CVS doesn't really keep directories under version control. If you want to remove a directory from a project, you first remove all the files in it, then use update -P to remove the directory from the working directory.
CVS checkout and update will always check out empty directories; that's just the way CVS is built. Do an update with "-P" -- "prune" -- to remove empty directories:
cvs update -dP
(Adding "-d" will update new directories that have appeared since your last update; otherwise, CVS will ignore them.)
Cvs tends to work on a two phase approach regarding directories that's why there is a -P option for many cvs commands to "Prune empty directories".
When this has happened, e.g. want to rename a directory I've just added, I delete the directory, delete the entry for the directory in the CVS/Entries file, it'll be a line perpended with a "D".
If I've committed, I make sure my current working area that contains the empty directory/ies is all checked in. Then I blow away the part of the work area that I have added the directories to.
Ex.
/mySandbox/Project_to_remove/etc_etc
/mySandbox/Project_to_remove/emptyDir
I make sure everything is up to date in both directories containing the stuff I want to keep. I then blow away Project_to_remove from within mySandbox.
Going back and checking out the same work area, e.g. Project_to_remove will give me the work area without the empty dirs.
Or just leave everything as is and use the -P option to get CVS check everything out (or update everything) then prune out the empty dirs.
Renaming Directories
checkout the project, make the changes on the local working copy, delete the CVS project in the repository and import the changed project again.
Thursday, February 26, 2009
Wednesday, February 25, 2009
Slackware Packaging tool
Two Things You May Need
1. Swaret
2.installpkg
How to install Swaret.
-- download the Swaret from the sourceforge.net and rename it as given below
$ cp swaret-1.6.2-noarch-1.tgz.tar swaret-1.6.2-noarch-1.tgz
log in as root to install the software using the installpkg command:
# installpkg swaret-1.6.2-noarch-1.tgz
Rename the conf file located in the /etc folder:
# cp /etc/swaret.conf.new /etc/swaret.conf
installpkg
By typing installpkg [packagename].tgz you can install packages on your system.
removepkg
In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename.
upgradepkg
Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:
upgradepkg oldpackagename%newpackagename
Do not add any extra whitespace between pairs of old/new package names.
rpm2targz
Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:
rpm2targz [filename].rpm
NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).
slapt-get is a very easy command line program to help you install, remove and upgrade Slackware packages.
To list packages you already have installed: slapt-get --installed
To list packages which are now available to you: slapt-get --available
To show a packages complete description: slapt-get --show [package(s)]
To search for a package in your list: slapt-get --search [package(s)]
To install a specific package: slapt-get --install [package(s)]
If you are a bit unsure of yourself before doing the "install" step do this:
slapt-get -s --install [package(s)]
this simulates the install process without actually doing anything. You can also use "-s" to simulate an upgrade.
If an install borks your system or you decide you don't need the software any longer remove the package with:
slapt-get --remove [packages(s)]
1. Swaret
2.installpkg
How to install Swaret.
-- download the Swaret from the sourceforge.net and rename it as given below
$ cp swaret-1.6.2-noarch-1.tgz.tar swaret-1.6.2-noarch-1.tgz
log in as root to install the software using the installpkg command:
# installpkg swaret-1.6.2-noarch-1.tgz
Rename the conf file located in the /etc folder:
# cp /etc/swaret.conf.new /etc/swaret.conf
installpkg
By typing installpkg [packagename].tgz you can install packages on your system.
removepkg
In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename.
upgradepkg
Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:
upgradepkg oldpackagename%newpackagename
Do not add any extra whitespace between pairs of old/new package names.
rpm2targz
Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:
rpm2targz [filename].rpm
NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).
slapt-get is a very easy command line program to help you install, remove and upgrade Slackware packages.
To list packages you already have installed: slapt-get --installed
To list packages which are now available to you: slapt-get --available
To show a packages complete description: slapt-get --show [package(s)]
To search for a package in your list: slapt-get --search [package(s)]
To install a specific package: slapt-get --install [package(s)]
If you are a bit unsure of yourself before doing the "install" step do this:
slapt-get -s --install [package(s)]
this simulates the install process without actually doing anything. You can also use "-s" to simulate an upgrade.
If an install borks your system or you decide you don't need the software any longer remove the package with:
slapt-get --remove [packages(s)]
Tuesday, February 24, 2009
IPTABLES
The first thing most people should do is set the default policy for each inbound chain to DROP:
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
When everything is denied, you can start allowing things. The first thing to allow is any traffic for sessions which are already established:
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So as not to break any applications that communicate using the loopback address, it is usually wise to add a rule like this:
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
The next thing to do would be to allow access to specific services running on your machine. If, for example, you wanted to run a web server on your machine, you would use a rule similar to this:
# iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
This will allow access from any machine to port 80 on your machine via the ppp0 interface. You may want to restrict access to this service so that only certain machines can access it. This rule allows access to your web service from 64.57.102.34:
# iptables -A INPUT -p tcp -s 64.57.102.34 --dport 80 -i ppp0 -j ACCEPT
Allowing ICMP traffic can be useful for diagnostic purposes. To do this, you would use a rule like this:
# iptables -A INPUT -p icmp -j ACCEPT
Most people will also want to set up Network Address Translation (NAT) on their gateway machine, so that other machines on their network can access the Internet through it. You would use the following rule to do this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
You will also need to enable IP forwarding. You can do this temporarily, using the following command:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
When everything is denied, you can start allowing things. The first thing to allow is any traffic for sessions which are already established:
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So as not to break any applications that communicate using the loopback address, it is usually wise to add a rule like this:
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
The next thing to do would be to allow access to specific services running on your machine. If, for example, you wanted to run a web server on your machine, you would use a rule similar to this:
# iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
This will allow access from any machine to port 80 on your machine via the ppp0 interface. You may want to restrict access to this service so that only certain machines can access it. This rule allows access to your web service from 64.57.102.34:
# iptables -A INPUT -p tcp -s 64.57.102.34 --dport 80 -i ppp0 -j ACCEPT
Allowing ICMP traffic can be useful for diagnostic purposes. To do this, you would use a rule like this:
# iptables -A INPUT -p icmp -j ACCEPT
Most people will also want to set up Network Address Translation (NAT) on their gateway machine, so that other machines on their network can access the Internet through it. You would use the following rule to do this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
You will also need to enable IP forwarding. You can do this temporarily, using the following command:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Monday, February 23, 2009
Step by Step using SSH auth without password
SSH ver 2
You need two machine and name them as CM (Client machine) and SM(Server Machine) respectively.
Client and Server
Step 1
Login to the client linux machine 'CM' via ssh to run below command and press "ENTER"
Step 2
Generate Key Pair
[root@CM ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 57:c6:8a:a4:a2:c8:b7:39:9c:14:3c:3a:70:07:5a:9e root@CM
Above command was executed as "root" user, and same can be done as a system user as well. Command will save a public/private key pair in .ssh directory located in HOME directory of the user. As in above case, command was executed as "root" so it will save the key pair in "/root/.ssh/".
After this, you need to append pubilc key of client machine 'CM' stored in id_dsa.pub to /root/.ssh/authorized_keys file of linux server 'SM'. To achieve that, run following command from linux client 'CM'. And on the password prompt, enter the user (in this case "root") password for linux server 'SM':
Step 3
Copy Public Key to Server
[root@CM ~]# scp /root/.ssh/id_dsa.pub root@IP_ADDRESS_OF_SERVER:/tmp root@IP_ADDRESS_OF_SERVER's password: id_dsa.pub 100% 606 0.6KB/s 00:00
Now login to the server machine 'SM' and execute below command to append the pubilc file of client machine 'CM' to authorized_keys file
Append Public Key to authorized_keys in server.
[root@SERVER_HOSTNAME ~]# cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
Every thing has been setup now. For testing, run below command from client machine 'CM' to verify that you are able to login to remote linux server 'SM' without entering password.
Login to Server
[root@CM ~]# ssh IP_ADDRESS_OF_SERVER Last login: Wed Jan 1 08:02:15 2009 from IP_ADDRESS [root@SERVER_HOSTNAME ~]#
Now, you can also copy files from serve to client and vice-versa using "scp" without being prompted for password.
Benefit
Automated server backups using scripts
No need to remember passwords for multiple servers
You need two machine and name them as CM (Client machine) and SM(Server Machine) respectively.
Client and Server
Step 1
Login to the client linux machine 'CM' via ssh to run below command and press "ENTER"
Step 2
Generate Key Pair
[root@CM ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 57:c6:8a:a4:a2:c8:b7:39:9c:14:3c:3a:70:07:5a:9e root@CM
Above command was executed as "root" user, and same can be done as a system user as well. Command will save a public/private key pair in .ssh directory located in HOME directory of the user. As in above case, command was executed as "root" so it will save the key pair in "/root/.ssh/".
After this, you need to append pubilc key of client machine 'CM' stored in id_dsa.pub to /root/.ssh/authorized_keys file of linux server 'SM'. To achieve that, run following command from linux client 'CM'. And on the password prompt, enter the user (in this case "root") password for linux server 'SM':
Step 3
Copy Public Key to Server
[root@CM ~]# scp /root/.ssh/id_dsa.pub root@IP_ADDRESS_OF_SERVER:/tmp root@IP_ADDRESS_OF_SERVER's password: id_dsa.pub 100% 606 0.6KB/s 00:00
Now login to the server machine 'SM' and execute below command to append the pubilc file of client machine 'CM' to authorized_keys file
Append Public Key to authorized_keys in server.
[root@SERVER_HOSTNAME ~]# cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
Every thing has been setup now. For testing, run below command from client machine 'CM' to verify that you are able to login to remote linux server 'SM' without entering password.
Login to Server
[root@CM ~]# ssh IP_ADDRESS_OF_SERVER Last login: Wed Jan 1 08:02:15 2009 from IP_ADDRESS [root@SERVER_HOSTNAME ~]#
Now, you can also copy files from serve to client and vice-versa using "scp" without being prompted for password.
Benefit
Automated server backups using scripts
No need to remember passwords for multiple servers
Wednesday, February 11, 2009
Few Things to take care when an employee leaves
When can employee left the organization there are few things that is advised to take care.
1. Access control
It include to access to Email/Data/Office/Remote Access.
Close his/her email account and access to all third party accounts.
Take back the keys which control his/her physical access to organization.
2. Documentation/Knowledge Transfer
Documentation of employee work and projects. Take its backup at secure place.
3. Organization Assets
It includes Laptop/Desktop/Cell phone/Blackberry/Head Phones/Web Cam/key badage/Security Keys/Parking Stickers
Make a checklist of these things and recover them before employee left the organization. This work can be done by IT/HR department.
4. Exit Interview
It is a best idea to ask an employee to fill an exit form which include his view/suggestion about the organization e.g if he has some complains about the company, or want improvement in some process or have suggestion to implement some policy.
1. Access control
It include to access to Email/Data/Office/Remote Access.
Close his/her email account and access to all third party accounts.
Take back the keys which control his/her physical access to organization.
2. Documentation/Knowledge Transfer
Documentation of employee work and projects. Take its backup at secure place.
3. Organization Assets
It includes Laptop/Desktop/Cell phone/Blackberry/Head Phones/Web Cam/key badage/Security Keys/Parking Stickers
Make a checklist of these things and recover them before employee left the organization. This work can be done by IT/HR department.
4. Exit Interview
It is a best idea to ask an employee to fill an exit form which include his view/suggestion about the organization e.g if he has some complains about the company, or want improvement in some process or have suggestion to implement some policy.
Microsoft has released 4 new security bulletins.
Microsoft has released 4 new security bulletins.
MS09-002: Cumulative Security Update for Internet Explorer (961260)
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (959239)
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code
Execution (959420)
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote
Code Execution (957634)
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important
MS09-002: Cumulative Security Update for Internet Explorer (961260)
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (959239)
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code
Execution (959420)
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote
Code Execution (957634)
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important
Sunday, February 8, 2009
How to check if any user is login to CVS
If User has a password on server and repository is using pserver and using ssh for login.
Assuming the repository is using pserver (you really should use ssh)
export xorpw=`grep "$CVSROOT" ~/.cvspass |awk '{print $3}'`
if [ "$xorpw" != "A" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
With SSH
Assumption
A) $CVSROOT does not have a FQDN
B) hostname on the server does not return a FQDN
C) no username in $CVSROOT
or
D) both $CVSROOT and hostname will give you the same FQDN
If the above assumptions are wrong then script around them
MACHINE=`echo $CVSROOT |awk -F: '{print $3}'`
FROMMACHINE=`ssh $MACHINE hostname 2>/dev/null`
if [ "$FROMMACHINE" == "$MACHINE" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
Assuming the repository is using pserver (you really should use ssh)
export xorpw=`grep "$CVSROOT" ~/.cvspass |awk '{print $3}'`
if [ "$xorpw" != "A" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
With SSH
Assumption
A) $CVSROOT does not have a FQDN
B) hostname on the server does not return a FQDN
C) no username in $CVSROOT
or
D) both $CVSROOT and hostname will give you the same FQDN
If the above assumptions are wrong then script around them
MACHINE=`echo $CVSROOT |awk -F: '{print $3}'`
FROMMACHINE=`ssh $MACHINE hostname 2>/dev/null`
if [ "$FROMMACHINE" == "$MACHINE" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
Sunday, January 25, 2009
What's new in VMware version 6
• Support for windows vista- use vista as host OS
• Multiple monitor display- you can configure a VM to span multiple monitors, or multiple VMs to each display on separate monitors
• Support for USB 2.0 devices- You can now use peripheral that require high-speed performance in your VMs, such as MP3 players and fast storage devices
• VM Record/Replay-use this feature to record VM activities and be guaranteed to reproduce the exact VM state 100% of time.
• Integrated Virtual Debugger- workstation integrates with visual studio and Eclipse so you can deploy , run, and debug programs in a VM directly from your preferred IDE
• Automation APIs (VIX API 1.1)- you can write scripts and program to automate VM testing
• ACE authoring capabilities-Securely package and deploy desktop virtual machines with encryption, network access and device control, and much more. With Pocket ACE feature, deploy to a portable media device so you can take your PC with you, without the PC.
• Multiple monitor display- you can configure a VM to span multiple monitors, or multiple VMs to each display on separate monitors
• Support for USB 2.0 devices- You can now use peripheral that require high-speed performance in your VMs, such as MP3 players and fast storage devices
• VM Record/Replay-use this feature to record VM activities and be guaranteed to reproduce the exact VM state 100% of time.
• Integrated Virtual Debugger- workstation integrates with visual studio and Eclipse so you can deploy , run, and debug programs in a VM directly from your preferred IDE
• Automation APIs (VIX API 1.1)- you can write scripts and program to automate VM testing
• ACE authoring capabilities-Securely package and deploy desktop virtual machines with encryption, network access and device control, and much more. With Pocket ACE feature, deploy to a portable media device so you can take your PC with you, without the PC.
Differences between VMware workstation & Microsoft virtual PC 2007
• VMware Workstation Supports a long list of Linux versions whereas Microsoft virtual PC 2007 does not
• Has snapshot manager
• Allows you to import VMs to VMware ESX and VMware Player
• Supports 2 CPUs per VM
• Supports 64-bit Guest OS if you have a 64-bit host CPU
• Guests can use host USB ports, directly, you can play your i-pod :)
• More flexible on screen resolution
• Better performance
• More "mature", it as a lot more features in comparison to MSFT VPC 2007
• $189 Vs free, MSFT is free but all the rich feature are with VMware
• Has snapshot manager
• Allows you to import VMs to VMware ESX and VMware Player
• Supports 2 CPUs per VM
• Supports 64-bit Guest OS if you have a 64-bit host CPU
• Guests can use host USB ports, directly, you can play your i-pod :)
• More flexible on screen resolution
• Better performance
• More "mature", it as a lot more features in comparison to MSFT VPC 2007
• $189 Vs free, MSFT is free but all the rich feature are with VMware
Friday, January 23, 2009
Features of Windows Server 2008
Windows Server 2008 is the most advanced Windows Server operating system yet.
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications.
Virtualization built-in
Windows Server Hyper-V, the next-generation hypervisor-based server virtualization technology, allows you to make the best use of your server hardware investments by consolidating multiple server roles as separate virtual machines running on a single physical machine. You can also efficiently run multiple operating systems - Windows, Linux, and others – in parallel on a single server. With Hyper-V and simple licensing policies, it's now easier than ever to take advantage of the cost savings of virtualization.
Applications can also be efficiently virtualized using Windows Server 2008 centralized application access technologies. Terminal Services Gateway and Terminal Services RemoteApp allow easy remote access to standard Windows-based programs from anywhere by running them on a terminal server instead of directly on a client computer - without the need for a complicated virtual private network (VPN).
Built for the web
Windows Server 2008 comes with Internet Information Services 7.0 (IIS 7.0), a Web server and security-enhanced, easy-to-manage platform for developing and reliably hosting Web applications and services. A major enhancement to the Windows Web platform, IIS 7.0 includes a componentized architecture for greater flexibility and control. IIS 7.0 also provides simplified management, powerful diagnostic and troubleshooting capabilities that save time, and comprehensive extensibility.
Internet Information Server IIS 7.0 together with the .NET Framework 3.0 provides a comprehensive platform for building applications that connect users and data, enabling them to visualize, share, and act on information. Additionally, IIS 7.0 plays a central role in unifying Microsoft's Web platform technologies—ASP.NET, Windows Communication Foundation Web services, and Windows SharePoint Services.
High performance computing
The benefits and cost savings of Windows Server 2008 extend to Windows HPC Server 2008 for your high performance computing (HPC) environment. Windows HPC Server 2008 is built on Windows Server 2008, x64-bit technology and can efficiently scale to thousands of processing cores with out-of-the-box functionality to improve the productivity, and reduce the complexity of your HPC environment. Windows HPC Server 2008 enables broader adoption by providing a rich and integrated end-user experience that scales from the desktop application to the clusters, and includes a comprehensive set of deployment, administration, and monitoring tools that are easy to deploy, manage, and integrate with your existing infrastructure.
High security
Windows Server 2008 is the most secure Windows Server yet. The operating system has been hardened to help protect against failure and several new technologies help prevent unauthorized connections to your networks, servers, data, and user accounts. Network Access Protection (NAP) helps ensure that computers that try to connect to your network comply with your organization's security policy. Technology integration and several enhancements make Active Directory services a potent unified and integrated Identity and Access (IDA) solution. And Read-Only Domain Controller (RODC) and BitLocker Drive Encryption allow you to more securely deploy your AD database at branch office locations.
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications.
Virtualization built-in
Windows Server Hyper-V, the next-generation hypervisor-based server virtualization technology, allows you to make the best use of your server hardware investments by consolidating multiple server roles as separate virtual machines running on a single physical machine. You can also efficiently run multiple operating systems - Windows, Linux, and others – in parallel on a single server. With Hyper-V and simple licensing policies, it's now easier than ever to take advantage of the cost savings of virtualization.
Applications can also be efficiently virtualized using Windows Server 2008 centralized application access technologies. Terminal Services Gateway and Terminal Services RemoteApp allow easy remote access to standard Windows-based programs from anywhere by running them on a terminal server instead of directly on a client computer - without the need for a complicated virtual private network (VPN).
Built for the web
Windows Server 2008 comes with Internet Information Services 7.0 (IIS 7.0), a Web server and security-enhanced, easy-to-manage platform for developing and reliably hosting Web applications and services. A major enhancement to the Windows Web platform, IIS 7.0 includes a componentized architecture for greater flexibility and control. IIS 7.0 also provides simplified management, powerful diagnostic and troubleshooting capabilities that save time, and comprehensive extensibility.
Internet Information Server IIS 7.0 together with the .NET Framework 3.0 provides a comprehensive platform for building applications that connect users and data, enabling them to visualize, share, and act on information. Additionally, IIS 7.0 plays a central role in unifying Microsoft's Web platform technologies—ASP.NET, Windows Communication Foundation Web services, and Windows SharePoint Services.
High performance computing
The benefits and cost savings of Windows Server 2008 extend to Windows HPC Server 2008 for your high performance computing (HPC) environment. Windows HPC Server 2008 is built on Windows Server 2008, x64-bit technology and can efficiently scale to thousands of processing cores with out-of-the-box functionality to improve the productivity, and reduce the complexity of your HPC environment. Windows HPC Server 2008 enables broader adoption by providing a rich and integrated end-user experience that scales from the desktop application to the clusters, and includes a comprehensive set of deployment, administration, and monitoring tools that are easy to deploy, manage, and integrate with your existing infrastructure.
High security
Windows Server 2008 is the most secure Windows Server yet. The operating system has been hardened to help protect against failure and several new technologies help prevent unauthorized connections to your networks, servers, data, and user accounts. Network Access Protection (NAP) helps ensure that computers that try to connect to your network comply with your organization's security policy. Technology integration and several enhancements make Active Directory services a potent unified and integrated Identity and Access (IDA) solution. And Read-Only Domain Controller (RODC) and BitLocker Drive Encryption allow you to more securely deploy your AD database at branch office locations.
Monday, January 19, 2009
How to Reset Bugzilla Password (after version 3.2)
./checksetup.pl --reset-password=user@domain.com
or if u know the password of any account, make that user as admin
./checksetup.pl --make-admin=user@domain.com
or if u know the password of any account, make that user as admin
./checksetup.pl --make-admin=user@domain.com
Sunday, January 11, 2009
Thin Clients Vs Desktops
It is cheaper than conventional PC by 20-30%.
Works on just 40W power and is really sleek to occupy very less desktop space
COST:
- No Hard Disk or any other media required.
- Low Hardware configuration requirement
- No UPS required on nodes.
- Never require an upgrade on the nodes.
- Reduced Power consumption on Nodes
CONVENIENCE & MANAGEABILITY:
- No Disk Crashes.
- No Virus Problems to be fought on each desktop.
- Practically Zero Down times.
- Easy Software Maintenance.
- Low Maintenance as no moving parts left
CONTROL:
- Easy and better Administration.
- Centralized Data Control and accumulation.
- Software licensing and control.
- User Rights, policy deployment as per the Domain Controller setting up
FLEXIBILITY:
- User can switch machines without any problem.
- Setting up a new user is a breeze. Less than 10 minutes of installation time.
- Can support local printer, CD Drives and USB devices (No sound and webcam).
SCALABILITY:
- You can use thin client to expand as you grow. No limit on no of machines which can be configured in Thin Client.
- Can make Server Clusters to expand into multiple server solution.
PERFORMANCE:
- All machines work at the performance of the Server.
- Low Network traffic.
- Applications like Tally work better than even the normal client-server.
Works on just 40W power and is really sleek to occupy very less desktop space
COST:
- No Hard Disk or any other media required.
- Low Hardware configuration requirement
- No UPS required on nodes.
- Never require an upgrade on the nodes.
- Reduced Power consumption on Nodes
CONVENIENCE & MANAGEABILITY:
- No Disk Crashes.
- No Virus Problems to be fought on each desktop.
- Practically Zero Down times.
- Easy Software Maintenance.
- Low Maintenance as no moving parts left
CONTROL:
- Easy and better Administration.
- Centralized Data Control and accumulation.
- Software licensing and control.
- User Rights, policy deployment as per the Domain Controller setting up
FLEXIBILITY:
- User can switch machines without any problem.
- Setting up a new user is a breeze. Less than 10 minutes of installation time.
- Can support local printer, CD Drives and USB devices (No sound and webcam).
SCALABILITY:
- You can use thin client to expand as you grow. No limit on no of machines which can be configured in Thin Client.
- Can make Server Clusters to expand into multiple server solution.
PERFORMANCE:
- All machines work at the performance of the Server.
- Low Network traffic.
- Applications like Tally work better than even the normal client-server.
Wednesday, January 7, 2009
How to Deploy CVS (Concurrent Versions System)
CVS is a version control system, an important component of Source Configuration Management (SCM). Using it, you can record the history of sources files, and documents.
Client Server Architecture:-
CVS uses client-server architecture: a server stores the current version(s) of the project and its history, and clients connect to the server in order to check out a complete copy of the project, work on this copy and then later check in their changes. Typically, client and server connect over a LAN or over the Internet, but client and server may both run on the same machine if CVS has the task of keeping track of the version history of a project with only local developers.
Terminology
A single project (set of related files) managed by CVS is called a module. A CVS server stores the modules it manages in its repository. Acquiring a copy of a module is called checking out. The checked out files serve as a working copy. One's changes to the working copy will be reflected in the repository by committing them. To update is to acquire the latest changes from the repository in the working copy.
• 'Module' - a particular set of files kept in CVS.
• 'Repository' - Location on CVS server where modules are kept.
• 'Revision' - A certain version of a file.
• 'Tag' - A certain milestone in a file or module's development.
• 'Branch' - A 'fork' of the module.
How to install CVS
On RPM based distribution you can use YUM or RPM to install CVS.
rpm -ivh cvs
or
yum install cvs
Then you need to create a user who is responsible for cvs management.
User Creation:-
There are many ways of user creation in cvs.
The CVS server can be made to authenticate from a password file in the CVSROOT module. All you need to do is add a file into the CVSROOT module. Create a file in there, called 'passwd'.
Entries in this file should be of the form:
desiredusername:EnCrYpTeDpAsSwOrD:realuser
The first’s entry in this colon-separated list is the desired username to allow. The second entry is the password for that user, done in standard unix crypt() format. The third entry is the real UNIX user on the server that file operations will be done as (so, you can set up a user that can write to just the repository and nothing else). If you have apache installed, there's a utility called 'htpasswd' which can generate the first 2 fields for you. You can then add the third field manually.
htpasswd /cvs/reposName/CVSROOT/passwd
User Deletion
For user deletion simply go to the CVSROOT passwd file and remove the user name from there.
For disabling the user put a hash (#) make in front for the username.
Creating a Repository
Create a 'cvsadmin' user #adduser cvsadmin
Login as 'cvsadmin'
here pathToHomeDirectory is the path of repos wherever you want to be (you must have write permission to that location)
-d is for directory
It will create a CVSROOT folder under the reposName which contains various administrative files which controls CVS behavior
Deleting a Repository
It is as simple as
1. #rm –rf #RepositoryName# (But it is not recommended)
2.
cvs remove -f file_nolonger_needed
cvs commit
this will mark the file in the repository as removed at the current and into the future, and it will remove the file from your current sandbox.
You should be aware that directories are not really managed by CVS so you can't remove them, but if you remove everything in them and use the -P on updates they are effectively removed.
Authentication:-
When a remote cvs client uses the pserver method to connect to a repository, the client is actually contacting a specific port number 2401. It is default port for cvs pserver.
The server will start as soon as it see a connection request from the client.
Put a line in the /etc/services as
Cvspserver 2401/tcp
Now for authenticating you have to manually create “passwd” files under the CVSROOT.
Its format should be like this :-
::
If you want to give read or write access separately then you have to create two more files under CVSROOT manually named as “readers” and “writers”.
Readers contains list of users who can only read the repository
Writers contains list of users who can read and write the repository
** If same username listed on both the files then cvs gives him only read only access to the repository
User Privileges
Next thing you might want to do is only allow specific users (i.e. your developers) to write to the CVS repository.
To allow only certain users write access to the repository, place their usernames in a file called 'writers' in the CVSROOT module
Backing up a repository
There is nothing particularly magical about the files in the repository; for the most part it is possible to back them up just like any other files but make sure that no one is working at that time.
tar -cf #backupName.tar
Create a file "cvs" under xinetd.d as shown below.
[cvs@cvs ~]# cat /etc/xinetd.d/cvs
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = no
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
Tips:-
1. Replace bind =127.0.0.1 with the actual IP of your server.
2. If you want to get the logs in a separate file then define that as well. eg. log_type = FILE /var/log/cvspserver
Restart the xinetd server
service xinetd restart
Client Server Architecture:-
CVS uses client-server architecture: a server stores the current version(s) of the project and its history, and clients connect to the server in order to check out a complete copy of the project, work on this copy and then later check in their changes. Typically, client and server connect over a LAN or over the Internet, but client and server may both run on the same machine if CVS has the task of keeping track of the version history of a project with only local developers.
Terminology
A single project (set of related files) managed by CVS is called a module. A CVS server stores the modules it manages in its repository. Acquiring a copy of a module is called checking out. The checked out files serve as a working copy. One's changes to the working copy will be reflected in the repository by committing them. To update is to acquire the latest changes from the repository in the working copy.
• 'Module' - a particular set of files kept in CVS.
• 'Repository' - Location on CVS server where modules are kept.
• 'Revision' - A certain version of a file.
• 'Tag' - A certain milestone in a file or module's development.
• 'Branch' - A 'fork' of the module.
How to install CVS
On RPM based distribution you can use YUM or RPM to install CVS.
rpm -ivh cvs
or
yum install cvs
Then you need to create a user who is responsible for cvs management.
User Creation:-
There are many ways of user creation in cvs.
The CVS server can be made to authenticate from a password file in the CVSROOT module. All you need to do is add a file into the CVSROOT module. Create a file in there, called 'passwd'.
Entries in this file should be of the form:
desiredusername:EnCrYpTeDpAsSwOrD:realuser
The first’s entry in this colon-separated list is the desired username to allow. The second entry is the password for that user, done in standard unix crypt() format. The third entry is the real UNIX user on the server that file operations will be done as (so, you can set up a user that can write to just the repository and nothing else). If you have apache installed, there's a utility called 'htpasswd' which can generate the first 2 fields for you. You can then add the third field manually.
htpasswd /cvs/reposName/CVSROOT/passwd
User Deletion
For user deletion simply go to the CVSROOT passwd file and remove the user name from there.
For disabling the user put a hash (#) make in front for the username.
Creating a Repository
Create a 'cvsadmin' user #adduser cvsadmin
Login as 'cvsadmin'
cvs -d <#pathToHomeDirectory#> init here pathToHomeDirectory
-d is for directory
It will create a CVSROOT folder under the reposName which contains various administrative files which controls CVS behavior
Deleting a Repository
It is as simple as
1. #rm –rf #RepositoryName# (But it is not recommended)
2.
cvs remove -f file_nolonger_needed
cvs commit
this will mark the file in the repository as removed at the current and into the future, and it will remove the file from your current sandbox.
You should be aware that directories are not really managed by CVS so you can't remove them, but if you remove everything in them and use the -P on updates they are effectively removed.
Authentication:-
When a remote cvs client uses the pserver method to connect to a repository, the client is actually contacting a specific port number 2401. It is default port for cvs pserver.
The server will start as soon as it see a connection request from the client.
Put a line in the /etc/services as
Cvspserver 2401/tcp
Now for authenticating you have to manually create “passwd” files under the CVSROOT.
Its format should be like this :-
If you want to give read or write access separately then you have to create two more files under CVSROOT manually named as “readers” and “writers”.
Readers contains list of users who can only read the repository
Writers contains list of users who can read and write the repository
** If same username listed on both the files then cvs gives him only read only access to the repository
User Privileges
Next thing you might want to do is only allow specific users (i.e. your developers) to write to the CVS repository.
To allow only certain users write access to the repository, place their usernames in a file called 'writers' in the CVSROOT module
Backing up a repository
There is nothing particularly magical about the files in the repository; for the most part it is possible to back them up just like any other files but make sure that no one is working at that time.
tar -cf #backupName.tar
Create a file "cvs" under xinetd.d as shown below.
[cvs@cvs ~]# cat /etc/xinetd.d/cvs
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = no
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
Tips:-
1. Replace bind =127.0.0.1 with the actual IP of your server.
2. If you want to get the logs in a separate file then define that as well. eg. log_type = FILE /var/log/cvspserver
Restart the xinetd server
service xinetd restart
Tuesday, January 6, 2009
How to do DNS Load Balancing
There are many ways to do this. The simplest one is DNS Round-Robin
Say you have a website abc.com and you want to load balance its traffic with 3 servers.
Use the BIND, it is installed by default in almost every Linux distribution.
wwwabc1 IN A x.x.x.1
wwwabc2 IN A x.x.x.2
wwwabc3 IN A x.x.x.3
just configure web server wwwtest1/wwwtest2/wwwtest3 as you do in your DNS.
Then you need to add the below entry for load balancing.
www IN A x.x.x.1
www IN A x.x.x.2
www IN A x.x.x.3
Now the DNS will load balance the traffic across the 3 servers.
Though it is not the best way to do the load balance but it works fine and you can get good results.
You can do that Via Apache Web Server as well by the help of mod_rewrite and its proxy throughput feature. lbnamed is a good program for this job
for this , add the below line in DNS.
www IN CNAME wwwabc1.abc.com.
Then configure this machine so all arriving URLs are just pushed through the internal proxy to one of the three other servers wwwabc1/wwwabc2/wwwabc3.
The below rule set will do the job.
RewriteEngine on
RewriteMap lb prg:/path/to/lb.pl
RewriteRule ^/(.+)$ ${lb:$1} [P,L]
There is a script given for this at http://www.stanford.edu/manual/rewrite/rewrite_guide_advanced.html
Say you have a website abc.com and you want to load balance its traffic with 3 servers.
Use the BIND, it is installed by default in almost every Linux distribution.
wwwabc1 IN A x.x.x.1
wwwabc2 IN A x.x.x.2
wwwabc3 IN A x.x.x.3
just configure web server wwwtest1/wwwtest2/wwwtest3 as you do in your DNS.
Then you need to add the below entry for load balancing.
www IN A x.x.x.1
www IN A x.x.x.2
www IN A x.x.x.3
Now the DNS will load balance the traffic across the 3 servers.
Though it is not the best way to do the load balance but it works fine and you can get good results.
You can do that Via Apache Web Server as well by the help of mod_rewrite and its proxy throughput feature. lbnamed is a good program for this job
for this , add the below line in DNS.
www IN CNAME wwwabc1.abc.com.
Then configure this machine so all arriving URLs are just pushed through the internal proxy to one of the three other servers wwwabc1/wwwabc2/wwwabc3.
The below rule set will do the job.
RewriteEngine on
RewriteMap lb prg:/path/to/lb.pl
RewriteRule ^/(.+)$ ${lb:$1} [P,L]
There is a script given for this at http://www.stanford.edu/manual/rewrite/rewrite_guide_advanced.html
HTTP TO HTTPS redirect in Apache
Open your httpd.conf file and append the lines given below.
---------------------------------------------------------------
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
----------------------------------------------------------------
Now restart your apache server.
Below are the link for reference.
http://httpd.apache.org/docs/2.2/misc/rewriteguide.html
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
---------------------------------------------------------------
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
----------------------------------------------------------------
Now restart your apache server.
Below are the link for reference.
http://httpd.apache.org/docs/2.2/misc/rewriteguide.html
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
Managing Remote/Branch office
If a company has multiple small or medium remote offices then it is a challenge to manage the remote team and office infrastructure.
Major Challenge includes:
a. IT support and solutions
b. Technology Challenges
c. Remote team interaction and management challenges
IT infrastructure acts as both the essential foundation for all of your Business’s systems and applications.
A bad IT service for an office site office can result in reduced productivity, loss in business, dissatisfied customer/staff.
If the remote office is small then it is hard to provide them a permanent IT staff and then it can lead to poor IT service.
Things one should take care while managing remote office would be.
1. Bandwidth/Connectivity: -Reliable connectivity is the most crucial component for any remote office. Count on good ISP and better SLA. A site to site VPN is must for security reason between head office and branch office.
2. Manage System Centrally:- IT can save cost for onsite IT staff
3. Use SaaS Model: - you can use hosted application to increase productivity. There are many companies which are offering complete productivity suite which include mailing, calendaring, File/Data sharing, ERP, CRM via Saas. Examples are Net Suite, Sales force, Microsoft.
4. Security Software/Hardware: - Access control system for staff entry/exit, anti-virus for their desktop/laptop, Intrusion detection system for network. Deployment of security software/hardware to remote office can help to protect the remote office effectively.
5. Telecommunication: - By the user of smart phone or Blackberry you can do emails, you can call, you can schedule meetings, which is a great relief for a mobile staff and all on the real time with no delay. Example windows smart phone/Blackberry
6. Teleconference: - Teleconference allows multiple users to dial into a central number. You can host it internally like Asterisk VOIP Solution or can use hosting service. Skype is also a good service if you want to use with budgeted solution. It is real time and you can make quick decisions.
7. Web conference: - it is a program that can help you see other user desktop or shared space. It is a real time online meeting space. It is very useful for demos and presentations . You can use VOIP to add the voice as well. Examples are NetMeeting,WebEx
8. Video conference:-it is an alternative to meet the users/stall in person. Save a lot of travel time. Example :- Polycom http://www.polycom.com/usa/en/products/telepresence_video/video_conference_systems/room_systems/index.html
9. Information Sharing/Gathering:-you can use Twiki for knowledge sharing and documentation across teams and organization. It is like a document repository for an organization. Other options are wiki /SharePoint portal/CRM/
10. Instant Messaging: - It sends and receives written messages within a single pop-up screen shared by two or more users; it could be the fastest way for discussion in written form. It is faster than email and you can see who is online/offline. A webcam is additional advantage to this. You can see the person to whom you are interacting. If org can afford then they can deploy there in house chat service like Jabber. You can organize it by creating room per team, per project or per office .Examples is Jabber/Yahoo/MSN/Gtalk.
11. Leverage VMware Virtualization technology/ Citrix for remote and branch office :-
Remote sites such as regional offices, retail stores and bank branches present unique challenges for IT organizations. Management complexity, inadequate infrastructure and a lack of administrative resources can make it difficult for companies to deliver consistent and scalable IT services to their remote offices in a timely manner. Virtualization is a great way to address these issues, and VMware offers solutions for remote and branch office management that will help you: http://www.vmware.com/solutions/remoteoffice/
12. Email Infrastructure/mailing lists: - Mail is the primary mode of communication in the corporate world now. Mailing lists are also time tested tool for communication. Organize mailing list per project/team and send updates. You can archive the communication as well. Ex. Exchange/Sendmail/MailMan
13. Code Sharing/Bug Database: - If the organization is in software filed then they could have a centralized repository of the source code the engineers are writing. Examples of software are , CVS/SVN. And for filling the bugs one can use Bugzilla/JIRA application.
14. Tools for Home Office Support:- You may need to give home office support as well, in that time pcanywhere/vnc/teamviewer tools are quite handy. You can login to user machine without VPN.
Major Challenge includes:
a. IT support and solutions
b. Technology Challenges
c. Remote team interaction and management challenges
IT infrastructure acts as both the essential foundation for all of your Business’s systems and applications.
A bad IT service for an office site office can result in reduced productivity, loss in business, dissatisfied customer/staff.
If the remote office is small then it is hard to provide them a permanent IT staff and then it can lead to poor IT service.
Things one should take care while managing remote office would be.
1. Bandwidth/Connectivity: -Reliable connectivity is the most crucial component for any remote office. Count on good ISP and better SLA. A site to site VPN is must for security reason between head office and branch office.
2. Manage System Centrally:- IT can save cost for onsite IT staff
3. Use SaaS Model: - you can use hosted application to increase productivity. There are many companies which are offering complete productivity suite which include mailing, calendaring, File/Data sharing, ERP, CRM via Saas. Examples are Net Suite, Sales force, Microsoft.
4. Security Software/Hardware: - Access control system for staff entry/exit, anti-virus for their desktop/laptop, Intrusion detection system for network. Deployment of security software/hardware to remote office can help to protect the remote office effectively.
5. Telecommunication: - By the user of smart phone or Blackberry you can do emails, you can call, you can schedule meetings, which is a great relief for a mobile staff and all on the real time with no delay. Example windows smart phone/Blackberry
6. Teleconference: - Teleconference allows multiple users to dial into a central number. You can host it internally like Asterisk VOIP Solution or can use hosting service. Skype is also a good service if you want to use with budgeted solution. It is real time and you can make quick decisions.
7. Web conference: - it is a program that can help you see other user desktop or shared space. It is a real time online meeting space. It is very useful for demos and presentations . You can use VOIP to add the voice as well. Examples are NetMeeting,WebEx
8. Video conference:-it is an alternative to meet the users/stall in person. Save a lot of travel time. Example :- Polycom http://www.polycom.com/usa/en/products/telepresence_video/video_conference_systems/room_systems/index.html
9. Information Sharing/Gathering:-you can use Twiki for knowledge sharing and documentation across teams and organization. It is like a document repository for an organization. Other options are wiki /SharePoint portal/CRM/
10. Instant Messaging: - It sends and receives written messages within a single pop-up screen shared by two or more users; it could be the fastest way for discussion in written form. It is faster than email and you can see who is online/offline. A webcam is additional advantage to this. You can see the person to whom you are interacting. If org can afford then they can deploy there in house chat service like Jabber. You can organize it by creating room per team, per project or per office .Examples is Jabber/Yahoo/MSN/Gtalk.
11. Leverage VMware Virtualization technology/ Citrix for remote and branch office :-
Remote sites such as regional offices, retail stores and bank branches present unique challenges for IT organizations. Management complexity, inadequate infrastructure and a lack of administrative resources can make it difficult for companies to deliver consistent and scalable IT services to their remote offices in a timely manner. Virtualization is a great way to address these issues, and VMware offers solutions for remote and branch office management that will help you: http://www.vmware.com/solutions/remoteoffice/
12. Email Infrastructure/mailing lists: - Mail is the primary mode of communication in the corporate world now. Mailing lists are also time tested tool for communication. Organize mailing list per project/team and send updates. You can archive the communication as well. Ex. Exchange/Sendmail/MailMan
13. Code Sharing/Bug Database: - If the organization is in software filed then they could have a centralized repository of the source code the engineers are writing. Examples of software are , CVS/SVN. And for filling the bugs one can use Bugzilla/JIRA application.
14. Tools for Home Office Support:- You may need to give home office support as well, in that time pcanywhere/vnc/teamviewer tools are quite handy. You can login to user machine without VPN.
Thursday, October 23, 2008
Know your TCP/UDP port processes
Netstat is your friend to know what process are using TCP and UDP ports on your machine.
there are many different switches for this.
e.g
netstat \? >> it will show you all the switches/options that netstat have
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Example
netstat -an ==>shows address and port in numerical form
netstat -ano ==> show all process ID associated with each connection
netstat -rn ==>show routing table
netstat -vb ==>show sequence of connection and listening port of all
executable
Best use of this command is
netstat -tnlp
there are many different switches for this.
e.g
netstat \? >> it will show you all the switches/options that netstat have
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Example
netstat -an ==>shows address and port in numerical form
netstat -ano ==> show all process ID associated with each connection
netstat -rn ==>show routing table
netstat -vb ==>show sequence of connection and listening port of all
executable
Best use of this command is
netstat -tnlp
Thursday, October 16, 2008
Nagios Step by Step
Nagios is a network monitoring application that helps an administrator to detect the faults in network components.
Nagios is a feature rich application and some of them are as below:
1. Monitoring of Network Services (like http, ftp, smtp, dns, ping, etc)
2. Monitoring of Host Resources (like CPU, RAM, HDD, etc.)
3. Monitoring of Environmental Factors
4. Users can design their own service checks
5. Sending e-notifications during faults or outage
6. Log rotation
7. Support for redundant monitoring hosts implementation
8. Access Web Interface
Installation on CentOS5
1. download the nagios by weget command
2.install the rpm by #rpm -ivh
or
yum would be your best friend in RedHat based distributions
login by root user and give the below command and wait for the magic :)
#yum install nagios nagios-plugins nagios-plugins-nrpe nagios-devel
Once done successfully you will find "nagios.conf" file in "conf.d" directory of apache.
create a user for nagios administration, you may not want to root user for administration. say the userName is nagiosadmin
pass the below command at root prompt:
#htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin
Now
Edit the below file:
"/etc/nagios/cgi.cfg" >> you can use vi or emacs or nano editor
make the below changes to this file
use_authentication=1
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
Now
You may want to take backup of of the "localhost.cfg" in "/etc/nagios" to "localhost.cfg.backupOriginal"
#cd /etc/nagios
#mv localhost.cfg localhost.cfg.backupOriginal
Now
Edit "nagios.cfg" by your choice of editor.
localhost.cfg.org
cfg_file=/etc/nagios/contactgroups.cfg
cfg_file=/etc/nagios/contacts.cfg
cfg_file=/etc/nagios/hostgroups.cfg
cfg_file=/etc/nagios/hosts.cfg
cfg_file=/etc/nagios/services.cfg
cfg_file=/etc/nagios/timeperiods.cfg
check_external_commands=1
command_check_interval=-1
Now
Create the config files as below:
#touch contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg
#chown nagios.nagios contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg
Now, you are free to customize these files as per your business requirement.
say for file:- /etc/nagios/timeperiods.cfg
________________________________________________________________
# '24x7' timeperiod definition
define timeperiod{
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}
# 'workhours' timeperiod definition
define timeperiod{
timeperiod_name workhours
alias "Normal" Working Hours
monday 08:00-17:00
tuesday 08:00-17:00
wednesday 08:00-17:00
thursday 08:00-17:00
friday 08:00-17:00
}
# 'nonworkhours' timeperiod definition
define timeperiod{
timeperiod_name after office hours
alias Non-Work Hours
sunday 00:00-24:00
monday 00:00-09:00,17:00-24:00
tuesday 00:00-09:00,17:00-24:00
wednesday 00:00-09:00,17:00-24:00
thursday 00:00-09:00,17:00-24:00
friday 00:00-09:00,17:00-24:00
saturday 00:00-24:00
}
# 'none' timeperiod definition
define timeperiod{
timeperiod_name none
alias None
}
_________________________________________________________
For File /etc/nagios/contacts.cfg
define contact{
contact_name MonitorAdmin
alias MonitorAdmin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourComanyName.com
}
define contact{
contact_name NK
alias NK
service_notification_period workhours
host_notification_period workhours
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourCompanyName.com
}
__________________________________________________________________________
For File Name : /etc/nagios/contactgroups.cfg
define contactgroup{
contactgroup_name Monitor
alias Monitor
members MonitorAdmin,NK
}
__________________________________________________________________
Now
If you want to configure the hosts and hostgroups (optional) to be monitored in "/etc/nagios/hosts.cgi" and "/etc/nagios/hostgroups.cgi".
File:/etc/nagios/hosts.cfg
# Generic host definitions
define host{
name generic-host ; Generic template name
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}
define host{
name Template1
use generic-host
check_command check-host-alive
max_check_attempts 5
notification_interval 5
notification_period 24x7
notification_options d,u,r
register 0
}
##### Begin Real Hosts #####
define host{
use Template1
host_name mail.yourComanyName.com
alias mail.yourCompanyName.com
address a.b.c.d
contact_groups Monitor
# notification_options d,r #overrides the basic-host option
}
_______________________________________________________________________
Now
File:/etc/nagios/hostgroups.cfg
define hostgroup{
hostgroup_name YourCompanyServers
alias YourCompanyServers
members mail.yourCompanyName.com
}
________________________________________________________________________
Its turn to configure the services now.
Per-defined services are in "/etc/nagios/commands.cfg"
Custom services are in "/etc/nagios/services.cfg"
File:/etc/nagios/services.cfg
define service{
name generic-service ; Generic service name
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
obsess_over_service 1 ; We should obsess over this service
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}
# Generic for all services
define service{
use generic-service
name basic-service
is_volatile 0
check_period 24x7
max_check_attempts 5
normal_check_interval 1
retry_check_interval 3
notification_interval 0
notification_period none
register 0
}
define service{
use basic-service
name ping-service
notification_options n
check_command check_ping!1000.0,20%!2000.0,60%
register 0
}
define service{
use basic-service
name www-service
notification_options n
check_command check_http
register 0
}
define service{
use basic-service
name mail-service
notification_options n
check_command check_smtp
register 0
}
define service{
use ping-service
service_description PING
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
define service{
use mail-service
service_description MAIL
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
define service{
use www-service
service_description WWW
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
___________________________________________________________________________
Now
We have used check_ping, check_http and check_smtp commands to monitor servers under yourComanyServers group.
Groups are helpful if you may want to monitor multiple servers.
In this configuration example, we could have used host_name parameter and there should have been no need to configure hostgroups.
Okie, Now everything is setup and you can make a final testing by using below command to get similar output.
cross your fingers :)
#nagios -v nagios.cfg
Nagios 2.10
Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org)
Last Modified: 10-21-2007
License: GPL
Reading configuration data...
Running pre-flight check on configuration data...
If you see any error check and fix them.....
Now the last step
Run the service
#/etc/init.d/nagios start
Want to see the output in web browser
http://NAGIOS_SERVER_IP/nagios
huh....Enjoy the Flight......
Need more info visit For more information: http://nagios.sourceforge.net/docs/2_0/toc.html
Nagios is a feature rich application and some of them are as below:
1. Monitoring of Network Services (like http, ftp, smtp, dns, ping, etc)
2. Monitoring of Host Resources (like CPU, RAM, HDD, etc.)
3. Monitoring of Environmental Factors
4. Users can design their own service checks
5. Sending e-notifications during faults or outage
6. Log rotation
7. Support for redundant monitoring hosts implementation
8. Access Web Interface
Installation on CentOS5
1. download the nagios by weget command
2.install the rpm by #rpm -ivh
or
yum would be your best friend in RedHat based distributions
login by root user and give the below command and wait for the magic :)
#yum install nagios nagios-plugins nagios-plugins-nrpe nagios-devel
Once done successfully you will find "nagios.conf" file in "conf.d" directory of apache.
create a user for nagios administration, you may not want to root user for administration. say the userName is nagiosadmin
pass the below command at root prompt:
#htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin
Now
Edit the below file:
"/etc/nagios/cgi.cfg" >> you can use vi or emacs or nano editor
make the below changes to this file
use_authentication=1
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
Now
You may want to take backup of of the "localhost.cfg" in "/etc/nagios" to "localhost.cfg.backupOriginal"
#cd /etc/nagios
#mv localhost.cfg localhost.cfg.backupOriginal
Now
Edit "nagios.cfg" by your choice of editor.
localhost.cfg.org
cfg_file=/etc/nagios/contactgroups.cfg
cfg_file=/etc/nagios/contacts.cfg
cfg_file=/etc/nagios/hostgroups.cfg
cfg_file=/etc/nagios/hosts.cfg
cfg_file=/etc/nagios/services.cfg
cfg_file=/etc/nagios/timeperiods.cfg
check_external_commands=1
command_check_interval=-1
Now
Create the config files as below:
#touch contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg
#chown nagios.nagios contactgroups.cfg contacts.cfg hostgroups.cfg hosts.cfg services.cfg timeperiods.cfg
Now, you are free to customize these files as per your business requirement.
say for file:- /etc/nagios/timeperiods.cfg
________________________________________________________________
# '24x7' timeperiod definition
define timeperiod{
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}
# 'workhours' timeperiod definition
define timeperiod{
timeperiod_name workhours
alias "Normal" Working Hours
monday 08:00-17:00
tuesday 08:00-17:00
wednesday 08:00-17:00
thursday 08:00-17:00
friday 08:00-17:00
}
# 'nonworkhours' timeperiod definition
define timeperiod{
timeperiod_name after office hours
alias Non-Work Hours
sunday 00:00-24:00
monday 00:00-09:00,17:00-24:00
tuesday 00:00-09:00,17:00-24:00
wednesday 00:00-09:00,17:00-24:00
thursday 00:00-09:00,17:00-24:00
friday 00:00-09:00,17:00-24:00
saturday 00:00-24:00
}
# 'none' timeperiod definition
define timeperiod{
timeperiod_name none
alias None
}
_________________________________________________________
For File /etc/nagios/contacts.cfg
define contact{
contact_name MonitorAdmin
alias MonitorAdmin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourComanyName.com
}
define contact{
contact_name NK
alias NK
service_notification_period workhours
host_notification_period workhours
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkAlerts@YourCompanyName.com
}
__________________________________________________________________________
For File Name : /etc/nagios/contactgroups.cfg
define contactgroup{
contactgroup_name Monitor
alias Monitor
members MonitorAdmin,NK
}
__________________________________________________________________
Now
If you want to configure the hosts and hostgroups (optional) to be monitored in "/etc/nagios/hosts.cgi" and "/etc/nagios/hostgroups.cgi".
File:/etc/nagios/hosts.cfg
# Generic host definitions
define host{
name generic-host ; Generic template name
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}
define host{
name Template1
use generic-host
check_command check-host-alive
max_check_attempts 5
notification_interval 5
notification_period 24x7
notification_options d,u,r
register 0
}
##### Begin Real Hosts #####
define host{
use Template1
host_name mail.yourComanyName.com
alias mail.yourCompanyName.com
address a.b.c.d
contact_groups Monitor
# notification_options d,r #overrides the basic-host option
}
_______________________________________________________________________
Now
File:/etc/nagios/hostgroups.cfg
define hostgroup{
hostgroup_name YourCompanyServers
alias YourCompanyServers
members mail.yourCompanyName.com
}
________________________________________________________________________
Its turn to configure the services now.
Per-defined services are in "/etc/nagios/commands.cfg"
Custom services are in "/etc/nagios/services.cfg"
File:/etc/nagios/services.cfg
define service{
name generic-service ; Generic service name
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
obsess_over_service 1 ; We should obsess over this service
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information
retain_nonstatus_information 1 ; Retain non-status information
register 0 ; DONT REGISTER THIS DEFINITION
}
# Generic for all services
define service{
use generic-service
name basic-service
is_volatile 0
check_period 24x7
max_check_attempts 5
normal_check_interval 1
retry_check_interval 3
notification_interval 0
notification_period none
register 0
}
define service{
use basic-service
name ping-service
notification_options n
check_command check_ping!1000.0,20%!2000.0,60%
register 0
}
define service{
use basic-service
name www-service
notification_options n
check_command check_http
register 0
}
define service{
use basic-service
name mail-service
notification_options n
check_command check_smtp
register 0
}
define service{
use ping-service
service_description PING
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
define service{
use mail-service
service_description MAIL
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
define service{
use www-service
service_description WWW
contact_groups Monitor
hostgroup_name yourCompanyServers
# host_name yourHostClient
}
___________________________________________________________________________
Now
We have used check_ping, check_http and check_smtp commands to monitor servers under yourComanyServers group.
Groups are helpful if you may want to monitor multiple servers.
In this configuration example, we could have used host_name parameter and there should have been no need to configure hostgroups.
Okie, Now everything is setup and you can make a final testing by using below command to get similar output.
cross your fingers :)
#nagios -v nagios.cfg
Nagios 2.10
Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org)
Last Modified: 10-21-2007
License: GPL
Reading configuration data...
Running pre-flight check on configuration data...
If you see any error check and fix them.....
Now the last step
Run the service
#/etc/init.d/nagios start
Want to see the output in web browser
http://NAGIOS_SERVER_IP/nagios
huh....Enjoy the Flight......
Need more info visit For more information: http://nagios.sourceforge.net/docs/2_0/toc.html
Tuesday, September 2, 2008
Google Chrome for Windows
OOpppsssss This is what happened when i first installed google browser on my windows XP+ sp3 machine. It gives an impression that google is in hurry to launch its products and without proper testing. same this is happening with the Google Docs & Spreadsheets. They are still unpolished in comparison to Microsoft. People want to use these product but they are not seeing much value yet.
Friday, June 13, 2008
Twiki 4.2 Installation on CentOS 5
Download and install CentOS 5
Download Twiki 4.2 from http://twiki.org/
Wget command is quite handy at this.
#wget -c < link from where you want to download>
Check the services installed on the CentOS server. NMAP is a tool which is quite handy to figure out the installed services.
#nmap localhost
if NMAP is not installed then you can install this by
#yum install nmap
Now you can see how many services are up by using the command #nmap localhost.
Check for Apache Service
[root@localhost test]# nmap localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-04-28 21:35 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1673 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
IF you do not find 80 port open here then do the following.
#service httpd start
To make this service permanent on.
#chkconfig --levels 345 httpd on
Install the required CPAN modules
#perl -MCPAN -e 'install FreezeThaw'
#perl -MCPAN -e 'install CGI::Session'
#perl -MCPAN -e 'install HTML::Tree'
It is not necessary that all the modules installed from the CPAN.
there are other methods as well.
You can use RPM approach for those who were not able to install by the CPAN.
Download Twiki 4.2 from http://twiki.org/
Wget command is quite handy at this.
#wget -c < link from where you want to download>
Check the services installed on the CentOS server. NMAP is a tool which is quite handy to figure out the installed services.
#nmap localhost
if NMAP is not installed then you can install this by
#yum install nmap
Now you can see how many services are up by using the command #nmap localhost.
Check for Apache Service
[root@localhost test]# nmap localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-04-28 21:35 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1673 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
IF you do not find 80 port open here then do the following.
#service httpd start
To make this service permanent on.
#chkconfig --levels 345 httpd on
Install the required CPAN modules
#perl -MCPAN -e 'install FreezeThaw'
#perl -MCPAN -e 'install CGI::Session'
#perl -MCPAN -e 'install HTML::Tree'
It is not necessary that all the modules installed from the CPAN.
there are other methods as well.
You can use RPM approach for those who were not able to install by the CPAN.
Thursday, June 5, 2008
MySql 5: Error No. 1045 Access denied for user 'root'@'localhost' (using password: NO)
MySql 5: Error No. 1045 Access denied for user 'root'@'localhost' (using password: NO)
The above error happens in most cases when you have not given any password for ROOT user.
Solution:-
go to the bin directory of mysql and type the below.
c:\> mysqladmin SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
or try allowing the 3306 port in your client firewall
or check if some other application is using the 3306 port by "netstat" command.
---------------------------------------------
If instead of NO , you get a YES
The “YES” doesn’t mean that you are using the password “Yes” it simply mean “Yes” you are using a password. If the password was blank it might say “No”
The problem is the host shouldn’t be ‘%’.
Set it to ‘localhost’. Problem solved.
update user set Host=’localhost’ where User=’myUserName’
The above error happens in most cases when you have not given any password for ROOT user.
Solution:-
go to the bin directory of mysql and type the below.
c:\> mysqladmin SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');
or try allowing the 3306 port in your client firewall
or check if some other application is using the 3306 port by "netstat" command.
---------------------------------------------
If instead of NO , you get a YES
The “YES” doesn’t mean that you are using the password “Yes” it simply mean “Yes” you are using a password. If the password was blank it might say “No”
The problem is the host shouldn’t be ‘%’.
Set it to ‘localhost’. Problem solved.
update user set Host=’localhost’ where User=’myUserName’
Tuesday, March 25, 2008
Tips n Tricks- Windows XP
1.How to Change the Drive Letters
==> Start->control Panel->Administrative Tools->Computer management++disk management++ then right click the partition++select "change drive letter and paths"
2.Turn off welcome screen
==> open control panel--> user account ==> change the way user logon and logoff.
3.Unlock WinXP setupp.ini
==> Find your setupp.ini file in the i386 directory on your WinXP CD. Open it up, it'll look something like this:
ExtraData=802A667567787F696F697911AE7E05
Pid=83034000
The Pid value is what we're interested in. What's there now looks like a standard default. There are special numbers that determine if it's a retail, oem, or volume license edition. First, we break down that number into two parts. The first five digits determines how the CD will behave, ie is it a retail cd that lets you clean install or upgrade, or an oem cd that only lets you perform a clean install? The last three digits determines what CD key it will accept. You are able to mix and match these values. For example you could make a WinXP cd that acted like a retail cd, yet accepted OEM keys.
Now, for the actual values. Remember the first and last values are interchangable, but usually you'd keep them as a pair:
Retail = 51882335
Volume License = 51883 270
OEM = 82503 OEM
So if you wanted a retail CD that took retail keys, the last line of your setupp.ini file would read:
Pid=51882335
And if you wanted a retail CD that took OEM keys, you'd use:
Pid=51882OEM
4.Password Recovery Disk
==> Take preventive measures against losing user-level passwords.
create a password recovery disk the minute you create your user account.
How to launch the Forgotten Password Wizard:
Single-click Start menu, Control Panel, and User Accounts.
Click your user account name.
Under Related Tasks on the left, click "Prevent forgotten password" to launch the wizard.
Now that you've launched the wizard, let it walk you through creating the recovery disk. Make sure the disk you use is formatted and in the drive.
If you happen to forget your password, all you need to do is click your user icon at the logon screen. Even though you don't have your password, go ahead and click the green arrow just like you would to finish logging on to your computer. This will launch a little yellow dialog box directing you to use your password recovery disk.
==> Start->control Panel->Administrative Tools->Computer management++disk management++ then right click the partition++select "change drive letter and paths"
2.Turn off welcome screen
==> open control panel--> user account ==> change the way user logon and logoff.
3.Unlock WinXP setupp.ini
==> Find your setupp.ini file in the i386 directory on your WinXP CD. Open it up, it'll look something like this:
ExtraData=802A667567787F696F697911AE7E05
Pid=83034000
The Pid value is what we're interested in. What's there now looks like a standard default. There are special numbers that determine if it's a retail, oem, or volume license edition. First, we break down that number into two parts. The first five digits determines how the CD will behave, ie is it a retail cd that lets you clean install or upgrade, or an oem cd that only lets you perform a clean install? The last three digits determines what CD key it will accept. You are able to mix and match these values. For example you could make a WinXP cd that acted like a retail cd, yet accepted OEM keys.
Now, for the actual values. Remember the first and last values are interchangable, but usually you'd keep them as a pair:
Retail = 51882335
Volume License = 51883 270
OEM = 82503 OEM
So if you wanted a retail CD that took retail keys, the last line of your setupp.ini file would read:
Pid=51882335
And if you wanted a retail CD that took OEM keys, you'd use:
Pid=51882OEM
4.Password Recovery Disk
==> Take preventive measures against losing user-level passwords.
create a password recovery disk the minute you create your user account.
How to launch the Forgotten Password Wizard:
Single-click Start menu, Control Panel, and User Accounts.
Click your user account name.
Under Related Tasks on the left, click "Prevent forgotten password" to launch the wizard.
Now that you've launched the wizard, let it walk you through creating the recovery disk. Make sure the disk you use is formatted and in the drive.
If you happen to forget your password, all you need to do is click your user icon at the logon screen. Even though you don't have your password, go ahead and click the green arrow just like you would to finish logging on to your computer. This will launch a little yellow dialog box directing you to use your password recovery disk.
Sunday, March 16, 2008
VI Editor Tips for beginners
There are two modes in VI editor
command mode and escape mode
Press to enter in command mode
Press "i" to enter in insert mode
Delete-dd
Press to delete one line
x
Delete one character
:wq
Save and exit
:q!
Quit without saving
^Z
suspend vi
ZZ
writes and quits at the same time
:r name
reads in the file name at the cursor point
copy and paste (yy and p) Yank
yy
yanks into a temp buffer
p
paste the yanked file
Search
==> /pattern
searches for the pattern in the file
n
carry search in the same direction
N
carry search in opposite direction
UNDO command
u
undo the last action
.
repeats the last command
command mode and escape mode
Press
Press "i" to enter in insert mode
Delete-dd
Press
x
Delete one character
:wq
Save and exit
:q!
Quit without saving
^Z
suspend vi
ZZ
writes and quits at the same time
:r name
reads in the file name at the cursor point
copy and paste (yy and p) Yank
yy
yanks into a temp buffer
p
paste the yanked file
Search
==> /pattern
searches for the pattern in the file
n
carry search in the same direction
N
carry search in opposite direction
UNDO command
u
undo the last action
.
repeats the last command
Few Linux TIPS
How to verify any change in files by RPM
#
M Mode differs (includes permissions and file type)
5 MD5 sum differs
L readLink path mis-match
=========================================================
Netstat
very nice utility to know what is running on your system
#netstat -atu
==========================================================
PS
Check the processes
#ps -aux
===========================================================
Last
who logged into the system in Past
#last -a
#
rpm -Va | less
==> very helpful to check every file on your computer,you will now which files are modified
say
.......T c /etc/inittab
..5....T c /etc/pki/nssdb/secmod.db
.......T c /etc/audit/auditd.conf
....L... c /etc/pam.d/system-auth
S.5....T c /etc/sysconfig/system-config-securitylevel
.......T c /etc/mail/sendmail.cf
S.5....T c /var/log/mail/statistics
.M...... c /etc/cups/classes.conf
where==>
S file Size differsM Mode differs (includes permissions and file type)
5 MD5 sum differs
L readLink path mis-match
=========================================================
Netstat
very nice utility to know what is running on your system
#netstat -atu
==========================================================
PS
Check the processes
#ps -aux
===========================================================
Last
who logged into the system in Past
#last -a
GPO to stop Blaster and Sobig.F
Start->Run->MMC
Select File
Add/Remove Snap-in
Add, Group Policy Object Editor,
Add, Close, Ok.
Go to :-Local Computer Policy, User Configuration, Administrative Templates, System
Click on Systems
Double Click on "Don't Run Specified Windows Applications".
Select File
Add/Remove Snap-in
Add, Group Policy Object Editor,
Add, Close, Ok.
Go to :-Local Computer Policy, User Configuration, Administrative Templates, System
Click on Systems
Double Click on "Don't Run Specified Windows Applications".
Select Enable and then click on Show, then Add
Add any applications you want to restrict. Blaster and Sobig.F are
-
WINPPR32.EXE
-
MSBLASTER.EXE
Click OK and close out of the MMC.
These will help to stop the above two Trojan / worms.
Time and Date Setting for Linux
How to set date and time in CentOS
rpm -qa | grep ntp
If not then load the package by YUM
yum install ntp
ntpdate us.pool.ntp.org
date (make sure it matches up with the date your timezone is set to)
hwclock (Verify the bios clock matches the system clock)
"Optional Step"
hwclock --systohc (Set the bios clock to match the system clock)
Then you can go about setting up /etc/ntp.conf and starting and running the time daemon ..
hwclock --set --date="10/05/10 14:19:05"
if you have ntp running
ntpdate "server DNS name or IP address"
hwclock --systohc
To keep your time accurate you can create a cron job that executes:(the -w option is the same as --systohc)
ntpdate "server name" && hwclock -w
------------------------------------------------------
rpm -qa | grep ntp
If not then load the package by YUM
yum install ntp
ntpdate us.pool.ntp.org
date (make sure it matches up with the date your timezone is set to)
hwclock (Verify the bios clock matches the system clock)
"Optional Step"
hwclock --systohc (Set the bios clock to match the system clock)
Then you can go about setting up /etc/ntp.conf and starting and running the time daemon ..
hwclock --set --date="10/05/10 14:19:05"
if you have ntp running
ntpdate "server DNS name or IP address"
hwclock --systohc
To keep your time accurate you can create a cron job that executes:(the -w option is the same as --systohc)
ntpdate "server name" && hwclock -w
------------------------------------------------------
Synchronizing clocks
Synchronizing your system clock to an accurate time server is important so that you can prove your log files are accurately time stamped. Create a file in /etc/cron.hourly that contains the following:
/usr/sbin/ntpdate -bu -t 3 your-local-gateway
/sbin/hwclock --systohc
Subscribe to:
Posts (Atom)