Archive for the ‘Linux’ Category

How to setup FTP Server for multiple users on Linux

.

Hi again

sorry for late in posting. be honest to you I am too busy to write and most of the times i miss what exactly I suppose to do here.I do apologize and I promise you to do all my best about being more serious  in writing here.

there are many open source FTPd  packages are available for Linux. the best one is proftpd due to its wide options which can help any network administrator to have an ability to control his/her servers. but really it has many options and I believe that for having a simple FTP server these options may be useless. but I will write about how to set up it in the future since many of System Administrator prefer to work with it. There is another package which is easy to install in addition of many options and features it has.And that is vsftpd. I want to tell you how can you install and configure it.

the first step is installing it on your Linux.

aptitude install vsftpd

ok its easy to do. but you have few another step to configure your ftp server.

Note: by default this package allows to the clients login with anonymous account. So if you dont want to let the users connect to your ftp-server anonymously, you should either change the path or disabling account.

you can have an access to your ftp server configuration file probably in this path :

vim /etc/vsftpd/vsftpd.conf

then for changing the anonymous login root directory find the below option anc set your prefered directory.

anon_root=/data/directory

Or for disabling anonymous access feature from your service just change the below line in your configuration file to no.

anonymous_enable=YES

now for enabling local users to have an access to the ftp server you should enable the following line.
local_enable=YES

as I remember it should be enabled by default. just check it.

your ftp is simply working and everyone in your Linux automatically can connect to the ftp server and have an access to their home folder . but if you want to give them another folder just you can add them with an extra option.

useradd -d /home/ftp-docs user1

then you should give a permission to that user for the folder. it can be run by chown or chmod.

Thats it. I think this is the simplest way of installing and configuring FTP server for Multiple user so that each one has different root folder. it can be useful if you have virtual directories in your web server and want to set each directory to the specific user. perhaps its useful. but I highly recommend you to wait for me becuase I will write about proftpd and its options.

and eventually if you have any question please do not hesitate to ask me by email. I receive many mails each days and I try to reply them. but honestly it gives a time. :)

Regards

How to enable squid authentication with htpasswd

.

Hi again

if you decided to have a squid web proxy which has authentication system. the simplest way is that creating an file and save the usernames and password in it. you can just create the file by touch command.

then change its permission and owner in way that squid has an permision to read it.

after all just add the following configuration file into your squid.conf file.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
acl ncsa_users1 urlpath_regex kasper
http_access allow ncsa_users
http_access allow ncsa_users1

then for creating a new password just use the following command.

htpasswd /etc/squid/passwd user1

thats it. I will pu some configuration about the other methods of squid configuration later. but if you have any question about this do not hesitate to contact me.

Regards

refrences : http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html

How to trace your DNS queries

.

Hi again

In this blog I just to introduce you with very useful command to trace the dns queries. as you know the DNS queries has two main categories which are Iterative and Recursive. sometimes in your network you will be faced with the DNS records problem. for Iterative queries ( having delegation in your dns zones to other dns servers)  the best way that you can understand which DNS server is causing the error is “dig” command. it can be installed on both Windows and Linux OSes. it has many options that I am really interested to tell you what are they but unfortunately time is little.

the command you should use is :

dig @your Caching Only Name Server or Iterative Dns Query Server IP Address +trace www.mehdibehamin.com

I am always waiting for your question about the DNS.

Reference : The dig manual

Regards

How to install opennms in Debian

.

Hi again

For installing the opennms in your Debian Server you should add the opennms repository in your aptitude configuration file.

vim /etc/apt/source.list

add the following lines in to you file.

deb http://debian.opennms.org stable main
deb-src http://debian.opennms.org stable main

then update your aptitude.

aptitude update

and after that you should install the opennms

aptitude install opennms postgresql-client-8.3

after that you shoud set password for you postgresql .therefore first login as root. and then

# su postgres
# psql -d template1
template1=# ALTER USER postgres WITH PASSWORD ‘${POSTGRESQL_POSTGRES_PASSWORD}’;

now press exit to come back in to you root profiles.

after that you should configure your database information for the opennms database connection configuration.

vim /usr/share/opennms/etc/opennms-datasources.xml

now change the user and password in following lines.

<?xml version=”1.0″ encoding=”UTF-8″?>
<datasource-configuration xmlns:this=”http://xmlns.opennms.org/xsd/config/opennms-datasources”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://xmlns.opennms.org/xsd/config/opennms-datasources
http://www.opennms.org/xsd/config/opennms-datasources.xsd “>
<jdbc-data-source name=”opennms”
database-name=”opennms”
class-name=”org.postgresql.Driver”
url=”jdbc:postgresql://localhost:5432/opennms”
user-name=”opennms”
password=”opennms” />

<jdbc-data-source name=”opennms-admin”
database-name=”template1″
class-name=”org.postgresql.Driver”
url=”jdbc:postgresql://localhost:5432/template1″
user-name=”postgres”
password=”yourpassword” />

</datasource-configuration>

now you can start the installation of the open/usr/share/opennms/bin/install -dis

/usr/share/opennms/bin/install -dis

Thats it. your opennms server now is intalled.

Note that during the installation of opennms will asks you to install the java. press yes to continue;

if you have any question do not hesitate to contact me. and I will appreciate you to send me by the mail :)

regards

references : http://www.foogazi.com/2008/03/23/quickzi-how-to-change-postgresql-root-password/

http://www.cs.umd.edu/faq/postgres.html

How to create a self-signed SSL Certificate

.
Hi again

For installing the apache with https support you should have a Certificate Authority Server to sign you. by using this you can publish your web content encrypted by RSA algorithm through the port 443. but many times the company prefer to publish its own certificate. (for instant the local companies with the privates accesses) therefore you should able to make a way to sign you SSL certificate by your own server.

Since my favorite Linux Distribution is Debian I will give you the the commands in that. However most of the distributions works in similar way.

First install the Openssl package in your server when you installing the apache with aptitude command.

Then Generate the Private key of your system

openssl genrsa -des3 -out server.key 1024

now you should generate your Certificate Signing Request (CSR) file by following command

openssl req -new -key server.key -out server.csr

by returning above command the console will asks you about the country , region , company name etc. but you can simply predefined these configurations in /etc/ssl/openssl.cnf file.

not its time to remove Passphrase from Key


cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

the next step is Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

now simply copy your files into the /etc/apache2/ssl directory. if not exist simply create ssl Directory in your apache root.

cp server.crt /etc/apache2/ssl/ssl.crt
cp server.key /etc/apache2/ssl/ssl.key

The final task you should do to obtain the apache server with https support is that tel the apache where is your Certificates. perhaps you should create a file in your apache site-available directory and change your port into 443. after that you should address the Certificate file in your virtual host configurations.

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

thats it . just restart your server :) if you need any further assistance to run the apache with ssl support do not hesitate to contact me.

reference : http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

Squid Configuration Sample

.

Hi again

many of friends asked me to publish a sample useful squid configuration.  now I decided to post a weblog regarding the squid configurations. I prefer to say that there are some points which helps you to install a web-cache server for you local network .

1- First I want to mention that two partition have more speed regarding the Reed/Write comparing to one. and two disk have more speed comparing one disk. therefore try to install you cache partition in order to save your cache content in two Disk then in four partitions.

2- The difference between ext3 and ex2 is only journaling. therefore to increase your speed for your cache content partitions use ex2 since the recovery of the information is less important to R/W speed.

3- Use proper swap. maximum swap size for your linux is 2Gb and setting more than it, will not used.

4- Always try to install a cache only name server in the same machine of your cache server.

5- For having an improvement in your disk I/O always your the diskd feature for your squid proxy server. in some cases you should recompile the squid to enable this feature.

now I will explain how to install the simple squid server on the debian. First install the squid with aptitude install squid .

after try to chown the cache content partitions to the proxy user.

and then re-write these configuration for your cache.

#        Descriptin:      Mehdi Behamin co.   #

http_port  3128 transparent
################################
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy  on
#httpd_accel_uses_host_header on
################################
cache_mem 10 MB
cache_swap_low  90
cache_swap_high 95

cache_dir diskd /cache 5000 32 128 Q1=72 Q2=64
#cache_dir diskd /cache2 15000 32 128 Q1=72 Q2=64
#cache_dir diskd /cache3 15000 32 128 Q1=72 Q2=64
#cache_dir diskd /cache4 15000 32 128 Q1=72 Q2=64
#store_dir_select_algorithm round-robin

cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#cache_dns_program    /usr/local/squid2/bin/dnsserver
dns_nameservers 127.0.0.1
pid_filename  /var/run/squid.pid

hierarchy_stoplist  cgi-bin
hierarchy_stoplist ?
acl QUERY urlpath_regex cgi
no_cache deny QUERY

# quick abort:
# always finish if less than 10k
#    finish if more than 50%
#    always  abort  if more  tan  1024k
quick_abort_min    20 kb
quick_abort_pct    50%
quick_abort_max    1024 kb

emulate_httpd_log   off

#redirect_program   /usr/bin/squidGuard

#redirect_children 3
#refresh_pattern .       0     20%      4320

########################################################
refresh_pattern  -i        .gif$          10080    90%    43200
refresh_pattern -i       .jpg$          10080    90%     43200
refresh_pattern  -i        .bom.gov.au      30     20%      120
refresh_pattern -i       .html$           480    50%     22160
refresh_pattern  -i        .htm$            480    50%    22160
refresh_pattern  -i      .aspx$         480     50%     22160
refresh_pattern  -i      .mspx$         480     50%     22160
refresh_pattern  -i      .asp$         480     50%     22160
refresh_pattern -i       .class$        10080    90%     43200
refresh_pattern  -i        .zip$          10080    90%    43200
refresh_pattern -i       .jpeg$         10080    90%     43200
refresh_pattern  -i        .mid$          10080    90%    43200
refresh_pattern -i       .shtml$          480    50%     22160
refresh_pattern  -i        .exe$          10080    90%    43200
refresh_pattern -i       .thm$          10080    90%     43200
refresh_pattern  -i        .wav$          10080    90%    43200
refresh_pattern -i       .txt$          10080    90%     43200
refresh_pattern  -i        .cab$          10080    90%    43200
refresh_pattern -i       .au$           10080    90%     43200
refresh_pattern  -i        .mov$          10080    90%    43200
refresh_pattern -i       .xbm$          10080    90%     43200
refresh_pattern  -i        .ram$          10080    90%    43200
refresh_pattern -i       .avi$          10080    90%     43200
refresh_pattern  -i        .chtml$          480    50%    22160
refresh_pattern -i       .thb$          10080    90%     43200
refresh_pattern  -i        .dcr$          10080    90%    43200
refresh_pattern -i       .bmp$          10080    90%     43200
refresh_pattern  -i        .phtml$          480    50%    22160
refresh_pattern -i       .mpg$          10080    90%     43200
refresh_pattern  -i        .pdf$          10080    90%    43200
refresh_pattern -i       .art$          10080    90%     43200
refresh_pattern  -i        .swf$          10080    90%    43200
refresh_pattern -i       .mp3$          10080    90%     43200
refresh_pattern  -i        .ra$           10080    90%    43200
refresh_pattern -i       .spl$          10080    90%     43200

refresh_pattern -i       .spl$          10080    90%     43200
refresh_pattern  -i        .viv$          10080    90%    43200
refresh_pattern -i       .doc$          10080    90%     43200
refresh_pattern  -i        .gz$           10080    90%    43200
refresh_pattern -i       .Z$            10080    90%     43200
refresh_pattern  -i        .tgz$          10080    90%    43200
refresh_pattern -i       .tar$          10080    90%     43200
refresh_pattern  -i        .vrm$          10080    90%    43200
refresh_pattern -i       .vrml$         10080    90%     43200
refresh_pattern  -i        .aif$          10080    90%    43200
refresh_pattern -i       .aifc$         10080    90%     43200
refresh_pattern  -i        .aiff$         10080    90%    43200
refresh_pattern -i       .arj$          10080    90%     43200
refresh_pattern  -i        .c$            10080    90%    43200
refresh_pattern -i       .cpt$          10080    90%     43200
refresh_pattern  -i        .dir$          10080    90%    43200
refresh_pattern -i       .dxr$          10080    90%     43200
refresh_pattern  -i        .hqx$          10080    90%    43200
refresh_pattern -i       .jpe$          10080    90%     43200
refresh_pattern  -i        .lha$          10080    90%    43200
refresh_pattern -i       .lzh$          10080    90%     43200
refresh_pattern  -i        .midi$         10080    90%    43200
refresh_pattern -i       .movie$        10080    90%     43200
refresh_pattern  -i        .mp2$          10080    90%    43200
refresh_pattern -i       .mpe$          10080    90%     43200
refresh_pattern  -i        .mpeg$         10080    90%    43200
refresh_pattern -i       .mpga$         10080    90%     43200
refresh_pattern  -i        .pl$           10080    90%    43200
refresh_pattern -i       .ppt$          10080    90%     43200
refresh_pattern  -i        .ps$           10080    90%    43200
refresh_pattern -i       .qt$           10080    90%     43200
refresh_pattern  -i        .qtm$          10080    90%    43200
refresh_pattern -i       .ras$          10080    90%     43200
refresh_pattern  -i        .sea$          10080    90%    43200
refresh_pattern -i       .sit$          10080    90%     43200
refresh_pattern  -i        .tif$          10080    90%    43200
refresh_pattern -i       .tiff$         10080    90%     43200
refresh_pattern  -i        .snd$          10080    90%    43200
refresh_pattern -i       .wrl$          10080    90%     43200
refresh_pattern -i        ^ftp://         480      60%    22160
refresh_pattern -i       ^gopher://      30        20%     120
refresh_pattern -i        .               480      50%    22160
refresh_pattern -i       ^gopher://      30        20%     120
refresh_pattern -i        .               480      50%    22160

maximum_object_size 16384 kb
#reply_body_max_size 500 MB

#reference_age  1  month
read_timeout 30 minutes
client_lifetime 3 hours
pconn_timeout 15 seconds
request_timeout  1  minute
shutdown_lifetime 10 seconds
# positive_dns_ttl 53 seconds

ipcache_size 10240
ipcache_low  98
ipcache_high 99

#dns_children   32

cache_mgr   mbehamin@gmail.com
cachemgr_passwd   parmid   all
#cache_effective_user squid
#cache_effective_group squid

#visible_hostname none
#error_directory /tmp

minimum_direct_hops 5

log_fqdn off
#ident_lookup off

memory_pools off
forwarded_for  on
icp_hit_stale on logfile_rotate 9

store_objects_per_bucket  10
store_avg_object_size  13  kb
netdb_high 10000
netdb_low   9900
netdb_low   9900
netdb_ping_period 30 seconds

#mcast_groups nlanr.mcast.ircache.net

log_icp_queries off
#test_reachability off

debug_options ALL,1
max_open_disk_fds       55
high_memory_warning  400   mb
high_response_time_warning   2000
high_page_fault_warning 2

#authenticate_program   /usr/local/squid/bin/ncsa_auth
#/usr/local/squid/etc/passwd
#acl NCSAPasswd proxy_auth REQUIRED

strip_query_terms off

acl Manager   proto cache_object
acl all src 192.168.10.0/255.255.255.0
acl post  method  POST
acl ssl method CONNECT
acl purge method PURGE
acl BADPORTS port 7 9 11 19 22 23 25 53 110 119 513 514
# okay to remove  this  if chg.ru cleans up its act http_access allow purge
http_access deny purge
http_access allow Manager
http_access deny Manager
http_access  deny BADPORTS
http_access deny ssl
http_access allow all

thats it. but remember before restarting your squid service try to illuminate the errors by squid -k check command.

regards

Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace

.

Hi again

it is possible to see the above error in your apache web server error logs. this error mostly happens when there is some sources reconnect to itself to browse the website. by default the  10 number of internal redirects are allowed. in order to increase this number just add the following line in you virtual server configuration .

LimitInternalRecursion number

note:  before enabling this feature in your web server websites. check why your web program needs to do internal redirects.

if you face with such problem and dont know why your program act like this, do not hesitate to ask me.

regards

References : http://httpd.apache.org/docs/2.0/mod/core.html#limitinternalrecursion

How to disable route cache instead of manually flush cache

.

Hi

mostly when you are using the load balancing router in Linux. the caching system of iproute2 causes some problem. therefore you can manually flush it by “ip route flush cache” command or changing /proc/sys/net/ipv4/route/flush file into 1.  So that  type “echo 1 > /proc/sys/net/ipv4/route/flush ” command in your Linux.
also you can configure these options

Maximum size of the routing cache. The old entries will be purged when the cache reaches this size.
/ proc/sys/net/ipv4/route/max_size

Waiting period to clear the routing cache.
/ proc/sys/net/ipv4/route/min_delay

thats it

if you have further question just let me know

regards

How to adjust the maximum transmission unit (MTU) size in linux

.
hi again
adjusting the MTU for you NIC is a rare action you will need in setting up your servers ! but i decided to write it and ask you to remember that when ever your network goes for while. especially when your OS has directly connected to the Cisco Devices (eg firewalls!). check that the fragmentation is the reason or not.

mostly the MTU size , will set  40 byte . but if you dont have any idea about the mtu size dont worry still there is way for you because the iptables can adjust it for you.
just type

iptables -t mangle -A POSTROUTING -p tcp –tcp-flags SYN,RST SYN -o eth0 -j TCPMSS –clamp-mss-to-pmtu

which means MSS (Maximum Segment Size) will be set 40 bytes.

but if you have not any firewall and your server directly connected to you router or wan NICs i recommend you to recover your probable network inactivity set the MTU as 1460 ;)

iptables -t mangle -A POSTROUTING -p tcp –tcp-flags SYN,RST SYN -o eth0 -j TCPMSS –set-mss 1460

hummm. its not simple to say what exactly the MTU and MSS and it needs you have detailed knowledge about the OSI layer and its rules.

and in last the MSS size only need to be adjust for SYN packets and after that the host mostly adjusts themselves.

anyway if you have a problem just let me know :)

regards


How to send mail in command line interface

.
Hi again.
In the linux CLI you can easily send mail your files or texts you want. just you can use the nail command.

nail -r “myaddress@something.com” -s “Some subject” -S smtp=some.smtp.server info@company.com < msg.txt

also you can permanently set the SMTP server in your ~/.mailrc file (or /etc/nail.rc if you want to set it system-wide), which removes the need for using the “-S smtp=…” option on the command-line:

set smtp=some.smtp.server

the second way you can use the following script i download from internet :

#!/usr/bin/env python

# Usage: ./mail.py

import sys
import smtplib

def prompt(prompt):
return raw_input(prompt).strip()

def create_message():
fromaddr = prompt(‘From: ‘)
toaddrs = prompt(‘To: ‘).split()
subject = prompt(‘Subject: ‘)
print ‘Enter message, end with ^D (Unix) or ^Z (Windows): ‘
msg = (‘From: %s\r\nTo: %s\r\nSubject: %s\r\n\n’ \
% (fromaddr, ‘, ‘.join(toaddrs), subject))
while 1:
try:
line = sys.stdin.readline()
except EOFError:
break
if not line:
break
msg = msg + line
return fromaddr, toaddrs, msg

def send_mail(fromaddr, toaddrs, msg):
server = smtplib.SMTP(‘localhost’)
server.sendmail(fromaddr, toaddrs, msg)
server.quit()

def main():
[fromaddr, toaddrs, msg] = create_message()
send_mail(fromaddr, toaddrs, msg)

if __name__ == ‘__main__’:
main()

regards


     Copyrighted Mehdi Behamin , All Rights Reserved
    
Blog has been visited 192127 times