Wednesday 17 August 2011

How can I setup the MTU for my network interface?

MTU (Maximum Transmission Unit) is related to TCP/IP networking in Linux/BSD/UNIX oses. It refers to the size (in bytes) of the largest datagram that a given layer of a communications protocol can pass at a time.
You can see current MTU setting with ifconfig command under Linux:
# /sbin/ifconfig
Output: 
eth0      Link encap:Ethernet  HWaddr 00:0F:EA:91:04:07
         inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:141567 errors:0 dropped:0 overruns:0 frame:0
         TX packets:141306 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:101087512 (96.4 MiB)  TX bytes:32695783 (31.1 MiB)
         Interrupt:18 Base address:0xc000
A better way is to use ip command:
$ ip link list
Output: 
1: lo:  mtu 16436 qdisc noqueue
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:0f:ea:91:04:07 brd ff:ff:ff:ff:ff:ff
3: sit0:  mtu 1480 qdisc noop
   link/sit 0.0.0.0 brd 0.0.0.0
As you see, MTU set to 1500 for eth0. Let us say you want this to 1400 then you can use any one of the following command to setup MTU:
# ifconfig eth0 mtu 1400
OR
# ip link set dev eth0 mtu 1400
Verify that new mtu is setup with following command:
$ ip link list
OR
$ /sbin/ifconfig
To make the setting permanent for eth0, edit the configuration file:
/etc/network/interfaces (Debian Linux file)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
name Ethernet LAN card
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
gateway 192.168.1.254
mtu 1400
post-up /etc/fw.start
post-down /etc/fw.stop
/etc/sysconfig/network-scripts/ifcfg-eth0 (Red Hat Linux )
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:0F:EA:91:04:07
IPADDR=192.168.1.111
NETMASK=255.255.255.0
NETWORK=192.168.1.0
MTU=1400
ONBOOT=yes
TYPE=Ethernet
Save the file and restart network service
If you are using Redhat:
# service network restart
If you are using Debian:
# /etc/init.d/networking restart
Posted by Newbie at 18:42 0 comments
Labels:

How to Drop or block attackers IP with null routes?

Someone might attack on your system. You can drop attacker IP using IPtables. However, you can use route command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.
You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system.) stopping various attacks coming from a single IP (read as spammers or hackers):

Nullroute IP using route command

Suppose that bad IP is 65.21.34.4, type following command at shell:

# route add 65.21.34.4 gw 127.0.0.1 lo
You can verify it with following command:
# netstat -nr
OR
# route -n
You can also use reject target (thanks to Gabriele):
# route add -host IP-ADDRESS reject
# route add -host 64.1.2.3 reject
To confirm the null routing status, use ip command as follows:
# ip route get 64.1.2.3
Output:
RTNETLINK answers: Network is unreachable
Drop entire subnet 192.67.16.0/24:
# route add -net 192.67.16.0/24 gw 127.0.0.1 lo
You can also use ip command to null route network or ip, enter:
# ip route add blackhole 202.54.5.2/29
# route -n

How do I remove null routing? How do I remove blocked IP address?

Simple use router delete command,
# route delete 65.21.34.4
This is cool, as you do not have to play with iptables rules.
Posted by Newbie at 18:34 0 comments
Labels:

Find Out If Box is Under DoS Attack or Not

Find Out If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Output:
1 10.0.77.52
      2 10.1.11.3
      4 12.109.42.21
      6 12.191.136.3
.....
...
....
    13 202.155.209.202
     18 208.67.222.222
     28 0.0.0.0
    233 127.0.0.1
You can simply block all abusive IPs using iptables .

IPs using iptablesReplace IP-ADDRESS with your actual IP address. For example, if you wish to block an ip address 65.55.44.100 for whatever reason then type the command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP
If you have IP tables firewall script, add the above rule to your script.
If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP
The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.

CentOS / RHEL / Fedora Block An IP And Save It To Config File

Type the following two command:
# iptables -A INPUT -s 65.55.44.100 -j DROP
# service iptables save

How Do I Unblock An IP Address?

Use the following syntax (the -d options deletes the rule from table):
# iptables -D INPUT -s xx.xxx.xx.xx -j DROP
# iptables -D INPUT -s 65.55.44.100 -j DROP
# service iptables save
 
 
 
 
Posted by Newbie at 18:33 0 comments
Labels:

How do I find out Linux Resource utilization to detect system bottlenecks?

How can I find out Linux Resource utilization using vmstat command? How do I get information about high disk I/O and memory usage?
 
A. vmstat command reports information about processes, memory, paging, block IO, traps, and cpu activity. However, a real advantage of vmstat command output - is to the point and (concise) easy to read/understand. The output of vmstat command use to help identify system bottlenecks. Please note that Linux vmstat does not count itself as a running process.
Here is an output of vmstat command from my enterprise grade system:
$ vmstat -S M
Output:
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
3  0      0   1963    607   2359    0    0     0     0    0     1 32  0 68  0
Where,
  • The fist line is nothing but six different categories. The second line gives more information about each category. This second line gives all data you need.
  • -S M: vmstat lets you choose units (k, K, m, M) default is K (1024 bytes) in the default mode. I am using M since this system has over 4 GB memory. Without -M option it will use K as unit
$ vmstat
Output:
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
3  0      0 2485120 621952 2415368  0    0     0     0    0     1 32  0 68  0

Field Description For Vm Mode

(a) procs is the process-related fields are:

  • r: The number of processes waiting for run time.
  • b: The number of processes in uninterruptible sleep.

(b) memory is the memory-related fields are:

  • swpd: the amount of virtual memory used.
  • free: the amount of idle memory.
  • buff: the amount of memory used as buffers.
  • cache: the amount of memory used as cache.

(c) swap is swap-related fields are:

  • si: Amount of memory swapped in from disk (/s).
  • so: Amount of memory swapped to disk (/s).

(d) io is the I/O-related fields are:

  • bi: Blocks received from a block device (blocks/s).
  • bo: Blocks sent to a block device (blocks/s).

(e) system is the system-related fields are:

  • in: The number of interrupts per second, including the clock.
  • cs: The number of context switches per second.

(f) cpu is the CPU-related fields are:

These are percentages of total CPU time.
  • us: Time spent running non-kernel code. (user time, including nice time)
  • sy: Time spent running kernel code. (system time)
  • id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time.
  • wa: Time spent waiting for IO. Prior to Linux 2.5.41, shown as zero.
As you see the first output produced gives averages data since the last reboot. Additional reports give information on a sampling period of length delay. You need to sample data using delays i.e. collect data by setting intervals. For example collect data every 2 seconds (or collect data every 2 second 5 times only):
$ vmstat -S M 2
OR
$ vmstat -S M 2 5
Output:
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
3  0      0   1756    607   2359    0    0     0     0    0     1 32  0 68  0
3  0      0   1756    607   2359    0    0     0     0 1018    65 38  0 62  0
3  0      0   1756    607   2359    0    0     0     0 1011    64 37  0 63  0
3  0      0   1756    607   2359    0    0     0    20 1018    72 37  0 63  0
3  0      0   1756    607   2359    0    0     0     0 1012    64 37  0 62  0
3  0      0   1756    607   2359    0    0     0     0 1011    65 38  0 63  0
3  0      0   1995    607   2359    0    0     0     0 1012    62 35  2 63  0
3  0      0   1731    607   2359    0    0     0     0 1012    64 34  3 62  0
3  0      0   1731    607   2359    0    0     0     0 1013    72 38  0 62  0
3  0      0   1731    607   2359    0    0     0     0 1013    63 37  0 63  0
This is what most system administrators do to identify system bottlenecks. I hope all of you find vmstat data is concise and easy to read.
Posted by Newbie at 18:26 0 comments
Labels:

Display Apache Server Status with mod_status

How do I display Apache server status such as current server activity and performance under Red Hat Enterprise Linux / UNIX / BSD?

A. You can use regular Linux / UNIX commands such as lsof, netstat, top, vmstat and others to view apache server activity, status and performance from a shell prompt. However, I recommend mod_status because it provides good information about Apache server.

mod_status Apache module

There is also mod_status built into Apache web server to get server status from a web browser. With this module you can easily find out how well your server is preforming. All reports are generated in a html format. You can easily find out following type of information:
  1. Total number of worker serving requests
  2. Total number of of idle worker
  3. Find the status of each worker, the number of requests that worker has performed and the total number of bytes served by the worker
  4. Total number byte count served
  5. Other information such as CPU usage, number of requests per second,current hosts and requests being processed etc.

How do I configure mod_status to display Apache web server status?

Open your httpd.conf / apache2.conf file:
# vi httpd.conf
Fnd out (append line) that read as follows to allow access from 10.1.2.5 only:
<Location /server-status>
   SetHandler server-status
   Order Deny,Allow
   Deny from all
   Allow from 10.1.2.5
</Location>
You can also restrict access using a domain name:
<Location /server-status>
   SetHandler server-status
   Order Deny,Allow
   Deny from all
   Allow from w1.g2.dc3.helpdesk.nixcraft.com
</Location>
Save and close the file. Restart web server, enter:
# service httpd restart
Fire a webbrowser and type the url http://your-server-ip/server-status or http://your-corp.com/server-status
Posted by Newbie at 18:24 0 comments
Labels:

Setting Up Red Hat Cluster Using the Software

Installing Clustering Software

On the next step, you should install the necessary clustering software on each node in the cluster. The following packages from Red Hat Cluster Suite are required:
  • perl-Net-Telnet;
  • cman;
  • system-config-cluster;
  • rgmanager;
  • openais;
  • gfs-utils.
You can use the up2date utility to download the latest versions of the aforementioned packages.
To install the obtained packages, use the rpm -i command. For example:

# rpm -ihv openais-0.80.3-7.el5.i386 cman-2.0.73-1.el5_1.1.i386
rgmanager-2.0.31-1.el5.i386.rpm
system-config-cluster-1.0.50-1.3.noarch.rpm
perl-Net-Telnet-3.03-5.noarch
gfs-utils-0.1.11-1.el5.i386.rpm


After you have successfully installed the clustering software on each cluster node, you should set up a Red Hat cluster that will ensure the high-availability of your Virtuozzo Containers 4.0 installations. You can use one of the following tools to set up a new cluster:
  • system-config-cluster: this GUI tool can be used to easily install, configure, and manage Red Hat clusters.
  • Conga: this comprehensive user interface can be used for installing, configuring, and managing Red Hat clusters, servers, and storage devices attached to clusters and servers.
  • command line tools: this is a set of command line tools for configuring and managing Red Hat clusters.
The example below demonstrates how to set up a new Red Hat cluster using the system-config-cluster cluster configuration GUI tool:
  1. Log in to any of you cluster nodes (this node should have the 'X-Window' component installed) and launch the Cluster Configuration Tool as follows:
    # system-config-cluster
  2. Your further steps will be different depending on whether you are starting the tool for the first time or have already launched it before:
    • click Create New Configuration in the displayed dialog window if you are running the Cluster Configuration Tool for the first time;
    • otherwise, click File -> New.
  3. In the New Configuration window, enter a descriptive name for the cluster in the field provided and click OK. Please keep in mind that you will need to specify this name when creating a GFS file system with the gfs_mkfs utility.
    Please see Step 4 in the Configuring Shared Storage subsection for more information.
  4. Set one or more fence devices for the cluster:
    • Select the Fence Devices item and click Add a Fence Device at the bottom of the Cluster Configuration window:
      Setting Up Data Sharing Cluster - Defining Fencing Devices
    • In the Fence Device Configuration window, select the type of fence device to configure and provide the necessary information in the appropriate fields.
      Note: Please refer to the Configuring and Managing a Red Hat Cluster document for detailed information on available fence devices and their parameters.
    • Click OK.
  5. Add all your Virtuozzo servers to the cluster:
    • Select the Cluster Nodes item and click Add a Cluster Node at the bottom of the Cluster Configuration window.
    • In the Node Properties window, type the name of the server you wish to add to the cluster (or its IP address on the cluster subnet) and click OK. For example:
      Setting Up Data Sharing Cluster - Adding Node to Cluster
    • Configure fencing for the added node using the Manage Fencing For This Node button at the bottom of the Cluster Configuration right frame.
    • Repeat the aforementioned operations for each Virtuozzo server to be included in the cluster.
  6. Add one or more failover domains to the cluster. This step is optional and should be performed if you wish to specify one or more subsets of cluster nodes that will be eligible to run the corresponding cluster services. For more information on cluster services, please refer to the Creating and Configuring Cluster Services subsection.
    • Select the Failover Domains item and click Create a Failover Domain at the bottom of the Cluster Configuration window:
      Setting Up Data Sharing Cluster - Adding Failover Domain
    • Type an arbitrary name for the failover domain (it will be used to distinguish the given failover domain among the other domains in the cluster) and click OK.
    • In the Failover Domain Configuration window, specify the cluster nodes to be included in the failover domain, configure the domain properties (e.g. set the cluster nodes prioritization), and click Close.
      Note: Each failover domain must contain at least one standby node where all Virtuozzo mission-critical services and Containers will be able to fail over in the event of an active node failure.
  7. Save the current cluster configuration by clicking File --> Save on the main menu of the Cluster Configuration Tool. By default, you are offered to save the cluster configuration into the cluster.conf file in the /etc/cluster directory. Click OK to confirm the offered file name and location or change them to your preference.
  8. Distribute the cluster configuration file (/etc/cluster/cluster.conf by default) to all nodes in the cluster. For example, you can do it using the scp utility.
  9. Start the Red Hat clustering service on each server in the cluster by executing the following command:
    # service cman start
Posted by Newbie at 18:17 0 comments
Labels:
How do I install Cluster Suite software on CentOS Linux 5 IBM server for testing purpose?

A. CentOS Linux and RHEL 5 server has cluser suite software from Red Hat and it can be installed easily using yum command or GUI installation utility.
Red Hat Cluster Suite is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure.
Login as the root and type the following command:
# yum groupinstall Clustering
Sample output:
Loading "installonlyn" plugin
Loading "security" plugin
Setting up Group Process
Setting up repositories
Setting up repositories
Reading repository metadata in from local files
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package piranha.i386 0:0.8.4-7.el5 set to be updated
---> Package modcluster.i386 0:0.10.0-5.el5.centos set to be updated
---> Package ricci.i386 0:0.10.0-6.el5.centos.1 set to be updated
---> Package luci.i386 0:0.10.0-6.el5.centos.1 set to be updated
---> Package system-config-cluster.noarch 0:1.0.50-1.3 set to be updated
---> Package ipvsadm.i386 0:1.24-8.1 set to be updated
---> Package cluster-cim.i386 0:0.10.0-5.el5.centos set to be updated
---> Package cluster-snmp.i386 0:0.10.0-5.el5.centos set to be updated
---> Package rgmanager.i386 0:2.0.31-1.el5.centos set to be updated
--> Running transaction check
--> Processing Dependency: cman >= 2.0.71-1 for package: rgmanager
--> Processing Dependency: libcman.so.2 for package: rgmanager
--> Processing Dependency: tog-pegasus for package: cluster-cim
--> Processing Dependency: libnetsnmp.so.10 for package: cluster-snmp
--> Processing Dependency: libdlm.so.2 for package: rgmanager
--> Processing Dependency: net-snmp for package: cluster-snmp
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package net-snmp.i386 1:5.3.1-19.el5_1.4 set to be updated
---> Package tog-pegasus.i386 2:2.6.1-2.el5_1.1 set to be updated
---> Package cman.i386 0:2.0.73-1.el5_1.1 set to be updated
---> Package net-snmp-libs.i386 1:5.3.1-19.el5_1.4 set to be updated
--> Running transaction check
--> Processing Dependency: libSaCkpt.so.2 for package: cman
--> Processing Dependency: libcpg.so.2(OPENAIS_CPG_1.0) for package: cman
--> Processing Dependency: perl(Net::Telnet) for package: cman
--> Processing Dependency: openais for package: cman
--> Processing Dependency: libcpg.so.2 for package: cman
--> Processing Dependency: libSaCkpt.so.2(OPENAIS_CKPT_B.01.01) for package: cman
--> Processing Dependency: libsensors.so.3 for package: net-snmp
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package openais.i386 0:0.80.3-7.el5 set to be updated
---> Package lm_sensors.i386 0:2.10.0-3.1 set to be updated
---> Package perl-Net-Telnet.noarch 0:3.03-5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 cluster-cim             i386       0.10.0-5.el5.centos  base              167 k
 cluster-snmp            i386       0.10.0-5.el5.centos  base              161 k
 ipvsadm                 i386       1.24-8.1         base               31 k
 luci                    i386       0.10.0-6.el5.centos.1  base               25 M
 modcluster              i386       0.10.0-5.el5.centos  base              328 k
 piranha                 i386       0.8.4-7.el5      base              708 k
 rgmanager               i386       2.0.31-1.el5.centos  base              230 k
 ricci                   i386       0.10.0-6.el5.centos.1  base              1.1 M
 system-config-cluster   noarch     1.0.50-1.3       base              286 k
Installing for dependencies:
 cman                    i386       2.0.73-1.el5_1.1  updates           426 k
 lm_sensors              i386       2.10.0-3.1       base              494 k
 net-snmp                i386       1:5.3.1-19.el5_1.4  updates           701 k
 net-snmp-libs           i386       1:5.3.1-19.el5_1.4  updates           1.2 M
 openais                 i386       0.80.3-7.el5     base              364 k
 perl-Net-Telnet         noarch     3.03-5           base               56 k
 tog-pegasus             i386       2:2.6.1-2.el5_1.1  updates           6.3 M

Transaction Summary
=============================================================================
Install     16 Package(s)
Update       0 Package(s)
Remove       0 Package(s)         

Total download size: 38 M
Is this ok [y/N]: y
 
For configuration information refer to CentOS / RHEL cluster suite documentation here.
Posted by Newbie at 18:12 0 comments
Labels:
Subscribe to: Posts (Atom)
Browser Name:
Browser Version:
Browser Code Name:
User-Agent: