Skip to main content

Posts

Showing posts from November, 2007

Tunneling TCP Services over HTTP(S)

HTTP Tunnel Definition HTTP Tunneling is a technique by which communications performed using various network protocols are encapsulated using the HTTP protocol, the network protocols in question usually belonging to the TCP/IP family of protocols. The HTTP protocol therefore acts as a wrapper for a covert channel that the network protocol being tunneled uses to communicate.The HTTP stream with its covert channel is termed a HTTP Tunnel. HTTP Tunnel software consists of client-server HTTP Tunneling applications that integrate with existing application software, permitting them to be used in conditions of restricted network connectivity including firewalled networks, networks behind proxy servers, and NATs. An HTTP Tunnel is used most often as a means for communication from network locations with restricted connectivity – most often behind NATs, firewalls, or proxy servers, and most often with applications that lack native support for communication in such conditions of r

Bash Script for FTP

#!/bin/bash USER=myusername PASS=mypasswd FTPSERVER=192.168.0.X ftp -i -n $FTPSERVER << EOF user $USER $PASS mkdir test cd test put myfile bye >> But FTP will allow transfer of files only,not the directory tree. If you want to transfer the Directory structure through FTP you can use LFTP or similar FTP clients. A variety of GUI Based clients are available LFTP lftp has builtin mirror which can download or update a whole directory tree. There is also reverse mirror (mirror -R) which uploads or updates a directory tree on server. Mirror can also synchronize directories between two remote servers, using FXP if available. It can be downloaded from http://lftp.yar.ru/get.html or http://rpm.pbone.net Here is a sample BASH Script to automate the FTP Transfer #!/bin/bash USER=ftpuser PASS=ftppasswd FTPSERVER=192.168.0.X LOCALDIR=/home/USER/LOCAL REMDIR=REMOTE lftp -u $USER,$PASS $FTPSERVER << EOF mirror -R $LOCALDIR $REMDIR quit >> N

How to disable directory browsing in Apache

One of the "must do's" on setting a secure apache webserver environment is to disable directory browsing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary. If you are on an RPM installation of Apache you will find the apache configuration file probably here: /etc/httpd/conf/httpd.conf If you are using apache from the source tar balls probably you will find the configuration file here: /usr/local/apache/conf/httpd.conf Edit the httpd.conf file and scroll until you find a line like this: Options All Indexes FollowSymLinks MultiViews To disable directory browsing carefully remove the line that says: Indexes and leave the line like this: Options All FollowSymLinks MultiViews Restart your apache webserver and thats it

Reboot Linux box after a kernel panic

If you want the server to get rebooted automatically after kernel hit by a pain error message, try adding panic=N to /etc/sysctl.conf file. It specify kernel behavior on panic. By default, the kernel will not reboot after a panic, but this option will cause a kernel reboot after N seconds. For example following boot parameter will force to reboot Linux after 10 seconds. Open /etc/sysctl.conf file # vi /etc/sysctl.conf When kernel panic’s, reboot after 10 second delay kernel.panic = 10 Save the file. You can do this on the fly also,by editing the GRUB While Grub loads edit and append the following to the KERNEL line panic=10 Alternatively, you may want to enable and use magic system request keys (SysRq). Linux kernel includes magic system request keys. It was originally developed for kernel hackers. However, you can use this hack to reboot, shutdown or halt computer safely (remember safe reboot/shutdown == flush filesystem buffers and unmount file system and then reboot so

Adding Extra Swap Space

There are situations where we have to expand the SWAP space after installation. For example, suppose you are upgrading RAM 512MB to 1 GB MB, but there is only 1 GB of swap space available which was created during installation. It might be an advantage to increase the amount of swap space to Double the RAM(2 GB) as per the UNIX/Linux guidance and will help you to perform memory eaters. You have two options: add a swap partition or add a swap file. It is recommended to add a swap partition, but this is not possible if you don't have free Disk space available. Option 1 Its better to reboot the server to SINGLE USER mode(if possible) before adding the extra SWAP Space And you can do an optional "swapoff" command to turn off all the swap spaces. Create the swap partition fdisk. # fdisk /dev/hda (Assuming Hard drive is hda) Type n ( for new partition) Determine the size for the partition then Toggle the partiotion label to Linux Swap.Its id is 82 Save the part

PHP and Pear MDB2 Installation

Installation of Pear MDB2 (2.4.1) with Apache-2.2.6 PHP-5.2.3(with MySQL and MySQLI) Backed up Existing PHP [root@hareesh ~]# mv /usr/local/lib/php /usr/local/lib/php.bak [root@hareesh ~]# mv /usr/local/bin/php /usr/local/bin/php.bak [root@hareesh ~]# mv /usr/local/include/php /usr/local/include/php.bak Installed PHP-5.2.3 with MySQL and MySQLI Support [root@hareesh lib]# cd /usr/local/src/ [root@hareesh src]# tar xjf php-5.2.3.tar.bz2 [root@hareesh src]# cd php-5.2.3 [root@hareesh php-5.2.3]# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-zlib --with-pear --with-mysql --with-mysql-sock=/tmp/mysql.sock --with-mysqli --with-mysqli-sock=/tmp/mysql.sock [root@hareesh php-5.2.3]# make Stopped Apache [root@hareesh ~]# /usr/local/apache2/bin/apachectl stop httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.46 for ServerName Then Installed PHP [root@hareesh php-5.2.3]# make install [root@hareesh php-5.2.3]# /usr/local/a

Cannot execute [Argument list too long]

Tried to remove some files like log files with /bin/rm -rf all at once, and you get this Error message # rm -rf /var/log/mail/*.old.log bash: /bin/rm: /bin/rm: cannot execute [Argument list too long] So, rm utility complains that the system-wide ARG_MAX value that is used to setup an input buffer size to process the entire list will overflow. Good security measure, but, doesn't help you out with the task at hand. To get around, use a combination of find , UNIX pipe , and xargs utilities. The rewrite of the original command would look something like this: # find . -name '*.old.log' -print0 | xargs -0 rm -f find naturally finds the target file names, and feeds them one by one into the unnamed UNIX/Linux pipe . The - print0 argument instructs to print the full file name on the standard output which is going to the pipe, followed by a null character (instead of the newline character that -print̢۪uses ). When pipe becomes full, find blocks waiting for more spac

Auto Logout of Inactive Users

How to force automatic logouts of users who forget to log out in case of inactivity detected ? BASH have a TMOUT variable.We can set the TIMEOUT value here for sessions. Add the TMOUT variable to your /etc/bashrc file: # vi /etc/bashrc Set TMOUT to 300 seconds (5 minuets): TMOUT=300 This will automatically logout users after 300 seconds of inactivity. This hack will only work with run level 2, 3 .It will not work with GUI sessions.

Simple Server Monitor

#!/bin/bash # BASH Script to monitor Server uptime,Servies,Memory Usage,Disk Usage,Load Average,Last Login and Reboot Details and Take backup of configuration files. DATE=`date +%d.%m.%Y` TIME=`date +%H.%M.%S` ADMIN=hareeshvv@gmail.com ## Mail ID of Admin ADMIN1=hareeshvaliyaveettil@gmail.com ## Mail ID of Admin FILES=(/etc/hosts /usr/local/apache/conf/httpd.conf /etc/php.ini /var/lib/pgsql/data/pg_hba.conf) services=(http mysql smtp ftp postgresql) ## List of services to be checked serviceports=(:80 :3306 :25 :21 :5432) ## List of services to be checked #services=(http https smtp) ## List of services to be checked #serviceports=(:80 :443 :25) ## List of services to be checked title=0 ## Definition of Functions # chkuptime function chkuptime () { echo " " >> /tmp/$DATE.$TIME echo "The Server `hostname` is up for `uptime | cut -f1 -d, | awk {'print $3'} ;uptime | cut -f1 -d, | awk {'print $4'}`" >> /tmp/$DATE.$TIME

Installation of PHP-Screw 1.5 with Apache 2.2.6 and PHP-5.2.3

Apache 2.2.6 Installation [root@myserver src]# pwd /usr/local/src [root@myserver src]# cd httpd-2.2.6 [root@myserver httpd-2.2.6]# [root@myserver httpd-2.2.6]# ./configure --enable-so --prefix=/usr/local/apache2 [root@myserver httpd-2.2.6]# make [root@myserver httpd-2.2.6]# make install PHP-5.2.3 installation [root@myserver src]# pwd /usr/local/src [root@myserver src]# cd php-5.2.3 [root@myserver php-5.2.3]# [root@myserver php-5.2.3]# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-zlib [root@myserver php-5.2.3]# make [root@myserver php-5.2.3]# make install Configured Apache for PHP 5 # vi /usr/local/apache2/conf/httpd.conf Added the following 3 lines LoadModule php5_module modules/libphp5.so AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps PHP Screw Installation [root@myserver src]# pwd /usr/local/src [root@myserver src]# cd php_screw-1.5 [root@myserver php_screw-1.5]# phpize [root@myserver php_screw-1.5]# ./configur

postfix/smtp connect to gmail.com[64.233.171.83]: Connection timed out (port 25) server dropped connection without sending the initial SMTP greeting

Postfix has been configured fine. The mail is working in the local Domain - mydomain.com But when I try to send mails to outer domains,it produces the following "TIMEOUT" errors in /var/log/mail/info Nov 5 23:02:43 mydomain postfix/pickup[30923]: 419941C678: uid=555 from= Nov 5 23:02:43 mydomain postfix/cleanup[31536]: 419941C678: message-id=<20071106050243.419941C678@mydomain.com> Nov 5 23:02:43 mydomain postfix/qmgr[22926]: 419941C678: from= , size=330, nrcpt=1 (queue active) Nov 5 23:03:13 mydomain postfix/smtp[31538]: connect to yahoo.com[66.94.234.13]: Connection timed out (port 25) Nov 5 23:03:13 mydomain postfix/smtp[31538]: connect to yahoo.com[216.109.112.135]: server dropped connection without sending the initial SMTP greeting (port 25) Nov 5 23:03:13 mydomain postfix/smtp[31538]: 419941C678: to= , relay=none, delay=30, status=deferred (connect to yahoo.com[216.109.112.135]: server dropped connection without sending the initial SMTP greeting) N

QMAIL port 25 and 110 are closed

Qmail installation went fine .But I was unable to connect to port 25 and 110.They were in closed state.When I tried to connect with telnet I got the “Connection refused” message. # qmailctl stat /service/qmail-send: up (pid 2219) 37 seconds /service/qmail-send/log: up (pid 2311) 37 seconds /service/qmail-smtpd: up (pid 2917) 1 seconds /service/qmail-smtpd/log: up (pid 2723) 37 seconds /service/qmail-pop3d: up (pid 2724) 1 seconds /service/qmail-pop3d/log: up (pid 2989) 37 seconds messages in queue: 0 messages in queue but not yet preprocessed: 0 Looks good but when I try to connect on the mail server I got the connection problem. ]# telnet localhost 110 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused # telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused I have checked the logs for qmail-smtpd and qmail-pop3d and contains a lots of error lines like the following: tcpserver: fatal: temporarily unable to

BASH Script to Generate files from existing ones with a partial change in filename

#!/bin/bash # BASH Script to generate $EXTENSION files like FILE_fr.$EXTENSION,FILE_sp.$EXTENSION from existing FILE_$SEARCHSTRING.$EXTENSION without causing any kind of overwrite. DIR=/tmp/html EXTENSION=extension SEARCHSTRING=en cd $DIR > /dev/null 2> /dev/null count=`find *$SEARCHSTRING.$EXTENSION | wc -l` n=1 echo $count \"*$SEARCHSTRING.$EXTENSION\" files found while [ $n -le $count ] do { filename=`find *$SEARCHSTRING.$EXTENSION | head -$n | tail -1` echo $filename language=(fr sp po) for (( i = 0 ; i < ${#language[@]} ; i++ )) do value=`ls $filename | awk -F "$SEARCHSTRING.$EXTENSION" {'print $1'}` find "$value""${language[$i]}".$EXTENSION > /dev/null 2> /dev/null if [ $? != 0 ] then { cp "$value"$SEARCHSTRING.$EXTENSION "$value""${language[$i]}".$EXTENSION

A Simple Service Monitor

#!/bin/bash # Check the Service Status of Server and send notification mail if anyone is DOWN. Server=192.168.0.35 ## IP of the remote Server to be monitored ADMIN=hareeshvv@gmail.com ## Mail ID of Admin Subject=Server-Status DATE=`date +%d.%m.%Y` TIME=`date +%H.%M.%S` mkdir /tmp/$DATE.$TIME cd /tmp/$DATE.$TIME services=(http https mysql smtp pop imap imaps ssh) ## List of services to be checked Watch () { #nmap $Server | grep ${services[$i]} > /dev/null 2> /dev/null ## Use this one for Remote Server which is not behind any firewall netstat -ntpl | grep ${services[$i]} > /dev/null 2> /dev/null ## Use this locally if [ $? != 0 ] then echo ${services[$i]} is DOWN >> result fi } for (( i = 0 ; i < ${#services[@]} ; i++ )) do Watch ${services[$i]} done grep DOWN result > /dev/null 2> /dev/null if [ $? = 0 ] then count=`grep DOWN result | wc -l` if [ ${#services[@]} = $count ] then echo "All Services are down" >> re

How to Create Custom Hot key to Launch Applications in GNOME

1. Open Applications -> System -> Configuration Editor from the GUI OR Open a terminal, type gconf-editor 2. Go to "apps" -> "metacity" -> "keybinding_commands" 3. Double-click on an unused element e.g. "command_10" 4. Type in the name of the application you want to launch, for e.g. "firefox" or "gnome-terminal" 5. Then go to "apps" -> "metacity" -> "global_keybindings" 6. Double-click on the command name that we have edited in "keybinding_commands" Section. Here for me it is "run_command_10" 7. Then enter the Keyboard shortcut you would like to launch the application I entered "<"Alt">"t here (without the quotes) for gnome-terminal. Thats all Go to Desktop and type Alt+t a GNOME terminal should open. It will depend on the active Windows also since some other applications may be having th

Simple Disk and Memory Monitor

#!/bin/sh # Shell script to monitor the disk space,Memory,SWAP Usage and send an email to $ADMIN, if the free avilable percentage of space is >= $ALERT ADMIN="hareeshvv@gmail.com" ADMIN1="admin1@mycompany.com" ADMIN2="admin2@mycompany.com" # Alert Level Percentage of Disk Usage . Default is 90% ALERT=90 df -h | grep -vE '^Filesystem|tmpfs|cdrom' | awk '{ print $5 " " $1 }' | while read output; do used=$(echo $output | awk '{ print $1}' | cut -d'%' -f1 ) partition=$(echo $output | awk '{ print $2 }' ) mountpoint=`mount | grep $partition | cut -f3 -d" "` if [ $used -ge $ALERT ]; then echo "Running out of space \"$partition ($used%) mounted on $mountpoint\" on $(hostname) as on $(date)" | mail -s "Alert: Almost out of disk space $used" -c $ADMIN1,$ADMIN2 $ADMIN fi done # Alert on RAM and SWAP Usage MEM=`free -m | grep Mem | awk -F"