Saturday, 31 May 2014

Display the Amount of Free Space on Each Filesystem

Another old script that I came across. This one displays the amount of free space on each filesystem on a server, and displays a warning if it falls below a certain level. The output can be displayed in html format for sending as an email (via the htmmail script).

The script was written for AIX - one day I might adapt it for Linux, which has the very useful free command, but without the bells and whistle of the script below.

Save the file as fsfree.ksh, and run it from cron on a daily basis for reports on filesystem usage.

#!/bin/ksh
##################################################################
#
# fsfree.ksh
#
# Purpose: To display free space on each filesystem on a server
#          and to warn if it falls below a certain percentage.
#
# Return status:
#            0  All filesystem space is above the limit
#            1  One or more filesystems are below the limit
#            2  The script has not been correctly executed
#
# Syntax:  fsfree.ksh [ -a ] [ -g | -m | -p ] [ -h ] [-q ]
#                   [ -l limit | -f file ]
#
#          Flags
#           -a  Displays all filesystems
#
#               By default, the script will display only those
#               filesystems which are below the limit.
#
#           -f  Use the specified file to define the limits
#               for the individual filesystems
#
#               The format of the file should be:
#                    Filesystem   Limit
#
#               An initial file may be generated using the
#               free command as follows:
#
#                    fsfree.ksh -pal 0 > limitfile.dat
#
#               The file should then be edited as appropriate
#     
#           -g  Displays total and free space in Gigabytes
#
#               Space is displayed in Kilobytes by default
#
#           -h  Output is in html format
#
#           -l  When the percentage free on the filesystem falls
#               below the value of 'limit', the filesystem will be
#               highlighted on the output.
#
#               The default limit is 10%
#
#           -m  Displays total and free space in Megabytes
#
#               Space is displayed in Kilobytes by default
#
#           -p  Total and free space is not displayed
#
#           -q  Quiet mode. No output is displayed.
#
# Author:  Douglas Milne
# Date:    13th May 2008
#
##################################################################
#
# Version 1.0    Initial Release
#
##################################################################

##################################################################
#
# VARIABLES Section
#
#
# Set default variables
#
dispall=false
htmflag=false
pcntonly=false
quietmode=false
limitsource=default
divisor=1
stype="Kb"
scale=0
dlimit=10
returnstat=0
errstring=""

# Parse the flags and change default variables accordingly
while getopts :ahpgml:f:q value
do
   case $value in
      a) dispall=true
         ;;
      h) htmflag=true
         ;;
      p) pcntonly=true
         ;;
      g) divisor=1048576
         stype="Gb"
         scale=3
         ;;
      m) divisor=1024
         stype="Mb"
         scale=3
         ;;
      l) if $(echo $OPTARG | grep -q [0-9])
         then
            dlimit=$OPTARG
            limitsource=limit
         else
            errstring="Limit must be a number between 1 and 100"
            dlimit=""
         fi
         ;;
      f) limitfile=$OPTARG
         limitsource=file
         if [ ! -f $limitfile ]
         then
            errstring="The file $limitfile does not exist"
         fi
         ;;
      q) quietmode=true
         ;;
     \?) errstring="$0: unknown option $OPTARG"
         ;;
   esac
   if [ "$value" == ":" ]
   then
      case $OPTARG in
         l) errstring="Limit argument must be included and must be a number between 1 and 100"
            ;;
         f) errstring="The name of the file may not be blank"
            ;;
     esac
   fi
done
    
shift $(expr $OPTIND - 1)

##################################################################
#
# FUNCTIONS Section
#

syntaxerr ()
##################################################################
#
#  Syntax:      syntaxerr error
#
#  error        Text describing the error
#
#  Writes a copy of the error and the syntax of the script
#  to stderr.
#
##################################################################
{
   err=$1
   echo "$err\n\nSyntax:  fsfree.ksh [ -a ] [ -g | -m | -p ] [ -h ] [-q ]\n                    [ -l limit | -f file ]\n" >&2
   exit 2
}

limitdef ()
##################################################################
#
#  Syntax:      limitdef filesystem
#
#  filesystem   A filesystem name
#
#  The function will return the limit required for the given
#  filesystem. This may be the default limit, the limit defined
#  from the command line, or the limit defined in the limitfile
#
##################################################################
{
   fs=$1
   case $limitsource in
      default) echo $dlimit
               ;;
        limit) echo $dlimit
               ;;
         file) lim=$(grep ^/ $limitfile | grep "^$fs " | sort | head -1 | awk '{print $2}' | sed -e's/\%//g')
               if [ "$lim" == "" ]
               then
                  echo $dlimit
               else
                  echo $lim
               fi
               ;;
   esac
}

display ()
##################################################################
#
#  Syntax:      display text
#
#  text         The text to display
#
#  The function will print the text to the standard output, but
#  only if the script is not running in quiet mode
#
##################################################################
{
   text=$1
   if [ $quietmode == false ]
   then
      echo "$text"
   fi
}

##################################################################
#
# MAIN Section
#

# Error checking

if [ "$errstring" != "" ]
then
   syntaxerr "$errstring"
fi

# Display the header
if [ $htmflag == true ]
then

# If html format is required, then create the head and body of the
# html page.
#
# A table is used to format the output. Define the table, and output
# the header.
#
   display "<html><head>"

# Instead of below, it might be useful to cat in a standard css file instead
   display "<style> th{font:10pt Arial;font-weight:bold;color:blue;background-color:LightBlue;padding-left:10px;padding-right:10px;} p{font:10pt Arial;} li{font:10ptArial;} td{font:10pt Arial;padding-left:10px;padding-right:10px;} .normal{color:black;} .alert{color:red;font-weight:bold;} .code{font:10pt Courier;color:black;}</style>"


   display "</head><body>"
   display "<p class=\"normal\">$(hostname) filesystem status at $(date)"
   if [ $limitsource != "file" ]
   then
      display "<br><br>Limit is $dlimit%"
   fi
   display "</p>"
else
   display "\n$(hostname) filesystem status at $(date)\n"
   if [ $limitsource != "file" ]
   then
      display "Limit is $dlimit%\n"
   fi
fi

if [ $htmflag == true ]
then

#
# A table is used to format the output. Define the table, and output
# the header.
#
   display "<table>"
   display "<tr>"
   display "<th style=\"text-align: left\">Mount Point</th>"
   if [ $pcntonly = false ]
   then
#
# Only output the total Free and Total Size headers if the -p flag
# has not been used
#
      display "<th style=\"text-align: right\">Total<br> Free ($stype)</th>"
      display "<th style=\"text-align: right\">Total<br> Size ($stype)</th>"
   fi
   display "<th style=\"text-align: right\">%age<br> Free</th>"
   if [ $limitsource == "file" ]
   then
      display "<th style=\"text-align: right\">%age<br>Limit</th>"
   fi
   display "</tr>"
else


# If html format is not required, then output the header as standard
   boldon=$(tput smso)
   boldoff=$(tput rmso)
   typeset -L20 mntpnt
   typeset -R11 free total
   typeset -R3 pcnt limit
   display "Mounted on          \c"
   if [ $pcntonly = false ]
   then
#
# Only output the total Free and Total Size headers if the -p flag
# has not been used
#
      display "    Free ($stype)   Total ($stype)\c"
   fi
   display " %Free\c"
   if [ $limitsource == "file" ]
   then
      display " Limit"
   else
      display
   fi
fi

df -k > /tmp/freedf

#
# For each filesystem in turn, read the mountpoint, total free
# space and total size
#
cat /tmp/freedf | tail +2 | awk '{print $7,$3,$2}' | while
read mntpnt free total
do
# If numeric values have been read, then calculate the output
   if $( echo $free | grep -q [0-9])
   then

# 1) Calculate the percentage of free space
      let pcnt=free\*100/total
# 2) Calculate the free and total space as Kb, Mb or Gb as required
      free=$(echo "scale=$scale; $free / $divisor" | bc)
      total=$(echo "scale=$scale; $total / $divisor" | bc)

      limit=$(limitdef $mntpnt)
# If the percentage free is less than the limit allowed, then switch on
# highlighting. For html output, use the alert class. For standard output,
# use bold type. Set the return status to 1.
      if (( pcnt <= limit ))
      then
         if [ $htmflag == true ]
         then
            class=alert
         else
            display "$boldon\c"
         fi
         returnstat=1
      else

# If the percentage free is greater than the limit allowed, then use the
# normal html class. This irrelevalnt for non-html output
         class=normal
      fi
      if [ $dispall == true -o $pcnt -le $limit ]
      then
         if [ $htmflag == true ]
         then

# If using html output, then create a table row
            display "<tr>"
            display "<!-- Mount Point -->"
            display "<td class=\"$class\">$mntpnt</td>"
            if [ $pcntonly = false ]
            then

# Only display free and total size if they are required
 
               display "<!-- Free Space -->"
               display "<td class=\"$class\" style=\"text-align: right;\">$free</td>"
               display "<!-- Total Space -->"
               display "<td class=\"$class\" style=\"text-align: right;\">$total</td>"
            fi
            display "<!-- Percentage Free -->"
            display "<td class=\"$class\" style=\"text-align: right;\">$pcnt%</td>"
            if [ $limitsource == "file" ]
            then
               display "<!-- Limit -->"
               display "<td class=\"$class\" style=\"text-align: right\">$limit%</td>"
            fi
            display "</tr>"
         else
# If using standard output, write a row.
            display "$mntpnt  \c"
            if [ $pcntonly = false ]
# Only display free and total size if they are required
            then
               display "$free  $total  \c"
            fi
            display "$pcnt%  \c"
            if [ $limitsource == "file" ]
            then
               display "$limit%\c"
            fi

            if (( pcnt <= limit ))
            then
               display "$boldoff"
            else
               display
            fi
         fi
      fi
   else
# if the values read were not numeric, then do not perform any calcualtions
# simply output them as read.
      if [ $dispall == true ]
      then
         if [ $htmflag == true ]
         then
            class="normal"
            display "<tr>"
            display "<!-- Non numeric values read -->"
            display "<td class=\"$class\">$mntpnt</td>"
            if [ $pcntonly = false ]
            then
               display "<td class=\"$class\" style=\"text-align: right;\">$free</td>"
               display "<td class=\"$class\" style=\"text-align: right;\">$total</td>"
            fi
            display "</tr>"
         else
            if [ $pcntonly = false ]
            then
               display "$mntpnt  $free  $total"
            else
               display "$mntpnt"
            fi
         fi
      fi
   fi
done

if [ $htmflag == true ]
then
# If using html output, close the table and the html page
   display "</table></body></html>"
fi

return $returnstat

#
#############################################################

Wednesday, 28 May 2014

Send HTML Format Email From Linux

The following script is very useful for sending HTML formatted emails from Linux.

Simply pipe the HTML into it, and the script adds the necessary header information before sending it on it's way. The script assumes that sendmail is installed and configured.

I wrote the original version of this script back in 2006, and it has proved so useful - for presenting daily system reports with warnings in red, for example - that I have used versions of it in most companies that I have done work for ever since.

#!/usr/bin/bash
##################################################################
#
# htmmail
#
# Purpose: To send html formatted emails
#
# Syntax: htmmail [-s Subject] address [address] [address...]
#
# Subject The subject of the email
# address The email address of the intended recipient
#
# The content of the email may be included by piping it
# into the htmmail command.
#
# Author: Douglas Milne
# Date: 27th May 2014
#
##################################################################
#
# Version 1.0 Initial Release
#
##################################################################

# Get options
# s flag argument is the subject of the email
#
while getopts s: value
do
case $value in
s) SUBJECT=$2
;;
\?) echo "$0: unknown option $OPTARG"
;;
esac
done

shift $(expr $OPTIND - 1)

# Remaining arguments are email addresses to send the email
TO=$*

# Set up email header, including content type field
# signifying html format.
# To and Subject as specified above

/usr/lib/sendmail -t << EOF
mime-version: 1.0
content-type: text/html; charset="iso-8859-1"
To: $TO
Subject: $SUBJECT

$(cat)

EOF

Monday, 26 May 2014

What is RAID?

RAID stands for Redundant Array of Inexpensive (or Independent) Disks. In simple terms, RAID is a method of storing data across several disks. There are several reasons why this is a good idea:

  • Provides better performance
  • Provides redundancy in the storage system, thus providing greater reliability
  • Allows several smaller physical hard drive to be treated as one large logical hard drive
  • Allows greater flexibility in adding or removing hard drives

RAID Data Distribution Techniques

RAID is achieved via a combination of a variety of methods of distributing data across a number of disks. Individually, these allow for faster access, or for data recovery. Different RAID levels use different combinations depending on the requirements of the system requirements.

Striping

Striping distributes the data across 2 or more disks. This allows for faster access to the data as the two disks can be reading or writing data simultaneously

Mirroring

Mirroring puts a copy of the data on a second disk. New disks must be added to the system in pairs - one for data and one for the mirror. If a disk fails, the data can be recovered from the mirror.

Parity

Parity performs an Exclusive-OR (XOR) between bytes on two disks and writes the results to a third. If any of the three disks fails, the missing data can be reconstructed by performing an XOR between the two remaining disks.

RAID Levels

RAID may be implemented at different levels, depending on the levels of redundancy and performance requirements of the overriding system. These two factors trade against each other: A higher level of redundancy reduces overall performance, but increases the safety of the data and the reliability of the system.

Linear

  • Treats RAID hard drives as one virtual drive
  • No striping, mirroring or parity reconstruction
  • Storage is sequential
  • No recovery capability

0 - Striping

  • Implements disk striping across drives with no redundancy (no mirroring and no parity)
  • Very efficient
  • Standardized stripes across drives
  • Faster access
  • Requires a minimum of 2 disks
  • Should not be used for any critical system

1 - Mirroring

  • Implements redundancy through mirroring  (but no striping. and no parity)
  • The same data is written to each RAID drive
  • Each disk has a complete copy of all of the data
  • If one or more of the disks fail, then the others still have the data
  • Very safe, but inefficient
  • Requires a minimum of 2 disks
  • Good performance

5 - Distributed Parity

  • Implements data reconstruction capability using parity information. Blocks are striped and parity information is therefore distributed across all drives
  • An alternative to mirroring
  • Parity information is saved instead of full data duplication
  • Requires a minimum of 3 disks
  • Good redundancy
  • Provides a good balance between performance and redundancy, and can be very cost-effective.
  • Write operations will be slow.
  • Use for systems that are heavily read oriented.

10 (or 1+0) - Striped Mirroring

  • Implements redundancy through mirroring  (but no parity)
  • A striped copy of the data is written to half of the RAID drives, then mirrored to the other half
  • Each half has a complete striped copy of all of the data
  • If one or more of the disks fail, then the others still have the data
  • Requires a minimum of 4 disks
  • Good performance and good redundancy
  • Easily the best option for mission critical applications

Friday, 23 May 2014

Disable CTRL-ALT-DEL On A Linux Box

Pressing the CTRL-ALT-DEL combination of keys on a Linux box forces it to reboot

This is set up within /etc/inittab.

To change how this key combination behaves, edit this file.

Search for the line:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
and change it to:
ca::ctrlaltdel:/bin/echo "CTRL-ALT-DEL is disabled"
Save the file, then run:
init q
to reload the inittab and activate the change.

How to List Sizes of Sub-Directories

Performing a simple du -h on a Linux directory produces way too much information if there are a lot of sub-directories. To find the sizes of only the directories in the current directory, which is often more useful, look at the last line of the du -h only for sub-directory. To list size of all subdirectories
for x in $(ls); do du -h $x | tail -1; done

Wednesday, 21 May 2014

SSL Overview

It is important that transmissions between a web server and a browser are secure. There are three tasks that must be performed in order to do this:

  1. Verify the identities of the hosts participating in the transmission by performing authentication procedures.
  2. Check the integrity of the data by adding digital signatures containing a digest value - a unique value representing the data.
  3. Secure the privacy of the transmission by encrypting it. Transactions between a browser and the sever can then be encrypted, with only the browser and the server able to decrypt the transmissions.

SSL

The protocol most often used to implement secure transmissions is the Secure Sockets Layer (SSL) protocol. SSL was originally developed by Netscape for secure transactions on the web.

SSL uses a form of public- and private-key encryption for authentication. Data is encrypted with the public key, but can only be decrypted using the private key. Once the data is authenticated, an agreed-upon cipher is used to encrypt it. Digital signatures encrypt an MD5 digest value for data to ensure integrity.

Certificates

Authentication is carried out using certificates of authority. Certificates are held by both the browser and the web server, uniquely identifying both parties in a secure transmission, and verifying that they are who they say they are. Certificates are signed by an independent certificate authority such as VeriSign, verifying that they are valid.

A certificate contains:

  • The public key of the server or browser that it is given to
  • The digital signature of the certificate authority
  • Identity information such as the name of the user or company running the server or browser.

SSL Session

An SSL session is set up using a handshake sequence:

  1. The server and browser exchange certificates
  2. A cipher is agreed upon to to encrypt the transmissions
  3. The digest integrity check is chosen
  4. The type of public-key encryption, usually RSA or DSA, is chosen
  5. A unique session key is set up that is used by both the browser and the server.

Tuesday, 20 May 2014

HTTP Request and Response Overview

HTTP (Hyper-Text Transfer Protocol) is probably the most important of the various protocols are used for communication over the web. When a web address is typed into a web browser, the browser requests the web page using HTTP. The browser is an HTTP Client and the server is an HTTP Server. HTTP defines a set of rules regarding how messages and other data should be formatted between servers and browsers.

The HTTP protocol can be likened to a series of questions and answers, referred to respectively as HTTP Requests and HTTP Responses.

The HTTP Request

Once the connection to the server has been opened, the HTTP client transmits a request as follows:
  • An opening line
  • A number of header lines (optional)
  • A blank line
  • A message body (optional)
The opening line is generally split into three parts
  1. The name of the method (POST, GET, PUT, DELETE or HEAD). Method names are always uppercase.
  2. The path to the required server resource. The path is the part of the URL after the host name, also called the request URI (a URI is like a URL, but more general).
  3. The HTTP version being used. The HTTP version is always in uppercase and takes the form HTTP/x.x.
For example:
GET /path/to/file/index.html HTTP/1.0
This tells the server that it is receiving an HTTP request of type GET, using HTTP version 1.0, and the server resource we are using, including it's local path, is /path/to/file/index.html.

Header lines are used to send information about the request, or about the data being sent in the message body. One parameter and value pair is sent per line, separated by a colon.

For example, a header line sent from IE9 might look like:
User-Agent: Mozilla /5.0 (Compatible MSIE 9.0;Windows NT 6.1;WOW64; Trident/5.0)
Another example of  a common request header is the Accept: header, which states what sort of information will be acceptable in the server's response.

For example
Accept: text/plain, text/html
This header informs the server that the sending application can accept only plain text or HTML responses.

If the HTTP request includes a message body, the header lines describe the content of the body.

For example
Content-Type: text/plain
This header informs the server that the message body contains text
.
In an HTTP request, the message body is where user-entered data or uploaded files are sent to the server.

The HTTP Response


The server issues an HTTP response in answer to an HTTP request.

The first line of the HTTP response i known as the status line. This consists of three parts separated by spaces:
  1. the HTTP version. This is in the same format as for the HTTP request.
  2. a three digit integer, called the HTTP response status code, that gives the result of the request, and
  3. a short message known as the reason phrase describing the status code. 
Typical status lines are:
HTTP/1.0 200 OK or
HTTP/1.0 404 Not Found
The response status code and the reason phrase are intended as computer- and human-readable versions of the same message. The reason phrase may vary from server to server.

The first digit of the status code identifies the general category of response. Some commonly encountered HTTP Response Status codes are:
Status CodeExplanation
1** indicates an informational message only
100 - ContinueThe client should send the remainder of the request
101 - Switching ProtocolsThe server will switch protocols to those defined following header
2** indicates success of some kind
200 - OKThe request succeeded
204 - No ContentThe document contains no data
3** redirects the client to another URL
301 - Moved PermanentlyThe resource has permanently moved to a different URI
4** indicates an error on the client's part
401 - Not AuthorizedThe request needs user authorization
403 - ForbiddenThe server has refused to fulfil the request
404 - Not FoundThe requested resource does not exist on the server
408 - Request TimeoutThe client failed to send a request in the time allowed by the server
5** indicates an error on the server's part
500 - Server ErrorDue to a malfunctioning script, server configuration error or similar

The response may also contain header lines each containing a header and value pair similar to those of the HTTP request but generally containing information about the server and/or the resource being returned.

For example:
Server: Apache/2.4.5
Last Modified: Wed, 20 Nov 2013 13:33:59 GMT

Firewalls Overview

What is a firewall?

Many systems connected to the internet are open to attempts by outside users to gain unauthorized access by setting up an illegal connection to the system. A firewall prevents any direct unauthorized attempts at access.

A good foundation for network security is to set up a Linux system to operate as a firewall for the network. The firewall can be used to set up either packet filtering or proxies. Packet Filtering is the process of deciding whether or not a packet received by the firewall should be passed on to the local network. The packet filtering software checks the source and destination addresses of the packet and sends the packet on if it is allowed.

Proxies can be used to control access to specific services, such as web or FTP servers. A proxy is required for each service. For example, the web server has its own web proxy, while an FTP server has an FTP proxy. Proxies can also be used to cache commonly used data, such as web pages, so that users do not need to constantly access the originating site.

An additional task performed by firewalls is NAT (Network address translation). Network address translation redirects packets to appropriate destinations. It performs tasks such as redirecting of packets to certain hosts, forwarding packets to other networks and chaning the host source of packets to implement IP masquerading.

The current Linux kernel incorporates support for firewalls using the Netfilter (IPtables) packet filtering package, which implements both packet filtering and NAT tasks for the Linux 2.4 kernel and above.

Implementing a firewall is simply a matter of providing a series of rules to govern what kind of access should be allowed on the system. If that system is also a gateway for a private network, the system's firewall can also help protect the network from outside attacks.

Iptables

Netfilter implements packet filtering and NAT tasks separately using different tables and commands. The command used to execute both is iptables, but for NAT, add the -nat option.

With iptables, different tables of rules can be set up to select packets according to differing criteria. Netfilter supports three tables: filter, nat and mangle. Packet filtering is implemented using a filter table that holds rules for dropping or accepting packets. Network address translation operations are implemented using the nat table. Specialized changes made to packets before they are sent out, when they are received or as they are being forwarded are implemented using the mangle table.

By default, iptables operates on the filter table, which need not be specified. To list the rules use the -L (list) option. This will include a DNS lookup for hostnames, and will show port lables and hostnames. To show only numeric output and avoid the DNS lookup, use the -n (numeric output), which will show IP addresses and port numbers eg
iptables -L -n
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

To operate on the nat table, add the -t nat option eg:
iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 867 packets, 146K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  vlan2  *       0.0.0.0/0            192.168.1.0/24
Chain POSTROUTING (policy ACCEPT 99 packets, 6875 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0
Chain OUTPUT (policy ACCEPT 99 packets, 6875 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain WANPREROUTING (0 references)
 pkts bytes target     prot opt in     out     source               destination



Monday, 19 May 2014

Duties of a System Administrator

A system administrator is responsible for the day-to-day running of a computer system. Most of what a system administrator is expected to know is performed only rarely, while only a handful of tasks are performed on a day to day basis. A shrewd system administrator will automate as many of these day-to-day tasks as possible. Automation (using scripting, specialized software, system scheduling or a combination of all three) frees the administrator's time, saves money and mitigates against human error.

A system administrator's duties will vary from one organization to another, depending on factors such as the size of the system, the number of users and the purpose of the organization. Nevertheless, basic tasks remain the same, and as such, a system administrator can move from one industry to another with relative ease.

The system administrator's basic job description would be to install, support and maintain servers and other IT hardware. The administrator must also plan for and respond to service outages and other problems.

The following is an inexhaustive list of the responsibilities and duties of a system administrator:

Hardware

  • Hardware monitoring (both system and peripherals)
  • Hardware maintenance and repair (usually a call-out to hardware support)

System

  • System maintenance
  • System performance monitoring
  • System security 
  • Creating file systems
  • Software installation and update
  • Creating backups and ensuring that recovery is fast and accurate
  • Monitor networks and communications

Users

  • User administration
  • Password and identity management

Documentation

  • Documentation of system and processes



Saturday, 17 May 2014

The TCP/IP Protocol Suite

The TCP/IP Protocol Suite consists of many different protocols, each designed for a specific task in a TCP/IP network. The protocols are each known by an acronym.

The three basic protocols are:
ProtocolAcronymTask
Internet ProtocolIPHandles the actual transmissions: the packets of data with sender and receiver in each
Transmission Control ProtocolTCPHandles receiving and sending out communications. It is designed to work cohesive messages or data, checking received packets and sorting them into their designated order, forming the original message. Data sent out is broken into separate , order-designated packets.
User Datagram ProtocolUDPHandles receiving and sending out packets of data, but does not check their order.
The TCP and IP protocols are designed to provide stable and reliable connections that ensure that all data is reorganized into it's original order.

The UDP protocol is designed to send as much data as possible with no guarantee that packets will be received, or placed in their correct order. It is used for transmitting large amounts of data that can survive the loss of a few packets - for example, temporary images, videos and banners displayed on the internet.

Other protocols provide various network and user services. These protocols make use of either TCP or UDP protocol to send and receive packets, which, in turn, use the IP protocol to transmit the packets.

A complete list of protocols is:
ProtocolAcronymTask
Transport
Internet ProtocolIPHandles the actual transmissions: the packets of data with sender and receiver in each
Transmission Control ProtocolTCPHandles receiving and sending out communications. It is designed to work cohesive messages or data, checking received packets and sorting them into their designated order, forming the original message. Data sent out is broken into separate , order-designated packets.
User Datagram ProtocolUDPHandles receiving and sending out packets of data, but does not check their order.
Internet Control Message ProtocolICMPStatus messages for IP.
Routing
Routing Information ProtocolRIPDetermines routing.
Open Shortest Path FirstOSPFDetermines routing.
Network Address
Address Resolution ProtocolARPDetermines unique IP address of systems.
Domain Name ServiceDNSTranslates hostnames into IP addresses.
Reverse Address Resolution ProtocolRARPDetermines addresses of systems.
User Service
File Transfer ProtocolFTPTransmits files from one system to another using TCP.
Trivial File Transfer ProtocolTFTPTransfers files from one system to another using UDP.
TelnetRemote login to another system on the network.
Simple Mail Transfer ProtocolSMTPTransfers email between systems.
Remote Procedure CallRPCAllow programs on remote systems to communicate.
Gateway
Exterior Gateway ProtocolEGPProvides routing for external networks.
Gateway-to-Gateway ProtocolGGPProvides routing between internet gateways.
Interior Gateway ProtocolIGPProvides routing for internal networks.
Network Service
Network File SystemNFSAllows mounting of file systems on remote machines.
Network Information ServiceNISMaintains user accounts across a network.
Boot ProtocolBOOTPStarts system using boot information on server for network.
Simple Network Management ProtocolSNMPProvides status messages on TCP/IP configuration.
Dynamic Host Configuration ProtocolDHCPAutomatically provides network configuration information to host systems.
In a TCP/IP network, messages are broken into small components called datagrams. These are then transmitted through various routes and reassembled into their original message at the destination computer.

Datagrams can in turn be broken down into smaller components, called packets. These are the physical units that are actually transmitted. Sending messages as small components is faster and more reliable than sending them as one single large transmission. If one component is lost or corrupted, only that component must be resent. With a single large transmission, the whole message must be resent.

Configuring and Managing TCP/IP Networks

TCP/IP networks are configured and managed with a set of utilities, ifconfig, route and netstat.
UtilityDescription
ifconfigEnables full configuration of network interfaces, adding new ones and modifying others.
routeEnables full configuration of the routing tables, adding new entries and modifying others.
netstatProvides information about the status of network connections.

Friday, 16 May 2014

MySQL Configuration Files

MySQL supports three different configuration files, one for global settings, one for server specific settings, and an optional one for user-customised settings.

MySQL Global Settings

The /etc/my.cnf configuration file is used for global settings applied to both clients and servers. The /etc/my.cnf file provides information such as the data directory (/var/lib/mysql) and the log file (/var/log/mysql.log) locations, as well as the server base directory (/var/lib).

Options are specified according to different groups, usually the names of server tools, and are arranged in group segments. The group name is specified within square brackets, followed by the options.

For example:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

The above example specifies the options for the daemon mysqld, server-options mysql.server and the MySQL startup script safe_mysqld. Database files will be placed in /var/lib/mysql. MySQL will run as the mysql user. Server tools and daemons are located in the basedir directory, /var/lib.

To see what options are currently set, you can run mysqld with the --help option
/usr/libexec/mysqld --help

MySQL Server Settings

The /var/lib/mysql/my.cnf file is used for server settings only.

MySQL User Customised Settings

The .my.cnf file allows users to customise their access to MySQL. It is located in a user's home directory.

This file contains user configuration settings such as the password used to access the database and the connection timeouts.

[client]
password=mypassword

[mysql]
no-auto-rehash
set-variable = connect_timeout=2

[mysql-hotcopy]
interactive-timeout

Thursday, 15 May 2014

Install MySQL on RedHat Linux 6

1) Install the MySQL core components: yum install -y mysql mysql-server 2) Start MySQL. service mysqld start 3) Add a MySQL root user (this is an internal MySQL account and has nothing to do with the Linux root user). mysqladmin -u root password 'password' 4) Authenticate in MySQL as root. After entering the root password, a mysql> prompt will be shown [root]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

5) Check the MySQL internal users. Be sure to include the semicolon at the end of the command. mysql> select host, user, password from user;
+---------------------+------------+-------------------------------------------+
| host                | user       | password                                  |
+---------------------+------------+-------------------------------------------+
| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |
| rose.com            | root       |                                           |
| 127.0.0.1           | root       |                                           |
| localhost           |            |                                           |
| rose.com            |            |                                           |
+---------------------+------------+-------------------------------------------+
5 rows in set (0.00 sec)

mysql>
6) Create a MySQL user: mysql> CREATE USER 'mysqluser'@'localhost' IDENTIFIED BY 'mysqlpassword'; 7) Give the new user DBA permissions: mysql> GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'localhost' WITH GRANT OPTION; 8) Exit from the MySQL management interface: mysql> quit
Bye
9) Test the new user: [root]# mysql -u mysqlUser -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
bye

Wednesday, 14 May 2014

Migrating a MySQL Database To A New Red Hat Host

The location of MySQL Data is stored in /etc/my.cnf. By default, the data is stored locally in /var/lib/mysql.

To change the location of the data:

This example shows a migration from rose to martha. It assumes that the destination server has been set up with a standard LAMP environment.

Preparation

1) Log into mysql on the original host
mysql -h rose -u root -p 2) Add a new root user for the new host mysql> CREATE USER 'root'@'martha' IDENTIFIED BY '<RootPassword>';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'martha' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
where <RootPassword> is the root password

3) Check that the new user has been added. This is included in the 'mysql' database. mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select host, user, password from user;
+---------------------+------------+-------------------------------------------+
| host                | user       | password                                  |
+---------------------+------------+-------------------------------------------+
| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |
| rose.com            | root       |                                           |
| 127.0.0.1           | root       |                                           |
| ::1                 | root       |                                           |
| localhost           |            |                                           |
| rose.com            |            |                                           |
| localhost           | ben        | 235814907f27996c                          |
| localhost           | test_admin | 70de51425df9d787                          |
| localhost           | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | polly      | 0d49ee5a14e0b5d7                          |
| localhost           | polly      | 0d49ee5a14e0b5d7                          |
| martha              | root       | 1afe817735574e3d                          |
+---------------------+------------+-------------------------------------------+
13 rows in set (0.00 sec)
4) Exit from MySQL mysql> quit
Bye

Close MySQL on the Old Host

5) Make sure all users are off the database

6) Stop mysql /etc/init.d/mysqld stop

Open MySQL on the New Host

7) On the new host, edit /etc/my.cnf, and change the value of datadir to point at the location of the data. If the data is moving, qv Change the Location of MySQL Data Storage

8) Restart mysql /etc/init.d/mysqld start 9) Open MySQL and test that databases can be seen [root@martha testdevdb]#  mysql -h martha -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| polly              |
| jamie              |
| mysql              |
| performance_schema |
| test               |
+--------------------+
6 rows in set (0.04 sec)

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select host, user, password from user;
+---------------------+------------+-------------------------------------------+
| host                | user       | password                                  |
+---------------------+------------+-------------------------------------------+
| localhost           | root       | *1CF65C563AC2756B0409CB694208C3F2DAC5E7EA |
| rose.com            | root       |                                           |
| 127.0.0.1           | root       |                                           |
| ::1                 | root       |                                           |
| localhost           |            |                                           |
| rose.com            |            |                                           |
| localhost           | ben        | 235814907f27996c                          |
| localhost           | test_admin | 70de51425df9d787                          |
| localhost           | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | polly      | 0d49ee5a14e0b5d7                          |
| localhost           | polly      | 0d49ee5a14e0b5d7                          |
| martha              | root       | 1afe817735574e3d                          |
+---------------------+------------+-------------------------------------------+
13 rows in set (0.00 sec)

mysql> quit
Bye

Reset All Root Passwords

Reset all root passwords to the standard. This can only be done by putting MySQL into skip-grant-tables mode. (qv http://www.howtoforge.com/setting-changing-resetting-mysql-root-passwords)

10) Stop MySQL and restart in skip-grant-tables mode [root@martha testdevdb]# /etc/init.d/mysqld stop
Stopping mysqld:                                           [  OK  ]
[root@martha testdevdb]# mysqld_safe --skip-grant-tables &
[1] 19498
[root@martha testdevdb]# 130703 14:34:16 mysqld_safe Logging to '/var/log/mysqld.log'.
130703 14:34:16 mysqld_safe Starting mysqld daemon with
databases from /testdir/testdev/testdevdb
11) Login to MySQL [root@martha testdevdb]# mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
12) Select the 'mysql' database mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
13) Set the root password for all hosts mysql> update user set password=PASSWORD("<RootPassword>") where User='root';
Query OK, 5 rows affected (0.00 sec)
Rows matched: 5  Changed: 5  Warnings: 0
where <RootPassword> is the root password
14) Reload the privileges from the grant tables, then exit mysql mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> quit
Bye
15) Stop MySQL and restart without skip-grant-tables [root@martha testdevdb]# /etc/init.d/mysqld stop
130703 14:35:56 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
Stopping mysqld:                                           [  OK  ]
[1]+  Done                    mysqld_safe --skip-grant-tables
[root@martha testdevdb]# /etc/init.d/mysqld start
Starting mysqld:                                           [  OK  ]
16) Check that the root users have been updated [root@martha testdevdb]#  mysql -h martha -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select host, user, password from user;
+---------------------+------------+-------------------------------------------+
| host                | user       | password                                  |
+---------------------+------------+-------------------------------------------+
| localhost           | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |
| rose.com            | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |
| 127.0.0.1           | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |
| ::1                 | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |
| localhost           |            |                                           |
| rose.com            |            |                                           |
| localhost           | ben        | 235814907f27996c                          |
| localhost           | test_admin | 70de51425df9d787                          |
| localhost           | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | jamie      | 2a8bf64a7c1bffc4                          |
| %                   | polly      | 0d49ee5a14e0b5d7                          |
| localhost           | polly      | 0d49ee5a14e0b5d7                          |
| martha              | root       | *B85234EF763B03A804D8ACBA611FDAB53B80723A |
+---------------------+------------+-------------------------------------------+
13 rows in set (0.00 sec)

mysql> quit
Bye

Force Compatibility

17) Check that all the tables are compatable with the version of MySQL [root@martha testdevdb]# mysql_upgrade -p -u root
Enter password:
Looking for 'mysql' as: mysql
Looking for 'mysqlcheck' as: mysqlcheck
Running 'mysqlcheck with default connection arguments
Running 'mysqlcheck with default connection arguments
jamie.559_MT4                                      OK
jamie.559_MT5                                      OK
...
...
...
Running 'mysql_fix_privilege_tables'...
WARNING: NULL values of the 'character_set_client' column ('mysql.proc' table) have
been updated with a default value (latin1). Please verify if necessary.
WARNING: NULL values of the 'collation_connection' column ('mysql.proc' table) have
been updated with a default value (latin1_swedish_ci). Please verify if necessary.
WARNING: NULL values of the 'db_collation' column ('mysql.proc' table) have been
updated with default values. Please verify if necessary.
OK

[root@martha testdevdb]#  mysql -h localhost -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 181
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'martha' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye
[root@martha testdevdb]# logout
Connection to martha closed.
root@system /testdir/testdev/testdevdb> exit
#


Setting up a Red Hat Linux Server for Crashdump

Kdump refers to crash dump. It allows a dedicated kernel to activate if the server crashes.

Configure the amount of memory to be reserved for the kdump kernel

Edit /boot/grub/grub.conf. Add add crashkernel=<size>M or crashkernel=auto to the end of the kernel line for the active kernel.

Note that the crashkernel=auto option only reserves the memory if the physical memory of the system is equal to or greater than:
  • 2 GB on 32-bit and 64-bit x86 architectures;
  • 2 GB on PowerPC if the page size is 4 KB, or 8 GB otherwise;
  • 4 GB on IBM S/390.

Edit /etc/kdump.conf

The core dump can be either stored as a file in a local file system, written directly to a device, or sent over a network using the NFS (Network File System) or SSH (Secure Shell) protocol. By default, the vmcore file is stored in the /var/crash/ directory of the local file system. To change this, as root, edit the options in the /etc/kdump.conf configuration file.

Saving the core dump in a local directory

Find the line that reads #path /var/crash Unhash it, and update it with the required directory path.

Saving the core dump to a different partition

In addition to the path command above, unhash the line that reads:#ext4 /dev/sda3Change both the file system type and the device (a device name, a file system label, and UUID are all supported) as required. For example: ext3 /dev/sda4
path /usr/local/cores

Writing the core dump file directly to a device

Unhash the line that reads#raw /dev/sda5 Replace the value with a desired device name. For example:
raw /dev/sdb1

Write the core dump file to a remote machine using NFS

Unhash the line that reads#net my.server.com:/export/tmpReplace the value with a valid hostname and directory path. For example: net penguin.example.com:/export/cores

Write the core dump file to a remote machine using SSH

Unhash the line that reads#net user@my.server.comreplace the value with a valid username and hostname. For example: net dougie@linuxhints.example.com

Configure the Core Collector

To reduce the size of the vmcore dump file, kdump allows you to specify a core collector to compress the data, and optionally leave out all irrelevant information. The only fully supported core collector is makedumpfile.

Enabling the core collector

As root, edit /etc/kdump.conf, and unhash the line that reads#core_collector makedumpfile -c --message-level 1 -d 31. Edit the command line options as described below.
To enable the dump file compression, add the -c parameter. For example: core_collector makedumpfile -c To remove certain pages from the dump, add the -d value parameter, where value is a sum of values of pages you want to omit as described in the following table:
OptionDescription
1Zero pages
2Cache pages
4Cache private
8User pages
16Free pages
For example, to remove both zero and free pages, use the following:
core_collector makedumpfile -d 17 -c

Enable kdump on startup

chkconfig kdump on

Start kdump

service kdump start So what all this does is create a small portion of memory which is reserved to run another tiny instance of linux – should the system crash the tiny linux will copy stuff to the appropriate crashdump area.

Running SSH From Within Cron

SSH does not run from within cron, because it is password authorised.

To get round this, use a script to generate the password prior to running the actual script, eg:
0 9 * * * . /.ssh-agent.sh; /home/milned/scripts/testntp.sh If the call of the ssh-agent.sh script (needed to supply the pass phrase) is omitted, it's just ssh being called inside the bash shell script.

Set Up SSH Agent Forwarding on a Server

This is part of a series of articles on Red Hat Server Hardening.

SSH is the Secure Shell protocol which can be used for command line access, file transfer and application tunnelling.

Overview

Password free access requires a public/private key pair. The server (sshd) has access to the public key, while only you and your SSH client have access to the private key. To authenticate the client convinces the server that it is in possession of the private key without actually sending it.

Private keys are protected by a pass phrase. This pass phrase is required each time the key is used. To allow repeated access without re-keying of the pass phrase, agent forwarding is used.

The SSH agent allows the pass phrase to be entered once only, e.g. at system start-up or in the originating shell and then caches the keys in memory, eliminating the need for the phrase to be entered for each access. Because the agent is forwarded the pass phrase is available for all sessions that can access the keys in the home directory, including chains of sessions.

Steps

The steps required to set up password free access are:
  1. Generate a key pair using OpenSSH
  2. Distribute public keys
  3. Configure agent forwarding

Generate SSH key pair

ssh-keygen is a program in the OpenSSH package that can be used to create key pairs. RSA is the current SSH key standard; DSA and RSA1 keys can be generated for compatibility with older systems.

Use the full path to ssh-keygen to ensure the correct OpenSSH binary is used, key in a pass phrase when prompted and accept the default file locations. 

> /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/milned/.ssh/id_rsa):
Created directory '/home/milned/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/milned/.ssh/id_rsa.
Your public key has been saved in /home/milned/.ssh/id_rsa.pub.
The key fingerprint is:
77:3f:47:01:92:5f:d0:fe:3e:6a:03:a4:9a:0a:18:26 milned@nyssa

Similarly DSA and RSA1 keys can be generated. Again enter a pass phrase and accept the default file locations as prompted. Using the same pass phrase for all keys will simplify operation of the SSH agent. 

> /usr/bin/ssh-keygen -t dsa
> /usr/bin/ssh-keygen -t rsa1

Distribute SSH Public Keys

The public keys must be distributed to the user's authorized_keys file so that any SSH daemon with access to the user's home directory can use them.

> cd ~/.ssh
> cat *.pub > authorized_keys


Change the permissions on this file so it is not writable by other users.

> chmod go-w authorized_keys

Now check that key authentication is working, by using ssh to connect to the host you are currently logged in to using its hostname. You should be prompted for the pass phrase for one of your keys. If this is the first time you've talked to the machine you will also be asked to accept the host key, which you should do.

> ssh nyssa
The authenticity of host 'nyssa (127.0.0.1)' can't be established.
RSA key fingerprint is 85:4b:2a:53:48:52:9f:61:ed:0a:33:4a:9d:5e:d3:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nyssa' (RSA) to the list of known hosts.
Enter passphrase for key '/home/milned/.ssh/id_rsa':
Last login: Thu Nov 21 17:27:35 2013 from tegan
>


SSH access is now configured to use keys rather than a password to grant access. Access to the key is controlled by a pass phrase. In the next step agent forwarding is set up so that this pass phrase only needs to be entered once.

Configure SSH Agent Forwarding


To check if there is already an agent running use ssh-add.

> /usr/bin/ssh-add -l
Could not open a connection to your authentication agent

If this command reports anything else, then there is an agent running. Otherwise, start an agent using the command:

> exec ssh-agent $SHELL This creates a new shell process as a child of the agent with suitable environment variables set. This agent will live until you exit from this shell, and is only accessible from it.

Running ssh-add should now show the agent is present, but with no identities.
> /usr/bin/ssh-add -l
The agent has no identities
The next step is to add the keys using ssh-add. This will prompt you for the pass phrase for one of your keys, and then assuming they all have the same pass phrase, add them all to the agent:

> /usr/bin/ssh-add
Enter passphrase for /home/milned/.ssh/id_rsa:
Identity added: /home/milned/.ssh/id_rsa (/home/milned/.ssh/id_rsa)
Identity added: /home/milned/.ssh/id_dsa (/home/milned/.ssh/id_dsa)
Identity added: /home/milned/.ssh/identity (milned@nyssa)
Check the keys are available with ssh-add again, which should now report a list of key signatures.
> /usr/bin/ssh-add -l
1024 90:d1:83:5c:2a:33:9b:c7:ba:85:8e:ef:b7:c0:32:05 milned@nyssa (RSA1)
1024 9f:c0:e4:ed:f1:c4:ec:de:6e:af:4c:91:13:8d:58:45 /home/milned/.ssh/id_rsa (RSA)
1024 ab:a1:89:d7:d5:06:d2:d5:c4:18:e6:bc:65:37:96:dc /home/milned/.ssh/id_dsa (DSA)
You should now be able to use ssh to connect to any other machine which is running OpenSSH and has your home directory mounted, and not be prompted for a password. Chaining SSH connections (ssh from a to b and then from b to c) should work via agent forwarding.

Automating SSH Agent Forwarding

Rather than running the above manually, it can be built into the .bashrc file so that it starts automatically when bash is started.

> cd
> cat .bashrc
export PS1="\u@\H \w> "
PATH=$PATH:/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin

Amend .bashrc as follows:
export PS1="\u@\H \w> "
PATH=$PATH:/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin
ssh-agent > $HOME/.ssh-agent.sh
ssh_agent="$HOME/.ssh-agent.sh"
if [ -f $ssh_agent ]
then
  source $ssh_agent > /dev/null
fi
ssh-add
alias stat="perl -e'print "%o\n",(stat shift)[2] & 07777' $1"
export EDITOR=vi


Commands For Process Management

There are many tasks running at any given moment on a RedHat Server. These tasks are known as processes.

Terminology

When the server boots, many processes are started to provide services on the computer. These are known as daemons. A daemon is a process which is started in the background and provides a service on the server.

Why Do Processes Need Managing

If a process is not responding properly, you may need to send it a specific signal.

Or if a system is busy, it can be helpful to get an overview of the system to see what it is doing.

Useful commands for process management are:

CommandUse
psUsed to show all current processes
killUsed to send signals to processes, such as asking or forcing a process to stop.
pstreeUsed to get an overview of all processes, including the relationship between parent and child processes.
killallUsed to kill all processes, based on the name of the process
topUsed to get an overview of current system activity.