Service Profile:
Daemon : nfsd,rpc.mountd,rpc.rquotad,rpc.statd
Type : Standalone
Script : nfs
Port : assigned by portmap (NFS is an RPC so portmap is required)
Configuration File : /etc/exports ---Contains shared Directory list
Log File : /var/log/messages
Pakages:
nfs-utils
portmap
autofs
Configuration
#mkdir -p /test/{students,faculty,all,local}
#vi /etc/exports
//format shared_dir_path allowed_hosts(options)
/test/students 192.168.0.0/255.255.255.0(ro) 192.168.0.1(rw,sync)/test/faculty server.test.com(rw,sync)/test/loal *.abc.com(ro)/test/all *(ro)
Save & Exit the file
#cd /test
#ls -ld faculty
#chmod o+w faculty
#service portmap start
Friday, May 11, 2007
Transparent Proxy Configuration
Easy and step by step guide to install and configure a transparent squid proxy server on a linux machine[/color]
Start with the transparent proxy server configurations:
First of all download the latest squid package .
Rpm Package : Download Rpm Package For Squid
Rpm Package : Download Rpm Package For Squid
or
TarBall : Download Squid Tarball
Installation For Rpm Package :
* Go to the directory where rpm package is and issue the following command :
#rpm -ivh squid-x.x.x
Installation for Tarball Package :
* Go to directory where tarball is and issue the following commands :
#tar -zxvf squid-x.x.x.tar.gz
#cd squid-x.x.x.
# ./configure#make check
#make && make install
Now the squid is installed and we need to modify some parameters to make the proxy transparent.
The main configuration file for squid is located at /etc/squid/squid.conf#vi /etc/squid/squid.conf
make sure the following parameters are not commented.
httpd_accel_host virtual
The main configuration file for squid is located at /etc/squid/squid.conf#vi /etc/squid/squid.conf
make sure the following parameters are not commented.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Now you need to configure Iptables i.e. Firewall for Transparent
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
-j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -i eth1 -p tcp \ --dport 3128
iptables -A OUTPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \ --dport 80
iptables -A INPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -i eth0 -p tcp \ --sport 80
iptables -A OUTPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -o eth1 -p tcp \ --sport 80
Rescue Mode in Linux
- Boot The system using the first installation CD and enter boot : linux text
- Rescue Environment will then try to detect existing root filesystem and if successful,mounts it under /mnt/sysimage.
# chroot /mnt/sysimage --- Changes /mnt/sysimage to root (/)
# exit ---- exits from the chrooted environment
# exit ---- exits from the rescue environment and automatically reboots.
- If rescue environment is unable to detect root filesystem then issue the following commands :
#mknod /dev/hda# fdisk -l /dev/hdx
#mkdir /mnt/sysimage
#mount /dev/hda5 (assuming /dev/hda5 as the root of existing linux)
#mount /dev/hda2 /mnt/sysimage/boot
#chroot /mnt/sysimage
# exit : After troubleshooting
#exit : reboot
Linux Solutions in Emergerncy
Grub : There may be problem with the label in grub,check the grunb.conf file .First of all boot the system by entering into the command mode.
In Emergency mode,root filesystem is mounted as read-only so you need to remount the filesystem in read write mode.
# df -h : use this command to see the root parition
# mount -o remount,rw /dev/hdax / : use this command to remount in read write mode.
After this you can edit the grub.conf ,but at this time /boot is not mounted and only / is mounted so first find the /boot partition.
# fdisk -l ==> Find the /boot
#e2label /dev/hda1 then try /dev/hda2 then 3 and so on until you find /boot.
# mount /dev/hdax /boot
Now the /boot is mounted edit the grub.conf and then type exit to reboot.
If the Filesystem is severly corrupt then try the following :
#e2fsck -y /dev/hdax : The partition for which fsck couldnot run
If Bash Is corrupt then the last alternate is to re-install bash package using rescue mode.
In Emergency mode,root filesystem is mounted as read-only so you need to remount the filesystem in read write mode.
# df -h : use this command to see the root parition
# mount -o remount,rw /dev/hdax / : use this command to remount in read write mode.
After this you can edit the grub.conf ,but at this time /boot is not mounted and only / is mounted so first find the /boot partition.
# fdisk -l ==> Find the /boot
#e2label /dev/hda1 then try /dev/hda2 then 3 and so on until you find /boot.
# mount /dev/hdax /boot
Now the /boot is mounted edit the grub.conf and then type exit to reboot.
If the Filesystem is severly corrupt then try the following :
#e2fsck -y /dev/hdax : The partition for which fsck couldnot run
If Bash Is corrupt then the last alternate is to re-install bash package using rescue mode.
Configuring Squid Proxy Server
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.Ensure that ip forwarding is enabled .
#vi /etc/sysctl.confnet.ipv4.ip_forward=1
#service network restart#sysctl -p
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.
Service Profile:
Daemon : squid
Type : Standalone
Script : squid
Port : 3128 (default)
Configuration File : /etc/squid/squid.conf
Log File : /var/log/squid/{error.log,cache.log,access.log}
Packages: #rpm -q squid
Configurations for proxy server
# vi /etc/squid/squid.conf/
http_access----search (n -- next )
http_access deny all ( replace deny with allow )(Insert Your OWN RULES HERE )
acl mynet src 192.168.0.0/24
acl mynet srcdomain .mydomain.com
acl blocked dstdomain .unwantedsite.com
http_access deny blocked
http_access allow mynet
http_access deny all
#service squid start
#chkconfig squid on
( The above written is an ordered list which means execute on first match )Cache DIR /var/spool/squid (Default , it can be changed )
#vi /etc/sysctl.confnet.ipv4.ip_forward=1
#service network restart#sysctl -p
Proxy server is a server configured to accelerate the web by a mechanism called caching i.e storing previously viewed pages locally.
Service Profile:
Daemon : squid
Type : Standalone
Script : squid
Port : 3128 (default)
Configuration File : /etc/squid/squid.conf
Log File : /var/log/squid/{error.log,cache.log,access.log}
Packages: #rpm -q squid
Configurations for proxy server
# vi /etc/squid/squid.conf/
http_access----search (n -- next )
http_access deny all ( replace deny with allow )(Insert Your OWN RULES HERE )
acl mynet src 192.168.0.0/24
acl mynet srcdomain .mydomain.com
acl blocked dstdomain .unwantedsite.com
http_access deny blocked
http_access allow mynet
http_access deny all
#service squid start
#chkconfig squid on
( The above written is an ordered list which means execute on first match )Cache DIR /var/spool/squid (Default , it can be changed )
Command Line Configuring a Samba Server
SAMBA Server is used for file & print sharing between unix and windows systems
Samba uses /etc/samba/smb.conf as its configuration file. Change in configuration file takes effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, we neeed to edit the following lines in your smb.conf file:
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong.
The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = saroj nishant
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users saroj and nishant to read and write to the directory /home/share, on the Samba server, from a Samba client.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
Make sure the smb service is started by typing the command service smb restart at a shell prompt.
If you want the smb service to start automatically, use ntsysv, chkconfig,
Starting and Stopping the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig --level 345 smb on
Samba uses /etc/samba/smb.conf as its configuration file. Change in configuration file takes effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, we neeed to edit the following lines in your smb.conf file:
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong.
The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = saroj nishant
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users saroj and nishant to read and write to the directory /home/share, on the Samba server, from a Samba client.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
Make sure the smb service is started by typing the command service smb restart at a shell prompt.
If you want the smb service to start automatically, use ntsysv, chkconfig,
Starting and Stopping the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig --level 345 smb on
Linux File System Hierarchy
/root : Administrator's Home Directory
/home :contain's normal user's home directory.
/boot :contains kernel and files required for booting the system
/usr :contains user related program files.
/bin :contains normal user's executalbe or binary files
/sbin :Contains system administrators executalbes
/usr/bin :Contains normal user's binaries i.e. commands
/usr/sbin :Contains system i.e. system administrators binaries or commands.
/dev :Contains device files
/etc :Contains System's configuration files.
/initrd :Contains Shared Libraries
/Lost+Found : Contains nameless files found during system recovery
/mnt :Contains mount points for floppy drives,cdroms,usb drives and so on.
/opt :Contains third party programs.
/proc :Virtual Filesystem that contains system information providing files
/tmp :Contains Temporary Files.
/var :Contains Log files.
/misc :Used by autofs program.
/home :contain's normal user's home directory.
/boot :contains kernel and files required for booting the system
/usr :contains user related program files.
/bin :contains normal user's executalbe or binary files
/sbin :Contains system administrators executalbes
/usr/bin :Contains normal user's binaries i.e. commands
/usr/sbin :Contains system i.e. system administrators binaries or commands.
/dev :Contains device files
/etc :Contains System's configuration files.
/initrd :Contains Shared Libraries
/Lost+Found : Contains nameless files found during system recovery
/mnt :Contains mount points for floppy drives,cdroms,usb drives and so on.
/opt :Contains third party programs.
/proc :Virtual Filesystem that contains system information providing files
/tmp :Contains Temporary Files.
/var :Contains Log files.
/misc :Used by autofs program.
Configuring Nagios Server
What is Nagios??
Nagios is a network and system monitoring tool,it notifies the administrator whenever the system goes wrong and whenever the system go better for the specified hosts and systems.
The important features of Nagios Server can be listed as below :
Monitoring various network services like pop,smtp,httpd and many more.
Monitoring the resources of the host system like processor load,memory usage and so on.
Users can design their own plugin to check specific services.
Parallel checking available for various systems
And there are lot many features of nagios and is worth configuring.
Installing The Nagios Server
Before Beginning The Installation :
It Takes time and patience to install and configure nagios before it really starts monitoring anything.So don't work in hurry,relax and take your time and proceed exactly as described here unless you are an expert.
Nagios is a network and system monitoring tool,it notifies the administrator whenever the system goes wrong and whenever the system go better for the specified hosts and systems.
The important features of Nagios Server can be listed as below :
Monitoring various network services like pop,smtp,httpd and many more.
Monitoring the resources of the host system like processor load,memory usage and so on.
Users can design their own plugin to check specific services.
Parallel checking available for various systems
And there are lot many features of nagios and is worth configuring.
Installing The Nagios Server
Before Beginning The Installation :
It Takes time and patience to install and configure nagios before it really starts monitoring anything.So don't work in hurry,relax and take your time and proceed exactly as described here unless you are an expert.
- Login As Root To the server There are a lot of superuser jobs to be done in order to install linux , so first of all you need to login as a root to the server,you will need to create various users and groups.
- Download The package Download the installation package from the links above.
Unpack the Compressed Package
tar -vxzf nagios-version.tar.gz - After unpacking the distribution then you will have core nagios distribution files inside the directory /downloads/nagios
Create Nagios User/Group - You're probably going to want to run Nagios under a normal user account, so add a new user (and group) to your system with the following command (this will vary depending on what OS you're running):
adduser nagios - Create Installation Directory
- Create the base directory where you would like to install Nagios as follows...
mkdir /usr/local/nagios - Change the owner of the base installtion directory to be the Nagios user and group you added earlier as follows:
chown nagios.nagios /usr/local/nagios - Identify Web Server User
- You're probably going to want to issue external commands (like acknowledgements and scheduled downtime) from the web interface. To do so, you need to identify the user your web server runs as (typically apache, although this may differ on your system). This setting is found in your web server configuration file. The following command can be used to quickly determine what user Apache is running as (paths may differ on your system):
grep "^User" /etc/httpd/conf/httpd.conf - Add Command File Group: Next we're going to create a new group whose members include the user your web server is running as and the user Nagios is running as. Let's say we call this new group 'nagcmd' (you can name it differently if you wish). On RedHat Linux you can use the following command to add a new group (other systems may differ):
/usr/sbin/groupadd nagcmd - Next, add the users that your web server and Nagios run as to the newly created group with the following commands (I'll assume apache and nagios are the respective users):
/usr/sbin/usermod -G nagcmd apache/usr/sbin/usermod -G nagcmd nagios - Run the Configure Script
Run the configure script to initialize variables and create a Makefile as follows...(the last two options: --with-command-xxx are optional, but needed if you want to issue external commands)
./configure --prefix=prefix --with-cgiurl=cgiurl --with-htmurl=htmurl --with-nagios-user=someuser --with-nagios-group=somegroup --with-command-group=cmdgroup - Replace prefix with the installation directory that you created in the step above (default is /usr/local/nagios)
- Replace cgiurl with the actual url you will be using to access the CGIs (default is /nagios/cgi-bin). Do NOT append a slash at the end of the url. Replace htmurl with the actual url you will be using to access the HTML for the main interface and documentation (default is /nagios/) Replace someuser with the name of a user on your system that will be used for setting permissions on the installed files (default is nagios)
- Replace somegroup with the name of a group on your system that will be used for setting permissions on the installed files (default is nagios) Replace cmdgroup with the name of the group running the web server (default is nagios, in the example above it was nagcmd). This will allow group members (i.e. your web server) to be able to submit external commands to Nagios.
- Compile Binaries Compile Nagios and the CGIs with the following command:
make all
Installing The Binaries And HTML Files
Install the binaries and HTML files (documentation and main web page) with the following command:
make install - Installing An Init Script
If you wish, you can also install the sample init script to /etc/rc.d/init.d/nagios with the following command:
make install-init
You may have to edit the init script to make sense with your particular OS and Nagios installation by editing paths, etc - Directory Structure And File Locations
Change to the root of your Nagios installation directory with the following command...
cd /usr/local/nagios - You should see five different subdirectories. A brief description of what each directory contains is given in the table below.
Sub-Directory Contents bin/ Nagios core program etc/ Main, resource, object, and CGI configuration files should be put here sbin/ CGIs share/ HTML files (for web interface and online documentation) var/ Empty directory for the log file, status file, retention file, etc. var/archives Empty directory for the archived logs var/rw Empty directory for the external command file - Installing The Plugins
In order for Nagios to be of any use to you, you're going to have to download and install some plugins. Plugins are usually installed in the libexec/ directory of your Nagios installation (i.e. /usr/local/nagios/libexec). Plugins are scripts or binaries which perform all the service and host checks that constitute monitoring. You can grab the latest release of the plugins from the Nagios downloads page or directly from the SourceForge project page. - Setup The Web Interface
You're probably going to want to use the web interface, so you'll also have to read the instructions on setting up the web interface and configuring web authentication, etc. next. - Configuring Nagios
So now you have things compiled and installed, but you still haven't configured Nagios or defined objects (hosts, services, etc.) that should be monitored. Information on configuring Nagios and defining objects can be found here. There's a lot to configure, but don't let it discourage you - its well worth it.
Advance Linux Tutorials
Transparent Proxy Server Configuration
When we configure a normal squid proxy server then we need to modify i.e. configure each client's browser to use the proxy server and the proxy server's port needs to be specified in the browser so that the client machines can access internet through the proxy.This sort of proxy configuration is not effective all the time because each client machine's browser needs to be reconfigured. So in Internet Service Providers and large office it is often required that such a proxy server configured which shall be detected by the client machine by itself , or in other words the clients browsers need not be modified.This sort of proxy server configuration is call the transparent proxy server.What is done in transparent proxy server is that all the request that come to proxy server's LAN interface in port 80 is redirected to it's proxy port. This is done by firewall rule.
Central Authentication Server Usig NIS
NIS or Network Information Server can be used as a central authentication server for all the users in a network.BY configuring a Network Information Server it becomes easier to maintain the database of users and their passwords in a single computer in the network and whenever a user needs to login to a system then the NIS server checks the login information and authenticates the user.So NIS server is found to be useful for managing a central authentication Server.
Configuring A Nagios Server
A nagios Server is used to monitor hosts in a Network.In a large network system it is often required to monitor the status of the host machines,servers routers and switches for their normal operation.A nagios server works to check the status of such devices and machines in a fixed interval of time and informs the administrators via email,sms,pager or instant messaging about the status of the machines whenever their status changes.For example if a host goes down then it makes a notification and then again makes the notification when the same host comes up.So A Nagios Server Is thus a useful tool for system administrators to effectively monitor the hosts.
When we configure a normal squid proxy server then we need to modify i.e. configure each client's browser to use the proxy server and the proxy server's port needs to be specified in the browser so that the client machines can access internet through the proxy.This sort of proxy configuration is not effective all the time because each client machine's browser needs to be reconfigured. So in Internet Service Providers and large office it is often required that such a proxy server configured which shall be detected by the client machine by itself , or in other words the clients browsers need not be modified.This sort of proxy server configuration is call the transparent proxy server.What is done in transparent proxy server is that all the request that come to proxy server's LAN interface in port 80 is redirected to it's proxy port. This is done by firewall rule.
Central Authentication Server Usig NIS
NIS or Network Information Server can be used as a central authentication server for all the users in a network.BY configuring a Network Information Server it becomes easier to maintain the database of users and their passwords in a single computer in the network and whenever a user needs to login to a system then the NIS server checks the login information and authenticates the user.So NIS server is found to be useful for managing a central authentication Server.
Configuring A Nagios Server
A nagios Server is used to monitor hosts in a Network.In a large network system it is often required to monitor the status of the host machines,servers routers and switches for their normal operation.A nagios server works to check the status of such devices and machines in a fixed interval of time and informs the administrators via email,sms,pager or instant messaging about the status of the machines whenever their status changes.For example if a host goes down then it makes a notification and then again makes the notification when the same host comes up.So A Nagios Server Is thus a useful tool for system administrators to effectively monitor the hosts.
Linux Basic Tutorials
Redhat Enterprise Linux :
A distribution of a recent linux kernel with custom version of recent kernel,utilities and applications ,Installation and configuration,support available.
Why Linux ?
Linux is very important operating system and is used widely by various companies and individuals.It has the following features:
- Fresh Implementation of Unix API's .
- Open Source Development Model.
- Supports wide variety of Hardwares.
- Supports Many Networking Protocols And Configurations.
- Fully Supported.
Unix Principle :
- Everything is a file,including Hardware
- Configuration Files are in text form.
- Small Single Purpose Commands.
- Programs can be chained together to perform complex tasks.
- Avoid use of captive user interface.
Subscribe to:
Posts (Atom)