Hi Folks,

I’m Nakul M.  A Linux System administrator from India, I’ve created this blog as this would surely help me as well as colleagues when they’ve a task on hand.

If anyone has comments they can directly be mentioned under the post and any suggestions too.

You can contact me by emailing me at nakuls77@gmail.com I’ll be waiting for your comments & suggestions to my inbox too.

All the contents in my blog maybe found anywhere on the internet as the world is really small place especially on Google

So my request for all of you is not to think that the posts are ripped off, but just think that it’s a collection of helpful articles.

Thank you.
Nakul M.
Author nakuls77.wordpress.com

how to send email using terminal – CLI mode.

You need to have root access for this ;

# mail -s “test email” isp@google.com -c owner@google.com -b staff@google.com

This would send a blank email with “test email” as its subject. The email would be send to isp@google.com with CC to owner@google.com and blind CC to staff@google.com

# echo “How are you” | mail -s “test email” isp@google.com -c owner@google.com -b staff@google.com

would include “How are you” line as the body message of the email. This could be useful and incorporated from your shell scripts that does a particular function and informs you by email of its function result.

Another way is to

# mutt -s “test email” -a /root/pic.jpg isp@google.com -c owner@google.com -b staff@google.com

would send email with “test emai” as subject name. Email is addressed to isp@google.com, with CC to owner@google.com and BCC to staff@google.com. You will noticed the new parameter. This email would attached /root/pic.jpg picture to this email.

Now, piping it like so

# echo “How are you” | mutt -s “test email” -a /root/pic.jpg isp@google.com -c owner@google.com -b staff@google.com

would include “How are you” as body of the email.

Synopsis

ntpdate [ -bBdoqsuv ] [ -a key ] [ -e authdelay ] [ -k keyfile ] [ -o version ] [ -p samples ] [ -t timeout ] server [ ... ]

Description

ntpdate sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the server arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of ntpdate depends on the number of servers, the number of polls each time it is run and the interval between runs.

ntpdate can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon ntpd. It is also possible to run ntpdate from a cron script. However, it is important to note that ntpdate with contrived cron scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since ntpdate does not discipline the host clock frequency as does ntpd, the accuracy using ntpdate is limited.

Time adjustments are made by ntpdate in one of two ways. If ntpdate determines the clock is in error more than 0.5 second it will simply step the time by calling the system settimeofday() routine. If the error is less than 0.5 seconds, it will slew the time by calling the system adjtime() routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when ntpdate is run by cron every hour or two.

ntpdate will decline to set the date if an NTP server daemon (e.g., ntpd) is running on the same host. When running ntpdate on a regular basis from cron as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.

Note that in contexts where a host name is expected, a -4 qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to the IPv6 namespace.

If NetInfo support is compiled into ntpdate, then the server argument is optional if ntpdate can find a time server in the NetInfo configuration for ntpd.
Command Line Options

-4
Force DNS resolution of following host names on the command line to the IPv4 namespace.
-6
Force DNS resolution of following host names on the command line to the IPv6 namespace.
-a key
Enable the authentication function and specify the key identifier to be used for authentication as the argument keyntpdate. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
-B
Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
-b
Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
-d
Enable the debugging mode, in which ntpdate will go through all the steps, but not adjust the local clock. Information useful for general debugging will also be printed.
-e authdelay
Specify the processing delay to perform an authentication function as the value authdelay, in seconds and fraction (see ntpd for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU’s.
-k keyfile
Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp.keys. This file should be in the format described in ntpd.
-o version
Specify the NTP version for outgoing packets as the integer version, which can be 1 or 2. The default is 3. This allows ntpdate to be used with older NTP versions.
-p samples
Specify the number of samples to be acquired from each server as the integer samples, with values from 1 to 8 inclusive. The default is 4.
-q
Query only – don’t set the clock.
-s
Divert logging output from the standard output (default) to the system syslog facility. This is designed primarily for convenience of cron scripts.
-t timeout
Specify the maximum time waiting for a server response as the value timeout, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
-u
Direct ntpdate to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the -d option always uses unprivileged ports.
-v
Be verbose. This option will cause ntpdate’s version identification string to be logged.

Diagnostics

ntpdate’s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
Files

/etc/ntp.keys – encryption keys used by ntpdate.

Referred from http://www.eecis.udel.edu/~ntp/ntp_spool/html/ntpdate.html

You need to have root access on your system t perform this operation.

date +%Y%m%d -s “20090502″

To set the time in Linux, enter

date +%T -s “11:14:00″

There are other ways too :

date -s “2 MAY 2009 11:14:00″ OR date 05021118

The format is date MMDDhhmm

I’ve seen many issues where Ioncube is required to be installed on a DA system. You can easily download and install it using the following steps;

Depending on your system OS/Platform select and download the loaders file which is compressed in different formats such as tar.gz, tar.bz2, zip. Make sure you select one which is of the recent date and of the latest version and extract it to /usr/local it will be extracted into the following directory;

/usr/local/ioncube

Once done you need to add a line to your php.ini. It can be located using the following command;

php -i | grep php.ini

Once you get the path, just edit it using your favorate editor (vi or pico) in my case it’s vi

vi /etc/php.ini

search for extension and below that add;

zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so

Don’t forget to restart your web server after that, once done you won’t be getting the same errors for Ioncube as earlier.

Hello Everyone,

Thanks for everyone who’s been using this blog as a help guide for fixing/resolving issue they face. I’ve lately been away from posting on my blog and now I’ll continue to add more useful articles and hope that those articles help every needful person out here who uses Internet & Linux. People can personally contact me on nakuls77@gmail.com just in case they need my helping hand in some issues. I’ll be glad to help anyone.

Sincere Regards,
Nakul Mahajan.

Free space on system partitions are very important.

We may get several problems if /usr /var /tmp or / partition run out of disk space.

I have created one simple shell script to check the percentage space used on different drive and sent a notification if any of partition usage exceeds the 90% you can modify it as pre needs and requirement.

#!/bin/bash

#################################################
# disk space usage alert #
#################################################

df -h | grep -v ‘Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/disk-percent

for i in `cut -f 1 -d : /tmp/disk-percent`

do

if [ $i -ge "90" ];

then

echo partition `grep $i /tmp/disk-percent | cut -f 2 -d :` running out of disk space on `hostname` >> /tmp/disk-warning

fi

done

if [ -f /tmp/disk-warning ];
then

mail -s “URGENT `hostname` running out of disk space” administrator@mazhar.co.in /tmp/disk-percent

with

df -h | grep -v ‘home\|Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/disk-percent

Create a file say /home/disk-monitoring.sh give executable permissions and add a cron to execute it after specific time intervals (say 3 hours)

0 */3 * * * /home/disk-monitoring.sh

If you are running apache, you will want to use our iframe filtering countermeasures. To do so, you will need to

downloads two files:

remove-bad-iframes.txt

and

00_ASL_iframe_protection.conf

This will automatically clean all your websites and remove any iframes that would include trojans, etc. targeted at your users. Install the 00_ASL_iframe_protection.conf file in your /etc/httpd/conf.d directory, and the remove-bad-iframes.txt in /etc/asl.

Originally posted on : gotroot.com

Iframe attacks seem to be taking a hold with many vulnerable websites. The problem obviously being vulnerable ap plications, which we would all like to see fixed. However, not everyone can be so lucky as to have either perfect applications, or perfect countermeasures against these vulnerabilities. Enter output filtering. We’ve put together a special set of rules for anyone running apache. This will filter out all your iframe attacks.

More info about Iframes;

IFrame (from Inline Frame) is an HTML element which makes it possible to embed an HTML document inside another HTML document.

The size of the IFrame can be specified in the surrounding HTML page, so that the surrounding page can already be presented in the browser while the IFrame is still being loaded. The IFrame behaves much like an inline image and the user can scroll it out of view. On the other hand, the IFrame can contain its own scroll bar, independent of the surrounding page’s scroll bar.

While regular frames are typically used to logically subdivide the content of one website, IFrames are more commonly used to insert content (for instance an advertisement) from another website into the current page.

The following is an example of an HTML document containing an IFrame:

====================================================
<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
“http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<title>Example</title>
</head>
<body>
The material below comes from the website http://example.com
<iframe src=”http://example.com” height=”200″>
Alternative text for browsers that do not understand IFrames.
</iframe>
</body>
</html>
====================================================

The embedded document can be changed without reloading the surrounding page, by using the “target” attribute of an HTML anchor or by employing JavaScript. This makes many interactive applications possible, and IFrames are therefore commonly used by Ajax applications. The main alternative to using an IFrame in these situations is editing a document’s DOM tree. Sometimes invisible IFrames are also used for asynchronous communication with the server, as an alternative to XMLHTTPRequest.

More recently, Mozilla Firefox, Opera and Microsoft Internet Explorer introduced contentEditable and designMode, which enables users to edit the contents of the HTML contained in an IFrame. This feature has been used to develop rich text (WYSIWYG) editors within an IFrame element like FCKeditor or TinyMCE. Popular web applications which make use of this feature include Google Docs & Spreadsheets (formerly Writely), JotSpot Live, and Windows Live Hotmail, to name a few.

First introduced by Microsoft Internet Explorer in 1997 and long only available in that browser, iframes eventually became supported by all major brands.

Security Issues

IFrames have been implicated in many malicious code attacks, due to a series of common vulnerabilities. This was evident in many 2007 web based threats, notably the so-called Italian Job of June, 2007.[1] An IFrame can be planted on an unsuspecting legitimate website, leading the casual viewer into an infection threat. This may happen when a site is cracked, or more easily, when a site forwards results of local searches to global search engines. On such a site, the cracker only needs to perform a search that includes a malicious IFrame; a user who clicks the search result in the global search engine will be infected.

Hello Folks,

Been busy fro the last couple of months, so didn’t get time to place new posts. But I’ve started again where I left this blog behind and I do promise that I’ll keep this blog updated.

I’ve also received many comments since I started publishing this blog and it’s always great to know that people know you over the Internet and also praise for what you do, the experience is always exciting.

Recently I got a book gifted from packtpub for creating this blog. I’m really thankful to them, I was able to discover new things, I wasn’t aware while using PHPMyAdmin.

I was great receiving a fantastic book which can provide extensive knowledge. I’ve read the book and I’m sure that people who read this book would also be the same and would also like to thank the great author of this book Mr. Marc Delisle

Info about the Author;

Marc Delisle is a member of the MySQL Developers Guild – which regroups community developers – because of his involvement with phpMyAdmin. He started to contribute to this popular MySQL web interface in December 1998, when he made the first multi-language version. He has been actively involved with the phpMyAdmin project since May 2001 as a developer and project administrator. He has worked since 1980 at Collège de Sherbrooke, Québec, Canada, as an application programmer and network manager. He has also been teaching networking, security, Linux servers, and PHP/MySQL application development. In one of his classes, he was pleased to meet a phpMyAdmin user from Argentina

Info about the publishers;

Packt is a unique publishing company specializing in highly focused books on specific technologies and solutions.

You can also review the book on Amazon.com

Last but not the least I would really thank Packtpub for gifting me such a wonderful resource and the author of this book who’s been writing such great stuff. I would also like everyone interested in exploring PHPMyAdmin should get this book.

Regards,
Nakul M.

==== pre-SVN configuration ====

* Plesk 8.0

* CentOS

* Root access via SSH

* Subdomain setup via Plesk 8.0 Administrator page. In my case, I used svn.my-domain.com as the sub domain

* A folder /var/svnrepo/ is used to house my SVN repository.

After you created the subdomain for your domain, you can proceed to the next step: installing Subversion

==== A. Installing Subversion ====

To install subversion, all you have to do is SSH into the box as the root user. (# denotes the root prompt)

* #yum install subversionThis command will painlessly install the subversion package to the CentOS.

* #cd /etc/httpd/modulesChange the current directory to the modules folder of Apache, where all the plugins of Apache are installed.

* #yum mod_dav_svnThis command will install the mod_dav_svn to apache

* #svn –versionThis command will ensure that you have successfully installed subversion. (At the current time of writing, the version of this SVN package is 1.1.4, while the current version of SVN is 1.4 — maybe another article on how to upgrade SVN?)

* #mkdir /var/svnrepoThis is our root repository.

* #svnaddmin create /var/svnrepoThis command will create a subversion repository in the /var/svnrepo folder.

* #chmod -R 777 /var/svnrepoChanging the permision of svnrepo folder to allow Apache/Subversion to have read/write rights. Without changing the permissions, you will get an error when you are trying to access the repository via your browser.

==== B. Configuring Apache ====

So with the painless installation of Subversion, now we can configure Apache to begin to serve our repository. First of all, you will need to make sure that Apache is loading the mod_dav_svn.so file. Personally, I like to use mc (Midnight Commander) for text-editting ((( *) I can use VI but it’s not on my list of user-friendly software so I opt for a more “notepad-like” text editor. If you don’t have Midnight Commander installed, run **#yum install mc** and that should take care of it. The nto run Midnight Commander, just type in #mc. If you use Putty like I do, use **#mc -a** instead to get a nicer frame instead of the weird ASCII characters.)).

* Open the file **/etc/httpd/conf/httpd.conf**

* Search for **mod_dav_svn.so** in the Modules section. If you don’t find this line in **httpd.conf**, then check the folder /etc/httpd/conf.d/ for other .conf files. I have a subversion.conf file here which is included in the main **/etc/httpd/conf/httpd.conf** at initialization time. In this subversion.conf file, there are these 2 lines to make sure that Apache loads the SVN modules:

#File: /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

Cool! Apache does load the Subversion modules. Now we need to configure our subdomain created using Plesk earlier to use with Subversion. But let’s go over how Plesk organizes our file system.

==== C. Working with Plesk: The primer ====

If you’d like to by-pass the web-based administration page of Plesk and do some advanced customization, then here is how Plesk is organizing the files system:

* Web-docs (your domains) are stored under **/var/www/vhosts/**

* Custom configuration for your domain is stored under **/var/www/vhosts/[you_domain_name]/conf/vhost.conf**

* The **httpd.include** file in **/var/www/vhosts/[you_domain_name]/conf/** will be overwritten everytime you use the web-based Plesk to update your domain configuration. Hence manual updates of this file is NOT advisible. Your changes will be lost, so why bother. If you want to customize the domain, create a **vhost.conf** file in the conf/ folder instead.

* Similarly, for sub-domains, the main .conf file are **/var/www/vhosts/[you_domain_name]/subdomains/[you_subdomain_name]/conf/vhost.conf**. All you have to do is to create this vhost.file and it will be automatically included in the main httpd.conf file of apache.

Also,

* Only **Root users** can create vhost.conf files.

* After you make changes to the conf files, you have to tell Plesk to reload the new configuration. To do so, run#/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=

For more information, please consult the [[http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-admins-guide-html/apas02.html|Plesk’s Admins Guide on sub-domain customization]]

==== D. Customizing Sub-Domain configurations ====

As I created a subdomain “svn” for my site, makefun.us, I had to create a vhost.conf file under **/var/www/vhosts/makefun.us/subdomains/svn/conf/vhost.conf**. Also, my repository is under **/var/svnrepo/**, so here is the content of the vhost.conf file

#svn.makefun.us — vhost.conf file

DAV svn

SVNPath /var/svnrepo/

AuthType Basic

AuthName “Makefun.us Subversion Repository”

AuthUserFile /etc/svn-auth-file

Require valid-user

First of all, with **DAV svn** we ask Apache to hand over to the mod_dav_svn module when there’s a request to **http://svn.makefun.us** (the location /). Then we specify the **repository’s root** at **/var/svnrepo/**. Then we specify that this is a private repository by asking Apache to provide **Basic Authorization** (which means the authenticated password will be transmitted as text via the wire). Well, we name our private zone the “Makefun.us Subversion Repositor” and the user accounts are stored in **/etc/svn-auth-file**. Finally, to access the repository via the web, the user must be able to authenticate — as we only allow valid-user to access (Require valid-user)

Next, I created a new user account for myself so that I can access the repository:

#htpasswd -c /etc/svn-auth-file my_user_name

At this point, you can either restart Apache by running **#server httpd restart** or just use the **websrvmng** of Plesk to pick up the new configuration. I just restarted Apache.

If everything works out correctly for you, if you point your browser to **http://svn.yourdomain.com**, you would see a prompt for username and password. Enter your just created account, you can access to your very own the SVN repository