Posts

Showing posts from 2013

Quickest way to setup - KEY-BASED AUTHENTICATION: LINUX

For example, we gonna setup key-based authentication from server 192.168.x.y to 192.168.x.z ( we will use this auth for root uesr ) 1). Create SSH-Kegen Keys on – 192.168.x.y [root@192.168.x.y~] # ssh-keygen -t rsa 2). Create .ssh Directory on – 192.168.x.z # ssh root@192.168.x.z mkdir -p .ssh The authenticity of host '192.168.x.z (192.168.x.z)' can't be established. RSA key fingerprint is 3x:x7:a4:e5:af:89:c5:dx:b1:3c: 9d:xx:66:47:03:xx. Are you sure you want to continue connecting (yes/no)?  "press yes" 3). Upload Generated Public Keys to – 192.168.x.z # cat .ssh/id_rsa.pub | ssh root@192.168.x.z 'cat >> .ssh/authorized_keys' 4). Set Permissions on – 192.168.x.z # ssh root@192.168.x.z "chmod 700 .ssh; chmod 640 .ssh/authorized_keys" 5). Now you can login 192.168.x.z without password: [root@192.168.x.y~] # ssh root@192.168.x.z Last login: xxxxxxxxxxxxxxxxxxxxxx from 'last login

Backup and Restore of LINUX System Disk using "dd" command:

Backup and Restore of LINUX System Disk using "dd" command: creating disk1: # dd if=/dev/zero of=disk1 bs=1024000 count=2048 # mkdir d1 # mkfs.ext3 disk1 # mount disk1 d1 // It will end with error, so try, # mount -o loop disk1 d1 creating disk2: # dd if=/dev/zero of=disk2 bs=1024000 count=2048 #mkfs.ext3 disk2 # mkdir d2 # mount -o loop disk2 d2 # df -h -----  result will be, We can also use conv=notrunc,noerror options with "dd" command , - The notrunc conversion option means do not truncate the output file — that is, if the output file already exists, just replace the specified bytes and leave the rest of the output file alone. - Noerror means to keep going if there is an error. Dd normally terminates on any I/O error. to confirm this, # losetup -a /dev/loop0: [fd00]:142387 (/root/disk1) /dev/loop1: [fd00]:142390 (/root/disk2) copy some file into d1 for example: # wget http://ip

SHELL SCRIPT to generate random PASSWORD and CAPTCHA

Image
1). create a file named "password.sh"   #!/bin/bash while : do     clear     cat<<EOF                 ===================                 PASSWORD GENERATOR:                 -------------------             Enter the (P)assword length             Enter the (C)aptcha length                       (Q)uit                 ------------------- EOF     read -n1 -s     case "$REPLY" in     "E")     echo -e -n "\n\t: "     read b     a=$(tr -dc "A-Za-z0-9~!@#$%^&*-_" < /dev/urandom | head -c$b)     echo -e "\n\n\t\t$a"     ;;     "C")     echo -e -n "\n\t: "     read b     echo -e "\n\n\t\t" `/usr/bin/shuf -i 1-$b -z`     ;;     "Q")  exit 0                    ;;     "q")  echo "case sensitive!!"   ;;     "c")  echo "case sensitive!!"   ;;     "e")  echo "case sensitiv

mount: could not find any free loop device

Mount warning "mount: could not find any free loop device" facing while increasing /tmp ? here is the solution for: losetup # mount -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp mount: could not find any free loop device # losetup -a /dev/loop0: [0802]:72617509 (/usr/tmpDSK) /dev/loop1: [0802]:72617509 (/usr/tmpDSK) /dev/loop2: [0802]:72618319 (/usr/tmpDSK) /dev/loop3: [0802]:72618319 (/usr/tmpDSK) /dev/loop4: [0802]:72618322 (/usr/tmpDSK) /dev/loop5: [0802]:72618322 (/usr/tmpDSK) /dev/loop6: [0802]:72618323 (/usr/tmpDSK) /dev/loop7: [0802]:72618324 (/usr/tmpDSK) # losetup -d /dev/loop[0-7] # losetup -a # mount -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp Done !!!

How to find the last argument passed to a Shell Script:-

To find the last argument passed to a Shell Script: $1 - first arguments. $* / $@ -  all arguments. $# - number of arguments. Here is a script to find the last argument passed, # cat arguments.sh #!/bin/bash if [ $# -eq 0 ] then echo "No Arguments supplied" else echo $* > .ags sed -e 's/ /\n/g' .ags | tac | head -n1 > .ga echo "Last Argument is: `cat .ga`" fi Output: # ./arguments.sh No Arguments supplied # ./arguments.sh testing for the last argument value Last Argument is: value

Run commands periodically without cron is possible?

In Linux - can run periodical commands without cron ??!??....... Yeah, Running commands periodically without cron is possible when we go with "while". As a command: # while true; do <your command here> ; sleep 100; done & Example: # while true; do echo "Hello World" ; sleep 100; done & do not forget the last "&" as it will put your loop in the background. Same way to call a script, crate file name: while_check.sh # cat while_check.sh #!/bin/bash while true; do /bin/sh script.sh ; sleep 100; done & # cat script.sh echo "Hello World" # ./while_check.sh Is it useful??

Random Manual(command's) Pages while login SSH:

If you wish to know the linux command's random man page in every SSH login, Kindly add below line in .bashrc file, /usr/bin/man $(ls /bin | shuf | head -1) Now you got it, useful right???

find difference between two files using Shell Script - BASH

Image
Use below script to find difference between two file in faster way..... 1). copy paste below script in simplediff.sh 2). chmod 755 simplediff.sh ===== #!/bin/bash echo -e "Enter the full path for FILE1:" read f echo -e "Enter the full path for FILE2:" read g if [ ! -f $f ] || [ ! -f $g ] then echo "FILE1 or FILE2 MISSING" else echo -e "Enter ( 1 ) to konw Different contents in FILE1\nEnter ( 2 ) to know the Different contents in FILE2" read h case "$h" in 1) clear echo -e "File1:" echo -e "(First line shows the file's Last Modify time)\n" /usr/bin/diff -u $f $g | grep '^-' if [ $? == 1 ] then clear echo -e "\033[33;32m" echo -e "\n\nNo Different contents Found !\n\n" echo -e "\033[33;0m" fi ;; 2) clear echo -e "File2:" echo -e "(First line shows the file's Last Modify time)\n" /usr/bin/diff -u $f $g | grep '^+'

SELinux: Tiny Tip

Image
SELinux Modes: Enforcing - SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly. Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached. Normal models(When SELinux Disabled): In the regular permissions models, processes run as users, and the files and other resources on the system are labeled with permissions that control which users have what access to which files. SELinux: SELinux adds a parallel set of permissions, in which each process runs with a SElinux security context, and files and other resources on the system are also labeled with a security context. The difference from normal permissions is that a configurable SELinux policy controls which process contexts can access which file contexts. Red Hat provides a default policy which most people use.  Another difference with SELinux, is that to have access to a

unexpectedly shrunk window (repaired) in dmesg log - TCP Peer

Don't Panic, This normally occurs when a client decides to reduce its TCP window size, without the server expecting it. This can be the case when fragmentation is an issue, or when the client is using an embedded device with very little NIC buffer memory. This is a completely normal behaviour, and you’re likely to see quite a few such packets in your log. The messages are informational only, and are used to debug networking issues. I’d be worried if you saw hundreds of thousands of these packets, since there are attacks that involve packet fragmentation and small window sizes, but otherwise it’s just the normal sort of noise you should expect to see on any internet-facing network. In fact, the “repaired” part of your message is showing that your network driver fixed the issue, which is usually done by concatenating the payloads of two fragmented packets together. Shouldn’t be an issue at all. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … 

Solved: ERROR: ld.so: object '/lib/libdevmapper-event.so.1.20.0' from /etc/ld.so.preload cannot be preloaded: ignored.

Error: ERROR: ld.so: object '/lib/libdevmapper-event.so.1.20.0' from /etc/ld.so.preload cannot be preloaded: ignored. Fix: Use Your favorite editor, here i use vi to edit the file /etc/ld.so.preload and comment out the line: /lib/libdevmapper-event.so.1.20.0 then it will look so, # cat /etc/ld.so.preload #/lib/libdevmapper-event.so.1.20.0 For: ERROR: ld.so: object '/lib/libsafe.so.2' from /etc/ld.so.preload cannot be preloaded: ignored Fix: comment out the line: /lib/libsafe.so.2 in /etc/ld.so.preload Thanks.

VMware ESX vs ESXi

Image
What is VMware ESX ? ESX (Elastic Sky X) is the VMware’s enterprise server virtualization platform. In ESX, VMkernel is the virtualization kernel which is managed by a console operating system which is also called as Service console. Which is linux based and its main purpose is it to provide a Management interface for the host and lot of management agents and other thrid party software agents are installed on the service console to provide  the functionalists like hardware management and monitoring of ESX hypervisor. What is VMware ESXi ? ESXi (Elastic sky X Integrated) is also the VMware’s enterprise server virtualization platform. In ESXi, Service console is removed. All the VMware related agents and third party agents such as management and monitoring agents can also run directly on the VMkernel. ESXi is ultra-thin architecture which is highly reliable and its small code-base allows it to be more secure with less codes to patch. ESXi uses Direct Console User Interface (DCUI)

possible SYN flooding on port xxxx. Sending cookies.

This could be a form of DOS attack on the box and It is likely to be TCP backlog queue maximum size has been reached. 1). To Ascertain the current maximum size: # cat /proc/sys/net/ipv4/tcp_max_syn_backlog 1024 Adjust the size, 4096 is recommended unless the box has a minute amount of memory in modern standards (<1Gb). # echo "4096" >/proc/sys/net/ipv4/tcp_max_syn_backlog 2). To Enable fast recycling TIME-WAIT sockets. add the following to /etc/sysctl.conf, then run 'sysctl -p' net.ipv4.tcp_tw_recycle = 1 Check dmesg to see if the problem persist. !

No running copy - squid: ERROR

# squid -k reconfigure squid: ERROR: No running copy In /var/log/messages, "Squid Parent: child process 1147 exited due to signal 6" In syslog: "Failed to verify one of the swap directories, Check cache.log#012#011for details. Run 'squid -z' to create swap directories#012#011if needed, or if running Squid for the first time." In syslog, A warning appears to make swap directory running the squid, # squid -z (-z : Create swap directories) # squid start …

Dsniff - Network Monitoring:

Dsniff: It is a suit of tools for auditing the network and penetration testing. We can use this tool for passive monitoring a network for some important data (passwords, e-mail, files, etc.). Installation: # wget http://www.monkey.org/~dugsong/dsniff/beta/dsniff-2.4b1.tar.gz # tar zxf dsniff-2.4b1.tar.gz # wget http://www.enzotech.net/files/dsniff-2.4.fixed.FC.patch # patch -p0 < dsniff-2.4.fixed.FC.patch # cd dsniff-2.4 # ./configure && make && make install Thanks!

Permanent(301) VS Temporary(302) redirect

301 vs 302 redirect: 301: Status 301 means that the resource (page) is moved permanently to a new location. The client/browser should not attempt to request the original location but use the new location from now on. It's like a Change of Address form from the Postal Service. All traffic intended for URL A is permanently routed to URL B, and all link popularity and existing SEO value for URL A should also be transferred to URL B. 302: Status 302 means that the resource is temporarily located somewhere else, and the client/browser should continue requesting the original url. There are very few instances where this type of redirect should be used, but unfortunately it is the easiest to implement. This means that many webmasters unfamiliar with search engine mechanics use the wrong type of redirect. Is it okay?

Linux- Kickstart Based Installation

KickStart provides a way for users to automate a Red Hat Enterprise Linux installation. Here are simple steps: 1.Install Apache. [root@ranjith ~]# rpm -qa |grep -i httpd [root@ranjith ~]# yum -y install httpd [root@ranjith ~]# lsof -i tcp:80 COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME httpd   10787   root    4u  IPv6 223062      0t0  TCP *:http (LISTEN) httpd   10789 apache    4u  IPv6 223062      0t0  TCP *:http (LISTEN) httpd   10790 apache    4u  IPv6 223062      0t0  TCP *:http (LISTEN) 2. Create a install root where we gonna installing the contents of the cdrom to, We can use under default document root in /var/www/html. [root@ranjith ~]# cd /var/www/html/ [root@ranjith html]# mkdir centos5 [root@ranjith html]# cd centos5/ [root@ranjith centos5]# pwd /var/www/html/centos5 3. Download and mount the centos ISO file from: centos.org Here i download: CentOS-6.4-x86_64 4. Mount the iso you downloaded to a mount point. [root@ranjith mnt]# mount -

How to trace inode usage?

Here is the command to trace inode usage: # echo "Detailed Inode usage for: $(pwd)" ; for d in `find -maxdepth 1 -type d |cut -d\/ -f2 |grep -xv . |sort`; do c=$(find $d |wc -l) ; printf "$c\t\t- $d\n" ; done ; printf "Total: \t\t$(find $(pwd) | wc -l)\n"

Linux - DDoS Deflate To Block DDoS Attack

(D)DoS Deflate is a shell script developed by Zaf, originally for use on MediaLayer servers to assist in combating denial of service attacks. However, it was seen to be very effective for our purpose and It is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level. # netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n IP addresses with over a pre-configured number of connections are automatically blocked in the server's firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.) Notable Features: It is possible to white-list IP addresses, via /usr/local/ddos/

KERNEL PARAMETER CONFIGURATION:

# PREVENT YOU SYSTEM FROM ANSWERING ICMP ECHO REQUESTS echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # DROP ICMP ECHO-REQUEST MESSAGES SENT TO BROADCAST OR MULTICAST ADDRESSES echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # DONT ACCEPT ICMP REDIRECT MESSAGES echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # DONT SEND ICMP REDIRECT MESSAGES echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects # DROP SOURCE ROUTED PACKETS echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # ENABLE TCP SYN COOKIE PROTECTION FROM SYN FLOODS echo 1 > /proc/sys/net/ipv4/tcp_syncookies # ENABLE SOURCE ADDRESS SPOOFING PROTECTION echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter # LOG PACKETS WITH IMPOSSIBLE ADDRESSES (DUE TO WRONG ROUTES) ON YOUR NETWORK echo 1 > /proc/sys/net/ipv4/conf/all/log_martians # DISABLE IPV4 FORWARDING echo 0 > /proc/sys/net/ipv4/ip_forward

Apache MaxClients Calculation

MaxClients: The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced. For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit. calculating MaxClients value: #!/bin/bash tome=$(free -m | grep -i mem | awk '{print $2}') htps=$(ps -aylC httpd |grep "httpd" |awk '{print $8'} |sort -n |tail -n 1) mysme=$(ps aux | grep 'mysql' | awk '{print $6}' |sort -n |tail -n 1) rafa=1024 nmysme=$(expr $mysme / $rafa) nhtps=$(expr $htps / $rafa) echo -e "\nTotal Memory = $tome" echo -e "Largest httpd

Apache: Prefork MPM vs Worker MPM

Difference between Prefork and Worker MPM modules. prefork worker (mpm_winnt This Multi-Processing Module is optimized for Windows NT.) (mpm_netware Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare) Prefork MPM: A prefork mpm handles requests just like apche 1.3. As the name suggests this will pre fork necessary child process while starting apache. It is suitable for websites which avoids threading for compatibility for non-thread-safe libraries . It is also known as the best mpm for isolating each request. Working: A single control process is responsible for launching child processes which listen for connections and serve them when they arrive. Apache always tries to maintain several spare or idle server processes, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new child processes to be forked before their requests can be served. We can adjust this spare process through the

MySQL storage on RamFS or TmpFS partition

Mount tmpfs to a folder: # mkdir /var/ramfs # mount -t ramfs -o size=1G ramfs /var/ramfs/ Here we mounted ramfs to /var/ramfs. I am using ramfs in oppose to tmpfs mainly because:     ramfs grows dynamically(tmpfs doens’t)     ramfs doesn’t use swap(while tmpfs does) RAM-backed file system is mounted, so now I need to populate it with MySQL files for processing. To do that I will need to stop mysql, copy it’s database files over to ramfs, adjust AppArmor and MySQL settings and start mysql server again. Here is the chain of commands to do that: Copying files: # /etc/init.d/mysql stop # cp -R /var/lib/mysql /var/ramfs/ # chown -R mysql:mysql /var/ramfs/mysql Tweaking MySQL config: # cp /etc/mysql/my.cnf /etc/mysql/original-my.cnf # vi /etc/mysql/my.cnf Find line with ‘datadir‘ definition(it will look something like datadir = /var/lib/mysql) and change it to datadir = /var/ramfs/mysql Looks like we’re done with settings, let’s see if it will work: # /etc/init.d/my

Protecting Web Servers from Distributed Denial of Service Attacks(DDoS):

Possible SYN flooding on port 80. Sending cookies: If frequently faced an outage of web services. On investigating, I found that it had something creeping up in it's logs. Something which read -     kernel: possible SYN flooding on port 80. Sending cookies. It looked like a Denial of service attack. It was evident that I needed to beef up security! Avoiding a DDOS attack on a web server: iptables comes with a module (limit) using which a DDOS attack can be tackled. Depending on the type of web service running on the server, I decided a limit of 15 HTTP syn packets per second would be enough. First, We had a look at the existing rules     # iptables -L -v This shows you the rules and the default policy that are set in the existing chains - INPUT, FORWARD and OUTPUT. Then we followed these quick steps - 1. Create a new chain and name it, say, DDOS_SYNFLOOD,     # iptables -N DDOS_SYNFLOOD 2. Add a limit to no.of packets 15 per second with a max burst of abo

Recalling command history - Bash Shell

  Recalling command history: !! - Last command and all arguments !-3 - Third-to-last command and all arguments !^ - First argument of last command !:3 - Third argument of last command !$ - Last argument of last command !* - All arguments of the last command !30 - Expands to the 30th command in history !find - Last command beginning with 'find' !?find - Last command containing 'find' ^name^type - Last command with first instance of 'name' replaced with 'type !:gs/name/type - Last command with all instances of 'name' replaced with 'type' <command>:p - Don't execute and print command. Command to trim the Whitespace: echo -e "Here is the command to trim \n \n White space" | /usr/bin/tr -d '[:space:]'

InnoDB vs MyISAM

InnoDB and MyISAM: InnoDB is newer while MyISAM is older. InnoDB is more complex while MyISAM is simpler. InnoDB is more strict in data integrity while MyISAM is loose. InnoDB implements row-level lock for inserting and updating while MyISAM implements table-level lock. InnoDB has transactions while MyISAM does not. InnoDB has foreign keys and relationship contraints while MyISAM does not. InnoDB has better crash recovery while MyISAM is poor at recovering data integrity at system crashes. MyISAM has full-text search index while InnoDB has not. In light of these differences, InnoDB and MyISAM have their unique advantages and disadvantages against each other. They each are more suitable in some scenarios than the other. Advantages of InnoDB:     InnoDB should be used where data integrity comes a priority because it inherently takes care of them by the help of relationship constraints and transactions.     Faster in write-intensive (inserts, updat

Comment specific lines in VI editor

To Comment specific lines in VI Editor: syntax: :x,y s/^/#/g x,y -> starting and ending line numbers. ^ -> points to line's begning # -> usual way to comment in vim Example: :450,500 s/^/#/g (or) :.,+10 s/^/#/g . is current line +10 is ten lines from the current.

Difference Between VIRUS, TROJAN and ROOT-KIT

VIRUS: A virus is normally runs in "stealth mode", hiding itself by infecting executalbes and system files., It still typically runs as an application which is why anti-virus software can detect and remove it. TROJAN: A trojan, which is an advanced virus, is meant to hide in a more soophisticated fashion. ROOT-KIT: A root-kit, on the other hand, subverts part of the operating system to hide it self and gain the maximum control possible. Due to this, it is capable of monitoring as well as performing all activities on a system. It can act as a vehicle for other root-kits and virues as well. Root-Kits turn a computer into a remotely controllable victim, often also making it a spam-bot to send out unsolicited commercial email.

Monitor Remote Linux Host using Nagios:

Configuration steps on the Nagios monitoring server to monitor remote host: Download NRPE Add-on: Download nrpe-2.12.tar.gz from Nagios.org and move to /home/downloads: Install check_nrpe on the nagios monitoring server: # tar xvfz nrpe-2.12.tar.gz # cd nrpe-2.1.2 # ./configure # make all # make install-plugin ./configure will give a configuration summary as shown below: *** Configuration summary for nrpe date ***: General Options: ———————— NRPE port: 5666 NRPE user: nagios NRPE group: nagios Nagios user: nagios Nagios group: nagios Note: I got the “checking for SSL headers… configure: error: Cannot find ssl headers” error message while performing ./configure. Install openssl-devel as shown below and run the ./configure again to fix the problem. # rpm -ivh openssl-devel-0.9.7a-43.16.i386.rpm krb5-devel-1.3.4-47.i386.rpm zlib-devel-1.2.1.2-1.2.i386.rpm e2fsprogs-devel-1.35-12.5. Verify whether nagios monitoring server can talk to the remotehost. #/usr/local/nagios/libexec/check_nrpe -

chkrootkit installation.

chkrootkit installation steps: # cd /usr/local/src/ – Down load the chkrootkit. # wget  http://www.spenneberg.org/ chkrootkit-mirror/files/ chkrootkit.tar.gz - Unpack the chkrootkit you just downloaded. # tar -xvzf chkrootkit.tar.gz - Change to new directory # cd chkrootkit-* (select the version ) - Compile chkrootkit # make sense - Run chkrootkit # ./chkrootkit How to setup a daily scan report? - Load crontab # crontab -e - Add this line to the top: ============================== ============================== ============== 0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit output”  email@domain.com ) ============================== ============================== ==============

Nagios: CRITICAL - Socket timeout after 10 seconds

Socket timeout after 10 seconds: As any other monitoring system Nagios can produce false alarms. Usually it happens when Nagios fails to get the reply from the host being monitored during some pre-defined timeout. In order to mark service as down Nagios does three checks and if all of them are failed then the service is marked down and administrator will got an alert about its critical status. At the same time even if one of those checks fails Nagios will report administrator about it depending on configuration. If you face some false alarms occasionally but the service is actually online then it makes sense to increase timeout value from default 10 seconds to, let’s say, 20 seconds. FIX: Open one of nagios’ configs where check commands are defined (usually it’s /etc/nagios/commands.cfg file) and find there a block named check_nrpe, add “-t 20″ to the end of its command_line so it will look like below: define command {     command_name    check_nrpe     command_line    $USER1$/chec

NagiOS Server Monitoring Tool- LINUX

Image
Quick installation steps: Nagios is an enterprise-class open source computer/network monitoring software with on-going enhancements from its vibrant community made up of worldwide supporters. User account and group ID: [root@ranjith ~]# useradd -m nagios [root@ranjith ~]# passwd nagios [root@ranjith ~]# groupadd nagcmd [root@ranjith ~]# usermod -a -G nagcmd nagios [root@ranjith ~]# usermod -a -G nagcmd apache Download the latest Nagios Core and Nagios Plugins source files or just use just uses wget to download as below, Nagios Core: [root@ranjith ~]# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz compile and install the Nagios core: [root@ranjith ~]# tar -zxvf nagios-3.2.3.tar.gz [root@ranjith ~]# cd nagios-3.2.3 FYI : From next execution onwards, you may use tee command to duplicate output to a file for examination, which could be useful to trace errors that triggered when compiling source code. [root@ranjith ~]# ./configure -

Cherokee Web Server on Linux ( Cross-platform Web server ) :

Cherokee is one of the fastest and most flexible web server's available. Cherokee is able to gracefully handle many concurrent connections while maintaining a low memory footprint. It supports a large variety of technologies, features, load balancing capabilities, platforms, and provides an administration interface to configure your server and sites. Installation: RPM: [root@ranjith ~]# rpm -Uvh http://download.fedora.redhat. com/pub/epel/5/i386/epel- release-5-4.noarch.rpm YUM: [root@ranjith ~]# yum install cherokee start Cherokee and add it to the default runlevel (to start at boot time). [root@ranjith ~]# /etc/init.d/cherokee start [root@ranjith ~]# chkconfig cherokee on Configuration Unlike Apache, Cherokee itself provides an interface for administering the web server. To start the admin interface, run the following command in the shell. [root@ranjith ~]# cherokee-admin -b The output of this command will show the login pass, and URL. Similar to the

Bash Test Operators

STRINGS: ------------------------------------- syntax: if [ "$str1" operator "$str2" ] then    command fi ------------------------------------- =     is equal to ==     is equal to     if (( $1 == $2 )) [Note: Used within double parentheses] The == comparison operator behaves differently within a double-brackets test than within single brackets. [[ $a == z* ]]     True if $a starts with an “z” (pattern matching). [[ $a == "z*" ]]     True if $a is equal to z* (literal matching). [ $a == z* ]     File globbing and word splitting take place. [ "$a" == "z*" ]     True if $a is equal to z* (literal matching). !=     is not equal to <     is less than, in ASCII alphabetical order >     is greater than, in ASCII alphabetical order -n     string is not “null.” -z     string is “null, ” that is, has zero length INTEGERS:  -------------------------------------------- syntax: if [ "$string1" operator &qu