MySql Database file backup and Restore

1) tacking Mysql database file backup

#mysqldump -h localhost -u root -pmypassword databasename > dumpfile.sql


(Before restoring backup create blank Database file and then restore data 




2)Command for restore Mysql database form backup file


#mysql -h hostname -u username -pthepassword databasename < dumpfile.sql

A "live" view of a logfile on Linux

A "live" view of a logfile on Linux

This approach works for any linux operating system, including Ubuntu, and is probably most often used in conjunction with web development work.

#tail -f /var/logfile.log

This will give you a scrolling view of the logfile. As new lines are added to the end, they will show up in your console screen.

As with all linux apps, Ctrl+C will stop it.

Install and Configure MRTG

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links.

MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic. You need the following packages:

• mrtg : Multi Router Traffic Grapher
• net-snmp and net-snmp-utils : SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools. net-snmp package contains the snmpd and snmptrapd daemons, documentation, etc. You also want to install the net-snmp-utils package, which contains NET-SNMP utilities.

Step # 1: Install MRTG

Type the following command to install packages using yum command under Redhat Linux:

# yum install mrtg net-snmp net-snmp-utils

Step # 2: Configure snmpd
If you need to monitor localhost including interface and other stuff such as CPU, memory etc, configure snmpd. Open /etc/snmp/snmpd.conf,

# vi /etc/snmp/snmpd.conf

Update it as follows to only allow access from localhost:

com2sec local     localhost           public

group MyRWGroup v1         local

group MyRWGroup v2c        local

group MyRWGroup usm        local

view all    included  .1                               80

access MyRWGroup ""      any       noauth    exact  all    all    none

syslocation VSNL, India

syscontact Root <vivek@nixcraft.tld>

(Comment older configuration in snmpd.conf)

Save and close the file. Restart snmpd:

# chkconfig snmpd on

# service snmpd restart

Make sure you see interface IP, by running the following command:

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Sample Outputs:

IP-MIB::ipAdEntIfIndex.123.xx.yy.zzz = INTEGER: 2

IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Step # 3: Configure MRTG

Use cfgmaker command to creates /etc/mrtg/mrtg.cfg file, enter:

# cfgmaker --global 'WorkDir: /var/www/html/mrtg' --output /etc/mrtg/mrtg.cfg public@localhost

--global 'WorkDir: /var/www/mrtg' : add global config entries i.e. set workdir to store MRTG graphs.

--output /etc/mrtg/mrtg.cfg: configr output filename

public@localhost : public is the community name of the device you want to create a configuration for. If you are using the wrong community name you will get no response from the device. localhost is the DNS name or the IP number of an SNMP-managable device i.e. our local server.

Finally, run indexmaker to create web pages which display the status of an array of mrtg interface status pages:

# indexmaker --output=/var/www/html/mrtg/index.html /etc/mrtg/mrtg.cfg

Step # 4: Verify Cron Job

/etc/cron.d/mrtg runs mrtg command to monitor the traffic load on network links:

# cat /etc/cron.d/mrtg

Sample Output:

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lock/mrtg/mrtg_l --confcache-file /var/lib/mrtg/mrtg.ok

Just make sure crond is running and you are done with configuration:

# chkconfig --list crond
If it is off in run level # 3, just run the following to turn on crond service:

# chkconfig crond on

# service crond on

Step # 5:- Testing

You need Apache web server to view graphs, simply type the following to install httpd:

# yum install httpd

# chkconfig httpd on

# service httpd on

 webbrowser and type the url:

http://your-ip.add.ress/mrtg/

http://192.168.1.5/mrtg/

How to install .rpm.bin package

1) Chang the permission

#chmod  +x  package name

2) run as a script

#./package name

How to Enable mod_perl

1) #yum -y install mod_perl
 Installation of Perl Module

2) #vim /etc/httpd/conf.d/perl.conf
   perl configuration file
  Go to line 17: uncomment

     PerlSwitches -w

  Go to line 26: uncomment

     PerlSwitches -T

  Go to line 32-38: uncomment like follows

      Alias /perl /var/www/perl

     <Directory /var/www/perl> # directory for mod_perl environment

     SetHandler perl-script # looks all files as perl-scripts under this directory

#   AddHandler perl-script .cgi # if set specific files, use this line and make the line above comment

#   PerlResponseHandler ModPerl::Registry

     PerlResponseHandler ModPerl::PerlRun # set PerlRun mode

     PerlOptions +ParseHeaders

    Options +ExecCGI

    </Directory>

 Go to line 45-51: uncomment ( this is for the status of mod_perl )

    <Location /perl-status>

    SetHandler perl-script

    PerlResponseHandler Apache2::Status

    Order deny,allow

    Deny from all

    Allow from 192.168.1.2 # IP address you permit

   </Location>

3) #service httpd restart
Restarting httpd services

4) Testing
 Open web browser
Http://hostname.com/perl-status

Apache Server with PHP support

1) Install PHP 

#yum -y install php php-mbstring php-pear

2) create one index.php page and copy to document root 

  /var/www/html/index.php

3) restart httpd services

#service httpd restart

4) https://yourdomin.com

How to Create Self-Signed SSL Certificates with OpenSSL

How to Create Self-Signed SSL Certificates with OpenSSL

Introduction

This is a brief and superficial tutorial on creating self-signed SSL certificates using OpenSSL. So what is a SSL certificate and why would you want one? Without getting overly complex, SSL certificates verify your identity to an end user and make it possible to encrypt the communication between two hosts. In short, SSL works like this. The browser would check the web server's certificate to see if it's valid or not. If the certificate is valid and not someone trying to impersonate the intended destination web server, the browser and web server negotiate on an encryption algorithm they both can understand. Once a negotiation has been reached they use unique keys or codes (public key and private key) to be used for encrypting and decrypting the data on both sides. Finally the browser and web server communicate securely so no one can eavesdrop on their conversation.
Secure Sockets Layer (SSL) is used in e-commerce and other applications where the information being transmitted must be secure and not visible to anyone watching the network traffic. A practical e-commerce example would be making a purchase form an online store. When you enter your credit card information and click a submit button, your information is sent from your web browser to the store's server. It's encrypted using SSL so no one else can read it as it travels across the internet. An application example could be acquiring UPS shipping rates in real-time. When you have an account with UPS you must establish a userid, password, and are then assigned a license key. You would transmit these credentials programmatically to their server to request pricing for maybe sending a package to New York from your location. You wouldn't want your credentials being sent in plain text because it'd be possible for someone to steal your account information, so to combat this UPS offers their XML service through a SSL enabled URL.
Now that you have a general understanding of SSL we come to the certificate signing part. SSL certificates must be signed by a trusted authority or more commonly known as Certificate Authorities (CA). CA's confirm your identity by adding their signature to your SSL certificate. On the web browser side, browsers like FireFox and Internet Explorer have a list of CA fingerprints to match against the SSL certificates they come across. For example, when you go to a SSL enabled URL, that certificate would be signed by a company like Verisign, Thawte, Comodo, or some other CA. Your web browser would check the certificate's CA fingerprint to make sure it hasn't been forged and is a valid and trusted certificate. If all goes well your browser would accept the certificate and give no complaints, however, if it doesn't have the fingerprint on file it would complain and typically throw up a window saying the certificate is bad or shouldn't be trusted. CA's usually ask for proof of your company like a copy of your DBA (Doing Business As) before they'll sign your certificate. Also, be prepared to hand over some cash because CA's won't sign your certificate for free.
So where does that leave us individuals and non-commercial entities that want to use SSL to encrypt our data? The answer is using self-signed certificates. Self-signed certs are the same as signed versions except for the fact that a CA doesn't stamp it with their approval, instead you stamp it with yours. Self-signed certs offer the same amount of protection but at the cost of dealing with the annoying popup alert the browser displays and someone being able to forge your identity, however they are completely free and easy to make using OpenSSL. If you want to create your own private use SSL certificate then keep reading this tutorial and you'll learn how to. Make sure you're logged in as root and are in your home directory. Also, be sure to create a directory called ssl and move into it (we'll create our SSL files here temporarily).

Generate Your Private Key

The first step in creating a self-signed SSL certificate is to generate your private key. Its purpose is to encrypt data to be decrypted by the public key and vice versa, so basically one cannot work without the other since they are both mathematically linked. The private key is stored on the web server and should never be shared with anyone (protect it at all costs!). Your private key can be either RSA or DSA based with a minimum of 1024 bits using a cipher such as TripleDES. For our private key we'll use RSA, 1024 bits, and TripleDES (I've gone as far as to use 4096 bits - more secure but slower to encrypt/decrypt). Our private key password should contain a minimum of 12 characters and they should be alpha-numeric with some special characters like spaces, dollar signs, asterisks, etc. The point is to choose a very hard password to crack and not be dictionary based. When you figure out what password you're going to use for your private key then you should write it down and keep it in a safe place. Don't lose this password because when it comes time to renew your certificate you'll have to trash it and start over from scratch.


#yum install mod_ssl


#openssl genrsa -des3 -out server.key 1024


[enter a password]
[confirm your password]


Our private key has been created and saved as server.key. We can now move on to creating the certificate signing request (public key).

Certificate Signing Request (CSR)

The certificate signing request (CSR) is an unsigned copy of the SSL certificate. The CSR contains the public key and X.509 certificate attributes including your country, state, organization name, server's common name or FQDN (fully qualified domain name), and other information. Before you can get a digital certificate from a CA you'll need to generate a CSR on the server you'll be using the SSL certificate on. The most important attribute you should pay close attention to is the common name. You must use the FQDN of the server you'll be protecting by SSL. For example, if you want to use https://secure.yourdomain.com then the common name would besecure.yourdomain.com. You'll need to configure DNS and your web server to respond to requests for this address. Another thing to know is that when you enter your organizational name, you should use the word 'and' instead of an ampersand '&' character if you have a company name like Law Offices of Smith & Klein. Certificate Authorities like Verisign are very picky about the ampersand and will likely make you redo your CSR if you use one. Play it safe and use 'and' instead of '&'. Now we'll create our certificate signing request.


#openssl req -key server.key -out server.csr


[enter your private key password]
[enter your two character country code]
[enter your full state or province name]
[enter your city name]
[enter your company name]
[enter your organizational unit or leave it blank]
[enter your common name or fqdn]
[enter your admin email address]
[leave the rest of the attributes blank]




Our CSR has been generated and saved as server.csr. At this point you could send in the request to a CA, pay the fee, prove your identity, and then they would issue you a SSL certificate. All they need is the contents of server.csr which can be retrieved by using the cat command.


#cat server.csr


You would send everything to the CA starting from the first hyphen to the last one (the entire file).

Sign Your Certificate Signing Request

With our CSR generated we come to the heart of this tutorial which is signing your CSR to create a SSL cert for your web server. Since we're signing our own certificate we have much more control over the process. When you have a CA sign your CSR you pay for a year, two years, or possibly more. In our case we can specify how many days our certificate is good for before it expires and needs to be resigned. We'll be using 365 days but feel free to use a value greater than one year (maybe 5475 days or 15 years...that should take a while for the clock to run out).




#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[enter your private key password]


Our self-signed certificate has been created and saved as server.crt. You will use this certificate and the private key for Apache to enable SSL on your server, however before we do that we will remove the passphrase from our private key.

Remove the PassPhrase From Your Private Key

When your private key has a passphrase, Apache will have no idea what it is and prompt you for your password whenever the service is started. As you can imagine, this would be a major inconvenience if you need to edit any virtual hosts and reload the changes or if your server crashed or rebooted itself. Apache would just sit there and wait for you to key in the password for each SSL enabled host. The solution to this dilemma would be to remove the passphrase from the private key file. Of course something that simple isn't without another problem. When you remove the encryption from your private key you're also removing its security. If your private key was ever to be stolen then you would need to have your certificate revoked. One course of action is to make your private key readable by only root (chmod 400). Let's remove the passphrase from our private key.


#cp server.key server.key.secure
#openssl rsa -in server.key.secure -out server.key
[enter your private key password]

Install Your Certificate and Private Key

[root@www ~]# vi /etc/httpd/conf.d/ssl.conf

Uncomment

DocumentRoot "/var/www/html"

Uncomment and specify server name

ServerName  www.server.world:443

Specify certificate

SSLCertificateFile /etc/pki/tls/certs/server.crt

Specify certification key

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@www ~]#  /etc/rc.d/init.d/httpd restart

For testing

https://domainname.com

Configure iSCSI target

Configure iSCSI  Target


1) Create one partition

2) #yum install scsi-target-utils

3) #vim /etc/tgt/targets.conf
      (Add at the last of configuration file)
      <target iqn.2011-07.prashant.server:target0>
       (Provided device as a iSCSI target)
       Backing-store /dev/sda
       (iSCSI Initiator IP address you allow to connect)
       initiator-address 10.0.0.30
       (Authentication info (set anyone you like for "username" "password")
       incominguser username password
      </target>

4)#services tgtd start

5)#chkconfig tgtd on


6)#tgtadm --mode target --op show


iSCSI target is configured

How to create Yum repo in Redhat 5

Create Yum Server and Yum Client

Create FTP base Yum server
  Insert RHEL 5 Dvd
   #mkdir -p /var/ftp/pub 
    Create Pub Folder
   #cd /media
   #cd RHEL
    Go to the Media
   #cp -av* /var/ftp/pub
     Copy all DVD in to the /var/ftp/pub Directory
   # cd /var/ftp/pub/Server
    Go to Server Folder
   #rpm -ivh vsftpd-12.42.5.2.5.el5.rpm
   #rpm -ivh createrepo-232.32.4.el5.rpm
   Install flowing Packages
   #services vsftpd start
   Start FTP service
   #chkconfig vsftpd on
   make it a default on
   #cd ..
   #createrepo -v /var/ftp/pub
  Create Repository for all packages
  Create one file in /etc/yum.repos.d/server.repo and configure it
   #vi /etc/yum.repo.d/server.repo
   [server]
   name=yum server
   baseurl=ftp://IP Address/pub (local Server IP Address)
   enabled=1
   gpgcheck=0
  #yum clean all
  #yum list all
  #yum install package name
 Now server is configure

How to create yum client
Create one file in /etc/yum.repos.d/client.repo
#vi /etc/yum.repos.d/client.repo
 [client]
name=yum client
baseurl=ftp://yumserver IP address/pub
enabled=1
gpgcheck=0
:wq

#yum clean all
#yum install package name
Yum client is Configure

Network Settings in CentOs & Redhat

Set static IP Address to the Server

[root@dlp ~]# 

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:50:43:00:3B:AE

# change

ONBOOT=

yes

# add lines as follows

BOOTPROTO=none

# this server's IP address

IPADDR=10.0.0.30

# subnet mask

NETMASK=255.255.255.0
TYPE=Ethernet

# default gateway

GATEWAY=10.0.0.1

# DNS server's IP address

DNS1=10.0.0.10
IPV6INIT=no
USERCTL=no

[root@dlp ~]#service network restart

for restarting network service it is showing all ok 

[root@dlp ~]#ifconfig

it is showing your IP Address

set a processess CPU affinity

taskset taskset [options] [mask |list] [pid |command [args] ] taskset is used to retrieve or set the processor affinity mask of either an existing process, given its PID, or to run a new a process, given its command name, with a specified affinity mask. The Linux scheduler will then honor the given affinity mask, ensuring that the process in question runs only on allowed processors. Options -c, --cpu-list The affinity mask will be provided in list form, for example, "0,2,5-6," not as a bitmask. -p, --pid Set or retrieve the mask of the given PID. Do not start a new process. -h, --help Display usage information and then exit. -V, --version Display version information and then exit.

How to Set Which Process Runing on Which Cpu Core              #taskset -c 1 1253                         Find Which Porcess running in Which Cpu core               #ps o pid,psr,cmd -p PID

How to install Redhat Cluster

Note:- Server Hardware must be same and OS configuration must same.

1) yum install cluster*

2) go to the /var/ftp/pub/Cluster folder

rpm -ivh Cluster_Administration-en-US-5.2-1.noarch.rpm

3) yum install python-imaging

4) rpm -ivh luci

5) rpm -ivh modcluster

6) rpm -ivh rgmanager

7) rpm -ivh ricci

8) rpm -ivh system-config-cluster

9) service ricci start

10) luci_admin init
Provied Paasowrd

11) service luci restart

https://ipaddress:8084

NagiosXI installation

1) Download package form this link
wget http://assets.nagios.com/downloads/nagiosxi/xi-latest.tar.gz

2) copy to the /usr/local/src
 #cp xi-latest.tar.gz /usr/local/src

3) Untar the package
 #tar -xvf xi-latest.tar.gz

4) Configure yum Server or yum client
 #vi /etc/yum.repo.d/rhel.repo
[rhel]
name=yum client
baseusr=ftp://192.168.XX.XX/pub
enabled=1
gpgcheck=0

5) Installs the Dag Wiers repo definition for RPM installations with yum
cd /usr/local/src/nagiosxi

#./0-yum
Yum configured ok
Note:- Run the ./0-yum twice

6)Installs required RPM, Perl, and other packages required for XI and its related
components.
#./1-prereqs

7)Creates Nagios user and groups on the system
#./2-usersgroups

8)Initializes the Postgres and MySQL databases. Sets the MySQL root password to 'nagiosxi'
#./3-dbservers
            
9)Adds entries to /etc/services
#./4-services

10)Modifies /etc/sudoers to allow the nagios user to run certain commands
#./5-sudoers

11)Updates the iptables definitions in /etc/sysconfig/iptables to allow traffic for various components
#./6-firewall
          
12)This is currently a null operation and can be ignored.
#./7-sendmail

13)Disables SELinux by putting it into non-enforcing mode and modifying /etc/selinux/config
#./8-selinux
          
14)Installs backup scripts for MySQL and Postgres in the /root/scripts directory and creates backup directories in /store/backups
#./9-dbbackups

15)Increases memory limit for PHP to 64MB in /etc/php.ini
#./10-phplimits

16)Installs the SourceGuardian loaders for 32-bit or 64-bit Linux platforms to
   /usr/lib/php/modules or /usr/lib64/php/modules. SourceGuardian is required to
   decrypt and run some protected PHP files distributed with Nagios XI. Loaders for
   other platforms can be downloaded from http://www.sourceguardian.com/ixeds/
#./11-sourceguardian

17)Modifies the MRTG config file in /etc/mrtg/mrtg.cfg to use the RRDTool format and
   changes permissions so the webserver can write to the file.
#./12-mrtg

18)Installs various components required by Nagios XI - including Nagios Core, Nagios
   Plugins, NDOUtils, PNP, extra plugins, webinject, etc.
#./A-subcomponents

19)Installs the Nagios XI scripts and php files in /usr/local/nagiosxi, sets appropriate
   file/directory ownership, and creates and htpasswd file for use with Nagios Core and
   PNP.
#./B-installxi

20)Installs cron jobs for the root and nagios users.
#./C-cronjobs

21)Sets all appropriate services to start up in runlevels 3 and 5.
#./D-chkconfigalldaemons

22)Imports base object definitions (templates, commands, etc.) into NagiosQL for use with Nagios Core
#./E-importnagiosql

23)Starts the NDOUtils, Nagios Core, and PNP daemons

#./F-startdaemons 

24)Installs a welcome page in the root webserver directory /var/www/html Finishing Up

./Z-webroot 

If the installation commands completed successfully, you should now have a fully functioning Nagios XI system!

You are access the Nagios XI interface by pointing your web browser to:

http://<xiserver>/

where <xiserver> is the IP address of the server you just installed Nagios XI on.

 

How to Convert .rpm package to .deb package

1) Install below Program
 #apt-get install alien

2) Run Below Command to convert .rpm to .deb package
 #alien <package name.rpm>

3) Install .rpm package after converting
#alien -i <package name.rpm>

openQRM Cloud management tools Installation

Requested for openQRM

1) Install Mysql with Blank Password
2) Configure Bridge
3) Install all KVM package and Start services
4) Download openQRM
http://sourceforge.net/projects/openqrm/

5)How to build and install openQRM
To build please run :
make
-> this automatically checks the requirements for the compilation
-> it builds the base server and plugins
-> it will download and compile some third-party components
-> it will cache downloads and compile results
-> build-location can be configured in ../src/etc/openqrm-server.conf
6)To install run :
make && make install
-> this installs openQRM-ng
-> install-location can be configured in ../src/etc/openqrm-server.conf
7)To start run :
make start
-> this basically just runs "/etc/init.d/openqrm start"
-> installation phase is not needed any more and got eliminated
-> initialization happens automatically on first-start
-> initialization automatically checks for runtime-requirements
8)To check the install requirements run :
make check
-> this checks the requirements for the compilation
-> if this checks fails it will display the exact missing package requirement
   Then just install the listed package via apt-get/yum/.. and try again.
9)To package (rpm/deb) run :
make package
-> this automatically build .deb or .rpm packages
-> package location can be configured in ../src/etc/openqrm-server.conf
10)To reinstall e.g. after making changes to the sources run :
make reinstall
-> this runs stop, uninstall, clean, all, install, start
Please notice that all make-targets (especially "install") should be executed as root.
After compiling and installing openQRM-ng it automatically
initialises itself during first-start according the configuration
parameters set in the main (and single) configuration file BASEDIR/openqrm/etc/openqrm-server.conf

The openQRM-server is now ready for login at : http://[ip-of-the-openQRM-server]/openqrm

Default username and password after installation are :
User : openqrm
Password : openqrm

-> please change the default password immediately to prevent unauthorized access.