LinuxHelps.com

A blog for Linux Lovers.

Archive for June, 2009

Posted by sibu on June 28, 2009

How to Reset a Linux Box root password.

If the linux box protected with root password only.

Do a hard reboot on the machine and click on ‘e’ button to edit the boot like when you get the grub menu. Scrol down to the line which starts with kernel and hit ‘e’ again to edit and add ‘single’ (with out quotes) at the end and hit Enter. Now use ‘b’ to boot then you will get single user mode from where you can change the server root password.

If the linux box protected with a password for single user mode.

Few system require root password to boot into ‘single mode’ in that case try to edit the gurb boot line and add ‘init=/bin/bash’ at the end of kernel line. You will be redirected to a bash shell instead of init.

Now you may want to mount the root paritition with read/write permission.

mount –no remount,rw /

Then reset the password.

If the Grub is protected with a root password, then try booting from a LiveCD and open a root shell.  Execute fdisk –l to show the available disk partition. Mount the root paritition to /mnt

mount -o,rw /dev/hda1 /mnt

Make sure that you mount a root partition. Next change this partition as your root directory using following command

chroot /mnt

Now try to change the root password using passwd command.

Posted by sibu on June 20, 2009

History with Time and Date.

History with Time and Date

The command history will give you the list of command which you executed earlier. By default you won’t get the the command execution time and date.

If you wish to have a history details with time and date please do the following.

Open /etc/bashrc file and add the following line.

Export HISTTIMEFORMAT=”%h%d - %H:%M:%S”

After adding this line, relogin to the shell and execute the history command.

Posted by sibu on June 20, 2009

Iptables to log messages to a different log file

According to man page:

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.

By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks.
Iptables default log file

For example, if you type the following command, it will display current iptables log from /var/log/messages file:
tail -f /var/log/messages

Output:

————————————————————————–

Oct  4 00:44:28 debian gconfd (anish-4435): Resolved address “xml:readonly:/etc/gconf/gconf.xml.defaults” to a read-only configuration source at position 2
Oct  4 01:14:19 debian kernel: IN=ra0 OUT= MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=200.142.84.36 DST=192.168.1.2 LEN=60 TOS=0×00 PREC=0×00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840 RES=0×00 SYN URGP=0

—————————————————————————–

Procedure to log the iptables messages to a different log file

Open your /etc/syslog.conf file:

vi /etc/syslog.conf

Append following line

kern.warning /var/log/iptables.log

Save and close the file.

Restart the syslogd (Debian / Ubuntu Linux): /etc/init.d/sysklogd restart On the other hand, use following command to restart syslogd under Red Hat/Cent OS/Fedora Core Linux: /etc/init.d/syslog restart

Now make sure you pass the log-level 4 option with log-prefix to iptables. For example:
DROP everything and Log it
iptables -A INPUT -j LOG –log-level 4
iptables -A INPUT -j DROP

For example, drop and log all connections from IP address 64.55.11.2 to your /var/log/iptables.log file:


iptables -A INPUT -s 64.55.11.2 -m limit –limit 5/m –limit-burst 7 -j LOG –log-prefix ‘** HACKERS **’ –log-level 4
iptables -A INPUT -s 64.55.11.2 -j DROP

Where,

* –log-level 4: Level of logging. The level # 4 is for warning.
* –log-prefix ‘*** TEXT ***’: Prefix log messages with the specified prefix (TEXT); up to 29 letters long, and useful for distinguishing messages in the logs.

You can now see all iptables message logged to /var/log/iptables.log file:
tail -f /var/log/iptables.log

Posted by sibu on June 18, 2009

Zombie process

Zombie process is an inactive computer process, according to wikipedia article, “…On Unix operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. In the term’s colorful metaphor, the child process has died but has not yet been reaped…”

Use top or ps command to find out zombie process.

# top
OR
# ps aux | awk ‘{ print $8 ” ” $2 }’ | grep -w Z

Output:

Z 4104
Z 5320
Z 2945

You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.

You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104.

# kill -9 4104

Please note that kill -9 does not guarantee to kill a zombie process.Write a script and schedule as a cron job.The following is a script to kill Zombie processes.

Code:

for each in `ps -ef | grep ” | grep -v PID | awk ‘{ print $3 }’`; do
for every in `ps -ef | grep $each | grep -v cron | awk ‘{ print $2 }’`; do
kill -9 $every;
done;
done

Posted by sibu on June 14, 2009

Optimize MySQL Performance With MySQLTuner

MySQLTuner is a high-performance MySQL tuning script written in perl that will provide you with a snapshot of a MySQL server health. Based on the statistics gathered, specific recommendations will be provided that will increase a MySQL servers efficiency and performance. The script gives you automated MySQL tuning that is on the level of what you would receive from a MySQL DBA.

# wget http://mysqltuner.com/mysqltuner.pl
# chmod +x mysqltuner.pl
# ./mysqltuner.pl

Result

>> MySQLTuner 0.9.0 - Major Hayden
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with ‘–help’ for additional options and output filtering
Please enter your MySQL administrative login: secret
Please enter your MySQL administrative password: more secret

——– General Statistics ————————————————–
[OK] You have the latest version of MySQLTuner
[OK] Currently running supported MySQL version 5.0.32-Debian_7etch4-log
[OK] Operating on 32-bit architecture with less than 2GB RAM

——– Storage Engine Statistics ——————————————-
[--] Status: +Archive -BDB -Federated -InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 71M (Tables: 548)

——– Performance Metrics ————————————————-
[--] Up for: 109d 22h 8m 1s (69M q [7.283 qps], 1M conn, TX: 3B, RX: 3B)
[--] Reads / Writes: 98% / 2%
[--] Total buffers: 2.6M per thread and 58.0M global
[OK] Maximum possible memory usage: 320.5M (62% of installed RAM)
[OK] Slow queries: 0% (39/69M)
[OK] Highest usage of available connections: 63% (63/100)
[OK] Key buffer size / total MyISAM indexes: 16.0M/65.0K
[OK] Key buffer hit rate: 100.0%
[OK] Query cache efficiency: 80.6%
[!!] Query cache prunes per day: 30287
[OK] Sorts requiring temporary tables: 0%
[!!] Temporary tables created on disk: 59%
[OK] Thread cache hit rate: 99%
[!!] Table cache hit rate: 0%
[OK] Open file limit used: 12%
[OK] Table locks acquired immediately: 99%

——– Recommendations —————————————————–
General recommendations:

* Enable the slow query log to troubleshoot bad queries
* When making adjustments, make tmp_table_size/max_heap_table_size equal
* Reduce your SELECT DISTINCT queries without LIMIT clauses
* Increase table_cache gradually to avoid file descriptor limits

Variables to adjust:

* query_cache_size (> 16M)
* tmp_table_size (> 32M)
* max_heap_table_size (> 16M)
* table_cache (> 64)

Posted by sibu on June 11, 2009

SSL Certificates

SSL Certificates:

Normally data is sent unencrypted over Internet, which means anybody with certain tools can hack all your data. To pervent this from happening SSL (Secure Socket Layer) is used to encrypt the data stream between the Web Server and the Web Client.

Types:


* Self Signed Certificate
* Certificate issued by a trusted Certificate Authority(CA)

Why is a certificate issued by a CA necessary?


Simple - It is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority, ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Steps in generating Certificates:


* Generate a Private Key
* Generate a CSR (Certificate Signing Request)
* Generating a Self-Signed Certificate / Get the Certificate from a CA
* Installing the Private Key and Certificate
* Configuring SSL Enabled Virtual Hosts
* Restart Apache and Test

Generate a Private Key:


* OpenSSL tool is used for this purpose, make sure openssl is installed
* It is always ideal to include the domain names in file names

openssl genrsa -out /etc/httpd/conf/ssl.key/domain.key 1024

Generate a CSR:


* Once the Private Key is created, use it to generate a CSR
* Avoid entering data for extra attributes like : “A Challenge Password”, since this might be asking you for the passphrase each time you restart Apache

openssl req -new -key /etc/httpd/conf/ssl.key/domain.key -out /etc/httpd/conf/ssl.crt/domain.csr


Generating a Self-Signed Certificate / Get the Certificate from CA

* A Self-Signed Certificate is one that we create by ourself
* However, using a self-signed certificate will generate an error in clients browser that, “igning certificate authority is unknown and not trusted”.

openssl x509 -req -in /usr/local/apache/ssl.crt/domain.csr -signkey /usr/local/apache/ssl.key/domain.key -out /usr/local/apache/ssl.crt/domain.crt

* And to get a Certificate from a CA, all you have to do is send them a copy of the Private key and CSR ytou have just generated on the server

* Copy all the certificates generated to appropriate folders

Configuring SSL Enabled Virtual Hosts

Configure your httpd.conf to encorporate the SSL Certificates with Apache Server

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/domain.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domain.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”