Friday, November 13, 2009

Troubleshooting SMTP Servers

$ telnet localhost 25
mail from:
rcpt to:
250 2.1.5 Ok
Subject: SMTP testing
Greetings from me
221 2.0.0 Bye
Connection closed by foreign host.

$ telnet localhost 25
telnet: Unable to connect to remote host: Connection refused
That means the server is not running, which you can confirm with Netstat:
# netstat -pant|grep :25
If it returns nothing, your SMTP server is not running

Tuesday, October 27, 2009

How to kill remote session via command line

C:\Documents and Settings\datagram>qwinsta /server:10.10.10.x


console 0 Conn wdcon

rdp-tcp 65536 Listen rdpwd

rdp-tcp#4 datagram 1 Active rdpwd

administrator 2 Disc rdpwd

C:\Documents and Settings\datagram>rwinsta rdp-tcp#4 /server:10.10.10.x

Monday, October 26, 2009

Remotely Start/Stop windows services

Two ways.

1. sc \\"+MachineName+ start+ServiceName

  • To start a service, type:

    net startservice

  • To stop a service, type:

    net stopservice

Sunday, October 25, 2009

Error: Service 'RemoteRegistry' failed to reach status 'Stopped' on this server.

When installing exchange 2007 sp2

In the services manager set Remote Registry to "Disabled" then reboot.
When the workstation has restarted open the services manager and set it to "auto" or "manual" then try the install again.

Saturday, October 24, 2009

attempting to load a 64-bit application however this cpu is not compatible with 64-bit mode

Solution to this problem.

1. Check your server BIOS settings and enable Virtualization.

2.There is no 64bit support for VMI. VMI is not compatible with 64bit guests.
You must disable VMI to power on this 64bit guest operating systems.
To disable VMI:
  1. Choose the virtual machine in VMware Infrastructure Client.
  2. Click Edit Settings > Options > Advanced.
  3. Deselect Paravirtualization.

Tuesday, October 20, 2009

IP/Port Blocking

Q. All machines with IP range 10.10.10.x should have access to Port 80 on
(Machine 10.10.10.xx). and rest all should be blocked.


iptables -A INPUT -s -p tcp --destination-port 80 -j
iptables -A INPUT -p tcp --destination-port 80 -j DROP

Via Hosts

in hosts.allow

in hosts.deny
80: ALL

Wednesday, October 14, 2009

Count Disk Space

To show the size of all sub directories of a specific directory
du -sh /home/*
du /path/to/dir --max-depth=1 | sort -nr
du -sh
df -h /path/to/dir
To show all the 1 level sub directories size
du -sh *
To show the size of specific directory
du -sh /home

Wednesday, September 23, 2009

sudo: sorry, you must have a tty to run sudo

1. visudo
2. comment out # Defaults requiretty
3. it is always better that you block this for a particular user e.g
4.Defaults:backupuser !requiretty

here is the man page for quick reference

Monday, August 17, 2009

How to use "noatime" option in linux ext3 filesystem for better performance of I/O

use the 'noatime' option:
  • Edit the file '/etc/fstab'
  • Add the option 'noatime', separated with a comma, to the fourth field of every disk based filesystem entry
  • Save the file and reboot (or remount all the filesystems corresponding to the modified entries (using the command: mount -o remount ))

Most Linux desktop and server is hurt by a noticeable IO performance slowdown due
to the constant atime updates, while there's just two or three real users of it:
tmpwatch [which can be configured to use ctime so it's not a big issue]
and some backup tools.
and mail-notify.

proc /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/md0 /boot ext3 defaults 0 0
/dev/md1 none swap sw 0 0
/dev/md2 / ext3 defaults,noatime 0 0

Also in addition to this

if you put your swap partition at the beginning of the drive it will give some improvement.
The beginning of the drive is physically located on the outer portion of the cylinder, and the read/write head can cover
much more ground per revolution.
You can check that with /sbin/hdparm -t /dev/sda1 or sda2 etc etc command.

Tuesday, August 11, 2009

DoS-denial attacks

How to Prevent it in linux

Add these lines to the end of /etc/rc.d/rc.local

######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps

echo 64000 > /proc/sys/fs/file-max

ulimit -n 64000

# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
echo 0 > $i

# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
echo 1 > $i

##### End


1. Add a user
#useradd -g users admin
#passwd admin

2. #visudo
here insert the below line in the end.

with NOPASSWD it will not prompt for admin users password

Now if you want to give permissions to just few services instead of full privilege

1. #visudo
2. admin ALL=(root) NOPASSWD: /etc/init.d/postgresql

Save and Exit as :wq
# sudo /etc/init.d/postgresql start
will start the postgresql service without asking your password.

Now if you want to prohibit a users for accessing few services say shell, su,passwd or visudo


Monday, August 3, 2009

Folder Access outside document root in apache

Say you have a folder with name "web" under /home

Give permission to that folder with the Apache user and group and under httpd.conf file add the below lines.

“Directories need to be executable by the Apache user, so that Apache can get listings of the files in the directory, and display the documents located in that directory”

Alias /web /home/web

Directory "/home/web">
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
AllowOverride None
Allow from all
Order allow,deny

Thursday, June 11, 2009

restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory

How to fix this.

(1) rm /etc/sysconfig/networking/profiles/default/resolv.conf
(2) restorcon /etc/resolv.conf
(3) ln -s /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf

Actually this is a bug in policycoreutils package and now have been Fixed in policycoreutils-2.0.57-16

Wednesday, June 10, 2009

How to Start Fedora Directory Server Manually

Go to /opt/fedora-ds
1.[root@vfds fedora-ds]# slapd-vfds/start-slapd

give userName and Password here....

Tuesday, June 9, 2009

How to Install VMware-Tools on CentOS 5.3

1. Open the VMware Console
2.Click on VM
3.Select "Install VMware Tools"
4.This will mount the VMware tools to the CD-ROM automatically
5. run "rpm -ivh VMwareTools-6.x.x-xxxx.i386.rpm"
6. Run this script ""
7.reboot the machine

Tuesday, June 2, 2009


• ESX Server Networking
• Virtual Switches
• Virtual Switches and VLANS

How virtual machines communicate with rest of the appliance in network.

Why we need virtual networking
==> Each device requires a NIC, this NIC allow a device to communicate with rest of the devices in the network. With the introduction of virtualization in Vmware we have one big host which is physical device and several machines running on that physical host . And in a traditional sense you would need a NIC card for every virtual machine to allow connectivity to rest of the network , and it does not make sense to make 20-30 nic cards for virtual machines and this is where the concept of virtual switch comes into play.

A virtual switch mimics a physical switch except it is a software based and it will have ports in it and these ports can be added or deleted. You can have upto 1016 ports on a virtual switch.

The idea here is to connect one or more physical nic cards to this virtual switch, the virtual switch is server by one or more physical nic cards.

So we connect the VM machines nic with the virtual switch ports and virtual switch gives the connectivity to the outside world via physical NIC.

In the above scenario both vm are connected with the virtual switch and VS is not connected with any physical NIC. So they can talk to each other only and this is perfect for testing only.

Next Scenario

One virtual switch with one physical nic.
As we gave physical connectivity so you can do traffic shaping.

Another scenario

Advantage is redundancy as you have multiple nic card.

One more scenario


There are 3 types of port configuration that can we done on a virtual switch
• Service console
• Vmkernel : vmotion,iscsi, nfs/nas
• Virtual machines

On the same virtual switch you can have one or more port types ,
You can have virtual switch that supports port for the service console and also for vm for example or each virtual switch can have its own port types so all the ports on this virtual switch will only support virtual machines or service console or vmkernel.

Rolling Failover
No:= in the event that a physical nic card goes down and another nic card takes over its place continues production, after the failed nic card comes back online if this setting is sets to NO then the failed nic card that just came online will tackle the existing nic card will take its place and return to the servicing production.
If it is set to
YES: then the failed nic card remains offline even after it recovers from the failure that it experience and it will not take over the currently active nic card until the event another failure happens.

Network Failover Detection:-
Link state only--> if the failure is from switch end then the esx server will not able to know that
Becon Probing--> it will notify the esx that link from switch is down

• Service network restart ---when you want to change the ip address of service console
• Ifconfig --
• Findnic -- able to map the way esx server labels the vm nic to the actual physical nic.
• Mii-tool -- used to configure or modify nic settings from command line stand point from vm

Monday, April 20, 2009

Virtualization – Where, When, Why - Part 1

- Make efficient use of hardware

- Consolidation of servers

- Consolidation of desktops

Testing /QA and Development Environment

- Network isolation

- Snapshots

- Fast OS/Application Deployment

Disaster Recovery

- Hardware independence

IT Administration

- Make life easier of a system administrator

- Faster OS deployment

- Faster Server Replacement

- Less hardware maintenance

Tuesday, April 14, 2009

Monitoring and system information under Linux

tail –f /var/log/messages
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)

ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy

uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system

Checking Disk Space in Linux

• ls –lSr [ it will Show files by size, biggest last ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]

Monday, April 13, 2009

RAID Concept

Raid Concept

1. Stripping

2. Mirroring

3. Parity

Stripping à process of breaking down data into pieces and distributing it across multiple disks that support a logical volume

- Better I/O performance

Mirroring -à process of writing the same data, to another “member” of the same volume simultaneously.

- Provides protection

Parity -à is the term for error checking.

Levels of RAID

RAID is s method of logically joining of two or more disks

RAID 0 : This level of RAID is a ‘normal’ file system with stripping, in which data loss is imminent with any disk failure.

- This gives good read/write performance but no recoverability.

- Minimum number of disks #2

RAID 1: Provides mirroring and hence full data redundancy.

- Mirroring, Recoverability, require write performance

- Minimum number of disks #2

RAID 5: Most common RAID implementation. Data redundancy is provided via parity calculations, but parity is stored along with the data.

- Recoverability, require read performance

- Minimum number of disks #3

Sync two servers

Let’s call the 2 servers ‘SOURCESERVER’ and ‘DESTSERVER’ for
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)

Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/ we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step ( It should look something like the following
ssh-rsa sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.

Part 2 - Creating the rsync script

Now for the rsync script.
I use a simple script such as the following
echo $’\n\n’ >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘’
Set the permissions on the file to 700.
# chmod 700
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.

Part 3 - Setting up the cron job

Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
# Run my rsync script once every hour
0 * * * * /path/to/
Your 2 servers should now be syncing the chosen directory once every hour.

Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.

Sunday, April 12, 2009

Microsoft's free XP, Office 2003 support ends April 14

If you have a Software Assurance licensing contract with Microsoft, you can buy paid support.

Windows XP SP2: Service pack will be retired on July 13, 2010.

Windows XP SP3: Service pack due to be retired two years after SP4 (if there is one) releases or in April 2014, whichever comes first.

Windows Vista Business: Free support ends on April 10, 2012; paid support ends on April 11, 2017.

Windows Vista SP1: Service pack will be retired two years after the release of SP2 (which is expected in April 2009), so likely in April 2011 (?).

Office 2003 SP3
: Service pack will be retired one year after SP4 (if there is one, which is doubtful) is released or in August 2014, whichever comes first.

Office 2007: Free support ends on April 10, 2012; paid support ends on April 11, 2017.

Office 2007 SP1: Service pack will be retired a year after SP2 debuts, so likely in April 2010 (?).

Windows Server 2008: Free support ends September 7, 2013; paid support ends October 7, 2018.