| Email Server |
Postfix
Mail Transport / Script TriggerPostfix can be configured to call script when the mail arrives. To run a particular script when the email arrives, you need to configure two files master.cf and transport.
In transport file, add:
[email protected] transportLabel:domain_of_nexthub
If mail arrives with email address [email protected], the transport script tagged by transportLabel at domain_of_nexthub, which is specified in master.cf, will be called.In master.cf, add an entry to call the script:
transportLabel unix - n n - 1 pipe
flags= user=faxserver argv=/usr/bin/procmail -f-
| SSH/SSL |
Login Using SSH Using Public/Private Key Pair Without Password
You may want to login to a ssh server using public/private key pair without password to save much of typing. To do this, you have to configure your SSH server to reconfigure sshd_config using following parameters:
In ssh_config on your client side, set:RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/id_dsa.pub
PasswordAuthentication yes
PermitEmptyPasswords yesIdentityFile ~/.ssh/id_dsaAfter that, generate the public and private key:ssh-keygen -t dsa -b 512 -N “”
| Certificate Authority |
A Certificate Authority is a trusted third party, which certifies Public Key's to truly belong to their claimed owners. It is a key part of any Public Key Infrastructure, since it allows users to Trust that a given Public Key is the one they wish to use, either to send a private message to its owner or to verify the signature on a message sent by that owner.
Create a private key fileopenssl genrsa -des3 -rand any_filename -out server.key 1024Remove the password from the key file (optional)openssl rsa -in server.key -out server.pemCreate self-signed certificateopenssl req -new -x509 -days 365 -key server.key -out server.crtConfigure ApacheSSLCertificateFile /path/to/certs/server.crt
SSLCertificateKeyFile /path/to/certs/server.key
| RPM - Redhat Package Manager |
The rpm command is used to manage software applications and system modules.
| RPM Command | Description |
|---|---|
| rpm -qilp program_package-ver.rpm | Query for information on package and list destination of files to be installed by the package. |
| rpm -Uvh program_package-ver.rpm | Upgrade the system with the RPM package |
| rpm -ivh program_package-ver.rpm | New Install |
| rpm -Fvh program_package-ver.rpm | Freshen install. Removes all files of older version. |
| rpm -q program_package | Query system RPM database (/var/lib/rpm), to see if package is installed. |
| rpm -qi program_package | Query system RPM database for info/description on package (if installed) |
| rpm -ql program_package | List all files on the system associated with the package. |
| rpm -qf file | Identify the package to which this file belongs. |
| rpm -e program_package | Uninstall package from your system |
| rpm -qa | List ALL packages on your system. Use this with grep to find families of packages. |
| RPM Flag | Description |
| --nodeps | RPM flag to force install even if dependancy requirements are not met. |
| --force | Overwrite of other packages allowed. |
| --notriggers | Don't execute scripts which are triggered by the installation of this package. |
| --root /directory-name | Use the system chrooted at /directory-name. This means the database will be read or modified under /directory-name. (Used by developers to maintain multiple environments) |
| --ignorearch | Allow installation even if the architectures of the binary RPM and host don't match. This is often required for RPM's which were assembled incorrectly |
| rpm -K --nogpg *.rpm | Non sure if RPM downloded ok? Verify md5 sum. |
Build
Configuring your ~/.rpmmacrosPut something similiar to the following in a file called .rpmmacros in your home directory:%packager James Lin <[email protected]>The .rpmmacros file is used by rpmbuild to provide defaults. Creating your build directoriesIn order to build packages as a user, you will also need to create build directories. By default, rpm will expect to find and use the following directories:
%distribution James Project
%vendor James Project
%_topdir /home/jamesl/rpm%{_topdir}/BUILDYou will need to manually create the directories.
%{_topdir}/RPMS
%{_topdir}/RPMS/i386
%{_topdir}/SOURCES
%{_topdir}/SPECS
%{_topdir}/SRPMSmkdir /home/jamesl/rpm/BUILDView Content Of A Package In A File
mkdir /home/jamesl/rpm/RPMS
mkdir /home/jamesl/rpm/RPMS/i386
mkdir /home/jamesl/rpm/SOURCES
mkdir /home/jamesl/rpm/SPECS
mkdir /home/jamesl/rpm/SRPMSrpm -qlp file.rpm
| Load Balancing |
Using iptables
iptables -A PREROUTING -t nat -i eth0 -d $virtual_www -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1-192.168.1.100
Email Handler / Filter
Sample Procmail Configuration
Filtering Spam Mail
:0 i
* ^Subject: Spam messages
/dev/nullSend Carbon Copy
:0 c
! [email protected]
| NIS |
Setup Server
Add NISDOMAIN to /etc/sysconfig/network or run domainname command to set domain for your NIS:Set
NISDOMAIN=<your domain>
Or run
domainname <your domain>
Create map / database file for your system, which will include host, passwd, group and ....:
cd /var/yp
makeStar the ypserv:
service ypserv start
| Samba |
Mounting Windows Network Place Or Network Neightborhood Using Samba
If you want to mount Windows Network Place or Network Neightborhood via Samba, use smbmount command. The following command works for Samba 2.2.7a version.
smbmount //servername/folder /mnt/mount-point -o “username=NT-Login, password=NT-pwd, workgroup=workgroupname, ip=192.168.1.1, uid=unix-login, gid=unixgid”
| Backup |
The following Makefile script is used by me to perform both full and incremental backup. It is very use.
BKSRC = /root /home/user /home/cvsroot
EXCLUDE = --exclude *.tmp --exclude *.bak
TIMESTAMP = /etc/backup/fullbackup
BKDEV = /win/Backup
BKLOG = /etc/backup/logs
BKFILE = linuxbackup
CLEANOBJ = -name "*~"
CLEANPATH = /home /root
DELETE = /home/user/.openofficeall:
clean:
find $(CLEANPATH) $(CLEANOBJ) -exec rm -f {} \;
rm -rf $(DELETE)inc:
echo "Inc. backup begin : `date` " >> $(BKLOG) ; \
echo >> $(BKLOG) ; \
tar -c -p $(EXCLUDE) --newer-mtime="`cat $(TIMESTAMP)`" \
-B -f $(BKDEV)/$(BKFILE)-inc.tar $(BKSRC) ;\echo "Inc. backup end : `date` " >> $(BKLOG) ; \
ls -l $(BKDEV)/$(BKFILE)-inc.tar >> $(BKLOG)fullbk:
date > $(TIMESTAMP) ; \
echo "Full backup begin : `date` " >> $(BKLOG) ; \
echo >> $(BKLOG) ; \
tar -c -p $(EXCLUDE) -B -f $(BKDEV)/$(BKFILE).tar $(BKSRC) ; \
echo "Full backup end : `date` " >> $(BKLOG) ; \
echo >> $(BKLOG)
| Revision |
Create initial CVS deposit directory on server side:cvs -d /home/cvsroot initCreate a user called cvs on the server and make sure /home/cvsroot has cvs ownership.If you want to use CVS server mode, in RedHat 8.0+, edit the file /etc/xinetd.d/cvspserver to include the following:service cvspserverRestart the xinetd service:
{disable = no}
port = 2401
socket_type = stream
protocol = tcp
user = root
wait = no
type = UNLISTED
server = /usr/bin/cvs
server_args = -f --allow-root /home/cvsroot pserverservice xinetd restartCreating a new desposit for your file by goto the directory where you want to put everthing inside in the CVS. Let's say that directory is call 'data'.Issue:cvs -d :pserver:cvs:pwd@localhost:/home/cvsroot import -m “Description” data version releaseDelete the 'data' directory and check out the data from the CVS:cvs -d :pserver:cvs:pwd@localhost:/home/cvsroot co dataIf you want to leave out the argument '-d' and the directory path that follows, set the environment variable CVSROOT to:export CVSROOT=:pserver:cvs:pwd@localhost:/home/cvsrootYou can create a name for your branch version of work. To do so use 'tag' command:cvs tag -b data-1-2If you create a branch and want to merge the revision of a branch with main trunk, check out the main/trunk version first and update with the branch version using '-r' option followed by the version label.You can merge the branch and the main trunk and store it in another directory called newdata:cvs co -j branch-version -d newdata data
| Automount |
Server
ClientTo specify what file system to export and to what hosts through /etc/exports file:
file-system host( options )
For example:
/home unisys01(rw)
/exports unisys*(rw)
Then issue 'exportfs' command to export the file system:
exportfs -aAutomount maps configuration.The master map, /etc/auto.master:
# access directory indirect map file timeout in sec.
/mnt/home /etc/auto.home --timeout 60
/mnt/docs /etc/auto.docs
A client request to access a directory tree whose root is listed in the master map (such as cd /mnt/docs) will cause the automounter to search the specified map for a server to satisfy the request.
The indirect map files.
/etc/auto.docs:
doc1 server1:/usr/share/doc/doc1
/etc/auto.home:
* server1:/export/home/&
| System Monitoring |
| pstree | Processes and parent-child relarionships |
| top | Show top processes |
| ps -auxw | process status |
| vmstat | Monitor virtual memory |
| free | Display amount of free and used memory in the system. (Also: cat /proc/meminfo) |
| pmap | Display/examine memory map and libraries (so). Usage: pmap pid |
| cat /proc/sys/vm/freepages | Display virtual memory "free
pages". One may increase/decrease this limit: echo 300 400 500 > /proc/sys/vm/freepages |
| uname -a | print system information |
| cat /proc/version | Display Linux kernel version in use. |
| cat /etc/redhat-release | Display Red Hat Linux Release. (also /etc/issue) |
| uptime | Tell how long the system has been running. Also number of users and system's load average. |
| w | Show who is logged on and what they are doing. |
| /sbin/lsmod | List all currently loaded
kernel modules. Same as cat /proc/modules |
| /sbin/runlevel | Displays the system's current runlevel. |
| hostname | Displays/changes the system's node name. (Must also manually change hostname setting in /etc/sysconfig/network. Command will change entry in /etc/hosts) |
| service | Display status
of system services. Example: service --status-all Help: service --help |
GUI/Graphical:
| gkrellm | Graphical system monitor. (Additional package) |
| GLcpu | networked load meter. Very cool 3-D graphics. |
List of tools:
| PERL Administration/Maintenance |
At some point you will be required
to administer the installation of PERL modules.
Installation can be done:
# perl -MCPAN -e shell - First time through it will ask a bunch of questions. Answer "no" to the first question for autoconfigure.
...
..
cpan> install URI
...
..
cpan> i /PerlMagick/ - Inquire about module. (Search by keyword)
Distribution J/JC/JCRISTY/PerlMagick-5.36.tar.gz
Module Image::Magick (J/JC/JCRISTY/PerlMagick-5.36.tar.gz)
cpan> install Image::Magick
...
cpan> install Image::Info
...
cpan> install IO::String
IO::String is up to date.
cpan> help
This method rocks! It connects to
a CPAN server and ftp's a gzipped tarball and installs it. First time through
it will ask a bunch of questions. (Answer "no" to the first question for autoconfigure.)
Defaults were good for me. The only reason to manually configure this is if
you are using a proxy. It then asks for your location (i.e. North America)
and country. I entered a number for the first CPAN server but after that the
actual URL was cut and pasted in whole.
If it fails, you must load the appropriate RPMs and retry using "force install module-name"
PERL update: perl -MCPAN -e 'install Perl'
| Managing Time |
Set System Time:
Try: rdate -p time.ucla.edu
See List of public NTP Time Servers
Note: Typically many web servers set their time to GMT due to the world wide nature of their service. Internally UNIX systems use Coordinated Universal Time (UTC) which is the number of seconds since Jan 1, 1970 0 hrs. "Calendar Time" is then calculated based on your time zone and whether you are on Standard or Daylight Savings time.
Sync System Time:
Shell environment variables:
| Using the find command: |
Form of command: find path operators
Examples:
Note: suid executable binaries are programs which switch to root privaleges to perform their tasks. These are created by applying a "stickey" bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the "stickey" bits from executables which either won't be used or are not required by users. chmod -s filename
Partial list of find directives:
| Directive | Description |
|---|---|
| -name | Find files whose name matches given pattern |
| Display path of matching files | |
| -user | Searches for files belonging to a specific user |
| -exec command {} \; | Execute Unix/Linux command for each matching file. |
| -atime (+t,-t,t) | Find files accessed more that +t days ago, less than -t or precisely t days ago. |
| -ctime (+t,-t,t) | Find files changed ... |
| -perm | Find files set with specified permissions. |
| -type | Locate files of a specified
type:
|
| -size n | Find file size is larger
than "n" 512-byte blocks (default) or specify a different measurement
by using the specified letter following "n":
|
Also see:
| logrotate - Rotate log files: |
Many system and server application programs such as Apache, generate log files. If left unchecked they would grow large enough to burden the system and application. The logrotate program will periodically backup the log file by renameing it. The program will also allow the system administrator to set the limit for the number of logs or their size. There is also the option to compress the backed up files.
Configuration file: /etc/logrotate.conf
Directory for logrotate configuration scripts: /etc/logrotate.d/
Example logrotate configuration script: /etc/logrotate.d/process-name
/var/log/process-name.log {
rotate 12
monthly
errors root@localhost
missingok
postrotate
/usr/bin/killall -HUP process-name 2> /dev/null || true
endscript
}
The configuration file lists the log
file to be rotated, the process kill
command to momentarily shut down and restart the process, and some configuration
parameters listed in the logrotate
man page.
| AT - Scheduling a task: |
The at command will schedule single jobs. (cron is for re-occuring jobs) The daemon /usr/sbin/atd will run jobs scheduled with the at command. Access control to the command is controlled using the files /etc/at.allow (list of user id's permitted to use the at command) and /etc/at.deny.
Time is specified before the date:
The at command will respont with it's "at>" prompt upon which you enter the command you wish to execute folowed by "Enter". More commands may be entered. When done enter "control-d".
Input at commands from a file: at midnight today < job-list-file
List jobs with the command atq
[prompt]$ atq
1 2002-03-07 12:00 a user-id
The first collumn lists the job number.
Delete job with the command atrm
[prompt]$ atrm 1
Man pages:
| RDIST: Remotely distributing and installing software/files |
The command rdist helps the system administrator install software or update files accross many machines. The process is launched from one computer.
Command: rdist -f instruction-file
Instruction file:
files=(
/fully-qualified-path-and-file-name
/next-fully-qualified-path-and-file-name
)
dest = ( computer-node-name )
${files} -> ${dest}
install /fully-qualified-directory-name-of-destination;
For more info see the rdist man page
Also see the rsync man
page to migrate file changes.
| vi Editor |
Controlling The Screen Display
of Your Session
Repaint the current screen {ctrl-l}
Display line #, # of lines, etc.. {ctrl-g}
Moving the Cursor
Beginning of current line 0 or ^
Beginning of first screen line H
Beginning of last screen line L
Beginning of middle screen line M
Down one line j, {return}, +
End of current line $
Left one character h, {ctrl-h}
Left to beggining of word b, B
Right one character l, {space}
Right to end of word e, E
Right to beginning of word w, W
Up one line k, -
Beginning of next sentence )
Beginning of previous sentence (
Paging Through Text
Back one screen {ctrl-b}
Down half a screen {ctrl-d}
Down one screen {ctrl-f}
Forware to end of file G
Move cursor to specified line line no. G
Up half a screen {ctrl-j}
Special Pattern Characters
Beginning of line ^
End of line $
Any character except newline .
Any number of the preceding character *
Any set of characters (except newline) .*
Searching Through Text
Backward for pattern ?pattern
Forward for pattern /pattern
Repeat previous search n
Reverse direction of previous search N
Show *all* lines containing pattern
:beg,endg/pattern/p
:1,$g/compiler/p Will print all lines with the pattern compiler.
Substitute patt2 for all patt1 found.
:beg,ends/patt1/patt2/g
:%s/notfound/found/g Will change all occurences of notfound to found.
Creating Text
Append text after cursor a
Append text after end of line A
Insert text before cursor i
Insert text at beginning of line I
Open new line after current line o
Open new line before current line O
Take next character literally
(i.e. control characters...)
and display it {ctrl-v}
Modifying Text
Change current word cw, cW
Change current line (cursor to end) C
Delete character (cursor forward) x
Delete character (before cursor) X
Delete word dw, dW
Delete line dd
Delete text to end of line D
Duplicate text (use yank and put)
Join current line with next line J
Move text (use delete and put)
Put buffer text after/below cursor p
Put buffer text before/above cursor P
Repeat last modification command .
Replace current character r
Replace text to end of line R
Substitute text for character s
Undo your previous command u
Transpose characters xp
Yank (copy) word into buffer yw
Yank (copy) current line into buffer Y
Making Corrections During Text Insertions
Overwrite last character {delete}
Overwrite last word {ctrl-w}
Ending Your Editing Sessions
Quit (no changes made) :q
Quit and save changes ZZ, :wq
Quit and discard changes :q!
Using ex Commands From Within vi
Copy specified lines :co, t
Display line numbers :set nu
Disable display of line numbers :set nonu
Move lines after specified line :m
Read file in after specified line :r filename
Review current editor options :set
Review editor options :set all
Set new editor option :set option
Write changes to original file :w
Write to specified file :w filename
Force write to a file :w! filename
Some useful set options for your ~/.exrc file:
:set all Display all Set options
:set autoindent Automagically indent following lines to the indentation
of previous line.
:set ignorecase Ignore case during pattern matching.
:set list Show special characters in the file.
:set number Display line numbers.
:set shiftwidth=n Width for shifting operators << and >>
:set showmode Display mode when in Insert, Append, or Replace mode.
:set wrapmargin=n Set right margin 80-n for autowrapping lines
(inserting newlines). 0 turns it off.
| Linux System Optimization |
When running on the Linux 2.2 kernel, each process is limited by default to 1,024 file descriptors.
To increase the maximum file descriptors per process to 4,096 (from 1,024) and the maximum tasks per user to 4,090 (from 256) on Linux 2.2, do the following steps.
Change the following C header
files.
In /usr/include/linux/tasks.h, change:
NR_TASKS 512 -> 4090
MAX_TASKS_PER_USER (NR_TASKS/2) -> NR_TASKS
In /usr/include/linux/limits.h, change:
NR_OPEN 1024 -> 4096
OPEN_MAX 256 -> 4096
In /usr/include/linux/posix_types.h, change:
__FD_SETSIZE 1024 -> 4096
In /usr/include/bits/types.h, change:
__FD_SETSIZE 1024 -> 4096
To allow users to increase
their file descriptor limits, change the following configuration files:
In /etc/security/limits.conf, add the lines:
* soft nofile 1024
* hard nofile 4096
In /etc/pam.d/login, add:
session required /lib/security/pam_limits.so
To increase the system-wide
file descriptor limit, add the following three lines to the /etc/rc.d/rc.local
startup script:
# Increase system-wide file descriptor limit.
echo 8192 > /proc/sys/fs/file-max
echo 24576 > /proc/sys/fs/inode-max