Apr 12, 2007

SCRIPT TO MONITOR A SERVER IN EVERY 30 MINUTES

This script is used to check the health of Your servers.
# !/bin/bash
# add ip / hostname separated by while space 
HOSTS="aaa.com bbb.com 202.10.193.46 router"
# no ping request
COUNT=1
# email report when 
SUBJECT="Ping failed Server Seems to be DOWN"
EMAILID="Your emailid"
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $count -eq 0 ]; then
# 100% failed 
echo "Host : $myHost is down (ping failed) at $(date)" | mail -s "$SUBJECT" $EMAILID

Interview Questions for Linux Administrator

The following are some questions which I faced from the interview board for the post of Linux Administrator. This will be update when I get more resources.
1.When do you need a virtual hosting ?
The term Virtual Host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent hostname. For example, it is often desirable for companies sharing a web server to have their own domains, with web servers accessible as www.company1.com and www.company2.com, without requiring the user to know any extra path information.
2.In which port telnet is listening?
23
3.How to get the listening ports which is greater than 6000 using netstat ?
4.How to block and openrelay ?
Open relays are e-mail servers that are configured to accept and transfer e-mail on behalf of any user anywhere, including unrelated third parties.
The qmail-smtpd daemon will consult the rcpthosts control file to determine valid destination addresses, and reject anything else.
5.What is sandwitch configuration in qmail ?
Qmail + Clam + Spamassassin- This is normally called Sandwitch configuration in qmail.
6.Advantages of Qmail ?
More secure, better designed, modular, faster, more reliable, easier to configure, don't have to upgrade it every few months or worry about being vulnerable to something due to some obscure feature being enabled
qmail supports host and user masquerading, full host hiding, virtual domains, null clients, list-owner rewriting, relay control, double-bounce recording, arbitrary RFC 822 address lists, cross-host mailing list loop detection, per-recipient checkpointing, downed host backoffs, independent message retry schedules, etc. qmail also includes a drop-in ``sendmail'' wrapper so that it will be used transparently by your current UAs.
7.What is the difference between POP3 and IMAP ?
The Difference
POP3 works by reviewing the inbox on the mail server, and downloading the new messages to your computer. IMAP downloads the headers of the new messages on the server, then retrieves the message you want to read when you click on it.
When using POP3, your mail is stored on your PC. When using IMAP, the mail is stored on the mail server. Unless you copy a message to a "Local Folder" the messages are never copied to your PC.
Scenarios of Use
POP3
· You only check e-mail from one computer.
· You want to remove your e-mail from the mail server.
IMAP
· You check e-mail from multiple locations.
· You use Webmail.
8.How to drop packets using iptables ?
Iptables -A INPUT -s xx.xx.xx.xx -d xx.xx.xx.xx -j DROP
9.Daily routines of Linux Administrators ?
*.Check the health of servers
*.Check for updates
*.Check the Backup
*.Check with the trouble ticketing system for any unread ticket.
*.Troubleshoot if there any problem
*.Installation of new servers, if needed.
*.Report to the Boss
10.How to take the Dump of a MySQL Database ?
Mysqldump databasename > dumpname
11.How to know the CPU usage of each process ?
Top, uptime
12.How to bind another IP in a NIC ?
Copy the contents eth0 to eth1, and change the ipaddress. Restart the network. .
13.Transparently proxy all web-surfing through Squid box
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to
14.Transparently redirect web connections from outside to the DMZ web server.
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT –to
15 Howto Activate the forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
16.Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done.
$iptables -A LDROP --proto tcp -j LOG --log-level info \ --log-prefix “TCP Drop”

IPTABLE firewall for a corporate mail server.

This is an IPTABLE firewall for a corporate mail server. This working fine for various live servers. All are running Qmail. You can test it it locally first.
Please do not install it on remote server first. For further queries regarding this script please ask to me on bipinkdas@gmail.com


#THIS IPTABLE RULES ARE FOR A QMAIL SERVER
#Replace ips as needed,if you need further queries do contact webmaster.

#clean up existing rules and delete custom chains
/sbin/iptables -t filter -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X

#set default policy to drop everything
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT DROP

$source=192.168.10.1
$dest=192.168.20.1
$dns=192.168.1.1
$backup=192.168.10.10

#####incoming rules######

#drop all invalid packets
/sbin/iptables -A INPUT -m state --state INVALID -j DROP

#allow all icmp packets from world
/sbin/iptables -A INPUT -s 0/0 -d $dest -p icmp -j ACCEPT

#allow all input from loopback
/sbin/iptables -A INPUT -i lo -j ACCEPT

#allow http from world
/sbin/iptables -A INPUT -s 0/0 -d $dest -p tcp --dport 80 -j ACCEPT

#allow mails from and to world
/sbin/iptables -A INPUT -s 0/0 -d $dest -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -s 0/0 -d $dest -p tcp --dport 110 -j ACCEPT

#allow rsync from backup machine
/sbin/iptables -A INPUT -s $backup -d $dest -p tcp --dport 873 -j ACCEPT

#allow packets from connections we established
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

######forwarding rules######

#no forwarding rule for a mail server.

######outgoing rules######

#drop all outgoing invalid packets
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP

#allow all icmp packets to outside world
/sbin/iptables -A OUTPUT -s $source -d 0/0 -p icmp -j ACCEPT

#allow dns traffic
/sbin/iptables -A OUTPUT -s $source -d $dns -p udp --dport 53 -j ACCEPT

#allow mails to world
/sbin/iptables -A OUTPUT -s $source -d 0/0 -p tcp --dport 25 -j ACCEPT

#allow ftp to backup server
/sbin/iptables -A OUTPUT -s $source -d $backup -p tcp --dport 21 -j ACCEPT

#allow all input to loopback interface
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

#allow packets of established connections
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

######save iptables rules######
service iptables save

Mar 26, 2007

Free software and Me

Linux is the fastest growing operating system in the world. The kernel of the Linux was developed by LINUS BENEDICT TORVALDS a finnish student. He was made it as his academic project. Its as UNIX like operating system also a predominant example of Freesoftware. It is now considered as the most secured and widely used Server Operating System.

I am not an expert in Linux System Administration. I had installed linux in my home PC on 2002. My friend Jayesh (Now working with Accenture Software Services) installed it for me. It was Redhat Linux 7.2. Since that day I have been using it for Browsing.

From 2002 I had interacted with Linux. I was working with Open software solutions ICS ltd as a supporting staff. On the part of my job I had installed more than 200 linux installations and a very little bit knowledge on networking. I had left the company on October 2005.

I had joined Spectrum softtech solutions Ltd, Keralas leading ISP. This company give me opportunity to interact with Linux servers. This company have more than 30 Linux servers. 18 of them are Qmail server for their collocation customers. 5 of them are exclusive Apache web servers. Others multipurpose linux servers including Relay server, trouble ticketing server etc. I am very much thankful to AnuBhaskar (Now working with Accenture Software Services) and LeenoJose (Now working with Ditro advanced Technologies) who taught me the basics of Linux administration. With the help of these masters I had installed my first Mail server and send an email to my friend sabeesh with a subject line of Sub:I did it.from the id bipin@bipin.com. From these masters I am trying to watch this ocean. I had completed 8 months in this company. In this short interval I had installed 5 Qmail servers, 8 Apache web servers, 1 Trouble ticketing system (OTRS).

2 Mail server migration. Etc. Apart from this I had managed the above said 30 servers for the customers. I had resigned from this company on November 2006.

I joined Ditro Advanced Technologies as Linux Administrator for their overseas client Ran Internet SL, a Spanish ISP. In this company I had met a number of challenging events, like a mail server which running on SENDMAIL/CYRUS/LDAP. Interesting thing is all these servers are running on independent machines. The motive is to share the load of each servers.

Mar 22, 2007

MOD_SECURE APACHE 1.9.4 – HOWTO

MOD_SECURE APACHE 1.9.4 – HOWTO

ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. This is also known as rule based Intrusion Detection System.

It is also an open source project that aims to make the web application firewall technology available to everyone.

(I had tested this on a debian sarge with Apache 1.3)

Create a directory for storing the source file.

$mkdir –p /opt/src

$cd /opt/src

Download the latest stable release from the mirror

modsecurity-apache_1.9.4.tar.gz

Untar the pack

$tar –zxvf modsecurity-apache_1.9.4.tar.gz

$cd mod_security-1.9.4/apache1/

$apxs -cia mod_security.c
 
Restart your Webserver.

/etc/init.d/httpd restart
 
If there was no error reporte,your installation successful.
  
FOLLOWING IS THE CONFIGURATION FILE 
(Add to /etc/httpd/httpd.conf)
 
 
    # Turn the filtering engine On or Off
    SecFilterEngine On
 
    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
 
    # Only allow bytes from this range
    SecFilterForceByteRange 32 126
 
    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine RelevantOnly
 
    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log
 
    SecFilterDebugLog /var/log/httpd/modsec_debug_log
    SecFilterDebugLevel 0
 
    # Should mod_security inspect POST payloads
    #SecFilterScanPOST On
 
    # Action to take by default
    SecFilterDefaultAction "deny,log,status:406"
 
    # Redirect user on filter match
    #SecFilter xxx redirect:http://www.webkreator.com
 
    # Execute the external script on filter match
    #SecFilter yyy log,exec:/home/ivanr/apache/bin/report-attack.pl
 
    # Simple filter
    #SecFilter 111
    
    # Only check the QUERY_STRING variable
    #SecFilterSelective QUERY_STRING 222
 
    # Only check the body of the POST request
    #SecFilterSelective POST_PAYLOAD 333
 
    # Only check arguments (will work for GET and POST)
    #SecFilterSelective ARGS 444
 
    # Test filter
    #SecFilter "/cgi-bin/keyword"
 
    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    #SecFilter 999 "deny,nolog,status:404"
 
    # Prevent OS specific keywords
    #SecFilter /etc/password
 
    # Prevent path traversal (..) attacks
    SecFilter "\.\./"
 
    # Weaker XSS protection but allows common HTML tags
    SecFilter "<( |\n)*script"
 
    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|\n)+>"
 
    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"
 
    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
 
    # Forbid file upload
    #SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
 
    # Only watch argument p1
    #SecFilterSelective "ARG_p1" 555
 
    # Watch all arguments except p1
    #SecFilterSelective "ARGS|!ARG_p2" 666
 
    # Only allow our own test utility to send requests (or Mozilla)
    #SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
 
    # Do not allow variables with this name
    #SecFilterSelective ARGS_NAMES 777
 
    # Do now allow this variable value (names are ok)
    #SecFilterSelective ARGS_VALUES 888
 
    # Stop spamming through FormMail
    # note the exclamation mark at the beginning
    # of the filter - only requests that match this regex will
    # be allowed
    #
        #SecFilterSelective "ARG_recipient" "!@webkreator.com$"
    #
 
    # when allowing upload, only allow images
    # note that this is not foolproof, a determined attacker
    # could get around this 
    #
        #SecFilterInheritance Off
        #SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
    #
 

Restart the Your Web server again

/etc/init.d/httpd restart.