Monthly Archives: August 2009

Manage Directory Size On Linux – Total Number Of Files

Display or list total number of files on a current directory with users in Linux

It would good to manage the directory size on Linux to make all the applications and system to work smoothly with a good performance.Manage directory size on Linux is easier with a set of commands.

Ina small condition, suppose we have a common share on company and all people on the organization have access/write to the share. At a point Administrator need to see the users usage on the share and like to find out the file count per user or total file on the directory,directory size on Linux.

Use the following commands to manage directory size on Linux,

Both commands displays the total count of the files created by each user.

# find /home -type f -printf “%un” | awk ‘{count[$0]++}END{for(i in count)print i, count[i]}’

Out Put :

root 9 melbin 7

# find /home -type f -print0 | xargs -0 stat -c %U | sort | uniq -c

Out Put:

7 melbin 9 root

We can also use a simple command to see the total count on the directory,

# ls -l /home | wc -l

Example:

6

# ls -la /home | wc -l (Display hidden files)

Example:

8

Command find the number of files in a directory, and it will send o/p as pipe to the wc -l, which outputs the number of lines in its input.

*Count will include “. (present) and ..(previous)” directory.

To Find – Directory/File Resource Usage,

# du -sh /home (Display Total Size)

Example:

456K /home/

# du -ah /home (Display Each Files Size)

Example:

4.0K /home/melbin/.mozilla/extensions

4.0K /home/melbin/.mozilla/plugins

Finding the Big Files

# find / -size +1000000c -ls (Display files having more that 1 million characters)

# find /home/melbin -size +1M (Display files having more than 1MB)

# find /home/melbin -size +1k (Display files having more than 1KB)

Example:

687458 4 drwx—— 5 melbin melbin 4096 Aug 29 07:37 /home/melbin/

687459 4 drwxr-xr-x 4 melbin melbin 4096 Nov 11 2008 /home/melbin/.mozilla

687460 4 drwxr-xr-x 2 melbin melbin 4096 Nov 11 2008 /home/melbin/.mozilla/extensions

To Find – Total Hardisk Usage,

# df -h (Display the Present Usage)

Example:

Filesystem Size Used Avail Use% Mounted on

/dev/sda11 37G 12G 24G 34% /

/dev/sda9 487M 43M 419M 10% /boot

tmpfs 502M 0 502M 0% /dev/shm

# df -hi (List Inode information instead of block usage)

Example:

Filesystem Inodes IUsed IFree IUse% Mounted on

/dev/sda11 9.6M 269K 9.3M 3% /

/dev/sda9 126K 73 126K 1% /boot

tmpfs 126K 1 126K 1% /dev/shm

Cheers !

Melbin Mathew

www.talk2melbin.com

Improvement On Internet Explorer 8 Compared To Internet Explorer 7

Internet Explorer 8

Internet Explorer 8 is more standards compliant than any earlier version of Internet Explorer. This means that pages you have written to standards will work better with Internet Explorer 8. Cross-browser compatibility is much easier because you don’t have to modify your pages as much to display on specific browsers.

Features

CSS Support

Internet Explorer 8 fully supports CSS 2.1 and more of CSS 3.

HTML and DOM Support

Internet Explorer 8 has improved support for HTML 4.01 and 5, also for DOM 2 and 3.

Compatibility

In terms of compatibility between Internet Explorer 7 and Internet Explorer 8, this area will cause you the most problems. Some objects you used with Internet Explorer 7 have changed to work according the various standards specifications. In other words, some methods, properties, and so on that worked in a non-standard way in Internet Explorer 7 now comply with standards in Internet Explorer 8.

Better AJAX Support

Internet Explorer 8 more easily supports backward navigation of page fragments. It provides better communication between pages, frames, sites, and domains.

Developer Tools Built In

You may have used downloaded and used the Internet Explorer Developer Tool bar.

Accelerators

You can make your Web services available to users as Accelerators. Users can add Accelerators to Internet Explorer 8 and use them anywhere they browse.

Web Slices

Like an RSS feed, you can set up portions of your Web pages that contain frequently updated information as Web Slices for your users.

Search Suggestions

Internet Explorer 8 has improved the search experience for end users. Many search engines offer search suggestions as users type.

Internet Explorer 7

Windows Internet Explorer 7 continues the ongoing Internet Explorer commitment to provide enhanced security and privacy, increased compatibility with industry standards, additional browser features, and improved usability for platform developers.

Building on the broad success of Microsoft Internet Explorer 6, Internet Explorer 7 focuses on three key areas:

RSS Feeds

Internet Explorer 7 RSS feeds help you access information quickly and directly on the Web, providing automatic discovery of new feeds on Web pages, basic Web feed reading ability, and basic support for saving Web feeds as favorites.

Microsoft Phishing Filter

Internet Explorer 7 includes functionality to protect users against phishing attacks from hostile sites.

Protected Mode

Windows Vista Protected Mode reduces the severity of threats to both Internet Explorer and extensions running in Internet Explorer by eliminating the ability to silently install malicious code through software vulnerabilities.

Secure Sockets Layer (SSL)

Internet Explorer 7 makes it easier to see if Web transactions are secured by SSL or Transport Layer Security (TLS). A security report icon now appears to the right of the address bar when you view a page using a Secure Hypertext Transfer Protocol (HTTPS) connection.

Microsoft ActiveX Opt

In Internet Explorer 7 disables all ActiveX controls that are not used in Internet Explorer 6.

Cascading Style Sheets (CSS) Updates

Internet Explorer 7 features improved CSS, Level 2 (CSS2) support for Selectors (first-child, adjacent, attribute, and child selectors) and Fixed Positioning.

Portable Network Graphics (PNG)

Internet Explorer 7 adds support for Alpha Channel Transparency to PNG, so that Web designers can implement advanced overlays and innovative graphical designs.

XMLHTTP Native Support

Internet Explorer 7 implements a version of XMLHTTP that is a native scriptable object instead of an object. Users can now have ActiveX controls switched off and still maintain a client-side connection with a server.

Internationalized Domain Name (IDN)

Internet Explorer 7 includes complete support for RFC-3490 on Internationalizing Domain Names in Applications (IDNA) World Wide Web link in all browser functions.

Tabbed Browsing

Internet Explorer 7 uses tabs to organize and manage groups of Web pages. Users can select an individual page or a group of pages (a tab group) to open as their home page.

HTML 4.01 Support

Internet Explorer 7 recognizes the ABBR tag from HTML 4.01.

Select Element

The Select control is now a windowless control. This change enables z-order and zoom to work correctly.

Cheers!

Melbin Mathew

www.talk2melbin.com

Powerdns installation with Mysql backend and Poweradmin webcontrol panel – Dns Server

Purpose Of Dns

The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, www.talk2melbin.com translates to 69.65.3.173. The name resolution (Dns service) is provided with the help of Dns Servers.

Here we are explaining to setup PowerDns with Mysql backend, this is one popular Dns Server used right now. The web interface tool will help us to easily configure the Dns entires eg: A entry, MX entry ..

Installation And Configuration Of PowerDns

Check the installed packages,

# rpm -qa | grep mysql

# rpm -qa | grep http

# rpm -qa | grep php

Command will grep the total installed packages and find out whether mysql server, apache and php packages are installed on the Linux box.

*If the packages are installed skip the installation procedure and configure accordingly.

Configure Mysql Server

1. Install Mysql Server and it’s components. Here we are using ‘yum’ command for installation.

# yum install mysql mysql-devel mysql-server

2. Edit the my.cnf file.

# vi /etc/my.cnf

Comment the line if present,

#bind-address = 127.0.0.1

3. Start Mysql Server service

# /etc/init.d/mysqld start

4. Check the service

# netstat -tap | grep mysql

5. Secure mysql server with root password

#mysqladmin -u root password ‘secretpass’

6. Create Database and Tables for powerdns

a) Create Database,

Login into mysql

# mysql -u root -p

# CREATE DATABASE powerdns;

# GRANT ALL ON powerdns.* TO ‘pdnsadmin’@’%’ IDENTIFIED BY ‘pdnspassword';

# FLUSH PRIVILEGES;

b) Create Tables,

# USE powerdns;

# CREATE TABLE domains (

id INT auto_increment,

name VARCHAR(255) NOT NULL,

master VARCHAR(128) DEFAULT NULL,

last_check INT DEFAULT NULL,

type VARCHAR(6) NOT NULL,

notified_serial INT DEFAULT NULL,

account VARCHAR(40) DEFAULT NULL,

primary key (id)

);

# CREATE UNIQUE INDEX name_index ON domains(name);

# CREATE TABLE records (

id INT auto_increment,

domain_id INT DEFAULT NULL,

name VARCHAR(255) DEFAULT NULL,

type VARCHAR(6) DEFAULT NULL,

content VARCHAR(255) DEFAULT NULL,

ttl INT DEFAULT NULL,

prio INT DEFAULT NULL,

change_date INT DEFAULT NULL,

primary key(id)

);

# CREATE INDEX rec_name_index ON records(name);

# CREATE INDEX nametype_index ON records(name,type);

# CREATE INDEX domain_id ON records(domain_id);

# CREATE TABLE supermasters (

ip VARCHAR(25) NOT NULL,

nameserver VARCHAR(255) NOT NULL,

account VARCHAR(40) DEFAULT NULL

);

# quit;

Install and Configure PowerDns package

1. Install PowerDns package using ‘yum’

# yum install -y pdns pdns-backend-mysql

2. Configure powerdns with mysql

# vi /etc/pdns/pdns.conf

Edit/Add the file with,

launch=gmysql

gmysql-host=127.0.0.1

gmysql-user=pdnsadmin

gmysql-password=pdnspassword

gmysql-dbname=powerdns

3. Set powerdns recursion

powerdns recursion

Add the name servers line by line,

recursion=primarynameserverip

recursion=secondarynameserverip

4. Start pdns service

# /etc/init.d/pdns restart

Install, Configure Apache and php

1. Install the packages using ‘yum’

# yum install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext

# yum -y install php-pear-DB php-pear-MDB2-Driver-mysql

PowerAdmin Web Interface Setup

1. Go to poweradmin website and download the latest version,

https://www.poweradmin.org/trac/wiki/GettingPoweradmin

# cd /tmp

# wget https://www.poweradmin.org/download/poweradmin-2.1.3.tgz (Get the latest version)

2. Extract the poweradmin tgz

# tar xvfz poweradmin-2.1.3.tgz

3. Move it to Apache document root (you can also create a separate vhost entry under apache to increase the security)

# mv poweradmin-2.1.3 /var/www/html/pdns

# touch /var/www/html/pdns/inc/config.inc.php

# chown -R apache:apache /var/www/html/pdns

4. Open the pdns on browser and access the installation directory,

Ex: http://192.168.0.9/pdns/install

PowerAdmin Installation Steps

Step 1. Select, I prefer to proceed in english

Step 2. Click, Go to step 3

Step 3.

a) Username – root (Fill the entry with root user of the mysql, dont use pdnsadmin user)

b) Password – secretpass (mysql server root password)

c) Hostname – localhost

d) Database – powerdns

e) Database Type – Mysql

f) Poweradmin password – pass (This is password for admin user, used to login poweradmin control panel)

Step 4.

a) Username – pdnsadmin

b) Password – pdnspassword

c) Hostmaster – admin@talk2melbin.com

d) Primary NS – ns1.talk2melbin.com

e) SecondaryNs- ns2.talk2melbin.com

Step 5. Click, Go to step 6

Step 6. Click, Go to step 7 (writing the values into /inc/config.inc.php)

Step 7. Configuration Finished (Note the login details)

Remove the install directory,

# rm -rf /var/www/html/pdns/install

Login into PowerDns and set up zone

1. Login into poweradmin

http;//192.168.0.9/pdns/

UserName – admin

Password – pass

2. Add Master zone by entering the doamin name ‘talk2melbin.com’ and ip address.

*Uncheck create zone without applying records-template.Poweradmin will automatically create some NS, A (e.g. www) and MX records for the zone

*Add dns entries according to the need.

3. Test Name server using ‘dig’ and ‘hostname’ commands

* If firewall is applied, open the 53 Dns port.

* In case of error check ‘tail -f /var/log/messages’.

Port Forwarding Using Iptables and Apf -Access internal network using public ip address

In an organistaion some times we need to expose some of the internal services to the outer world.If the System Administrator need to access the remote windows machine ,vnc etc .. from the outer network what we will do? Port forwarding is best option to bypass the gateway. Ensure the security setting while forwarding the port address.

Public ip address is configured on the gateway and is set as nat routing. Nat routing help internal users to access the outer world. Internal user request (eg ; http , ftp ,port address)will send to the gateway and from gateway it is send to ‘www’.

Outer world can only access the internal network using the help of System Administrator. He create wise routing rules on the gateway to make access to outer world with out compromising  security of the internal network, server, etc.. .

Here i am going explaining the port forwarding using iptable commands, expose an internal windows remote to outside gateway.

The command used to port forward the request from public to internal as follows,

# iptables -t nat -A PREROUTING -d <public ip of the gateway> -p tcp -m tcp –dport 9519 -j DNAT –to-destination 192.168.0.250:3389

This iptable rule is so set, that when some one Wan network ‘www’ request the microsoft remote desktop via <public ip>:9519 port, requested port is forwarded  to the internal windows machine remote desktop port, which is set on static ip address 192.168.0.250

The port number 3389 along with the 192.168.0.250 is the access port address of internal microsoft remote desktop machine. On the similar way we can also configure  other services.

In the case of vnc, configure the internal machine with a static ip address and vnc server. Start  vnc server service on the internal machine. By default port number of the vnc would be 5900.

# iptables -t nat -A PREROUTING -d <public ip of the gateway> -p tcp -m tcp –dport 9520 -j DNAT –to-destination 192.168.0.251:5900

This iptable rule will forward the vncviewer port request from the public ip address to the internal vnc server machine port.

Make sure to give a good secure password to prevent the machine from hacking.

Using Apf

1. Edit the file inside the apf installation directory,

# vi /etc/apf/preroute.rules

Add the same iptables rule into the file and reload the apf. Make changes to the iptables port forwarding rule according to your need.

2. Reload the apf to make the port forwarding rule to make effective.

# apf -r

Virus Protection Tips – Prevent Virus Infections On Windows Machines

Virus Protection Tips – Prevent Virus Infections On Windows Machines

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer.

Machines which have infected with virus will shows slow repsonse to applications. It will created security issues like sending our data to another network. Sending data like credit card details to other network will help the hacker to withdraw all the balance from our accounts.

Here i like to share some tips to prevent virus infection on windows machine.

1. Install the machine with fresh Operating System. Installation should be done using the original windows cd. Copied OS cd might contain infected files. Burning cd from virus infected machines will also cause infection.

2. Once the machine is newly installed, update the OS with the latest service packs and packages. This will help us to keep the virus and security holes away from the computer.

3. Alway keep the Firewall on. This block external attacks.

4. Install the OS with a good Antivirus Software. Cracked Anti virus software will not help much, instead it will cause issue.

5. Update the Anti virus software frequently and check the status. Run full scan on the system. If the anti virus software fail to update properly it will make us a headache. Checking on the updation date will help us to make sure the updation progress.

6. Create a simple user without any Administration privilege. Using the normal user will help to prevent unwanted installations or executions on the system.

7. Login into the normal user and work. If we need any installer to run use ‘Run As’ to install the application.

8. Keep clean the recycle bin and temp folder.

9. If you are not sure do not open any email attachments, they might have virus infection.

10. Don’t run on line scan from untrusted sites.

11. Don’t let untrusted installer to run from your machine.

12. Don not give your email password to any sites. This will cause spaming to your contacts.

13. Scan properly the usb devices before using.

14. Disabling the auto run facility will help to prevent the execution of virus from usb’s cd’s ..

Care full use of your machine will prevent from virus infections.

Oracle 11g Installation On Linux Centos 5.3 – With Oracle Startup Script And Common Errors

Complete Installation Of Oracle On Linux Machine Centos 5.3

Oracle Database 11g, building on Oracle’s unique ability to deliver Grid Computing, gives Oracle customers the agility to respond faster to changing business conditions, gain competitive advantage through technology innovation, and reduce costs.

With Oracle Database 11g you can:

* Adopt new technology faster with Real Application Testing

* Manage more data for less with advanced compression and partitioning

* Simplify systems by storing all your data in the Oracle Database with Oracle SecureFiles

* Maximize the ROI of disaster recovery resources with Oracle Active Data Guard

* Free critical personnel for strategic tasks with management automation

* And much, much more…

Deployment Of Oracle On Linux Machine

1. Installation on oracle on Linux machine require an updated Linux operating system.

Considering a fresh Operating system installed with centos 5.3.We have no more troubles on configuring oracle on a fresh machine.

Update the os with yum update.

# yum update -y

This command will help to update all the packages to the latest version.

* Select the Os according to the architecture (32bit and 64bit)

2. Once the machine is updated we need to install some more additional package that support oracle installation and its working. Packages details are follows,

Required package versions (or later):

* compat-libstdc++-33-3.2.3-61

* elfutils-libelf-0.125-3.el5

* elfutils-libelf-devel-0.125-3.el5

* glibc-2.5-12

* glibc-devel-2.5-12

* glibc-common-2.5-12

* gcc-4.1.1-52.el5

* gcc-c++-4.1.1-52.el5

* kernel-headers

* libgcc-4.1.1-52.el5

* libaio-0.3.106-3.2

* libaio-devel-0.3.106-3.2

* libstdc++-4.1.1-52.el5

* libstdc++-devel-4.1.1-52.el5

* unixODBC-2.2.11-7.1

* unixODBC-devel-2.2.11-7.1

* sysstat-7.0.0-3.el5

* binutils-2.17.50.0.6-2.el5

* make-3.81-1.1

If you’ve performed a “default RPMs” install as suggested by Oracle, there are still some required packages that must be installed:

* compat-libstdc++-33

* elfutils-libelf-devel

* glibc-devel-2.5

* gcc

* gcc-c++

* libaio-devel

* libstdc++-devel

* unixODBC

* unixODBC-devel

* sysstat

We are able to install this packages via yum utility

# yum install <packages> (try to locate the latest packages and install)

# yum search <package> (search help us to find the latest package on the reposiroty)

* I am not giving the full command for “yum install <Package Names>”, because some of them have updated one’s. I like you to install the updated one.

3. Download the oracle database package.

http://www.oracle.com/technology/software/products/database/index.html

Login into the site to download the package.

** Select the proper architecture otherwise the installation will stop on middle with error.

** Choose 64bit for 64bit machine and 32bit for 32bit machine.

4. Configure Limits

Edit /etc/security/limits.conf and add the following:

soft nproc 2047

hard nproc 16384

soft nofile 1024

hard nofile 65536

5. Configure Pam.d

Edit /etc/pam.d/login and add the following line:

session required /lib/security/pam_limits.so

6. Modify Kernel Parameters

Edit /etc/sysctl.conf change accordingly:

# Controls the maximum shared segment size, in bytes

#kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

#kernel.shmall = 4294967296

kernel.shmall = 2097152

kernel.shmmax = 536870912

kernel.shmmni = 4096

kernel.sem = 250 32000 100 128

fs.file-max = 6553600

net.ipv4.ip_local_port_range = 1024 65000

net.core.rmem_default=4194304

net.core.wmem_default=262144

net.core.rmem_max=4194304

net.core.wmem_max=262144

7. Run Command To Modify Kernel Parameters

# sysctl -p

Command displays the kernel parameters set on display. On my machine it shows like this,

[root@oracle ~]# sysctl -p

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmall = 2097152

kernel.shmmax = 536870912

kernel.shmmni = 4096

kernel.sem = 250 32000 100 128

fs.file-max = 6553600

net.ipv4.ip_local_port_range = 1024 65000

net.core.rmem_default = 4194304

net.core.wmem_default = 262144

net.core.rmem_max = 4194304

net.core.wmem_max = 262144

8. Create the Oracle Groups and User Account

create the Linux groups and user account that will be used to install and maintain the Oracle Database

# groupadd oinstall

# groupadd dba

# useradd -m -g oinstall -G dba oracle

# id oracle

# passwd oracle (set password for oracle user)

9. Create Directories

Now create directories to store the Oracle Database. These directories would normally be created as separate file systems.

# mkdir -p /u01/app/oracle

# chown -R oracle:oinstall /u01/app/oracle

# chmod -R 775 /u01/app/oracle

10. Set Static Ip Address.

Machine need to set with a static ip address. Use the command to set the ip address,

# system-config-network

*Assigning the machine ip with dhcp will fail to start oracle service.

11. Now the time to install the application. Extract the application using the command,

# unzip <oracle package>

* Choose other than /tmp folder. If the temp is assigned with low space,the extracting size will cause issue on the machine.

12. Graphics is needed to install the oracle. Switch to run level “5”.

**Use ssh -X oracle@serveipaddress

or

**Use Vnc Server

13. Login as oracle user

14. Go to the extracted oracle package

# cd /opt/<oracle package>

15. Run the installer:

# ./runinstaller

The installation settings are pretty explanatory. Just go with the defaults, and if there is an error at some point the details panel will explain whats wrong.

At one point you will be asked for te SYSMAN password. Remember it because it will be used to login into the web console.

When you near the very end of the installation, you will be asked to run one or two scripts as root. Just open up a terminal, su – into root and run the scripts which have their full paths displayed for your convenience.

To logon to the web console, in a browser type:

https://localhost:1158/em

Default user name is : sys

Note:

If you use just http, I was asked to download a bin file so add the https. Also if this isn’t coming up check and see if apache is running.

Starting And Stoping Oracle

You might need to start oracle back up or stop it at some point so sue these commands which are located in:

/u01/app/oracle/product/11.1.0/db_1/bin/

emctl start dbconsole
lsnrctl start
dbstart

emctl stop dbconsole
lsnrctl stop
dbstop

Common Errors While Starting Stoping Service

1. Architecture Selection

Selecting the unmatched architecture will cause issue during the installation (64 bit and 32bit). Select the package according to the Operating System and the machine architecture.

2. Error Message,

ORACLE_HOME_LISTNER is not SET, unable to auto-stop Oracle Net Listener”

Solution :

 Edit file “dbstart” & “dbshut”, find line $ORACLE_HOME_LISTNER=$1 

and change to = $ORACLE_HOME_LISTNER=/u01/app/oracle/product

3. Error Message,

Message 1070 not found; No message file for product=NETWORK,

facility=TNSTNS-125

38: Message 12538 not found; No message file for product=NETWORK,

facility=TNS

TNS-12560: Message 12560 not found; No message file for

product=NETWORK, facili

ty=TNS

TNS-00508: Message 508 not found; No message file for

product=NETWORK, facilit

y=TNS”

Solution : Configure ORACLE_HOME

create a new file named oracle.sh under profile.d

# vi /etc/profile.d/oracle.sh

Edit the file and add the value,

export ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1/

# source /etc/profile.d/oracle.sh

4. Error Message,

Environment variable ORACLE_SID not defined. Please define it”

Solution : Configure SID value

# vi /etc/profile.d/oracle.sh

Edit the file and add the value,

export ORACLE_SID=orcl

# source /etc/profile.d/oracle.sh

5. Error Message,

OC4J Configuration issue. /u01/app/oracle/product/11.1.0/db_1/oc4j/j2ee/OC4J_DBConsole_oracle.****_ORCL not found.”

Solution : Edit the file,


# vi /etc/profile.d/oracle.sh

and change ORACLE_SID=?? accordingly with the present directory inside the folder, /u01/app/oracle/product/11.1.0/db_1/oc4j/j2ee/


Start Oracle Service Automatically At System Start Up

1. Edit /etc/oratab

change the value to

orcl:/u01/app/oracle/product/11.1.0/db_1:Y

2. Create a new startup script,

# vi /etc/init.d/dbora

Add The Lines

#!/bin/sh

# chkconfig: 345 99 10

# description: Oracle auto start-stop script.

#

# Set ORA_HOME to be equivalent to the $ORACLE_HOME

# from which you wish to execute dbstart and dbshut;

#

# Set ORA_OWNER to the user id of the owner of the

# Oracle database in ORA_HOME.

ORA_HOME=/u01/app/oracle/product/11.1.0/db_1

ORA_OWNER=oracle

if [ ! -f $ORA_HOME/bin/dbstart ]

then

echo "Oracle startup: cannot start"

exit

fi

case "$1" in

'start')

# Start the Oracle databases:

# The following command assumes that the oracle login

# will not prompt the user for any values

su - $ORA_OWNER -c "$ORA_HOME/bin/emctl start dbconsole"

su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl start"

su - $ORA_OWNER -c $ORA_HOME/bin/dbstart

;;

'stop')

# Stop the Oracle databases:

# The following command assumes that the oracle login

# will not prompt the user for any values

su - $ORA_OWNER -c "$ORA_HOME/bin/emctl stop dbconsole"

su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl stop"

su - $ORA_OWNER -c $ORA_HOME/bin/dbshut

;;

esac

3. Change the permission,

# chmod 750 /etc/init.d/dbora

4. Add it to chkconfig,

# chkconfig --level 345 dbora on

5. Start and Stop the service using,

# /etc/init.d/dbora start

# /etc/init.d/dbora stop

Vtiger Installation And Configuration

Vtiger Installation And Configuration

vtiger CRM is an CRM application that was forked from SugarCRM with the intention of being a fully open source CRM application with comparable functionality to SugarCRM and Salesforce.com. It offers reporting, a customer portal and an Outlook plugin in its free edition, whereas those functions are in paid versions of the other CRM applications.

* Sales automation (customizable product entries, inventory management, quotations, billing, and trouble ticketing)

* Customer support & service functions, including a customer self-service portal

* Marketing automation (lead generation, campaign support, knowledge bases)

* Analysis and reporting

User interaction features include:

* Integration with corporate E-mail systems (plugin for Microsoft Outlook, Mozilla Thunderbird extension)

* Support of the Asterisk PBX phone system

* Calendaring

* Tag cloud functionality

* RSS feed suscription

* PDF document generation via the TCPDF library

In addition, vtiger features multiple database support, security management, and various web forms. The project is available in over 15 different languages.

Interface similarities between vtiger and the CRM module of the Zoho Office Suite have been noted. However, this seems to be attributable to common corporate sponsorship, not to a common software code base

Technology

vTiger is built on the LAMP/WAMP (Linux/Windows, Apache, MySQL, and PHP) stack with code from other open source projects such as SugarCRM. The core development team of vtiger CRM is based in Bangalore, India.

Installation Of Vtiger without Apache and Mysql on Linux Box

Requirement

Linux box should have a running Apache server and Mysql server. Both should be updated to the latest version.

System should have adequate resource for running the vtiger.

System need to have the latest php version installed with apache.

Installation Steps,

1. Download latest vtiger source .tar.gz from the site.

http://www.vtiger.org/

http://vtiger.com/

2. Save it on a temporary location.

3. Ungzip the package using the command,

#  tar -xvjf <package name>

4. Once the package is extracted move into the preferred apache location. (Here i have a separate /var/www/html/vhost/vtiger/vt directory where apache can access)

# mv <extract package> /var/www/html/vhost/vtiger/vt

5. Create a new database and user for vtiger on mysql .

# Login into mysql

# mysql -u root -p (use this where mysql root password is set)

# mysql> create database vtigercrm;

# mysql> grant all privileges on vtigercrm.* to vtigeradmin@’%’ identified by ‘password';

Login into the mysql using the new user and confirm the validation.

6. Configure the apache to locate the “vt directory”.

Create a new file under /etc/httpd/conf.d/vt.conf

Add the following lines into vt.conf file under apache/conf.d.

NameVirtualHost 192.168.0.252:80

<VirtualHost 192.168.0.252:80>

ServerName vt.talk2melbin.com:80

ServerAlias www.vt.talk2melbin.com

UseCanonicalName Off

ServerAdmin “melbin.mathew@talk2melbin.com”

DocumentRoot /var/www/html/vhost/vtiger/vt/

</VirtualHost>

* If you have already mentioned the name virtual host on apache conf, no need to mention the namevirtualhost field again.

* 192.168.0.252 is the ip address of the apache server.

* vt.talk2melbin.com should be given correctly on the DNS server. so as on calling the url on the web browser it will directly display the vtiger login page.

* To resolve the domain name, temporarily give the domain name on /etc/hosts file

192.168.0.252 vt.talk2melbin.com

192.168.0.252 www.vt.talk2melbin.com

7. Once the configuration part is done. Call the www.vt.talk2melbin.com on the web browser. It will prompt for the installation procedure. Follow the instruction and make all the required parameters to yes.

8.Give the required field like password ,database user name, url and finish.

Once the vtiger is installed,  we are able to login into the vtiger console using admin user name and password. Create new user login’s and set the email server parameters from the admin console.

Configure Nat Routing Between Two Network Interfaces

Configure Nat Routing Between Two Network Interfaces

Network Address Translation (Nat) help to route the request through the gateway. It will help the system administrator to control the traffic over the network and monitor the users usage.

Nat is done using two Ethernet interfaces and basically the public address is accessible by the internal users, but the public people wont able to access the internal network with out the help of system administrator.

This help to prevent the access to internal network with our administrator permission and increase the security.

This is done with the help of iptables and ip forwarding on kernel parameter.

1. Edit,

#vi /etc/sysctl.conf

change the parameter,

net.ipv4.ip_forward = 1

and restart the network. The value can see on runing the command

#sysctl -p

2. The iptable command used to make it done is,

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

where eth0 is the external network.It may vary depend on the interface naming.

command will configure nat between public and internal interfaces.

Save the iptables rule using the command,

#iptables save

Configure Apf with Nat

Apf can able to configure to make the nat working. We need to edit the post routing rule on apf configuration file.

# vi /etc/apf/postroute.rules

and add the same line

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

save and exit and reload apf

#apf -r 

BFD Installation And Configuration

BFD Configuration And Installation

BFD (Brute Force Detection)
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

Bfd works with apf. With the help of apf, bfd deny the attackers ip. The denied ip is listed on

#cat /etc/apf/deny_hosts.rules

The file have  comment shown regarding which type of attack does the system undergone . To make the ip allow we need to remove the ip address from the apf deny hosts rule and reload the apf using the command ”apf -r”

#apf  -d  <ip> to deny ip address.

#apf  -a <ip> to add the ip to allow list.

If the ip is added on deny list remove it from the file and then add it to allow list.

This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

#cat /etc/apf/allow_hosts.rules

file shows the allowed ip address.

Requirements:
– You MUST have APF Firewall Installed before installing BFD – it works with APF and requires some APF files to operate.
– Root SSH access to your server

Updated: April 13, 2005

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. tar -xvzf bfd-current.tar.gz

4. cd bfd-0.7

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

.: BFD installed
Install path:    /usr/local/bfd
Config path:     /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Lets edit the configuration file: pico /usr/local/bfd/conf.bfd

7. Enable brute force hack attempt alerts:
Find:
ALERT_USR=”0″ CHANGE TO: ALERT_USR=”1″

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”your@yourdomain.com”

Save the changes: Ctrl+X then Y

8. Prevent locking yourself out!
pico -w /usr/local/bfd/ignore.hosts and add your own trusted IPs
Eg:
192.168.1.1

Save the changes: Ctrl+X then Y

BFD uses APF’ cli insert feature
and as such will override any allow_hosts.rules entries users have in-place.
So be sure to add your trusted ip addresses to the ignore file to prevent
locking yourself out.

9. Run the program!
/usr/local/sbin/bfd -s

10. Customize your applicatoins brute force configuration
Check out the
rules directory in your /usr/local/bfd

Here you’ll find all kinds of pre-made rules for popular services such as Apache, and ProFTPD w00t!
If you have any clue about shell scripting you can customize them or create new rules for enhanced brute force detection and prevent attacks.

Thanks to RFX Networks for creating another great script for the community, Brute Force Detection is excellent!

How to configure APF on Linux Machines

How to configure APF on Linux Machines

Firewall is an important layer on any operating systems. It prevent the attacks,DDOS, unwanted entries on virus and keep the system free of trouble. A user can easily manage there firewall settings on their machines. It would be great to configure the firewall on the machine. Without configuring the firewall we are making an our system to a open entry to the ‘www’. It is something similar to a door that prevent thieves enter into the house.

Installing Apf is a good apart on Linux Machine to make the box secure. For example if your system is infected by virus program that are capable of send your credit card information.. what would be the damage cause to you?you know the value is high. So it would be good to make measures to prevent the unwanted attackers. Prevention is better than cure.

Installation And Configuration Of Apf

Requirements:
– Root SSH access to your server

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz

4. cd apf-0.9.5-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

.: APF installed
Install path: /etc/apf
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf

6. Lets configure the firewall: vi /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn’t a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.
FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Ensim Servers
This should work on Ensim servers as stated by other users, although we can’t guarantee it will work.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Save the changes: :wq

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage /usr/local/sbin/apf [OPTION]
-s|–start …………. load firewall policies
-r|–restart ……….. flush & load firewall
-f|–flush|–stop …… flush firewall
-l|–list ………….. list chain rules
-st|–status ……….. firewall status
-a HOST|–allow HOST … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST|–deny HOST …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall

9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0” after you’ve had a chance to ensure everything is working well and tested the server out.

vi /etc/apf/conf.apf

FIND: DEVM=”1″
CHANGE TO: DEVM=”0″

Save your changes! :wq
Restart the firewall: /usr/local/sbin/apf -r

10. New – Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

Thanks to R-fx networks for developing and maintaining this product.