A script to clean up the log files in /var/log July 19, 2009

#!/bin/bash

LOG_DIR=/var/log
ROOT_UID=0 # Only users with $UID 0 have root privileges.
LINES=50 # Default number of lines saved.
E_XCD=86 # Can’t change directory?
E_NOTROOT=87 # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]
then
echo “Must be root to run this script.”
exit $E_NOTROOT
fi

if [ -n "$1" ]
# Test whether command-line argument is present (non-empty).
then
lines=$1
else
lines=$LINES # Default, if not specified on command-line.
fi

cd $LOG_DIR

if [ `pwd` != "$LOG_DIR" ] # or if [ "$PWD" != "$LOG_DIR" ]
# Not in /var/log?
then
echo “Can’t change to $LOG_DIR.”
exit $E_XCD
fi # Doublecheck if in right directory before messing with log file.

# Far more efficient is:
#
# cd /var/log || {
# echo “Cannot change to necessary directory.” >&2
# exit $E_XCD;
# }

tail -n $lines messages > mesg.temp # Save last section of message log file.
mv mesg.temp messages # Becomes new log directory.

# cat /dev/null > messages
#* No longer needed, as the above method is safer.

cat /dev/null > wtmp # ‘: > wtmp’ and ‘> wtmp’ have the same effect.
echo “Logs cleaned up.”

exit 0
# A zero return value from the script upon exit indicates success

HowTo: Creating virtual interfaces in solaris/Redhat/Debian July 19, 2009

Sometimes it’s useful to create a virtual network interface on your Solaris box, so that you can associate multiple IP addresses with the same host and not have to go through all the trouble of buying another NIC.

Here’s a quick HOWTO. Let’s assume our network card is eri0, and we want to create a virtual interface called eri0:1

Create the virtual interface:

# ifconfig eri0:1 plumb

Configure the virtual interface:

# ifconfig eri0:1 179.164.83.161 netmask 255.255.255.0 broadcast 179.164.83.255

Check to make sure it worked:

# ifconfig -a

eri0:1: flags=1000842 mtu 1500 index 2

inet 179.164.83.161 netmask ffffff00 broadcast 179.164.83.255

Finally bring up your new virtual interface:

# ifconfig eri0:1 up

To make it come up on start:

create /etc/hostname.eri0:1 with hostname in it

make sure the hostname is in /etc/hosts

To Disable: ifconfig eri0:1 unplumb

In RedHat

# ifconfig eth0:1 192.168.30.128 netmask 255.255.255.0

That’s all it takes! Let’s check to make sure it took:

# ifconfig -a

You can (and should!) also give this new address its own name in the /etc/hosts file:

192.168.30.128 stationX

To make this permanent in RedHat or Mandriva, look in the directory /etc/sysconfig/network-scripts — you’ll see a file called ifcfg-eth0. Copy that file and edit it to create a new ifcfg-eth0:1 (Be sure to edit the contents of the file to give it the right address and netmask, of course.)

Now your eth0:1 interface will start automatically at reboot, just like eth0 itself. You can have as many of these “ifcfg-” files as you like, within reason.

In Debian

the file is called “/etc/network/interfaces” and is somewhat simpler:

auto eth0

iface eth0 inet static

address 172.16.0.6

netmask 255.255.255.0

auto eth0:1

iface eth0:1 inet static

address 192.168.30.128

netmask 255.255.255.0

You still have to tell the machine about the new network of which it is now a member. That’s the job of the route command:

# route add -net 192.168.30.0 netmask 255.255.255.0

# route

Cheers!!!

NTP – A insight look July 13, 2009

A NTP server is really just a time server that utilises Network Time Protocol (NTP). Whilst other time protocols do exist, NTP is by far the most commonly used and is utilised in over ninety percent of time servers.

NTP server and time server are therefore interchangeable terms but describe the same thing: a device used to receive and distribute a timing signal.

The timing signal utilised by most NTP server is a UTC time source. UTC (Coordinated Universal Time) is a global time scale based on the time told by atomic clocks. By utilising UTC a NTP server can in affect, synchronise a network to the same time as millions of other computer networks from around the world. This has made possible many online global transactions that just simply wouldn’t be possible without UTC.

The timing signal is received by the NTP server (or time server) via a number of ways; the Internet, national time and frequency transmission (long wave) or the GPS (global positioning system) network. Once received the time server (NTP server) checks the authenticity of this signal (except from Internet sources where authentication is not possible), evaluates its accuracy then distributes it amongst the network.

To prevent a possible overload of time requests to the time server, machines that receive a time signal from the NTP server, can themselves be used as a time reference and the machines that receive a time signal from those can again be used as a reference. This hierarchy is called stratum levels. A NTP server is a stratum 1 device, a machine that receives a signal directly from the time server is a stratum 2 device and if a machine receives a signal from that it becomes stratum 3.

NTP server Stratum level explain

NTP is a hierarchical protocol and is divided into stratum which define the distance from the reference clock. A reference clock source that relays UTC (Coordinated Universal Time) time and has little or no delay is known as a stratum-0 device. Stratum-0 servers cannot be used on the network, instead, they are directly connected to computers which then operate as primary.

A primary server that receives a time signal from a stratum 0 device either through the GPS network or national time and frequency transmission is known as a stratum-1 device. On a network a stratum 1 time server supplies the time to other devices on the network which are known as stratum-2 devices. These also can be used as a time source and equipment that connects to a stratum-2 device to receive it become stratum-3 and so on.

NTP can handle up to 16 different stratum levels, although the lower down the hierarchy you go the less accurate the devices become. However, to make the system more reliable, each client can receive a time source from multiple servers. Stratum 2 devices and below can also synchronise with each other. The NTP software monitors continuously the figures of stability and accuracy of all the servers and always chooses a server with the best figures.

Multiple stratum are used an in larger networks because to bombard a single stratum-1 time server with NTP requests from thousands of machines could cause it to overload or block the network itself with workstations/routers etc repeatedly waiting for their time synchronisation requests to go through.

Telling the NTP time

Network Time Protocol (NTP) is an Internet based protocol designed to distribute and synchronise time across a network.

NTP is in fact one of the oldest Internet protocols having been developed in the late 1980’s at Delaware University when the Internet was still in its infancy. It was devised by Professor David Mills and his team when they realised the need for accurate time synchronisation if computers were needed to communicate with each other.

A NTP server is a dedicated device that receives a single timing source and then distributes it amongst all network devices. A NTP server will receive the timing information through a number of ways but normally it is a UTC source (coordinated universal time) a global timescale based on the time as told by ATOMIC CLOCKS.

NTP handles the time in a different way to how humans perceive and deal with it. While we may split a time into seconds, minutes, hours, days, months and years; NTP regards time  as a single number which is the number of seconds since the ‘prime epoch’.

The prime epoch is a date set for when NTP began counting seconds. For NTP the prime Epoch is 00.01 on 1 January 1900 so that means on 1 January 2008 the time according to NTP will be 3405888000, which is the number of seconds since 1900.

Finding a Public NTP server

A public NTP Server is a time server on the Internet that, as the name suggests, members of the public can use as a timing source. The best location on the Internet to find a list of public NTP servers is the home of NTP – www.ntp.org

Setting local date and time using NTP

The ntpdate command sets the local date and time by polling the NTP servers specified to determine the correct time. It obtains a number of samples from each server specified and applies the standard NTP clock filter and selection algorithms to select the best of the samples.

The ntpdate command makes time adjustments in one of the following ways:

• If it determines that the clock is off by more than 0.5 seconds, it steps the clock’s time by calling the settimeofday subroutine. This is the preferred method at boot time.
• If it determines that the clock is off by less than 0.5 seconds, it slews the clock’s time by calling the adjtime subroutine with the offset. This method tends to keep a badly drifting clock more accurate, though at some expense to stability. When running the ntpdate command on a regular basis from the cron command instead of running a daemon, doing so once every hour or two results in precise enough timekeeping to avoid stepping the clock.
  

  Notes:

  1. The ntpdate command’s reliability and precision improves dramatically with a greater number of servers. Although you can use a single server, you obtain better performance by providing at least three or four servers.
  2. If an NTP server daemon like the xntpd daemon is running on the same host, the ntpdate command will decline to set the date.
  3. You must have root authority on the local host to run this command.

The New Ubuntu Uncomplicated Firewall UFW July 13, 2009

Here is an overview on howto use ufw the Uncomplicated Firewall:

Lets turn UFW on:
sudo ufw enable
When you initially turn the firewall on, it is in ACCEPT mode, and will accept everything incoming and outgoing until you make rulesets.

The simple syntax to allow an incoming/outgoing connection on a specified port to any host would be:
sudo ufw allow 53
To specify a protocol, append ’/protocol’ to the port. For example lets enable tcp connections on port 53 incoming/outgoing:
sudo ufw allow 53/tcp
or for udp
sudo ufw allow 53/udp
You can also allow by service name since ufw reads from /etc/services
Lets see what services are in /etc/services:
cat /etc/services | less

As an example lets allow ssh which is port 22
sudo ufw allow ssh

You can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is based on OpenBSD’s PF syntax. Which will deny all traffic to tcp port 22 on this host
ufw deny proto tcp to any port 22

To deny all traffic from the RFC1918 Class A network (10.0.0.0/8) to tcp port 22 with the address 192.168.0.1 we would use this:
ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22

If you want to deny all traffic from the IPv6 2001:db8::/32 to tcp port 80 on this host you would use:
ufw deny proto tcp from 2001:db8::/32 to any port 80

To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp

Lets deny all access to port 80
sudo ufw deny 80
Lets allow all access to port 80
sudo ufw allow 80/tcp

Lets block a single host:
sudo ufw deny from 207.46.232.182
The above command blocked microsoft lol
Lets block microsoft’s class b
sudo ufw deny from 207.46.0.0/16

//
//

Lets allow all access from RFC1918 networks(LAN/WLAN’s) to this host:
sudo ufw allow from 10.0.0.0/8
sudo ufw allow from 172.16.0.0/12
sudo ufw allow from 192.168.0.0/16

Lets Deny access to udp port 139 from host 192.168.1.1:
sudo ufw deny proto udp from 192.168.1.1 to any port 139
The same thing above with tcp instead:
sudo ufw deny proto tcp from 192.168.1.1 to any port 139

Allow access to udp 192.168.1.1 port 22 from 192.168.1.100 port 22:

sudo ufw allow proto udp from 192.168.1.100 port 22 to 192.168.1.1 port 22

To check the status of ufw with the ports in the listening state use:
sudo ufw status

To disable ufw use:
sudo ufw disable

To enable logging use:
ufw logging on

To disable logging use:
ufw logging off

Howto: Convert Redhat and Fedora .rpm files to .deb files in Ubuntu July 13, 2009

Did you find an rpm that isnt available as a .deb file? I would share the easy process of converting rpm to deb, check it out.

To do this, install Alien using:

sudo apt-get install alien

And convert using:

sudo alien -k name-of-rpm-file.rpm

To install .deb packages, double click the file and click Install Package or simply:

sudo dpkg -i name-of-created-deb-file.deb

Alternatively you can simply install rpm files, This command converts rpm to deb then installs the deb file, after it will delete the temporary .deb created
sudo alien -i name-of-rpm-file.rpm

Cheers!!!