Linux Tips
There are thousands of tricks you can learn from someone's who's an
expert at the command line. The best systems administrators are set
apart by their efficiency. And if an efficient systems administrator can
do a task in 10 minutes that would take another mortal two hours to
complete, then the efficient systems administrator should be rewarded
(paid more) because the company is saving time, and time is money,
right?
1. let's list all the processes on the box not being run by you:
# ps aux | grep -v `whoami`
Or, to be a little more clever, why not just list the top ten time-wasters:
# ps aux --sort=-%cpu | grep -m 11 -v `whoami`
2. Finding the biggest files:
# du -sh * | sort -n -r | head -n 10
3.Listing today's files only:
# ls -al --time-style=+%D | grep `date +%D`
4. To check Hard Drive speed :
# /sbin/hdparm -Tt /dev/hdx /dev/hdy
where 'x' and 'y' (etc.) are the drive letters you wish to test. It will give you a transfer rate readout
5. Apache Web Server Setup
a) Edit the Apache configuration file, /etc/httpd/conf/httpd.conf and add following lines:.
6. KNOWN_HOST ERROR
Copy /etc/ssh/ssh_host_rsa_key.pub key in server known_host file where you want
to get data
# vi /root/.ssh/known_hosts
To check Hard Drive speed
7. How to configure SFTP access in Redhat Linux
To To check Hard Drive speed check Hard Dive speed
1. First you need the minimum version of ssh is 5.0
2. vim /etc/ssh/sshd_config
###Give the following entries in the last according your user's details
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
### BIND HOME DIRECTORY FOR terracom_nlad ##########
Match User terracom_nlad
ChrootDirectory /home/terracom_nlad
ForceCommand internal-sftp
## FOR DISALLOW ALL TYPES OF PORT FORWARDING
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
### BIND HOME DIRECTORY FOR global_nlad user ##########
Match User global_nlad
ChrootDirectory /home/global_nlad
ForceCommand internal-sftp
# ## FOR DISALLOW ALL TYPES OF PORT FORWARDING
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
3. open & change the /etc/pam.d.ssh file
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
3. Give the permission of user's home dir to 755
and owner ship also should be root
then under the user's home dir, create a folder and give him the ownership of your user.
4. Restart the sshd service
8.AUTOMATE SCRIPT TO PUT OR GET THE DATA THROUGH FTP:
root@devlopers ~]# cat /home/abc/abc.sh
#/bin/bash
dt=`/bin/date +"%d-%b-%Y"`
cd /home/abc/pin/
cp * /home/abc/pin_bkp/
HOST='ftp.mobile.com'
USER='test'
PASSWD='[C#aeM30h6'
FILE='test*'
ftp -inv $HOST << EOF
user $USER $PASSWD
passive
put $FILE
quit
EOF
#rm -rf *
/usr/bin/mutt -a /home/abc/pin/*.csv -s "Uploaded on ABC FTP $dt" noc@example.com <<EOM
Dear Team,
Successfully Uploaded on ABC ftp
Thanks,
Server Admin
EOM
rm -rf *
root@devlopers ~]#
9. RPM BUILD from source package
1. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz
2. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz.asc
3. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/DJM-GPG-KEY.asc | gpg --import
4.. yum install gcc openssl-devel pam-devel rpm-build
5. gpg openssh-6.0p1.tar.gz.asc
6 tar -xvzf openssh-6.0p1.tar.gz
7. cp openssh-6.0p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
8.. cp openssh-6.0p1.tar.gz /usr/src/redhat/SOURCES/
9. cd /usr/src/redhat/SPECS
10. perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
11. rpmbuild -bb openssh.spec
12. cd /usr/src/redhat/RPMS/i386
13. rpm -Uvh openssh-*
Edit the /etc/bashrc to record the shell commands that are executed
Add these line at the end of file
Configure the Rsyslog server to capture the local3 to a log file
# vim /etc/rsyslog.conf
Restart the Rsyslog server
Log off and log back in to check the result in the file /var/log/user-activity.log
1. let's list all the processes on the box not being run by you:
# ps aux | grep -v `whoami`
Or, to be a little more clever, why not just list the top ten time-wasters:
# ps aux --sort=-%cpu | grep -m 11 -v `whoami`
2. Finding the biggest files:
# du -sh * | sort -n -r | head -n 10
3.Listing today's files only:
# ls -al --time-style=+%D | grep `date +%D`
4. To check Hard Drive speed :
# /sbin/hdparm -Tt /dev/hdx /dev/hdy
where 'x' and 'y' (etc.) are the drive letters you wish to test. It will give you a transfer rate readout
5. Apache Web Server Setup
a) Edit the Apache configuration file, /etc/httpd/conf/httpd.conf and add following lines:.
<IfModule mod_userdir.c>
#
# To enable requests to /~user/ to serve the user's public_html
# directory, use this directive instead of "UserDir disable":
#
UserDir public_html
</IfModule>
<Directory "/export/home/vlad/public_html">
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes IncludesNoExec FollowSymLinks
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>
<Files /export/home/vlad/public_html/SelfEmployment/index.html>
Order allow,deny
Deny from all
</Files>
Then, restart you web server.
b) Define Virtual host with IP Based with ssl
# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost 192.168.15.250:443> ServerAdmin jay.prakash@callcentersindia.com DocumentRoot "/var/www/html/verifyyourtel/" ServerName verifyyourtel.com ServerAlias www.verifyyourtel.comG ErrorLog logs/ssl_verifyyourtel_error_log TransferLog logs/ssl_verifyyourtel_access_log SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:RC4-MD5:High:!ADH SSLCertificateFile /etc/pki/tls/verifyyourtel/verifyyourtel.com.crt SSLEngine on SSLCertificateKeyFile /etc/pki/tls/verifyyourtel/verifyyourtel.key SSLCertificateChainFile /etc/pki/tls/verifyyourtel/gd_iis_intermediates.p7b </VirtualHost>
& save it & restart the httpd deamon
c) Define Password
# vim /etc/httpd/conf/httpd.conf
<Directory /var/www/html/www.redriver.com/> Allowoverride Authconfig AuthType basic AuthName "Software Development" Require user redriver AuthuserFile /etc/httpd/conf/.htaccess </Directory>
e) Disable Directory Listing, Don't allowed server sides include, Don't execute cgi scripts
<Directory /home/> Options -Indexes </Directory> <Directory /var/www/html/verifyyourtel/> Options -Includes </Directory> <Directory /var/www/html/verifyyourtel/> Options -ExecCGI </Directory>
6. KNOWN_HOST ERROR
Copy /etc/ssh/ssh_host_rsa_key.pub key in server known_host file where you want
to get data
# vi /root/.ssh/known_hosts
To check Hard Drive speed
7. How to configure SFTP access in Redhat Linux
To To check Hard Drive speed check Hard Dive speed
1. First you need the minimum version of ssh is 5.0
2. vim /etc/ssh/sshd_config
###Give the following entries in the last according your user's details
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
### BIND HOME DIRECTORY FOR terracom_nlad ##########
Match User terracom_nlad
ChrootDirectory /home/terracom_nlad
ForceCommand internal-sftp
## FOR DISALLOW ALL TYPES OF PORT FORWARDING
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
### BIND HOME DIRECTORY FOR global_nlad user ##########
Match User global_nlad
ChrootDirectory /home/global_nlad
ForceCommand internal-sftp
# ## FOR DISALLOW ALL TYPES OF PORT FORWARDING
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
3. open & change the /etc/pam.d.ssh file
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
3. Give the permission of user's home dir to 755
and owner ship also should be root
then under the user's home dir, create a folder and give him the ownership of your user.
4. Restart the sshd service
8.AUTOMATE SCRIPT TO PUT OR GET THE DATA THROUGH FTP:
root@devlopers ~]# cat /home/abc/abc.sh
#/bin/bash
dt=`/bin/date +"%d-%b-%Y"`
cd /home/abc/pin/
cp * /home/abc/pin_bkp/
HOST='ftp.mobile.com'
USER='test'
PASSWD='[C#aeM30h6'
FILE='test*'
ftp -inv $HOST << EOF
user $USER $PASSWD
passive
put $FILE
quit
EOF
#rm -rf *
/usr/bin/mutt -a /home/abc/pin/*.csv -s "Uploaded on ABC FTP $dt" noc@example.com <<EOM
Dear Team,
Successfully Uploaded on ABC ftp
Thanks,
Server Admin
EOM
rm -rf *
root@devlopers ~]#
9. RPM BUILD from source package
1. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz
2. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz.asc
3. wget http://ftp.iinet.net.au/pub/OpenBSD/OpenSSH/portable/DJM-GPG-KEY.asc | gpg --import
4.. yum install gcc openssl-devel pam-devel rpm-build
5. gpg openssh-6.0p1.tar.gz.asc
6 tar -xvzf openssh-6.0p1.tar.gz
7. cp openssh-6.0p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
8.. cp openssh-6.0p1.tar.gz /usr/src/redhat/SOURCES/
9. cd /usr/src/redhat/SPECS
10. perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
11. rpmbuild -bb openssh.spec
12. cd /usr/src/redhat/RPMS/i386
13. rpm -Uvh openssh-*
10 :How to Monitor & Record all Shell Commands
Edit the /etc/bashrc to record the shell commands that are executed
Add these line at the end of file
remoteip=$(who am i | awk '{print $5}' | sed "s/[()]//g" ) export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local3.debug "$(whoami) $remoteip [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
Configure the Rsyslog server to capture the local3 to a log file
# vim /etc/rsyslog.conf
local3.* /var/log/user-activity.log (Write this entry in end of file)
Restart the Rsyslog server
Log off and log back in to check the result in the file /var/log/user-activity.log
Comments
Post a Comment
Thank you for visiting my blog.