Pages

Tuesday, February 24, 2015

Linux Broadband connection setup or ADSL or pppoe connection setup


Linux Broadband connection setup or ADSL or pppoe connection setup
===================================================

yum install rp-pppoe

Disable Selinux

root# vi /etc/sysconfig/selinux/config

SELINUX=disabled
and

root# adsl-setup

and
follow instructions

LOGIN NAME

Enter your Login Name (default root): abc

INTERFACE

Enter the Ethernet interface connected to the PPPoE modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You may have some problems with demand-activated links.
Enter the demand value (default no):


DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: 8.8.8.8

Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
Enter the secondary DNS server address here: 4.2.2.2

PASSWORD

Please enter your Password:
Please re-enter your Password:

USERCTRL

Please enter 'yes' (three letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): no

FIREWALLING

Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself.  Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules.  You are responsible
          for ensuring the security of your machine.  You are STRONGLY
          recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
                for a LAN
Choose a type of firewall (0-2): 0


Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):

** Summary of what you entered **

Ethernet Interface: eth0
User name:          abc
Activate-on-demand: No
Primary DNS:        8.8.8.8
Secondary DNS:      4.2.2.2
Firewalling:        NONE
User Control:       no
Accept these settings and adjust configuration files (y/n)? y



#### /sbin/ifup ppp0


## ifconfig 
## ifconfig ppp0


################################## By Tayab Khan ########################



Tuesday, February 17, 2015

Linux rescue tools for recovering Linux



When you're dealing with a system that won't boot, you need a robust and dependable recovery tool. Here are a few Linux tools that might save the day.

1: Knoppix

[UPDATE: New link] Knoppix is one of the better tools for rescuing data from sick machines. It's a full-blown live Linux distribution with a strong, user-friendly GUI that will allow you to easily mount a drive and then copy the data (which you will locate in an easy-to-use file manager) to an external source. Of course, Knoppix comes with the full arsenal of Linux commands, which place just about everything you need at your fingertips.

2: Trinity Rescue Kit

Trinity Rescue Kit might leave you wondering, "Why isn't this tool being developed faster and on a larger scale? Although TRK is rather slow to develop, what it offers is just short of amazing. Place it on a USB drive, boot your virus-laden machine, and scan the mounted drives with clamav, antivir, bitdefender, and more. This tool is all command line, so you might have to bone up on your commands to really make use of it.

3: Avira AntiVir

Avira AntiVir is a command-line antivirus tool that is fast, robust, and dependable. There is a GUI tool, but installing it is almost more trouble than it's worth. (It requires Java.) Installing AntiVir on Linux isn't the easiest of tasks, but it's certainly no kernel compilation.

4: GParted Live

GParted Live is a live Linux distribution that allows you to manipulate partitions on a drive. It supports numerous file systems and lets you can resize, create, and delete, partitions. You can run GParted Live from a CD or a USB drive, so it's very portable.

5: SystemRescueCd

SystemRescueCd is another live Linux rescue CD that offers numerous tools to handle numerous tasks, including partition manipulation, file recovery, hard disk testing, ftp, and disk formatting. As with most live Linux distributions, you can place SystemRescueCd on either or CD or USB drive, and it offers an easy-to-use GUI and plenty of tools.
6: Ubuntu Rescue Remix

Ubuntu Rescue Remix is quickly becoming one of my favorite data recovery tools. Like all good live Linux CD tools, it includes an outstanding GUI (it is Ubuntu after all) that can help you handle tasks other tools can't handle. You can recover and rescue Mac files/filesystems, recover data from nonstandard external drives, recover deleted files, and more. The one thing URR is missing is antivirus tools. But, since this is a Linux rescue disc, once installed, you can simply add the tools you need to your USB live CD.

7: F-Secure Rescue CD

F-Secure Rescue CD is based on Knoppix and allows you to check the integrity of your installed applications. It also allows advanced data repair and recovery, as well as recovery from that ever-dreaded malware!

8: Ddrescue

Ddrescue is a Linux tool designed to copy data from one file block device to another. This tool will aid you in rescuing data when your drive is suffering from read errors. Unlike many of the tools on this list, Ddrescue is not a live distribution but a tool you will use on a running Linux machine. So to rescue data, you will have to attach that troubled disk to the working Linux machine.

9: Safecopy

Safecopy is similar to ddrescue, allowing you to copy files from a disk suffering from I/O errors. It also includes a tool that allows you to read data from CDs in raw mode, as well as issue device resets and simulate bad media for testing and benchmarking.

10: Linux rescue mode

This is the only entry on the list that isn't a downloadable tool. Linux rescue mode is a mode booted with the help of a Linux boot CD, allowing you to repair a broken system. From rescue mode, you can recover a root password, repair or reinstall the boot loader, and more. When you boot into rescue mode, it will typically mount your installed system into /mnt/sysimage, where you can take care of any business necessary.

(from http://www.techrepublic.com/blog/10-things/10-linux-rescue-tools-for-recovering-linux-windows-or-mac-machines/)

Monday, February 16, 2015

Using MongoDB in Linux


Using MongoDB in Linux
----------------------------------
 MongoDB is free, open-source Database software. MongoDB (from humongous) is a cross-platform document-oriented database. Classified as a NoSQL database, MongoDB eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas (MongoDB calls the format BSON), making the integration of data in certain types of applications easier and faster.



Use can use MongoDB when.....................

Expect a High Write Load
Need High Availability in an Unreliable Environment (Cloud and Real Life)
Need to Grow Big (and Shard Your Data)
Data is Location Based
Data Set is Going to be Big (starting from 1GB) and Schema is Not Stable
Don't have a DBA

---------------------


## Java is needed for mongodb. Install this by YUM

yum install mongodb
yum install mongodb-server
yum install java

## Start and check This service


 /etc/init.d/mongod start
 /etc/init.d/mongod status

## To login type:
mongo


show dbs

use test

help

### Create Database

If you want to create a database with name <tayabdb>,
then use DATABASE statement would be as follows:

use tayabdb

## To display database you need to insert atleast one document into it.

db.tayabdb.insert({"khan":"tutorials point"})

show dbs






Thursday, February 12, 2015

IPTABLES in Linux

Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network packet.
Iptables Config File: The default config files for RHEL / CentOS / Fedora Linux are: /etc/sysconfig/iptables - The system scripts that activate the firewall by reading this file.
Understanding Firewall : There are total 4 chains:
INPUT - The default chain is used for packets addressed to the system. Use this to open or close incoming ports (such as 80,25, and 110 etc) and ip addresses / subnet (such as 202.54.1.20/29).
OUTPUT - The default chain is used when packets are generating from the system. Use this open or close outgoing ports and ip addresses / subnets.
FORWARD - The default chains is used when packets send through another interface. Usually used when you setup Linux as router. For example, eth0 connected to ADSL/Cable modem and eth1 is connected to local LAN. Use FORWARD chain to send and receive traffic from LAN to the Internet.
RH-Firewall-1-INPUT - This is a user-defined custom chain. It is used by the INPUT, OUTPUT and FORWARD chains.
Packet Matching Rules
Each packet starts at the first rule in the chain .
A packet proceeds until it matches a rule.
If a match found, then control will jump to the specified target (such as REJECT, ACCEPT, DROP).
Target Meanings
The target ACCEPT means allow packet.
The target REJECT means to drop the packet and send an error message to remote host.
The target DROP means drop the packet and do not send an error message to remote host or sending host

/etc/sysconfig/iptables

Edit /etc/sysconfig/iptables, enter:
# vi /etc/sysconfig/iptables

# start the firewall      service iptables start
# restart the firewall   service iptables restart
# stop the firewall       service iptables stop

# yum install iptables
#To see iptables rules   #iptables -L
# Save iptables                #service iptables save
            Saving firewall rules to /etc/sysconfig/iptables:  


Assume our server IP: 192.168.50.2


#For Mail incoming, outgoing and Web Server firewall
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p udp --dport 25 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p udp --dport 143 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p udp --dport 110 -j ACCEPT



# For  ssh and telnet permission
iptables -A INPUT -s 192.168.50.5/32 -d 192.168.50.2/32 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.50.0/24 -d 192.168.50.2/32 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.50.2/32 -p tcp --dport 22 -j ACCEPT


Enable Printing Access For 192.168.1.0/24

-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT

## Block access to port 80 ##
iptables -A INPUT -s 202.54.1.1 -p tcp --dport 80 -j DROP
iptables -A INPUT -s 202.54.1.2/29 -p tcp --dport 80 -j DROP
 
## block and drop access to port 443 (secure apache web-server)
iptables -A INPUT -s 202.54.1.1 -p tcp --dport 443 -j DROP
iptables -A INPUT -s 202.54.1.2/29 -p tcp --dport 443 -j DROP
 
## save newly added firewall rules ##
/sbin/service iptables save
 
## verify new firewall settings 
/sbin/iptables -L -n -v
/sbin/iptables -L INPUT -n -v | grep 202.54.1.1

Range of Port allow
iptables -A INPUT -p tcp –dport 20:21 -j ACCEPT
#Passive FTP Ports Maybe:
#(Again, specifying ports 50000 through 50050 in one rule
iptables -A INPUT -p tcp –dport 50000:50050 -j ACCEPT

ICMP  Allow Deny
The Internet Control Message Protocol (ICMP) has many messages that are identified by a "type" field. You need to use 0 and 8 ICMP code types. Zero (0) is for echo-reply   and  Eight (8) is for echo-request.
Disable outgoing ICMP request:
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
OR   iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

Enable or allow ICMP ping incoming client request
SERVER_IP="192.168.50.2"
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $SERVER_IP -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow or enable outgoing ping request
SERVER_IP="192.168.50.2"
iptables -A OUTPUT -p icmp --icmp-type 8 -s $SERVER_IP -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $SERVER_IP -m state --state ESTABLISHED,RELATED -j ACCEPT

or
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP
iptables -A INPUT -s 192.168.50.10 -p ICMP --icmp-type 8 -j ACCEPT


# Translate local users (10.9.255.0/24) to pulic address (eth1=WAN)
iptables -t nat --a POSTROUTING -s 10.9.255.0/24 -o eth1 -j MASQUERADE

Tuesday, February 10, 2015

Mikrotik backup restore export import individual modules/configurations


Mikrotik backup restore export import individual modules

We can export any of our individual configurations and also can restore to other device

Here I export firewall filter, address list, arp, dhcp lease etc...

ip firewall filter export file=filter-rules
ip firewall address-list export file=addresslist
ip arp export file=arplist

ip dhcp-server lease export file=dhcp-lease-all


Now click the "Files" tab of Mikrotik

Now click Copy and Paste to your Desktop or Desired Local Drive


Restore
======
Login to other Mikrotik and  Click Files
Copy files from your Local Drive and Pase here

Select the File and Click Restore Button


==============================================

Sunday, February 8, 2015

Cacti mrtg Empty or Blank Grpah problem solved



Cacti mrtg Empty or Blank Grpah problem
=======================================


cd /var/www/html/
chown -R apache:apache cacti
cd cacti


php /var/www/html/cacti/poller.php

ls -la rra
see file modification date time updated or not..



vi /etc/cron.d/cacti
PUT # MARK TO DISABLE THIS CORN JOB


crontab -e
*/1* * * *    php /var/www/html/cacti/poller.php &>/dev/null


Checck  vi /etc/php.ini
date.timezone = Asia/Dhaka


Also set  snmp version 1 for all devices at graph web console


=================================================

Graph Pool Time edit
---------------------------
Goto Web ->Console->Settings->Poller

Poller Interval ===== Every Minutes
Cron Interval ===== Every Minutes

After changing time interval always rebuild pooler cache by bellow command

php  /var/www/html/cacti/cli/rebuild_poller_cache.php


***
Check firewall:  iptables and hosts.allow and hosts.deny files either snmpd on or off
and also telnet snmp port to ensure services are open.
vi /etc/hosts.allow
snmpd:ALL
service iptables stop
 
===================== if any problem mail me:: royalmcuc@yahoo.com =====

Tuesday, February 3, 2015

CISCO two differnet VLAN access from two differnet port in same switch / CDP Native VLAN mismatch


CISCO two differnet VLAN access from two differnet port in same switch and CDP Native VLAN mismatch problem
------------------------------------------------------------------------------------------

Suppose I have a VLAN 50 declared from my network connected by trunk GigabitEthernet0/1
and
another Vendors  VALN 60 declared from vendor  connected by trunk GigabitEthernet0/2

Now I want to access  VLAN 50 with VLAN 60 with the same switch  two port fa0/20 and fa0/21


interface GigabitEthernet0/1
 description From-My-Switch
 switchport trunk allowed vlan 50
 switchport mode trunk
!
interface GigabitEthernet0/2
 description With-Other-Vendor
 switchport trunk allowed vlan 60
 switchport mode trunk
!


interface FastEthernet0/20
 description My-VLAN
 switchport access vlan 50
 switchport mode access
!
interface FastEthernet0/21
 description Vendor-Data-VLAN
 switchport access vlan 60
 switchport mode access
!

-----------------------------------
Now  if we montor terminal by
Switch# terminal monitor 
then some error may found like bellow

1w0d: %CDP-4-NATIVE_VLAN_MISMATCH: 
Native VLAN mismatch discovered on FastEthernet0/21 (60), with Switch FastEthernet0/20 (50).

----------------
Switch-tayab# conf t 
Switch-tayab (config)# no cdp run
Switch-tayab (config)#exit
Switch-tayab# wri
----------------------------------------------------------------------
  
--------------------------------------------------------------------------------------------------