Best Deals

Sunday, September 9, 2012

A different way of blogging, Linux Explore Group

 Linux Explore

Owner: Rahul Panwar
Group members: 19
Description:
Linux is the future, Live your present and ready to welcome the future. If you are a Linux fan you can join this and share your views with others. You can write, explore, discuss with others about Linux. Happy Exploring...
You must be a registered member of intowire, to join this group. A lot more you will find after joining.
Linux Explore on Wordpress: http://linuxexplore.wordpress.com
Linux Explore on twitter: http://twitter.com/linuxexplore
Linux Explore on facebook: https://www.facebook.com/pages/LinuxExplore/165902776765818

Twitter Updates

follow me on Twitter
Brief description: Linux is the future, Live your present and ready to welcome the future.
Tags:
View Linux Explore group live demo..
Posted by at No comments:
Labels: , , , , , , , , , , , ,

10 Linux super-hacks for Linux Administrator

This article is a compilation of several interesting, unique command-line tricks that should help you squeeze more juice out of your system, improve your situational awareness of what goes on behind the curtains of the desktop, plus some rather unorthodox solutions that will melt the proverbial socks off your kernel.
Follow me for a round of creative administrative hacking.

1. Run top in batch mode

top is a handy utility for monitoring the utilization of your system. It is invoked from the command line and it works by displaying lots of useful information, including CPU and memory usage, the number of running processes, load, the top resource hitters, and other useful bits. By default, top refreshes its report every 3 seconds.
top
Most of us use top in this fashion; we run it inside the terminal, look on the statistics for a few seconds and then graciously quit and continue our work.
But what if you wanted to monitor the usage of your system resources unattended? In other words, let some system administration utility run and collect system information and write it to a log file every once in a while. Better yet, what if you wanted to run such a utility only for a given period of time, again without any user interaction?
There are many possible answers:
  • You could schedule a job via cron.
  • You could run a shell script that runs ps every X seconds or so in a loop, incrementing a counter until the desired number of interactions elapsed. But you would also need uptime to check the load and several other commands to monitor disk utilization and what not.
Instead of going wild about trying to patch a script, there’s a much, much simpler solution: top in batch mode.
top can be run non-interactively, in batch mode. Time delay and the number of iterations can be configured, giving you the ability to dictate the data collection as you see fit.
Here’s an example:
top -b -d 10 -n 3 >> top-file
We have top running in batch mode (-b). It’s going to refresh every 10 seconds, as specified by the delay (-d) flag, for a total count of 3 iterations (-n). The output will be sent to a file.
A few screenshots:
Batch mode 1
Batch mode 2
And that does the trick.
Speaking of writing to files …

2. Write to more than one file at once with tee

In general, with static data, this is not a problem. You simply repeat the write operation. With dynamic data, again, this is not that much of a problem. You capture the output into a temporary variable and then write it to a number of files.
But there’s an easier and faster way of doing it, without redirection and repetitive write operations. The answer: tee.
tee is a very useful utility that duplicates pipe content. Now, what makes tee really useful is that it can append data to existing files, making it ideal for writing periodic log information to multiple files at once.
Here’s a great example:
ps | tee file1 file2 file3
That’s it! We’re sending the output of the ps command to three different files! Or as many as we want. As you can see in the screenshots below, all three files were created at the same time and they all contain the same data. This is extremely useful for constantly changing output, which you must preserve in multiple instances without typing the same commands over and over like a keyboard-loving monkey.
tee 1
tee 2
tee 3
Now, if you wanted to append data to files, that is periodically update them, you would use the -a flag, like this:
ps | tee -a file1 file2 file3 file4
Sweet.

3. Unleash the accounting power with pacct

Did you know that you can log the completion of every single process running on your machine? You may even want to do this, for security, statistical purposes, load optimization, or any other administrative reason you may think of.
By default, process accounting (pacct) may not be activated on your machine. You might have to start it:
/usr/sbin/accton /var/account/pacct
Once this is done, every single process will be logged. You can find the logs under /var/account. The log itself is in binary form, so you will have to use a dumping utility to convert it to human-readable form.
To this end, you use the dump-acct utility.
dump-acct pacct
The output may be very long, depending on the activity on your machine and whether you rotate the logs, which you should, since the accounting logs can inflate very quickly.
dump-acct
And there you go, the list of all processes ran on our host since the moment we activated the accounting. The output is printed in nice columns and includes the following, from left to right: process name, user time, system time, effective time, UID, GID, memory, and date.
Other ways of starting accounting may be in the following forms:
/etc/init.d/psacct start
Or:
/etc/init.d/acct start
In fact, starting accounting using the init script is the preferred way of doing things. However, you should note that accounting is not a service in the typical form. The init script does not look for a running process – it merely checks for the lock file under /var. Therefore, if you turn the accounting on/off using the accton command, the init scripts won’t be aware of this and may report false results.
BTW, turning accounting off with accton is done just like that:
/usr/sbin/accton
When no file is specified, the accounting is turned off. When the command is run against a file, as we’ve demonstrated earlier, the accounting process is started. You should be careful when activating/deactivating the accounting and stick to one method of management, either via the accton command or using the init scripts.

Read more...
Posted by at No comments:
Labels: , , , , , , , , , ,

Sunday, June 20, 2010

L2TP VPN using xl2tpd

L2TP (Layer 2 Tunneling Protocol)
L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol used for VPNs. It uses the UDP port 1701 to communicate. It doesn’t have any encryption, but we can encrypt the L2TP packets by using it with IPSec. For theoretical information on L2TP you visit its Wiki.
In Linux, you can find so many different applications to build a L2TP server but there is no proper documentation for this. Also, I think no one is using L2TP VPN nowadays. But my requirement could solve by L2TP only. I wanted to configure the VPN for some old devices that does support only L2TP VPN.
I use Centos 5 Linux for VPN server. For VPN application, I use the combination to two applications. One is xl2tpd & rp-l2tpd.
I also had the option of openl2tpd, I tried this on Fedora 8 Linux but there is some bug on fedora 8’s pppd, which stopped me to use that. And when I tried to install openl2tpd on Centos 5, it asked to enable the L2TP support on kernel. I didn’t want to play with kernel that time.
That was the reason, I switched to xl2tpd application. It is the same application l2tpd but maintained by Xelerance Corporation. I don’t use l2tpd due to some compilation problem. I also face the compilation problem with xl2tpd, but it was manageable. You will also see the use of rp-l2tpd, it is also solving some dependency problem for xl2tpd.
Downloading & Installing xl2tpd
xl2tpd can be downloaded from http://www.xelerance.com/software/xl2tpd/xl2tpd-1.2.4.tar.gz or you can download it from any other website. After downloading the application use the following commands to install it.
root@rahul-pc~# tar –xvf xl2tpd-1.2.4.tar.gz
root@rahul-pc~# cd xl2tpd-1.2.4
root@rahul-pc~# make
When you give the make command, it can show you some error on compilation (especially on fresh installed Centos 5 system, may be due to some dependencies), but creates the xl2tpd binary. You can use that binary for configuring L2TP VPN server. Copy that binary to /usr/local/sbin/ directory.
root@rahul-pc~# cp xl2tpd /usr/local/sbin/
xl2tpd.conf
Also copy the xl2tpd.conf file, from the examples directory on your xl2tpd source directory, to /etc/xl2tpd/ directory (you need to create that directory as you installing the xl2tpd manually).
root@rahul-pc~# cp examples/xl2tpd.conf /etc/xl2tpd/
Change the xl2tpd.conf according to your usage; means change the IP address in conf file that you require for your VPN network i.e. tunnel IP address. In my case xl2tpd.conf file look something like this.
;
; This is a minimal sample xl2tpd configuration file for L2TP without IPsec.
;
; The idea is to provide an L2TP daemon to which remote L2TP clients can
; connect. In this example, the internal (protected) network
; is 192.168.1.0/24. A special IP range within this network is reserved
; for the remote clients: 10.10.10.0/24
; (i.e. 10.10.10.1 ... 10.10.10.254)
;
; The listen-addr parameter can be used if you want to bind the L2TP daemon
; to a specific IP address instead of to all interfaces. For instance,
; you can bind it to the interface of the internal LAN (e.g. 192.168.1.98
; in the example below).
[global]
; listen-addr = 192.168.1.98
;
; requires openswan-2.5.18 or higher - Also does not yet work in combination
; with kernel mode l2tp as present in linux 2.6.23+
; ipsec saref = yes
; forceuserspace = yes
;
; debug tunnel = yes
; L2TP Network Server configuration.
[lns default]
ip range = 10.10.10.2-10.10.10.254
local ip = 10.10.10.1
; Always use CHAP instead of PAP, it will provide you a little security
; with L2TP (without IPsec).
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
; PPP option file name, it may use /etc/ppp/options by default, if you comment this
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
You can modify this file according to your requirement. The entire configuration is completed from xl2tp side, now time to configure the PPP parameters.
options.xl2tpd
First of all, create a file named /etc/ppp/options.xl2tpd (option file name written in xl2tpd.conf file) with following entries.
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.22.240
ms-wins 192.168.22.240
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
proxyarp
connect-delay 5000
You can change your dns & wins server IP address in the file. You can also add some other parameters that are supported by your pppd, like require-mschap-v2, see the man page of your pppd.
chap-secrets
Put your authentication on /etc/ppp/chap-secrets file.
# Secrets for authentication using CHAP
# client server secret IP addresses
"username" "*" "password" "10.10.10.2"
The IP address field is showing the remote tunnel static IP address. You can assign the dynamic IP addresses also by using radius server & dhcp-pppd plugin etc. But I don’t know what is the easiest method to do this & how to. Also my requirement is completed by using static IP address. But I want to know its other methods also. Anyone, who can put some light on this, please writes.
Same chap-secrets file can be used, if you are using mschap protocol in option file.
Running xl2tpd
After doing the entire above configuration, you can start xl2tpd. Give the following command.
xl2tpd -D
-D option is opening the debug of xl2tpd. It is recommended to start the application in debugging mode at first time (during testing time). Remove –D option to stop the debugs.
When you try to run xl2tpd, it will show you a error for /var/run/xl2tpd/l2tp-control not found. This l2tp-control file can be extracted from rp-l2tpd application. Or you can compile the xl2tpd properly, may be it will gives you the l2tp-control binary. You can also try this by creating a blank non-binary file by using touch command (I didn’t try this, it’s just a silly idea).
Download & compile rp-l2tpd to get the l2tp-control
To download the rp-l2tpd go to http://sourceforge.net/projects/rp-l2tp/. Compile the application by following commands.
root@rahul-pc~# tar -xvf rp-l2tpd-0.4.tar.gz
root@rahul-pc~# cd rp-l2tpd-0.4
root@rahul-pc~# ./configure
root@rahul-pc~# make
After successful compilation you can copy the l2tp-control binary to /usr/local/sbin/ directory.
root@rahul-pc~# cp handlers/l2tp-control /usr/local/sbin/
Create the soft-link of control file to /var/run/xl2tpd/ directory.
root@rahul-pc~# mkdir /var/run/xl2tpd/
root@rahul-pc~# ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
Now you can start the xl2tpd tunneling server by giving the above commands. It will start & work perfectly.

For more detail and some other Linux post go to the following link:

Posted by at No comments:
Subscribe to: Posts (Atom)