We all know how to get the cpu and memory details from our Linux servers. However, I recently found myself looking for the actual model as well as serial number of one of our remote Linux servers. Not wanting to travel to data center, I started looking for commands that would give me the type of info I was looking for (i.e HP DL360).
So I came across the command dmidecode. Simply type the following as root to get your system’s model type:
# dmidecode -t system
SMBIOS 2.3 present.
Handle 0x0100, DMI type 1, 25 bytes.
System Information
Manufacturer: HP
Product Name: ProLiant DL380 G4
Version: Not Specified
Serial Number: XXXXXXXXXXX
UUID: XXXXXXX-XXXXX-XXXXXXX-XXXXXXXX-XXXXXXXX
Wake-up Type: Power Switch
Handle 0x2000, DMI type 32, 11 bytes.
System Boot Information
Status: No errors detected
As you can see above, I’ve X’d out the Serial # and UUID to protect the identify of the server. The rest simply states what you’re looking for…HP DL380 G4.
The following is what you can use with exchange for ’system’ with a -t argument:
bios
system
baseboard
chassis
processor
memory
cache
connector
slot
So to find out, the memory allocation per slot just type dmidecode -t memory.
According to the chattr man page…chattr changes file attributes on a Linux second extended file system. So in addition to the usual chown/chmod etc. commands, the permissions you apply to a file or directory using chattr is not visible unless lsattr is command is used.
Applying chattr against certain files on the system can be very helpful such as locking down the /etc/shadow file or other configuration files.
To make file httpd.conf write protected so no one can modify it, type the command:
chattr +i /etc/httpd/conf/httpd.conf
The above command will not allow anyone including root to write to it, modify it and even delete it from the system. In order for root to write to it, it would have to use chattr again to remove the read-only flag.
To remove the read only and allow writes, type:
chattr -i /etc/httpd/conf/httpd.conf
Peace.
You’ll crap bricks when you hear about this tool. If you’re background is on Mac, this tool is similar to pbcopy, pbpaste. Until recent, I was not aware that Linux had a very similar tool available that can be used to do the same awesome things you can do with the above two.
The Linux version is called xclip.
xclip is a command line interface to the X11 clipboard. It can also be used for copying files, as an alternative to sftp/scp, thus avoiding password prompts when X11 forwarding has already been setup.
Tools like this can improve your productivity by avoiding many unnecessary and tedious things.
I’ve always had a tough time figuring how to console in using a Linux box to other servers such as another Linux box, Sun server or a Cisco device. Having a background of Sun, the command tip -9600 /dev/cua/b or tip hardwire is embedded in my brain. But whenever I want to quickly console in from a Linux box, I start scratching my head a bit.
Well here it is…in this article I’ve listed several methods to use a serial console on Linux.
By the far the easiest way is to simply type the following:
screen /dev/ttyS0
If the above fails for some reason, add the following line to your /etc/inittab file:
S0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt102
Then, once again type:
screen /dev/ttyS0 115200
You can also use minicom if the above fails. If you don’t have it, install it via yum install minicom or apt-get install minicom depending on what Linux platform you’re on. Once you have it installed, type minicom. Then select the port, speed and /dev/ttyS0 as COM1. Save the configuration file and you’re set.
We all know the infamous /etc/motd which displays the message of the day on a unix system after the user has logged in. However, not too many know that there is a way to display a banner with some message before a user logs in via SSH to the system.
To display some sort of banner to the users before they login to your server via SSH, make the following changes:
# echo "This is system xyz.com, all activity is monitored!" >> /etc/ssh-banner
Open the sshd config file located at /etc/ssh/sshd_config and add or edit the line that starts with “Banner”:
Banner /etc/ssh-banner
Simply restart sshd service and that should do it!
Secure Shell (SSH) is an awesome protocol that has been around for years now and has replaced all the insecure ways of communication between different network devices. It uses a secure, encrypted channel between the devices it communicates with thus making network sniffers useless to grab account credentials or other sensitive content.
Many of us don’t realize that SSH is beyond just connecting between two devices. For example, it can be setup as a proxy server, use various services in an encrypted tunnel, reverse proxy, secure backup/restore and so much more. In this article, I’ve listed over 50 different tools that either manages or makes use of SSH to extend it’s usability beyond it’s original purpose.
- Sshguard - Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
- PAC - PAC provides a GUI to configure SSH and Telnet connections, including usernames, passwords, EXPECT regular expressions, and macros. It is similar in function to SecureCRT or Putty. It is intended for people who connect to many servers through SSH. It can automate logins and command executions.
- csshX - csshX is a tool to allow simultaneous control of multiple SSH sessions. csshX will attempt to create an SSH session to each remote host in separate Terminal.app windows. A master window will also be created. All keyboard input in the master will be sent to all the slave windows.
- tlssh - tlssh is like SSH, but based on TLS. With tlssh, users log in using client certificates, never usernames or passwords.
- libssh - libssh is a C library to access SSH services from a program. It can remotely execute programs, transfer files, and serve as a secure and transparent tunnel for remote programs. Its Secure FTP implementation can play with remote files easily, without third-party programs other than libcrypto (from OpenSSL) or libgcrypt.
- Digmia Enterprise SSH - DSSH was written as a direct replacement for the OpenSSH client. It adds SSH over SSH tunneling capabilities (for example, to log in to a network hidden by a firewall), scripting support (using BeanShell), an advanced agent (which allows storing of passwords) and “su -” interactive logging for machines that have disabled direct root login. All of this was done to enable automated scripting and logging to many machines based on a few simple rules.
- SSH Keys exchange - SshKeysExchange is a Korn shell script to create, exchange, and remove ssh keys between hosts within seconds rather than minutes. This tool is also included in DynDNSToolKit and oraToolKit project.
- CocTunnel - CocTunnel is a simple SSH manager.
- Config::Model::OpenSsh - Config::Model::OpenSsh is a graphical configuration editor for OpenSSH configuration files (e.g. /etc/ssh/sshd_config, /etc/ssh/ssh_config, or ~/.ssh/config). Other user interfaces (curses and terminal) are also available. Programmers can choose to use the Perl API to modify or validate OpenSSH configuration. This program is based on Config::Model.
- MindTerm - MindTerm is a complete ssh-client in pure Java. It can be used either as a standalone Java application or as a Java applet.
- bcvi - Bcvi is a tool that works with SSH to provide a secure “back channel” for sending commands back from the server to your workstation. For example, using bcvi and a shell alias, you can log into a server and type “vi filename”. Instead of running vi in the terminal window, on the remote server, bcvi will send a message back to your workstation, where a listener process will invoke gvim (a GUI version of vim) and pass it an scp://… URL for the remote file. Bcvi has a plugin architicture that allows you to add support for any process you want to launch on your workstation by running a command on the server.
- sshdfilter - sshdfilter automatically blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures.
- keychain - keychain helps you to manage ssh keys in a convenient and secure manner. It acts as a frontend to ssh-agent and gpg-agent, but allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.
- Meerkat - Meerkat is an easy to use SSH tunnel manager built specifically for the Mac. It includes features such as application triggers, automatic reconnection on system sleep and network change, Growl integration, Bonjour support, command line and AppleScript integration, and much more.
- OmniSSH - OmniSSH is a program that is used to execute a command or upload files on many servers in a cluster in a parallel, reliable, and well-documented fashion.
- lshell – lshell lets you restrict a user’s shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user’s commands, implement timing restrictions, and more.
- Orion SSH2 – Orion SSH2 is a library that implements the SSH-2 protocol in pure Java. It allows one to connect to SSH servers from within Java programs, for remote shell and command execution, local and remote port forwarding, local stream forwarding, X11 forwarding, and file transfer using SCP and SFTP.
- chain-ssh – This package provides a tool for ‘chained’ SSH access to remote hosts via a number of proxy hosts. It can be used for ssh, scp, and as a transport for rsync.
- secpanel – secpanel provides a GUI for managing SSH connection profiles. It supports handling of ssh-agents and the generation and distribution of public keys. It integrates SFTP using different file browsers and can use different X terminals.
- ccgfs – ccgfs is a transport-agnostic network filesystem using FUSE. Transport is arranged by helper programs, such as SSH. The PUSH transport mode acts like a “reverse” NFS and makes it possible to export a filesystem from a firewalled host without defeating the security model.
- Ganymed SSH-2 for Java – Ganymed SSH-2 for Java is a library that implements the SSH-2 protocol in pure Java (tested on J2SE 1.4.2, 5, and 6). It allows one to connect to SSH servers from within Java programs.
- pssh – pssh provides parallel versions of the OpenSSH tools that are useful for controlling large numbers of machines simultaneously. It includes parallel versions of ssh, scp, and rsync, as well as a parallel kill command.
- remote-ssh-access – remote-ssh-access is an application for creating handy SSH client shortcuts. It allows varying remote SSH keys, SSH protocol versions, remote target hosts, and remote commands for automated processes.
- Kippo – Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
- sslh – sslh lets one accept both HTTPS and SSH connections on the same port. It makes it possible to connect to an SSH server on port 443 (e.g. from inside a corporate firewall) while still serving HTTPS on that port.
- ssh-multiadd – ssh-multiadd adds multiple ssh keys to the ssh authentication agent. These may use the same passphrase. When run without arguments, it adds $HOME/.ssh/identity and $HOME/.ssh/id_dsa.
- SSHatter – SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.
- classh – classh is yet another wrapper around ssh for running commands on a number of hosts concurrently.
- sshutout – sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon.
- Tunnel Manager – Tunnel Manager is a program that manages regularly used SSH tunnels. It supports both SSHv1 and SSHv2 tunnels and can be configured to manage the keys in your ssh-agent.
- sshdo – sshdo issues remote commands or puts or gets files to multiple hosts sequentially. Hosts are read from stdin (one per line). sshdo will use SSH key agent, if available, to avoid repetitive password entry.
- Cluster SSH - Cluster SSH opens terminal windows with connections to specified hosts and an administration console. Any text typed into the administration console is replicated to all other connected and active windows. This tool is intended for, but not limited to, cluster administration where the same configuration or commands must be run on each node within the cluster. Performing these commands all at once via this tool ensures all nodes are kept in sync.
- FastSSHer – Provides fast connections to Linux/Unix hosts over the SSH protocol. You don’t need to remember the IP address, hostname, login, or password. Just select a server from the list and press “Connect”.
- Dropbear SSH – Dropbear is an SSH 2 server and client that is designed to be small enough to be used in low-memory embedded environments, while still being functional and secure for general use.
- SSHMenu – SSHMenu is a GNOME panel applet that makes starting up a new terminal window with an SSH connection to a remote host just a click away.
- spread – spread provides SSH based Unix mass administration. It distributes commands or files from one central administration server onto classes of hosts.
- mpssh – mpssh is a program that can execute commands on many machines via SSH and get nicely formatted output.
- yessh – Yessh is a bash program that uses the SSH client. It provides fast connections to Linux/Unix hosts. Just type the name you have chosen for a host, and yessh will connect you via SSH.
- ssh-curse – intended to be a simple but enhancing GUI for using SSH on the terminal.
- SSH Askpass Keyring – SSH Askpass Keyring is an alternative ssh-askpass utility with support for the gnome-keyring.
- shmux – shmux is a program for executing the same command on many hosts in parallel.
- yaSSH – The yaSSH software package is a fast, dual-licensed implementation of SSH. It will include an SSH client, a client library, a server, and a server library. It is focused on speed, limited memory requirements, a simple API, portability, and use in an embedded setting.
- SSH Filesystem – SSH Filesystem uses the SSH File Transfer Protocol (SFTP), which is supported by most SSH servers. It is based on Filesystem in Userspace (FUSE), and hence root privilege is not required for mounting a remote filesystem. No setup is necessary and it is very easy to use.
- sshpass – Sshpass is a tool for non-interactivly performing password authentication with SSH’s so called “interactive keyboard password authentication”. Most users should use SSH’s more secure public key authentication instead.
- Autossh – Autossh is a program to monitor and automatically reestablish SSH connections.
- Proxytunnel – Proxytunnel is a program that connects stdin and stdout to a server somewhere in the Internet through an industry standard HTTPS proxy. It’s mostly used as a backend for OpenSSH’s ProxyCommand, and as a proxy backend for Putty. It can also be used for other proxy-traversing purposes.
- SSH Factory - SSH Factory is a set of Java based client components for communicating with SSH and telnet servers.
- sshfp – sshfp generates DNS SSHFP records from SSH public keys. sshfp can take public keys from a knownhosts file or from scanning the host’s sshd daemon.
- SSH Enchanter – Enchanter is a small library that helps you script SSH sessions in a manner similar to Expect.
- MySecureShell – MySecureShell is a secure FTP server that uses SSH. It is easy to install and manage.
Everyone knows this but I need to get reminded how to get this done without any gui interface. Basically if you have a usb flash device and you want to mount it on your Linux box, run the following commands as root:
# mkdir /tmp/flash
# mount /dev/sda1 /tmp/flash
Before you disconnect it, unmount first:
# umount /dev/sda1 /tmp/flash
All set.
Every once in awhile I find myself looking around for an rpm command to provide info on a specific thing such as displaying installed location of all files of a package that’s already been installed. Sure there is the man page but finding something from a man page is like finding a hard booger stuck way up in your nose….as you reach for it, you scratch other areas way too much and by the time you get that damn booger, you’re already bleeding from your nose!
Anyhow, didn’t mean to get so graphic talking about RPM (Redhat Package Manager). Here is a quick reference to go by when you’re dealing with RPM.
| rpm -ivh apache2.i386.rpm |
Install package apache2 already download on the system. |
| rpm -i ftp://ftp.mynitor.com/apache-3.i386.rpm |
You can do it with http:// as well. Simple of installing RPM from remote server. |
| rpm -ev apache2 |
Uninstall apache2 package.. |
| rpm -Uvh apache2-1.i386.rpm |
Upgrade an existing package. You can also do rpm -Uvh ftp/http to fetch pkg. |
| rpm –verify apache2 |
List files that did not pass the verify tests. |
| rpm -qpl apache2.i386.rpm |
List location where RPM would be installed. |
| rpm -ql apache2 |
List location of files on the system where the RPM has already been installed. |
| rpm -qi apache2 |
This one is my favorite. It displays pkg information such as version, release, installed date and much more. |
rpm -qf /etc/apache2/conf/httpd.conf
|
This will tell you which package the file httpd.conf belongs to. |
rpm -qa
|
List all installed RPM packages on the system. |
| rpm -qa –last |
List all the recently installed RPM packages. |
| rpm -qR apache2.i386.rpm |
Outputs dependencies for the RPM. |
| rpm -ivh apache2.i386.rpm |
Install package apache2 already download on the system. |
| rpm -i ftp://ftp.mynitor.com/apache-3.i386.rpm |
You can do it with http:// as well. Simple of installing RPM from remote server. |
| rpm -ev apache2 |
Uninstall apache2 package.. |
| rpm -Uvh apache2-1.i386.rpm |
Upgrade an existing package. You can also do rpm -Uvh ftp/http to fetch pkg. |
| rpm –verify apache2 |
List files that did not pass the verify tests. |
| rpm -qpl apache2.i386.rpm |
List location where RPM would be installed. |
| rpm -ql apache2 |
List location of files on the system where the RPM has already been installed. |
| rpm -qi apache2 |
This one is my favorite. It displays pkg information such as version, release, installed date and much more. |
|
rpm -qf /etc/apache2/conf/httpd.conf
|
This will tell you which package the file httpd.conf belongs to. |
|
rpm -qa
|
List all installed RPM packages on the system. |
| rpm -qa –last |
List all the recently installed RPM packages. |
| rpm -qR apache2.i386.rpm |
Outputs dependencies for the RPM. |
Chances are you’ve came across this error “Too many open files” on a Linux system. I’ve been getting this for as long as I can remember and now most recently on RHEL 5. This error occurs when a user on a system is unable to open more than a certain number of files at a given time. This means If you’re application is working on 50,000 files simultaneously, you’ll get this error.
To check what your system’s default value is:
$ ulimit -n
1024
To set it to a higher value and make it stick, say 51,200, edit /etc/security/limits.conf and add the following values at the bottom:
user soft nofile 51,200
user hard nofile 51,200
The first field on left hand side is the user that need to open as many as 51,200 files. That’s it.
Command line is where I live in the *NIX world. At Mynitor.com, we’ll be posting a few quickies on how to do various things via command line. In this post, we’ll show you how to mount an ISO image under Ubuntu Linux. It’s pretty much similar on other Linux flavors as well.
First make sure you su to root or use sudo. I generally like to become root user when I want to roam around my system and I very rarely use sudo because I don’t feel
# mkdir /tmp/iso
# modprobe loop
# mount filename.iso /tmp/iso -t iso9660 -o loop
Simply browse into /tmp/iso to see list of assets in the ISO.
Enjoy!!
