Neelesh

Script for Adduser with Random pasword

: neelesh_gurjar; May 15th, 2011

Current Mood:: cheerful

I have just created a small bash script which will create user without asking for password. It will use random password. At the end it will show you username and password. I have made important 2 lines in bold and highlighted. Please note that It doesnt have any validation on User input or any other validation.

#!/bin/bash

echo -e "Enter Username you want to add:\c"

read uname

echo -e "Enter Password age:\c"

read page

PSD=`</dev/urandom tr -dc A-Za-z0-9 | head -c8`

useradd $uname

echo -e "$PSD\n$PSD\n"|passwd $uname

passwd -x $page $uname

echo -e "$uname is created. $PSD is its password and Passwd age is 14 days"

Tags: /dev/urandom, adduser script, linux, script for adduser with random pasword

How to split & join large files, binary, text etc.

: neelesh_gurjar; May 15th, 2011

Current Mood:: cheerful

In Linux, we can split large files with split command. And to join you just need to cat the files into one file.

Split can be used on binaries, text files whatever.

To split ->

# split --byte=10k /path/to/large/file /path/to/output/files/prefix

For eg. I want to split /root/slapd binary file.

Size of it is 1.3M

root@neel:~/test# ls -lh /root/slapd
-rwxr-xr-x 1 root root 1.3M 2011-05-11 13:49 /root/slapd

I want to split it into 10kb files. Just give below commands.

root@neel:~# split --byte=10k /root/slapd /root/test/prefix

It will split slapd into 10kb files under /root/test directory and all filenames will be prefixaa, prefixab etc…

To retrieve original file you need to do cat into different filenames.

root@neel:~# cat /root/test/prefix* > /root/neel

It created a binary file under /root with name neel.

Then I checked md5sum value of both files to check integrity:

root@neel:~/test# md5sum /root/neel
f1ac87370fea4cc9922acc443c19d518 /root/neel

root@neel:~/test# md5sum /root/slapd
f1ac87370fea4cc9922acc443c19d518 /root/slapd

If you notice both values are same.

Tags: binary, split, split & join large files, split in linux

Leave a comment

How to do Authentication by PAM in PHP code

: neelesh_gurjar; May 15th, 2011

Current Mood:: cheerful

1. Check which user Apache server is running. In our eg. it is running by www-data

2. Change group ownership of /etc/shadow

chgrp www-data /etc/shadow

3. Install php5-auth-pam

3. Create login.html under webserver's DocumentRoot and put below code under <html> tag

<form name="input" action="login.php" method="post">

Username: <input type="text" name="uname" /><br />

Password: <input type="password" name="pswd" />

</form>

4. Create login.php in same folder and put below code

<?php

$uname = $_POST['uname'];

$pswd = $_POST['pswd'];

if ( pam_auth( $uname, $pswd, &$error ) ) {

echo "You are authenticated!";

} else {

echo $error;

}

?>

And check.. by using local username and password on server.

Tags: authentication by pam in php code, pam in php code, pam with php

Leave a comment

Starting with OpenLDAP

: neelesh_gurjar; February 27th, 2011

Current Location:: Panvel

Current Mood:: cheerful

Starting with OpenLDAP

1. Install OpenLDAP on Ubuntu
2. apt-get install slapd ldap-utils gq db4.8-util db4.8-doc jxplorer
3. Create slapd.conf /usr/share/slapd/slapd.conf or whereever you want only thing it should be readable. Change domain components and admin password, dn as per your requirement
4. Please check apparmor is off
5. Please check /var/run/slapd directory is there or not. If yes please check the permissions. It should be Read n write to openldap user
6. Also check for /var/lib/ldap
7. Create first.ldif... Change dn and cn values as per slapd.conf
In that put
   dn: dc=gurjar,dc=com
   objectclass: dcObject
   objectclass: organization
   o: Gurjar's company
   dc: gurjar

   dn: cn=admin,dc=gurjar,dc=com
   objectclass: simpleSecurityObject
   objectclass: organizationalRole
   cn: admin
   userPassword: bigsecretword

   description: LDAP administrator
8. Add this and initialize Directory
For this first copy /usr/share/slapd/DB_CONFIG /var/lib/ldap/
give
slapadd -f /usr/share/slapd/slapd.conf -l first.ldif
chown -R openldap:openldap /var/lib/ldap

9. Test your configuration file
slaptest -f /usr/share/slapd/slapd.conf

If it shows succeed in last line then Go ahead otherwise troubleshoot the issue :)

10. Start Slapd server by below command
slapd -u openldap -g openldap -f /usr/share/slapd/slapd.conf

11. Check weather slapd is up or not
ps -ef|grep slapd
netstat -an|grep 389

If it is running try connecting it with Jxplorer and brows. If you can connect then we are going ahead :)

Tags: linux, openldap, ubuntu

(no subject)

: neelesh_gurjar; February 27th, 2011

Current Location:: Panvel

Current Mood:: cheerful

Script to get the list of services running on system in below format:

Protocol - Port - Program Name

for LIST in `netstat -nalpe | egrep -i '^tcp|^udp' | grep 'LISTEN' | awk '{ print $1"|"$4"|"$9 }'`; do PROT=`echo ${LIST} | cut -d"|" -f1`; PORT=`echo ${LIST} | cut -d"|" -f2`; PORT=${PORT##*:}; PROG=`echo ${LIST} | cut -d"|" -f3`; PROG=${LIST##*/}; echo "${PROT} - ${PORT} - ${PROG}"; done

Here ${PORT##*:} or ${LIST##*/} is called Parameter Substitution.
In this ##*/ or ##*: erases whatever before : & /

To study this script.. Brake the script...

1. See what output you get by this command

netstat -nalpe | egrep -i '^tcp|^udp' | grep 'LISTEN' | awk '{ print $1"|"$4"|"$9 }'

You will get below output

tcp|0.0.0.0:22|8316/sshd
tcp|127.0.0.1:8118|1310/polipo
tcp|127.0.0.1:631|1187/cupsd

2. Copy first line of above output and put that into variable LIST
LIST="tcp|0.0.0.0:22|8316/sshd"

3. Then try below commands and see the output.

PROT=`echo ${LIST} | cut -d"|" -f1`
echo $PROT

PORT=`echo ${LIST} | cut -d"|" -f2`
echo $PORT

PORT=${PORT##*:}
echo $PORT

like this see all variables in script PROT, PORT, PROG. So that you will understand the script very easily.

Tags: awk, bash scripting, egrep, netstat

Leave a comment

Virtual hosting in Apache

: neelesh_gurjar; December 17th, 2010

Current Location:: Panvel

Current Mood:: cheerful

There are 2 types of VirtualHosting:
1. Name Based Virtual Hosting
2. IP Based Virtual Hosting

1. Name Based Virtual Hosting:
In this we host multiple websites on Single IP.
Here is the basic configuration for name based virtual hosting in httpd.conf:

========================

NameVirtualHost ganesh.com <-----------
<VirtualHost ganesh.com>
   ServerAdmin webmaster@ganesh.com
   DocumentRoot /var/www/html
   ServerName ganesh.com
   ServerAlias www.ganesh.com
   ErrorLog logs/ganesh.com-error_log
   CustomLog logs/ganesh.com-access_log common
</VirtualHost>

<VirtualHost ganesh1.com>
   ServerAdmin webmaster@ganesh1.com
   DocumentRoot /web/www.ganesh1.com
   ServerName ganesh1.com
   ServerAlias www.ganesh11.com
   ErrorLog logs/ganesh1.com-error_log
   CustomLog logs/ganesh1.com-access_log common
</VirtualHost>

<VirtualHost ganesh2.com>
   ServerAdmin webmaster@dummy-host.example.com
   DocumentRoot /web/www.ganesh2.com
   ServerName ganesh2.com
   ServerAlias www.ganesh2.com
   ErrorLog logs/ganesh2.com-error_log
   CustomLog logs/ganesh2.com-access_log common
</VirtualHost>

======================================================

2. IP Based Virtual Hosting:
For this OS must support IP Multiplexing. In this one IP for one site.

======================================================

<VirtualHost 192.168.0.1>
   ServerAdmin webmaster@ganesh.com
   DocumentRoot /var/www/html
   ServerName ganesh.com
   ServerAlias www.ganesh.com
   ErrorLog logs/ganesh.com-error_log
   CustomLog logs/ganesh.com-access_log common
</VirtualHost>

<VirtualHost 192.168.0.2>
   ServerAdmin webmaster@ganesh1.com
   DocumentRoot /web/www.ganesh1.com
   ServerName ganesh1.com
   ServerAlias www.ganesh1.com
   ErrorLog logs/ganesh1.com-error_log
   CustomLog logs/ganesh1.com-access_log common
</VirtualHost>

<VirtualHost 192.168.0.3>
   ServerAdmin webmaster@ganesh2.com
   DocumentRoot /web/www.ganesh2.com
   ServerName ganesh2.com
   ServerAlias www.ganesh2.com
   ErrorLog logs/ganesh2.com-error_log
   CustomLog logs/ganesh2.com-access_log common
</VirtualHost>

======================================================

Tags: apache, apache virtual hosting, http, ip based virtual hosting, linux, name based virtual hosting, virtual hosting in apache

Leave a comment

Linux Boot Process (Simplified)

: neelesh_gurjar; December 16th, 2010

Current Location:: Panvel

Current Mood:: cold

Linux Boot Process is consist of all process from starting PC upto userspace initialization in Linux.

We will make simple flow of Linux Boot Process

Power ON
||
||
BIOS
||
||
Stage 1 Boot Loader --> MBR
||
||
Stage 2 Boot Loader --> LILO/GRUB
||
||
Kernel --> Linux
||
||
init -> Father of all processes

Overview of above Process flow:

Step 1- When we power on PC, BIOS (which is stored on MotherBoard) comes into RAM. The purpose of BIOS is load OS or Kernel into RAM.

Step 2- BIOS search for Bootable Device. When bootable device found goes to next step

Step 3- When bootable device found it loads 1 stage BootLoader i.e. MBR in RAM. Size of MBR is just 512 bytes. just first sector of Harddisk

Step 4- First stage boot loader loads Second stage boot loader i.e. GRUB or LILO

Step 5- When second stage bootloader get executed in RAM, Splash Screen get displayed. Job of second stage boot loader is to load kernel in RAM

Step 6- Stage 2 boot loader loads Kernel and optional initial Root FileSystem into RAM. It passes control to Kernel and kernel get decompressed into RAM and get initialised. At this stage second stage boot loader checks Hardware and mount root device also loads necessary kernel modules. When it completes first Userspace program gets executed i.e. init. init is father of all processes

Tags: boot process, linux, linux boot process

Leave a comment

Configuring Apache with Authentication

: neelesh_gurjar; December 15th, 2010

Current Location:: Panvel

Current Mood:: cold

Basic Authentication:

1. Create user database with htpasswd
htpasswd is a program which create user database. In this example we will create users in /etc/apache2/users

$ htpasswd -c /etc/apache2/users test ===========> Here test is username

2. Server side configuration: Here in httpd.conf or your virtual host configuration file between <Directory ... > </Directory> Give following settings

In our example our DocumentRoot is /var/www/neelesh

<Directory /var/www/neelesh>
AllowOverride AuthConfig
.....
....
</Directory>

3. Create .htaccess file under /var/www/neelesh and put following entries into that

AuthName "restricted stuff"
AuthType Basic
AuthUserFile /etc/apache2/users
require valid-user

Tags: apache, authconfig, linux

Leave a comment

Tuning MySQL

: neelesh_gurjar; December 15th, 2010

Current Location:: Panvel

Current Mood:: cold

1. To know current default values for mysqld give

   $ mysqld --verbose --help

2. While Tuning MySQL, 2 values are most important

   a. key_buffer_size --> key_buffer_size is the size of the buffer used for index blocks. The key buffer is also known as the key cache.
The maximum permissible setting for key_buffer_size is 4GB on 32-bit platforms. As of MySQL 5.0.52, values larger than 4GB are permitted for 64-bit platforms (except 64-bit Windows, for which large values are truncated to 4GB with a warning). The effective maximum size might be less, depending on your available physical RAM and per-process RAM limits imposed by your operating system or hardware platform.

   b. table_open_cache --> The number of open tables for all threads. Increasing this value increases the number of file descriptors that mysqld requires. You can check whether you need to increase the table cache by checking the Opened_tables status variable. If the value of Opened_tables is large and you do not use FLUSH TABLES often (which just forces all tables to be closed and reopened), then you should increase the value of the table_open_cache variable.

Some examples:

Case 1: If you have at least 256MB of memory and many tables and want maximum performance with a moderate number of clients, use below command to invoke mysql:

$ mysqld_safe --key_buffer_size=64M --table_open_cache=256 --sort_buffer_size=4M --read_buffer_size=1M &

Case 2: If you have only 128MB of memory and only a few tables, but you still do a lot of sorting, use below command to invoke mysql:

$ mysqld_safe --key_buffer_size=16M --sort_buffer_size=1M

Case 3: If there are very many simultaneous connections, swapping problems may occur unless mysqld has been configured to use very little memory for each connection. mysqld performs better if you have enough memory for all connections.

With little memory and lots of connections, use below command to invoke mysql:

& mysqld_safe --key_buffer_size=512K --sort_buffer_size=100K --read_buffer_size=100K &

Or

$ mysqld_safe --key_buffer_size=512K --sort_buffer_size=16K --table_open_cache=32 --read_buffer_size=8K --net_buffer_length=1K &

Important parameters for InnoDB storage Engine:

innodb_buffer_pool_size - This is very important variable to tune if you’re using Innodb tables. Innodb tables are much more sensitive to buffer size compared to MyISAM. MyISAM may work kind of OK with default key_buffer_size even with large data set but it will crawl with default innodb_buffer_pool_size. Also Innodb buffer pool caches both data and index pages so you do not need to leave space for OS cache so values up to 70-80% of memory often make sense for Innodb only installations. Same rules as for key_buffer apply – if you have small data set and it is not going to grow dramatically do not oversize innodb_buffer_pool_size you might find better use for memory available.

innodb_additional_mem_pool_size - This one does not really affect performance too much, at least on OS with decent memory allocators. Still you might want to have it 20MB (sometimes larger) so you can see how much memory Innodb allocates for misc needs.

innodb_log_file_size - Very important for write intensive workloads especially for large data sets. Larger sizes offer better performance but increase recovery times so be careful. I normally use values 64M-512M depending on server size.

innodb_log_buffer_size - Default for this one is kind of OK for many workloads with medium write load and shorter transactions. If you have update activity spikes however or work with blobs a lot you might want to increase it. Do not set it too high however as it would be waste of memory – it is flushed every 1 sec anyway so you do not need space for more than 1 sec worth of updates. 8MB-16MB are typically enough. Smaller installations should use smaller values.

innodb_flush_log_at_trx_commit - Crying about Innodb being 100 times slower than MyISAM ? You probably forgot to adjust this value. Default value of 1 will mean each update transaction commit (or each statement outside of transaction) will need to flush log to the disk which is rather expensive, especially if you do not have Battery backed up cache. Many applications, especially those moved from MyISAM tables are OK with value 2 which means do not flush log to the disk but only flush it to OS cache. The log is still flushed to the disk each second so you normally would not loose more than 1-2 sec worth of updates. Value 0 is a bit faster but is a bit less secure as you can lose transactions even in case MySQL Server crashes. Value 2 only cause data loss with full OS crash.

Tags: key_buffer_size, linux, mysql, table_open_cache, tuning mysql

Leave a comment

Linux Interview Questions

: neelesh_gurjar; December 10th, 2010

1. What is Reverse Proxy & transperent proxy?

2. What is difference between statefull firewall and stateless firewall ?

3. What is cifs? is it protocol or filesystem? explain

4. What is snort ?

5. what is difference between IPS & IDS ?

6. What is Crashdump?

7. What is clustering ? What are types ?

8. What is fencing and which devices are used for fencing?

9. If I give command --> ls --> but nothing come on console.. tell me the possibilities that why this could have happened?

10. Difference between RAID 5 & 6 ? What if 2 disks fails in RAID 5 ? Can we make RAID 5 with 5 disks?

11. How to print 1 to 100 in bash without using any loop or scripting?

12. How to stop module to load in RAM?

13. How to call one shellscript in another?

14. How to copy or to do 1 task on 100s of server in minimum time?

15. How to use 4 NICs to increase network speed?

16. tell command to write 10GB file with block size of 128k?

17. How to test network speed between Network?

18. How to do LDAP replication?

19. What is UpdateDN & BindDN in OpenLDAP?

20. How to configure HTTPS websites in Apache?

21. How to configure DNS ? What is Authorative DNS & Root DNS?

22. Which parameters to tune for better Linux performance?

23. What is NMap & why it is used?

24. How to replicate MySQL?

25. How to configure HAproxy?

26. What is tcp_syncookies?

27. Which kernel parameters to modify to increase network packet size?

Tags: interview questions for linux administra, linux, linux administrator, linux interview questions

Leave a comment

Previous 10

neelesh_gurjar

Neelesh