Shashikant shah

Tuesday, 30 October 2012

Different between TCP and UDP


TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control." Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred. This works because if a packet of data is sent, a collision may occur. When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original. 


UDP (User Datagram Protocol) is anther commonly used protocol on the Internet. However, UDP is never used to send important data such as webpages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed! The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed. This is the main reason why streaming media is not high quality.


 Frame Structure

 As data moves along a network, various attributes are added to the file to create a frame. This process is called encapsulation. There are different methods of encapsulation depending on which protocol and topology are being used. As a result, the frame structure of these packets differ as well. The images below show both the TCP and UDP frame structures.

                                         
                                     TCP FRAME STRUCTURE

                                    UDP FRAME STRUCTURE

 

The payload field contains the actually data. Notice that TCP has a more complex frame structure. This is largely due to the fact the TCP is a connection-oriented protocol. The extra fields are need to ensure the "guaranteed delivery" offered by TCP.

Friday, 19 October 2012

How to Email Works

Using email is very easy, but setting up your own email server is not. This article describes how email works to give you an introduction on the various components needed to implement your own mail server.


1. The sender uses a Mail User Agent (MUA) to compose an email. An MUA,  
    often referred to as a mail client, is a program that allows a user to compose,
    send and receive email.

2. The mail is sent to a Mail Transfer Agent (MTA) which is responsible for
    sending the email to the receipient’s MTA. An MTA transfers mail messages  
    between computers via the SMTP protocol. Postfix, Sendmail, Exim and
    Qmail are examples of an MTA.

3. The recipient’s MTA receives the email and passes it on to a Mail Delivery   
   Agent (MDA). An MDA manages the user’s mailbox and handles mails for
   delivery to the MUA using either the POP or IMAP protocol.

  • POP (Post Office Protocol)
    Although most mail clients have an option to Leave a copy on the server, POP is generally used to download all messages from the mailbox, store them on the user’s PC as new messages and delete them from the server.
  • IMAP (Internet Message Access Protocol)
    Allows users to view their mailboxes on the server and to delete mail only when told to do so.

    Mbox and Maildir are two common mailbox formats used in Unix. Dovecot, Cyrus and Courier are examples of an MDA.

    4. The recipient uses an MUA to check and retrieve messages from the MDA.

Configuring SquirrelMail on RHEL - 5.5

# yum install squirrelmail*

# yum install httpd*

1.From a Terminal window, type in /usr/share/squirrelmail/config/conf.pl and
press Enter. This will launch the SquirrelMail Configuration utility.

If your Terminal window has a white background, make sure that the colors are off by looking for
the command Turn color on. If the command is Turn color off, type in C and press
Enter to turn the colors off. This will ensure that you will be able to read all of the text.

  

2.Type in D and press Enter to select the Set pre-defined settings for specific IMAP servers menu.
Type in dovecot and press Enter.


3.Type in 2 and press Enter to select the Server Settings menu.


 4.Type in 1 and press Enter to select the Domain menu. Type in your domain name and press
Enter. Save your changes when you are done.


I recommend installing the Retrieve User Data plugin so the user’s name will appear whenever he or she sends an email in SquirrelMail.
 
Testing SquirrelMail

1.In the address box, type in http://localhost/webmail and press Enter. Type in a valid username and
password and click Login.
login :- shashi
passwd :- *****


2.That’s it, it’s working.
 

 Note :- If you encounter any problems, check the log file at /var/log/maillog.

Relocating SquirrelMail into the domain root
 
1. Create the file /etc/httpd/conf.d/sqroot.conf containing the lines below.
 
<VirtualHost *:80>
DocumentRoot /usr/share/squirrelmail
</VirtualHost>
 
# service httpd restart


 














Dovecot POP3/IMAP Server for RHEL - 5.5



 # Yum install dovecot*
# vim /etc/dovecot.conf
20 protocols = pop3 pop3s imap imaps
205 mail_location = maildir:~/Maildir/
622 pop3_uidl_format = %08Xu%08Xv
564 imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
647 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
For 64-bit users: Add the line login_process_size = 64 in the file /etc/dovecot.conf.
Lines starting with # are comments. The last two line enables workarounds for various client bugs. Save the file after completing your changes.
# /etc/init.d/dovecot restart

Test Dovecot

Sample dovecot session. Replace shashi and password with any valid user name and password.


[root@mail ~]# telnet localhost pop3
+OK dovecot ready.
user shashi
+OK
pass passwd
+OK Logged in.
list
+OK 1 messages:
1 622
.
retr 1
+OK 622 octets
Return-Path: <shashi@example.com>
X-Original-To: shashi
Delivered-To: shashi@example.com
Received: from mail.example.com (mail.example.com [192.168.0.123])
        by mail.example.com (Postfix) with SMTP id 9729067C17
        for <shashi>; Thu, 22 Feb 2007 09:06:37 -0500 (EST)
Message-Id: <20070222140640.9729067C17@mail.example.com>
Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)
From: shashi@example.com
To: undisclosed-recipients:;
X-IMAPbase: 1172153557 1
Status: O
X-UID: 1
Content-Length: 5
X-Keywords:


test
.
quit
+OK Logging out.
Connection closed by foreign host.
If you encounter any problems, check the log file at /var/log/maillog.

POSTFIX SMTP RHEL - 5.5


Switch to Postfix from Sendmail

Yum install system-switch-mail
yum install postfix*
1.In the system-switch-mail window, 

  select Postfix and click Ok.

3.Go to this path:-

vim /etc/postfix/main.cf
69 myhostname = mail.example.com
77 mydomain = example.com
93 myorigin = $mydomain
107 inet_interfaces = all

155 mydestination = $myhostname, localhost.$mydomain, localhost
156 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
255 mynetworks = 192.168.0.0/24, 127.0.0.0/8
410 home_mailbox = Maildir/


NOTE:- In main.cf, lines starting with # are comments. Save the file after completing your
changes.

Make sure that all mail_spool_directory lines are commented out. Otherwise, it will override the setting in the home_mailbox line above.

# /etc/init.d/postfix restart

Test Postfix


Sample postfix session. Replace johndoe with any valid user account. The dot after the line test is a command that should be typed in.

[root@mail ~]# telnet mail.example.com smtp
Trying 127.0.0.1...
Connected to mail.example.com (192.168.0.123).
Escape character is '^]'.
220 mail.acme.local ESMTP Postfix
ehlo mail.example.com
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:shashi
250 2.1.0 Ok
rcpt to:shashi
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 9729067C17
quit
221 2.0.0 Bye
Connection closed by foreign host. 
 
[root@mail ~]#
 
To check if the mail indeed exists

[root@mail ~]# cd /home/shashi/Maildir/new
[root@mail new]# ls
1185669817.Vfd00I18012M795756.mail.example.com
[root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.example.com
Don’t worry, you don’t have to type in the whole filename above. Just type in the first few characters say 118 then press Tab to activate automatic completion.
From shashi@mail.acme.local  Thu Feb 22 21:48:28 2007
Return-Path: <shashi.example.com>
X-Original-To: shashi
Delivered-To: shashi@example.com
Received: from mail.example.com (mail.example.com [192.168.0.123])
        by mail.example.com (Postfix) with SMTP id 9729067C17
        for <shashi>; Thu, 22 Feb 2007 21:48:26 -0500 (EST)
Message-Id: <20070222134827.9729067C17@example.com>
Date: Thu, 22 Feb 2007 21:48:26 -0500 (EST)
From: shashi@example.com
To: undisclosed-recipients:;

test 
 
############### Complited SMTP #############################

Monday, 15 October 2012

How to take mysql backups


Why should I backup my mysql database?
It is a good practice to backup your database, periodically. In case of a corruption or a compromise, backup restore can be a ‘life saver’.

How can you create MySQL database backup?

You can create a backup of your database using the mysqldump utility to quickly backup the mysql database to flat files. You may follow these commands to create a backup:
 
# mysqldump -u[Username] -p[password] [databasename] > [backupfile.sql]

This will backup the database as a flat file called backupfile.sql.
Let us take an example to backup the database called football for account, root, into the file, football.sql.

1) If you want to take the full backup of all tables including the data:
# mysqldump -u root -ppassword  football > football.sql
Where ‘password’ is the password for the user root, which has full permissions over the database called football.

2) If you want to take the backup of structures, only:
# mysqldump -u root  -ppassword --no-data football > football.sql

3)If you want to backup the data only:
# mysqldump -u root -ppassword --no-create-info football > football.sql
  Restoring mysql database

If you want to restore the football database from the backup, you may use the following command:
# mysql -u root -ppassword football < football.sql

You are done.

Email alert on root SSH login

Why should I enable email alert for every root login?
If you want to get notified instantly when someone logs into your server with date, time and local ip address then you need to enable email alerts.
 
What are the disadvantages of enabling email alerts?
None. Please do make sure that the email address on which u want to get the alert is not hosted on the same server.
How can I enable email alerts?
Applies to: RedHat, CentOS, Ubuntu
1) Login to the server as root.
2) Open the .bashrc file under /root :
# vi /root/.bashrc
3) Append the following to the file :
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" user@example.com
Replace user@example.com with the email address on which u want to get the email alert.
4) Save and exit.
Now logout and login again as root, you should receive a root login alert email.
When you login again as root and if you are prompted with this error (assuming use of postfix):
postdrop: warning: unable to look up public/pickup: No such file or directory
then do this:
# mkfifo /var/spool/postfix/public/pickup
# ps aux | grep mail
# kill [insert process number]
# sudo /etc/init.d/postfix restart
Now logout and login again as root, you should receive an email of the root login alert.

Get email alerts for each SSH root login to your server

There are 3 files that can be run once a user logs in (and the Bash Shell starts) and we will add a line in one of these which will email a notification to a given email address whenever the root user logs in. The 3 possible files are in the root user's home directory:
·         .bash_profile
·         .bash_login
·         .profile
Bash looks for those scripts in that order and once it has found a file that matches that filename, it and only it, is run. For example, if there is a .bashprofile file, any commands in .bashlogin will not be called.
So once you have logged in as root
$ cd

$ ls -al



This will give you a list of all files in root's home directory and see which of the above three files exist and open the one that gets called first. Insert this line
echo "ALERT - Root Shell Access on:" `date` `who` | mail -s "Alert: Root Access on SERVER" YOU@DOMAIN.COM



Change SERVER to your server name and YOU@DOMAIN.COM to your email address. Then logout and back in again and check your inbox for a notification

Saturday, 6 October 2012

TMOUT To Automatically Log Users Out



How do I auto Logout my shell user in Linux after certain minutes of inactivity?

Linux bash shell allows you to define the TMOUT environment variable. Set TMOUT to automatically log users out after a period of inactivity. The value is defined in seconds. For example,
export TMOUT=120

The above command will implement a 2 minute idle time-out for the default /bin/bash shell. You can edit your ~/.bash_profile or /etc/profile file as follows to define a 5 minute idle time out:
# set a 5 min timeout policy for bash shell
TMOUT=300
readonly TMOUT
export TMOUT

Save and close the file. The readonly command is used to make variables and functions readonly i.e. you user cannot change the value of variable called TMOUT.

How Do I Disable TMOUT?

To disable auto-logout, just set the TMOUT to zero or unset it as follows:
$ export TMOUT=0
or
$ unset TMOUT

Please note that readonly variable can only be disabled by root in /etc/profile or ~/.bash_profile.

Tuesday, 2 October 2012

Sample Webdav Configuration in Apache rhel-5.5


Introduction:
            WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.

Problem:
Need to enable the webdav (Web-based Distributed Authoring and Versioning) in apache web server.

Solution:

1)      Install the required rpms

                        # yum install httpd

2)      Enable the webdav related modules in the httpd,conf file

            # vi /etc/httpd/conf/httpd.conf

            LoadModule dav_module modules/mod_dav.so
            LoadModule dav_fs_module modules/mod_dav_fs.so

3)      Create a directory to publish over web server

                  # mkdir /var/www/webdav

4)      Create one new configuration file for the webdav

            # vi /etc/httpd/conf.d/webdav.conf

            <IfModule mod_dav.c>
            LimitXMLRequestBody 131072

            Alias /webdav "/var/www/webdav"
            <Directory /var/www/webdav>
            Dav On
            Options +Indexes
            IndexOptions FancyIndexing
            AddDefaultCharset UTF-8
            Order allow,deny
            Allow from all
            </Directory>
            </IfModule>


5)      If want to enable authentication for the webdav means, add the below lines in the webdav.conf file and also create the user database
           
            # vi /etc/httpd/conf.d/webdav.conf

            AuthType Basic
            AuthName "WebDAV Server"
            AuthUserFile /etc/httpd/webdav.users.db
            Require valid-user
           
6)      Create the user database using the below command

            # htpasswd -c /etc/httpd/webdav.users.db testuser

7)      Restart the httpd service

            # service httpd restart

8)      Access the webdav from the client using the below URL

            http://shashikant/webdav



III-2 Now open the webdab with http://localhost/webdav  or with cadaver tool
# cadaver http://localhost/webdav
Authentication required for WebDAV on server `localhost’:
Username: admin
Password:
dav:/webdav/>
Now   how  to connect   from Windows to  webdav server


To connect  from Linux  (ubuntu   example)

Windows AD authentication for Linux Clients


Release:
RedHat Enterprise Linux 5
Windows Enterprise Server 2003 R2

Assumption:
Domain Name : EXAMPLE.COM
AD Server IP Address : 192.168.1.60
AD Server Hostname : SHASHI
Linux Client IP Address : 192.168.1.26
Linux Clinet Hostname : CLIENT

1).Install the required RPMs

# yum install krb5-libs pam_krb5 krb5-workstation samba-common samba-client

2) Add the domain server entry in the host file

# vi /etc/hosts
192.168.1.60 shashi.example.com shashi
192.168.1.26 client.example.com client

3) Mention the name server ipaddress in the resolv.conf file

# vi /etc/resolv.conf
nameserver 192.168.1.60

Configure Kerberos for AD Integration:

4) Modify the /etc/krb5.conf file, to enable the Domain controller authentication in Linux.



# vi /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = SHASHI.EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
EXAMPLE.COM = {
kdc = shashi.example.com
admin_server = shashi.example.com:749
default_domain = example.com
}

[domain_realm]
.testdom.com = EXAMPLE.COM
testdom.com = EXAMPLE.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
5) PAM needs to be configured to use Active Directory authentication. Edit the system-auth file like below

# vi /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
          account     sufficient    pam_succeed_if.so uid < 500 quiet
          account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
          account     required      pam_permit.so

          password    requisite     pam_cracklib.so try_first_pass retry=3
          password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
          password    sufficient    pam_winbind.so use_authtok
          password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
          session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0077
          session     required      pam_limits.so
          session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
          session     required      pam_unix.so

Create Users and Group from DC:

6)      Add the below entries in /etc/samba/smb.conf file, will cause the winbind service to enumerate users and groups from the domain controller.

         # vi /etc/samba/smb.conf

         workgroup = EXAMPLE
         password server = shashi.example.com
         server string = Samba Server Version %v
         realm = EXAMPLE.COM
         security = ads
         idmap uid = 16777216-33554431
         idmap gid = 16777216-33554431
         winbind separator = #

         winbind enum groups = yes
         winbind enum users = yes
         template homedir = /home/%U
         template shell = /bin/bash
         winbind use default domain = true
         winbind offline logon = false

Where,
idmap uid - the range of numeric uid's that winbind will use to enumerate domain users with on your system. You should select a range that does not conflict with uid numbers already in use on the system.

idmap gid - the range of numeric gid's that winbind will use to enumerate domain groups on your system.

winbind enum groups and winbind enum users - whether winbind should "create" the domain's groups/users on the system or not.

winbind separator - the character winbind will use to separate the domain name from the user or group name The template homedir statement is used to generate the home directory path for domain users.

realm - is used to describe a Kerberos-based security architecture

template homedir = /home/%Uhere %u substituted with the user's Windows NT user name

template shell = /bin/bashlogin shell for that user

7) Change the user information and authentication type to winbind using the “authconfig-tuicommand

# authconfig-tui





Then Select “Next” and Select “ok”.

8) Restart the winbind service and also configure winbind to start automatically.

# service winbind restart
# chkconfig --level 35 winbind on

9) Join the Domain using the below command

# net ads join -U administrator

10) To test the enumeration function of the winbind use the below commands.

# wbinfo –u
# wbinfo –g