Search for File containing specific text.

Something
Search for a string called redeem reward in all text files located in /home/tom/*.txt directory, use

$ grep "redeem reward" /home/tom/*.txt

Task: Search all subdirectories recursively

You can search for a text string all files under each directory, recursively with -roption:

$ grep -r "redeem reward" /home/tom

Task: Only print filenames

By default, grep command prints the matching lines You can pass -H option to print the filename for each match.

$ grep -H -r “redeem reward” /home/tom

Output:

filename.txt: redeem reward

...To just print the filename use cut command as follows:

$ grep -H vivek /etc/* -R
cut -d: -f1

Output:
filename.txt

System Administrator - while joining new project. Taking hand over of Servers.

Get access credentials.

Figure out current owners of servers. Your scope in handling those servers.

Details of service running on each physical server. ( check by ps -eaf command). Get details of service running. There configuration files. Purpose.

architecture of application if running on multiple servers. Where is Database. Middle ware, Where is application running, Storage for that application.

Details of configuration files in use.

Network configuration ( IP address - iptables if running), check routes. Check all interface connected. VLAN information.

Details of backup. How they are being taken, Backup Schedule. Backup tool in use.

VERY IMPORTANT -- Try to deploy application or tool with same configuration on test environment to get total control, else iyou will always be lost.

Give other users right on directory. Files created by root are editable by group users.

Link

http://www.udel.edu/topics/os/unix/general/groupsharing.html




Now this directory is correct for group sharing, but new files will not be correct. New files will be owned but the group of the shell and will not have the correct permissions. If you start the shell in the correct group and set the umask command you can make new files automatically owned and permitted properly. However if your group members put file here with ftp or scp, these shell commands will not help.
Instead we will use two commands to solve this problem. The command:

chmod g+s groupshare

will set the "set groupid" bit for the groupshare directory. This means all new files will be owned by the group of the parent directory instead of the current shell. In this case, group which is 0217 will be assigned to all new files or directories. Also this "set groupid" bit will be set on all new directories, so the group will be properly set for all files in the hierarchy.
The command

setfacl -m d:u::rwx,d:g::rwx,d:m:rwx,d:o:r-x groupshare

will set the default:user, default:group, default:mask and default:other. These defaults will be used to set the permission modes for any new file. You must set all these defaults, so this means you have a long command. That is why we used the abbreviations d:u,d:g, d:m and d:o.

Migration Centos 4.4 to 5

Link 

http://wiki.centos.org/HowTos/MigrationGuide/ServerCD_4.4_to_5

• HowTos
• MigrationGuide
• ServerCD 4.4 to 5

This is not a supported upgrade path !

The Server CD series mentioned here does not exist in all CentOS releases, nor in each point level respin. The CentOS team strives to permit minimal installs with just CD 1 of a given series, but this is not always possible. Please check the Release Notes for a given Major and Point release for further details.

You have to force an install of python-sqlite from the CentOS 5 repositories after the upgrade, as the version number of python-sqlite didn't change between 4 and 5.

rpm -Uvh --replacepkgs python-sqlite-1.1.7-1.2.1.i386.rpm

Otherwhise you'll get the error

Could not find any working storages

or

There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

   No module named sqlite

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.4.3 (#1, Mar  5 2011, 21:25:56)                    
[GCC 4.1.2 20080704 (Red Hat 4.1.2-50)]              

If you cannot solve this problem yourself, please go to
the yum faq at:
  http://wiki.linux.duke.edu/YumFaq                     

Always have a current backup of you data !

This is a "general" guideline for a CentOS 4.4 Server CD install upgrade via yum.

YMMV with additionally installed RPMS and RPMS from third party Repositories.

I did a fresh install of the x86_64 Server 4.4 CD (everything) for this migration test.

Now that I have a CentOS 4.4 install, I will begin the migration to CentOS 5 via yum.

Start the upgrade process

mkdir /tmp/Upgrades
cd /tmp

Check for centos-yumconf

rpm -qi centos-yumconf

* If centos-yumconf exist, remove it.

* NOTE this seems to be only installed if you installed from the x86_64 version of the ServerCD 4.4 ISO.

rpm -e centos-yumconf

Installing needed RPMS manually

I used wget to acquire the RPMS.

Install centos-release-5-0.0.el5.centos.2.x86_64.rpm centos-release-notes-5.0.0-2.x86_64.rpm

rpm -Uvh centos-release-5-0.0.el5.centos.2.x86_64.rpm centos-release-notes-5.0.0-2.x86_64.rpm

# Make sure you disable all other repos and only have CentOS Base and Updates repositories enabled.

Install the CentOS 5 GPG Key

# Get the GPG key from a mirror or CentOS 5 media.

rpm --import http://mirrors.kernel.org/centos/RPM-GPG-KEY-CentOS-5

cd /tmp/Upgrades

Download the following RPMS

# This gets the new yum/rpm working.

• rpm-libs-4.4.2-37.el5.x86_64.rpm
• rpm-4.4.2-37.el5.x86_64.rpm
• yum-3.0.5-1.el5.centos.2.noarch.rpm
• rpm-python-4.4.2-37.el5.x86_64.rpm
• popt-1.10.2-37.el5.x86_64.rpm
• glibc-2.5-12.x86_64.rpm
• glibc-common-2.5-12.x86_64.rpm
• beecrypt-4.1.2-10.1.1.x86_64.rpm
• glibc-headers-2.5-12.x86_64.rpm
• glibc-devel-2.5-12.x86_64.rpm
• binutils-2.17.50.0.6-2.el5.x86_64.rpm
• elfutils-libelf-0.125-3.el5.x86_64.rpm
• elfutils-0.125-3.el5.x86_64.rpm
• elfutils-libs-0.125-3.el5.x86_64.rpm
• beecrypt-python-4.1.2-10.1.1.x86_64.rpm
• python-2.4.3-19.el5.x86_64.rpm
• python-devel-2.4.3-19.el5.x86_64.rpm
• python-elementtree-1.2.6-5.x86_64.rpm
• python-sqlite-1.1.7-1.2.1.x86_64.rpm
• python-urlgrabber-3.1.0-2.noarch.rpm
• neon-0.25.5-5.1.x86_64.rpm
• libxml2-2.6.26-2.1.2.x86_64.rpm
• libxml2-python-2.6.26-2.1.2.x86_64.rpm
• db4-4.3.29-9.fc6.x86_64.rpm
• libselinux-1.33.4-2.el5.x86_64.rpm
• libsepol-1.15.2-1.el5.x86_64.rpm
• mcstrans-0.1.10-1.el5.x86_64.rpm
• m2crypto-0.16-6.el5.1.x86_64.rpm
• krb5-libs-1.5-17.x86_64.rpm
• openssl-0.9.8b-8.3.el5.x86_64.rpm
• readline-5.1-1.1.x86_64.rpm

# Install above RPMS

rpm -Uvh *.rpm --nodeps

# Clean and rebuild rpmdb for CentoS 5

rm -f /var/lib/rpm/__*
rpm --rebuilddb

# Clean yum files

yum clean all

# Remove deps/outdated packages

Note: You can run yum upgrade to help find deps that you need to remove.

rpm -e VFlib2 caching-nameserver autofs kudzu pcmcia-cs xorg-x11 newt-perl hal crypto-utils --nodeps

Install new CentOS 5 kernel

# If you are getting the new kernel via wget you need to do the following first.

yum upgrade wget

rpm -ivh kernel-2.6.18-8.el5.x86_64.rpm --nodeps

Remove old CentOS 4 kernel(s)

rpm -qa | grep kernel

remove 2.6.9 bits

rpm -e kernel-2.6.9-42.EL kernel-devel-2.6.9-42.EL kernel-doc-2.6.9-42.EL

Upgrade the system to CentOS 5

yum upgrade

# Install removed packages that were not reinstalled

yum install caching-nameserver autofs

• cd /tmp

# Generate list of RPMS on the system after upgrade to see what old RPMS are left

rpm -qa >Upgrade_RPM_List

# Reboot system

reboot

# Login and you should be on CentOS 5

uname -a

• Linux localhost.localdomain 2.6.18-8.1.1.el5 #1 SMP Mon Apr 9 09:43:24 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux

At this point you will need to start upgrading any extra/third party RPMS. 

IP Masquerading using iptables

http://billauer.co.il/ipmasq-html.html

1 Talk’s outline

• iptables versus ipchains
• The goal (or: my goal)
• The packet’s way through iptables
• “Classic” masquerading (SNAT)
• DNS faking (with DNAT)
• Other things
• Firewalling with iptables (If we have time)
• Questions I’ll hopefully answer

Not covered: packet mangling (change TOS, TTL and flags)

2 Differences between iptables and ipchains

• Same author (Rusty Russell), and basically smells the same
• Most important: FORWARD taken apart from INPUT and OUTPUT
• Changes in syntax
• Masqurading is handled “separately”

3 ipchains and iptables don’t live together

• If the ipchains module is resident in the kernel, iptables won’t insmod
• And vice versa
• Typical error message is misleading: “No kernel support”
• Red Hat 7.3 boots up with ipchains as default

4 What I wanted in the first place

5 Requirements

• Windows computer should have a gateway
• DNS issue solved elegantly
• Both computers have access to network at the same time
• Network between computers is trustful
• Proper firewalling
• ADSL modem is considered hostile

6 iptables: The IP packet’s flow

7 iptables: How to swallow this

• Packet filtering (firewalls) and manipulation (masquerading) are neighbours
• Therefore, the same tools are used
• Think routing tables
• Chains: Think subroutines
• Each chain is terminated with a target, or next line taken
• Subchains work exactly like subroutines
• Tables: Group of chains: filter and nat
• Each chain has a policy - the default target

8 What is Masquerading?

• All computers appear to have the same IP
• This is done with Network Adress Translation
• It’s easy to fake the “outgoing packet”
• “Incoming packets” must be translated too
• Port translation - a must

9 iptables: The IP packet’s flow

10 Source Network Address Translation (SNAT)

• On ADSL: catch packets going out on ppp0
• The source IP is changed
• Source port numbers may be changed
• Easiest rule: Do SNAT on all packets going out on ppp0
• Will include OUTPUT packets by accident, but who cares?
• Remember: Every SNAT produces an implicit DNAT
• And vice versa

11 “Incoming” packets

• The problem: Where should the packet go?
• Simple TCP connection: iptables remembers the port numbers
• UDP: Tricky
• DNS: Return the answer to whoever asked
• ICMP: Ping answers go the right way (!)
• FTP, ICQ and friends: Requires special treatment (they work for me as a basic client)
• When the other side opens a connection, that has to be treated specially
• iptables has application-based modules

12 Defining SNAT iptables commands

The strict way:

iptables -t nat -A POSTROUTING -o ppp0 -j SNAT \                                --to $PPPIP

The liberal way:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

• The “liberal” form is better for temporary connections:
• MASQUERADE automatically chooses address
• MASQUERADE forgets old connections when interface goes down
• For dial-up, cable modems and ADSL: MASQUERADE wins

13 POSTROUTE is just another chain

• Selective rules can be used
• Different manipulations are possible
• Use -j ACCEPT to let the packet through untouched

14 The wrong way to masquerade

iptables -t nat -A POSTROUTING -j MASQUERADE

• This makes masquerading the default policy for any outgoing packet
• ... including any forwarded packet.
• All forwarded packets will appear to come from the masquerading host.
• May confuse firewalls
• Even worse, may confuse service applications to compromise security

15 Masquerading and firewalling

• The internal computers are implicitly firewalled
• The main computer gets all the unrelated packets
• Main computer must be protected
• Main computer protected with INPUT and OUTPUT chains
• Other computers protected with FORWARD chains
• Note that FORWARD chains also apply to the intranet connection

16 DNS faking with DNAT

• The other computers have constant DNS addresses
• The address is translated with DNAT

iptables -t nat -A PREROUTING -d 10.2.0.1 \      -j DNAT --to-destination 192.115.106.31 iptables -t nat -A PREROUTING -d 10.2.0.2 \      -j DNAT --to-destination 192.115.106.35

17 Automatic DNS DNAT setup

• In an ADSL connection, the DNS addresses are given on connection
• An ip-up.local script writes these addresses in the resolv.conf file

DNScount=1 for nameserver in \  `perl -nle "/nameserver\D*(\d*\.\d*\.\d*\.\d*)/i && \      (\\$1=~/^127/ || print \\$1)" /etc/resolv.conf`; do iptables -t nat -A PREROUTING -d 10.2.0.$DNScount \             -j DNAT --to-destination $nameserver   let DNScount=DNScount+1; done;

• The perl statement above extracts the two addresses

18 The MTU on the Windows computer

• ADSL ppp connection has MTU of 1452
• Normal Ethernet has MTU 1500
• Windows computer doesn’t know it goes through ADSL
• Fragmentation
• Fixed by adding an entry in Window’s registry

19 Other tricks

• Server on masqueraded host (DNAT)
• Port remapping (redirection)
• Load balancing (One-to-many forward DNAT)
• Packet mangling

20 The filter chains

• INPUT, OUTPUT and FORWARD
• Targets with ACCEPT, DROP, REJECT or QUEUE
• A set of selective rules makes a firewall

21 Example: A firewall

Close everything and flush chains

iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -F -t nat iptables -F -t filter iptables -X

22 Example: A firewall (cont.)

Allow everything on loopback interface

iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT

23 Example: A firewall (cont.)

Keep ADSL modem short

iptables -A INPUT -i eth1 -s 10.0.0.138/32 \           -d 10.0.0.0/8 -p tcp \           --sport 1723 -m state \           --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth1 -s 10.0.0.138/32 \            -d 10.0.0.0/8 -p gre -j ACCEPT iptables -A INPUT -i eth1 -j DROP iptables -A OUTPUT -o eth1 -s 10.0.0.0/8 \           -d 10.0.0.138/32 -p tcp --dport 1723 \           -j ACCEPT iptables -A OUTPUT -o eth1 -s 10.0.0.0/8 \           -d 10.0.0.138/32 -p gre -j ACCEPT iptables -A OUTPUT -o eth1 -j DROP

24 Example: A firewall (cont.)

Linux computer with network rules:

iptables -A OUTPUT -o ppp0 -s $PPPIP -j ACCEPT iptables -A INPUT -s ! 10.128.0.0/16 -p tcp \           --dport 0:1023 -j DROP iptables -A INPUT -i ppp0 -d $PPPIP -m state \           --state ESTABLISHED,RELATED -j ACCEPT

25 Example: A firewall (cont.)

Everything is allowed on internal network

iptables -A INPUT -s 10.128.0.0/16 \           -d 10.128.0.0/16 -j ACCEPT iptables -A OUTPUT -s 10.128.0.0/16 \           -d 10.128.0.0/16 -j ACCEPT

26 Example: A firewall (cont.)

Forwarding....

iptables -A FORWARD -i ppp0 -o eth0 -m state \           --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT iptables -A FORWARD -j DROP

Note that there is no forwarding in internal network

27 iptables script finale

• Make sure that the main chains end with DROP
• Zero counters

iptables -A INPUT -j DROP iptables -A OUTPUT -j DROP iptables -A FORWARD -j DROP iptables -Z

28 Summary

• It works really well
• It’s not difficult to set up if you know what you’re doing

29 References

• Linux IP Masquerade HOWTO (a version written in Jan 2003 is available)
• man iptables

Linux – SSH passwordless login with putty

For Linux administrators that use Windows for their desktop OS, Putty is an invaluble tool. This tutorial will help you save time administering your servers without having to login to provide a username and password each time.

Download PuTTY

Download PuTTYgen

Open PuTTYgen

• Select SSH-2 RSA

• Click ‘Generate’

Save the Private Key

• Click ‘Save private key’ (you do not have enter a password)

• Save the private key in location easy to remember.

Copy public-key

• Select all text in the public key area.

• right-click and select copy

Configure the server settings in Putty

• Open Putty
• Click Session (left column)
  • Enter the server hostname or IP address
  • Enter a name under ‘Saved Sessions’
• Click Connection > Data (left column)
  • Enter ‘root’ for the auto-login username
• Click Connection > SSH (left column)
  • Select ’2′ as the Preferred SSH protocol version.
• Click Connection > SSH > Auth (left column)
  • Browse to the private key from step 4.
• Click Session (left column)
  • Click Save

Open a session with the server

• Open PuTTY
• Select the session saved earlier.
• Click ‘Load’
• Click ‘Open’
• Login

Add client public key.

• You should still have the public-key in the clip-board from step 5.
• Open the authorized_keys file on the linux server
  • [root@server]#vi ~/.ssh/authorized_keys2
  • Press the ‘i’ key to insert in vi.
  • Go to the bottom of the file and right-click on the putty screen (This should insert the public key generated with PuTTYgen)
  • Press the ‘esc’ key to get out of insert mode in vi.
  • Press ‘:’ to enter command mode in vi
  • Type ‘wq’ to write and quit vi

Now, you should be finished. Let’s test.

• Open PuTTY
• Select the session saved earlier.
• Click ‘Load’
• Click ‘Open’

If you were able to login without entering your username and password you are finished!!If not, please continue to troubleshoot.

Troubleshooting: If you do not have a /root/.ssh folder, we will have to create one and set the permissions:

[root@server]#mkdir ~/.ssh
[root@server]#chmod 700 ~/.ssh

If you do not have a authorized_keys2 file, we will need to create one and set the permissions:

[root@server]#vi ~/.ssh/authorized_keys2
[root@server]#chmod 644 ~/.ssh/authorized_keys2

If you get an error that the key was rejected, you need to make sure the permissions are set correctly on the .ssh directory and authorized_keys2 file.

[root@server]#chmod 700 ~/.ssh
[root@server]#chmod 644 ~/.ssh/authorized_keys2

Linux: Finding out the amount of free & used memory

The command free can be used to display the total amount of free and used physical and swap memory in the system,as well as the shared memory and buffers used by the kernel

techno/work> which free
/usr/bin/free

/users/techno> free
total used free shared buffers cached
Mem: 384888 314220 70668 0 19740 57504
-/+ buffers/cache: 236976 147912
Swap: 524280 81232 443048

Interpreting the output of free:
All the numbers are reported in 1024-byte blocks. Here, we see a system with 384,888 blocks (about 384 MB) of physical RAM, with 314,220 (about 306 MB) currently in use. The "shared" column lists the amount of physical memory shared between multiple processes. Here, we see that about 0 MB of pages are being shared (not a good sign; memory is not being utilized well). The "buffers" column shows the amount of memory being used by the kernel buffer cache. The buffer cache is used to speed up disk operations, by allowing disk reads and writes to be serviced directly from memory. The buffer cache size will increase or decrease as memory usage on the system changes; this memory is reclaimed if it is needed by applications. Therefore, although we see that 306 MB of system memory is in use, not all (but most) of it is being used by application programs. The "cache" column indicates how many memory pages the kernel has cached for faster access later. Since the memory used for buffers and cache can easily be reclaimed for use by applications, the second line (-/+ buffers/cache) provides an indication of the memory actually used by applications (the "used" column) or available to applications (the "free" column). The sum of the memory used by buffers and cache reported in the first line is subtracted from the total used memory and added to the total free memory to give the two figures on the second line. In the third line, we see the total amount of swap, 524,280 blocks (about 511 MB). In this case, only very little of the swap is being used; there is plenty of physical RAM available. If additional applications were started, larger parts of the buffer cache memory would be used to host them. Swap space is generally used as a last resort when the system can't reclaim physical memory in other ways. Note that the amount of swap reported by free is somewhat less than the total size of your swap partitions and files. This is because several blocks of each swap area must be used to store a map of how each page in the swap area is being utilized. This overhead should be rather small; only a few kilobytes per swap area.

References:
1) Man page of free
2) O`Reilley's Running Linux

what we can do.....

I have seen lot of motivated people in this group wanting to do something. Here is my idea of doing something.






1 --- Need to create awareness

I feel there is need of creating awareness between people, as we live in democracy we have it as very strong weapon we just need to get toghther ans use it properly. No need for revolt and all , out vote is biggest revolt.





2 --- Awareness about what.



Awareness about using this weapon and too choose right leaders. most of us either don't vote or we give our vote to somebdy who is least corrupt, as we don't have choices.

We need to tell people to use 49 O and bound this political parties to give chance to qualified people in leadership. Most of our political leaders are into politics by influence of money, crime or dynasty.

If we don't get right leaders we are not going to choose them.





3 --- Awareness to whom.



Large number of vote bank comes from people who do not read News , not very much socially and politically aware and they cast vote by influence of panchayat.

We need to make them aware about casting there vote sensibly.



4 --- Linking your awareness programme to individual benefit.



4 --- Tools of creating awareness.



5 --- Resources required to do this.

Syncing hardware clock with OS clock

Some time you will find kernel error due to hardware clock and OS clock are not in sync.

-> First sync your OS clock with command "ntpdate clock.redhat.com"
-> Than check time in hardware clock with command "hwclock"
->Sync hwclock with your OS clock with command "hwclock --systohc"