atd           2124 254,1  4309014         5  w 0          0  0          0   0 /var/run/atd.pid
mysqld        2404 254,1  6824038   5242880  w 0          0  0          0   0 /var/lib/mysql/ib_logfile1
mysqld        2404 254,1  6824037   5242880  w 0          0  0          0   0 /var/lib/mysql/ib_logfile0
mysqld        2404 254,1  6824036  27262976  w 0          0  0          0   0 /var/lib/mysql/ibdata1
(unknown)     2807 254,1  4309033            w 0          0  0          0   0 / (rootfs)
compiz        3398 254,1  7815224     81090  w 0          0  0          0   0 /home/vivek/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8bdcca7527c339d4/736353d788902c9e.bin
compiz        3398 254,1  7815223      7668  w 0          0  0          0   0 /home/vivek/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8bdcca7527c339d4/736353d788902c9e.toc
python        3427 254,1  4030467         0  w 0          0  0          0   0 /home/vivek/.hplip/hp-systray.lock
chrome        3567 254,1  3956948     12288  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Login Data
chrome        3567 254,1  3957700 135782400  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/History Index 2012-06
chrome        3567 254,1  3957049 120713216  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/History Index 2012-07
chrome        3567 254,1  3956937  15605760  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Favicons
chrome        3567 254,1  3957883   1155072  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Shortcuts
chrome        3567 254,1  3957138  61657088  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/History Index 2012-08
chrome        3567 254,1  3956932  24100864  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/History
chrome        3567 254,1  3957892   3702784  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Network Action Predictor
chrome        3567 254,1  3956926    552960  w 0 1073741824  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Web Data
chrome        3567 254,1  3956809     57344  r 0 1073741826  0 1073742335   0 /home/vivek/.config/google-chrome/Default/Archived History
firefox       3575 254,1  3964960    425984  w 0 1073741824  0 1073742335   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/addons.sqlite
firefox       3575 254,1  3964948   1114112  r 0 1073741826  0 1073742335   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/extensions.sqlite
firefox       3575 254,1  3973490    983040  r 0 1073741826  0 1073742335   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/StumbleUpon/user6896004.sqlite
firefox       3575 254,1  8364042     32768  r 0        128  0        128   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/places.sqlite-shm
firefox       3575 254,1  3964949  20971520  r 0 1073741826  0 1073742335   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/places.sqlite
firefox       3575 254,1  8364040     32768  r 0        128  0        128   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/cookies.sqlite-shm
firefox       3575 254,1  3964961   1048576  r 0 1073741826  0 1073742335   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/cookies.sqlite
firefox       3575 254,1  3964944         0  w 0          0  0          0   0 /home/vivek/.mozilla/firefox/j7nk7e8h.default/.parentlock
chrome        6326 254,1  7815216     88822  w 0          0  0          0   0 /home/vivek/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8bdcca7527c339d4/bc35a2d21bc47b1d.bin
chrome        6326 254,1  7815215      2676  w 0          0  0          0   0 /home/vivek/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8bdcca7527c339d4/bc35a2d21bc47b1d.toc
transmission 10465 254,1 11468802         0  w 0          0  0          0   0 /home/vivek/.config/transmission/lock

#18: lsmbox

Use this command to display the number of messages in a mailbox. Both total, unread but old, and new messages can be listed, for one or several mailbox files:
 
lsmbox !     # Get information about your inbox
lsmbox spam support family   # Get information about the mailboxes spam, support, and family  
lsmbox ~/foo # Get information about the mailbox foo which resides in your home directory
 

#19: lscgroup

Use this command to list all cgroups (control groups) which a Linux kernel feature to limit, account and isolate resource usage (such as CPU, memory, disk I/O, etc.) of process groups.
# lscgroup

#20: lsdiff

Use this command to see which files are modified by a patch. o sort the order of touched files in a patch, you can use:
$ lsdiff patch | sort -u | xargs -rn1 filterdiff patch -i
To show only added files in a patch:
$ lsdiff -s patch | grep '^+' | cut -c2- | xargs -rn1 filterdiff patch -i
To show the headers of all file hunks:
$ lsdiff -n patch | (while read n file do sed -ne "$n,$(($n+1))p" patch done)

#21: lspst

Use this command to list PST (MS Outlook Personal Folders) file data. It produce a simple listing of the data (contacts, email subjects, etc):
$ lspst mypst-file

#22: lsdnssec

Use lsdnssec command to ummarizes information about DNSSEC-related files. These files may be specified on the command line or found in directories that were given on the command line. The -d flag controls the amount of detail in the lsdnssec output.
# lsdnssec file
lsdnssec displays the following information about each zone for which it collects information:
keys
    Key information is shown about the keys currently in use. A bar graph is included that shows the age of the key with respect to the configured expected key-life time.
    This information is collected from any .krf files lsdnssec finds.
rolling status
    If any zone keys are being rolled via rollerd, then the status of the rolling state is shown. The time needed to reach the next state is also displayed.
    This information is collected from any .rollrec files found by lsdnssec.
Posted by at No comments :

Monday, July 30, 2012

FTP

Active FTP vs. Passive FTP



Introduction

One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...

The Basics

FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

Active FTP

In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
  • FTP server's port 21 from anywhere (Client initiates connection)
  • FTP server's port 21 to ports > 1023 (Server responds to client's control port)
  • FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)
  • FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
When drawn out, the connection appears as follows:
In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4. The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.

Active FTP Example

Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the last two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information. 
testbox1: {/home/p-t/slacker/public_html} % ftp -d singh.cit.com
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): singh
---> USER slacker
331 Password required for slacker.
Password: abcd
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------   3 slacker    users         104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Passive FTP

In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
  • FTP server's port 21 from anywhere (Client initiates connection)
  • FTP server's port 21 to ports > 1023 (Server responds to client's control port)
  • FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
  • FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)
When drawn, a passive mode FTP connection looks like this:
In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port. While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. 
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.

Passive FTP Example

Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section. 
testbox1: {/home/p-t/slacker/public_html} % ftp -d singh.cit.com
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): singh
---> USER slacker
331 Password required for slacker.
Password: abcd
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------   3 slacker    users         104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Other Notes

A reader, Maarten Sjouw, pointed out that active FTP will not function when used in conjunction with a client-side NAT (Network Address Translation) device which is not smart enough to alter the IP address info in FTP packets.

Summary

The following chart should help admins remember how each FTP mode works: 
 Active FTP :
     command : client >1023 -> server 21
     data    : client >1023 <- server 20

 Passive FTP :
     command : client >1023 -> server 21
     data    : client >1023 -> server >1023
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.
Posted by at No comments :

Thursday, July 26, 2012

Proof Linux Knowledge( Take a Quiz For Linux)

Posted by at No comments :

Monday, July 23, 2012

Add The Group Information IN Yum Repository in simple Two steps

= Yum groups and repositories =

Yum supports the group commands
  * grouplist
  * groupinfo
  * groupinstall
  * groupremove
  * groupupdate

Groups are read from the "group" xml metadata that is optionally available from
each repository. If yum has no repositories which support groups then none of 
the group operations will work. 
#yum grouplist

   This will list the installed and available groups for your system in two
   separate lists. If you pass the optional 'hidden' argument then all of 
   the groups which are set to 'no' in the group xml tag.

  yum groupinfo groupname
 
  This will give you detailed information for each group including:
  description, mandatory, default and optional packages.

      #yum groupinstall groupname
     #yum groupupdate groupname

  Despite their differing names both of these commands perform the same
  function. They will attempt to install/update all of the packages in the
  group that are of the types 'default' or 'mandatory' (by default).
  (To change this types of packages edit the value of the group_package_types 
  option in yum.conf.) And they will install any additional dependencies 
  needed by any of the installing/updating packages.

    # yum groupremove groupname
 
  This will remove all packages, of any type, in the named group. It will also
  remove any package that depends on any of these packages.
   


== Setting up your own groups in your own repository ==

This process is pretty easy, just two steps:
 1. create a file in the groups format used by yum
 2. tell createrepo to include that group file in your repository.


=== Step 1 ===
  You can either open a text editor and create the groups xml file manually or you
  can run the yum-groups-manager command from yum-utils. 

 # yum-groups-manager -n "My Group" --id=mygroup --save=/root/mygroups.xml --mandatory yum glibc rpm  dhcp bind
  # cat /root/mygroups.xml


 
   mygroup
   False
   True
   1024
   My group
  
   
      glibc
      rpm
      yum
     dhcp
     bind
   
 




=== Step 2 ===
  To include this in a repository, just tell [http://createrepo.baseurl.org/ createrepo] to use it when making or remaking
  your repository.

#createrepo -g /path/to/mygroups.xml /srv/my/repo
 
After that we can check our Group Name
# yum grouplist
#yum groupinfo mygroup
# yum groupinstall
Posted by at No comments :

Friday, July 20, 2012

Nic Bonding In RHEL-6


Bonding in RHEL 6


NIC Bonding in RHEL6

 Solution
Red Hat Enterprise Linux allows administrators to bind multiple network interfaces together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy. The behavior of the bonded interfaces depends upon the mode, either hot standby or load balancing service.
Add caption

           
Steps for configuring bonding
In this document we are configuring bond0 with interfaces eth0 and eth1

Step 1- Load Kernel module
For a channel bonding interface to be valid, the kernel module must be loaded. To ensure that the module is loaded when the channel bonding interface is brought up, create a new file as root named .conf in the /etc/modprobe.d/ directory. Note that we can name this file anything but it should with ends with a .conf extension. Insert the following line in this new file alias bond bonding
Replace  with the interface number, such as 0. If we want to configure  configuring more than on bonding interface, For  each configured channel bonding interface, there must be a corresponding entry in  /etc/modprobe.d/.conf file
In this example we are configuring bond0 and  file name is bonding.conf
  [root@praji2 modprobe.d]# cat /etc/modprobe.d/bonding.conf
  alias bond0 bonding


Step2- create channel bonding interface
We  need to create a channel bonding interface configuration file on/etc/sysconfig/network-scripts/ directory called ifcfg-bond ,replacing  with the number for the interface, such as 0 and specify the bonding parameters on the file. Here we are creating ifcfg-bond0 file with following contents
[root@praji2 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
IPADDR=172.16.1.207
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="mode=0 miimon=1000"

Step 3- Configure Network interfaces
After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER= and SLAVE= directives to their configuration files. The configuration files for each of the channel-bonded interfaces can be nearly identical. For example, if two Ethernet interfaces are being channel bonded, both eth0 and eth1 may look like the following example
Interface eth0 configuration
 [root@praji2 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
USERCTL=no
TYPE=Ethernet
Interface eth1 configuration
[root@praji2 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
TYPE=Ethernet
USERCTL=no
After configuring the interfaces we have to bring up the bond by using command
[root@praji2 network-scripts]# ifconfig bond0 up
If the bonding is correctly configured we can view the configuration using ifconfig command
[root@praji2 network-scripts]# ifconfig
bond0     Link encap:Ethernet  HWaddr 00:0C:29:69:31:C4
          inet addr:172.16.1.207  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe69:31c4/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:19676 errors:0 dropped:0 overruns:0 frame:0
          TX packets:342 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1623240 (1.5 MiB)  TX bytes:42250 (41.2 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:69:31:C4
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:10057 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:832257 (812.7 KiB)  TX bytes:22751 (22.2 KiB)
          Interrupt:19 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0C:29:69:31:C4
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:9620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:791043 (772.5 KiB)  TX bytes:20207 (19.7 KiB)
          Interrupt:19 Base address:0x2080


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:104 (104.0 b)  TX bytes:104 (104.0 b)

To view all existing bonds we can run following command, it will list bond0
[root@praji2 network-scripts]# cat /sys/class/net/bonding_masters
bond0
To view the existing mode of bonding we can use following command
[root@praji2 network-scripts]# cat /sys/class/net/bond0/bonding/mode
balance-rr 0
For verifying bonding , we can use following command. It will list bonding details
[root@praji2 network-scripts]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 1000
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:69:31:c4

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:69:31:ce
  
 bonding modes
Several policies are available in bonding, this mode can be set using directive mode=
The  can be one of:
balance-rr or 0 — Sets a round-robin policy for fault tolerance and load balancing. Transmissions are received and sent out sequentially on each bonded slave interface beginning with the first one available.
active-backup or 1 — Sets an active-backup policy for fault tolerance. Transmissions are received and sent out via the first available bonded slave interface. Another bonded slave interface is only used if the active bonded slave interface fails.
balance-xor or 2 — Sets an XOR (exclusive-or) policy for fault tolerance and load balancing. Using this method, the interface matches up the incoming request's MAC address with the MAC address for one of the slave NICs. Once this link is established, transmissions are sent out sequentially beginning with the first available interface.
broadcast or 3 — Sets a broadcast policy for fault tolerance. All transmissions are sent on all slave interfaces.
802.3ad or 4 — Sets an IEEE 802.3ad dynamic link aggregation policy. Creates aggregation groups that share the same speed and duplex settings. Transmits and receives on all slaves in the active aggregator. Requires a switch that is 802.3ad compliant.
balance-tlb or 5 — Sets a Transmit Load Balancing (TLB) policy for fault tolerance and load balancing. The outgoing traffic is distributed according to the current load on each slave interface. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed slave.
balance-alb or 6 — Sets an Active Load Balancing (ALB) policy for fault tolerance and load balancing. Includes transmit and receive load balancing for IPV4 traffic. Receive load balancing is achieved through ARP
Posted by at No comments :
Subscribe to: Posts ( Atom )