Saturday, December 6, 2014

DNS Server Step for Centos5/RHEL5

1 => # yum install cachi* (for caching )

2 => # yum install bind* ( Dependencies )

###########################################
3 => Configure DNS Server

 #vim /etc/named.caching-nameserver.conf

// named.caching-nameserver.conf
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
acl mylan {192.168.10.0/24; };
options {
listen-on port 53 { mylan; 192.168.10.1; };   #dns ip address
#  listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    query-source    port 53;   
#  query-source-v6 port 53;
    allow-query     { mylan; localhost; };
};
logging {
        channel default_debug {
         file "data/named.run";
         severity dynamic;
        };
};

view localhost_resolver {
    match-clients        { mylan; localhost; };
    match-destinations { mylan; localhost; };
    recursion yes;
    include "/etc/named.rfc1912.zones";
};


#save and exit

#########################################

4 =>

#vim /etc/named.rfc1912.zones

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
    type hint;
    file "named.ca";
};
###### By default we are using this for forward zone  #####
zone "localdomain" IN {         
    type master;
    file "localdomain.zone";
    allow-update { none; };
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};
###### I am using below for forward zone entry ######
zone "home.lab" IN {        
    type master;
    file "home.lab.frd";
    allow-update { mylan; };
};

######## By default Reverse zone entry ###########

zone "0.0.127.in-addr.arpa" IN {    
    type master;
    file "named.local";
    allow-update { none; };
};

####### I am using below for reverse zone #########

 zone "10.168.192.in-addr.arpa" IN {     
    type master;
    file "home.lab.rev";
    allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
    file "named.ip6.local";
    allow-update { none; };
};

zone "255.in-addr.arpa" IN {
    type master;
    file "named.broadcast";
    allow-update { none; };
};

zone "0.in-addr.arpa" IN {
    type master;
    file "named.zero";
    allow-update { none; };
};

save and exit

######################################

5 => Edit Reverse lookup file

# cd /var/named.chroot/var/named/

#vim home.lab.rev

$TTL    86400
@       IN      SOA     pc1.home.lab. root.pc1.home.lab.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      pc1.home.lab.
1       IN      PTR     pc1.home.lab.

#save and exit

#########################################
6 => edit Forword lookup zone file

#vim home.lab.frd

$TTL    86400
@        IN SOA    pc1.home.lab. root.pc1.home.lab. (
                    42        ; serial (d. adams)
                    3H        ; refresh
                    15M        ; retry
                    1W        ; expiry
                    1D )        ; minimum
            IN NS        pc1.home.lab.
pc1.home.lab.    IN     A        192.168.10.1
home.lab.    IN     A        192.168.10.1
@    IN     MX        10    pc1.home.lab.
pc1    IN    MX    10        pc1.home.lab.

################################################

7 => Restart Service

#service named restart
#chkconfig named on
#service network restart
#chkconfig network on

Check

#dig domain.com

Friday, December 5, 2014

2 Bash Script to create Samba user and give samba password to samba user


 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! A !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Step 1 => Create script

Note : login with root user on your terminal 

#vim smbuser.sh      

#!/bin/bash
for USER in nirmal test2 test3 test4 test5
do

useradd -r -s /bin/false  $USER
PASSINPUT=`echo $USER|cut -c1-3`123 
(echo $PASSINPUT ; echo $PASSINPUT)  | smbpasswd -s -a $USER
done


# Now save this script


Step 2 => Run script to create users

#chmod +x  smbuser.sh
#./smbuser.sh

Added user nirmal.
Added user test2.
Added user test3.
Added user test4.
Added user test5.

Note : This script will create user test1 test2 test3 test4 test5 and set first 3 character and 123 for there password . 
For Example : nirmal user password is nir123 .


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

if you have thousand of user the you can take input from file also follow below
step.

Step 1 => Create a file and write all samba user name in the file like below
format.
Note : login with root user on your terminal  

 #vim /root/user.txt
 nirmal
 test1
 test2
 test3
 test4

#vim smbuser.sh      
#!/bin/bash
for USER in `cat /root/user.txt`
do

useradd -r -s /bin/false  $USER
PASSINPUT=`echo $USER|cut -c1-3`123 
(echo $PASSINPUT ; echo $PASSINPUT)  | smbpasswd -s -a $USER
done

# Now save this script

Step 2 => Run script to create users

#chmod +x  smbuser.sh
#./smbuser.sh

Added user nirmal.
Added user test2.
Added user test3.
Added user test4.
Added user test5.

Note : This script will create user nirmal test2 test3 test4 test5 and set first 3 character and 123 for there password . 
For Example : nirmal user password is nir123 .

Install MySQL Server 5.6 in CentOS6.*/Red Hat6.* from YUM Repo


Hi friends to install mysql-server 5.6 on Centos6.* /Rhel6.* follow below step .

Step 1 => Login into your Server and run below command to install you repo.

#rpm -Uvh http://repo.mysql.com/mysql-community-release-el6-5.noarch.rpm
Retrieving http://repo.mysql.com/mysql-community-release-el6-5.noarch.rpm
Preparing... ###############################[100%]
1:mysql-communityrelease######################[100%]

Step 2 => Update your yum repository by running below command .

#yum update

Step 3 => Now install the mysql-server by using below yum command.

#yum install mysql-server  -y

Step 4: After installation start the mysql server services

#service mysqld restart
#chkconfig mysqld on


#mysql -V   (To check mysql installed version )
mysql  Ver 14.14 Distrib 5.6.22, for Linux (x86_64)


Step 5: Set mysql root password  by using below command

 A : Use can set mysql root password by below command

  #/usr/bin/mysqladmin -u root password 'new-password'
  #/usr/bin/mysqladmin -u root -h hostname password 'new-password'

OR


  #/usr/bin/mysql_secure_installation

 OR

/usr/bin/mysql -uroot
mysql> use mysql;
mysql> update user set password=PASSWORD("root123") where user='root';

mysql> flush privileges;
mysql> quit



#######   Mysql server 5.6 setup successfully enjoy it ###########



Tuesday, December 2, 2014

All Possible way to Manage and Troubleshooting of Xampp Server in Linux


 Download Latest  versions of xampp/lampp from below link

http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/

=> To check status of lampp services
#/opt/lampp/lampp status
#/opt/lampp/lampp start
#/opt/lampp/lampp stop
#/opt/lampp/lampp stopapache (stop apache only)
#/opt/lampp/lampp stopftp (stop ftp only)
#/opt/lampp/lampp stopmysql (stop mysql only)
#/opt/lampp/lampp startmysql (start mysql only)
#/opt/lampp/lampp startftp (start ftp only)
#/opt/lampp/lampp startapache (start apache only)
#/opt/lampp/lampp reload (reload xampp (Apache,mysql and others))
#/opt/lampp/lampp reloadapache (reload apache only)
#/opt/lampp/lampp reloadmysql (reload mysql only)
#/opt/lampp/lampp reloadftp (reload ftp only)
#/opt/lampp/lampp security (To check security)
#/opt/lampp/lampp phpstatus (To check php status)
#/opt/lampp/lampp php5 (To activate php5)
#/opt/lampp/lampp php4 (To activate php4)

To start lampp on syatem start up run below command
Debian, Ubuntu.

#sudo ln -s /opt/lampp/lampp /etc/init.d/lampp
#sudo update-rc.d lampp start 80 2 3 4 5 . stop 30 0 1 6 .
RedHat, Fedora, CentOS. If your Linux distro uses "chkconfig" tool to install the services you can run the following commands:
#sudo ln -s /opt/lampp/lampp /etc/init.d/lampp
#sudo chkconfig --add lampp
SUSE
#sudo ln -s /opt/lampp/lampp /etc/init.d/lampp
#sudo chkconfig lampp 2345

=> Database folder (/opt/lampp/var/mysql folder contain database )

#/opt/lampp/var/mysql/(database name)

=> Database folder (/opt/lampp/var/mysql folder contain database )
#/opt/lampp/var/mysql/(database name)
If lampp is giving error mysql could not start at the time of restart just delete below file and restart again
#rm /opt/lampp/var/mysql/*.pid
#rm /opt/lampp/logs/httpd.pid

If lampp is giving error ProFTPD is already running at the time of restart just delete below file and restart again

#/opt/lampp/lampp stopftp
#rm -f /opt/lampp/var/proftpd.pid
#/opt/lampp/lampp start
#/opt/lampp/lampp startftp
TO give password on phpmyadmin
/opt/lampp/bin/mysqladmin password 123456

TO change password for phpmyadmin
/opt/lampp/bin/mysqladmin -p oldpassword password newpassword

To Disable delete permission in lampp through php
vim /opt/lampp/etc/php.ini
disable_functions = unlink ;Put this entry in php.ini 

Advance Samba Server on Centos/RHEL/Ubuntu

Step 1:  Install Samba Server Package 

#yum -y install samba
  or 
 #apt-get install samba

Step 2: Create Directory to Share with Samba 

 #mkdir  /opt/Data

Step 3 : Change Configuration file 

#vim /etc/samba/smb.conf

#  change workgroup (Windows' default)

workgroup = WORKGROUP
# uncomment and change IP address you allow

hosts allow = 127.  10.0.0.
# change change (no auth)
security = user 

 #Now add below configuration in the last of configuration file 

    [Data]    #Change share name according to your requirement
    comment = Data   #Change comments according to you
    path = /opt/Data    #Change directory path according to your requirement
    recycle:noversions = *.doc
    force directory mode = 0777
    force group = test
    recycle:keeptree = yes
    hide dot files = yes
    veto files = /.deleted/    # Deleted file by user store in .deleted folder in your  
                                          #share
    recycle:maxsize = 0      # 0 value means unlimited
    recycle:touch = yes
    vfs objects = recycle
    browseable = no
    writeable = yes
    recycle:exclude_dir = /tmp
    force create mode = 0777     
    recycle:exclude = *.tmp
    valid users = @test          # all the user from test group can access this share
    create mode = 0777
    recycle:versions = yes
    recycle:repository = .deleted/%U   # %U create every user folder who will  
                                                            #delete the file and folder
    directory mode = 0777                   # directory will create with 777 
                                                             #permission in directory

#Note : Change Share name , Share Directory Path , and valid user according to your requirement .

# Now save the file and restart services .


Step 4 : Restart services

For Centos/RHEL

#service smb restart
#chkconfig smb on

For Ubuntu

#/etc/init.d/smbd   restart


Extra Activity according to requirement .


=> To enable link in samba share to visible make below entry in /etc/samba/smb.conf
[global]
follow symlinks = yes
wide links = yes
unix extensions = no


=> To Mount Samba permanent in Linux system
#mount -t cifs -o username=user,workgroup=workgroupname,password=pass //192.168.1.100/share   /mnt/share




##### Samba Share configured successfully enjoy ################

Monday, December 1, 2014

MYSQL Server Management for Administrator


1 => To take all database backup with one command

#mysqldump -uroot -pPassword --all-databases | gzip > /home/database_`date '+%m-%d-%Y'`.sql.gz

#mysqldump -uroot -pPassword --all-databases --events --routines >/srv/all_databases.sql


2 => To take selected database backup with one command
#mysqldump -uroot -pPassword --databases db1 db2 db3 | gzip > /home/database_`date '+%m-%d-%Y'`.sql.gz

3 => To import tar.gz database file in mysql
#zcat database.sql.gz | /opt/lampp/bin/mysql -uroot -pPassword

4 => To update table on remote system from local system
#mysqldump -uroot -pPassword databsaename  tablename | mysql -uroot -pPassword -h10.0.3.230 remotedatabasename


Note = If you get permission problem run below query on remote system.
grant all on database.* to 'root'@'%' identified by 'Password'

4 => To delete tables run below query
#drop tables `paper_comments`, `practice_test_ans`, `prs_test_paper`, `vc_subject`;


5 => To create user in mysql database

#CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

6 => To import table without checking foreign key write below query in table on
set foreign_key_checks=0;
after import run
set foreign_key_checks=1;


7 => To run mysql command in script without username password set bellow command

A => Create local login path to use in script
mysql_config_editor set --login-path=local --host=localhost --user=root --password

B => Then you can use in your shell script:
mysql --login-path=local -e "show databases"
instead of:
mysql -u username -p pass -e "show databases"

8 => To repair and recover mysql database with command
1 ) /etc/rc.d/init.d/mysql stop

2) Repair all SQL databases:
myisamchk -r /var/lib/mysql/*/*.MYI

3) Start mysql again:
/etc/rc.d/init.d/mysql start


9 => To Change mysql data dirictory
#vim /etc/mysql/my.cnf
#datadir = /opt/var/lib/mysql
#rsync -av /var/lib/mysql   /opt/var/lib/mysql
#services mysqld restart

10 + most usable SED Commands for Administrator


1 => To delete any line from any file with sed example.

A: Below command will search and delete httpd line from /etc/rc.local
#sed -i '/httpd/d' /etc/rc.local

B: To make entry in side file with sed example

#sed -i '$ i\\/opt\/lampp\/tomcat\/bin\/startup.sh' /etc/rc.local
#sed -i '$ i\emrepair' /etc/rc.local

Note : Above command will make entry before last line where $i is used for indicate last line

C: This command will make entry in 3rd line of any file.

#sed -i ' 3i repair' /etc/rc.local

D: Below command will search line and make entry after that

#sed -i '/memory_limit/ a\memory_limit = 1024' /etc/php.ini

E: Below command will search and replace word .

#sed -i 's/FSCKFIX=no/FSCKFIX=yes/' /etc/default/rcS

F: Below command will put # before all the line in a file

#sed -i s/^/#/ filename

G: Remove the 3rd line:
#sed '3d' fileName.txt
H: Remove the line containing the string "awk":
#sed '/awk/d' filename.txt
I: Remove the last line:
#sed '$d' filename.txt
J: Remove all empty lines:
#sed '/^$/d' filename.txt       
#sed '/./!d' filename.txt

K: Remove the line matching by a regular expression (by eliminating one containing digital
characters, at least 1 digit, located at the end of the line):
#sed '/[0-9/][0-9]*$/d' filename.txt
L: Remove the interval between lines 7 and 9:
#sed '7,9d' filename.txt 
M: The same operation as above but replacing the address with parameters:
#sed '/-Start/,/-End/d' filename.txt
N: The above examples are only changed at the display of the file (stdout1= screen).
For permanent changes to the old versions (<4) use a temporary file for GNU sed using the
"-i[suffix]":
#sed -i".bak" '3d' filename.txt
N:  Search 24 character  alfa numeric value in file and replace it 
#sed 's/[[:alnum:]]\{24\}/Nirmal/g'  filename.txt

40 important Find Commands for Administrator | Find Command Examples for Administrator


1 => To find Files Using Name in Current Directory


#find . -name nirmal.jpg

2 => To find all .jpg files using name under Directory


# find /home -name nirmal.jpg

3 => To find files using name and Ignoring Case


#find /home -iname nirmal.txt
/home/nirmal/nirmal.txt
/home/nirmal/NIRMAL.TXT

4 => To find all directories using directory name in / path.


# find / -type d -name Nirmal

5 => To find all files with 777 Permissions in directory .


# find /opt -type f -perm 0777 -print

6 => To find all files without 777 Permissions in directory.


# find / -type f ! -perm 777

7 => To find all the SGID bit files whose permissions set to 654.


# find /opt -perm 2644

8 => To find all sticky bit files with 551 Permissions in /opt


# find /opt -perm 1551

9 => To find SUID files in directory


# find /opt -perm /u=s

10 => To find SGID files in directory


# find / -perm /g+s

11 => To find Read Only Files


# find / -perm /u=r

12 => To find Executable Files


# find / -perm /a=x

13 => To find all 777 permission files and use chmod command to set permissions to 644.


# find / -type f -perm 0777 -print -exec chmod 644 {} \;

14 => To find all 777 permission directories and use chmod command to set permissions to 755.


# find / -type d -perm 777 -print -exec chmod 755 {} \;

15 => To find a single file called nirmal.jpg and remove it.


# find . -type f -name "nirmal.jpg" -exec rm -f {} \;

16 => To find and remove all mp4 files


#find . -type f -name "*.mp4" -exec rm -f {} \;

17 => To find all hidden files,


# find /opt -type f -name ".*"

18 => To find all or single file called nirmal.jpg under /opt directory of owner root.


# find / -user root -name nirmal.jpg

19 => To find all files that belongs to group nirmal under /home directory.


# find /home -group nirmal

20 => To find Last 50 Days Modified Files.


# find /opt -mtime 50

21 => To find last 50-60 Days modified files


# find /opt -mtime +50 –mtime -60

22 => To find and delete all file more then 30 days old 


find /opt -type f -mtime +30 -exec rm {} \;

23 => Find Changed Files in Last 2 Hour


# find /opt -cmin -120

24 => To find all the files which are modified in last 2 hour.


# find /opt -mmin -60

25 => To find all the files which are accessed in last 1 hour.


# find /opt -amin -60

26 => To find all 50MB files in /opt.


# find /opt -size 50M

27 => To find all the files which are greater than 50MB .


# find /opt -size +50M

28 => To find all the files which are greater than 50MB and less than 100MB.


# find /opt -size +50M -size -100M

29 => To find all greater than 100MB files and delete them using one single command.


# find /opt -size +100M -exec rm -rf {} \;

30 => To find all .mp4 files with more than 100MB and delete them using one single command.


# find / -type f -name *.mp4 -size +100M -exec rm {} \;

31 => To find empty folders with find command.


#find /opt -empty -type d

32 => To find all empty files and folders with find command.


#find /opt -depth -empty

33 => To find empty files with find command.


#find /opt -f -empty

34 => To find all directory and give permission according to your need.


#find /opt/ -type d -print0 | xargs -0 chmod 3111

35 => To find last modified file date in folder .


#find /opt/ -type f -exec stat --format '%Y :%y %n' {} \; | sort -nr | cut -d: -f2-
| head

36 => To find all .jpg file and search space in filename if found remove the space from filename.


#find /home/nirmal/ -name *.jpg -exec rename "s/ //g" {} \;

37 => To find and show which file not have space in file name.


#find /home/nirmal -type f | grep -v “ “

38 => To find and show which file have space in file name.


#find /home/nirmal -type f | grep “ “

39 => To find file which have backslash in filename and remove backclash from filename .


#find /home/nirmal/ -type f -exec bash -c 'x="{}" y=$(sed "s/[\]//g" <<< "$x") && mv -v "$x" "$y"' \;

40 => To find folder which have backslash in folder name and remove backclash from folder name .


#find /home/nirmal/ -type d -exec bash -c 'x="{}" y=$(sed "s/[\]//g" <<< "$x") && mv -v "$x" "$y"' \;

41 => To search for files created on a specific date


#find /opt/lampp/htdocs/ -type f -newermt 2014-11-07 ! -newermt 2014-11-08

Step by Step Configuration of HAProxy on CentOS/RHEL 5/6

* HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones.






Step 1: Setup Yum Repository :

=> CentOS/RHEL 5 users required to add EPEL repository in order to install HAProxy packages. For CentOS 6 HAProxy packages are available under base repository, So there are no need to add any repository for them.

On CentOS/RHEL 5:

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Step 2: Install HAProxy : Install HAProxy package using yum command line interface.

# yum install haproxy

Step 3: Configure HAProxy

# vim /etc/haproxy/haproxy.cf

global
log 127.0.0.1 local0
log 127.0.0.1 local1 debug
maxconn 45000 # Total Max Connections. This is dependent on ulimit
daemon
nbproc 1 # Number of processing cores. Dual Dual-core Opteron is 4 cores for example.
defaults
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s

# [HTTP Site Configuration]
listen http_web 192.168.10.10:80 #change IP according to your loadbalancer IP
mode http
balance roundrobin # Load Balancing algorithm
option httpchk
option forwardfor
server server1 192.168.10.100:80 weight 1 maxconn 512 check #change webserver 1 IP
server server2 192.168.10.101:80 weight 1 maxconn 512 check #change webserver 2 IP


# [HTTPS Site Configuration] Use this setting also if you have https configured on your server
listen https_web 192.168.10.10:443 #change IP according to your loadbalancer IP
mode tcp
balance source# Load Balancing algorithm
reqadd X-Forwarded-Proto:\ http
server server1 192.168.10.100:443 weight 1 maxconn 512 check
server server2 192.168.10.101:443 weight 1 maxconn 512 check

Step 4: Start HAProxy Service : Restart your haproxy server

# service haproxy start
# chkconfig haproxy on

Now Haproxy configured successfully enjoy it .

Note : if you want to add more webserver in backend simply add the server as you need to add
you can add N number of Web Server's

server server3 192.168.10.100:80 weight 1 maxconn 512 check #change webserver 1 IP
server server4 192.168.10.100:80 weight 1 maxconn 512 check #change webserver 1 IP
server server5 192.168.10.100:80 weight 1 maxconn 512 check #change webserver 1 IP

Understanding "server server5 192.168.10.100:80 weight 1 maxconn 512 check"
server => Predifine variable to add Web Server
server5 => You can use any name on this place (basically it's indicate the hostname of Server"
192.168.10.100:80 => IP Address of backen web server : port number of web server
maxconn => Maxmimum connection
check => To check server is alive or not before sending the load on server .

Linux server hardening | Secure Linux Servers

 Linux server hardening is the process of securing a Linux server by reducing its attack surface and mitigating security risks. The goal is ...