Tuesday, December 25, 2007

Formatting & Partioning Hard disks

Before you use fdisk to create or revise partitions, you should check your free space and the partitions that are currently mounted. You can do this with df and mount commands. The following example illustrates how the df command displays the total, used, and available free space on all currently mounted filesystems.

Note the numbers under the 1k-blocks column. In this case (except for the mounted DVD), they add up to about 35GB of allocated space. If your hard drive is larger, you may have unallocated space that you can use for another partition. Just remember to leave room for expansion in appropriate directories, such as /home, /tmp, and /var.

[root@Enterprise root]# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
9903432 2333948 7058304 25% /
/dev/hda3 101105 19821 76063 21% /boot
tmpfs 451200 0 451200 0% /dev/shm
/dev/mapper/VolGroup00-LogVol02
4951688 149164 4546936 4% /home
/dev/md0 302684 10326 276730 4% /tmp
/dev/mapper/VolGroup00-LogVol03
4951688 194308 4501792 5% /var
/dev/hdc 7384 7384 0 100%
/media/Red Hat Enterprise Linux Server
/dev/hda2 11715984 9509432 2206552 82% /DosD
[root@Enterprise root]#

The second command, mount, includes the filesystem type. In this case, examine the partition represented by device /dev/hda2 mounted with the VFAT file type on the /DosD directory. It provides direct access to the D: drive of the Windows operating system. For the following example, I've set up the data shown from the mount command in columns for clarity.

[root@Enterprise root]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda3 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/mapper/VolGroup00-LogVol02 on /home type ext3 (rw)
/dev/md0 on /tmp type ext3 (rw)
/dev/mapper/VolGroup00-LogVol01 on /var type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/hdc on /media/RHEL-5 i386 Disc 1type iso9660 (ro,noexec,nosuid,nodev,uid=500)
/dev/hda2 on DosD type vfat (rw)
[root@Enterprise root]#

One of the benefits is that you can move and copy files between the Linux and the DOS partitions using standard Linux commands. You cannot, however, run any Windows applications within Linux unless you run a DOS or Windows emulation package such as Wine (www.winehq.org) or CrossOver Office (www.codeweavers.com).

The fdisk Utility

The fdisk tility is a universally available tool that you should know well. There are many commands within fdisk, more in expert mode, but you need to know only the few discussed here.

Though you can modify the physical disk partition layout using many programs, this section explores the Linux implementation of fdisk. FDISK.EXE from DOS has the same name and is also used for creating partitions, but it doesn't incorporate any Linux-compatible features. It also uses a different interface.

Using fdisk: Starting, Getting Help, and Quitting

The following screen output lists commands that show how to start the fdisk program, how to get help, and how to quit the program. The /dev/hda drive is associated with the first PATA/IDE drive on a regular PC. Your computer may have a different hard drive; you can check the output from the df and mount commands for clues.

As you can see, once you start fdisk, it opens its own command line prompt:

# fdisk /dev/hda
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)

Command (m for help): q

There are a wide variety of commands associated with fdisk and more when you run the x command to access fdisk's extra functionality.

Using fdisk: In a Nutshell

At the fdisk command line prompt, start with the print command (p) to print the partition table. This allows you to review the current entries in the partition table. Assuming you have free space, you then create a new (n) partition, either primary (p) or logical (l). If it doesn't already exist, you can also create an extended partition (e) to contain your logical partitions. Remember that you can have up to four primary partitions, which would correspond to numbers 1 through 4. One of the primary partitions can be redesignated as an extended partition. The remaining partitions are logical partitions, numbered 5 and above. The Linux fdisk utility won't allow you to create more than 16 partitions on the drive.

When you assign space to a partition, you're assigning a block of cylinders on that hard disk. If you have free space, the fdisk default starts the new partition at the first available cylinder. The actual size of the partition depends on disk geometry; do not worry about exact size here.

Using fdisk: Deleting Partitions

The following example removes the only configured partition. The sample output screen first starts fdisk. Then you print (p) the current partition table, delete (d) the partition by number (1 in this case), write (w) the changes to the disk, and quit (q) from the program. Needless to say, do not perform this action on any partition where you need the data.

# fdisk /dev/hdb
Command (m for help): p
Disk /dev/hdb: 255 heads, 63 sectors, 525 cylinders
Units = cylinders of 16065 * 512 bytes

Device Boot Start End Blocks Id System
/dev/hdb1 * 1 525 4217031 6 FAT16
Command (m for help): d
Partition number (1-1): 1

This is the last chance to change your mind before deleting the current partition. If you want to change your mind, exit from fdisk with the q command. If you're pleased with the changes that you've made and want to make them permanent, proceed with the w command:

Command (m for help): w

You did it! Now you have an empty hard disk or hard disk area where you can create the partitions you need.

You no longer have to reboot to get Linux to read the new partition table. Now, the partprobe command rereads the partition table without a reboot.

Using fdisk: Creating Partitions

The following screen output sample shows the steps used to create (n) the first (/boot) partition, make it bootable (a), and then finally write (w) the partition information to the disk. (Note that although you may ask for a 100MB partition, the geometry of the disk may not allow that precise size, as shown in the example.)

# fdisk /dev/hdb

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4):

First cylinder (1-256, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (2-256,def 256): +100M

Command (m for help): a
Partition number (1-4): 1

Command (m for help): p
Disk /dev/hdb: 255 heads, 63 sectors, 256 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdb1 * 1 12 98163 83 Linux

Command (m for help):

Repeat the commands to create any other partitions that you might need. One possible group of partitions is illustrated here:

Command (m for help): p

Disk /dev/hdb: 255 heads, 63 sectors, 256 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdb1 * 1 2 16044 83 Linux
/dev/hdb2 3 18 64176 82 Linux swap / Solaris
/dev/hdb3 19 169 1203300 83 Linux
/dev/hdb4 170 250 649782 5 Extended
/dev/hdb5 170 201 248682 83 Linux
/dev/hdb6 202 257 449232 83 Linux

Command (m for help): w


On the Job

The number of blocks that you see may vary slightly depending on the size of your hard disk; the number of heads, sectors, and cylinders on that disk; as well as the version of fdisk that you're using.

Using fdisk: A New PC with No Partitions

After installing Linux on a new PC, you'll want to use fdisk to configure additional physical disks attached to the system. For example, if the additional disk is the first disk attached to the secondary IDE controller, run the fdisk /dev/hdc command. Remember the limitations on partitions. If you need more than four partitions on the new physical disk, configure type Primary for the first three partitions, and then Extended for the rest of the disk as partition 4. You can then creating logical partitions 5–16 within the extended partition.

Using fdisk: Creating a Swap Partition

You need to create a partition before you can reassign it as a swap partition. At the fdisk prompt, run the l command. You'll see a large number of file types, listed as hex codes. When you create a partition, fdisk creates a Linux Native type partition by default. As you can see from the output of the l command, the associated hex code is (83).

It's easy to reassign a partition as a swap partition. Run the p command. Remember the number of the partition you want to change. Make sure that partition doesn't contain data that you want to save.

Now run the t command. Type in the number associated with the partition that you want to change. Type in the hex code for the type you want-in this case, 82 for a Linux swap partition. For example, I could run the following sequence of commands to set up a new swap partition on the second IDE hard drive. The commands that I type are in boldface. The details of what you see depend on the partitions that you may have created. It'll be a 1GB swap space on the first primary partition (/dev/hdb1).

# fdisk /dev/hdb
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-10402, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-10402, default 10402): +1000M

Command (m for help): p

Disk /dev/hdb: 5368 MB, 5368709120 bytes
16 heads, 63 sectors/track, 10402 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes

Device Boot Start End Blocks Id System
/dev/hdb1 1 1939 977224+ 83 Linux

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 82
Changed system type of partition 1 to 82 (Linux swap / Solaris)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
#

The fdisk utility doesn't actually write the changes to your hard disk until you run the write (w) command. You have a chance to cancel your changes with the quit (q) command. To make sure Linux rereads the partition table after fdisk writes it, run the partprobe command

Crontab details

Here is the format of a line in crontab.
#minute, hour, day of month, month, day of week, command
* * * * * command

Entries in a crontab Command Line

Field

Value

minute

0–59

hour

Based on a 24-hour clock; for example, 23 = 11 P.M.

day of month

1–31

month

1–12, or jan, feb, mar, etc.

day of week

0–7; where 0 and 7 are both Sunday; or sun, mon, tue, etc.

command

The command you want to run

If you see an asterisk in any column, cron runs that command for all possible values of that column. For example, an * in the minute field means that the command is run every minute during the specified hour(s). Consider another example, as shown here:

1  5  3  4  *  ls

This line runs the ls command every April 3 at 5:01 A.M. The asterisk in the day of week column simply means that it does not matter what day of the week it is; crontab still runs the ls command at the specified time.

The crontab file is flexible. For example, a 7–10 entry in the hour field would run the specified command at 7:00 A.M., 8:00 A.M., 9:00 A.M., and 10:00 A.M. A list of entries in the minute field such as: 0,5,10,15,20,25,30,35,40,45,50,55 would run the specified command every five minutes. The cron daemon also recognizes abbreviations for months and the day of the week.

The actual command is the sixth field. You can set up new lines with a percent (%) symbol. This is useful for formatting standard input. The example of a cron file follows formats input for an e-mail message:

# crontab -l
# Sample crontab file
#
# Force /bin/sh to be my shell for all of my scripts.
SHELL=/bin/sh
# Run 15 minutes past Midnight every Saturday
15 0 * * sat $HOME/scripts/scary.script
# Do routine cleanup on the first of every Month at 4:30 AM
30 4 1 * * /usr/scripts/removecores >> /tmp/core.tmp 2>>&1
# Mail a message at 10:45 AM every Friday
45 10 * * fri mail -s "Project Update employees%Can I have a status
update on your project?%%Your Boss.%
# Every other hour check for alert messages
0 */2 * * * /usr/scripts/check.alerts

For more examples, review some of the scripts in the /etc/cron.daily directory.

Wednesday, November 21, 2007

Mysqldump certain tables

To take the Mysql dump of certain tables use the following command

mysqldump --user=username --password= password -B Database --tables Table1 Table2 Table3 Table4 > backup.sql

Sunday, October 21, 2007

How do I protect a directory in Apache on linux

There are many ways you can password protect directories under Apache web server. This is important to keep your file privates from both unauthorized users and search engines (when you do not want to get your data indexed). Here you will see the basics of password protecting a directory on your server. You can use any one of the following method:
  1. Putting authentication directives in a section, in your main server configuration httpd.conf file, is the preferred way to implement this kind of authentication.
  2. If you do not have access to Apache httpd.conf file (for example shared hosting) then with the help of file called .htaccess you can create password protect directories. .htaccess file provide a way to make configuration changes on a per-directory basis.
In order to create apache password protected directories you need:
  • Password file
  • And Directory name which you would like to password protect (/var/www/docs)

Step # 1: Make sure Apache is configured to use .htaccess file

You need to have AllowOverride AuthConfig directive in httpd.conf file in order for these directives to have any effect. Look for DocumentRoot Directory entry. In this example, our DocumentRoot directory is set to /var/www. Therefore, my entry in httpd.conf looks like as follows:

Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
Save the file and restart Apache
If you are using Red Hat /Fedora Linux:
# service httpd restart
If you are using Debian Linux:
# /etc/init.d/apache-perl restart

Step # 2: Create a password file with htpasswd

htpasswd command is used to create and update the flat-files (text file) used to store usernames and password for basic authentication of Apache users. General syntax:
htpasswd -c password-file username
Where,
  • -c : Create the password-file. If password-file already exists, it is rewritten and truncated.
  • username : The username to create or update in password-file. If username does not exist in this file, an entry is added. If it does exist, the password is changed.
Create directory outside apache document root, so that only Apache can access password file. The password-file should be placed somewhere not accessible from the web. This is so that people cannot download the password file:
# mkdir -p /home/secure/
Add new user called vivek
# htpasswd -c /home/secure/apasswords vivek
Make sure /home/secure/apasswords file is readable by Apache web server. If Apache cannot read your password file, it will not authenticate you. You need to setup a correct permission using chown command. Usually apache use www-data user. Use the following command to find out Apache username. If you are using Debian Linux use pache2.conf, type the following command:
# grep -e '^User' /etc/apache2/apache2.conf
Output:
www-data
Now allow apache user www-data to read our password file:
# chown www-data:www-data /home/secure/apasswords
# chmod 0660 /home/secure/apasswords

If you are using RedHat and Fedora core, type the following commands :
# grep -e '^User' /etc/httpd/conf/httpd.conf
Output:
apache
Now allow apache user apache to read our password file:
# chown apache:apache /home/secure/apasswords
# chmod 0660 /home/secure/apasswords

Now our user vivek is added but you need to configure the Apache web server to request a password and tell the server which users are allowed access. Let us assume you have directory called /var/www/docs and you would like to protect it with a password.
Create a directory /var/www/docs if it does not exist:
# mkdir -p /var/www/docs
Create .htaccess file using text editor:
# cd /var/www/docs
# vi .htaccess

Add following text:
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/secure/apasswords
Require user vivek
Save file and exit to shell prompt.

Step # 3: Test your configuration

Fire your browser type url http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs
When prompted for username and password please supply username vivek and password. You can add following lines to any file entry in httpd.conf file:
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/secure/apasswords
Require user vivek
To change or setup new user use htpasswd command again.

Troubleshooting

If password is not accepted or if you want to troubleshoot authentication related problems, open and see apache access.log/error.log files:
Fedora Core/CentOS/RHEL Linux log file location:
# tail -f /var/log/httpd/access_log
# tail -f /var/log/httpd/error_log

Debian Linux Apache 2 log file location:
# tailf -f /var/log/apache2/access.log
# tailf -f /var/log/apache2/error.log

Thursday, October 18, 2007

Managing Software with yum

Use the yum utility to modify the software on your system in four ways:

  • To install new software from package repositories

  • To install new software from an individual package file

  • To update existing software on your system

  • To remove unwanted software from your system

Read more..............

Virtualization in Fedora 7

Fedora 7 includes support for both the KVM and the Xen virtualization platforms. For more information on different virtualization platforms, see http://virt.kernelnewbies.org/TechComparison.

More information on Xen itself can be found at http://wiki.xensource.com/xenwiki/ and the Fedora Xen page. More information on KVM can be found at http://kvm.qumranet.com/kvmwiki.

Fedora is following the 3.0.x Xen line. Xen 3.0.0 was released in December of 2005 and is incompatible with guests using the previous Xen 2.0.x releases.

Read more.......................



Wednesday, September 26, 2007

Lintrack As A LAN Gateway And An OpenVPN Bridge

This tutorial will guide you through installation and configuration of Lintrack, a GNU/Linux distribution specialized in networking tasks. We will give two LANs access to the internet along with DHCP and DNS cache servers, and then we will connect our networks using OpenVPN in bridging mode. You should be running all these in well under an hour, thanks to the unified configuration interface of Lintrack.

Read More.........

Disk Based Backups With Amanda On Debian Etch

This document describes how to set up Amanda (The Advanced Maryland Automatic Network Disk Archiver) on Debian Etch. For this tutorial I chose Ubuntu v7.04 as a backup-client. The resulting system provides a flexible backup-system with many features. It will be able to back up multiple hosts via network to various devices. I chose the disk based backup for this howto.
Read More...........

Wednesday, September 5, 2007

I forgot the MySQL root password, how do I reset it?

The Mysql root password can be set using the following procedure:

1.
Stop the MySQL service:

# service mysqld stop

Example output:

#service mysqld stop
Stopping MySQL: [OK]

2.
Start MySQLwith:

# /usr/bin/safe_mysqld --skip-grant-tables &

On Red Hat Enterprise Linux 4, safe_mysqld has been changed to mysqld_safe.

Note: safe_mysqld is a shell script which invokes mysqld, but additionally traps any forceful
terminations of the MySQL server and avoids any database corruption.

3.
Change the password of the root user:

# mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD('new_password') WHERE user='root'
mysql> FLUSH PRIVILEGES;
mysql> exit;


4.
You could perform Step 1 here and avoid using step 4, but in some cases, the startup script may not
behave as expected since mysqld was started directly, i.e. not using the init script.

# mysqladmin shutdown

5.
Start the MySQL service:

# service mysqld start

Example output:

# service mysqld start
Starting MySQL: [ OK ]

Wednesday, August 29, 2007

Exclude directories in tar

TAR:

tar -cvf httpdocs_06_20_2006.tar.gz
/home/user/domain.com/site
--exclude "/home/user/domain.com/site/excluded-dir1"
--exclude "/home/user/domain.com/site/excluded-dir2"

GNU TAR:

tar -cvf httpdocs_06_20_2006.tar.gz
--exclude "/home/user/domain.com/site/excluded-dir1"
--exclude "/home/user/domain.com/site/excluded-dir2"
/home/user/domain.com/site

Tuesday, August 21, 2007

Setting Up A PXE Install Server For Multiple Linux Distributions With Ubuntu Edgy Eft

This tutorial shows how to set up a PXE (short for preboot execution environment) install server with Ubuntu 6.10 (Edgy Eft). A PXE install server allows your client computers to boot and install a Linux distribution over the network, without the need of burning Linux iso images onto a CD/DVD, boot floppy images, etc. This is handy if your client computers don't have CD or floppy drives, or if you want to set up multiple computers at the same time (e.g. in a large enterprise), or simply because you want to save the money for the CDs/DVDs. In this article I show how to configure a PXE server that allows you to boot multiple distributions: Ubuntu Edgy/Dapper, Debian Etch/Sarge, Fedora Core 6, CentOS 4.4, OpenSuSE 10.2, and Mandriva 2007. Read more.....

Linux Quota Tutorial

1. Edit file /etc/fstab to add qualifier "usrquota" (for user) or/and "grpquota" (for groups) to the partition in which you want to add quota support. For example here I've added both types to my / (root) partition. Make sure there are NO SPACES after "defaults" and up to your qualifiers that you add.

LABEL=/ / ext3 defaults,usrquota,grpquota 1 1


2. Create files aquota.user (and aquota.group if you want to add group quota support) on the root of the partition that you added quota support to. Following the above example:

touch /aquota.user

Then change the permissions on these files as such

chmod 600 /aquota.user

3. Run quotacheck

quotacheck -va

Note: If you are trying to enable quota on the / partition you might get an error such as
"quotacheck: Can't find filesystem to check or filesystem not mounted with quota option."
In that case run "quotacheck -vam" and then "quotacheck -vgam" (for groups)
If you still get the error then reboot the system.
Make sure that if you are using the -m flag that no other process will be writing to that partition. If you are unsure you are recommended that you start the system in single user mode.
You may get this warning:
quotacheck: WARNING - Quotafile //aquota.user was probably truncated. Can't save quota settings...
This is nothing to worry about.



4. Turn quota on

quotaon -av

5. Now you are ready to edit quotas. Edit a user quota with the command "edquota -u user" and edit a group's quota with the command "edquota -g group". Both of these commands will run vi by default and give you the ability to edit the quota for the user/group. For example

[root@localhost root]# edquota -u testuser
Disk quotas for user testuser (uid 504):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 40 0 0 11 0 0

The above shows the testuser using 40 blocks (1 block = 1 KB) and no soft or hard quotas on block usage, using 11 inodes and no soft or hard quotas on inodes.

After editing the file to give the user 5 MB soft limit and 6 MB hard limit the file would look something like this



Disk quotas for user testuser (uid 504):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 40 5120 6144 11 0 0

Soft limit indicates the maximum amount of disk usage a quota user has on a partition. When combined with "grace period" it acts as the border line, which a quota user is issued warnings about his impending quota violation when passed. Hard limit works only when "grace period" is set. It specifies the absolute limit on the disk usage, which a quota user can't go beyond his "hard limit".

You can edit the grace period with the command "edquota -t" to edit grace period.

Misc:
To show your quota : "quota"
To show a users quota : "quota -u user"
To show all users quota usage : "repquota -a"

Thursday, August 16, 2007

Deny user login by locking out account

Pass -l option to passwd command. It is used to lock the specified

account and it is available to root only. The locking is performed by
rendering the encrypted password into an invalid string and by
prefixing the encrypted string with an !.


Syntax


passwd -l {username}


Unlock account or allow login


To allow login use passwd command as follows:

passwd -u {username}


This is the reverse of the -l option - it will unlock the account password by removing the ! prefix.


/sbin/nologin shell


/sbin/nologin displays a message that an account is not available
and exits non-zero. It is intended as a replacement shell field for
accounts that have been disabled or login is blocked.


Example: Deny login for tom user


Type the command as follows (login as root user):

# passwd -l tom

You can also change shell to /sbin/nologin:

# usermod -s /sbin/nologin tom


Example: Allog login for tom user


Type the command as follows (login as root user):

# passwd -u tom

You can also need change back shell from /sbin/nologin to /bin/bash:

# usermod -s /bin/bash tom

Blogged with Flock

Monday, August 13, 2007

Linux MRTG Configuration HOW-TO

MRTG is wonderful tool. You can use it to monitor traffic on your router or leased server located at remote IDC. Since it is written in Perl and some code in C language, it is portable and high performance tool.

for more info read here...........


Backup hard disk partition table

dd the old good command which now backup partition tables even writes CDs ;). Backing up partition is nothing but actually backing up MBR (master boot record). The command is as follows for backing up MBR stored on /dev/sdX or /dev/hdX :

# dd if=/dev/sdX of=/tmp/sda-mbr.bin bs=512 count=1

Replace X with actual device name such as /dev/sda.

Now to restore partition table to disk, all you need to do is use dd command:

# dd if= sda-mbr.bin of=/dev/sdX bs=1 count=64 skip=446 seek=446

dd command works with Solaris, HP-UX and all other UNIX like operating systems. Read man page of dd for more info.

Tuesday, August 7, 2007

Setting up an OpenVPN server in Fedora 7

Setting up an OpenVPN server

  1. yum install openvpn.$HOSTTYPE

  2. Copy /usr/share/openvpn/easy-rsa/ somewhere (like root's home directory with cp -ai /usr/share/openvpn/easy-rsa ~).

  3. cd ~/easy-rsa

  4. Edit vars appropriately.

  5. . vars

  6. ./clean-all

  7. Before continuing, make sure the system time is correct. Preferably, set up NTP.

  8. ./build-ca

  9. ./build-inter $( hostname | cut -d. -f1 )

  10. ./build-dh

  11. mkdir /etc/openvpn/keys

  12. cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh1024.pem /etc/openvpn/keys/

  13. cp -ai /usr/share/doc/openvpn-*/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf

  14. Edit /etc/openvpn/server.conf appropriately.

  15. chkconfig --level 2345 openvpn on

  16. service openvpn start

  17. Verify that firewall rules allow traffic in from tun+, out from the LAN to tun+, and in from the outside on UDP port 1194. The following should work:

     iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
    iptables -A INPUT -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
    iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

    Or for genfw (my firewall-generation script, not currently available in Fedora), this in /etc/sysconfig/genfw/rules:

     append INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
    append INPUT -i tun+ -j ACCEPT
    append FORWARD -i tun+ -j ACCEPT
    append FORWARD -i eth0 -o tun+ -j ACCEPT
    append FORWARD -i eth1 -o tun+ -j established

Setting up a Windows OpenVPN client

On the server:

  1. cd easy-rsa

  2. . vars

  3. ./build-key username

On the client:

  1. Install the OpenVPN GUI or the stand-alone OpenVPN client.

  2. Copy username.crt, username.key, and ca.crt to C:\Program Files\OpenVPN\config\ on the client.

  3. Drop roadwarrior-client.conf into C:\Program Files\OpenVPN\config\ as whatever.ovpn and edit appropriately.

  4. Either use the GUI to start the connection, start the OpenVPN service manually, or set the OpenVPN service to start automatically.
Ideally the client should do some verification on the server key with tls-remote in the whatever.ovpn configuration file.

Loads of linux links for video

http://loll.sourceforge.net/linux/links/Audio-Video/Video/index.html

Tutorial: Video, DVD players, TV and Multimedia

This covers Linux video players, DVD players, TV, HDTV and Hauppauge WinTV PCI card use. Included in this tutorial are links to software, video formats and information pertaining to video multimedia on Linux. This page also includes a tutorial on the use of the Hauppauge WinTV PCI card, linux video conferencing, surveillance, capture and TV broadcast display under Linux.

http://www.yolinux.com/TUTORIALS/LinuxTutorialVideo.html


Note: Taken from www.yolinux.com

Thursday, August 2, 2007

Microsoft Vista vs Ubuntu linux

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.
TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.)
Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite."
Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem.
Protocols related to TCP/IP include the User Datagram Protocol (UDP), which is used instead of TCP for special purposes. Other protocols are used by network host computers for exchanging router information. These include the Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP), the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).

Tuesday, July 31, 2007

Mounting USB storage drives in Linux

Plug in Memory Stick into available USB port and then..
# dmesg | less

(The device is picked up as a USB 1.1 and allocated an address.
Also says what HCD it is using.)

usb 1-1: new full speed USB device using uhci_hcd and address 2

(SCSI emulation automatically kicks in)
scsi0 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 2

(Now the device information including model number is retrieved)
usb-storage: waiting for device to settle before scanning
Vendor: JetFlash Model: TS512MJF2A Rev: 1.00
Type: Direct-Access ANSI SCSI revision: 02
SCSI device sda: 1003600 512-byte hdwr sectors (514 MB)

(The write-protect sense is EXPERIMENTAL code in the later kernels)
sda: Write Protect is off
sda: Mode Sense: 0b 00 00 08
sda: assuming drive cache: write through
SCSI device sda: 1003600 512-byte hdwr sectors (514 MB)
/dev/scsi/host0/bus0/target0/lun0: p1
Attached scsi removable disk sda at scsi0, channel 0, id 0, lun 0
Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0
usb-storage: device scan complete
(At this point, the device is generally accessible by mounting /dev/sda1)

(When the device is disconnected, the system acknowledges the same)
usb 1-1: USB disconnect, address 2

To see the partition table type fdisk -l /dev/sda

To Mount the partition type

# mount /dev/sda1 /mnt/usb
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda8 9.4G 7.5G 1.9G 80% /
/dev/hda9 11G 8.1G 2.4G 78% /usr
none 189M 0 189M 0% /dev/shm
/dev/sda1 490M 34M 457M 7% /mnt/usb


Monday, July 30, 2007

Raid

RAID (redundant array of independent disks; originally redundant array of inexpensive disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks. By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since multiple disks increases the mean time between failures (MTBF), storing data redundantly also increases fault tolerance.
A RAID appears to the operating system to be a single logical hard disk. RAID employs the technique of disk striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.
In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time.
In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives.
There are at least nine types of RAID plus a non-redundant array (RAID-0):
• RAID-0: This technique has striping but no redundancy of data. It offers the best performance but no fault-tolerance.
• RAID-1: This type is also known as disk mirroring and consists of at least two drives that duplicate the storage of data. There is no striping. Read performance is improved since either disk can be read at the same time. Write performance is the same as for single disk storage. RAID-1 provides the best performance and the best fault-tolerance in a multi-user system.
• RAID-2: This type uses striping across disks with some disks storing error checking and correcting (ECC) information. It has no advantage over RAID-3.
• RAID-3: This type uses striping and dedicates one drive to storing parity information. The embedded error checking (ECC) information is used to detect errors. Data recovery is accomplished by calculating the exclusive OR (XOR) of the information recorded on the other drives. Since an I/O operation addresses all drives at the same time, RAID-3 cannot overlap I/O. For this reason, RAID-3 is best for single-user systems with long record applications.
• RAID-4: This type uses large stripes, which means you can read records from any single drive. This allows you to take advantage of overlapped I/O for read operations. Since all write operations have to update the parity drive, no I/O overlapping is possible. RAID-4 offers no advantage over RAID-5.
• RAID-5: This type includes a rotating parity array, thus addressing the write limitation in RAID-4. Thus, all read and write operations can be overlapped. RAID-5 stores parity information but not redundant data (but parity information can be used to reconstruct data). RAID-5 requires at least three and usually five disks for the array. It's best for multi-user systems in which performance is not critical or which do few write operations.
• RAID-6: This type is similar to RAID-5 but includes a second parity scheme that is distributed across different drives and thus offers extremely high fault- and drive-failure tolerance.
• RAID-7: This type includes a real-time embedded operating system as a controller, caching via a high-speed bus, and other characteristics of a stand-alone computer. One vendor offers this system.
• RAID-10: Combining RAID-0 and RAID-1 is often referred to as RAID-10, which offers higher performance than RAID-1 but at much higher cost. There are two subtypes: In RAID-0+1, data is organized as stripes across multiple disks, and then the striped disk sets are mirrored. In RAID-1+0, the data is mirrored and the mirrors are striped.
• RAID-50 (or RAID-5+0): This type consists of a series of RAID-5 groups and striped in RAID-0 fashion to improve RAID-5 performance without reducing data protection.
• RAID-53 (or RAID-5+3): This type uses striping (in RAID-0 style) for RAID-3's virtual disk blocks. This offers higher performance than RAID-3 but at much higher cost.
• RAID-S (also known as Parity RAID): This is an alternate, proprietary method for striped parity RAID from EMC Symmetrix that is no longer in use on current equipment. It appears to be similar to RAID-5 with some performance enhancements as well as the enhancements that come from having a high-speed disk cache on the disk array.

Wednesday, July 25, 2007

LPI Linux Certification in a Nutshell

You may not have heard of the Linux Professional Institute (LPI) or its professional certifications, but they're becoming an important part of proving professional competence in the Linux operating system. That aside, LPI Linux Certification in a Nutshell is a fantastic introductory Linux book, well suited to introducing a curious newcomer to the environment and bringing an intermediate user up to expert status.

The book is organized around the LPI's published standards for two Level 1 exams (exams 101, which deals with key commands and file-system concepts, and 102, which places more emphasis on hardware, networking, and shell scripting). The organization works well even if you're not specifically preparing for either exam.

LPI Linux Certification in a Nutshell assumes nothing in early chapters, going so far--to cite one example--as to walk readers through the concept of commands with parameters separately from the concept of commands alone. Later, the pace picks up, and strategic advice is substituted (such as how to partition a disk for maximum speed and reliability) for "type-this" instructions.

Throughout, the book makes effective use of O'Reilly's time-tested and remarkably clear format for presenting Unix commands and configuration files. Each chapter concludes with a series of exercises designed to help you discover behaviors on your own, and includes the practice questions you expect in a test-prep aid. --David Wall

Topics covered: The knowledge that's tested on the Linux Professional Institute's exams 101 and 102, which includes everything from basic Linux commands and concepts to installation of the operating system, essential network configuration, and kernel recompilation. --This text refers to the Paperback edition.

Book Description

LPI Linux Certification in a Nutshell, Second Edition is an invaluable resource for determining what you need to practice to pass the Linux Professional Institute exams. This book will help you determine when you're ready to take the exams, which are technically challenging and designed to reflect the skills that administrators need in real working environments.

As more corporations adopt Linux as the networking backbone for their IT systems, the demand for certified technicians will become even greater. Passing the LPI exams will broaden your career options because the LPIC is the most widely known and respected Linux certification program in the world. Linux Journal recognized the LPI as the best Training and Certification Program. The exams were developed by the Linux Professional Institute, an international, volunteer-driven organization with affiliates in a dozen countries.

The core LPI exams cover two levels. Level 1 tests a basic knowledge of Linux installation, configuration, and command-line skills. Level 2 goes into much more depth regarding system troubleshooting and network services such as email and the Web. The second edition of LPI Linux Certification in a Nutshell is a thoroughly researched reference to these exams. The book is divided into four parts, one for each of the LPI exams. Each part features not only a summary of the core skills you need, but sample exercises and test questions, along with helpful hints to let you focus your energies.

Major topics include:

* GNU and Unix commands
* Linux installation and package management
* Devices, filesystems, and kernel configuration
* Text editing, processing, and printing
* The X Window System
* Networking fundamentals and troubleshooting
* Security, including intrusion detection, SSH, Kerberos, and more
* DNS, DHCP, file sharing, and other networking infrastructure
* Email, FTP, and Web services

Praise for the first edition:
"Although O'Reilly's Nutshell series are intended as 'Desktop Reference' manuals, I have to recommend this one as a good all-round read; not only as a primer for LPI certification, but as an excellent introductory text on GNU/Linux. In all, this is a valuable addition to O'Reilly's already packed stable of Linux titles and I look forward to more from the author." --First Monday

# Paperback: 961 pages
# Publisher: O'Reilly Media; 2 edition (July 1, 2006)
# Language: English
# ISBN-10: 0596005288
# ISBN-13: 978-0596005283
# Product Dimensions: 9 x 6 x 2.1 inches

http://rapidshare.com/files/19002989/OReilly.LPI.Linux.Certification.in.a.Nutshell.2nd.Edition.Jul.

Mysql Backup Script

A script to take daily, weekly and monthly backups of your MySQL databases using mysqldump. Features - Backup mutiple databases - Single backup file or to a seperate file for each DB - Compress backup files - servers - remote servers - E-mail logs – More

AutoMySQLBackup Script Features

• Backup mutiple MySQL databases with one script. (Now able to backup ALL databases on a server easily. no longer need to specify each database seperately)
• Backup all databases to a single backup file or to a seperate directory and file for each database.
• Automatically compress the backup files to save disk space using either gzip or bzip2 compression.
• Can backup remote MySQL servers to a central server.
• Runs automatically using cron or can be run manually.
• Can e-mail the backup log to any specified e-mail address instead of "root". (Great for hosted websites and databases).
• Can email the compressed backup files to the specified email address.
• Can specify maximun size backup to email.
• Can be set to run PRE and POST backup commands.
• Choose which day of the week to run weekly backups.

AutoMySQLBackup Download

The AutoMySQLBackup project has now been moved to Sourceforge.net for better maintainence.

http://sourceforge.net/projects/automysqlbackup/

AutoMySQLBackup Requirements

The AutoMySQLBackup script only requires mysqldump (A standard utility provided with the mysql client) and gzip or bzip2 for compression of the backup files.

If you would like to have the log emailed to you then you will need to have permission to execute the "mail" program. If you want the compressed backup files mailed to you then Mutt must be available on the server.
Finally you will need a bash shell and the standard system tools and utilities (all these requirements should be the default on most linux system.)

What AutoMySQLBackup does

Every day AutoMySQLBackup will run (if setup on /etc/cron.daily) and using mysqldump and gzip will dump your specified databases to the /backups/daily directory, it will rotate daily backups weekly so you should never have more than 7 backups in there..

Every Saturday AutoMySQLBackup will again backup the databases you have chosen but they will be placed into /backups/weekly, these will be rotated every 5 weeks so there should never be more than 5 backups in there..

Every 1st of the month AutoMySQLBackup will create a backup of all databases and place them into /backups/monthly. These will never be rotated so it will be up to you to do your own house keeping. I would suggest taking a copy of this offline every month or two so that if you have a hard drive failure you will be able to restore your database..

AutoMySQLBackup Installation

The install is as simple as editing a few variables in the AutoMySQLBackup file. The full setup is documented in the AutoMySQLBackup script file below the variables section..

Here is a quick minimum setup step by step..

1. Download automysqlbackup.sh and place it into your /etc/cron.daily directory or your home directory.

2. Edit (at least) the following lines :-
USERNAME=dbuser (The user must have at least select privileges to the databases) PASSWORD=password
DBNAMES="DB1 DB2 DB3" (make sure to keep the quotes " " otherwise it won't work)

3. Make the file executable :- chmod u+rwx

4. Create the following directory./backups

5. That's it.. Now you can run it using the command line "./automysqlbackup.sh" or if it is in /etc/cron.daily it will run each day when cron runs.

Monday, July 23, 2007

Hack Proof Linux: A Guide to Open Source

The Linux operating system continues to gain market share based largely on its reputation as being the most secure operating system available. The challenge faced by system administrators installing Linux is that it is secure only if installed and configured properly, constantly and meticulously updated, and carefully integrated with a wide variety of Open Source security tools. The fact that Linux source code is readily available to every hacker means that system administrators must continually learn security and anti-hacker techniques.

Hack Proofing Linux will provide system administrators with all of the techniques necessary to properly configure and maintain Linux systems and counter malicious attacks.

* Linux operating systems and Open Source security tools are incredibly powerful, complex, and notoriously under-documented - this book addresses a real need
* CD-Rom contains Red Hat/Mandrake Linux RPMs as well as tarballs for other Linux distributions and the BSD community
* Uses forensics-based analysis to give the reader an insight to the mind of a hacker

Download it here

Ubuntu Guide

Ubuntu guide describing lot of How to in ubuntu.

Link: Ubuntu Guide

Sunday, July 22, 2007

Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this: Read More ............


Friday, July 20, 2007

Basic Iptable Script

#!/bin/bash

#################################################################
#
# 1. Configuration options.
#

#################################################################
#
# Local Area Network configuration.
#
# your LAN's IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#

LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.255.255"
LAN_IFACE="eth1"

################################################################
#
# Localhost Configuration.
#

LO_IFACE="lo"
LO_IP="127.0.0.1"

################################################################
#
# Internet Configuration.
#

INET_IP="194.236.50.155"
INET_IFACE="eth0"

################################################################
#
# IPTables Configuration.
#

IPTABLES="/usr/sbin/iptables"

################################################################
#
# 2. Module loading.
#

#
# Needed to initially load modules
#
/sbin/depmod -a

#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE

#
# Support for owner matching
#
#/sbin/modprobe ipt_owner

#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc


###############################################################
#
# 3. /proc set up.
#
# Enable ip_forward if you have two or more networks, including the
# Internet, that needs forwarding of packets through this box. This is
# critical since it is turned off as default in Linux.
#

echo "1" > /proc/sys/net/ipv4/ip_forward

#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr

################################################################
#
# 4. IPTables rules set up.
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains.
#

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we don't want.
#

$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

#
# Do some checks for obviously spoofed IP's
#

$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP

#
# Enable simple IP Forwarding and Network Address Translation
#

$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

#
# Bad TCP packets we don't want
#

$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

#
# Accept the packets we actually want to forward
#

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "

#
# Create separate chains for ICMP, TCP and UDP to traverse
#

$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets

#
# The allowed chain for TCP connections
#

$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP

#
# ICMP rules
#

# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

#
# TCP rules
#

$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed

#
# UDP ports
#

# nondocumented commenting out of these rules
#$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
#$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT

##########################
# INPUT chain
#
# Bad TCP packets we don't want.
#

$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

#
# Rules for incoming packets from the internet.
#

$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udpincoming_packets

#
# Rules for special networks not part of the Internet
#

$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADRESS -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT INPUT packet died: "

###############################
# OUTPUT chain
#
#
# Bad TCP packets we don't want.
#

$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

#
# Special OUTPUT rules to decide which IP's to allow.
#

$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT

#
# Log weird packets that don't match the above.
#

$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT OUTPUT packet died: "

Basic backup script using tar

If you are looking for a simple backup script using tar then the below script is enough.

*************************************************************************************
#!/bin/sh
# full and incremental backup script
# created 07 February 2000
# Based on a script by Daniel O'Callaghan
# and modified by Gerhard Mourani

#Change the 5 variables below to fit your computer/backup

COMPUTER=deep # name of this computer
DIRECTORIES="/home" # directoris to backup
BACKUPDIR=/backups # where to store the backups
TIMEDIR=/backups/last-full # where to store time of full backup
TAR=/bin/tar # name and locaction of tar

#You should not have to change anything below here

PATH=/usr/local/bin:/usr/bin:/bin
DOW=`date +%a` # Day of the week e.g. Mon
DOM=`date +%d` # Date of the Month e.g. 27
DM=`date +%d%b` # Date and Month e.g. 27Sep

# On the 1st of the month a permanet full backup is made
# Every Sunday a full backup is made - overwriting last Sundays backup
# The rest of the time an incremental backup is made. Each incremental
# backup overwrites last weeks incremental backup of the same name.
#
# if NEWER = "", then tar backs up all files in the directories
# otherwise it backs up files newer than the NEWER date. NEWER
# gets it date from the file written every Sunday.


# Monthly full backup
if [ $DOM = "01" ]; then
NEWER=""
$TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DM.tar $DIRECTORIES
fi

# Weekly full backup
if [ $DOW = "Sun" ]; then
NEWER=""
NOW=`date +%d-%b`

# Update full backup date
echo $NOW > $TIMEDIR/$COMPUTER-full-date
$TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES

# Make incremental backup - overwrite last weeks
else

# Get date of last full backup
NEWER="--newer `cat $TIMEDIR/$COMPUTER-full-date`"
$TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES
fi
*************************************************************************************