Pages

Thursday, November 21, 2013

Linux shadow file and passwd file problem solution


=====================Problem=========================================
=====================================================================
If passwd and shadow file problem in linux that is not doing edit, delete or write.
If shows "passwd: Authentication token manipulation error"
If  # chmod 755 shadow
chmod: changing permissions of `shadow': Operation not permitted
If
adduser khan
adduser: cannot open shadow password file

============================================================
===================== Solutions by Tayab Khan ==============
============================================================
# lsattr /etc/passwd
# chattr -i /etc/passwd
# lsattr /etc/shadow
-----a------- /etc/shadow
# chattr -a /etc/shadow
# chattr -i /etc/shadow
# lsattr /etc/shadow
------------- /etc/shadow
# lsattr /etc/passwd
------------- /etc/passwd

Now adduser, change passwords and edit anything is shadow file
=============================================================

Wednesday, November 20, 2013

Logwatch in Linux for MAIL WEB and Auth Logs

Centos Logwatch configuration

============Tayab Khan=======

## yum install mailx perl perl-Module-Pluggable perl-Pod-Escapes perl-Pod-Simple perl-YAML-Syck perl-libs perl-version
## yum install logwatch
## cd /usr/share/logwatch/defaults.conf/services
## vi zz-disk_space.conf
## Uncomment the lines as shown:

#New disk report options
#Uncomment this to show the home directory sizes
$show_home_dir_sizes = 1
$home_dir = "/home"

#Uncomment this to show the mail spool size
$show_mail_dir_sizes = 1
$mail_dir = "/var/spool/mail"

#Uncomment this to show the system directory sizes /opt /usr/ /var/log
$show_disk_usage = 1


## vi http.conf
# Set flag to 1 to enable ignore
# or set to 0 to disable
$HTTP_IGNORE_ERROR_HACKS = 1

## vi  /usr/share/logwatch/defaults.conf/logwatch.conf
Change MailTo = to an email address as desired:

# Default person to mail reports to.  Can be a local account or a
# complete email address.  Variable Print should be set to No to
# enable mail feature.
#MailTo = root
MailTo = royalmcuc@yahoo.com

## After completed, we may run logwatch manually at the command line with no options to test:

# logwatch
and check email.



## add a crontab that will run command logwatch that will run everyday 08:30am

crontab -e
30 08 * * * logwatch
/etc/init.d/crond restart

######### Tayab Khan ##########

Saturday, November 16, 2013

Apache Tomcat Installtaion


Apache Tomcat Installtaion

http://xmodulo.com/2013/02/how-to-install-apache-tomcat-on-centos.html
/etc/init.d/httpd stop
chkconfig httpd off

###Install Java jdk
yum install java-1.6.0-openjdk-devel -y

####set up JAVA_HOME environment variable.
sh -c 'echo export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk > /etc/profile.d/java.sh'

source /etc/profile.d/java.sh

####Now download Apache Tomcat, and install it
cd /usr
wget http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz
tar -zxvf  apache-tomcat-7.0.40.tar.gz

###Then set up a necessary environment variable as follows.
sh -c 'echo export CATALINA_HOME=/usr/apache-tomcat-7.0.40 > /etc/profile.d/tomcat.sh'
source /etc/profile.d/tomcat.sh

###Now start apache tomcat for first time
$CATALINA_HOME/bin/startup.sh

netstat -ntpl | grep java
service iptables stop or allow ports
###### Browse: http://203.190.8.2:8080

To stop and start the servicer tomcat
 $CATALINA_HOME/bin/shutdown.sh
 $CATALINA_HOME/bin/startup.sh


### to use server status, manager apps, host manager username and password

vi /usr/apache-tomcat-7.0.40/conf/tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>

<tomcat-users>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="admin" roles="admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status"/>
</tomcat-users>


save and restart tomcat by
 $CATALINA_HOME/bin/shutdown.sh
 $CATALINA_HOME/bin/startup.sh


Change 8080 port to 80 port
  vi /usr/apache-tomcat-7.0.40/conf/server.xml
<Connector port="8080"  change to 80  and restart

## Default Page will be in
/usr/apache-tomcat-7.0.40/webapps/ROOT/index.
## If virtual hosts more than one
/usr/apache-tomcat-7.0.40/webapps
mkdir khan
cd khan
vi index.html
now browse: http://203.190.8.2/khan

#### Adding Virtual Host Entries
vi /usr/apache-tomcat-7.0.40/conf/server.xml
<Host name="khan1.com" debug="0" appBase="webapps" unpackWARs="true">
<Alias>m1.daffodinet.com</Alias>
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log1." suffix=".log" timestamp="true"/>
<Context path="" docBase="/usr/apache-tomcat-7.0.40/webapps/khan" debug="0" reloadable="true"/>
</Host>

<Host name="khan2.com" debug="0" appBase="webapps" unpackWARs="true">
<Alias>m2.daffodilnet.com</Alias>
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log2." suffix=".log" timestamp="true"/>
<Context path="" docBase="/usr/apache-tomcat-7.0.40/webapps/khan2" debug="0" reloadable="true"/>
</Host>



http://en.youscribe.com/catalogue/manuals-and-practical-information-sheets/knowledge/others/jakarta-tomcat-4-and-5-configuration-and-usage-tutorial-211394
-- 
Tayab Khan

Thursday, November 14, 2013

PHP Worning/ Memory Problem in Web Server


Problem: 
PHP Warning: require_once(): 
Unable to allocate memory for pool

Solution:
running Apache 2.2.15 + PHP 5.3.3 + APC php-pecl-apc-3.1.9 on CentOS / RHEL 6.4.

# vi /etc/php.d/apc.ini
; increased to 128M from 64M
apc.shm_size=128M
Don’t forget reboot the apache to apply changes:

# service httpd restart
If you would like to find out your APC memory usage and hit ratio:

# cp /usr/share/php-pecl-apc/apc.php /var/www/html
Edit /var/www/html/apc.php and set the admin password :
defaults('ADMIN_PASSWORD','NEW-PASSWORD');
Save and close the file. Fire a web-browser and type the url:
http://your-server-ip/apc.php





Sunday, November 10, 2013

CISCO router switch privilege levels / user command restrictions

*** We want to do one user will login my router/switch and can do some allowed commands 


Cisco IOS actually offers 16 different privilege levels(0-15), 15 is the full controll
User EXEC mode—privilege level 1
Privileged EXEC mode—privilege level 15
When we write enable it will directly go to privilege level 15

** We want to do one user will login my router/switch and can do some allowed commands

==================
enable
enablepassword
conf t
enable secret level 8 switchenablepassword
privilege interface level 8 shutdown
privilege interface level 8 ip address
privilege interface level 8 ip
privilege interface level 8 bandwidth
privilege configure level 8 interface
privilege exec level 8 conf terminal
privilege exec level 8 show startup-configuration
privilege exec level 8 show startup-config
privilege exec level 8 config interface
privilege exec level 8 configure
privilege exec level 8 interface
privilege exec level 8 show running-config
privilege exec level 8 show
privilege exec level 8 write
privilege exec level 8 copy running-config startup-config
exit
wri
===============

when user enter to switch, he will enter "enable 8" and password will be 'switchenablepassword'