Adding swap space Ref : http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/custom-guide/s1-swap-adding.html
Determine the size of the new swap file and multiple by 1024 to determine the block size. For example, the block size of a 64 MB swap file is 65536.
At a shell prompt as root, type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1024 count=65536
Setup the swap file with the command:
mkswap /swapfile
To enable the swap file immediately but not automatically at boot time:
swapon /swapfile
To enable it at boot time, edit /etc/fstab to include:
/swapfile swap swap defaults 0 0
The next time the system boots, it will enable the new swap file.
After adding the new swap file and enabling it, make sure it is enabled by viewing the output of the command cat /proc/swaps or free.
Regenerate a new initrd ramdisk img
1) mkinitrd --with=xennet --preload=xenblk /boot/initrd-`uname -r`-xenblk.img `uname -r`
2) cd /boot
3) rm initrd-2.6-xen.img && ln -s initrd-2.6.18-164.15.1.el5xen-xenblk.img initrd-2.6-xen.img
Open VPN : Ref : http://openvpn.net/index.php/open-source/documentation/howto.html
Email alert for root login
1. Login to your server and su to root, I know the irony!
2. cd /root
3. pico .bashrc
4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address
5. Crtl + X then Y
Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.
Redirect rule (domain to domain) Ref: http://www.isitebuild.com/301-redirect.htm
RewriteRule ^(.*)\.html$ http://newdomain.com/$1.html [R=301,L] //^(.*)\.html$ means all .html files in corrent directory//
(or)
redirect 301 /old/old.htm http://www.you.com/new.htm
Open DNS Ref : http://www.eth0.us/node/114
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
Disable direct root login Ref : http://www.eth0.us/ssh-direct-login
First open up the ssh config: >>nano /etc/ssh/sshd_config >> PermitRootLogin >>You will want to set it to either PermitRootLogin no or PermitRootLogin without-password. Once done simply save and restart sshd service sshd restart
To disable ping
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
To enable ping
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Add range of ips Ref: http://www.eukhost.com/forums/f30/bind-range-ips-manually-linux-server-6323/
/etc/sysconfig/network-scripts/ifcfg-eth0-range
Here IP range starts from 192.168.5.10 upto 192.168.5.30 .
Add following lines in ifcfg-eth0-rangeIPADDR_START=192.168.5.10IPADDR_END=192.168.5.30CLONENUM_START=1# /etc/init.d/network restartServer speed check commands
ethtool eth0 (Speed: 100Mb/s Duplex: Full) else (It will show 10MB/s Duplex: Half)
mii-tool
Command to check the port status of a remote domain
--------------------------------------------------------------------------------
nmap -sT mydomain.com
Multiple SSH keys for password less login Ref: http://www.cyberciti.biz/tips/linux-multiple-ssh-key-based-authentication.html
1. ssh-keygen -t rsa // It eill generate new key at ~/.ssh/id_rsa.pub
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. upload authorized_keys to remote server // scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/
(OR)
Copy authorized_keys to remote server at .ssh/authorized_keys
http://ezvz.blogspot.com/
wget -m http://www.tldp.org/HOWTO/Serial-Programming-HOWTO/
wget -H -r --level=1 -k -p http://www.tldp.org/HOWTO/Serial-Programming-HOWTO/
See the usage of the user in all partitions.
quota -v <username>
Can see the files used by the user in /usr // 637 is user ID
find /usr -user 637
To see opened ports
--------------------------
nmap -T4 -P0 208.89.209.6
Dag location
----------------------
http://dag.wieers.com/rpm/packages/rpmforge-release/
Update NTP date
ntpdate pool.ntp.org
crontab -e
0 2 * * * /usr/sbin/ntpdate pool.ntp.org
FSTAB
Format:
Label Mount point file system mount option dump value file system check
Example:
proc /proc proc defaults 0 0
Label
---------
It list the device to be mounted
Mount point
---------------------
It list the directory location in which the device to be mounted
File system
-------------------
Describe the file system type. Valied file system types are ext, ext2, ext3, nfs, swap, vfat, proc (etc)
Mount option
---------------------
default : The default mount has allow the following permission to the device (rw, suid, dev, exec, auto, nouser and async )
rw: mount the file system with read write permission
suid : Allow setuid or setgid gid permission on program on the file system
sync : Read and write are done at the same speed on the file system
nouser : Allow non root user to mount the file system by default
noexec:
nosuid:
nodev
Dump value
---------------------
Either '0' or '1'
'1' means the data is automatically saved to disk by the dump (8) command when we exit linux
File system check
----------------------------
Determin the order file system are checked by fsck (8) during the boot process.
the value should be set '1' for root directory and '2' for other local file stystems.
Removable file system such as /mnt/cdrom should be set to '0' which means that they are not checked during the linux boot process
Split file using tar command
tar -xM -f split.tar
========================================================
tar -cvj large-file | split -b 1000m -d - "small-files.tar.bz."
(This command will compress and split the “large-file” to many files
with size 1000mb for each)
cat small-files.tar.bz.* > large-file.tar.bz
(To join the files together again)
tar -xvj large-file.tar.bz
(and to extract the output file)
========================================================
Increase the size of /tmp
umount /tmp
umount /var/tmp
dd if=/dev/zero of=/usr/tmpDSK bs=1024M count=10
mkfs.ext3 /usr/tmpDSK
#press 'y' when prompted
mount -o loop,rw,noexec,nosuid /usr/tmpDSK /tmp
mount -o bind,rw,noexec,nosuid /tmp /var/tmp
-----------------------
service chkservd stop
service httpd stop
service mysql stop
service postgresql stop
lsof | grep /tmp
kill the process
umount /var/tmp
umount /tmp
dd if=/dev/zero of=/home/swapfile_do_not_delete bs=1024M count=10
mkfs.ext3 /home/swapfile_do_not_delete
file /home/swapfile_do_not_delete
rm -f /usr/tmpDSK
ln -s /home/swapfile_do_not_delete /usr/tmpDSK
vi /etc/fstab // add /tmp entry
mount -a
(or)
mount -o loop,noexec,nosuid /home/swapfile_do_not_delete /tmp
service mysql restart
service httpd start
-----------------------
Increasing size of / (or) Converting existing root filesystem to LVM
http://voofie.com/content/13/converting-existing-root-filesystem-to-lvm-in-debian/
Deny access to the url containing "project.php?zoneid=31325" like contents
Add the following directive in httpd.conf
<LocationMatch /project.php?zoneid=31325>
Order deny,allow
deny from all
</LocationMatch>
Permission
suid : change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed. (Value 4)
setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).
Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.
Apache opti
----------------------
MaxClients : Number of concurrent connection
MainSpareServers : Minimum numder of unused child process
MaxSpareServers : Maximum numder of unused child process
Startservers : Number of child processes at the startup
MaxRequestPerChild : Numberof request from child servers before child is killed
KeepAlive : Long lived http session which allow multiple request to be send from the same TCP connection
Timeout : The amount of time the Apache will wait for three things (Take to receive GET request, TCP packets to POST to PUT request, )
Apache Time-wait FIN-wait checking
====================================
netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c
root@server [~]# netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c
2 CLOSE_WAIT
2 CLOSING
182 ESTABLISHED
3 FIN_WAIT1
29 FIN_WAIT2
5 LAST_ACK
43 LISTEN
5 SYN_RECV
414 TIME_WAIT
kill all processes listening on a particular port, e.g. port 80
# kill -9 $( lsof -i:80 -t )
Password protect a directory in website:
Create a .htaccess file inside the folder and add rules like below
AuthType Basic
AuthName "foldername"
AuthUserFile "/home/username/.htpasswds/tmp/webalizer/passwd"
require valid-user
Then create the password file in specified location and create encrypted htpassword using the URL : http://www.htaccesstools.com/htpasswd-generator/
and paste it on the password file.