Shashikant shah

Friday, 25 October 2013

Install Monit Tool on rhel-5.5


                                    MONIT TOOL

Monit is a free open source utility for managing and monitoring, processes, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

E.g. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and filesystems for changes, such as timestamps changes, checksum changes or size changes.

Monit is controlled via an easy to configure control file based on a free-format, token-oriented syntax. Monit logs to syslog or to its own log file and notifies you about error conditions via customizable alert messages. Monit can perform various TCP/IP network checks, protocol checks and can utilize SSL for such checks.

Install monit tool on rhel-5.5 (32bit) :-


Here we are going to see the some example configuration file
# vim /etc/monit.conf 
##### Global options #####
## Logging options ##

# Poll every minute
set daemon  60

set logfile syslog facility log_daemon  # Set syslog logging.

set mail-format { 
      from: monit@$HOST 
     subject: monit alert --  $EVENT $SERVICE 
     message: $EVENT Service $SERVICE 
                 Date:        $DATE 
                 Action:      $ACTION 
                  Host:        $HOST 
                 Description: $DESCRIPTION 

            Your faithful employee, 
            shashikant shah 
      }

# Here you can setup your own mailserver
set mailserver “smtp.gmail.com” port “587”
username shashi.brain11@gmail.com password “password”
using tlsv1
with timeout 30 seconds
set alert
shashi11.linux@gmail.com

set httpd port 2812 and
use address 0.0.0.0
allow localhost
allow 192.168.0.0/255.255.255.0
allow admin:monit
SSL ENABLE          // for SSL
PEMFILE  /var/certs/monit.pem   // SSL certificate location
 path ssl (/var/certs/monit.pem)
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem 
Then we need to configure OpenSSL configuration file to create our certificate
vi /var/certs/monit.cnf

example file is 
-------------------------------------------------------------------------------------------
# create RSA certs - Server

RANDFILE = ./openssl.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default = MO

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Monitoria

localityName                    = Locality Name (eg, city)
localityName_default            = Monittown

organizationName                = Organization Name (eg, company)
organizationName_default        = Monit Inc.

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Dept. of Monitoring Technologies

commonName                      = Common Name (FQDN of your server)
commonName_default              = server.monit.mo

emailAddress                    = Email Address
emailAddress_default            = root@monit.mo

[ cert_type ]
nsCertType = server

To check your configuration.
#monit –t



check system shashi
group server
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if swap usage > 25% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert

##########
check process httpd with pidfile /var/run/httpd.pid
group apache
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout
#########

#check ping
check host shashi-ping and address 10.30.139.124
group server
if failed icmp type echo count 3
with timeout 5 seconds then alert

#check space
check device shashi-/ with path /dev/sda6
group server
if space usage > 99% then alert

#check port
check host shine-port with address 115.112.0.5
group server
if failed port 80 type tcp with timeout 15 seconds then alert

#check WebSite
check host www.shine.com with address 115.112.0.7 # 115.112.0.5
if failed url http://www.shine.com/ and content == "ok"
then alert

#check www.hindustantimes.com
check host www.hindustantimes.com with address 115.112.0.6 #115.112.0.4
if failed url http://www.hindustantimes.com/ and content == "ok"
then alert

#check port
check host All-Port with address 10.1.0.222
if failed icmp type echo with timeout 4 seconds then alert
if failed port 8181 with timeout 9 seconds then alert
if failed port 8282 with timeout 10 seconds then alert
if failed port 9292 with timeout 14 seconds then alert


#check directory

check directory bin with path /bin
if failed permission 755 then unmonitor
if failed uid 0 then unmonitor

#check LAN
check host shashi-eth0 with address 10.30.139.124
group server
start program = "/sbin/ifup eth0"
stop program = "/sbin/ifdown eth0"
if failed icmp type echo with timeout 15 seconds then restart

check program script with path "/usr/local/bin/script.sh"

if status > 0 then alert {script is run then send a alert}

if status = 9 for 2 cycles then exec "/etc/init.d/some_service restart"
{if script is not run then exec this command or if script is not run then exec other script }

Access the web via http://localhost:2812

Thursday, 3 October 2013

MY-SQL Replication RHEL5.5


MY-SQL Replication Configuration


MASTER :-
IP :-192.168.0.10
Hostname :- shashi.example.com

SLAVE :-
IP :- 192.168.0.11
Hostname :- sk.unicom.com

****MASTER DB SERVER****

1.Install Packages :-

# yum install mysql-server mysql-client

# vim /etc/my.cnf
[mysqld]
server-id=1
binlog-do-db=ruby
log-bin=/var/lib/mysql/mysql-bin.log
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
#
#
old_passwords=1

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

# /etc/init.d/mysqld start

# mysqladmin – u root – password – 'shashi'

# mysql -u root -p shashi

mysql> GRANT REPLICATION SLAVE ON *.* TO 'root'@'%' IDENTIFIED BY 'shashi';
mysql> FLUSH PRIVILEGES;
mysql> CREATE DATABASE ruby;
mysql> USE ruby;
mysql> FLUSH TABLES WITH LOCK;
mysql> SHOW DATABASES;
mysql> \q

# /etc/init.d/mysqld restart

# chkconfig mysqld on

# mysql -u root -p shashi

mysql> unlock tables;

mysql>SHOW MASTER STATUS;











****SLAVE DB SERVER****

1.Install Packages :-

# yum install mysql-server mysql-client

# vim /etc/my.cnf
[mysqld]
report-host=192.168.0.11
server-id=2
master-host=192.168.0.10
master-user=root
master-password=shashi
master-port=3306
master-connect-retry=60
replicate-do-db=ruby
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
#
#
old_passwords=1

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

# /etc/init.d/mysqld start

# mysqladmin – u root – password – 'shashi'

mysql -u root -p shashi
mysql>CHANGE MATER TO MASTER_LOG_FILE='mysql-bin.000010', MASTER_LOG_POS=98;
mysql>START SLAVE;
mysql>SHOW SLAVE STATUS\G;












Check slave server IP :-

# Go to master DB server.
# show slave hosts;
Check slave is properly working or not :-
go to Master DB Server.

mysql>show databases;
mysql>use ruby;
mysql>show tables;
mysql>CREATE TABLE shashi (c int);
mysql>INSERT INTO shashi (c) VALUES (1);
mysql>select * from shashi; ----------------{check values}

Go to Slave DB Server

mysql>show databases;
mysql>use ruby;
mysql>show tables;
mysql>select * from shashi;

Tuesday, 23 July 2013

Install Sudosh in CentOS-6.2


                                       SUDOSH CONFIGURATION

Question:-                                                                                               shashikant shah
I am managing a team of Linux System Administrators, which manages a large number of servers remotely. This admins require root level privileges on servers. Now how can I keep track of each user activity for audit purpose and to keep record of each command is executed on server. Recommend open source application on Linux.

What is Sudosh?
sudosh is a shell wrapper that logs all keystrokes of a terminal with output and save it into a file whcih is randmoly generated for each user. rootsh also supports logging into syslog but it is bad idea because syslog file can easily be removed by a root user.
We will create a separate folder for logs where we will apply group level privileges & apply append attribute to restrict the group members to write/read only to this folder so our files would be secured.

Install some package :-
1.yum install gcc*
2.yum install perl*
3.yum install pam-devel*
4.rpm -qa | egrep -i 'gcc|make|pam-devel'

MAKEDEV-3.23-1.2
gcc44-gfortran-4.4.0-6.el5
make-3.81-3.el5
gcc-gfortran-4.1.2-46.el5
gcc-4.1.2-46.el5
gcc-c++-4.1.2-46.el5
gcc-java-4.1.2-46.el5
libgcc-4.1.2-46.el5
compat-libgcc-296-2.96-138
gcc-objc-4.1.2-46.el5
gcc-gnat-4.1.2-46.el5
pam-devel-0.99.6.2-6.el5
gcc-objc++-4.1.2-46.el5
gcc44-4.4.0-6.el5
gcc44-c++-4.4.0-6.el

5.Install sudosh shell :-

install sudosh-1.8.2.tar.gz
/usr/local/bin/sudosh {this location save shell}

OR

install sudosh-1.8.2-2.el5.rf.i386.rpm
/usr/bin/sudosh {this location save shell}

6.useradd -s /usr/local/bin/sudosh shashi{username}

OR

# vim /etc/default/useradd

SHELL=/usr/bin/sudosh

# useradd shashi
# passwd shashi

7.Check user shell :-

# grep shashi /etc/passwd

shashi:x:500:500::/home/shashi:/usr/local/bin/sudosh

8.add the shell path :-

# vim /etc/shells
/usr/bin/sudosh
/usr/local/bin/sudosh

9.Create a log directory :-

# sudosh -i
# mkdir /var/log/sudosh
# chmod 0733 /var/log/sudosh
# chattr +a /var/log/sudosh

11.Edit some line in sudoers configure file :-

User_Alias ADMINS = shashi, jk

#SUDOSH shell
Cmnd_Alias SUDOSH = /usr/local/bin/sudosh

admins ALL=SUDOSH

12.Run a command :-
# sudo sudosh

13.Check sudosh shell :-
# sudosh-replay

Wednesday, 17 July 2013

SAMBA Server configuration



                                                             SAMBA Server  configuration 

Question  :-  All user access share directory and insert  data but user can not delete data.

Server Side :-
                  Hostname :- shashi.example.com
                  IPadd :- 192.168.0.16/24

1. Install samba package :-
yum install samba* system-config-samba

2.add client hostname and IP in resolve.conf file :-

3.Create a sharing directory :-
mkdir  /home/data

4.Give a permission :-
Chmod  777 /home/data
Chwon  test:test  /home/data

5.Create a user :-
useradd  test

6.some add line in samba configuration  file :-
Vim  /etc/samba/smb.conf

 [data]
                comment = samba server
                path = /home/data
                writeable = yes
                valid users = test
                create mask = 555
                directory mask = 555

7.add user in samba.
smbpasswd   -a  test

8.Now start service :-
/etc/init.d/smb  start
/etc/init.d/smb  restart
chkconfig  smb on

9.Now access smb server  from client side :-
Smb://192.168.0.16 
10.log file :-
/var/log/samba/

Friday, 1 March 2013

Install Piwik Web Analytics in RHEL-5.5



                                          PIWIK Configuration

 Piwik for generating website analytics. The reports generated by Piwik are similar to the ones generated by Google Analytics. Piwik is an Open-Source (GPL) tool that you can download and host on your own servers which means you are in full control over your data. In addition to that, Piwik's functionality can be extended by plugins.
1.Install Packages :-

# yum install php-pdo php-gd php-xml php-devel php-pear mysql-devel httpd-devel 
      mysql* httpd*

2.Download piwik (laset.zip).
# uzip -x latest.zip
# mv piwik /var/www/html
3.Give to Premission :- 
# chown -R apache:apache /var/www/html/piwik
# cd /var/www/html
# chmod 777 ./piwik/tmp
#chmod 777 ./piwik/config
# pecl install pdo
# pecl install pdo_mysql
4.Add some line :-
#vim /etc/php.ini
; Dynamic Extensions

extension=pdo.so

extension=pdo_mysql.so
extension=pdo_mysql.so
; Resource Limits

memory_limit = 512M



5.Go to apache configuration :-

# cd /etc/httpd/conf/
# vim httpd.conf

<VirtualHost *:80>
ServerAdmin root@shashi.example.com
DocumentRoot /var/www/html/piwik
ServerName shashi.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

# /etc/init.d/httpd restart

# chkconfig httpd on

6.Create a DataBase :-

# /etc/init.d/mysqld start
# chkconfig mysqld on
mysqladmin -u root password 'shashi'

mysql -u root -p shashi

mysql>create database piwik;
mysql>create user piwik@localhost identified by 'shashi';
mysql>grant all privileges on piwik.* to piwik;
mysql>flush privileges;
mysql>\q



How to install and configure webalizer in multiple domain on RHEL 5.5


Installing through source code

1.First we need to download the webalizer source code first
#wget ftp://ftp.mrunix.net/pub/webalizer/webalizer-2.20-01-src.tgz

1.Then we need to uncompress it
# tar zxvf webalizer-2.20-01-src.tgz

3.Makesure you have gcc compiler and Gd library installed, you can installed it using yum
# yum install gcc gcc-c++ gd-devel

4.Then we go to webalizer-2.20-01 directory , compile and install it
# cd webalizer-2.20-01
#./configure
# make
# make install

5.It is installed and you can checked the version now
# webalizer --version
Webalizer V2.20-01 (Linux 2.6.18-92.1.1.el5.028stab057.2 i686)

6.Installing with YUM

1.Just run the yum install command
# yum -y install webalizer

Now we make a website using httpd.conf and add a log entry in this configuration.
# vi /etc/httpd/conf/httpd.conf

go in the end of this file and edit the data-

<VirtualHost 192.168.0.10>
ServerName nuts.com
ServerAdmin root@nuts.com
DocumentRoot "/var/www/html/nuts.com"
CustomLog "/var/www/html/nuts.com/logs/access_log" common
DirectoryIndex index.html shashi.html
</VirtualHost>
After this save this file .

Then we make a log directory into DocumentRoot.

# mkdir /var/www/html/nuts.com/logs

# mkdir /var/www/html/nuts.com/history

# touch /var/www/html/nuts.com/logs/access_log

# touch var/www/html/nuts.com/history/webalizer.hist

# chmod 644 access_log

# chmod 644 webalizer.hist


How to configure it

1.Create a central directory for the webalizer configuration files
# mkdir /etc/webalizer

2.Create two webalizer configuration files,
#cp /usr/local/etc/webalizer.conf.sample etc/webalizer/a.example.conf

Modify LogFile, OutputDir and HostName of the webalizer config files.
vim /etc/webalizer/a.example.com.conf
and changes the content

LogFile /var/www/html/nuts.com/logs/access_log
OutputDir /var/www/usage
HostName praetorian-id.org # it depend on your web hostname
HistoryName /var/www/html/nuts.com/history/webalizer.hist

After this save this file.

4.To process all the virtual sites, run the following command:
# for i in /etc/webalizer/*.conf; do webalizer -c $i; done

Tuesday, 19 February 2013

Install JBOSS in RHEL-5.5


1.downlod jdk:-

# jdk-7-linux-i586.tar.gz or other version

2.unzip the package:-
# tar -xvf jdk-7-linux-i586.tar.gz

3.Copy jdk to following directory

# mv jdk1.7.0 to /usr/java

4.seting java home variable
vim /etc/profile
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

JAVA_HOME=/usr/java/jdk1.7.0

PATH=$PATH:$JAVA_HOME/bin

export JAVA_HOME

export PATH

wq! save and exit

5.update profile

source /etc/profile

6.test your java installation:-
javac -version

7.Download the jboss:-
# jboss-4.2.3.GA.zip

8.This location jboss
# /usr/local/jboss-4.2.3.GA

9.set jboss envirnement:
# vim /etc/profile
export JBOSS_HOME=/usr/local/jboss-4.2.3.GA

export PATH=$PATH:$JBOSS_HOME/bin

OR

# vim .bash_profile

export JBOSS_HOME=/usr/local/jboss-4.2.3.GA

export PATH=$PATH:$JBOSS_HOME/bin

# source /etc/profile

10.start the jboss:-
# cd /usr/local/jboss-4.2.3.GA/

# ./run.sh

11.now test your jboss using url :-
             OR
http://localhost:8080