Sunday, July 31, 2011

Local port range sysctl tuning for high bandwidth Linux servers

Most of the Linux distributions specify local port range from 16384 to 65536 and this may be too low for very high bandwidth and busy boxes, let’s say SMTP, Hosting, POP3/Imap and Proxy servers.
You can adjust this setting by editing /etc/sysctl.conf file and replacing the default:
net.ipv4.ip_local_port_range = 16384 65536
with
net.ipv4.ip_local_port_range = 1024 65536
Posted by at No comments:

Quit from shell without saving into history

There are many instances when we want to quit from shell without saving any command in history. We might have run by mistake some rookie command and you dont want to disclose it to others.

kill -9 $$ will do the needful as $$ will provide the PID of the current shell.
Posted by at No comments:

Run the last command as ROOT

There are many privileged commands which you run as non-prev user only to get error or moy desired output. Then you think like sudo and type the same command again.
We can type sudo !! to execute the last command as PRIV user
Posted by at No comments:

How to know the status of all the running services

There are many commands like netstat -plant,ps -aux but when you want to know all the services which are running presently into your RHEL box, service --status-all command is very handy . It shows all the running services into your box.
Posted by at No comments:

Saturday, July 16, 2011

Step-by-step OpenLDAP Installation and Configuration on client side


Step #1. Installation
[root@ldapclient ~]#  yum install authconfig
Step #2. Run the command
[root@ldapclient ~]# authconfig-gtk
Step #3. Settings
         [*] Use LDAP     [*] Use LDAP Authentication
    [Both should be checked]
        Click "Next".
        [ ] Use TLS  
        Server: ldap.xyz.com
        Base DN: dc=xyz,dc=com
        Click "Ok" to confirm.
Note: Use your domain name instead of xyz.
Posted by at No comments:

Step-by-step OpenLDAP Installation and Configuration on server side

This tutorial describes how to install and configure an OpenLDAP server and also an OpenLDAP client.
Step by Step Installation and Configuration OpenLDAP Server

openldap 2.2.13-6.4E
System name:   ldap.xyz.com
Domain name:   xyz.com
System IP:     192.168.0.22

Note: Use your domain name and IP instead of xyz.

Easy steps for adding users:
    1. Create unix user
    2. Create unix user's ldap passwd file
    3. Convert passwd.file to ldif file
    4. Add ldap file to LDAP Directory using ldapadd
Step #1. Requirements
    compat-openldap.i386 0:2.1.30-6.4E
    openldap-clients.i386 0:2.2.13-6.4E
    openldap-devel.i386 0:2.2.13-6.4E
    openldap-servers.i386 0:2.2.13-6.4E
    openldap-servers-sql.i386 0:2.2.13-6.4E

You can install them using the command:

yum install *openldap* -y
Step #2. Start the service
[root@ldap ~]# chkconfig --levels 235 ldap on
[root@ldap ~]# service ldap start
Step #3. Create LDAP root user password
[root@ldap ~]# slappasswd
    New password:
    Re-enter new password:
    {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
[root@ldap ~]#
Step #4. Update /etc/openldap/slapd.conf for the root password
[root@ldap ~]# vi /etc/openldap/slapd.conf
    #68 database        bdb
    #69 suffix          "dc=xyz,dc=com"
    #70 rootdn          "cn=Manager,dc=xyz,dc=com"
    #71 rootpw          {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
Step #5. Apply Changes
[root@ldap ~]# service ldap restart
Step #6. Create test users
[root@ldap ~]# useradd test1
[root@ldap ~]# passwd test1
    Changing password for user test1.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
[root@ldap ~]# useradd test2
[root@ldap ~]# passwd test2
    Changing password for user test2.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
[root@ldap ~]#
Note: Repeat the same for the rest of users
Step #7. Migrate local users to LDAP
[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
[root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
[root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
 Note: Repeat the same for the rest of users
Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph
    #71 $DEFAULT_MAIL_DOMAIN = "xyz.com";
    #74 $DEFAULT_BASE = "dc=xyz,dc=com";
Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Note: Repeat the same for the rest of users
Step #10. Update root.ldif file for the "Manager" of LDAP Server
[root@ldap ~]# vi /etc/openldap/root.ldif
    #1 dn: uid=root,ou=People,dc=xyz,dc=com
    #2 uid: root
    #3 cn: Manager
    #4 objectClass: account
Step #11. Create a domain ldif file (/etc/openldap/xyz.com.ldif)
[root@ldap ~]# cat /etc/openldap/xyz.com.ldif
    dn: dc=xyz,dc=com
    dc: xyz
    description: LDAP Admin
    objectClass: dcObject
    objectClass: organizationalUnit
    ou: rootobject
    dn: ou=People, dc=xyz,dc=com
    ou: People
    description: Users of xyz
    objectClass: organizationalUnit
Step #12. Import all users in to the LDAP
Add the Domain ldif file
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=xyz,dc=com" -W -f  /etc/openldap/xyz.com.ldif
    Enter LDAP Password:
    adding new entry "dc=xyz,dc=com"
    adding new entry "ou=People, dc=xyz,dc=com"
[root@ldap ~]#

Add the users:
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=xyz,dc=com" -W -f  /etc/openldap/root.ldif
    Enter LDAP Password:
    adding new entry "uid=root,ou=People,dc=xyz,dc=com"
    adding new entry "uid=operator,ou=People,dc=xyz,dc=com"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=xyz,dc=com" -W -f  /etc/openldap/test1.ldif
    Enter LDAP Password:
    adding new entry "uid=test1,ou=People,dc=xyz,dc=com"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=xyz,dc=com" -W -f  /etc/openldap/test2.ldif
    Enter LDAP Password:
    adding new entry "uid=test2,ou=People,dc=xyz,dc=com"
 [root@ldap ~]#
 Note: Repeat the same for the rest of users
Step #13. Apply Changes
[root@ldap ~]# service ldap restart
Step #14. Test LDAP Server
It prints all the user information:
[root@ldap ~]# ldapsearch -x -b 'dc=xyz,dc=com' '(objectclass=*)'
Posted by at No comments:

Monday, July 11, 2011

PORT FORWARDING with IPTABLES in LINUX

These are the Iptable rules required for port forwarding xxx.xxx.xxx.xxx:8888 to 192.168.0.2:80
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
–dport 8888 -j DNAT –to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 –dport 80 -j ACCEPT
# iptables -t nat -L
Here rdp 75.144.218.185:13389 will forward to 192.168.1.5 port 3389 here 3389 is rdp port
/etc/sysconfig/iptables
-A PREROUTING -d 75.144.218.185 -i eth1 -p tcp -m tcp –dport 13389 -j DNAT –to-destination 192.168.1.5:3389
-A PREROUTING -d 75.144.218.185 -i eth1 -p tcp -m tcp –dport 80 -j DNAT –to-destination 192.168.1.5:8
Posted by at No comments:

Howto disable the iptables firewall in Linux

Task: Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following two commands (you must login as the root user):
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Task: Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following command to turn on iptables firewall:
# /etc/init.d/iptables start

Other Linux distribution

If you are using other Linux distribution such as Debian / Ubuntu / Suse Linux etc, try following generic procedure.
Save firewall rules
# iptables-save > /root/firewall.rules
OR
$ sudo iptables-save > /root/firewall.rules
Now type the following commands (login as root):
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
To restore or turn on firewall type the following command:
# iptables-restore < /root/firewall.rules
Posted by at No comments:

Saturday, July 2, 2011

ext4 Linux File System

ext4 Linux File System
The ext4 filesystem has more features and generally better performance than ext3, which is showing its age in the Linux filesystem world.
Features include:
Delayed allocation & mballoc allocator for better on-disk allocation
* Sub-second timestamps
* Space preallocation
* Journal checksumming
* Large (>2T) file support
* Large (>16T) filesystem support
* Defragmentation support
Posted by at No comments:
Subscribe to: Posts (Atom)