Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Friday, September 5, 2014

What is Proxy Server and How it works ?

September 05, 2014
What is Proxy Server and How it works ?
Proxy Server

###Squid Proxy Server###
 Features:
  1. Caching server
  2. Filters access to the Net
  3. Efficient bandwidth usage
  4. Supports a wide criteria of ACLs (dstdomain, src_IP, Time of day, etc.)

Tasks:
 1. Install Squid Proxy server
  a. yum -y install squid

/etc/squid - primary configuration container
/etc/squid/squid.conf - primary configuration file
/usr/sbin/squidclient - used to test Squid Proxy server
/var/log/squid - primary log directory
/var/spool/squid - cache directory containter

 2. Start Squid, and ensure that it starts when the system reboots
  a. service squid start
  b. chkconfig --level 35 squid on

Note: Ensure that ample/fast disk storage is available for: /var/spool/squid
Note: Squid defaults to TCP:3128 

 3. Configure Firefox browser to use Squid Proxy server
 
 4. Configure Squid to allow LAN access through, to resources
  a. nano /etc/squid/squid.conf
  b. acl lan_users src 192.168.75.0/24
  c. http_access allow lan_users

 5. Deny 192.168.75.10, but allow ALL other users from the local subnet
  a. 
acl_lan_bad_users src 192.168.75.10
http_access deny acl_lan_bad_users

Thanking You
Hope U Like it.......

Ubuntu 14.04

Linux Mint 17

Python

Nagios

Oracle Linux 7
Reset Root Password

How to Create RAID in Linux

September 05, 2014
How to Create RAID in Linux
RAID
###RAID###
Features:
 1. The ability to increase availability and reliability of data
      (originally redundant array of inexpensive disks; now commonly redundant array of independent disks)
Tasks:
 1. Create a RAID-1 Device (/dev/md0..n)
  a. fdisk /dev/sdb - to create usable raw partitions
  b. partprobe /dev/sdb - to force a kernel update of the partition layout of the      disk: /dev/sdb
  b. mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb5 /dev/sdb6
  c. cat /proc/mdstat - lists active RAID (md) information
  d. mke2fs -j /dev/md0 - overlays a file system on the RAID device
  e. mount /dev/md0 /raid1
  f. update: /etc/fstab

Note: use 'mdadm --query /dev/md0' to get information about a RAID device

Note: You may create RAID volumes/devices on a single or on multiple disks
Ideally, your RAID volumes should span multiple physical disks to improve:
 a. reliability
 b. performance
 c. availability

 2. Remove the RAID-1 device
 a. umount /dev/md0
 b. mdadm --manage --stop /dev/md0

 3. Create a RAID-5 Volume
 a. fdisk /dev/sdb - to create a partition number 7
 b. partprobe /dev/sdb - to update the kernel's view of the partition table
 c. mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb5 /dev/sdb6 /dev/sdb7
 d. watch cat /proc/mdstat - refreshes every 2 seconds
 e. Overlay a file system: mke2fs -j /dev/md0
 f. mount /dev/md0 /raid5
 g. Test I/O to RAID-5 device
 h. Update: /etc/fstab

Thanking You
Hope U Like it.....

Fedora 20 in Virtual box

Roboform in linux

Ubuntu server 12.04

Nagios 4.0.7

Oracle Linux 7
Free BSD 10

Wednesday, September 3, 2014

How to Install Repository through RPM & YUM Packages in Redhat Linux 6 Server

September 03, 2014
How to Install Repository through RPM & YUM Packages in Redhat Linux 6 Server
RPM & YUM
1. If its local repository then
Install Package createrepo ( this pacakge is present in RHEL 5 dvd in Server folder)

RPM -ivh createrepo

createrepo -v /var/ftp/pub/Server

/var/ftp/pub/Server => this is the directory where local copy of RPM packages are there

Edit the Server.repo file

# vi Server.repo
[Server]
name= redhat
baseurl=file:///var/ftp/pub/Server
[enable=1]
[gpgcheck=0]
Save the file and quit
Then,

#yum clean all
#yum update

Now you can install packages
#yum install package-name

2. If repository is present in server
-----------------------------------------------------------------------------------------------
#cd /etc/yum.repos.d
#ls
Then it will list the files. There is a file with name rhel-debuginfo.repo. Copy this file to a temp file with name Sever.repo. The starting letter of Server should be Capital.
Second step is given below

#cp rhel-debuginfo.repo Server.repo

The Third and final steps
Edit the Server.repo file

# vi Server.repo
[Server]
[name= redhat]
[baseurl=ftp://192.168.0.254/pub/Server] ( eg: IP address : 192.168.0.254 (the server IP)
[enable=1]
[gpgcheck=0]
Save the file and quit
Then,

#yum clean all
#yum update

Now you can install packages
#yum install package-name


Thanking You
Hope U Like it....

Ubuntu 14.04

Linux Mint 17

Ubuntu Root Password Reset

Lamp in Ubuntu 14.04

Redhat Linux 7 server
Gentoo Linux 12.1

How Many Types of RunLevel (INIT)

September 03, 2014
How Many Types of RunLevel (INIT)
Run Level(INIT)
 To check the run level we need to see the file /etc/inittab

#vi /etc/inittab
defaults run level used by RHS are

0    :    hault ( do not set init default to this)
1    :    single user mode
2    :    multi user mode without networking
3    :    multi-user mode with networking
4    :    unused
5    :    X11 (Graphical)
6    :    reboot

#runlevel    :    this command shows that in which run level you are at present

in init 3 runlevel, if you type command startx to go to the graphical mode then it will not ask you for password.

By default we have 6 virtual console (text mode), but we van increase or decrease the number of text mode simply by editing the file /etc/inittab

#vi /etc/inittab
line No 18    :    id:5:initdefault


Thanking You
Hope U Like it....






Fedora 20 in Virtual box

Roboform in linux

Ubuntu server 12.04

Nagios 4.0.7

Oracle Linux 7
Free BSD 10

What is Samba & How it Can Share File and Printer in Linux or Windows

September 03, 2014
What is Samba & How it Can Share File and Printer in Linux or Windows
Samba Sharing
What is Samba ?
Samba can be used to share file and printer between Linux to Linux, Linux to Ubuntu and Linux to Windows.
Daemon  :        smbd, nmbd
Port        :        167,168,169

Features:
 1. Provides Windows features (file & print) on Linux | Unix

/etc/samba/smb.conf - primary config file

Clients:
 1. findsmb - finds SMB hosts on the network
 2. smbtree - equivalent to Network Neighborhood/My Network Places (prints workgroups, hosts, and shares)
 3. smbget - similar to 'wget', in that, it will download files from the remote share
  a. smbget -u dean smb://linuxcbtwin1/mtemp/20070524_SAN_Allocations.ods

 4. smbclient - interactive (FTP-like_ utility to connect to shares - permits uploads/downloads from shares
  a. smbclient -U dean //linuxcbtwin1/mtemp
  b. mget file* - downloads file(s)
  c. mput file* - uploads file(s)


 5. smbtar - backs-up smb shares to a TAR archive
  a. smbtar -s linuxcbtwin1 -x mtemp -u dean -t backup1.tar

Samba Server:
/etc/samba/smb.conf - primary config file

SWAT manages /etc/samba/smb.conf

Samba Server Modes:
 1. User
  a. One Samba-defined user is required per Linux user
  b. Authentication of users is handled by Samba server
 2. Server/Domain (PDC/BDC)
  a. Authentication is handled by the Windows NT/2K/2K3/2K8 server
  b. Still requires a local Samba-defined user accounts database
 3. ADS - Active Directory
  a. Authentication is handled by Active Directory
  b. When used with Winbind, locally-defined Samba users are NOT required

Note: Ultimately, users must authenticate to the local Linux file system

Task:
 1. Install SWAT
  a. yum -y install samba-swat
  b. nano /etc/xinetd.d/swat - set 'disable = no'
  c. service xinetd restart
  d. netstat -ntl | grep 901


/etc/samba/smbpasswd maps Windows users to /etc/passwd

 2. Install rdesktop and connect to Windows XP to test connectivity to Samba
  a. yum -y install rdesktop

Winbind:
 Features:
  1. Windows AD integration
  2. Avoids having to define users in 2 places: Windows, Linux
  3. Uses Kerberos for authentication

Requirements:
 1. krb5-* packages
 2. Properly configured Kerberos environment:
  a. /etc/krb5.conf

[libdefaults]
    default_realm = AD2.LINUXCBT.INTERNAL

[realms]
    AD2.LINUXCBT.INTERNAL = {
        kdc = linuxcbtwin3.ad2.linuxcbt.internal
        admin_server = linuxcbtwin3
    }

[domain_realm]
    .linuxcbtwin3.ad2.linuxbt.internal = AD2.LINUXCBT.INTERNAL


Steps:
 1. Update: /etc/krb5.conf
 2. Update Samba configuration to use ADS authentication
 3. Update Samba server's DNS to point to ADS server
  a. /etc/resolv.conf
  b. /etc/hosts - including a pointer to the ADS server (linuxcbtwin3)

 4. Join AD domain:
  a. 'net ads join -U administrator'
 5. Confirm AD membership using: 'Active Directory Users & Computers' Tool

 6. Setup Winbind to authenticate using ADS:
  a. /etc/pam.d/system-auth - account & auth settings
  auth sufficient /lib/security/pam_winbind.so - place before 'pam_unix.so'
  account sufficient /lib/security/pam_winbind.so

  b. /etc/nsswitch.conf
   passwd: files winbind
   group: files winbind

  c. Configure 'idmap' 'uid & gid' mappings - 10000 - 20000
   Use SWAT to update idmap settings for 'uid & gid'
Note: If you want ADS users to be able to logon to your Samba-Winbind Linux box using SSH, Telnet, mingetty, etc., change the 'Template Shell' directive to a valid shell. i.e. /bin/bash

  d. Create 'Template homedir' %D (Domain) directory beneath '/home'
   mkdir /home/LINUXGENIUS

 7. Test Winbind Integration using: wbinfo
  a. wbinfo -u - this enumerates users in AD
  b. wbinfo -g - this enumerates groups in AD
  c. ssh into LINUXCBTSERV1 (Winbind) as ADS user


Task1:
 1. Authenticate using ADS, as 'administrator' from Windows box
 2. Create a user named 'linuxcbt' in AD
 3. Create shared directory on the Samba box, and provide access (Share it)


Thanking You
Hope U Like it....

Ubuntu 14.04

Linux Mint 17

Ubuntu Root Password Reset

Lamp in Ubuntu 14.04

Redhat Linux 7 server
Gentoo Linux 12.1

What is SELinux and How to Setup in Linux

September 03, 2014
What is SELinux and How to Setup in Linux
SELinux, Iptables

###SELinux Intro###
 Features:
  1. Restricts access by subjects (users and/or processes) to objects (files)
  2. Provides Mandatory Access Controls (MACs)
  3. MACs extend Discretionary Access Controls (DACs(Standard Linux Permissions))
  4. Stores MAC permissions in extended attributes of file systems
  5. SELinux provides a way to separate: users, processes (subjects), and objects, via labeling, and monitors/controls their interaction
  6. SELinux is integrated into the Linux kernel
  7. Implements sandboxes for subjects and objects
  8. Default RH5 implementation creates sandboxes (domains) for 'targeted' daemons and one sandbox (unconfined_t) for everything else
  9. SELinux is implemented/enabled by RH5, by default
 10. Operates in the following modes:
   a. Permissive - permission is always granted, but denials are logged in: /var/log/messages
   b. Enforcing - strictly enforces 'targeted' policy rules
   c. Disabled - Only DACs are applied
  11. Operating modes can be applied upon startup or while the system is running

SELinux Config files & Tools:
 1. sestatus - displays current SELinux status, including:
  a. policy name 'targeted'
  b. policy version '21'
  c. Operating mode: 'enforcing|permissive|disabled'

 2. /etc/sysconfig/selinux - primary startup|config file for SELinux
 3. /etc/selinux/targeted - top-level container for the 'targeted' policy
 4. setenforce = 0(permissive) 1(enforcing)
 5. '-Z' can be applied to the following tools to obtain SELinux context info:
  a. mv, cp, ls, ps, id
 6. chcon -R -t type file - applies SELinux label to file/directory

Tasks:
 1. Disable SELinux upon boot-up on LINUXCBTSERV4
  a. nano /etc/grub.conf
   a1. Update 'kernel' line to reflect: selinux=0

Note: If files(objects) lose their SELinux context, there are multiple ways to relabel them:
 1. 'touch /.autorelabel && reboot' - init will relable the system according to the 'targeted' policy
 2. 'fixfiles' - use to relabel objects (files) while the system is running

Note: List of daemons protected by the 'targeted' SELinux policy:
 1. apache(httpd)
 2. dchpd
 3. ntpd
 4. named
 5. syslogd
 6. squid
 7. snmpd
 8. portmap
 9. nscd
10. winbind

Note: The 'targeted' policy assigns ALL other subjects and objects to the 'unconfined_t' domain

Note: The default SELinux 'targeted' policy, using MACs, binds subject domains: i.e. 'httpd_t' to object types: i.e. 'httpd_config_t'

Note: SELinux MACs compound Linux DACs


Thanking You
Hope U Like it.......


Reset Root Password in linux

Linux Mint 17

pendrive bootable for ubuntu

Nagios 4.0.7

Oracle Linux 7
Fedora 20

How to Setup SymLinks(Soft & Hard Links) in Redhat Linux Server

September 03, 2014
How to Setup SymLinks(Soft & Hard Links) in Redhat Linux Server
SymLinks in Hard & Soft
###Symlinks###
Features:
 1. Provides shortcuts to files (including directories)
 2. Provides hard links to inode (file system) locations

Soft Links:-
 1. ln -s source_file target
  a. ln -s ./regextest.pl lastscript.pl

Note: Soft links may span multiple file systems/hard drives
Note: Symlink count is NOT increased when using soft links

 2.  ln -s /home/linuxcbt/testRH5/regextest.pl . - this will symlink (soft) to the /boot file system

Note: With soft links, if you change the name or location of the source file, you will break ALL of the symlinks (soft).

Hard Links:-
 Features:
  1. The ability to reference the same inode/hard drive location from multiple   places within the same file system
   a. ln source target
      ln regextest.pl ./testhardregextest.pl - creates a hard link


Thanking You
Hope U Like it....

Oracle Linux 7

Fedora 20 in Virtual box

Nagios 4.0.7

Roboform in linux

Ubuntu server 12.04
Zimbra Desktop 7