Swatch To Monitor Security Logs

Install the package with YUM = yum install swatch

 Then create a swatch configuration file called
/etc/swatchrc  containing the following:

vi  /etc/swatchrc

# Bad login attempts
watchfor   /Failed password for/
        exec "/usr/local/nix/scripts/bad_user $1 $2 $3 \

$4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15" 

:wq!

Then create The Script with the following

vi /usr/local/nix/scripts/bad_user
 

#! /bin/bash
#
IP=`echo $* | sed 's/^.* from //' | awk '{print $1}' | sed 's/::ffff://'`
ATTEMPTS=`grep $IP /var/log/secure | grep "Failed password for"  | wc -l`

if [ $ATTEMPTS -gt 2 ]
then
 route add $IP lo
 MINUTES=`expr $ATTEMPTS - 2`
 echo "route del $IP lo 2> /dev/null" | at now +$MINUTES \

minutes 2>&1 > /tmp/.bad_user.$$
 (hostname ; echo $* ; echo "IP=$IP" ; echo "ATTEMPTS=$ATTEMPTS" ; 
  echo "Blocking for $MINUTES minutes" ; 
  cat /tmp/.bad_user.$$ ) | Mail -s "bad user" Admin
fi

rm -f /tmp/.bad_user.$$ 

:wq!

Then start the swatch 

swatch --config-file=/etc/swatchrc --tail-file=/var/log/secure  \

--awk-field-syntax --tail-args "-F" & 

SMS gateway In Fedora 13

Packages

gnokii-devel.i686 : Gnokii development files
gnokii-smsd.i686 : Gnokii SMS daemon
gnokii-smsd-mysql.i686 : MySQL support for Gnokii SMS daemon
gnokii-smsd-pgsql.i686 : PostgreSQL support for Gnokii SMS daemon
gnokii.i686 : Linux/Unix tool suite for various mobile phones
libopensync-plugin-gnokii.i686 : Gnokii plugin for libopensync
xgnokii.i686 : Graphical Linux/Unix tool suite for various mobile phones

#######################################
Install the packages with the yum command

#################################


After Installing create a file .gnokiirc

vi /root/.gnokiirc
[global]

port = /dev/ttyACM0
# With Linux-IrDA you will want to use
# model = symbian
model = AT
initlength = default
connection = serial
use_locking = no

serial_baudrate = 19200
smsc_timeout = 10

[xgnokii]
allow_breakage = 0

[gnokiid]
bindir = /usr/sbin/

# Handy for use for $VAR substitutions in your chat(8) script.
[connect_script]
TELEPHONE = 12345678
[disconnect_script]



[logging]

# where to log the debug output (on: stderr, off: /dev/null)
debug = off

# where to log the rlp debug output (on: stderr, off: /dev/null)
rlpdebug = off

# where to log X debug output (on: stderr, off: /dev/null)
xdebug = off

:wq!

Save it ... this configuration will work with most Nokia handsets and it is been tested with Nokia X-05 and Micromax Q3+ ... Successfully working in both...

#############################

After saving the file execute the command 'gnokii --identify' and make sure system is identifies the device .
 you will get the similar output like this;
GNOKII Version 0.6.28
IMEI         : **********
Manufacturer : Nokia
Model        : Nokia X5-01
Product name : Nokia X5-01
Revision     : V ICPR82_10w18.7.7
###################################
To send a test message

echo “Test” | /usr/bin/gnokii --sendsms +91phonenumber -r

#######################################
Now gnokii With Mysql ...

[root@nix ~]# rpm -ql gnokii-smsd-mysql-0.6.28-1.fc12.i686
/usr/lib/smsd/libsmsd_mysql.so
/usr/share/doc/gnokii-smsd-mysql-0.6.28
/usr/share/doc/gnokii-smsd-mysql-0.6.28/sms.tables.mysql.sql

Create tha database and table with the following

[root@nix ~]#mysql -p < /usr/share/doc/gnokii-smsd-mysql-0.6.28/sms.tables.mysql.sql

######

To send a message from mysq
Logind to mysql
mysql -p
use smsd;
insert into outbox (number,text) values ('+91phone_number','Hi');
\q
***********************************************************************************
***********************************************************************************

Use Gmail Account To Relay Email From a Shell Prompt

yum install ssmtp

vi /etc/ssmtp/ssmtp.conf

AuthUser=username@gmail.com
AuthPass=Your-Gmail-Password
FromLineOverride=YES
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES

:wq!

make sure sendmail is disabled

# service sendmail stop

# chkconfig sendmail off

# mkdir /bakup

# mv /usr/sbin/sendmail /bakup

#  ln -s /usr/sbin/ssmtp /usr/sbin/sendmail

  echo "This is a test" | mail -s "Test" user@domain.com

#######################################################


to get alerts when root logins

add the followings in .bash_profiles in the root home

vi .bash_profile

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" user@domain.com


:wq! 

Load balance your application in Tomcat

1.Installing Tomcat
2.Installing Apache HTTP Server
3.setting up multiple instances of Tomcat
4.setting up Apache HTTP server


Tomcat 5.5

Download Site: http://tomcat.apache.org/download-55.cgi
Apache HTTP Server 2.0

Download Site: http://httpd.apache.org/download.cgi
Mod JK (Tomcat connector) 1.2.27

Download Site: http://tomcat.apache.org/download-connectors.cgi


I have tested in fedora 13 with default httpd .


Tomcat 5.5 Installation



Extract the Tomcat zip file. Hereafter, the directory you extracted to will be referred to as /INSTANCE1


Test Tomcat to see that it works. Go to /INSTANCE1/bin and run startup.sh. You may need to add an environment variable called JAVA_HOME, CATALINA_HOME which is set to /INSTANCE1 in case Tomcat fails to start.


Open up your browser and access http://localhost:8080/. If you see the default page, then Tomcat Instance 1 is working fine. Shut down Tomcat.

Setting up multiple Tomcat instances


Make a dir called /INSTANCE2

cp -r /INSTANCE1/* /INSTANCE2/

Open up /INSTANCE2/conf/server.xml in a text editor. We’ve got to change the port numbers so that they don’t conflict with the first instance.

In /INSTANCE1

8005” shutdown=”SHUTDOWN”>
8080” maxHttpHeaderSize=”8192″…
8009” enableLookups=”false” redirectPort=”8443” protocol=”AJP/1.3″ />
!!!!!!!!!!!!!!!
In /INSTANCE2

9005” shutdown=”SHUTDOWN”>
9090” maxHttpHeaderSize=”8192″…
9009” enableLookups=”false” redirectPort=”9443” protocol=”AJP/1.3″ />

!!!!!!!!!!!!!!!!!!!!!!!!!!!
Now stop the first instance of Tomcat and start the second instance. This is to verify the second is starting up and running.

Access http://localhost:9090 in your browser. If you see the default page, then Tomcat Instance 2 is working fine. Shut down Tomcat.

Till now we ran Tomcat instances individually. Now start both the instances using their startup.sh respectively.

Once both started with out any problem, open up two browser clients and enter http://localhost:8080/ and http://localhost:9090. If you see the default page, in both the browser clients then both Tomcat Instance1 and Instance 2 are working fine with out any conflicts.
 
Setting up Apache HTTP Server for load balance

First, download the correct binary for your architecture and install it:

wget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.23/mod_jk-1.2.23-apache-2.2.x-linux-i686.so

chmod +x mod_jk-1.2.23-apache-2.2.x-linux-i686.so

cp -r mod_jk-1.2.23-apache-2.2.x-linux-i686.so /etc/httpd/modules/mod_jk.so
##############################################
vi /etc/httpd/conf/worker.properties
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# The advanced router LB worker
workers.tomcat_home=/INSTANCE1
workers.java_home=JAVA_HOME
worker.list=balancer

# Define a worker using ajp13
# Mention the AJP connector port defined in Tomcat server.xml
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.lbfactor=1

# Define another worker using ajp13
# Mention the AJP connector port defined in Tomcat server.xml
worker.worker2.port=9009
worker.worker2.host=localhost
worker.worker2.type=ajp13
worker.worker2.lbfactor=1

worker.balancer.type=lb
worker.balancer.balance_workers=worker1,worker2
worker.balancer.method=B

# Add the status worker to the worker list
worker.list=jkstatus
# Define a ‘jkstatus’ worker using status
worker.jkstatus.type=statu
!!!!!!!!!!!!!!!!!!!!!!
:wq!
#############################
vi /etc/httpd/conf.d/mod_jk.conf
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
LoadModule jk_module modules/mod_jk.so

JkWorkersFile /etc/httpd/conf/workers.properties

JkShmFile /var/log/httpd/mod_jk.shm

JkLogFile /var/log/httpd/mod_jk.log

JkLogLevel info

JkMount /* balancer

JkMount /jkmanager/* jkstatus
:wq!
#######################
Create a test folder under the webapp folder on INSTANCE2
under that create a file index.jsp
 vi index.jsp
Hello, I am a jsp script!
:wq!



Restart httpd and open the link http://localhost/test/

Simple http load balancing with Apache.

 Since version 2.2 the Apache web server ships a load balancer module called mod_proxy_balancer. All you need to do is to enable this module and the modules mod_proxy and mod_proxy_http:

vi /etc/httpd/conf/httpd.conf

LoadModule proxy_module mod_proxy.so
LoadModule proxy_http_module mod_proxy_http.so
LoadModule proxy_balancer_module mod_proxy_balancer.so

:wq!

Please don't forget to load mod_proxy_http, because you wouldn't get any error messages if it's not loaded. The balancer just won't work.

Because mod_proxy makes Apache become an (open) proxy server, and open proxy servers are dangerous both to your network and to the Internet at large, I completely disable this feature: 

vi /etc/httpd/conf/httpd.conf
 

ProxyRequests Off

Order deny,allow
Deny from all

:wq!


The load balancer doesn't need this feature at all.

now create a index.html file on all servers



And here's the actual load balancer configuration:
############################

vi /etc/httpd/conf/httpd.conf

{Proxy balancer://clusterABCD}
BalancerMember http://serverA
BalancerMember http://serverB
BalancerMember http://serverC
BalancerMember http://serverD
Order allow,deny
Allow from all
{/Proxy}
ProxyPass / balancer://clusterABCD/

:wq!
/etc/init.d/httpd restart

The {Proxy}...{/Proxy} container defines which backend servers belong to my balancer. I chose the name clusterABCD for this server group, but you are free to choose any name you want.
And the ProxyPass directive instructs the Apache to forward all incoming requests to this group of backend servers.

Websvn How to on fedora

Install the packages with yum

  yum install websvn.noarch
  yum install subversion

Create a directory
mkdir -p /srv/svn

svnadmin create --fs-type fsfs /srv/svn/nix


Now open the conf file [vi /etc/websvn/config.php]
and add the following

$config->parentPath('/srv/svn/');


$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";

#################

Then save it and restart httpd and open the url

http://urip/websvn

now you can see the repo nix ..................

To change Windows 7 Product Key From Command line.

1. Click on the Start Button and type: CMD (into the 'Search programs and files' field in the Start Menu)
2. The Start Menu will show 'CMD.exe', 
3. Right-click the CMD.exe file and select Run as administrator.
4. In the CMD window, type: slmgr.vbs -ipk {product key}
5. To activate windows after changing the key, type: slmgr.vbs -ato

Mysql & php test page

mysql_connect("localhost", "user", "userpass") or die(mysql_error());
echo "Connected to MySQL
";
mysql_select_db("test") or die(mysql_error());
echo "Connected to Database";
?>

Apache Access Control with User/Password protected directories with MYSQL

 add the following to httpd.conf file 

     AuthType Basic
     AuthName " protected directories "
     AuthMySQLHost localhost
     AuthMySQLUser root
     AuthMySQLPassword  dbpassword
     AuthMySQLDB http_auth
     AuthMysqlUserTable  user_auth
     AuthMySQLNameField user_name
     AuthMySQLPasswordField user_passwd
     AuthMySQLNoPasswd Off
     AuthMySQLPwEncryption crypt
     AuthMySQLPwEncryption none
     AuthMySQLEnable on
     require valid-user
    

MYSQL
* mysql -h localhost -u root -ppassword
    * mysql> create database http_auth;
* mysql> use  http_auth;
    * mysql> create table user_auth ( user_name char(30) NOT NULL,user_passwd char(60) NOT NULL,user_group char(25),primary key (user_name) );
    * mysql> insert into user_auth values('Nikhil','supersecret','Admin');
and restart apache .....
 mod_auth_mysql*.*rpm need to be installed
And make sure this line is included in the conf file httpd.conf
LoadModule mysql_auth_module modules/mod_auth_mysql.so

permanently bypass fsck

permanently bypass fsck check on any filesystem using tune2fs command as follows:
[root@node01 ~]# tune2fs -i 0 /dev/VolGroup00/LogVol00
tune2fs 1.39 (29-May-2006)
Setting interval between checks to 0 seconds
[root@node01 ~]#

Deploying LifeRay in Linux Machine From Running Windows

The key to porting Liferay from windows to linux w/ mysql is setting the mysql case sensitivity setting to 1 on the linux mysql server.

1. Backup your windows schema
2. Add the following line to your my.conf file in linux: lower_case_table_names=1 (this is added below [mysql] and/or [mysqld])
3. Start mysql
4. Do restore

All should be well after that.

High Availability Cluster On CentOS (Heartbeat)

Pre-Configuration Requirements
##################################
Assign hostname node01 to primary node with IP address 192.168.10.50
Assign hostname node02 to slave node with IP address 192.168.10.51
Assume 192.168.10.52 is the virtual IP address that will be used for our Apache webserver.


Install Heartbeat 
yum install heartbeat-devel
######################################
Now we have to configure heartbeat on node01 and node02
Main files
1, authkeys
2, ha.cf
3, haresources
Just copy all the files from
cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/
Configure heartbeat
vi /etc/ha.d/authkeys
Then add the following lines
auth 2
2 sha1  test-ha
change the permission
chmo 600 /etc/ha.d/authkeys
vi /etc/ha.d/ha.cf
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02
:wq!
#######################
vi /etc/ha.d/haresources
Then add the following
node01 192.168.10.52 httpd
:wq!
Copy the /etc/ha.d/ directory from node01 to node02 with scp
scp -r /etc/ha.d/*  node02:/etc/ha.d/
#################################
Now edit httpd.conf
vi /etc/httpd/conf/httpd.conf
add this line
Listen 192.168.10.52:80
:wq!
scp httpd.conf node02:/etc/httpd/conf/
now create some test html file on both slave and master
start heartbeat on both system
/etc/init.d/heartbeat start
and then open browser and type http://192.168.10.52/
will b able to see node01 test page
and stop heartbeat on node01 and  refresh the browser you will be able to see node02 test page
############################################################################

Apache Tomcat On Linux

Download tomcat from http://tomcat.apache.org/
Before we begin, we will need to have a Java installed
[nikhil@bom ~]$ which java
/usr/java/jdk1.5.0_11/bin/java
[nikhil@bom ~]$ cat .bashrc
# .bashrc

# User specific aliases and functions

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

PATH=/usr/java/jdk1.5.0_11/bin/:$PATH;export PATH
export JAVA_HOME=/usr/java/jdk1.5.0_11

[nikhil@bom ~]$ mkdir /tomcat
[nikhil@bom ~]$ mkdir /Dowmloads
[nikhil@bom ~]$ mv /Downlods/jakarta-tomcat-Xxxx.tar.gx /opt/tomcat
[nikhil@bom ~]$ tar -xvzf jakarta-tomcat-Xxxxtar.rg
[nikhil@bom ~]$ rm -rf jakarta-tomcat-Xxxxtar.rg
[nikhil@bom ~]$ mv jakarta-tomcat/* .
[nikhil@bom ~]$ rm -rf jakarta-tomcat
Now login to root user and create a user called "tomcat"
[nikhil@bom ~]$ sudo su -
Password:
[nikhil@bom ~]$ sudo su -
Password:
[root@bom ~]# groupadd tomcat
[root@bom ~]# useradd -g tomcat -d /opt/tomcat tomcat
[root@bom ~]# passwd tomcat
[root@bom ~]# chown -R tomcat:tomcat /opt/tomcat
Switch to tomcat user
[root@bom ~]# su - tomcat
Now try to start tomcat with tomcat user
Make sure Java path is correct
[tomcat@bom ~]$ cat .bashrc
# .bashrc

# User specific aliases and functions

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

PATH=/usr/java/jdk1.5.0_11/bin/:$PATH;export PATH
export JAVA_HOME=/usr/java/jdk1.5.0_1
xport CATALINA_HOME=/opt/tomcat
[tomcat@bom ~]#sh /opt/tomcat/bin/startup.sh
[tomcat@bom ~]#sh /opt/tomcat/bin/shutdown.sh
###################################################################################
Administering Tomcat
* Server Status application
* Tomcat Administration Tool
* Tomcat Manager
Tomcat Administrator Role admin This is a built-in role.
Tomcat Manager Role manager This is a built-in role.
Tomcat Administrator Username TomcatAdmin
Tomcat Administrator Password passwd
Open with vi $CATALINA_HOME/conf/tomcat-users.xml
tomcat-users>
role rolename="tomcat"/>
role rolename="role1"/>
role rolename="manager"/>
role rolename="admin"/>
user username="tomcat" password="tomcat" roles="tomcat"/>
user username="both" password="tomcat" roles="tomcat,role1"/>
user username="role1" password="tomcat" roles="role1"/>
user username="TomcatAdmin" password="passwd" roles="admin,manager"/>
tomcat-users>
Save the file, start Tomcat and open a browserYou should be able to access the Administartion Tool web application by clicking on the "Tomcat Administration" link on the left sidebar, make sure u have extracted admin tool also to ur $CATALINA_HOME

kills all pids matching the search word of "PROCESS".

ps -ef | awk '/PROCESS/ && !/awk/ {print $2}' | xargs -r kill -9

desktop Icons to have no text

No Text Icons

If you would like your desktop Icons to have no text underneath then try this tweak:

Right click the icon and select "Rename"

Now hold the "Alt" key and type "255" and hit Enter

NOTE : It may only work with the keypad numbers and not the number keys on top of the keyboard.