YUM tutorial.

YUM stands for 'Yellowdog Updater Modified'. YellowDog Linux is a rpm based distribution of Linux created for the ppc architecture. Fedora Core took up this package manager as of Fedora Core 1.
Leaving history aside, yum is the easiest way to install, update, and remove software from your Linux systems. This quick tutorial guides you through the steps but it is not a substitute for man yum. This tutorial would give you general usage while man page give a comprehensive documentation of yum's functionality. An added benefit of yum is that it calculates a programs dependencies and then it downloads and installs them for you.

Installing Yum

Before installing yum, check to see if you already have yum installed:
$ whereis yum
If you don't have yum installed, you can download it from http://yum.baseurl.org. To install yum,
$ rpm -Uvh yum-xx.noarch.rpm

Is a software already installed on my system

$ yum list install SOFTWARE
$ yum list install firefox
replace the word software with your software.

Installing with yum

$ yum install SOFTWARE
$ yum install firefox
replace the word software with your software.
This will get all the dependencies and prompt you with a list of dependencies you need to download and install. You can accept or decline.

Search for software

$ yum search STRING
$ yum search firefox
$ yum search fire*
where string could be software's name, or a wildcard. Yum would return a list of matches.

Uninstalling software

$ yum remove PACKAGE
$ yum remove firefox

Updating software

$ yum update PACKAGE
$ yum update firefox

SED command tutorial.

sed is an editor which can be used to modify files directly from the command line. It is a stream editor.
Suppose you have a file called a.txt
$ cat a.txt
We wish to replace all instances of the word old with new.
$ sed s'/old/new/' b.txt
$ cat b.txt
File a.txt is copied to b.txt and all instances of the word old are replace with new.
Often it is a good idea to test your expression before actually implementing it. For example:
$ echo older | sed 's/old/new/'
In this example, we tested the command s/old/new/ on the word older. As expected the result is the word newer.
The backslash character '\' is used to escape special characters. For example, and address data/input.txt would create confusion insides the substitution function s/// due to the extra slash. To remedy this you type data/input.txt as data\/input.txt.
The ampersand '&' character is refers to the matched string. For example:
$ echo boot | sed s'/[A-Za-z]*/&s/'
$ echo king | sed s'/[A-Za-z]*/&s/'
This code converts singular nouns to plurals by adding s. [A-Za-z] matches an English letter in both capital and small case. The * character means 1 or more. So we are matching a string with one or more English characters in either case. & refers to the matched word. &s suffixes an s to the matched word.

Mrtg on Linux................

1. Introduction
MRTG (Multi Router Traffic Grapher) is an application that allows us to observe the traffic of a network. It generates html pages with graphs which are refreshed according to our network’s current state. Its source is written in Perl and C which means that it can be installed in every Operating System we like. We will also need SNMP daemon (Simple Network Management Protocol) which gives us information for a network. The following installation was accomplished under Linux and specifically Fedora Core 6. With some little changes it can be used and under other distros.

2. SNMP server

2.1 Installation
Initially we install the packets needed for SNMP. Yum makes this job a lot easier.
Next we make snmpd service to start automatically for the runlevels we want.
# yum install net-snmp-utils net-snmp 
And we start the server.
# chkconfig --level 345 snmpd
We can see that it is running in port 199.
# service snmpd start
# netstat -natv | grep ':199'
tcp        0      0     *                   LISTEN 

2.2  Configuration

We run ‘snmpwalk’ which creates a “tree” of information for our network.

If you see an output like this one you may proceed with the MRTG installation. Else you should make some configuration first.
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex. = 1
ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex. = 2

We keep a backup of snmpd.conf just in case anything goes wrong  
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.original

We open it
# nano /etc/snmp/snmpd.conf
And do the follow changes:
  • we change this line
com2sec notConfigUser  default       public
with those
com2sec local          localhost        public
com2sec mynetwork      public

where we put what our network is
  • we change those lines
group   notConfigGroup v1           notConfigUser group   notConfigGroup v2c          notConfigUser

with those
group   MyRWGroup      v1          local
group   MyRWGroup      v2c         local
group   MyRWGroup      usm       local
group   MyROGroup      v1          mynetwork
group   MyROGroup      v2c         mynetwork
group   MyROGroup      usm       mynetwork 
  • we change those lines
view    systemview    included   . view    systemview    included   . 
with this one
view    all            included      .1              80
  • we change this line
access  notConfigGroup ""      any       noauth    exact  systemview none none
with those
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none  
  • and finally we change those lines
syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root  (configure /etc/snmp/snmp.local.conf)

with something like this
syslocation Linux, Fedora Core 6
syscontact Root root@localhost  
  2.3 Check
We restart the server to take affect of the notices
# service snmpd restart

And we run again
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Now we should see something like that
IP-MIB::ipAdEntIfIndex. = INTEGER: 2
IP-MIB::ipAdEntIfIndex. = INTEGER: 1
Where is your ip address.

3.1 Installation

We again use yum
# yum install mrtg
3.2 Configuration
We create the folder in which our graphs and html pages will be kept
# mkdir /var/www/html/mrtg/

And we run ‘cfgmaker’ for the configuration file to be created.
# cfgmaker --global "workdir: /var/www/mrtg" -ifref=ip --output /etc/mrtg/mrtg.cfg --global 'options[_]: growright,bits' public@localhost
Here you should pay notice to --output /etc/mrtg/mrtg.cfg as long as to public@localhost. With this command we tell MRTG to create a configuration file with the name ‘mrtg.cfg’ for the traffic of our computer (localhost). Instead of localhost you may put the address of any computer you may monitor as long as it runs SNMP.
Next we create our default index page
# indexmaker --output=/var/www/html/mrtg/index.html /etc/mrtg/mrtg.cfg

3.2.1 Apache configuration
Next we have to configure apache for MRTG to work correctly. MRTG creates a file ‘mrtg.cfg’ under /etc/httpd/conf.d we contains all the necessary for Apache. We change it to contain the ips we want to have access to our MRTG graphs. Here I have added all my network.
Alias /mrtg /var/www/mrtg

   Order deny,allow

   Deny from all
   Allow from

3.3 Check
We run the following command 
In case you get an error like this
# mrtg /etc/mrtg/mrtg.cfg
ERROR: Mrtg will most likely not work properly when the environment
      variable LANG is set to UTF-8. Please run mrtg in an environment
      where this is not the case. Try the following command to start:
       env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg 
you have to run the above command more than once till it runs without any error. This is normal.
# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg 23-02-2007 17:28:53, Rateup WARNING: /usr/bin/rateup Can't remove localhost_2.old updating log file
# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
Finally we open our browser and type

You should see something like this
And by clicking on it something like this
There are daily, weekly, monthly and yearly graphs which aren’t shown in the screenshot. By changing the .cfg file we can alter the information displayed to what we just want.
4. Outroduction
With the same way it is possible to add as many computers as we want and therefore have a general overview of our network. Enjoy! ;)

Shell script to monitor running services such as web/http, ssh, mail etc

# Shell script to monitor running services such as web/http, ssh, mail etc.
# If service fails it will send an Email to ADMIN user

ports="22 53 80 25"

# service names as per above ports
service="SSH DNS WEB MAIL"

#Email id to send alert

#Bin paths, set them according to your Linux distro

# Red hat usr uncomment

#Counters, set defaults

# set the following to 1, if you want message in /var/log/messages via a SYSLOG

# Log file used to send an email

# log message to screen and a log file
    echo "$@"
    echo "$@" >> $LOG

# log message and stop script
    echo "$@"
    exit 999

# Make sure only root can run it
    local id=$($ID -u)
    [ $id -ne 0 ]  && die "You must be root to run $0."
# Look out for all bins and create a log file
    [ ! -x $MAIL ] && die "$MAIL command not found."
    [ ! -x $NETSTAT ] && die "$NETSTAT command not found."
    [ ! -x $LOGGER ] && die "$LOGGER command not found."
    [ ! -x $ID ] && die "$ID command not found."

# check for all running services and shoot an email if service is not running
    log "-------------------------------------------------------------"
    log "Running services status @ $(hostname) [ $(date) ]"
    log "-------------------------------------------------------------"

    # get open ports
    RPORTS=$($NETSTAT -tulpn -A inet | grep -vE '^Active|Proto' | grep 'LISTEN' | awk '{ print $4}' | cut -d: -f2 | sed '/^$/d' | sort  -u)
# RPORTS=$($NETSTAT -tulpn | grep -vE '^Active|Proto' | grep 'LISTEN' | awk '{ print $4}' |  sed '/^$/d' | sort  -u)

    # okay let us compare them
    for t in $ports
        sname=$(echo $service | cut -d' ' -f$c)
        echo -en " $sname\t\t\t : "
        echo -en " $sname\t\t\t : " >> $LOG
        for r in $RPORTS
            if [ "$r" == "$t" ]
        echo -n "$status"
        echo ""
        echo -n "$status" >>$LOG
        echo "" >>$LOG
        # Log to a syslog /var/log/messages?
        # This is useful if you have a dedicated syslog server
        [ $logtosyslog -eq 1  ] && $LOGGER "$sname service running : $status"

        # Update counters for next round
        c=$( expr $c + 1 )
    log "-------------------------------------------------------------"
    log "This is an automatically generated $(uname) service status notification by $0 script."

    if [ $sendmail -eq 1 ];
        $MAIL -s "Service Down @ $(hostname)" $ADMINEMAIL < $LOG

### main ###

### remove a log file ###
[ -f $LOG ] && /bin/rm -f $LOG

LDAP Client on Ubuntu

You will need to set up a number of applications on the client.
# apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db
This series of articles will help you understand the benefits of LDAP as well as implementation of LDAP.
LDAP Basics for Ubuntu
LDAP Server for Ubuntu
LDAP Client for Ubuntu 

Once the applications are installed you will need to supply a few answers. Set up the server IP for the LDAP server.
LDAP Ubuntu
Enter your domain information.
ldap Ubuntu
Be sure to correctly list your LDAP version, by default Ubuntu will install version 3.
LDAP Version on Ubuntu

Allow pam to act like you would for changing local passwords.
pam with LDAP
Allow LDAP database to be accessible without a password.
LDAP database
Create your administrator account.
Set up your LDAP admin password.

Configure Local Files

You will need to configure several local files for LDAP to work with password information.
Edit /etc/nsswitch.conf
Change the file so that files ldap replaces compat.
#passwd: compat
passwd: files ldap
#group: compat
group: files ldap
If this is working correctly when you use this command:
getent passwd
You should see similar /etc/passwd like output:
snort:x:112:124:Snort IDS:/var/log/snort:/bin/false

Edit /etc/pam.d/common-account
You will need to edit the file so you have these two lines.
account sufficient pam_ldap.so
account required pam_unix.so

Edit /etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

Edit /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

This should complete the client setup on Ubuntu 8.04.

How To Download a RPM Package Using yum Command Without Installing On Linux

Q. I would like to only download the packages via yum and not install/update them. How do I download a RPM package using yum command under CentOS Enterprise Linux server 5.x or RHEL 5.x systems?

A. You need to install plugin called yum-downloadonly. This plugin adds a --downloadonly flag to yum so that yum will only download the packages and not install/update them. Following options supported by this plugin:
[a] --downloadonly : don't update, just download a rpm file
[b] --downloaddir=/path/to/dir : specifies an alternate directory to store packages such as /tmp
Please note following instructions are only tested on CentOS server but should work with RHN and RHEL without any problem.

How do I install yum-downloadonly plugin?

Type the following command to install plugin, enter:
# yum install yum-downloadonly
Sample output:
Loading "fastestmirror" plugin
Loading "security" plugin
Loading mirror speeds from cached hostfile
 * base: centos.mirrors.tds.net
 * updates: mirror.myriadnetwork.com
 * addons: mirrors.gigenet.com
 * extras: holmes.umflint.edu
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package yum-downloadonly.noarch 0:1.1.10-9.el5.centos set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                 Arch       Version          Repository        Size
 yum-downloadonly        noarch     1.1.10-9.el5.centos  base              9.0 k

Transaction Summary
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)         

Total download size: 9.0 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): yum-downloadonly-1 100% |=========================| 9.0 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: yum-downloadonly             ######################### [1/1] 

Installed: yum-downloadonly.noarch 0:1.1.10-9.el5.centos

How do I download a RPM package only from RHN or CentOS mirror, without installing it?

Download httpd package but don't install/update, enter:
# yum update httpd -y --downloadonly
By default package will by downloaded and stored in /var/cache/yum/ directory. But, you can specifies an alternate directory to store packages such as /opt, enter:
# yum update httpd -y --downloadonly --downloaddir=/opt

If the package is already Installed on system then use this......... 

# yum install  httpd --downloadonly --downloaddir=/mnt --installroot=/tmp

Avast Antivirus for Ubuntu Desktop

avast! Home Edition is a complete anti-virus package, that is is free for registered home non-commercial users. It contains an on-demand scanner with two interfaces (simple for novices and advanced for experienced users), an on-access scanner with Standard Shield (which protects against execution and opening malware programs) and an embedded e-mail scanner which scans incoming and outgoing email messages.

Install Avast Antivirus in Ubuntu

First you need to download the .deb package from here
wget http://files.avast.com/files/linux/avast4workstation_1.0.6-2_i386.deb
Now you have avast4workstation_1.0.6-2_i386.deb package.Install .deb package using the following command
sudo dpkg -i avast4workstation_1.0.6-2_i386.deb
This will complete the installation now you need to get the registration key for this you need to fill the online form available here and they will send registration key to your mail address

Applications Menu Setup

or this you need to run a script from the following location
cd /usr/lib/avast4workstation/share/avast/desktop
sudo ./install-desktop-entries.sh install
This will complete the application menu setup.
If you want to access you need to go to Applications—>Accessories—>avast!Antivirus

First time it will prompt for license key enter your license key you have got in our previous steps

Avast Antivirus Interface

Avast Antivirus database is updating.If you want to update click on update database

You can select the virus scan here and click on start scan

Avast antivirus version details

Creating a Partition Size Larger than 2TB

Linux desktop user generally uses small hard disk and partition, but on server you need a large partition. For example, you cannot create 4TB partition size (RAID based) using fdisk command. It will not allow you to create a partition that is greater than 2TB. In this tutorial, you will learn more about creating Linux filesystems greater than 2 Terabytes to support enterprise grade operation under any Linux distribution.
To solve this problem use GNU parted command with GPT. It supports Intel EFI/GPT partition tables. Partition Table (GPT) is a standard for the layout of the partition table on a physical hard disk. It is a part of the Extensible Firmware Interface (EFI) standard proposed by Intel as a replacement for the outdated PC BIOS, one of the few remaining relics of the original IBM PC. EFI uses GPT where BIOS uses a Master Boot Record (MBR).

(Diagram illustrating the layout of the GUID Partition Table scheme. Each logical block (LBA) is 512 bytes in size. LBA addresses that are negative indicate position from the end of the volume, with −1 being the last addressable block. Imaged Credit Wikipedia)

GPT Kernel Support

EFI GUID Partition support works on both 32bit and 64bit platforms. You must include GPT support in kernel in order to use GPT. If you don't include GPT support in Linux kernelt, after rebooting the server, the file system will no longer be mountable or the GPT table will get corrupted. By default Redhat Enterprise Linux / CentOS comes with GPT kernel support. However, if you are using Debian or Ubuntu Linux, you need to recompile the kernel. Set CONFIG_EFI_PARTITION to y to compile this feature.
File Systems
   Partition Types
     [*] Advanced partition selection
     [*] EFI GUID Partition support (NEW)

Linux create 3TB partition size

One of my clients has Raid 5 Array -7x500GB hard disks to store large data. To create partition start GNU parted as follows:
# parted /dev/sdx
GNU Parted 1.8.1
Using /dev/sdx
Welcome to GNU Parted! Type 'help' to view a list of commands.
Creates a new GPT disklabel i.e. partition table:
mklabel gpt
Create 3TB partition size:
mkpart primary 0 3001G
Quit and save the changes:
Use mkfs to format file system:
# mkfs.ext3 /dev/sdx1
Note: Replace /dev/sdx with actual RAID or disk name or block Ethernet device such as /dev/etherd/e0.0 . Don't forget to update /etc/fstab, if necessary.

Further readings:

PHP Fatal error: Allowed Memory Size of 20971520 Bytes exhausted (tried to allocate 131072 bytes) Error and Solution

I've brand new Ubuntu Linux server (Apache + PHP5 FastCGI + Lighttpd image only server) installed for my wordpress, mediawiki and vBullietin software. I can load forntpage of all software but user cannot edit any wiki pages or post anything and I get the following error in log file:
PHP Fatal error: Allowed Memory Size of 20971520 Bytes exhausted (tried to allocate 131072 bytes) in /usr/share/mediawiki/includes/OutputHandler.php on line 81
How do I fix this problem?

Ubuntu / Debian PHP5 comes with 16MB php memory limit. Edit /etc/php5/cgi/php.ini and /etc/php5/cli/php.ini files, run:
sudo vi /etc/php5/cgi/php.ini
sudo vi /etc/php5/cli/php.ini

Set maximum amount of memory (e.g., 128M) a script may consume:
memory_limit = 128M
Save and close the file. However, real enforcer is suhosin security patch applied to PHP5. Edit /etc/php5/conf.d/suhosin.ini, run:
sudo vi /etc/php5/conf.d/suhosin.ini
Set allowed memory size (128M):
suhosin.memory_limit = 128
Save and close the file. Note if /etc/php5/conf.d/suhosin.ini file not found, type the following command to install the same, enter:
sudo apt-get install php5-suhosin
Finally, restart the web server:
sudo /etc/init.d/apache2 restart
sudo /etc/init.d/lighttpd restart

Restrict Access To A Given Command

Linux / UNIX: Restrict Access To A Given Command

How do I restrict access to a given command for instance /opt/apps/start, to authorized users only under Linux / UNIX / BSD operating system?

You need to use traditional Unix groups concept to enhance security including restricted access to a given command.

Step # 1: Create and Maintain a Group For All Authorized Users

Create a group named appsonly:
# groupadd appsonly
Add all authorized users to appsonly:
# usermod -aG {groupName} {userName}
# usermod -aG appsonly tom
# usermod -aG appsonly jerry
# id jerry

  1. -a : Add the user to the supplemental group(s) i.e. appends the user to the current supplementary group list.
  2. -G : A list of supplementary groups which the user is also a member of.

Step #2: Restrict Access

Now a group of user had been created. Next, use the chgrp command to change the group of /opt/apps/start to appsonly group:
# chgrp {groupName} {/path/to/command}
# chgrp appsonly /opt/apps/start

Disable the file permission for others

Finally, use the chmod command to change file permission as follows:
# chmod 750 /path/to/command
# chmod 750 /opt/apps/start

You can also apply permissions to directory (this will disable ls command access to others) :
# chgrp appsonly /opt/apps
# chmod 0640 /opt/apps

Step # 3: Test It

su to tom, enter:
# su - tom
$ id
$ /opt/apps/start
$ exit

su to vivek (not a member of appsonly group), enter:
# su - vivek
$ id
$ /opt/apps/start

Sample outputs:
bash: /opt/apps/start: Permission denied

A Note About ACL and SELinux

The access control policies which can be enforced by chmod, chgrp, and usermod commands are limited, and configuring SELinux and fille system ACLs (access control list) is a better and recommend option for large deployments.

Find Drive Serial Number

Gnome Find Drive Serial Number

How do I find out serial number information for my hard disk under Ubuntu Linux Gnome desktop environment?

You need to use the device manager. It is an application for examining the details of your hardware. You can view or start the device manager by clicking on :
System Menu > Administration > Device Manager 
Fig.01: Ubuntu Linux Device Manager
 Ubuntu Linux Device Manager

Select hard disk > Click on Advanced tab to view the details.

Install gnome-device-manager

If you cannot locate Device manger, type the following commands to install the same. Open a terminal and type the following command:
sudo apt-get update
sudo apt-get install gnome-device-manage

hardinfo program

The hardinfo program generate HTML reports on your system's hardware. It can also benchmark and compare your system. By default the program 'hardinfo' is not installed. You can install it by typing the following command at the shell prompt:
sudo apt-get install hardinfo
Type the following command to start hardinfo:
Fig.02: HardInfo in action

Command Line Options

Use the hdparm and/or sdparm commands to get serial number information:
sudo sdparm --vendor sea /dev/sda
sudo hdparm -i /dev/hda
sudo hdparm -I /dev/hda

ls /dev/disk/by-id

Squid Proxy Server Limit the number of simultaneous

Squid Proxy Server Limit the number of simultaneous Web connections from a client with maxconn ACL

So how do you limit the number of simultaneous web connections from a client browser system using the open source Squid proxy server?
You need to use squid ACCESS CONTROLS feature called maxconn. It puts a limit on the maximum number of connections from a single client IP address. It is an ACL that will be true if the user has more than maxconn connections open. It is used in http_access to allow/deny the request just like all the other acl types.

Step # 1: Edit squid conf file

Open /etc/squid/squid.conf file:
# vi /etc/squid/squid.conf

Step # 2: Setup maxconn ACL

Locate your ACL section and append config directive as follows:
acl limitusercon maxconn 3
http_access deny ACCOUNTSDEPT limitusercon

  1. acl ACCOUNTSDEPT : Our accounts department IP range
  2. acl limitusercon maxconn 3 : Set 3 simultaneous web access from the same client IP
  3. http_access deny ACCOUNTSDEPT limitusercon : Apply ACL
Save and close the file.

Restart squid

Restart the squid server, enter:
# /etc/init.d/squid restart

oracle 10g RAC administration, two official books

 10g RAC for Administrators
Password: racr2

How to Top Command?

The Unix top command is designed to help users determine which processes are running and which applications are using more memory or processing power than they should be.

The top command is very easy to use but you should know the things in details. The output of to is :
top output:

top – 22:09:08 up 14 min, 1 user, load average: 0.21, 0.23, 0.30
Tasks: 81 total, 1 running, 80 sleeping, 0 stopped, 0 zombie
Cpu(s): 9.5%us, 31.2%sy, 0.0%ni, 27.0%id, 7.6%wa, 1.0%hi, 23.7%si, 0.0%st
Mem: 255592k total, 167568k used, 88024k free, 25068k buffers
Swap: 524280k total, 0k used, 524280k free, 85724k cached
3166 apache 15 0 29444 6112 1524 S 6.6 2.4 0:00.79 httpd
3161 apache 15 0 29444 6112 1524 S 5.9 2.4 0:00.79 httpd
3164 apache 15 0 29444 6112 1524 S 5.9 2.4 0:00.75 httpd
3169 apache 15 0 29444 6112 1524 S 5.9 2.4 0:00.74 httpd
3163 apache 15 0 29444 6112 1524 S 5.6 2.4 0:00.76 httpd
3165 apache 15 0 29444 6112 1524 S 5.6 2.4 0:00.77 httpd
3167 apache 15 0 29444 6112 1524 S 5.3 2.4 0:00.73 httpd
3162 apache 15 0 29444 6112 1524 S 5.0 2.4 0:00.77 httpd
3407 root 16 0 2188 1012 816 R 1.7 0.4 0:00.51 top
240 root 15 0 0 0 0 S 0.3 0.0 0:00.08 pdflush
501 root 10 -5 0 0 0 S 0.3 0.0 0:01.20 kjournald
2794 root 18 0 12720 1268 560 S 0.3 0.5 0:00.73 pcscd
1 root 15 0 2060 636 544 S 0.0 0.2 0:03.81 init
2 root RT -5 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.07 events/0

The first line in top:

top – 22:09:08 up 14 min, 1 user, load average: 0.21, 0.23, 0.30
“22:09:08″ is the current time; “up 14 min” shows how long the system has been up for; “1 user” how many users are logged in; “load average: 0.21, 0.23, 0.30″ the load average of the system (1minute, 5 minutes, 15 minutes).
Load average is an extensive topic and to understand its inner workings can be daunting. The simplest of definitions states that load average is the cpu utilization over a period of time. A load average of 1 means your cpu is being fully utilized and processes are not having to wait to use a CPU. A load average above 1 indicates that processes need to wait and your system will be less responsive. If your load average is consistently above 3 and your system is running slow you may want to upgrade to more CPU’s or a faster CPU.
The second line in top:

Tasks: 82 total, 1 running, 81 sleeping, 0 stopped, 0 zombie
Shows the number of processes and their current state.
The third lin in top:
Cpu(s): 9.5%us, 31.2%sy, 0.0%ni, 27.0%id, 7.6%wa, 1.0%hi, 23.7%si, 0.0%st
Shows CPU utilization details. “9.5%us” user processes are using 9.5%; “31.2%sy” system processes are using 31.2%; “27.0%id” percentage of available cpu; “7.6%wa” time CPU is waiting for IO.
When first analyzing the Cpu(s) line in top look at the %id to see how much cpu is available. If %id is low then focus on %us, %sy, and %wa to determine what is using the CPU.
The fourth and fifth lines in top:
Mem: 255592k total, 167568k used, 88024k free, 25068k buffers
Swap: 524280k total, 0k used, 524280k free, 85724k cached

Describes the memory usage. These numbers can be misleading. “255592k total” is total memory in the system; “167568K used” is the part of the RAM that currently contains information; “88024k free” is the part of RAM that contains no information; “25068K buffers and 85724k cached” is the buffered and cached data for IO.
So what is the actual amount of free RAM available for programs to use ?
The answer is: free + (buffers + cached)
88024k + (25068k + 85724k) = 198816k
How much RAM is being used by progams ?
The answer is: used – (buffers + cached)
167568k – (25068k + 85724k) = 56776k
The processes information:
Top will display the process using the most CPU usage in descending order. Lets describe each column that represents a process.
3166 apache 15 0 29444 6112 1524 S 6.6 2.4 0:00.79 httpd

PID – process ID of the process
USER – User who is running the process
PR – The priority of the process
NI – Nice value of the process (higher value indicates lower priority)
VIRT – The total amount of virtual memory used
RES – Resident task size
SHR – Amount of shared memory used
S – State of the task. Values are S (sleeping), D (uninterruptible sleep), R (running), Z (zombies), or T (stopped or traced)
%CPU – Percentage of CPU used
%MEM – Percentage of Memory used
TIME+ – Total CPU time used
COMMAND – Command issued
Interacting with TOP
Now that we are able to understand the output from TOP lets learn how to change the way the output is displayed.
Just press the following key while running top and the output will be sorted in real time.
M – Sort by memory usage
P – Sort by CPU usage
T – Sort by cumulative time
z – Color display
k – Kill a process
q – quit
If we want to kill the process with PID 3161, then press “k” and a prompt will ask you for the PID number, and enter 3161.
Command Line Parameters with TOP
You can control what top displays by issuing parameters when you run top.
- d – Controls the delay between refreshes
- p – Specify the process by PID that you want to monitor
-n – Update the display this number of times and then exit
If we want to only monitor the http process with a PID of 3166
$ top -p 3166
If we want to change the delay between refreshes to 5 seconds
$ top -d 5

Top memory consuming processes

You can check for top memory consuming processes by issuing the following commands:

we use the following ps commands in order to check for performance probelms

1) Displaying top CPU_consuming processes: 

ps aux | head -1; ps aux | sort -rn | head -10

2) Displaying top 10 memory-consuming processes:

ps aux | head -1; ps aux | sort -rn | head

3) Displaying process in order of being penalized:

ps -eakl | head -1; ps -eakl | sort -rn

4) Displaying process in order of priority:

ps -eakl | sort -n  | head

5) Displaying process in order of nice value

ps -eakl | sort -n

6) Displaying the process in order of time

ps vx | head -1;ps vx | grep -v PID | sort -rn  | head -10

7) Displaying the process in order of real memory use

 ps vx | head -1; ps vx | grep -v PID | sort -rn  | head -10

8) Displaying the process in order of I/O

ps vx | head -1; ps vx | grep -v PID | sort -rn  | head -10

9) Displaying WLM classes

ps -a -o pid, user, class, pcpu, pmem, args

10) Determinimg process ID of wait processes:

ps vg | head -1; ps vg | grep -w wait

11) Wait process bound to CPU

ps -mo THREAD -p

VERITAS CLuster Server Interview questions

1. How do check the status of VERITAS Cluster Server aka VCS ?
Ans: hastatus –sum

2. Which is the main config file for VCS and where it is located?
Ans: main.cf is the main configuration file for VCS and it is located in /etc/VRTSvcs/conf/config.

3. Which command you will use to check the syntax of the main.cf ?
Ans: hacf -verify /etc/VRTSvcs/conf/config

4. How will you check the status of individual resources of VCS cluster?
Ans: hares –state

5. What is the service group in VCS ?
Ans: Service group is made up of resources and their links which you normally requires to maintain the HA of application.

6. What is the use of halink command ?
Ans: halink is used to link the dependencies of the resources

7. What is the difference between switchover and failover ?
Ans: Switchover is an manual task where as failover is automatic. You can switchover service group from online cluster node to offline cluster node in case of power outage, hardware failure, schedule shutdown and reboot. But the failover will failover the service group to the other node when VCS heartbeat link down, damaged, broken because of some disaster or system hung.

8. What is the use of hagrp command ?
Ans: hagrp is used for doing administrative actions on service groups like online, offline, switch etc.

9. How to switchover the service group in VCS ?
Ans: hagrp –switch -to

10. How to online the service groups in VCS ?
Ans: hagrp –online -sys

Simscan antivirus mailscanner on Qmail

Your qmail installation is already patched (qmail-queue patch) to support simscan, a new tool for using virus/spam scanners with qmail. The nice thing is that it prevents viruses (and optionally spam) from even getting into your queue. This is different from qmail-scanner, which will quarantine infected messages instead of stopping them at the SMTP level.
Info: http://inter7.com/?page=simscan
cd /var/src/tar
wget http://shupp.org/software/simscan-1.3.1.shupp2.tar.gz
cd ../
tar -xzf tar/simscan-1.3.1.shupp2.tar.gz
cd simscan-1.3.1.shupp2

./configure --enable-user=clamav \
--enable-clamav=y \
--enable-spam=y \
--enable-spam-passthru=y \
--enable-per-domain=y \
--enable-ripmime \
--enable-attach=y \

make install-strip

# add default rules for simscan
echo ":clam=yes,spam=yes,spam_passthru=yes,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif" > /var/qmail/control/simcontrol
# update /var/qmail/control/simcontrol.cdb
# put versions for received header in /var/qmail/control/simversions.cdb
/var/qmail/bin/simscanmk -g

# turn on scanning
echo ':allow,QMAILQUEUE="/var/qmail/bin/simscan"' >> ~vpopmail/etc/tcp.smtp
qmailctl cdb


SquirrelMail is a web based IMAP client
Info: http://www.squirrelmail.org
NOTE: This section assumes that your apache ServerRoot is /var/www and that your DocumentRoot is /var/www/html, and also that your web server runs as apache:apache
cd /var/src
tar -xjf tar/squirrelmail-1.4.9a.tar.bz2
cd squirrelmail-1.4.9a
cd plugins
tar -xzf ../../tar/quota_usage-1.3.1-1.2.7.tar.gz
cp quota_usage/config.php.sample quota_usage/config.php
cd ../
here you will have to set a few options:
  • go to Server Settings (2), Server Software (8) and change the Server Software from "other" to "courier" (a)
  • From the main menu, go to General Options (4) and change Data Direcotry (2) to "/var/www/data/" , change "Allow server thread sort" (10) to y, and change "Allow server-side sorting" (11) to y.
  • From the main menu, go to Plugins and enable the quota_usage plugin, along with any others you prefer
  • Save settings
  • quit
# move the data directory into place and change permissions to the user:group that the web server runs as:
mv data /var/www/
chown -R apache:apache /var/www/data

# install squirrelmail
cd ../
mv squirrelmail-1.4.9a /var/www/html/


This is a great tool for graphing your mail server's activity.
Info: http://inter7.com/?page=qmailmrtg7
cd /var/src/tar
mkdir /var/www/html/qmailmrtg

wget http://shupp.org/software/qmailmrtg7-4.2.tar.gz
wget http://shupp.org/patches/qmailmrtg7-4.2-cfg.patch
cd ../
tar -xzf tar/qmailmrtg7-4.2.tar.gz
cd qmailmrtg7-4.2
patch -p0 < ../tar/qmailmrtg7-4.2-cfg.patch
make install

# Edit qmail.mrtg.cfg and change all instances of FQDN to your hostname

cp qmail.mrtg.cfg /etc/
indexmaker --section=title /etc/qmail.mrtg.cfg > /var/www/html/qmailmrtg/index.html

# now run mrtg 3 times to get rid of initial cron errors
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg
env LANG=C mrtg /etc/qmail.mrtg.cfg

Add the following line to your crontab
0-55/5 * * * * env LANG=C /usr/bin/mrtg /etc/qmail.mrtg.cfg > /dev/null

How to avoid having to reactivate Windows XP after fresh install

Has your computer reached the point where you are forced to reinstall Windows? It’s a painful point to reach, but it happens to just about everybody! Whether it is uncontrollable spyware, a deadly virus, or simply too many programs installed over the years, a fresh install of Windows can make things a million times better.
Working in IT myself, I find that I have to reinstall Windows at least every 6 months to a year. It simply gets too slow because of all the registry changes and modifications. And it’s also great if you got a used computer from somewhere and you would rather wipe it clean and start fresh.
The only issue with re-installing Windows is that you have to be careful about the reactivation process. By default, if you use the OEM CD that came with your computer when you first bought it, re-installing Windows should be a breeze and you won’t have to reactivate.
However, this may not always be the case. If you don’t use the original CD that came with the computer, you may have to re-activate. Also, sometimes even when you use the same CD, it may not force you to re-activate XP.
You can avoid having to reactivate XP by simply copying a file from your Windows directory and saving it on a USB stick, floppy drive, or CD. When you first activated Windows, XP creates a file called “WPA.DBL” and stores it in the C:\WINDOWS\SYSTEM32 directory.

Now copy this file to some sort of external storage device and keep it in a safe place. When you go to reinstall Windows, you’ll reach the point where you have to activate. Decline the activation and complete the installation.
Now you’ll need to restart your computer in Safe Mode by pressing F8 on startup to get into the Advanced Boot Options menu.

Go to C:\Windows\System32 and you should see a file called WPA.DBL already there. Simply rename it to something like WPA.BACKUP and then copy your backup version of WPA.DBL to the current location.
Restart the computer and Windows should now be activated and working fine. Remember that this will only work if you use the WPA.DBL file on the same computer that it was originally activated on. If you install XP on a different machine and try to copy the WPA.DBL file there, it won’t activate. Basically, XP looks at the hardware of the computer to create a unique profile for just that one computer.

windows xp activation without genuine key.....

1. Click on Start
2. Find and Click "Run"
3. Type: Regedit
4. Click the plus next to "HKEY_LOCAL_MACHINE"
5. Click the plus next to "SOFTWARE"
6. Click the plus next to "Microsoft"
7. Click the plus next to "Windows NT"
8. Click the plus next to "CurrentVersion"
9. Click "WPAEvents"
10. On the right panel, find "OOBETimer" then double click it.
11. Now, Delete all the Values by highlighting it, then delete it
12. Then type in this value without the quotation mark "FF D5 71 D6 8B 6A 8D 6F D5 33 93 FD"
13. Then after that click OK,
14. Then on the left panel right click WPAEvents, then click on permissions
15. Then click System or SYSTEM, then Deny Full Control, then Click OK.
16. Then Exit Registry Editor by Click the X or the red X on the Upper Right of the Title Bar or press ALT and F4 at the same time.
17. To Verify that it works, go to start, then "activate windows", or go to start, then all programs, then "activate windows"
18. If it says that Windows has been activated, then the trick works, if not repeat these steps or watch the video instead (see below)

Mount NTFS on RHEL5/CentOS5

First, install dependent files:
yum install fuse fuse-ntfs-3g dkms dkms-fuse
 Download Packages Below and then install them:



rpm -ihv dkms-fuse-* fuse*

Mount Device to /media/ntfsmount
mount -t ntfs-3g /dev/sda1 /media/ntfsmount

HP 530 Drivers & Softwares

Please follow this Url to download Drivers and software for HP model 530 --


CreateYUM repository on RHEL5

1. Run this command.......For 32bit CentOS / RHEL Linux enter:

# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

2. Run this command.......For 64 bit CentOS / RHEL 5 Linux, enter:

# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

DenyHosts: Remove / Delete an IP address

I've followed your guide and installed denyhosts to protect on my RedHat 5.3 OpenSSH based server. However, I've been accidentally blocked out from my home ADSL IP address. I tried removing my blocked IP from /etc/hosts.deny, but it did blocked it again quickly. It appears that DenyHosts keeps track of the attempts somewhere on disk or memory. How do I remove my own home IP address from DenyHosts?

Simply removing your IP from /etc/hosts.deny does not work since DenyHosts keeps track of the attempts in the /usr/share/denyhosts/data directory. In order to remove your IP address you will need to do the following.

Step # 1: Stop DenyHosts

# /etc/init.d/denyhosts stop

Step # 2: Remove Your IP From /etc/hosts.deny

# vi /etc/hosts.deny
Delete your IP address. Save and close the file.

Step # 3: Remove Your IP From /usr/share/denyhosts/data Directory

Cd to /usr/share/denyhosts/data
# cd /usr/share/denyhosts/data
You need to edit the following files using vi and remove the lines containing the IP address. Save the file.

  1. hosts
  2. hosts-restricted
  3. hosts-root
  4. hosts-valid
  5. users-hosts

If you've static IP address add to allowed-hosts file. Any IP address that appears in this file will not be blocked by default (consider this as a whilelist):
# echo '' >> allowed-hosts

Step # 4: Start DenyHosts

# /etc/init.d/denyhosts start

Red Hat / Centos Install Denyhosts To Block SSH Attacks / Hacking

How do I block and stop attacks on ssh server under CentOS Linux or Red Hat Enterprise Linux server 5.x?

You can easily thwart SSH server attacks including dictionary based attacks and brute force attacks using denyhosts software.

It is a Python based script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system.

Step #1: Enable Rpmforge Repo

First, enable rpoforge repo. For 32bit CentOS / RHEL Linux enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit CentOS / RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step #2: Install Denyhosts

Type the following command:
# yum -y install denyhosts

Step #3: Configure Denyhosts

The default configuration file is located at /etc/denyhosts/denyhosts.cfg.

Allow Your Computer To Access sshd

You need to setup a whitelist so that you never want to block yourself using this script. Edit /etc/hosts.allow, enter:
# vi /etc/hosts.allow
Allow sshd from and


Save and close the file.

Setup Alert Email ID

Edit /etc/denyhosts/denyhosts.cfg, enter:
# vi /etc/denyhosts/denyhosts.cfg
If you would like to receive emails regarding newly restricted hosts and suspicious logins, set this address to match your email address. If you do not want to receive these reports # leave this field blank (or run with the --noemail option). Multiple email addresses can be delimited by a comma, eg:
ADMIN_EMAIL = vivek@nixcraft.co.in, vivek@nixcraft.net.in

ADMIN_EMAIL = vivek@dsl.nixcraft.net.in

Save and close the file. Here is my own sample configuration file for RHEL / CentOS 5.x server / vps box - config file is documented very well, just open and read it:

       ############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
WORK_DIR = /usr/share/denyhosts/data
LOCK_FILE = /var/lock/subsys/denyhosts
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = vivek@dsl.nixcraft.net.in
SMTP_HOST = localhost
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
DAEMON_LOG = /var/log/denyhosts

######### DAEMON SYNCHRONIZATION ##########

Turn On Denyhosts

Type the following commands:
# chkconfig denyhosts on
# service denyhosts start

How do I view Denyhosts Log?

Type the command:
# tail -f /var/log/denyhosts
# tail -f /var/log/secure

To Mount NTFS In RHEL 5

This howto is based on Red Hat Enterprise Linux Server release 5 (RHEL 5) x86_64 edition and using 2.6.18-8.1.3.el5xen kernel. Below are the simple steps to mount NTFS (read/write capability) filesystem on RHEL 5.

1. Download fuse & ntfs-3g
fuse: get it from http://www.atrpms.net/dist/el5/fuse/
ntfs-3g: get it from http://dag.wieers.com/rpm/packages/fuse-ntfs-3g/

2. Install fuse components
[root@meister ~]# rpm -ivh fuse-2.6.5-2_7.el5.x86_64.rpm \
> fuse-kmdl-2.6.18-8.1.3.el5xen-2.6.5-2_7.el5.x86_64.rpm \
> fuse-libs-2.6.5-2_7.el5.x86_64.rpm

3. Install fuse-ntfs-3g
[root@meister ~]# rpm -ivh fuse-ntfs-3g-1.417-1.el5.rf.x86_64.rpm

4. Mount
[root@meister ~]# mount.ntfs-3g /dev/sda9 /mnt/temp

It’s so simple, isn’t it?

Mounting ISO images in Linux

CD-ROMs are often distributed (or pirated) digitally in the form of ISO images. Like a .zip or .tar file, an ISO image encapsulates a collection of files. The main difference is that an ISO image contains specific information about how those files are laid out on a CD-ROM. After you have acquired an ISO image, you can access its files immediately, even before you burn it onto a CD-ROM. These notes explain how.

You probably need to be root to do all of this.

1.To mount the image, simply issue the following command:

mount -t iso9660 -o loop image.iso /mnt/isoimage

where image.iso is the filename of the ISO image and /mnt/isoimage is the directory under which you want the ISO's files to appear (create it if necessary).

After doing this, you will be able to navigate through the ISO's files, starting from /mnt/isoimage, just as you would any other files in your file system, but with one exception: all of the files and directories mounted from the ISO will be read-only.

When you are finished looking at the files, unmount the ISO with

umount /mnt/isoimage

Creating an ISO image using mkisofs

If you need to generate your own ISO, mkisofs is a great tool for doing it. You don't need fancy tools or GUI front ends to use it, either (though you may wish to employ your favorite graphical file manager). Just follow these simple steps:


Create a temporary directory from which the ISO's files will be read.

Insert files into that directory and arrange them in the manner you would like them to appear in the ISO.

From a directory outside of the tempoary ISO directory, run the following command:

mkisofs -f -R -r -l -J -Vvolid -Aappid -Ppubid -odest.iso src


is the volume ID to be written into the master block;
describes the application contained within the ISO;
names the publisher of the ISO (CD-ROM), usually including adequate contact information, such as a phone number or email address;
is the destination filename of the newly created ISO image;
is the temporary ISO directory containing the files and file structure you wish to have included in the ISO image.


These parameters are good defaults. You can customize them, however. For more information, see man mkisofs.

Writing an ISO to a CD-ROM using cdrecord

Assuming that all you want to do is create a CD based on the ISO 9660 file system standard, you can quickly burn the CD using the following command:

cdrecord -v -pad speed=1 dev=0,0,0 src.iso

src.iso is the source filename of the ISO you are burning to the CD-ROM.

You may need to adjust the dev parameter if you are not burning with an IDE drive or you did not follow the instructions given in Configuring an IDE/ATAPI CD-ROM burner in RedHat Linux 6.1.

If you want, you can take the ISO image from stdin by replacing the filename with a hyphen ("-"). This works well with mkisofs if you replace the output image filename to that command with a hyphen also. Then you can chain the two commands together using a standard Unix pipe. Burning CD-ROMs in this manner reduces the total amount of temporary storage you will need, which may be useful if you are low on disk space.

Burning Audio CDs using cdrecord

Burning audio CDs using cdrecord is a piece of cake, too. Just follow these steps:


Create your audio tracks and store them as uncompressed, 16-bit stereo .wav files.

Name the audio files in a manner that will cause them to be listed in the desired track order when listed alphabetically, such as 01.wav, 02.wav, 03.wav, etc.

Change into the directory containing the wave files and make sure there are not any wave files you do not want included in the CD.

With a blank CD in your burner, issue the following command:

cdrecord -v -pad speed=1 dev=0,0,0 -dao -audio -swab *.wav

Again, you may need to adjust your dev parameter as mentioned earlier.

Linux create & burn ISO images to Cds

Linux comes with various GUI and command line application to burn ISO images to CDs/CD-RWs. Cdrecord is command line based application used to record data or audio Compact Discs on an Orange Book CD-Recorder or to write DVD media on a DVD-Recorder i.e. it can brun ISO images.

1.First create image from cd/dvd....

#dd if=/dev/cdrom of=file.iso

2.Find out your CDR/W SCSI address/device name

Scan all SCSI devices on all SCSI busses and print the inquiry strings with –scanbus option. This option may be used to find SCSI address of the CD/DVD-Recorder on a system:
# cdrecord -scanbus

Cdrecord-Clone 2.01a34 (i686-pc-linux-gnu)
Copyright (C) 1995-2004 Jrg Schilling
scsidev: 'ATA:'
devname: 'ATA'
scsibus: -1 target: -1 lun: -1
Warning: Using badly designed ATAPI via /dev/hd*
Linux sg driver version: 3.5.27
Using libscg version 'schily-0.8'.
1,0,0 100) 'SONY' 'CD-Writer' '1.0g'
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) *
1,6,0 106) *
1.7.0 107) *

In above example, my device name is 1,0,0. Now again use the cdrecord command to burn ISO image:

# cdrecord -v -dao dev=1,0,0 file.iso
You can also specify burning speed:

# cdrecord -v -dao dev=1,0,0 speed=8 file.iso

How to Install Java on Linux

Java is a very useful program to have on your computer. Follow one of these easy methods to install it on your GNU/Linux machine.

Manual Non-RPM Method

This is the 'generic' variant that also works with GNU/Linux clones that do not support RPM. It does not require administrator rights and allows to install multiple java versions on the same computer.

  1. Download the JDK from Sun[1].
  2. Click on the "Download" link in the JDK 6 section.
  3. Accept the license and continue.
  4. Under the "Linux Platform", select "self-extracting file".
  5. Download this .bin file and save it to your GNU/Linux machine.
  6. Once it has been downloaded, switch to the directory where you saved the file. You do not need to be a root and only must have the write access to the folder where you wish to install java. If your administrator is not supportive, you may need to place java into your home folder or even better on some shared network location.
  7. Type sh name_of_the_downloaded_file, for instance sh jdk-6u2-linux-i586.bin. There is no need to make this file executable.
  8. The license agreement should start appear on the screen. Scroll to the end of it with 'Enter' and type yes.
  9. This installer will create its installation in the same folder, where the downloaded file was placed and from where you have started the installation script. But the installed java jre is rather independent and can be easily moved into another place just by copying all its files.
  10. You can install multiple different jre's this way: they coexist together and can be used if some software requires the older version to run.
  11. The java executable you need to launch is located in a subfolder, called 'bin'. This way of installation will not configure a default 'java' command for you: you must do this manually or always include the full path in your startup script.

Manual RPM Method

This seems a 'more civilized' way to install java: it allows the installer to check the dependencies on some system libraries that may be missing. However it does not support versioning easily and may fail even in some systems that do support RPMs. The current java installations are rather self-dependent and the required minimal requirements are usually satisfied anyway.

  1. Download the JDK from Sun[2].
  2. Click on the "Download" link in the JDK 6 section.
  3. Accept the license and continue.
  4. Under the "Linux Platform", select "RPM in self-extracting file".
  5. Download this .bin file and save it to your GNU/Linux machine.
  6. Once it has been downloaded, login as root and switch to the directory where you saved the file.
  7. Execute './filename', where filename is the name of the file that you downloaded. The filename might be very similar to jdk-6-linux-i586-rpm.bin depending on what the latest version is. You may have to make the file executable by executing the 'chmod +x filename.bin' command.
  8. You will get a license, press space bar a bunch of times until you are prompted to enter yes or no. Type in yes and hit enter.
  9. This will place an .rpm file in the same directory as your .bin file with the same name (minus the .bin part).
  10. Install the rpm file by executing 'rpm -i filename.rpm', where filename is the name of your .rpm file. (Such as jdk-6-linux-i586.rpm).
  11. Now, if you want to be able to execute this version of Java interpretor or compiler from any directory on your GNU/Linux system you will have to create a few symbolic links:
    • ln -s /usr/java/jdk1.6.0/bin/java /usr/bin/java
    • ln -s /usr/java/jdk1.6.0/bin/javac /usr/bin/javac
  12. You are done!

Iptables/Firewall configurations on RHEL..........

# A sample firewall shell script

# Stop certain attacks
echo "Setting sysctl IPv4 settings..."
$SYSCTL net.ipv4.ip_forward=0
$SYSCTL net.ipv4.conf.all.send_redirects=0
$SYSCTL net.ipv4.conf.default.send_redirects=0
$SYSCTL net.ipv4.conf.all.accept_source_route=0
$SYSCTL net.ipv4.conf.all.accept_redirects=0
$SYSCTL net.ipv4.conf.all.secure_redirects=0
$SYSCTL net.ipv4.conf.all.log_martians=1
$SYSCTL net.ipv4.conf.default.accept_source_route=0
$SYSCTL net.ipv4.conf.default.accept_redirects=0
$SYSCTL net.ipv4.conf.default.secure_redirects=0
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts=1
$SYSCTL net.ipv4.icmp_ignore_bogus_error_messages=1
$SYSCTL net.ipv4.tcp_syncookies=1
$SYSCTL net.ipv4.conf.all.rp_filter=1
$SYSCTL net.ipv4.conf.default.rp_filter=1
$SYSCTL kernel.exec-shield=1
$SYSCTL kernel.randomize_va_space=1

echo "Starting IPv4 Firewall..."
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X

# load modules
modprobe ip_conntrack

[ -f "$BLOCKEDIPS" ] && BADIPS=$(egrep -v -E "^#|^$" "${BLOCKEDIPS}")

# interface connected to the Internet

#Unlimited traffic for loopback

# DROP all incomming traffic

if [ -f "${BLOCKEDIPS}" ];
# create a new iptables list

for ipblock in $BADIPS
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG "
$IPT -A $SPAMLIST -s $ipblock -j DROP


# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP

# Block Fragments
$IPT -A INPUT -i ${PUB_IF} -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP

# Block bad stuff
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Allow full outgoing connection but no incomming stuff

# Allow ssh
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 22 -j ACCEPT

# Allow http / https (open port 80 / 443)
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 80 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 443 -j ACCEPT

# allow incomming ICMP ping pong stuff
$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -i ${PUB_IF} -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow port 53 tcp/udp (DNS Server)
$IPT -A INPUT -i ${PUB_IF} -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -i ${PUB_IF} -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -i ${PUB_IF} -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open port 110 (pop3) / 143
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 110 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 143 -j ACCEPT

##### Add your rules below ######
##### END your rules ############

# Do not log smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i ${PUB_IF} --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i ${PUB_IF} --dport 137:139 -j REJECT

# log everything else and drop

exit 0