Wednesday, August 29, 2007

Exclude directories in tar

TAR:

tar -cvf httpdocs_06_20_2006.tar.gz
/home/user/domain.com/site
--exclude "/home/user/domain.com/site/excluded-dir1"
--exclude "/home/user/domain.com/site/excluded-dir2"

GNU TAR:

tar -cvf httpdocs_06_20_2006.tar.gz
--exclude "/home/user/domain.com/site/excluded-dir1"
--exclude "/home/user/domain.com/site/excluded-dir2"
/home/user/domain.com/site

Tuesday, August 21, 2007

Setting Up A PXE Install Server For Multiple Linux Distributions With Ubuntu Edgy Eft

This tutorial shows how to set up a PXE (short for preboot execution environment) install server with Ubuntu 6.10 (Edgy Eft). A PXE install server allows your client computers to boot and install a Linux distribution over the network, without the need of burning Linux iso images onto a CD/DVD, boot floppy images, etc. This is handy if your client computers don't have CD or floppy drives, or if you want to set up multiple computers at the same time (e.g. in a large enterprise), or simply because you want to save the money for the CDs/DVDs. In this article I show how to configure a PXE server that allows you to boot multiple distributions: Ubuntu Edgy/Dapper, Debian Etch/Sarge, Fedora Core 6, CentOS 4.4, OpenSuSE 10.2, and Mandriva 2007. Read more.....

Linux Quota Tutorial

1. Edit file /etc/fstab to add qualifier "usrquota" (for user) or/and "grpquota" (for groups) to the partition in which you want to add quota support. For example here I've added both types to my / (root) partition. Make sure there are NO SPACES after "defaults" and up to your qualifiers that you add.

LABEL=/ / ext3 defaults,usrquota,grpquota 1 1


2. Create files aquota.user (and aquota.group if you want to add group quota support) on the root of the partition that you added quota support to. Following the above example:

touch /aquota.user

Then change the permissions on these files as such

chmod 600 /aquota.user

3. Run quotacheck

quotacheck -va

Note: If you are trying to enable quota on the / partition you might get an error such as
"quotacheck: Can't find filesystem to check or filesystem not mounted with quota option."
In that case run "quotacheck -vam" and then "quotacheck -vgam" (for groups)
If you still get the error then reboot the system.
Make sure that if you are using the -m flag that no other process will be writing to that partition. If you are unsure you are recommended that you start the system in single user mode.
You may get this warning:
quotacheck: WARNING - Quotafile //aquota.user was probably truncated. Can't save quota settings...
This is nothing to worry about.



4. Turn quota on

quotaon -av

5. Now you are ready to edit quotas. Edit a user quota with the command "edquota -u user" and edit a group's quota with the command "edquota -g group". Both of these commands will run vi by default and give you the ability to edit the quota for the user/group. For example

[root@localhost root]# edquota -u testuser
Disk quotas for user testuser (uid 504):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 40 0 0 11 0 0

The above shows the testuser using 40 blocks (1 block = 1 KB) and no soft or hard quotas on block usage, using 11 inodes and no soft or hard quotas on inodes.

After editing the file to give the user 5 MB soft limit and 6 MB hard limit the file would look something like this



Disk quotas for user testuser (uid 504):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 40 5120 6144 11 0 0

Soft limit indicates the maximum amount of disk usage a quota user has on a partition. When combined with "grace period" it acts as the border line, which a quota user is issued warnings about his impending quota violation when passed. Hard limit works only when "grace period" is set. It specifies the absolute limit on the disk usage, which a quota user can't go beyond his "hard limit".

You can edit the grace period with the command "edquota -t" to edit grace period.

Misc:
To show your quota : "quota"
To show a users quota : "quota -u user"
To show all users quota usage : "repquota -a"

Thursday, August 16, 2007

Deny user login by locking out account

Pass -l option to passwd command. It is used to lock the specified

account and it is available to root only. The locking is performed by
rendering the encrypted password into an invalid string and by
prefixing the encrypted string with an !.


Syntax


passwd -l {username}


Unlock account or allow login


To allow login use passwd command as follows:

passwd -u {username}


This is the reverse of the -l option - it will unlock the account password by removing the ! prefix.


/sbin/nologin shell


/sbin/nologin displays a message that an account is not available
and exits non-zero. It is intended as a replacement shell field for
accounts that have been disabled or login is blocked.


Example: Deny login for tom user


Type the command as follows (login as root user):

# passwd -l tom

You can also change shell to /sbin/nologin:

# usermod -s /sbin/nologin tom


Example: Allog login for tom user


Type the command as follows (login as root user):

# passwd -u tom

You can also need change back shell from /sbin/nologin to /bin/bash:

# usermod -s /bin/bash tom

Blogged with Flock

Monday, August 13, 2007

Linux MRTG Configuration HOW-TO

MRTG is wonderful tool. You can use it to monitor traffic on your router or leased server located at remote IDC. Since it is written in Perl and some code in C language, it is portable and high performance tool.

for more info read here...........


Backup hard disk partition table

dd the old good command which now backup partition tables even writes CDs ;). Backing up partition is nothing but actually backing up MBR (master boot record). The command is as follows for backing up MBR stored on /dev/sdX or /dev/hdX :

# dd if=/dev/sdX of=/tmp/sda-mbr.bin bs=512 count=1

Replace X with actual device name such as /dev/sda.

Now to restore partition table to disk, all you need to do is use dd command:

# dd if= sda-mbr.bin of=/dev/sdX bs=1 count=64 skip=446 seek=446

dd command works with Solaris, HP-UX and all other UNIX like operating systems. Read man page of dd for more info.

Tuesday, August 7, 2007

Setting up an OpenVPN server in Fedora 7

Setting up an OpenVPN server

  1. yum install openvpn.$HOSTTYPE

  2. Copy /usr/share/openvpn/easy-rsa/ somewhere (like root's home directory with cp -ai /usr/share/openvpn/easy-rsa ~).

  3. cd ~/easy-rsa

  4. Edit vars appropriately.

  5. . vars

  6. ./clean-all

  7. Before continuing, make sure the system time is correct. Preferably, set up NTP.

  8. ./build-ca

  9. ./build-inter $( hostname | cut -d. -f1 )

  10. ./build-dh

  11. mkdir /etc/openvpn/keys

  12. cp -ai keys/$( hostname | cut -d. -f1 ).{crt,key} keys/ca.crt keys/dh1024.pem /etc/openvpn/keys/

  13. cp -ai /usr/share/doc/openvpn-*/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf

  14. Edit /etc/openvpn/server.conf appropriately.

  15. chkconfig --level 2345 openvpn on

  16. service openvpn start

  17. Verify that firewall rules allow traffic in from tun+, out from the LAN to tun+, and in from the outside on UDP port 1194. The following should work:

     iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
    iptables -A INPUT -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
    iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT

    Or for genfw (my firewall-generation script, not currently available in Fedora), this in /etc/sysconfig/genfw/rules:

     append INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
    append INPUT -i tun+ -j ACCEPT
    append FORWARD -i tun+ -j ACCEPT
    append FORWARD -i eth0 -o tun+ -j ACCEPT
    append FORWARD -i eth1 -o tun+ -j established

Setting up a Windows OpenVPN client

On the server:

  1. cd easy-rsa

  2. . vars

  3. ./build-key username

On the client:

  1. Install the OpenVPN GUI or the stand-alone OpenVPN client.

  2. Copy username.crt, username.key, and ca.crt to C:\Program Files\OpenVPN\config\ on the client.

  3. Drop roadwarrior-client.conf into C:\Program Files\OpenVPN\config\ as whatever.ovpn and edit appropriately.

  4. Either use the GUI to start the connection, start the OpenVPN service manually, or set the OpenVPN service to start automatically.
Ideally the client should do some verification on the server key with tls-remote in the whatever.ovpn configuration file.

Loads of linux links for video

http://loll.sourceforge.net/linux/links/Audio-Video/Video/index.html

Tutorial: Video, DVD players, TV and Multimedia

This covers Linux video players, DVD players, TV, HDTV and Hauppauge WinTV PCI card use. Included in this tutorial are links to software, video formats and information pertaining to video multimedia on Linux. This page also includes a tutorial on the use of the Hauppauge WinTV PCI card, linux video conferencing, surveillance, capture and TV broadcast display under Linux.

http://www.yolinux.com/TUTORIALS/LinuxTutorialVideo.html


Note: Taken from www.yolinux.com

Thursday, August 2, 2007

Microsoft Vista vs Ubuntu linux

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.
TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.)
Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite."
Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem.
Protocols related to TCP/IP include the User Datagram Protocol (UDP), which is used instead of TCP for special purposes. Other protocols are used by network host computers for exchanging router information. These include the Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP), the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).