Monday, October 8, 2012

How to Use & Configure Google Public DNS on Linux System


When you use Google Public DNS, you are changing your DNS operator from your ISP to Google Public DNS.

In most cases, the IP addresses used by your ISP's domain name servers are automatically set by your ISP via the Dynamic Host Configuration Protocol (DHCP). To use Google Public DNS, you need to explicitly change the DNS settings in your operating system or device to use the Google Public DNS IP addresses. The procedure for changing your DNS settings varies according to operating system and version (Windows, Mac or Linux) or the device (computer, phone, or router).

Benefits and enhancements:
Performance: Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. In addition to load-balancing user traffic to ensure shared caching, Google Public DNS implements "smart" caching to increase the speed of responses. Google Public DNS independently resolves domain names and keeps the resolutions in the cache until their time-to-live (TTL) expires, at which point they are automatically refreshed. The cycle of caching and refreshing is performed offline, asynchronously with user requests, so that responses are almost always available directly from cache. 

Security: DNS is vulnerable to various kinds of spoofing attacks that can "poison" a nameserver's cache and route its users to malicious sites. The prevalence of DNS exploits means that providers have to frequently apply server updates and patches. In addition, open DNS resolvers are vulnerable to being used to launch denial-of-service (DoS) attacks on other systems. To defend against such attacks, Google has implemented several recommended solutions to help guarantee the authenticity of the responses it receives from other nameservers, and to ensure Google servers are not used for launching DoS attacks. These include adding entropy to requests, rate-limiting client traffic, and more. 

Correct results: Google Public DNS does its best to return the right answer to every query every time, in accordance with the DNS standards. Sometimes, in the case of a query for a mistyped or non-existent domain name, the right answer means no answer, or an error message stating the domain name could not be resolved. Google Public DNS never blocks, filters, or redirects users, unlike some open resolvers and ISPs.

Configuration:
Note: Before you change your DNS settings to use Google Public DNS, be sure to write down the current server addresses or settings on a piece of paper. It is very important that you keep these numbers for backup purposes, in case you need to revert to them at any time

The Google Public DNS IP addresses are as follows:
    8.8.8.8
    8.8.4.4
You can use either number as your primary or secondary DNS server. You can specify both numbers, but do not specify one number as both primary and secondary.

1) Edit /etc/resolv.conf:
sudo vi /etc/resolv.conf
2) Replace the nameserver lines with, or add, the following lines:
nameserver 8.8.8.8
nameserver 8.8.4.4
3) Save and exit.
4) Restart any Internet clients you are using.

Configuring DHCP client for dynamic ip address:
1) Edit /etc/dhclient.conf:
sudo vi /etc/dhclient.conf
2) If there is a line containing domain-name-servers, write down the IP addresses for future reference. Replace that line with, or add, the following line:
prepend domain-name-servers 8.8.8.8, 8.8.4.4;
2) Save and exit.
4) Restart your system.


Read more: http://linuxpoison.blogspot.com/2009/12/how-to-use-configure-google-public-dns.html#ixzz28hPhVv75

Friday, September 21, 2012

Pound Web server Load balancer



Install Pound to make the server load balancer.
This example shows to configure on the environment like follows
(1) www.server.world       [10.0.0.50]   Pound Server
(2) www01.server.world   [10.0.0.51]   Web Server#1 ( receive requests to www.server.world )
(3) www02.server.world   [10.0.0.52]   Web Server#2 ( receive requests to www.server.world )
(4) www03.server.world   [10.0.0.53]   Web Server#3 ( receive requests to www.virtual.host )
(5) www04.server.world   [10.0.0.54]   Web Server#4 ( receive requests to anything except them above )
[1] Install and Configure Pound

[root@www ~]# 
yum --enablerepo=epel -y install Pound 
  
# install from EPEL
[root@www ~]# 
vi /etc/pound.cfg
# line 13: add ( log level - max=5 )

LogLevel 3
# line 14: add ( Interval of heartbeat - seconds )

Alive 30
# line 21-25: make it comments

#
ListenHTTPS
#
   Address 0.0.0.0
#
   Port 443
#
   Cert "/etc/pki/tls/certs/pound.pem"
#
End
Service
# for the requests to www.server.world

HeadRequire "Host: .*www.server.world"

BackEnd

# backend server's IP address

Address 
10.0.0.51

# backend server's port

Port 
80

End
BackEnd

# backend server's IP address

Address 
10.0.0.52

# backend server's port

Port 
80

End

End
Service
# for the requests to www.virtual.host

HeadRequire "Host: .*www.virtual.host"

BackEnd

# backend server's IP address

Address 10.0.0.53

# backend server's port

Port 80

End

End
Service
# for the requests to anything except them avobe

HeadRequire "Host: .*"

BackEnd

# backend server's IP address

Address 10.0.0.54

# backend server's port

Port 80

End

End
[root@www ~]# 
/etc/rc.d/init.d/pound start 

Starting Pound: starting...
[ OK ]
[root@www ~]# 
chkconfig pound on
[2]Access to the Pound Server ( www.server.world ) with Web browser and make sure www01.server.world answers like follows.
[3]Shutdown www01.server.world by manually, then www02.server.world answers like follows.
[4]Access to the URI www.virtual.host, then www03.server.world answers like follows.
[5]Access to the IP address directly, then www04.server.world answered.

Web server Load Balance Pen



Install Pen to configure Load Balance server. Pen is a light weight simple load balancer. This example shows to configure on the environment like follows.
        (1)  gw.horoppa.net         [10.0.0.50]  -  Pen Server
        (2)  www01.horoppa.net   [10.0.0.51]  -  Web Server#1
        (3)  www02.horoppa.net   [10.0.0.52]  -  Web Server#2
[1] Install and Configure Pen
[root@gw ~]# 
yum --enablerepo=epel -y install pen 
  
# install from EPEL
[root@gw ~]# 
vi /etc/pen.conf
# create new

# log file

LOGFILE=/var/log/pen.log
# output file of status

WEBFILE=/var/www/pen/webstats.html
# control port

CONTROL=127.0.0.1:10080
# max connections

MAX_CONNECTIONS=500
# listen port

PORT=80
# number of backend servers

BACKEND=2
# IP address of a backend

SERVER1=10.0.0.51:80
# IP address of a backend

SERVER2=10.0.0.52:80
[root@gw ~]# 
vi /etc/rc.d/init.d/pend
# create init script

# this is an example

#!/bin/bash

# pend: Start/Stop Pend
# chkconfig: - 90 10
# description: Pen is a light weight simple load balancer.
# pidfile: /var/run/pen.pid

. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
. /etc/pen.conf

LOCKFILE="/var/lock/subsys/pen"
PID=/var/run/pen.pid
PROG=/usr/bin/pen

RETVAL=0
start() {
echo -n $"Starting Pend: "
SERVER=`grep "^SERVER" /etc/pen.conf | cut -d= -f2`
daemon $PROG -w $WEBFILE -x $MAX_CONNECTIONS -p $PID -l $LOGFILE -C $CONTROL -S $BACKEND -r $PORT $SERVER
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}
stop() {
echo -n $"Stopping Pend: "
killproc $PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $PID $LOCKFILE
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status pend
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
esac
exit $?

[root@gw ~]# 
vi /etc/logrotate.d/pen
# this is an example

/var/log/pen.log {
daily
copytruncate
compress
notifempty
missingok
postrotate
/etc/rc.d/init.d/pend restart 2>&1 > /dev/null || true
endscript
}

[root@gw ~]# 
chmod 755 /etc/rc.d/init.d/pend 

[root@gw ~]# 
/etc/rc.d/init.d/pend start 

Starting Pend: [ OK ]
[root@gw ~]# 
chkconfig --add pend 

[root@gw ~]# 
chkconfig pend on 
[2]Access to the URL you set and make sure backend server answers normally like follows.
[3]Shutdown other httpd manually and make sure another httpd answers normally like follows.
[4]Configure the tool that it's possible to watch Pen's status.
[root@gw ~]# 
cp /usr/share/doc/pen-*/penstats /var/www/pen 

[root@gw ~]# 
vi /var/www/pen/penstats
# line 4: change

PIDFILE=
/var/run/pen.pid
# line 5: change

WEBFILE=
/var/www/pen/webstats.html
[root@gw ~]# 
vi /etc/httpd/conf.d/pen.conf
# change

Alias
 /pen/ /var/www/pen/
<Directory /var/www/pen/>
   DirectoryIndex penctl.cgi
   Options ExecCGI
   order deny,allow
   deny from all
   allow from 127.0.0.1 
10.0.0.0/24
   
# IP address you permit

</Directory>
[root@gw ~]# 
/etc/rc.d/init.d/httpd restart 

Stopping httpd: 
[ OK ]

Starting httpd: 
[ OK ]

[root@gw ~]# 
chmod 755 /var/www/pen/penstats 

[root@gw ~]# 
/var/www/pen/penstats > /dev/null 
  
# run

[root@gw ~]# 
# update by 5 minutes

*/5 * * * * /var/www/pen/penstats > /dev/null
[5]Access to "http://(pen's hostname or IP address):(httpd listen port)/pen/webstats.html" and make sure following site is shown normally.

Subversion - Version Control

[1]Install and Configure Subversion.
[root@www ~]# 
yum -y install subversion mod_dav_svn
[root@www ~]# 
vi /etc/httpd/conf.d/subversion.conf
# line 26-40: uncomment and change like follows

<Location /repos>
   DAV svn
   SVNParentPath /var/www/svn
# # Limit write permission to list of valid users.
   <LimitExcept GET PROPFIND OPTIONS REPORT>
      # Require SSL connection for password protection.
      SSLRequireSSL
      AuthType Basic
      AuthName "Authorization Realm"
      AuthUserFile 
/etc/httpd/conf/.htpasswd

      
# specify access control file

      
AuthzSVNAccessFile /etc/svnusers

      Require valid-user
   </LimitExcept>
</Location>
[root@www ~]# 
vi /etc/svnusers
# set access right like an example below

[site:/]
# all users are writable

* = rw
# cent is writable

[site:/directory]
cent = rw
# userB is readable

userB = r
# userC is not permitted

userC =
[root@www ~]# 
mkdir -p /var/www/svn/site 

[root@www ~]# 
svnadmin create /var/www/svn/site 
  
# create a repository

[root@www ~]# 
chown -R apache. /var/www/svn 

[root@www ~]# 
htpasswd -c /etc/httpd/conf/.htpasswd cent 
  
# add a user

New password:
# set password

Re-type new password:
Adding password for user cent
[root@www ~]# 
/etc/rc.d/init.d/httpd restart 

Stopping httpd:
[ OK ]

Starting httpd:
[ OK ]

NFS Server

[1]It's the Configuration on the system you want to build NFS server.
[root@dlp ~]# 
yum -y install nfs-utils
# install
[root@dlp ~]# 
vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name

Domain = 
horoppa.net
[root@dlp ~]# 
vi /etc/exports
# write like below *note

/home 10.0.0.0/24(rw,sync,no_root_squash,no_all_squash)
# *note
/home 
⇒ shared directory

10.0.0.0/24 
⇒ range of networks NFS permits accesses

rw 
⇒ writable

sync 
⇒ synchronize

no_root_squash 
⇒ enable root privilege

no_all_squash
⇒ enable users' authority
[root@dlp ~]# 
/etc/rc.d/init.d/rpcbind start 

Starting rpcbind: 
[  OK  ]

[root@dlp ~]# 
/etc/rc.d/init.d/nfslock start 

Starting NFS statd: 
[  OK  ]

[root@dlp ~]# 
/etc/rc.d/init.d/nfs start 

RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
Starting NFS services: 
[  OK  ]

Starting NFS daemon: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
NFSD: starting 90-second grace period
[ OK ]
Starting NFS mountd: [ OK ]
[  OK  ]

Starting RPC idmapd: [ OK ]
[  OK  ]
[root@dlp ~]# 
chkconfig rpcbind on 

[root@dlp ~]# 
chkconfig nfslock on 

[root@dlp ~]# 
chkconfig nfs on 
[2]Configuration on NFS clients
[root@www ~]# 
yum -y install nfs-utils
# install
[root@www ~]# 
vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name

Domain = 
horoppa.net
[root@www ~]# 
/etc/rc.d/init.d/rpcbind start 

Starting rpcbind: 
[  OK  ]

[root@www ~]# 
/etc/rc.d/init.d/rpcidmapd start 

Starting RPC idmapd: RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
[ OK ]
[root@www ~]# 
/etc/rc.d/init.d/nfslock start 

Starting NFS statd: 
[  OK  ]

[root@www ~]# 
/etc/rc.d/init.d/netfs start 

Mounting other filesystems: 
[  OK  ]

[root@www ~]# 
chkconfig rpcbind on 

[root@www ~]# 
chkconfig rpcidmapd on 

[root@www ~]# 
chkconfig nfslock on 

[root@www ~]# 
chkconfig netfs on 

[root@www ~]# 
mount -t nfs dlp.horoppa.net:/home /home 

[root@www ~]# 
df -h 

Filesystem
Size
Used
Avail
Use%
Mounted on

/dev/mapper/VolGroup-lv_root
18G
864M
16G
6%
/

tmpfs
499M
0
499M
0%
/dev/shm

/dev/vda1
485M
47M
413M
11%
/boot

dlp.server.world:/home
18G
864M
16G
6%
/home

# home directory on NFS is mounted
[root@www ~]# 
vi /etc/fstab 

# add at the lat line: change home directory this server mounts to the one on NFS

/dev/mapper/VolGroup-lv_root
/
ext4
defaults
1 1

UUID=2078630e-e84a-49e7-af68-55f0bde8d6c3   /boot   ext4   defaults
1 2

tmpfs
/dev/shm
tmpfs
defaults
0 0

devpts
/dev/pts
devpts
gid=5,mode=620
0 0

sysfs
/sys
sysfs
defaults
0 0

proc
/proc
proc
defaults
0 0

dlp.horoppa.net:/home
/home
nfs
defaults
1 1

Setting up multiple IP addresses on a single NIC in Linux

In linux, you can bind multiple IP addresses on a single NIC. This is usually done in case you are using your linux machine as a web server and is hosting multiple domains and you want to bind each domain to a unique IP address. This is how it is done.

Let us assume that you already have a NIC which is bound with a static IP address. Then you will have a file called /etc/sysconfig/network-scripts/ifcfg-eth0 .Myifcfg-eth0 file has the following entries:
# File: ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.1
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
HWADDR=00:80:48:34:C2:84

Now to bind another IP address to the same NIC, I create a copy of the above file ifcfg-eth0 and name it as ifcfg-eth0:1
# cd /etc/sysconfig/networking-scripts
# cp ifcfg-eth0 ifcfg-eth0:1

Now just change the values of the DEVICE and IPADDR in the file as follows:
# File: ifcfg-eth0:1
DEVICE=eth0:1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.5
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
HWADDR=00:80:48:34:C2:84
And lastly, restart the networking service. If you are using RedHat, then it is as simple as :
# service network restart

Note: If you do not know how to configure a NIC, see my previous posts - How to install a network card in Linux and How to assign an IP address.

Tuesday, September 18, 2012

Real-time Bandwidth monitoring tool - Bmon

bmon is a portable bandwidth monitor and rate estimator. It supports various input methods for different architectures. Various output modes exist, including an interactive curses interface, lightweight HTML output, and simple ASCII output. Statistics may be distributed over a network using multicast or unicast and collected at some point to generate a summary of statistics for a set of nodes.

Install bmon
For Ubuntu or Debian systems, either click this link or run the following command in a terminal
$ sudo apt-get install bmon
Using bmon:
Open a terminal and enter the command "bmon" and you should see the following output



Read more: http://linuxpoison.blogspot.com/2010/08/real-time-bandwidth-monitoring-tool.html#ixzz26olyOkMB

Lightweight Monitoring Tool for Servers and Embedded System - Monitorix

Monitorix is a free, open source, lightweight system monitoring tool designed to monitorize as many services as possible. At this time it monitors from the CPU load and temperatures to the users using the system. Network devices activity, network services demand and even the devices' interrupt activity are also monitored, and more.

The current status of any corporate server with Monitorix installed can be accessed via a web browser.
Monitorix has been designed to be used under production UNIX/Linux servers, but due its simplicity and small size you may also use it to monitor embedded devices.

Installation:
Monitorix is under GPLv2 licensing and available for download on the project homepage as source code and in numerous packages. Rpm based system (RedHat / Fedora / Centos / Opensuse) can install Monitorix using command:
rpm -ivh monitorix-1.4.2-1.noarch.rpm
Configuration of Monitorix:
Before starting the monitorix daemon, be sure to adjust the /etc/monitorix.conf to your liking. For a complete list of options and features, see the man page for monitor.conf.

our $TITLE = "Linux Poison";                                 # your company name
our $HOSTNAME = "poison.hell.com"; # hostname of this server
our $OSTYPE = "Linux-SuSE";                 # choose your OS type (see below)
our $SAMBAVER = "3";                         # Samba version (2 or 3)
our $MULTIHOST = "N";                 # Enable multihost feature
our $MULTIHOST_FOOTER = "Y";         # (multihost) display URL in image
our $MULTIHOST_IMGPERLINE = "2";         # (multihost) # of images per line
our $REPORT_LANG = "en";                         # Report language
our $THEME_COLOR = "black";                 # Default is "black", none is "white"
our $REFRESH_RATE = "150";                 # Web stats' refresh rate in seconds
our $ENABLE_CROND_MAIL = "Y";         # Error messages are sent by crond

Common settings to tweak here include company name, hostname, and theme color.
Finally you'll be able to start Monitorix with: # service monitorix start

To view your system stats, make sure your webserver is running and browse to [http://localhost/monitorix] to see the data.



Read more: http://linuxpoison.blogspot.com/2010/08/lightweight-monitoring-tool-for-servers.html#ixzz26olPYIpq