Apache Real Time monitoring APACHETOP

Apache top is another tool for apache real time monitoring. This is just like the TOP command in *nix based systems. Here this can show a lot of informations from the Apache Web Server.

[root@apache.org]mkdir -p /opt/src

[root@apache.org]cd /opt/src

[root@apache.org]wget http://www.webta.org/apachetop/apachetop-0.12.6.tar.gz

[root@apache.org]tar -zxf apachetop-0.12.6.tar.gz

[root@apache.org]cd apachetop-0.12.6

[root@apache.org]./configure --with-logfile=/var/log/httpd/access_log

[root@apache.org]make

[root@apache.org]make install

OK,Lets trigger it....

[root@apache.org] apachetop

Following Screenshot says it all. This was taken from my local test machine.



Try apachetop --help for more available switches

Apache RealTime Monitoring MOD_STATUS

There is number of tools available to monitor apache in realtime. Like Nagios,Cacti etc. But those tools are little difficult to configure for the first time (Experts Please excuse :-) ). Here I would like to introduce couple of simple tools which help the Webserver admin to monitor his Apache webserver in real time through Web and Console.

Mod_Status

Status Module is a builtin module for apache for a default installation. First checkout whether this module is compiled with your Apache.

[root@apache.org] cat /etc/httpd/conf/httpd.conf | grep status_module

LoadModule status_module modules/mod_status.so

Make sure this line was not comment out. OK,Lets take the backup of your current configuration file

[root@apache.org]cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_backup

[root@apache.org]vim /etc/httpd/conf/httpd.conf

Goto Last Line and Paste the following


SetHandler server-status
Order Deny,Allow
Allow from all
<\Location >


Search for the Line "ExtendedStatus". Normally this line is commented out. Uncomment it.

Save and Exit

Take your browser. http://your.domain.com/server-status

Take a look at the values,Its Realtime values from the Apache. To view this page continuously,I mean refreshing automatically

http://your.domain.com/server-status?refresh=N
(This N is any number).

Update notification through email RHEL / Centos

As everybody know,the system should be update. So an administrator should be vigilant on the new updates and patches from the vendor. But how do we know there is a patch available in the remote server. Here a way to get notified when an update is available.

#vim /etc/yum/yum-updatesd.conf




[main]
# how often to check for new updates (in seconds)
run_interval = 3600
# how often to allow checking on request (in seconds)
updaterefresh = 600

# how to send notifications (valid: dbus, email, syslog)
emit_via = email
# who to send the email
email_to = admin@adminguru.co.nr

# who send the notifications
email_from = updates@backup.server.com
#
# should we listen via dbus to give out update information/check for
# new updates
dbus_listener = yes

# automatically install updates
do_update = no
# automatically download updates
do_download = no
# automatically download deps of updates
do_download_deps = no

Save and Exit

Restart the Yum updater

#/etc/init.d/yum-updatesd restart

You will be notified when an update is available. Sample Email is as follows.

Hi,
This is the automatic update system on server.backup.com.

There are 2 package updates available. Please run the system updater.

Packages available for update:

    kernel-2.6.18-92.el5
    kopete                       

Thank You,
Your Computer






Block Coutry wise traffic using Iptables.

Some countries are blacklisted in ecommerce area due to spam flooding and DoS attacks. Its not difficult to find the root of an IP address. So the following script will block country based traffic in to your web server. The data will be updated in every day through a cronjob.
You need to visit this SITE to download the zone file for which country you need to block.

#mkdir -p /opt/scripts

#vim /opt/scripts/ip_country_deny.sh

Copy Paste the following

#!/bin/bash
### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ###
ISO="af cn"

### Set PATH ###
IPT=/sbin/iptables
WGET=/usr/bin/wget
EGREP=/bin/egrep

### No editing below ###
SPAMLIST="countrydrop"
ZONEROOT="/root/iptables"
DLROOT="http://www.ipdeny.com/ipblocks/data/countries"

cleanOldRules(){
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
}

# create a dir
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT

# clean old rules
cleanOldRules

# create a new iptables list
$IPT -N $SPAMLIST

for c  in $ISO
do
# local zone file
tDB=$ZONEROOT/$c.zone

# get fresh zone file
$WGET -O $tDB $DLROOT/$c.zone

# country specific log message
SPAMDROPMSG="$c Country Drop"

# get
BADIPS=$(egrep -v "^#|^$" $tDB)
for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done
done

# Drop everything
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST

# call your other iptable script
# /path/to/other/iptables.sh

exit 0
#Script Ends Here....

Save and Exit

Setup a crontab for working in every day

#vim /etc/crontab

Add the following at the end of the file

03 03 * * * root /opt/scripts/ip_country_deny.sh

To start the script immediately

#/opt/scripts/ip_country_deny.sh

#iptable -L -n -v

Check out the wonderful output....

Disable USB in Grub

Now a days USB storage devices are common in the industry. This is very halmful in any unsecured network. Because this devices are considered to be the virus spreading agents. In corporates USB media is prevented because of above said reasons. So here a small tip to prevent USB storage in Linux machines through GRUB.

Scenario
OS : Debian / Ubuntu

Open the Grub configuration file

#vi /boot/grub/menu.lst

Add "nousb" at the end of the Kernel Line. Like the following

kernel /vmlinuz-2.6.18-128.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 nousb

Secure GRUB with a strong Password !!!

#/sbin/shutdown -r now

So nobody can use USB storage unless you allowed to do so.

Adding a VLAN in CISCO 2900

Creating a Virtual Lan is an advanced job in the case of networking. This needs experience in networking,Switching etc. But here i am stating how to add a new VLAN in the CISCO 2900 XL.

Assumptions
1.You have a basic knowledge in networking
2.You have the administrator access to switch
3.You should be aware on what you are doing !!!

CISCO2900>switchport mod access

CISCO2900>switchport mod access vlan5

CISCO2900>conf t

CISCO2900>int Fast 0/31

CISCO2900>description To Marketing LAN

CISCO2900>write

DONE.

Qmail Tips & Tricks.

qmail is a mail transfer agent that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program. qmail's source code is released to the public domain, making qmail free software. Most Popular email services like Yahoo,Gmail are using qmail for their mail traffic. Here I am pasting some qmail tips,which helped me to override when I was blackout with my Qmail Box.

qmailctl - This command will show you a lot of information about your qmail server.

[root@mail.admin.org] qmailctl stat
/service/qmail-send: up (pid 3030) 30 seconds
/service/qmail-send/log: up (pid 3025) 30 seconds
/service/qmail-smtpd: up (pid 3028) 30 seconds
/service/qmail-smtpd/log: up (pid 3029) 30 seconds
/service/qmail-pop3d: up (pid 3026) 30 seconds
/service/qmail-pop3d/log: up (pid 3027) 30 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

The above output means your Qmail server is Ready to deliver / receive messages. The seconds figure should be same,for a clean server.

[root@mail.admin.org]qmailctl queue
messages in queue: 0
messages in queue but not yet preprocessed: 0

This will shows the list of mails which were not delivered in the server.

[root@mail.admin.org]qmailctl queue | wc -l
Which will give the number of mails in the queue.

[root@mail.admin.org]qmailctl start
Starts mail service (smtp connection accepted, mail can go out)

[root@mail.admin.org]qmailctl stop
Stops mail service (smtp connections refused, nothing goes out).

[root@mail.admin.org]qmailctl pause
Temporarily stops mail service (connections accepted, nothing leaves).

To block a sender or entire domain to your Qmail Box. Because some times you need to block a user or entire domain from outside world to reach to your qmail

[root@mail.admin.org] vi /var/qmail/control/badmailfrom

Inside the " badmailfrom " file, the syntax might look something like this:

spam@spammerhell.org
@spammerhell.org

What do the above lines do?

The entry for "spam@spammerhell.org" would block all mail coming from "spam@spammerhell.org".

The entry for "@spammerhell.org" would block any and all mail coming from the domain "@spammerhell.org".

To be Continued....
Because Qmail Administration is an Ocean,I am just seeing it from the Shore. ..

Beautifying Nagios

Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better. Nagios, originally created under the name NetSaint, was written and is currently maintained by Ethan Galstad, along with a group of developers actively maintaining both official and unofficial plugins. Nagios was originally designed to run under Linux, but also runs well on other Unix variants. There is lot of plugins available in nagios for various purposes. But so far nothing found to beautify nagios from traditional look. Now there is a beautiful theme available

to beautify the nagios. This will give you a new look for your monitoring master.

Assumptions.
You have installed and setup Nagios for your network.
You are the Nagios Administrator.

[nagios@server]# wget http://tomas.cat/blog/sites/default/files/nagios-nuvola-1.0.3.tar_.gz

[nagios@server]# tar zxvf nagios-nuvola-1.0.3.tar_.gz

[nagios@server]# cp -a nuvola/html/* /usr/share/nagios3/htdocs/

[nagios@server]# cp -a nuvola/html/stylesheets/* /etc/nagios3/stylesheets/.

Reload Nagios

[nagios@server]#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
[nagios@server]# /etc/init.d/nagios reload

Check out......How beautiful ........

ScreenShots of my Nagios server after Makeup