Log Levels In Os's

When network devices run into problems they generate error messages. In a lot of cases, where those error messages go is up to you. Devices like servers (including Windows servers with the utility mentioned below), routers, switches, and even some HP JetDirect print server cards support the use of a "syslog" server. A syslog server is kind of a central repository for log messages as a way for you to centralize your monitoring of network systems and devices. It's a client/server type of setup where the devices are the "clients". 

When set up to use a syslog server, devices will send their log messages over the network wire to the syslog server rather than recording them in a local file or displaying them. By default Cisco routers and switches will typically write them to the console screen provided you have a console session open. But since you don't have a console session open most of the time, it's a good idea to change where these messages are sent. 

Not only is it up to you to decide where the messages are sent, but you can also decide which messages the client devices send based on the level of severity. These severity levels are standardized and identified by a number and/or a standard abbreviation (shown in parentheses) as so:

0 - Emergency (emerg) 1 - Alerts (alert) 2 - Critical (crit) 3 - Errors (err) 4 - Warnings (warn) 5 - Notification (notice) 6 - Information (info) 7 - Debug (debug)

Level 7 basically says to send every peep to the syslog server. It's good to use when you want to test your syslog server to make sure it's working. 

There are also things called "facilities" which loosely relate to system processes, a way of categorizing messages. When a remote device sends a message to a syslog server it includes one of the standard facility values (along with a severity level). Some of the common facilities are:

auth - authentication (login) messages cron - messages from the memory-resident scheduler daemon - messages from resident daemons kern - kernel messages lpr - printer messages (used by JetDirect cards) mail - messages from Sendmail user - messages from user-initiated processes/apps local0-local7 - user-defined (see below) syslog - messages from the syslog process itself

local7 is used by Cisco equipment and Windows servers. You can specify different severity levels for different facilities so you can, for example, log all kernel messages but only emergency messages from printers. This is done in the /etc/syslog.conf file using the following format:
facility.severity         log-file-name
Using the example we gave above for kernel and printer messages the /etc/syslog.conf file entries would look like this:

kern.* /var/log/example.log lpr.emerg /var/log/example.log

Note that the file uses the standard abbreviations for the severity level and not the number. Note also that you can specify any path and file name for the target log file. You can even specify different log files for different severities or facilities or any combination thereof. 

I usually set up a large partition with the mount-point name of "logs" just for syslog files. The above /etc/syslog.conf file entries would then look something like this:

kern.* /logs/enterprise.log lpr.emerg /logs/enterprise.log

If you wanted every message from every device to get logged (for testing purposes for example) you'd only need one entry:

*.* /logs/enterprise.log

The Syslog Server

There's two things you have to do to set up your Debian system as a log host. Luckily they're simple edits to a couple text files. They are: 

• Tell the syslog daemon to listen for messages from remote devices
• Tell the syslog daemon what to do with those messages

The syslog daemon is run at system startup by default because it also handles all the local log files, and there are a bunch of them. If you list the files in the /var/log directory you'll see what I'm talking about. 

To take care of the first item above we have to edit the startup script that runs the syslogd daemon when the system boots. Open the script using the command:
nano /etc/init.d/sysklogd
and look for this line near the top:
SYSLOGD=""
and change it to:
SYSLOGD="-r -m0"
(That's a zero after the 'm'.) Then exit the editor saving the file. The -r tells syslogd to listen for remote messages. The -m0 stops syslogd from putting a bunch of annoying -- MARK -- entries in your log files. 

To take care of the second item, open the follwing file:
nano /etc/syslog.conf
and add the following lines to it near the top:

*.emerg /var/log/enterprise.log *.alert /var/log/enterprise.log *.crit /var/log/enterprise.log

Here we are just telling the syslogd daemon to write the messages to the enterprise.log file. If you want to monitor Windows servers and Cisco devices add this line also:
local7.debug         /var/log/enterprise.log
We're using the 'debug' level here just for testing to make sure our server is receiving and logging messages. It can tightened up later. Now restart the syslogd daemon with the command:
/etc/init.d/sysklogd restart
Congratulations, you've got yourself a syslog server! You can check it out by listing the files in the /var/log directory again. You should see the enterprise.log file there now. 

Syslog Clients

Now you have to go around to your devices and tell them to use it, and what level of messages to send to it. 

Cisco Devices 

For Cisco switches running the CatOS you can console or telnet into the switch and enter the following commands to accomplish that:

set logging server <ip address of your Debian system> set logging server severity 3 set logging timestamp enable set logging server enable

Note that 3 is where you set the level of severity. For Cisco routers and switches running IOS the commands are:

config term logging <ip address of your Debian system> logging trap errors service timestamps log datetime logging on

Note that errors is where you set the level of severity. 

Linux Systems 

If you want to set up other Linux servers (or even desktops) to be clients (i.e. to send their messages to this Debian log server) you'd add the following line to their/etc/syslog.conf files:
*.*         @debianbox
replacing 'debianbox' with whatever the hostname of your Debian system is. The '*.*' specifies that all log messages be sent to the log server. Some devices, like JetDirect cards will not allow you to specify a severity level which is why you want to restrict what's actually logged by the settings you enter in the /etc/syslog.conf file on the syslog server. 

Windows Servers 

Naturally Microsoft doesn't want to support a long-held standard like syslog so we have to jump through some hoops to monitor Windows servers. A company in Sweden called Datagram has a great free utility called SyslogAgent that runs as a service on Windows servers. It converts the messages in all of the Event Viewer logs (System, Applications, Security, etc.) to a syslog format and sends them to a syslog server. You can even specify a different severity level for each log. And even better, installing it doesn't require a reboot. Go to their download page at:
www.syslogserver.com/download.html
and download just the SyslogAgent file, not the whole suite. It runs on NT, 2000, and 2003. 

File Types and Thier Uses

File types in Linux Explained

“How many types of files are there in Linux/Unix and what are they?” This is a common question to every person who starts learning Linux.

Why is it important to know file types?
Ans : This is because Linux will consider every thing as file. So when ever you start working on Linux/Unix box you have to deal with different file types to effectively manage them.

How many types of file are there?
By default Unix have only 3 types of files..
They are.

1. Regular files
2. Directory files
3. Special files(This category is having 5 sub types in it.)

So in practical we have total 7 types of files are there. And in Solaris we have 8 types.

Here are those files type. And you can see the file type indication at leftmost part of “ls -l” command

1. Regular file(-) 

2. Directory files(d) 

Special files 

3. Block file(b) 

4. Character device file(c) 

5. Named pipe file or just a pipe file(p) 

6. Symbolic link file(l) 

7. Socket file(s)

For your information there is one more file type called door files(D) which is present in Sun Solaris as mention earlier. A door is a special file for inter-process communication between a client and server(so total 8 types in Unix machines.).

We will learn about different types of files as below sequence for every file type.
1)Defination and information of the file type
2)How to create particular file type
3)How to list/see particular file type

Regular file type Explained in Linux

These are the files which are indicated with “-” in ls -l output at the starting of the line. And these files are.

1. Readable files or
2. A binary files or
3. Image files or
4. Compressed files etc.

How to create them?

Ans : Use touch/vi command and redirection operators etc.

How can we list them in my present working directory?
ls -l | grep ^-
Example listing of regular files :

-rw-r–r– 1 krishna krishna 20986522 2010-01-31 13:48 test.wmv
-rw-r–r– 1 krishna krishna 173448 2010-01-30 21:20 Transformers-Teaser-Wallpaper-310.jpg
-r-xr-xr-x 1 root root 135168 2009-12-12 19:14 VIDEO_TS.VOB
-rw-r–r– 1 krishna krishna 2113536 2009-12-01 13:32 Aditya 365 – Janavule.mp3
-rwxrwxrwx 1 root root 168 2010-02-14 14:12 xyz.sh

Directory file type explained in Linux/Unix

These type of files contains regular files/folders/special files stored on a physical device. And this type of files will be in blue in color with link greater then or equal 2.

How can we list them in my present working directory?

ls -l | grep ^d

Example listing of directories.
drwxr-xr-x 2 surendra surendra 4096 2010-01-19 18:37 bin
drwxr-xr-x 5 surendra surendra 4096 2010-02-15 18:46 Desktop
drwxr-xr-x 2 surendra surendra 4096 2010-01-18 14:36 Documents
drwxr-xr-x 2 surendra surendra 4096 2010-02-13 17:45 Downloads

How to create them?
Ans : Use mkdir command

Block file type explained

These files are hardware files most of them are present in /dev

How to create them?
Ans : Use fdisk command or create virtual partition.

How can we list them in my present working directory?
ls -l | grep ^b
Example listing of Block files(for you to see these file, they are located in /dev).

brw-rw—- 1 root disk 8, 1 2010-02-15 09:35 sda1
brw-rw—- 1 root disk 8, 2 2010-02-15 09:35 sda2
brw-rw—- 1 root disk 8, 5 2010-02-15 09:35 sda5

Character device files

Provides a serial stream of input or output.Your terminals are clasic example for this type of files.
How can we list chracter files in my present working directory?
ls -l | grep ^c

Example listing of character files(located in /dev)
crw-rw-rw- 1 root tty 5, 0 2010-02-15 16:52 tty
crw–w—- 1 root root 4, 0 2010-02-15 09:35 tty0
crw——- 1 root root 4, 1 2010-02-15 09:35 tty1

Pipe files explaned

The other name of pipe is a “named” pipe, which is sometimes called a FIFO. FIFO stands for “First In, First Out” and refers to the property that the order of bytes going in is the same coming out. The “name” of a named pipe is actually a file name within the file system.

How to create them?

Ans : Use mkfifo command.

How can we list chracter files in my present working directory?
ls -l | grep ^p

Example listing of pipe files
prw-r—– 1 root root 0 2010-02-15 09:35 /dev/.initramfs/usplash_outfifo
prw-r—– 1 root root 0 2010-02-15 09:35 /dev/.initramfs/usplash_fifo
prw——- 1 syslog syslog 0 2010-02-15 15:38 /var/run/rsyslog/kmsg

Sybolic link files

These are linked files to other files. They are either Directory/Regular File. The inode number for this file and its parent files are same. There are two types of links ie soft and hard link.

How to create them?
Ans : use ln command

How can we list linked files in my present working directory?
ls -l | grep ^l

Example listing of linked files
lrwxrwxrwx 1 root root 24 2010-02-15 09:35 sndstat -> /proc/asound/oss/sndstat
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root 15 2010-02-15 09:35 stdout -> /proc/self/fd/1

Socket files in Linux

A socket file is used to pass information between applications for communication purpose

How to create them?
Ans : You can create a socket file using socket() system call avialable under

Example
int sockfd = socket(AF_INET, SOCK_STREAM, 0);
You can refer to this socket file using the sockfd. This is same as the file descriptor, and you can use read(), write() system calls to read and write from the socket.

How can we list chracter files in my present working directory?
ls -l | grep ^s

Example listing of socket files.
srw-rw-rw- 1 root root 0 2010-02-15 09:35 /dev/log
srwxrwxrwx 1 root root 0 2010-02-15 10:07 /var/run/cups/cups.sock
srwxrwxrwx 1 root root 0 2010-02-15 09:35 /var/run/samba/winbindd_privileged/pipe
srwxrwxrwx 1 mysql mysql 0 2010-02-15 09:35 /var/run/mysqld/mysqld.sock

A tip for you guys.
How to find your desired type of a file ?

Ans : Use find command with -type option.

For example if you want to find socket file, just use below command.

find / -type s

If you want to find linked file then how?

Find / -type l

Thats it.. You got it..  Enjoy reading..

CryptSetup with encrypted file.

Cryptsetup uses dm-crypt to encrypt a disk at the partition level.  In RHEL, cryptsetup is used with Linux Unified Key Setup (LUKS), a disk encryption specification. Mounting a LUKS encrypted partiton requires a passphrase, which can either be passed in a file or via the command line. Read more about dm-crypt here.

Anyway to use crypsetup, you first must have a free partiton on a disk. In this instance I am using /dev/sdc1, which is a freeagent external usb drive.

First initialize the LUKS partition. My target is /dev/sdc1

#cryptsetup luksFormat /dev/sdc1

Then open the LUKS partition setup the dev mapper device. The command below creates /dev/mapper/freeagent

#cryptsetup luksOpen /dev/sdc1 chauhan

Create a passkey file if you want the device to be able to automount at boot. 

#vi /root/my.key && chmod 600 /root/my.key

Make cryptsetup aware of the key

#cryptsetup luksAddKey /dev/sdc1 /root/my.key

Dont forget to make a filesystem

#mkfs -t ext4 /dev/mapper/chauhan

Then add the following to /etc/fstab...

/dev/mapper/freeagent   /data             ext4    _netdev         1 1

And add the following to /etc/crypttab. Note that the first entry is the name of the /dev/mapper device

chauhan       /dev/sdc1       /root/my.key

To get a status on a device and to see the mappings between /dev/mapper and /dev/sdc1

#cryptsetup status

/dev/mapper/chauhan
/dev/mapper//dev/mapper/chauhan is active:
  cipher:  aes-cbc-essiv:sha256
  keysize: 128 bits
  device:  /dev/sdc1
  offset:  1032 sectors
  size:    2930270970 sectors
  mode:    read/write

Make sure you keep track of when to use /dev/mapper/freeagent vs /dev/sdc1 in the commands above.

Also check the crypttab status by.

#cryptsetup luksDump /dev/devicename

OpenLdap Configration in RedHat Enterprise Linux 5.4

LDAP Server Configuration
LDAP Configuration in RHEL 5.4


Release:
RedHat Enterprise Linux 5.4

Problem:
LDAP Configuration in RHEL 5.4


Solution:
Assumptions:
Domain Name                : example.com
Host Name                    : server
IP Address                     : 192.168.0.199

Server Side Configuration:

1)      Install the required RPMs for LDAP server
a.       Openldap
b.       Openldap-devel
c.       Openldap-clients
d.       Openldap-servers
e.       Nss_ldap

2)      Create a dedicated directory for putting all database information, with the ownership of “ldap”. Default directory is /var/lib/ldap.
# mkdir /var/lib/ldap/example.com
# chown ldap:ldap /var/lib/ldap/example.com

3)      Create an encrypted password for LDAP “root” user and save the output, because it is needed in the “slapd.conf” file
# slappasswd

4)      Update the LDAP configuration file
# vi /etc/openldap/slapd.conf

#####################################        
# ldbm and/or bdb database definitions
#####################################  
database         ldbm
suffix           "dc=example,dc=com"
rootdn           "cn=Manager,dc=example,dc=com"
rootpw           {SSHA}+TARB6GQJ7rJvzx5f8h7fGT9r0fwDh32                          (* It is generated from "slappasswd" command)
directory        /var/lib/ldap/example.com

5)      Start the LDAP daemon to load the contents of the slapd.conf file
# service ldap start

6)      Crete a user account
# useradd –g users ldaptest
# passwd ldaptest

Note: The user’s password must be in LDAP Data Interchange Files (LDIF) format before it can be imported to the LDAP database.

7)      Extract the “ldaptest” user information from the /etc/passwd file and save it for converting to LDIF format
# grep ldaptest /etc/passwd > /etc/openldap/passwd.ldaptest

8)      If  it is freshly configured LDAP database, “root” user account also needed
# grep root /etc/passwd > /etc/openldap/passwd.root

9)      Now convert the /etc/passwd data into an LDIF format using the “migrate_passwd.pl” conversion program

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.ladptest /etc/openldap/ldaptest.ldif

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

10)    Before import this LDIF files to LDAP database we need to edit this LDIF file
# vi /etc/openldap/ldaptest.ldif

dn: uid=ldaptest,ou=People,dc=example,dc=com
uid: ldaptest
cn: ldaptest
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$Z2XOYyLu$QNCNnYWqL1hh9.7S3HWEv.
shadowLastChange: 14771
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 100
homeDirectory: /home/ldaptest

11)    In slapd.conf, “root” user have a common name (CN) of “Manager”. Add this information to the root LDIF file.
# vi /etc/openldap/root.ldif

dn: uid=root,ou=People,dc=example,dc=com
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$RyAMPQs9$LejMX5ACSu2Qe4Os6fzFa/
shadowLastChange: 14766
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=operator,ou=People,dc=example,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14711
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

12)    The attributes of the “tech.in” domain defined by using the below LDIF file.
# vi /etc/openldap/example.com.ldif

dn: dc=example,dc=com
dc: example
description: Root LDAP entry for example.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People,dc=example,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit

13)    Import all the three LDIF files into the database using the ldapadd command
# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/example.com.ldif

# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/root.ldif

# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/ldaptest.ldif

14)    View all the LDAP database entries using the ldapsearch command
# ldapsearch –x –b ‘dc=example,dc=com’ ‘(objectclass=*)’


Client side Configuration:

15)    Install the required RPMs
a.       Openldap
b.       Openldap-clients
c.       Openldap-devel
d.       Nss_ldap

16)    LDAP clients are configured using the /etc/openldap/ldap.conf file. Mention the LDAP server IP and domain name here
#vi /etc/openldap/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST    172.16.1.248
BASE    dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
~

17)    Add the LDAP server information to the client using the authconfig command
# authconfig–tui





   
Note: After this step check the “/etc/nsswitch.conf” file and ensure that, it has references to the LDAP.
   
18)    Restart the SSH daemon to re-read the modified nsswitch.conf file
# service sshd restart

19)    Create home directories for “ldaptest” user in client machine.
# mkdir /home/ldaptest
# chmod 700 /home/ldaptest
# chown ldaptest:users /home/ldaptest
# cp /etc/skel/.bash* /home/ldaptest
# chown ldaptest /home /home/ldaptest/.bash*

20)    Now login as a “ldaptest” user and check




Modifying LDAP account by “root” user:

21)   Create a script to add a user into LDAP database and place it into the “/usr/local/bin/addldapuser”
# vi /usr/local/bin/addldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp
cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/tech/ > /tmp/changeldappasswd.ldif
cat /tmp/changeldappasswd.ldif | sed s/com/in/ > /tmp/changeldappasswd.ldif
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W –f /tmp/changeldappasswd.ldif
rm -f /tmp/changeldappasswd.*

22)   Script to delete a LDAP user
# vi /usr/local/bin/deleteldapuser

#!/bin/bash
ldapdelete -x -W -D "cn=Manager,dc=example,dc=com" "uid=$1,ou=People,dc=example,dc=com"


23)   To modify the LDAP user  accounts use the below scripts
# vi /usr/local/bin/modifyldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/modifyldapuser.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp
cat /tmp/modifyldapuser.ldif.tmp | sed s/padl/tech/ >  /tmp/modifyldapuser.ldif
cat /tmp/modifyldapuser.ldif | sed s/com/in/ > /tmp/modifyldapuser.ldif
/usr/bin/ldapmodify -x -D "cn=Manager,dc=example,dc=com" -W –f /tmp/modifyldapuser.ldif
rm -f /tmp/modifyldapuser.*

24)   Make the Scripts executables using the “chmod” command
# chmod 700 /usr/local/bin/addldapuser
# chmod 700 /usr/local/bin/deleteldapuser
# chmod 700 /usr/local/bin/modifyldapuser

25)   Ldap Admin is free Win32 administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server.