chmod:
The chmod command allows you to alter access rights to files and directories. All files and directories have security permissions that grant the user particular groups’ or all other users’ access. To view your files' settings, at the shell prompt type: ls -altYou should see some files with the following in front of them (an example follows):total 4drwxrwsr-x 7 reallyli reallyli 1024 Apr 6 14:30 .drwxr-s--x 22 reallyli reallyli 1024 Mar 30 18:20 ..d-wx-wx-wx 3 reallyli reallyli 1024 Apr 6 14:30 contentdrwxr-xr-x 2 reallyli reallyli 1024 Mar 25 20:43 filesWhat do the letters mean in front of the files/directories mean?r indicates that it is readable (someone can view the file’s contents)w indicates that it is writable (someone can edit the file’s contents)x indicates that it is executable (someone can run the file, if executable)- indicates that no permission to manipulate has been assignedWhen listing your files, the first character lets you know whether you’re looking at a file or a directory. It’s not part of the security settings. The next three characters indicate Your access restrictions. The next three indicate your group's permissions, and finally other users' permissions.
Use chmod followed by the permission you are changing. In very simple form this would be: chmod 755 filenameThe example above will grant you full rights, group rights to execute and read, and all others access to execute the file.
Permission
7 full
6 read and write
5 read and execute
4 read only
3 write and execute
2 write only
1 execute only
0 none
like Typing the command: chmod 751 filename
gives you full access, the group read and execute, and all others execute only permission.
cp:
Type cp followed by the name of an existing file and the name of the new file. Ex:cp newfile newerfile To copy a file to a different directory (without changing the file’s name), specify the directory instead of the new filename. Ex:cp newfile testdir To copy a file to a different directory and create a new file name, you need to specify a directory/a new file name. Ex:cp newfile testdir/newerfile cp newfile ../newerfile The .. represents one directory up in the hierarchy.
file:
Type file followed by the name of an existing file in the directory. Ex:file emergency3_demo.exeOUTPUT: MS-DOS executable (EXE)This command allows you to figure out what the file type is and how to use it. For instance the command will tell you whether it is an executable, a compressed file and which type, or something unusual. This command is simplistic, but often can allow you to determine why a file does not respond the way you expect.
mv:
Type mv followed by the current name of a file and the new name of the file. Ex:mv oldfile newfile
Type mv followed by the name of a file and the new directory where you'd like to place the file. Ex:mv newfile testdir This moves the file named newfile to an existing directory named testdir. Be certain you’re specifying a directory name or the mv command alters the name of the file instead of moving it.
rm:
Type rm followed by the name of a file to remove the file. Ex:rm newfile Use the wildcard character to remove several files at once. Ex:rm n* This command removes all files beginning with n.Type rm -i followed by a filename if you’d like to be prompted before the file is actually removed. Ex:rm -i newfile rm -i n* By using this option, you have a chance to verify the removal of each file. The -i option is very handy when removing a number of files using the wildcard character *.
Wednesday, October 10, 2007
Linux Advanced Commands
du:
The du command prints a summary of the amount of information you have stored in your directories on the mounted disks.
syntax: du [options] pathex: du -a /NewsOptions:-s print the sum of bytes in your directories-a print a line for each file in your directory
grep:
The grep command searches text files for a particular word or string of words. Very helpful when trying to find that needle in a haystack, like a particular line in a large log file.syntax: grep textstring filename(s)ex: grep century history.text.doc
Head
Tail
head: prints the beginning of a text filetail: prints the end of a text fileThese commands allow you to view parts of a text file.tail -n 5 textfile.txt head -n 5 textfile.txtThe examples above will print the last 5 lines of the file textfile.txt and then the first 5 lines.
locate:
Trying to find out where on your Linux server a particular file resides? Having a real nasty time doing it? If you have the Bash shell you can try using the locate command to identify where it is on your mounted drives. Type: locate filename and press enter. Replace filename with the name of the file you are looking for. This is a real time saving command as you start navigating your Linux server!If locate does not work for you try using which.
Nice
Nohup
Nice: runs programs/commands at a lower system priorityNohup: runs nice programs even when you’re logged off the systemBy using the two commands simultaneously, your large processes can continue to run, even when you have logged off the system and are relaxing. Ex: nice nohup c program.c . This command will allow the c compiler to compile program.c even when you have logged off the system.
ps
related to "stopped jobs"
The ps command displays all of the existing processes. This command is also directly linked to issues with stopped processes (also known as "stopped jobs").Occasionally, you may see the message There are Stopped Jobs.If you log off the system without properly stopping your jobs, some jobs/processes may remain in memory tying up the system and drawing unnecessary processing bandwidth. Type ps and hit enter. This will list all of your current processes running, or stopped.PID TT STAT TIME COMMAND23036 pl S 0:00 -csh23070 pl R 0:00 viThe number under PID is the process identification number. To kill a process that is stopped, type: kill pid. Replace pid with the exact number of the process. Ex: While in Vi, you accidentally press the wrong keys. Vi's operation is stopped and you are kicked back to the prompt. To kill the stopped Vi command, you may type: kill 23070.
stty
The stty command allows you to view a listing of your current terminal options. By using this command, you can also remap keyboard keys, tailoring to your needs. Ex: stty and hit enter. This lists your terminal settings.Ex: stty erase\^h . This remaps your erase key (backspace) to the Ctrl and h keys. From now on, holding down Ctrl and pressing h will cause a backspace. So you're scratching your head asking why is this handy? You'll see at some point how stty is also used for a number of other useful settings.
talk
In order to contact someone who is on the system, at the prompt you type: talk accountname . Replace accountname with the full account name of the person. If you don’t want anyone to disturb you using the talk command, at the prompt type: mesg n. This prevents others from using talk to reach you.
tar
also related to gzip
You're bound to come across files that are g-zipped and tarred. Okay, now what? These are methods of compressing and storing directories and files in a single "file." Most new Linux programs come off the web as something like coolnew-game.4-4-01.gz. This file is likely a tar file that has then been gzipped for compression. The way to handle these files is simple, but requires that you put the file into an appropriate directory. In other words, don't plop the file in your root or /bin unless it belongs there.
Now you can do a one fell swoop un-gzip it and untar it into its original form (usually multiple files in many sub directories) by typing: tar -xvzf *.gzThis will programmatically un-gzip and then untar all files in the current directory into their full original form including sub-directories etc. Please be careful where and how you run this!
w
This command allows you to list all users’ and their processes who are currently logged in to the Linux server, or a particular user’s processes. Type: w to view all users’ processes. Type: w jsmith to view jsmith’s processes. We use this all the time from a system admin standpoint. Please also see more commands to get user information on this page. You need to know who logs on to your system! Okay, so you have a stand alone Linux box and no one else uses it? Try this command just to be sure. ;)
!!
Don’t waste time and energy retyping commands at the prompt. Instead, use the ! option. To automatically re-display the last command you typed at the prompt, type: !! and press enter. Press again to invoke the command. You can also automatically re-display a command you typed earlier by using the ! and the first few letters of the command. Ex: At the Linux prompt you had typed the command clear, followed by the command pico, followed by the command ftp. In order to re-display the clear command you type: !cl and press enter. In order to re-display the last command you typed, simply type: !! .
The du command prints a summary of the amount of information you have stored in your directories on the mounted disks.
syntax: du [options] pathex: du -a /NewsOptions:-s print the sum of bytes in your directories-a print a line for each file in your directory
grep:
The grep command searches text files for a particular word or string of words. Very helpful when trying to find that needle in a haystack, like a particular line in a large log file.syntax: grep textstring filename(s)ex: grep century history.text.doc
Head
Tail
head: prints the beginning of a text filetail: prints the end of a text fileThese commands allow you to view parts of a text file.tail -n 5 textfile.txt head -n 5 textfile.txtThe examples above will print the last 5 lines of the file textfile.txt and then the first 5 lines.
locate:
Trying to find out where on your Linux server a particular file resides? Having a real nasty time doing it? If you have the Bash shell you can try using the locate command to identify where it is on your mounted drives. Type: locate filename and press enter. Replace filename with the name of the file you are looking for. This is a real time saving command as you start navigating your Linux server!If locate does not work for you try using which.
Nice
Nohup
Nice: runs programs/commands at a lower system priorityNohup: runs nice programs even when you’re logged off the systemBy using the two commands simultaneously, your large processes can continue to run, even when you have logged off the system and are relaxing. Ex: nice nohup c program.c . This command will allow the c compiler to compile program.c even when you have logged off the system.
ps
related to "stopped jobs"
The ps command displays all of the existing processes. This command is also directly linked to issues with stopped processes (also known as "stopped jobs").Occasionally, you may see the message There are Stopped Jobs.If you log off the system without properly stopping your jobs, some jobs/processes may remain in memory tying up the system and drawing unnecessary processing bandwidth. Type ps and hit enter. This will list all of your current processes running, or stopped.PID TT STAT TIME COMMAND23036 pl S 0:00 -csh23070 pl R 0:00 viThe number under PID is the process identification number. To kill a process that is stopped, type: kill pid. Replace pid with the exact number of the process. Ex: While in Vi, you accidentally press the wrong keys. Vi's operation is stopped and you are kicked back to the prompt. To kill the stopped Vi command, you may type: kill 23070.
stty
The stty command allows you to view a listing of your current terminal options. By using this command, you can also remap keyboard keys, tailoring to your needs. Ex: stty and hit enter. This lists your terminal settings.Ex: stty erase\^h . This remaps your erase key (backspace) to the Ctrl and h keys. From now on, holding down Ctrl and pressing h will cause a backspace. So you're scratching your head asking why is this handy? You'll see at some point how stty is also used for a number of other useful settings.
talk
In order to contact someone who is on the system, at the prompt you type: talk accountname . Replace accountname with the full account name of the person. If you don’t want anyone to disturb you using the talk command, at the prompt type: mesg n. This prevents others from using talk to reach you.
tar
also related to gzip
You're bound to come across files that are g-zipped and tarred. Okay, now what? These are methods of compressing and storing directories and files in a single "file." Most new Linux programs come off the web as something like coolnew-game.4-4-01.gz. This file is likely a tar file that has then been gzipped for compression. The way to handle these files is simple, but requires that you put the file into an appropriate directory. In other words, don't plop the file in your root or /bin unless it belongs there.
Now you can do a one fell swoop un-gzip it and untar it into its original form (usually multiple files in many sub directories) by typing: tar -xvzf *.gzThis will programmatically un-gzip and then untar all files in the current directory into their full original form including sub-directories etc. Please be careful where and how you run this!
w
This command allows you to list all users’ and their processes who are currently logged in to the Linux server, or a particular user’s processes. Type: w to view all users’ processes. Type: w jsmith to view jsmith’s processes. We use this all the time from a system admin standpoint. Please also see more commands to get user information on this page. You need to know who logs on to your system! Okay, so you have a stand alone Linux box and no one else uses it? Try this command just to be sure. ;)
!!
Don’t waste time and energy retyping commands at the prompt. Instead, use the ! option. To automatically re-display the last command you typed at the prompt, type: !! and press enter. Press again to invoke the command. You can also automatically re-display a command you typed earlier by using the ! and the first few letters of the command. Ex: At the Linux prompt you had typed the command clear, followed by the command pico, followed by the command ftp. In order to re-display the clear command you type: !cl and press enter. In order to re-display the last command you typed, simply type: !! .
Linux Beginner Commands
arp:
Used for checking existing Ethernet connectivity and IP address
This command should be used in conjunction with the ifconfig and route commands. It is mostly useful for me to check a network card and get the IP address quick.
df:
Display filesystem information
df -h
show how much hard disk space you have on each mounted file system.
du:
Display usage
Most common use, under a specific directory: du -a
find:
Find locations of files/directories quickly across entire filesystem
Most common use: find / -name filename -type d -xdev (replace the word filename with the name of a file or application)
ifconfig:
Command line tool to configure or check all network cards/interfaces
init:
Allows you to change the server bootup on a specific runlevel
joe or nano
Easy to use command line editors that are often included with the major Linux flavors
Most common uses:joe filename nano filename
netstat:
Show the summary of network connections and status of sockets
Most common uses: netstat and also netstat head and also netstat -r
Netstat command simply displays all sockets and server connections. The top few lines are usually most helpful regarding webserver administration. Therefore if you are doing basic webserver work, you can quickly read the top lines of the netstat output by including the head (pipe and head commands). Using the -r option gives you a very good look at the network routing addresses. This is directly linked to the route command.
nslookup:
Checks the domain name and IP information of a server
ping:
Sends test packets to a specified server to check if it is responding properly
This is an extremely useful command that is necessary to test network connectivity and response of servers. It creates a series of test packets of data that are then bounced to the server and back giving an indication whether the server is operating properly.
It is the first line of testing if a network failure occurs. If ping works but for instance FTP does not, then chances are that the server is configured correctly, but the FTP daemon or service is not. However, if even ping does not work there is a more significant server connectivity issue… like maybe the wires are not connected or the server is turned off! The outcome of this command is pretty much one of two things. Either it works, or you get the message destination host unreachable. It is a very fast way to check even remote servers.
ps:
Lists all existing processes on the server
Most common uses: ps and also ps -A more
The simple command will list every process associated with the specific user running on the server. This is helpful in case you run into problems and need to for instance kill a particular process that is stuck in memory. On the other hand, as a system administrator, I tend to use the -A with the more option. This will list every process running on the server one screen at a time. I use it to quickly check what others are goofing with on my servers and often find that I'm the one doing the dangerous goofing!
rm
Removes/deletes directories and files
Most common use: rm -r name (replace name with your file or directory name)
The -r option forces the command to also apply to each subdirectory within the directory. For instance if you are trying to delete the entire contents of the directory x which includes directories y and z this command will do it in one quick process. That is much more useful than trying to use the rmdir command after deleting files! Instead use the rm -r command and you will save time and effort. You may already have known this but since server administrators end up spending a lot of time making and deleting I included this tip!
route:
Lists the routing tables for your server
Most common use: route -v
This is pretty much the exact same output as the command netstat -r. You can suit yourself which you prefer to run. I tend to type netstat commands a lot more than just route and so it applies less to my situation, but who knows, maybe you are going to love and use route the most!
shred
Deletes a file securely by overwriting its contents
Most common use: shred -v filename (replace filename with your specific file)
The -v option is useful since it provides extra view of what exactly the shred tool is doing while you wait. On especially BIG files this could take a bit of time. The result is that your file is so thoroughly deleted it is very unlikely to ever be retrieved again. This is especially useful when trying to zap important server related files that may include confidential information like user names or hidden processes. It is also useful for deleting those hundreds of love notes you get from some of the users on your server, another bonus of being a server administrator. :)
sudo:
The super-user do command that allows you to run specific commands that require root access.
Most common use: sudo command (replace command with your specific one)
This command is useful when you are logged into a server and attempt a command that requires super-user or root privileges. In most cases, you can simply run the command through sudo, without having to log in as root. In fact, this is a very beneficial way to administer your server without daily use of the root login, which is potentially dangerous.Below is a simple example of the sudo capabilities:sudo cd /rootThis command allows you to change directories to the /root without having to login as root. Note that you must enter the root password once, when running a sudo command.
top:
Displays many system statistics and details regarding active processes
Most common use: top
This is a very useful system administrator tool that basically gives you a summary view of the system including number of users, memory usage, CPU usage, and active processes. Often during the course of a day when running multiple servers, one of my Xwindows workstations just displays the top command from each of the servers as a very quick check of their status and stability.
touch:
Allows you to change the timestamp on a file.
Most common use: touch filename
Using the basic touch command, as above, will simply force the current date and time upon the specified file. This is helpful, but not often used.However, another option that I've used in the past when administering servers, is to force a specific timestamp on a set of files in a directory.
traceroute:
Traces the existing network routing for a remote or local server
Most common use: traceroute hostname
w
An extension of the who command that displays details of all users currently on the server
Most common uses: w
This is a very important system admin tool I use commonly to track who is on the server and what processes they are running. It is obviously most useful when run as a superuser.
The default setting for the w command is to show the long list of process details. You can also run the command w -s to review a shorter process listing, which is helpful when you have a lot of users on the server doing a lot of things! Remember that this is different than the who command that can only display users not their processes.
who:
Tool used to monitor who is on the system and many other server related characteristics
Most common uses: who and also who -q and also who -b
Used for checking existing Ethernet connectivity and IP address
This command should be used in conjunction with the ifconfig and route commands. It is mostly useful for me to check a network card and get the IP address quick.
df:
Display filesystem information
df -h
show how much hard disk space you have on each mounted file system.
du:
Display usage
Most common use, under a specific directory: du -a
find:
Find locations of files/directories quickly across entire filesystem
Most common use: find / -name filename -type d -xdev (replace the word filename with the name of a file or application)
ifconfig:
Command line tool to configure or check all network cards/interfaces
init:
Allows you to change the server bootup on a specific runlevel
joe or nano
Easy to use command line editors that are often included with the major Linux flavors
Most common uses:joe filename nano filename
netstat:
Show the summary of network connections and status of sockets
Most common uses: netstat and also netstat head and also netstat -r
Netstat command simply displays all sockets and server connections. The top few lines are usually most helpful regarding webserver administration. Therefore if you are doing basic webserver work, you can quickly read the top lines of the netstat output by including the head (pipe and head commands). Using the -r option gives you a very good look at the network routing addresses. This is directly linked to the route command.
nslookup:
Checks the domain name and IP information of a server
ping:
Sends test packets to a specified server to check if it is responding properly
This is an extremely useful command that is necessary to test network connectivity and response of servers. It creates a series of test packets of data that are then bounced to the server and back giving an indication whether the server is operating properly.
It is the first line of testing if a network failure occurs. If ping works but for instance FTP does not, then chances are that the server is configured correctly, but the FTP daemon or service is not. However, if even ping does not work there is a more significant server connectivity issue… like maybe the wires are not connected or the server is turned off! The outcome of this command is pretty much one of two things. Either it works, or you get the message destination host unreachable. It is a very fast way to check even remote servers.
ps:
Lists all existing processes on the server
Most common uses: ps and also ps -A more
The simple command will list every process associated with the specific user running on the server. This is helpful in case you run into problems and need to for instance kill a particular process that is stuck in memory. On the other hand, as a system administrator, I tend to use the -A with the more option. This will list every process running on the server one screen at a time. I use it to quickly check what others are goofing with on my servers and often find that I'm the one doing the dangerous goofing!
rm
Removes/deletes directories and files
Most common use: rm -r name (replace name with your file or directory name)
The -r option forces the command to also apply to each subdirectory within the directory. For instance if you are trying to delete the entire contents of the directory x which includes directories y and z this command will do it in one quick process. That is much more useful than trying to use the rmdir command after deleting files! Instead use the rm -r command and you will save time and effort. You may already have known this but since server administrators end up spending a lot of time making and deleting I included this tip!
route:
Lists the routing tables for your server
Most common use: route -v
This is pretty much the exact same output as the command netstat -r. You can suit yourself which you prefer to run. I tend to type netstat commands a lot more than just route and so it applies less to my situation, but who knows, maybe you are going to love and use route the most!
shred
Deletes a file securely by overwriting its contents
Most common use: shred -v filename (replace filename with your specific file)
The -v option is useful since it provides extra view of what exactly the shred tool is doing while you wait. On especially BIG files this could take a bit of time. The result is that your file is so thoroughly deleted it is very unlikely to ever be retrieved again. This is especially useful when trying to zap important server related files that may include confidential information like user names or hidden processes. It is also useful for deleting those hundreds of love notes you get from some of the users on your server, another bonus of being a server administrator. :)
sudo:
The super-user do command that allows you to run specific commands that require root access.
Most common use: sudo command (replace command with your specific one)
This command is useful when you are logged into a server and attempt a command that requires super-user or root privileges. In most cases, you can simply run the command through sudo, without having to log in as root. In fact, this is a very beneficial way to administer your server without daily use of the root login, which is potentially dangerous.Below is a simple example of the sudo capabilities:sudo cd /rootThis command allows you to change directories to the /root without having to login as root. Note that you must enter the root password once, when running a sudo command.
top:
Displays many system statistics and details regarding active processes
Most common use: top
This is a very useful system administrator tool that basically gives you a summary view of the system including number of users, memory usage, CPU usage, and active processes. Often during the course of a day when running multiple servers, one of my Xwindows workstations just displays the top command from each of the servers as a very quick check of their status and stability.
touch:
Allows you to change the timestamp on a file.
Most common use: touch filename
Using the basic touch command, as above, will simply force the current date and time upon the specified file. This is helpful, but not often used.However, another option that I've used in the past when administering servers, is to force a specific timestamp on a set of files in a directory.
traceroute:
Traces the existing network routing for a remote or local server
Most common use: traceroute hostname
w
An extension of the who command that displays details of all users currently on the server
Most common uses: w
This is a very important system admin tool I use commonly to track who is on the server and what processes they are running. It is obviously most useful when run as a superuser.
The default setting for the w command is to show the long list of process details. You can also run the command w -s to review a shorter process listing, which is helpful when you have a lot of users on the server doing a lot of things! Remember that this is different than the who command that can only display users not their processes.
who:
Tool used to monitor who is on the system and many other server related characteristics
Most common uses: who and also who -q and also who -b
Monday, June 11, 2007
Qmail in Linux
Qmail is an SMTP (Simple Mail Transfer Protocol) Server for UNIX. This is the program that receives all incoming/outgoing mail for your domains.
Configuring QMail for @Mail
Find out the folder qmail lives in. On most linuxsystems this can be done by typing:
shell# locate qmail
The default folder for Qmail is /usr/local/qmail/.
Edit the control/virtualdomains file, and enter the domains you want qmail to accept email for and which folder to assign for it's incoming email.
myfirstdomain.com myfirstfolder-com
myseconddomain.com mysecondfolder-com
mythirddomain.com mythirdfolder-comFoldernames must be created in the Qmail mailnames folder
shell# mkdir /path-to-qmail/mailnames/myfirstfolder-com/ shell# mkdir /path-to-qmail/mailnames/mysecondfolder-com/ shell# mkdir /path-to-qmail/mailnames/mythirdfolder-com/
Finally, in order to make the email for the folders forward the email to @Mail, create a file called .qmail-default in the folders containing the following line:
/path-to-atmail/saveemail.pl $RECIPIENT
The $RECIPIENT must be included to tell the @Mail saveemail.pl script which user the email is intended for.
Once the .qmail-default file is created you can restart qmail and test your installation.
Restarting Qmail
If you are running linux, find out which rc file starts and stops qmail. These scripts are usually located in the /etc/rc.d/ folder or in the /etc/rc.d/init.d/, /etc/init.d/ folders. Find the script that starts up qmail and do a restart.
shell# /etc/rc.d/init.d/qmail stop
shell# /etc/rc.d/init.d/qmail start
Next, use the ps command to check if qmail is running.
shell# ps aux grep qmail
qmails 20750 0.0 0.1 1460 400 pts/1 S Aug06 0:00 qmail-send
qmaill 20762 0.0 0.1 1408 452 pts/1 S Aug06 0:00 splogger qmail
root 20763 0.0 0.1 1432 364 pts/1 S Aug06 0:00 qmail-lspawn ./Ma
qmailr 20764 0.0 0.1 1428 368 pts/1 S Aug06 0:00 qmail-rspawn
qmailq 20765 0.0 0.1 1392 328 pts/1 S Aug06 0:00 qmail-clean
Testing Email Delivery
Telnet to your machine on port 25 to send an email message manually. During this test phase, use your own email address as the sender. Debugging information will be sent to you if the message fails
First create a new account in @Mail, and test the email delivery to the account.
shell# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hostname ESMTP
mail from: you@email.com
250 ok
rcpt to: user@domain.com
250 ok
data
354 go ahead
test
.
250 ok 1028743136 qp 24920
quit
221 hostname
Connection closed by foreign host.
In this example you will have to give the mail from, rcpt to and data commands manually. Correct spelling of those is required. After the data command give a dot (.) on a single line to return. Use the quit command to get back to your shell.
If successful the user user@myfirstdomain.com will receive a message with the text 'test' in the email body. If the email doesn't get received by this user, check out your maillog (usually /var/log/maillog , or /var/log/mail), or any email qMail might send back to your email address.
Testing the @Mail delivery script
If the above example fails, run the @Mail delivery script manually. shell# /path-to-atmail/saveemail.pl "user@domain.com"
Type a message then hit ^D (Control D) to quit.
Now check the users email account in @Mail, and check the message has been received. If you receive the message, but sending via the SMTP server does not work, check your qmail configuration.
Configuring QMail for @Mail
Find out the folder qmail lives in. On most linuxsystems this can be done by typing:
shell# locate qmail
The default folder for Qmail is /usr/local/qmail/.
Edit the control/virtualdomains file, and enter the domains you want qmail to accept email for and which folder to assign for it's incoming email.
myfirstdomain.com myfirstfolder-com
myseconddomain.com mysecondfolder-com
mythirddomain.com mythirdfolder-comFoldernames must be created in the Qmail mailnames folder
shell# mkdir /path-to-qmail/mailnames/myfirstfolder-com/ shell# mkdir /path-to-qmail/mailnames/mysecondfolder-com/ shell# mkdir /path-to-qmail/mailnames/mythirdfolder-com/
Finally, in order to make the email for the folders forward the email to @Mail, create a file called .qmail-default in the folders containing the following line:
/path-to-atmail/saveemail.pl $RECIPIENT
The $RECIPIENT must be included to tell the @Mail saveemail.pl script which user the email is intended for.
Once the .qmail-default file is created you can restart qmail and test your installation.
Restarting Qmail
If you are running linux, find out which rc file starts and stops qmail. These scripts are usually located in the /etc/rc.d/ folder or in the /etc/rc.d/init.d/, /etc/init.d/ folders. Find the script that starts up qmail and do a restart.
shell# /etc/rc.d/init.d/qmail stop
shell# /etc/rc.d/init.d/qmail start
Next, use the ps command to check if qmail is running.
shell# ps aux grep qmail
qmails 20750 0.0 0.1 1460 400 pts/1 S Aug06 0:00 qmail-send
qmaill 20762 0.0 0.1 1408 452 pts/1 S Aug06 0:00 splogger qmail
root 20763 0.0 0.1 1432 364 pts/1 S Aug06 0:00 qmail-lspawn ./Ma
qmailr 20764 0.0 0.1 1428 368 pts/1 S Aug06 0:00 qmail-rspawn
qmailq 20765 0.0 0.1 1392 328 pts/1 S Aug06 0:00 qmail-clean
Testing Email Delivery
Telnet to your machine on port 25 to send an email message manually. During this test phase, use your own email address as the sender. Debugging information will be sent to you if the message fails
First create a new account in @Mail, and test the email delivery to the account.
shell# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hostname ESMTP
mail from: you@email.com
250 ok
rcpt to: user@domain.com
250 ok
data
354 go ahead
test
.
250 ok 1028743136 qp 24920
quit
221 hostname
Connection closed by foreign host.
In this example you will have to give the mail from, rcpt to and data commands manually. Correct spelling of those is required. After the data command give a dot (.) on a single line to return. Use the quit command to get back to your shell.
If successful the user user@myfirstdomain.com will receive a message with the text 'test' in the email body. If the email doesn't get received by this user, check out your maillog (usually /var/log/maillog , or /var/log/mail), or any email qMail might send back to your email address.
Testing the @Mail delivery script
If the above example fails, run the @Mail delivery script manually. shell# /path-to-atmail/saveemail.pl "user@domain.com"
Type a message then hit ^D (Control D) to quit.
Now check the users email account in @Mail, and check the message has been received. If you receive the message, but sending via the SMTP server does not work, check your qmail configuration.
FireWall
FireWall is use for two things.
1. To keep the people (worms and cracker) out
2. To keep the people (user) in
There are two types of firewalls.
a) Filtering Firewalls - that block selected network packets.
b)Proxy Servers (sometimes called firewalls) - that make network connections for you.
Packet Filtering:
Packet Filtering is the type of firewall built into the Linux kernel.
A filtering firewall works at the network level. Data is only allowed to leave the system if the firewall rules allow it. As packets arrive they are filtered by their type, source address, destination address, and port information contained in each packet.
Many network routers have the ability to perform some firewall services. Filtering firewalls can be thought of as a type of router. Because of this you need a deep understanding of IP packet structure to work with one.
Because very little data is analyzed and logged, filtering firewalls take less CPU and create less latency in your network.
Filtering firewalls do not provide for password controls. User can not identify themselves. The only identity a user has is the IP number assigned to their workstation. This can be a problem if you are going to use DHCP (Dynamic IP assignments). This is because rules are based on IP numbers you will have to adjust the rules as new IP numbers are assigned. I don't know how to automate this process.
Filtering firewalls are more transparent to the user. The user does not have to setup rules in their applications to use the Internet. With most proxy servers this is not true.
A filtering firewall works at the network level. Data is only allowed to leave the system if the firewall rules allow it. As packets arrive they are filtered by their type, source address, destination address, and port information contained in each packet.
Many network routers have the ability to perform some firewall services. Filtering firewalls can be thought of as a type of router. Because of this you need a deep understanding of IP packet structure to work with one.
Because very little data is analyzed and logged, filtering firewalls take less CPU and create less latency in your network.
Filtering firewalls do not provide for password controls. User can not identify themselves. The only identity a user has is the IP number assigned to their workstation. This can be a problem if you are going to use DHCP (Dynamic IP assignments). This is because rules are based on IP numbers you will have to adjust the rules as new IP numbers are assigned. I don't know how to automate this process.
Filtering firewalls are more transparent to the user. The user does not have to setup rules in their applications to use the Internet. With most proxy servers this is not true.
Proxy Servers:
Proxies are mostly used to control, or monitor, outbound traffic. Some application proxies cache the requested data. This lowers bandwidth requirements and decreases the access the same data for the next user. It also gives unquestionable evidence of what was transferred.
There are two types of proxy servers.
1) Application Proxies - that do the work for you.
2) SOCKS Proxies - that cross wire ports.
Proxies are mostly used to control, or monitor, outbound traffic. Some application proxies cache the requested data. This lowers bandwidth requirements and decreases the access the same data for the next user. It also gives unquestionable evidence of what was transferred.
There are two types of proxy servers.
1) Application Proxies - that do the work for you.
2) SOCKS Proxies - that cross wire ports.
Application Proxy:
The best example is a person telneting to another computer and then telneting from there to the outside world. With a application proxy server the process is automated. As you telnet to the outside world the client send you to the proxy first. The proxy then connects to the server you requested (the outside world) and returns the data to you.
Because proxy servers are handling all the communications, they can log everything they (you) do. For HTTP (web) proxies this includes very URL they you see. For FTP proxies this includes every file you download. They can even filter out "inappropriate" words from the sites you visit or scan for viruses.
Application proxy servers can authenticate users. Before a connection to the outside is made, the server can ask the user to login first. To a web user this would make every site look like it required a login.
The best example is a person telneting to another computer and then telneting from there to the outside world. With a application proxy server the process is automated. As you telnet to the outside world the client send you to the proxy first. The proxy then connects to the server you requested (the outside world) and returns the data to you.
Because proxy servers are handling all the communications, they can log everything they (you) do. For HTTP (web) proxies this includes very URL they you see. For FTP proxies this includes every file you download. They can even filter out "inappropriate" words from the sites you visit or scan for viruses.
Application proxy servers can authenticate users. Before a connection to the outside is made, the server can ask the user to login first. To a web user this would make every site look like it required a login.
SOCKS Proxy:
A SOCKS server is a lot like an old switch board. It simply cross wires your connection through the system to another outside connection.
Most SOCKS server only work with TCP type connections. And like filtering firewalls they don't provide for user authentication. They can however record where each user connected to.
A SOCKS server is a lot like an old switch board. It simply cross wires your connection through the system to another outside connection.
Most SOCKS server only work with TCP type connections. And like filtering firewalls they don't provide for user authentication. They can however record where each user connected to.
Friday, May 11, 2007
Configuring Network File Server
Service Profile:
Daemon : nfsd,rpc.mountd,rpc.rquotad,rpc.statd
Type : Standalone
Script : nfs
Port : assigned by portmap (NFS is an RPC so portmap is required)
Configuration File : /etc/exports ---Contains shared Directory list
Log File : /var/log/messages
Pakages:
nfs-utils
portmap
autofs
Configuration
#mkdir -p /test/{students,faculty,all,local}
#vi /etc/exports
//format shared_dir_path allowed_hosts(options)
/test/students 192.168.0.0/255.255.255.0(ro) 192.168.0.1(rw,sync)/test/faculty server.test.com(rw,sync)/test/loal *.abc.com(ro)/test/all *(ro)
Save & Exit the file
#cd /test
#ls -ld faculty
#chmod o+w faculty
#service portmap start
Daemon : nfsd,rpc.mountd,rpc.rquotad,rpc.statd
Type : Standalone
Script : nfs
Port : assigned by portmap (NFS is an RPC so portmap is required)
Configuration File : /etc/exports ---Contains shared Directory list
Log File : /var/log/messages
Pakages:
nfs-utils
portmap
autofs
Configuration
#mkdir -p /test/{students,faculty,all,local}
#vi /etc/exports
//format shared_dir_path allowed_hosts(options)
/test/students 192.168.0.0/255.255.255.0(ro) 192.168.0.1(rw,sync)/test/faculty server.test.com(rw,sync)/test/loal *.abc.com(ro)/test/all *(ro)
Save & Exit the file
#cd /test
#ls -ld faculty
#chmod o+w faculty
#service portmap start
Transparent Proxy Configuration
Easy and step by step guide to install and configure a transparent squid proxy server on a linux machine[/color]
Start with the transparent proxy server configurations:
First of all download the latest squid package .
Rpm Package : Download Rpm Package For Squid
Rpm Package : Download Rpm Package For Squid
or
TarBall : Download Squid Tarball
Installation For Rpm Package :
* Go to the directory where rpm package is and issue the following command :
#rpm -ivh squid-x.x.x
Installation for Tarball Package :
* Go to directory where tarball is and issue the following commands :
#tar -zxvf squid-x.x.x.tar.gz
#cd squid-x.x.x.
# ./configure#make check
#make && make install
Now the squid is installed and we need to modify some parameters to make the proxy transparent.
The main configuration file for squid is located at /etc/squid/squid.conf#vi /etc/squid/squid.conf
make sure the following parameters are not commented.
httpd_accel_host virtual
The main configuration file for squid is located at /etc/squid/squid.conf#vi /etc/squid/squid.conf
make sure the following parameters are not commented.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Now you need to configure Iptables i.e. Firewall for Transparent
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
-j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -i eth1 -p tcp \ --dport 3128
iptables -A OUTPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \ --dport 80
iptables -A INPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -i eth0 -p tcp \ --sport 80
iptables -A OUTPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -o eth1 -p tcp \ --sport 80
Rescue Mode in Linux
- Boot The system using the first installation CD and enter boot : linux text
- Rescue Environment will then try to detect existing root filesystem and if successful,mounts it under /mnt/sysimage.
# chroot /mnt/sysimage --- Changes /mnt/sysimage to root (/)
# exit ---- exits from the chrooted environment
# exit ---- exits from the rescue environment and automatically reboots.
- If rescue environment is unable to detect root filesystem then issue the following commands :
#mknod /dev/hda# fdisk -l /dev/hdx
#mkdir /mnt/sysimage
#mount /dev/hda5 (assuming /dev/hda5 as the root of existing linux)
#mount /dev/hda2 /mnt/sysimage/boot
#chroot /mnt/sysimage
# exit : After troubleshooting
#exit : reboot
Linux Solutions in Emergerncy
Grub : There may be problem with the label in grub,check the grunb.conf file .First of all boot the system by entering into the command mode.
In Emergency mode,root filesystem is mounted as read-only so you need to remount the filesystem in read write mode.
# df -h : use this command to see the root parition
# mount -o remount,rw /dev/hdax / : use this command to remount in read write mode.
After this you can edit the grub.conf ,but at this time /boot is not mounted and only / is mounted so first find the /boot partition.
# fdisk -l ==> Find the /boot
#e2label /dev/hda1 then try /dev/hda2 then 3 and so on until you find /boot.
# mount /dev/hdax /boot
Now the /boot is mounted edit the grub.conf and then type exit to reboot.
If the Filesystem is severly corrupt then try the following :
#e2fsck -y /dev/hdax : The partition for which fsck couldnot run
If Bash Is corrupt then the last alternate is to re-install bash package using rescue mode.
In Emergency mode,root filesystem is mounted as read-only so you need to remount the filesystem in read write mode.
# df -h : use this command to see the root parition
# mount -o remount,rw /dev/hdax / : use this command to remount in read write mode.
After this you can edit the grub.conf ,but at this time /boot is not mounted and only / is mounted so first find the /boot partition.
# fdisk -l ==> Find the /boot
#e2label /dev/hda1 then try /dev/hda2 then 3 and so on until you find /boot.
# mount /dev/hdax /boot
Now the /boot is mounted edit the grub.conf and then type exit to reboot.
If the Filesystem is severly corrupt then try the following :
#e2fsck -y /dev/hdax : The partition for which fsck couldnot run
If Bash Is corrupt then the last alternate is to re-install bash package using rescue mode.
Configuring Squid Proxy Server
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.Ensure that ip forwarding is enabled .
#vi /etc/sysctl.confnet.ipv4.ip_forward=1
#service network restart#sysctl -p
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.
Service Profile:
Daemon : squid
Type : Standalone
Script : squid
Port : 3128 (default)
Configuration File : /etc/squid/squid.conf
Log File : /var/log/squid/{error.log,cache.log,access.log}
Packages: #rpm -q squid
Configurations for proxy server
# vi /etc/squid/squid.conf/
http_access----search (n -- next )
http_access deny all ( replace deny with allow )(Insert Your OWN RULES HERE )
acl mynet src 192.168.0.0/24
acl mynet srcdomain .mydomain.com
acl blocked dstdomain .unwantedsite.com
http_access deny blocked
http_access allow mynet
http_access deny all
#service squid start
#chkconfig squid on
( The above written is an ordered list which means execute on first match )Cache DIR /var/spool/squid (Default , it can be changed )
#vi /etc/sysctl.confnet.ipv4.ip_forward=1
#service network restart#sysctl -p
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.
Service Profile:
Daemon : squid
Type : Standalone
Script : squid
Port : 3128 (default)
Configuration File : /etc/squid/squid.conf
Log File : /var/log/squid/{error.log,cache.log,access.log}
Packages: #rpm -q squid
Configurations for proxy server
# vi /etc/squid/squid.conf/
http_access----search (n -- next )
http_access deny all ( replace deny with allow )(Insert Your OWN RULES HERE )
acl mynet src 192.168.0.0/24
acl mynet srcdomain .mydomain.com
acl blocked dstdomain .unwantedsite.com
http_access deny blocked
http_access allow mynet
http_access deny all
#service squid start
#chkconfig squid on
( The above written is an ordered list which means execute on first match )Cache DIR /var/spool/squid (Default , it can be changed )
Command Line Configuring a Samba Server
SAMBA Server is used for file & print sharing between unix and windows systems
Samba uses /etc/samba/smb.conf as its configuration file. Change in configuration file takes effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, we neeed to edit the following lines in your smb.conf file:
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong.
The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = saroj nishant
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users saroj and nishant to read and write to the directory /home/share, on the Samba server, from a Samba client.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
Make sure the smb service is started by typing the command service smb restart at a shell prompt.
If you want the smb service to start automatically, use ntsysv, chkconfig,
Starting and Stopping the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig --level 345 smb on
Samba uses /etc/samba/smb.conf as its configuration file. Change in configuration file takes effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, we neeed to edit the following lines in your smb.conf file:
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong.
The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = saroj nishant
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users saroj and nishant to read and write to the directory /home/share, on the Samba server, from a Samba client.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
Make sure the smb service is started by typing the command service smb restart at a shell prompt.
If you want the smb service to start automatically, use ntsysv, chkconfig,
Starting and Stopping the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig --level 345 smb on
Linux File System Hierarchy
/root : Administrator's Home Directory
/home :contain's normal user's home directory.
/boot :contains kernel and files required for booting the system
/usr :contains user related program files.
/bin :contains normal user's executalbe or binary files
/sbin :Contains system administrators executalbes
/usr/bin :Contains normal user's binaries i.e. commands
/usr/sbin :Contains system i.e. system administrators binaries or commands.
/dev :Contains device files
/etc :Contains System's configuration files.
/initrd :Contains Shared Libraries
/Lost+Found : Contains nameless files found during system recovery
/mnt :Contains mount points for floppy drives,cdroms,usb drives and so on.
/opt :Contains third party programs.
/proc :Virtual Filesystem that contains system information providing files
/tmp :Contains Temporary Files.
/var :Contains Log files.
/misc :Used by autofs program.
/home :contain's normal user's home directory.
/boot :contains kernel and files required for booting the system
/usr :contains user related program files.
/bin :contains normal user's executalbe or binary files
/sbin :Contains system administrators executalbes
/usr/bin :Contains normal user's binaries i.e. commands
/usr/sbin :Contains system i.e. system administrators binaries or commands.
/dev :Contains device files
/etc :Contains System's configuration files.
/initrd :Contains Shared Libraries
/Lost+Found : Contains nameless files found during system recovery
/mnt :Contains mount points for floppy drives,cdroms,usb drives and so on.
/opt :Contains third party programs.
/proc :Virtual Filesystem that contains system information providing files
/tmp :Contains Temporary Files.
/var :Contains Log files.
/misc :Used by autofs program.
Configuring Nagios Server
What is Nagios??
Nagios is a network and system monitoring tool,it notifies the administrator whenever the system goes wrong and whenever the system go better for the specified hosts and systems.
The important features of Nagios Server can be listed as below :
Monitoring various network services like pop,smtp,httpd and many more.
Monitoring the resources of the host system like processor load,memory usage and so on.
Users can design their own plugin to check specific services.
Parallel checking available for various systems
And there are lot many features of nagios and is worth configuring.
Installing The Nagios Server
Before Beginning The Installation :
It Takes time and patience to install and configure nagios before it really starts monitoring anything.So don't work in hurry,relax and take your time and proceed exactly as described here unless you are an expert.
Nagios is a network and system monitoring tool,it notifies the administrator whenever the system goes wrong and whenever the system go better for the specified hosts and systems.
The important features of Nagios Server can be listed as below :
Monitoring various network services like pop,smtp,httpd and many more.
Monitoring the resources of the host system like processor load,memory usage and so on.
Users can design their own plugin to check specific services.
Parallel checking available for various systems
And there are lot many features of nagios and is worth configuring.
Installing The Nagios Server
Before Beginning The Installation :
It Takes time and patience to install and configure nagios before it really starts monitoring anything.So don't work in hurry,relax and take your time and proceed exactly as described here unless you are an expert.
- Login As Root To the server There are a lot of superuser jobs to be done in order to install linux , so first of all you need to login as a root to the server,you will need to create various users and groups.
- Download The package Download the installation package from the links above.
Unpack the Compressed Package
tar -vxzf nagios-version.tar.gz - After unpacking the distribution then you will have core nagios distribution files inside the directory /downloads/nagios
Create Nagios User/Group - You're probably going to want to run Nagios under a normal user account, so add a new user (and group) to your system with the following command (this will vary depending on what OS you're running):
adduser nagios - Create Installation Directory
- Create the base directory where you would like to install Nagios as follows...
mkdir /usr/local/nagios - Change the owner of the base installtion directory to be the Nagios user and group you added earlier as follows:
chown nagios.nagios /usr/local/nagios - Identify Web Server User
- You're probably going to want to issue external commands (like acknowledgements and scheduled downtime) from the web interface. To do so, you need to identify the user your web server runs as (typically apache, although this may differ on your system). This setting is found in your web server configuration file. The following command can be used to quickly determine what user Apache is running as (paths may differ on your system):
grep "^User" /etc/httpd/conf/httpd.conf - Add Command File Group: Next we're going to create a new group whose members include the user your web server is running as and the user Nagios is running as. Let's say we call this new group 'nagcmd' (you can name it differently if you wish). On RedHat Linux you can use the following command to add a new group (other systems may differ):
/usr/sbin/groupadd nagcmd - Next, add the users that your web server and Nagios run as to the newly created group with the following commands (I'll assume apache and nagios are the respective users):
/usr/sbin/usermod -G nagcmd apache/usr/sbin/usermod -G nagcmd nagios - Run the Configure Script
Run the configure script to initialize variables and create a Makefile as follows...(the last two options: --with-command-xxx are optional, but needed if you want to issue external commands)
./configure --prefix=prefix --with-cgiurl=cgiurl --with-htmurl=htmurl --with-nagios-user=someuser --with-nagios-group=somegroup --with-command-group=cmdgroup - Replace prefix with the installation directory that you created in the step above (default is /usr/local/nagios)
- Replace cgiurl with the actual url you will be using to access the CGIs (default is /nagios/cgi-bin). Do NOT append a slash at the end of the url. Replace htmurl with the actual url you will be using to access the HTML for the main interface and documentation (default is /nagios/) Replace someuser with the name of a user on your system that will be used for setting permissions on the installed files (default is nagios)
- Replace somegroup with the name of a group on your system that will be used for setting permissions on the installed files (default is nagios) Replace cmdgroup with the name of the group running the web server (default is nagios, in the example above it was nagcmd). This will allow group members (i.e. your web server) to be able to submit external commands to Nagios.
- Compile Binaries Compile Nagios and the CGIs with the following command:
make all
Installing The Binaries And HTML Files
Install the binaries and HTML files (documentation and main web page) with the following command:
make install - Installing An Init Script
If you wish, you can also install the sample init script to /etc/rc.d/init.d/nagios with the following command:
make install-init
You may have to edit the init script to make sense with your particular OS and Nagios installation by editing paths, etc - Directory Structure And File Locations
Change to the root of your Nagios installation directory with the following command...
cd /usr/local/nagios - You should see five different subdirectories. A brief description of what each directory contains is given in the table below.
Sub-Directory Contents bin/ Nagios core program etc/ Main, resource, object, and CGI configuration files should be put here sbin/ CGIs share/ HTML files (for web interface and online documentation) var/ Empty directory for the log file, status file, retention file, etc. var/archives Empty directory for the archived logs var/rw Empty directory for the external command file - Installing The Plugins
In order for Nagios to be of any use to you, you're going to have to download and install some plugins. Plugins are usually installed in the libexec/ directory of your Nagios installation (i.e. /usr/local/nagios/libexec). Plugins are scripts or binaries which perform all the service and host checks that constitute monitoring. You can grab the latest release of the plugins from the Nagios downloads page or directly from the SourceForge project page. - Setup The Web Interface
You're probably going to want to use the web interface, so you'll also have to read the instructions on setting up the web interface and configuring web authentication, etc. next. - Configuring Nagios
So now you have things compiled and installed, but you still haven't configured Nagios or defined objects (hosts, services, etc.) that should be monitored. Information on configuring Nagios and defining objects can be found here. There's a lot to configure, but don't let it discourage you - its well worth it.
Advance Linux Tutorials
Transparent Proxy Server Configuration
When we configure a normal squid proxy server then we need to modify i.e. configure each client's browser to use the proxy server and the proxy server's port needs to be specified in the browser so that the client machines can access internet through the proxy.This sort of proxy configuration is not effective all the time because each client machine's browser needs to be reconfigured. So in Internet Service Providers and large office it is often required that such a proxy server configured which shall be detected by the client machine by itself , or in other words the clients browsers need not be modified.This sort of proxy server configuration is call the transparent proxy server.What is done in transparent proxy server is that all the request that come to proxy server's LAN interface in port 80 is redirected to it's proxy port. This is done by firewall rule.
Central Authentication Server Usig NIS
NIS or Network Information Server can be used as a central authentication server for all the users in a network.BY configuring a Network Information Server it becomes easier to maintain the database of users and their passwords in a single computer in the network and whenever a user needs to login to a system then the NIS server checks the login information and authenticates the user.So NIS server is found to be useful for managing a central authentication Server.
Configuring A Nagios Server
A nagios Server is used to monitor hosts in a Network.In a large network system it is often required to monitor the status of the host machines,servers routers and switches for their normal operation.A nagios server works to check the status of such devices and machines in a fixed interval of time and informs the administrators via email,sms,pager or instant messaging about the status of the machines whenever their status changes.For example if a host goes down then it makes a notification and then again makes the notification when the same host comes up.So A Nagios Server Is thus a useful tool for system administrators to effectively monitor the hosts.
When we configure a normal squid proxy server then we need to modify i.e. configure each client's browser to use the proxy server and the proxy server's port needs to be specified in the browser so that the client machines can access internet through the proxy.This sort of proxy configuration is not effective all the time because each client machine's browser needs to be reconfigured. So in Internet Service Providers and large office it is often required that such a proxy server configured which shall be detected by the client machine by itself , or in other words the clients browsers need not be modified.This sort of proxy server configuration is call the transparent proxy server.What is done in transparent proxy server is that all the request that come to proxy server's LAN interface in port 80 is redirected to it's proxy port. This is done by firewall rule.
Central Authentication Server Usig NIS
NIS or Network Information Server can be used as a central authentication server for all the users in a network.BY configuring a Network Information Server it becomes easier to maintain the database of users and their passwords in a single computer in the network and whenever a user needs to login to a system then the NIS server checks the login information and authenticates the user.So NIS server is found to be useful for managing a central authentication Server.
Configuring A Nagios Server
A nagios Server is used to monitor hosts in a Network.In a large network system it is often required to monitor the status of the host machines,servers routers and switches for their normal operation.A nagios server works to check the status of such devices and machines in a fixed interval of time and informs the administrators via email,sms,pager or instant messaging about the status of the machines whenever their status changes.For example if a host goes down then it makes a notification and then again makes the notification when the same host comes up.So A Nagios Server Is thus a useful tool for system administrators to effectively monitor the hosts.
Linux Basic Tutorials
Redhat Enterprise Linux :
A distribution of a recent linux kernel with custom version of recent kernel,utilities and applications ,Installation and configuration,support available.
Why Linux ?
Linux is very important operating system and is used widely by various companies and individuals.It has the following features:
- Fresh Implementation of Unix API's .
- Open Source Development Model.
- Supports wide variety of Hardwares.
- Supports Many Networking Protocols And Configurations.
- Fully Supported.
Unix Principle :
- Everything is a file,including Hardware
- Configuration Files are in text form.
- Small Single Purpose Commands.
- Programs can be chained together to perform complex tasks.
- Avoid use of captive user interface.
Subscribe to:
Posts (Atom)