How to fix MySQL DB size shows 0 Mb in cPanel

Sometimes we may see the mysql database size as zero in cPanel

This can be fixed as follows: SSH to the server as root and edit the cpanel.config file

vi /var/cpanel/cpanel.config

search for

disk_usage_include_sqldbs=0

and then make change to

disk_usage_include_sqldbs=1

If the parameter is not present, add it. Save the file and execute the following command:

/scripts/update_db_cache

This may take few minutes to get fixed if you have a large number of users with databases, but once done, we should be able see the database disk usage show up accurately in cPanel.

How to start IPs on the server if they are assigned but not working

There are instances when additional IPs are assigned to a certain server but they still do not ping or respond, and only the main IP of the server pings. For Cpanel based servers you will find them assigned at below link as well :
WHM >> IP Functions >> Show IP Address Usage
You can verify the IPs on shell using below command to see if they are attached to the virtual network interfaces are not :

ifconfig -a

Now if you find that additional IPs are not appearing , then you can make them available using below command :

service ipaliases start

How to Install rkhunter (Rootkit Hunter)

rkhunter is a good tool for server security audit, either you are doing a general proactive error or in a suspicion of server compromise.
Its easy to install and use , you can install rkhunter following below steps :
Note : It do not give accurate results in VPS environment so its only recommended for Physical servers.
Installation steps :

#switch to source directory
cd /usr/local/src
#download source
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz?use_mirror=nchc
#untar (according to version number and file name)
tar -xzvf rkhunter-1.3.6.tar.gz
#Installation
cd rkhunter-1.3.6
./installer.sh --install
#Running a scan (you can run ' rkhunter --help' to see detailed options available )
rkhunter --check

The scan will give you result of scans on console, saying ok or giving warning etc for different checks (like rootkit files check, check for malware, network etc), pausing for you to press enter before performing each set of test. You can review the results on the console in real time and if you have any doubt about any output, you can search on internet for that or consult a system administrator. Or you can drop a comment and I will try to help/guide with any issues you might have.
It logs all the output in below file, so you can review that file at any time after completing the scan :

/var/log/rkhunter.log

Have a happy security audit

Mysql databases showing 0MB disk usage in Cpanel

If you are facing a problem where databases in the Cpanel account are showing 0Mb disk usage, then usually its caused by the related Cpanel configuration being set to 0 (zero).
You can check this by finding the value of parameter ‘disk_usage_include_sqldbs‘ in the cpanel.config file using below :

root@CpanelServer [~]# grep disk_usage_include_sqldbs /var/cpanel/cpanel.config
disk_usage_include_sqldbs=0
root@CpanelServer [~]#

If its 0 like in above case, then edit the Cpanel config file at /var/cpanel/cpanel.config and update this parameter and set it to 1 and save the config file.
After that use below command to update the cache :

/scripts/update_db_cache


appy security audit

How to install extension Managers on Cpanel Server

Many don’t know that you don’t need to run EasyApache to install EAccelerator, IonCube Loader, Zend Optimizer, SourceGuardian, or SuHosin. Why waste your time?
You can use /scripts/phpextensionmgr to install or uninstall these modules!
# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
SourceGuardian
PHPSuHosin

So, if you wanted to install Zend Optimizer, you’d run:
# /scripts/phpextensionmgr install Zendopt
Installing Zendopt
Determining PHP version
Installing Zend Optimizer binary
Activating Zend Optimizer in /usr/local/lib/php.ini
Zend Optimizer activated
Skipping install to /usr/local/php4, missing php.ini




Easy peasy.

cPanel: Install SPF record with command

If you have cPanel server and wish to add SPF record in one shot, there is a command come with cPanel to allow you to done it without modify each of the DNS record.
The command line will be as below where cPanel_username should represent your cPanel's username.

 

 

 /usr/local/cpanel/bin/spf_installer cPanel_username

 

Example,

/usr/local/cpanel/bin/spf_installer mickgenie

It will result the DNS zone added the following line,

 "v=spf1 a mx ip4:110.4.45.74 ?al

"v=spf1 a mx ip4:110.4.45.74 ?al

Redirecting using .htaccess

Using htaccess for redirection.

Some useful information about Redirection using .htaccess.

Apache web server provides several way for setting up redirects. The most simple one is using the “Redirect” directive.

REDIRECT DIRECTIVE

Redirects we use:
================
# permanent - (301) resource has moved permanently.
# temp - (302). resource has moved temporarily.
# seeother - (303) resource has been replaced.
================



* Redirecting a particular directory to a remote website.
================
redirect 301 /source_dir/ http://www.new-site.com/
================

The status "301" can be replaced according to the requirement.


* Redirect an entire site.
================
redirect 301 / http://www.new-site.com/
================


* Redirecting a file
================
redirect 301 /path_to_file http://www.new-site.com/new_file
================

REWRITE RULE:

The RewriteRule is more powerful than the Redirect rule, and thus should serve the redirection more effectively.


Tips:

In order to get an idea about RewriteRule, please check the rule given below.

RewriteRule ^(.*)$ http://www.new-domain.com/$1 [R=301]

The above rule will redirect the old website to the new website new-domain.com. It contains the following parts.


1) (.*) — Is a regular expression. The request string is everything that comes after the slash after the domain name. So if you request the URL “http://old_domain/test_pattern”, the request string that get tested against this pattern is “test_pattern”.

This particular pattern, “(.*)”, will match anything. It even successfully matches a empty string, which means it will successfully match when we request the URL “http://old_domain/”.

2) http://www.new-domain.com/$1 — the replacement pattern. When the regular expression in the first part matches, this pattern describes how to rewrite the URL. $1 is a reference to the text captured by the sub-pattern within the parentheses; if we had a pattern with more than one set of parentheses, we can use $2, $3, etc. So in the above example $1 will contain the value "test_pattern"

That means http://www.old_domain.com/$1 will be redirected exactly to http://www.new-domain.com/test_pattern

3) [R=301] - this is a flag that says that this redirection is permanent. That means the HTTP redirection goes out with a 301 code.

Examples:

* Redirect from Old domain to new domain.
================
RewriteEngine On
RewriteRule ^(.*)$ http://www.new-site.com/$1 [R=301,L]
================

* Redirect from http://www.domain.com to http://domain.com
================
RewriteEngine on
RewriteCond % ^www\.domain\.tld$ [NC]
RewriteRule ^(.*)$ http://domain.tld/$1 [R=301,L]
================
RewriteCond tells that if the if HTTP_HOST is www.domain.tld, then apply the rewrite rule.

* Redirect a URL that starts with a given string.
================
RewriteEngine on
RewriteRule ^test http://www.new-site.com/ [R=301]
================
The above rule specifies that URLS like http://old_site.com/test_whatever will be forwarder to the URL http://www.new-site.com/

* To redirect a URL that exactly matches a given string.
================
RewriteEngine on
RewriteRule ^test$ http://www.new-site.com/[R=301]
================
The above rule will redirect http://old_domain.com/test/ to http://www.new-site.com/. This can be used for redirecting directories to remote URLs.

REDIRECTMATCH

RedirectMatch can be used to direct a different string to a correct directory.

================
RedirectMatch ^/director(y|ies) http://www.domain.com/exact_directory
================
The above rule will redirect the URLs http://domain.com/directory and http://domain.com/directories to the URL http://www.domain.com/exact_directory.


Thank you.

Command to delete mails for a particular user

In order to delete all undelivered/queued mails for a given user( abc@xyz.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it ), execute the following command:


cd /var/spool/exim/input; grep -lir abc\@xyz\.com * | xargs rm -fv


That's all :-)

Disable attachment blocking

To disable the executable-attachment blocking that many Cpanel servers do by default, but don't provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file.
if $header_to: matches "example\.com|example2\.com"
then
finish
endif

It will enable attachment in those domains.

Delete mails older than X days

To remove all messages older than five days (86400 * 5 = 432000 seconds), execute the following command
exiqgrep -o 432000 -i | xargs exim -Mrm

That's all

Eximstats failing

$cpan
cpan> get DBD::mysql
(This should download the DBD module
cpan> quit

$ cd /home/.cpan/build or cd /root/.cpan/build
$ cd DBD-mysql-3.0002
$ perl Makefile.PL
$ make && make install

Deleting Frozen Mails

To remove all frozen mails from the exim queue, use the following command -
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm

You can also use the command -
exiqgrep -z -i | xargs exim -Mrm

If you want to only delete frozen messages older than a day, you can try this -
exiqgrep -zi -o 86400

where you can change 86400 depending on the time frame you want to keep.( 1 day = 86400 seconds. ) ;-)

How to remove all mails from exim queue

Command:

rm -rf /var/spool/exim/input/*

Gid XXX is not permitted to relay mail at /etc/exim.pl line XXX

If the below provided error is encountered at exim_mainlog

==

root@vps [~]# tail -f /var/log/exim_mainlog | exigrep we2cares@yahoo.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it

2006-11-12 07:46:20 1GjFfA-0007Gr-1Y <= account@domain.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it . U=cpanel P=local S=736 id= 20061112074619.atql9mq01xwk484g@www.domain.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it 2006-11-12 07:46:20 1GjFfA-0007Gr-1Y failed to expand condition "${perl{checkspam}}" for lookuphost router: Gid 32003 is not permitted to relay mail at line 365. 2006-11-12 07:46:20 1GjFfA-0007Gr-1Y failed to expand condition "${perl{checkspam}}" for literal router: Gid 32003 is not permitted to relay mail at /etc/exim.pl line 365. 2006-11-12 07:46:20 1GjFfA-0007Gr-1Y ** we2cares@yahoo.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it R=fail_remote_domains: unrouteable mail domain "yahoo.com" 2006-11-12 07:46:21 1GjFfA-0007Gr-1Y Completed
[edit]
==

Follow the below steps to fix the error:
vi /etc/exim.pl +365
[edit]
=
#MAILTRAP
my $safegid = (getgrnam("mailtrap"))[2];
if ($uid >= 99 && $gid >= 99 && $safegid ne $gid && -e "/etc/eximmailtrap") {
die "Gid $gid is not permitted to relay mail";
}
#MAILTRAP
[edit]
=


Move or delete the file "/etc/eximmailtrap"
Try sending mail again
The issue should be fixed by now.
 

Exim Error:Retry time not reached

While sending mails, you may get the following error in the logs
T=remote_smtp defer (-53): retry time not reached for any host

This can be caused by corrupted exim databases.

Solution:
/usr/sbin/exim_tidydb -t 1d /var/spool/exim retry > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim reject > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp > /dev/null

/scripts/courierup -- force
/scripts/eximup --force

Error : Mail Server Upgrade in Progress. Message Queued

When sending mails from server to domains hosted in the same server, we get the following error message in exim_mainlig
Mail Server Upgrade in Progress.  Message Queued.

Solution is to edit exim.conf, comment the following lines in /etc/exim.conf to fix the issue
#temp_defer:
#  driver = redirect
#  allow_defer
#  data = :defer: Mail Server Upgrade in Progress.  Message Queued.
#  verify = false

and restart exim.

Waiting to bind to port 995

Pop3s listens to the port 995.

If POP fails while restarting and gives the error
Waiting to bind to port 995 (IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0))....
Waiting to bind to port 995 (IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0))....

Then do lsof -i :995
Eg. root@spiffy [~]# lsof -i :995
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd 1160 root 6u IPv4 2237 TCP *:pop3s (LISTEN)

Kill the process and restart the service
root@spiffy [~]# kill -9 1160
root@spiffy [~]# kill -9 1160
bash: kill: (1160) - No such pid

root@spiffy [~]# /scripts/restartsrv_xinetd
Starting xinetd: [ OK ]

Now POP will be up.

How to install Domain Keys on a cPanel server

You can install domain keys on a cpanel server easily for a single domain. Run the following command shown below:

/usr/local/cpanel/bin/domain_keys_installer username


It will install for the domain (test.com) successfully. Now you can verify it from the db record of the domain. The following new entry will be added in the db record.

vi /var/named/test.com.db

default._domainkey.username IN TXT "k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOmrn9fVOia0KET1UwIDAQAB;"

rndc reload test.com

Restart exim service.

Now you can verify it by creating a new mail account test123@test.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it and send an email to yahoo account, then verify the headers.

Return-Path:             < test123@test.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it >
Authentication-Results:  mta398.mail.re4.yahoo.com from=test.com; domainkeys=pass (ok)
Received:          from mta398.mail.re4.yahoo.com with SMTP; Sun, 27 Apr 2008 03:49:29 -0700
DomainKey-Signature:     a=rsa-sha1; q=dns; c=nofws; s=default; d=test.com; 9BZnoI9FAPMSTPY;


From the above headers you can confirm that domain key is working fine for the domain (test.com).

Try:)

Clamd: unable to connect to UNIX socket error

Sometimes you may get the following error in exim mail logs.

2006-01-29 12:19:48 1F3BWz-0000G8-LV malware acl condition: clamd: unable to connect
to UNIX socket /var/clamd (Socket operation on non-socket)
2006-01-29 12:19:48 1F3BWz-0000G8-LV H=(pool-0.0.0.0) [0.0.0.0] F=< test@test.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it > temporarily rejected after DATA


Fix:

Uninstall the clamavconnector through WHM, then delete following files on the server.

rm -fv  /etc/clamd.conf
rm -fv /etc/freshclam.conf


Then reinstall clamavconnector through WHM. This will fix the issue.

Too many levels of symbolic links error

When you send mail using mail -v from command line you may get the error Too many levels of symbolic links


It happens when the install process of cpanel on FC5 is not as perfect as it was on fc3/fc4

The fix is
rm -rf /usr/sbin/sendmail
rm -rf /usr/lib/sendmail
ln -s /usr/sbin/exim /usr/sbin/sendmail

Spamd Failed, A restart was attempted automatically

This appears to happen because of some bad CPAN links setup through cpanel. This should clear it out and hopefully restart spamd.

Logged in as root via ssh do the following:
m -rf /home/.cpan
rm -rf /root/.cpan
rm -rf /root/.cpcpan
/scripts/updatenow
/scripts/perlinstaller
/scripts/exim4

/scripts/eximup --force
/etc/init.d/exim restart
/scripts/restartsrv_spamd

Hopes this will fix the issue. :)

An error was detected while processing a file of BSMTP input

The error is commonly found when a mail is being sent. This may happen because of
1) Corrupted exim routers
2) Problem with the spamassassin

The possible fix for the error is given below.
1) Corrupted exim  - Exim has different routing configurations. These errors are
commonly seen due to corrupted routers in exim configuration file. Try reinstalling
exim with /scripts/eximup --force.

2) Problem with the spamassassin - Some filters may cause the problem. You can

also try reinstalling spam assassin.

Mail: command not found

When you type mail or mail -v in the server you may get the following error:

-bash: mail: command not found


Then just install mailx in the server to overcome this error. You can install mailx using :

yum install mailx

Spamd Failed

When restarting exim it will show

Shutting down spamd: [FAILED] and when starting it will NOT show Starting spamd:


You may have disabled spamd in WHM > service manager

So WHM will create a file /etc/spamdisable

when you re-enable spamd through WHM > service manager, this file may not be deleted.

So delete /etc/spamdisable and restart exim, spamd will function again.
# rm -rf /etc/spamdisable
#/etc/rc.d/init.d/exim restart

553 sorry, that domain isn't in my list of allowed rcpthosts

You can send/receive mails using webmail interface without having any problems.

But, customer tells that he get an error like this:

553 sorry, that domain isn't in my list of allowed rcpthosts.

Then, the problem is in the email client configuration. The mentioned error occurs if the SMTP authentication is disabled.

Solution:
Enable SMTP authentication in email client configuration.

Eg: To turn this setting on in Microsoft Outlook Express:

1. From the Tools menu, choose "Accounts." 2. Select the "Mail" tab. 3. Double-click the email account. 4. Select the "Servers" tab. 5. Check the box next to "My Server Requires Authentication." 6. Click "OK."

Permit an IP to relay through the mail server

You have often seen the following errors:
aa.bb.cc.ddd does not like recipient.
Remote host said:
550-xxx.yyy.com [192.168.1.1] is currently not permitted to
550-relay through this server. Perhaps you have not logged into the pop/imap
550-server in the last 30 minutes or do not have SMTP Authentication turned on
550 in your email client. Giving up on aa.bb.cc.ddd.
The error says that the server xxx.yyy.com is not permitted to relay through the mail server aa.bb.cc.ddd

The exim uses a mechanism to allow pop-before-smtp relaying for sending outgoing emails. The IPs allowed to relay on the server are added dynamically to the file /etc/relayhosts by the antirelayd daemon.

The exim configuration for this:
/etc/exim.conf:
hostlist relay_hosts = lsearch;/etc/relayhosts :
localhost

antirelayd is a daemon that checks /var/log/maillog for pop3/imap logins and keeps track of valid ones for use with smtp relaying. It manages the /etc/relayhosts file automatically so if you are trying to add a static IP in that file it will be cleaned up by antirelayd.

So how can we whitelist some IP and add it permanently to the allowed hosts to relay mail using the server?

You have to create a file (if no such file exists) called alwaysrelay in /etc and add the IPs you always want to be allowed to relay outgoing mails on the server. Normally /etc/alwaysrelay will not exist, but if it does just edit the file and append the needed IPs.
/etc/alwaysrelay
192.168.0.100
192.168.0.101

and add each IP on a separate line. After this either restart antirelayd or wait for a little while and it will automatically include these IPs in /etc/relayhosts and they will not be cleaned any more (permanent relay).

The same result can be achieved by creating a different file (for ex. /etc/staticrelay) and including it in the exim configuration (in the relay_hosts config similar to /etc/relayhosts). This file will be manually maintained and not cleaned up by antirelayd so the result is the same. Choose the method that you prefer (either antirelayd or exim.conf)

Berkeley DB error

When tailing the exim log file, /var/log/exim_mainlog or when executing the script, /scripts/exim_tidydb you may get the error:

You can enter code or bash commands like this
2007-08-02 16:12:23 1IGOxi-0002jn-0u Berkeley DB error: page 96: illegal page type or format
2007-08-02 16:12:23 1IGOxi-0002jn-0u Berkeley DB error: PANIC: Invalid argument
2007-08-02 16:12:23 1IGOxi-0002jn-0u Berkeley DB error: fatal region error detected; run recovery

This can be fixed by the following steps:
Take the back up of
* /etc/exim.conf
* /var/spool/exim/db

Then
/etc/rc.d/init.d/exim stop
rm -Rfv /var/spool/exim/db/*
/scripts/eximup --force

The issue will be fixed.

Unexpected disconnection while reading SMTP command

Problem

Exim doesn't allow us to send out mails. Some mails will deliver after a long time (2 or 3 days), but there are only a few number of mails are in the mail queue (Better you check through WHM).


The error log shows as follows.
2007-02-02 03:45:43 unexpected disconnection while reading SMTP command from 168-226-70-177.speedy.com.ar [168.226.70.177]

[edit]
Reason

This issue is rarely happening while we are using any Mail Manager software or Mail Scanner with exim. This kind of error is considered as an useless warning/error.
[edit]
Solution

To resolve this issue follow these steps.


1. Select 'Exim Configuration Editor' from WHM

2. Click on the 'Advanced Editor' button

3. Add/replace 'LOG_SELECTOR' in the first text area as follows

log_selector = -host_lookup_failed -lost_incoming_connection


Then, have a smile :)

TCP port "smtp" is not defined for remote smtp transport

Problem: Exim error log (/var/log/exim_mainlog) shows the following error while sending mail,

"TCP port "smtp" is not defined for remote_smtp transport"

Solution:
The file /etc/services is the cPanel file which specifies all the services running on the server along with the
assigned port numbers.
For smtp it should contain the following lines,

root@acela [~]# grep smtp /etc/services
smtp            25/tcp          mail
smtp            25/udp          mail
smtps           465/tcp                         # SMTP over SSL (TLS)

Check the permission of the file /etc/services.
It should be 644.

root@ac [~]# chmod 644 /etc/services
root@ac [~]#

This will fix the mail error.

Spamd failing

If you find "spamd" failing on an exim restart
[edit]
=
root@acela [~]# /etc/init.d/exim restart Shutting down exim: [ OK ] Shutting down antirelayd: [ OK ] Shutting down spamd: [ FAILED ] Starting exim-26: [ OK ] Starting exim: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: [ OK ]
[edit]
=

Heres the solution:

When disabling "spamd", the Cpanel create a file named "/etc/spamdisable" which may not get deleted on enabling the "spamd" feature again. Check the presence of the above said file.

The issue may also arise due to unavailability of the perl module "Mail::SpamAssassin" by installing the the same and on restarting the exim, the issue will be fixed.
/scripts/perlinstaller --force Mail::SpamAssassin
/etc/init.d/exim restart

Removing Duplicate email messages after maildir conversion

The Problem

After converting to maildir format on cpanel-exim servers, at times, you may find duplicate emails on certain mail accounts. We can manually delete these mails through the webmail interface if the mails are not of high numbers. But if there are duplicates for an inbox with 1000s of mails, you'll have to go for other methods.

The Solution

1) Install reformail
wget http://umn.dl.sourceforge.net/sourceforge/courier/maildrop-1.6.3.tar.bz2
tar -jxf maildrop-1.6.3.tar.bz2
cd maildrop-1.6.3
./configure
cd numlib
make
cd ..
cd liblock/
make
cd ..
cd rfc822
make
cd ..
cd maildrop
make reformail
cp reformail /usr/local/bin
chmod 755 /usr/local/bin/reformail

2) cd to the directory where you have the cur, new folders of the duplicate mail account stored.

3) Check the number of messages in cur directory.
unalias ls
ls cur | wc -l

4) Check whether they all have unique message ids.
for i in cur/*; do reformail -x Message-ID: <$i; done | wc -l

5) Check the number of mails remaining after filtering out the duplicate mails.
for i in cur/*; do reformail -x Message-ID: <$i; done | sort -u | wc -l

6) Check how many we are going to delete.
rm -f /tmp/dups
for i in cur/*; do reformail -D 2000000 /tmp/dups <$i && echo $i; done | wc -l

7) Add the result you get from Step 6 and & Step 5 and make sure that it is equal to the result you got from Step 4. If this total doesn't match you should increase the 2000000 - reformail isn't remembering enough Message-IDs to spot all the duplicates. Iterate until the sum becomes same. Note down the value that you used.

8) Delete the messages and verify whether the number of mails is correct now.
for i in cur/*; do reformail -D 2000000 /tmp/dups <$i && rm $i; done
ls cur | wc -l

Note: The 2000000 value should be used only if the result was correct on Step 7. Or else, you need to use the iterated value.

Output should be the same as the result of Step - 5

Spool file is locked (another process is handling this message)

While sending mail if you get the error



Spool file is locked (another process is handling this message)
Delivery attempt for Message ID 1EQoCE-00032w-3v

Message 1EQoCE-00032w-3v is locked
delivering 1EQoCE-00032w-3v
LOG: skip_delivery MAIN
Spool file is locked (another process is handling this message)

Solution
/scripts/courierup --force
/scripts/eximup --force

Monitor RAM/Memory on Linux

Memory (RAM) is known as an important component on the server to make sure that the server is running smooth and the running process could run in normal state. With Linux environment, it come with several tool to allow server administrator to check it's memory such as free, top, vmstat, etc.
Today, Mick Genie will teach you on how to monitor them through several component that easily to understand by a server administrator or end user.
1. top - top command use to monitor the server performance, information, etc in real time. The rows of the memory and swap show that the total available, used and free memory and swap for your server.

2. /proc/meminfo - by open this file, it will show you the actual server properties information such as it's memory, virtual memory, buffer, etc.

 

cat /proc/meminfo 

 

3. free - one of the easier way to monitor and check the available memory from the server where you could use several command to control your needed information.
free -m
- use to monitor the physical memory

free -m -t
- use to monitor the physical memory plus it's total usage

4. sar - sar command included 'sysstat' used to collect system activity information and saves it in a file before displaying it on a standard output.
You may use the command as below to show memory/swap/buffer information with human readable.

sar -r

How to create archives and compress file in Linux

With Linux default environment, tar is come by default and you may easily archives and compress a file or folder easily by using tar command.
If you familiar with Linux, you should know that file could be archives to .tar, .tar.gz, .tgz, .bz2, .tgz, etc, but do you know how to archives it and how to remember and understand it? It is pretty easy, actually.
To archives each of the folder/file, you may refer to the step as below.
.tar -> tar -cf file.tar folder/ # c indicate that you are creating a file and f is use to force create the inheritance file from the folder.
.tar.gz -> tar -zcf file.tar.gz folder/ # z indicate that you are using .tar.gz or tgz extension
.tgz -> tar -zcf file.tgz folder/
.bz2 -> tar -jcf file.bz2 folder/ # bz2 is a type of archives that using lesser space and it required option j.
.gz -> gzip file.gz folder/ # gzip use to zip and remove the original file.
.zip -> zip -r folder.zip folder/ # zip is another archives type that not using tar but it is useful for Windows Operating System.
To extract the file as above, simply change all c to x.

.tar -> tar -xf file.tar
.tar.gz -> tar -zxf file.tar.gz
.tgz -> tar -zxf file.tgz
.bz2 -> tar -jxf file.bz2
.gz -> gunzip file.gz
.zip -> unzip folder.zip

How to Check Apache Connections

Apache is one of the famous web services and surpass for more than 100 Million website.
If you have experience in Server Administrator task, you surely headache on the Apache connections when it is getting tons of connections to the server. But, how could you going to check for those connections?
Some command like netstats, grep, ps, etc will very helpful to help you to understand the number of connections of the server.
Mick Genie will guide you some ways to list the Apache connection as below.
Grep port 80 (web services port)

 netstat -alntp | grep :80 

Check the number of connection from port 80

netstat -alntp | grep :80 | wc -l

 

 ps auxw | grep httpd | wc -l 

List the remote IPs connecting to your server on port 80

 

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c |  sort -nr 

 

List the unique remote IPs and the number of connections from each IP

netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort |  uniq -c | sort -n

Stop Spamming in the server

Stop Spamming in the server

Stop Spamming

The file '/etc/antivirus.exim' is a central filter for the exim mail server that let us setup powerful filters to help stop spam mails from coming in/going out to/from our server.


1. First of all we need to create a special log file for these filters

touch /var/log/filter.log
chmod 0644 /var/log/filter.log


2. Now open up the configuration file /etc/antivirus.exim

vi /etc/antivirus.exim


3. Simply copy the following lines of code to the /etc/antivirus.exim file

[For better understanding let me classify them as blocks]


######################################################

# START
logfile /var/log/filter.log 0644
## Common Spam
if
# Header Spam
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"
then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
#fail text "Message has been rejected because it hasn
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"
seen finish
endif
# END
# Filters all incoming an outgoing mail
# START
#Check forwarders so it doesn't get blocked
#Forwarders still work =)



## FINANCIAL FAKE SENDERS
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif


## OTHER FAKE SENDERS SPAM
## Enable this to prevent users using @domain from addresses
## Not recommended since users do use from addresses not on the server
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"
)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif



## KNOWN FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear valued PayPal member" or
$message_body: contains "Dear valued PayPal customer" or
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or
#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or
#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or

#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"
)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif
# END
######################################################



4. The log file will have the logging format as follows
cat /var/log/filter.log

2007-03-27 12:05:13 1Fds7S-0002Sa-MV from smooth595@gmail.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it contained spam keywords
2007-03-27 14:18:47 1FduCn-0006GV-1r from dayton.nowellu7xn@gmail.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it contained spam keywords
2007-03-27 15:44:35 1FZDLn-0005Mo-5z from nobody@ocean.wavepointmedia.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it is fraud
2007-03-27 16:37:40 1FZEB9-0002KQ-VP from nobody@ocean.wavepointmedia.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it is phishing



5. All the fields are self explanatory and thus we can add new rules according to our need


6. :)

How to Track a spammer

Tracking Spammers

Sometimes you may find the mail queue of your server being filled up with spam
mails. This kind of attacks should be handled with highest priority otherwise
the mail server will cause an unexpected hike in the server load.

Spammers will usually attack the server using any of the following methods.

1) Using scripts that send huge amount of mails. this is the most common way
people used to attack a server.
2) Sending mails from a hacked email account.

Tracking Spammer on Cpanel server.

As you know, exim is generally used as mail servers in Cpanel.

a) Tracking the scripts that send mails:

The following command will be helpful to get the path of the script that is
sending mails.

ps -C exim -fH ewww|awk '{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep
PWD|sort -n

A sample output of the above command is given by

---
6 PWD=/home/username/public_html/sm
8 PWD=/
---

From the above command we will get the username under which the script is
running. So if you suspect it as spamming, there is no difficulty to find the
user.

So, from the above command you can see that 6 mails are being sent from the
directory /home/username/public_html/sm. 6 is an acceptable value and may be
ignored. If you find the value is not within a permissible limit the files
under the directory in question needs to be checked in detail.

Also you may ignore the following lines if any line that contains

PWD=/
PWD=/var/spool/exim/

Keep in mind that the above command will also track the spammers when spamming is going on the server. If it was happened few times ago, you can use the following command.

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

The output format of the above command is the same.

That's all about tracking a spamming script.


b) Tracking direct Spammers.

Sometimes a spammer will send spam mails from their email client your server. They connect to the SMTP port of your end to send mails. In most of the servers, the SMTP port would be 25. If we know the SMTP port, we can trace the spammer IP address using the following command.

netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

If you are using another port for SMTP ( not 25 ), you should replace the port 25 with the correct one.

If you are not sure about the SMTP port, please use the following command to get the port number.

cat /etc/services | grep smtp

The Output format of the above command is as follows.

---
1 116.71.245.135
1 125.234.48.129
1 140.99.35.170
1 202.157.140.6
1 202.188.126.67
1 203.120.149.51
1 203.123.11.18
1 209.85.223.187
1 217.20.114.34
2 151.65.135.172
---

If you find any IP address have high number of connectsions, say 10, it should be double checked.

To block the spammer IP address you can use the following command.

iptables -A INPUT -s IP_address -j DROP

Don't forget to replace the "IP_address" in above command with the correct IP address.

Hope this article was helpful. Here I explained the initial steps you should take to stop spamming.

This is not the only way to track a spammer in a Cpanel server. Be aware of all options in an exim log file, which should be very helping to track a spammer.

If you are well aware of the exim commands and exim logs, you need to take a look at this. Try finding your own ways and you will become an intelligent sys admin.

In the next session, I will give you some tips on preventing spamming more easily.


---
You could easily catch a spammer if you keep your eyes wide open , look for clues that are hidden , be persistent. No spammer is as intelligent as a system administrator . They get away because we are lazy enough to let them do it. But chasing , catching and killing spammers should be considered as a sys admin’s virtue.

Installig ConfigServer Security&Firewall (CSF)

CSF an be installed using following steps



Login to your server as root.



wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
rm -fv csf.tgz
cd csf
sh install.sh


You can then configure csf in WHM, or edit the files


WHM > ConfigServer Security&Firewall



The follwoing command will list all options to be used along with CSF.



# csf -h



Thank you.

Install Advanced Policy Firewall (APF)

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.

Here is the steps you need to follow to get APF installed on your server.

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf-0.9.5-1/
./install.sh

That's All! APF has been successfully installed on your server.


Making use of APF to prevent DDoS attacks:

Enable Anit-DOS mode in Apf (ie in conf.apf) . Also make sure that your root's cron has an entry like the one below

*/8 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1

That's fine!

Prevent DDos attacks on your Linux server

DDOS, or Distributed Denial of Service is an advanced version of DOS(Denial of Service) attack. Like DOS, DDOS also tries to deny important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it.

There is no 100% perfect solution for DDOS. We can just prevent it to certain extend by securing our networks and servers. Here I am trying to explain the DDOS on HTTP, which is common in the webhosting Industry.

When you see your server load is increasing, it can be a result of DDos attacks to your server. You may use the command "w" to find the load in the server. If the load is not quite normal (Say above 5), you may check the following steps to see if a DDoS attack is going on.

Following command will give you a sorted list of IP addresses that are being connected to the server at port 80.

netstat -plan |grep :80 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

The result of the above command will list all IP addresses that are connected to the server on port 80. It will also show the number of connections of each IP addresses. A value below 10 is acceptable. That is there is not a problem with http connections to the server.  If you find any IP addresses are having a large number of connections (Say 50), it should be double checked. It is always good to block the IP addresses in question. We ignore this and it may lead your server to go down!

You can use the following command to block the IP address.

iptables -A  INPUT -s --dport 80 -p tcp -j DROP

This is a temporary solution when you monitor your server to keep it online always :)

We will discuss in detail on coming sections ( Install APF, Install CSF, Install Mod_security ).

Thank you.

Linux Networking Configuring /etc/hosts file

Configuring /etc/hosts file:

The /etc/hosts file is just a list of IP addresses and their corresponding server names. The server will typically check this file before referencing DNS. If the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you also have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. For ease of management, it is often easiest to limit entries in this file to just the loopback interface and also the server's own hostname, and use a centralized DNS server to handle most of the rest. Sometimes you might not be the one managing the DNS server, and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made.

The contents of the file should be as follows.
-------
192.168.1.101 Basil
-------

In the example above server Basil has an IP address of 192.168.1.101. You can access 192.168.1.101 using the ping, telnet or any other network aware program by referring to it as smallfry. Here is an example using the ping command to see whether smallfry is alive and well on the network:
-------
root@Basil15099/~# ping Basil

PING zero (192.168.1.101) 56(84) bytes of data.
64 bytes from Basil (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms
-------

Linux Networking Deleting a Route

Deleting a Route:

We can use the following command to Delete a Route.

[root@Basil15099/~# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 eth0

The file /etc/sysconfig/network-scripts/route-eth0 will also have to be updated so that when you reboot the server will not reinsert the route. Delete the line that reads:

10.0.0.0/8 via 192.168.1.254

Linux Networking Confiuring Two gateways

Confiuring 2 gateways

Some networks may have multiple router/firewalls providing connectivity. Here's a typical scenario:

* You have one router providing access to the Internet that you'd like to have as your default gateway (see the default gateway example earlier)

* You also have another router providing access to your corporate network using addresses in the range 10.0.0.0 to 10.255.255.255. Let's assume that this router has an IP address of 192.168.1.254

Here we are going to discuss the following methods to configure Gateways.

1) Adding Temporary Static Routes
2) Adding Permanent Static Routes

- Adding Temporary Static Routes

The route add command can be used to add new routes to your server that will last till the next reboot. It has the advantage of being univeral to all versions of Linux and is well documented in the man pages. In our example the reference to the 10.0.0.0 network has to be preceded with a -net switch and the subnet mask and gateway values also have to be preceded by the netmask and gw switches respectively.

-------------
[root@Basil15099/~# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
-------------

If you wanted to add a route to an individual server, then the "-host" switch would be used with no netmask value. (The route command automatically knows the mask should be 255.255.255.255). Here is an example for a route to host 10.0.0.1.

-------------
[root@Basil15099/~# route add -host 10.0.0.1 gw 192.168.1.254 wlan0
-------------

A universal way of making this change persistent after a reboot would be to place this route add command in the file /etc/rc.d/rc.local, which is always run at the end of the booting process.

- Adding Permanent Static Routes

In Fedora Linux, permanent static routes are added on a per interface basis in files located in the /etc/sysconfig/network-scripts directory. The filename format is route-interface-name so the filename for interface wlan0 would be route-wlan0.
The format of the file is quite intuitive with the target network coming in the first column followed by the word via and then the gateway's IP address. In our routing example, to set up a route to network 10.0.0.0 with a subnet mask of 255.0.0.0 (a mask with the first 8 bits set to 1) via the 192.168.1.254 gateway, we would have to configure file /etc/sysconfig/network-scripts/route-wlan0 to look like this:

-------------
#
# File /etc/sysconfig/network-scripts/route-wlan0
#
10.0.0.0/8 via 192.168.1.254

 -------------

-------------

Linux Networking Changing your default gateway

Changing your default gateway

Your server needs to have a single default gateway. DHCP servers will automatically assign a default gateway to DHCP configured NICs, but NICs with configured static IP addresses will need to have a manually configured default gateway. This can be done with a simple command. Here is the command.

-------------

[root@Basil15099/~# route add default gw 192.168.1.1 wlan0-------------

In this case, make sure that the router/firewall with IP address 192.168.1.1 is connected to the same network as interface wlan0!

Once done, you'll need to update your /etc/sysconfig/network file to reflect the change. This file is used to configure your default gateway each time Linux boots.

-------------

NETWORKING=yes
HOSTNAME=bigboy
GATEWAY=192.168.1.1
-------------

Can you find an alternative to editing the file /etc/sysconfig/network ?? Ah.. yes, we can put the above command in rc.local file as well so that gateway will be configured at the end of every reboot.




Linux Networking Setting up a direct DSL connection

Setting up a direct DSL connection

- Do you have a fixed static IP address ?

If you are using a DSL connection with fixed or static IP addresses, then the configuration steps are the same as those outlined earlier. You plug your Ethernet interface into the DSL modem, configure it with the IP address, subnet mask, broadcast address, and gateway information provided by your ISP and you should have connectivity when you restart your interface. Remember that you might also need to configure your DNS server correctly.

- Are you using a DSL connection with a DHCP or dynamic IP address assignment ?

In ths case, your ISP will provide you with a PPP authentication over Ethernet (PPPoE) username and password which will allow your computer to login transparently to the Internet each time it boots up. Fedora Linux installs the rp-pppoe RPM software package required to support this. You can download the package at the following URL.

http://rpm.pbone.net/index.php3/stat/4/idpl/1953277/com/

If you have any trouble installing the package, try googling to find a new package. The above package has worked for me.

After installing the RPM, you need to go through a number of steps to complete the connection. The PPPOE configuration will create a software-based virtual interface named ppp0 that will use the physical Internet interface eth0 for connectivity. Here's what you need to do:

• Make a backup copy of your ifcfg-eth0 file.
  

-------------
root@Basil15099/~#
root@ Basil15099/~# cd /etc/sysconfig/network-scripts/
root@Basil15099/~# ls ifcfg-eth0
ifcfg-eth0
root@Basil15099/~# cp ifcfg-eth0 DISABLED.ifcfg-eth0
-------------

• Edit your ifcfg-eth0 file to have no IP information and also to be deactivated on boot time.
  

-------------
DEVICE=eth0
ONBOOT=no
-------------

• Shutdown your eth0 interface.
  
  

-------------
[root@Basil15099/~# ifdown eth0
[root@Basil15099/~#
-------------

So, we have taken all precautions and shall go ahead setting up DHCP connection.

In linux, the command adsl-setup will help you to configure the DHCP connection. If the command does not exists, please check in /sbin directory as well.

• Run the adsl-setup configuration script
  

-------------
[root@Basil15099/~# adsl-setup
-------------

It will prompt you for your ISP username, the interface to be used (eth0) and whether you want to the connection to stay up indefinitely. We'll use defaults wherever possible.

-------------
Welcome to the ADSL client setup.� First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): basil-login@isp

INTERFACE

Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethX, where 'X' is a number.
(default eth0):

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds after which the link should be dropped.� If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP addresses. You might have some problems with demand-activated links.

Enter the demand value (default no):
-------------

It will then prompt you for your DNS server information. This step edits your /etc/resolv.conf file. If you're running BIND on your server in a caching DNS mode then you might want to leave this option blank. If you want your ISP to provide the IP address of its DNS server automatically then enter the word server.

-------------
DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are doing and not modify your DNS setup.
Enter the DNS information here:
-------------

The script will then prompt you for your ISP password

-------------
PASSWORD

Please enter your Password:
Please re-enter your Password:
-------------

Then it will ask whether you want regular users (not superuser root) to be able to activate/deactivate the new ppp0 interface. This may be required if non-root members of your family or home office need to get access to the Internet:

-------------
USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow normal user to start or stop DSL connection (default yes):
-------------

The rp-pppoe package has two sample iptables firewall scripts located in the /etc/ppp directory named firewall-standalone and firewall-masq. They are very basic and don't cover rules to make your Linux box a web server, DNS server, or mail server. I'd recommend selecting none if you are not sure about the firewall rules.

-------------
FIREWALLING

Please choose the firewall rules to use. Note that these rules are very basic. You are strongly encouraged to use a more sophisticated firewall setup; however, these will provide basic security.
If you are running any servers on your machine, you must choose 'NONE' and set up firewalling yourself. Otherwise, the firewall rules will deny access to all standard servers like Web, e-mail,
ftp, etc. If you are using SSH, the rules will block outgoing SSH connections which allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway for a LAN

Choose a type of firewall (0-2): 0
-------------

You'll then be asked whether you want the connection to be activated upon booting. Most people would say yes. I too.

-------------
Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):yes
-------------

Just before exiting, you'll get a summary of the parameters you entered and the relevant configuration files will be updated to reflect your choices when you accept them:

-------------
** Summary of what you entered **


Ethernet Interface: eth0

User name: bigboy-login@isp
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y

Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
-------------

At the very end it will tell you the commands to use to activate /deactivate your new ppp0 interface and to get a status of the interface's condition.

-------------
Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0' to see the link status.
-------------



After you have completed installing rp-pppoe you should be able to access the Internet over your DHCP DSL connection as expected.

Some Important Files Created By adsl-setup

The adsl-setup script creates three files that will be of interest to you. The first is the ifcfg-ppp0 file with interface's link layer connection parameters

-------------
[root@Basil15099/~# less ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=yes
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=20
LCP_FAILURE=3
LCP_INTERVAL=80
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth0
PROVIDER=DSLppp0
USER= bigboy-login@isp
PEERDNS=no
[root@Basil15099/~#
-------------

The others are the duplicate /etc/ppp/pap-secrets and /etc/ppp/chap-secrets files with the username and password needed to login to your ISP:

-------------
[root@Basil15099/~# less /etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
"basil-login@isp" * "password"
[root@Basil15099/~#
-------------

That's All :-)


That's All :-)

Linux Networking Configuring Multiple IP Addresses

Configuring Multiple IP Addresses

Configuring Multiple IP Addresses on a single NIC.

In the last section, we have learned to configure IP address for your interface. It is also possible to configure more than one IP addresses on a single NIC example: eth0. For this, we need to create a new child interface with name eth0:X where X can have the values 0, 1, 2, ........

The steps are very similar to the one we explained in the previous section (eth0). You need to verify the following details.

* First ensure the parent real interface (eth0) exists

* Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface eth0:0.

* Create the virtual interface with the ifconfig command

As we discussed earlier, we shall create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 with the following contents.

-------------

DEVICE=Interface:X (eth0:0)

ONBOOT=yes

BOOTPROTO=static

IPADDR=IP_address

NETMASK=NET_MASK

-------------

Once it is done, please use the following commands to activate the interface.

-------------
root@Basil15099/~# ifdown Interface:X

root@Basil15099/~# ifup Interface:X
-------------

In my example, I have created a child interface eth0:0 with the IP address 192.168.1.101. So I had to modify the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 with the following details.

-------------

DEVICE=eth0:0

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.169.1.101

NETMASK=255.255.255.0

-------------

Then I executed the following commands to activate my child interface.

-------------
root@Basil15099/~# ifdown eth0:0

root@Basil15099/~# ifup eth0:0
-------------

If you are not using Fedora Linux, please use the following command to configure IP address for your child interface.

-------------
root@Basil15099/~# ifconfig interface:X IP_address netmask NET_MASK up
-------------

As you know this configuration will last till the next reboot. So in order to make the configuration permanent, you need to put the above command in the /etc/rc.local file.

So in my example, the command will be as follows.

-------------
root@Basil15099/~# ifconfig eth0:0 192.169.1.101 netmask 255.255.255.0 up
-------------

Thats all :-)

Linux Networking Configuring IP address

Configure IP address:

- Are you using Fedora linux or newer Redhat versions of Linux ??

Then it is very easy to configure IP address for your interface in linux. In fedora and newer redhat versions of linux, you may have noticed a directory named /etc/sysconfig/network-scripts. Some small modifications on the files of this directory will do the tricks :-)

If you want to configure an IP address for the interface eth0, you just need to create a file named ifcfg-eth0 under the directory /etc/sysconfig/network-scripts. The contents of the file should be as follows.

-------------

DEVICE= Interface_name

IPADDR=IP address

NETMASK=Netmask Value (Eg: 255.255.255.0)

BOOTPROTO=static

ONBOOT=yes

-------------

I have configured an IP address 192.168.1.100 to my interface eth0 using the following settings.

-------------

root@Basil15099/~#cd /etc/sysconfig/network-scripts

root@Basil15099//etc/sysconfig/network-scripts#cat ifcfg-eth0

#

# File: ifcfg-eth0

#

DEVICE=eth0

IPADDR=192.168.1.100

NETMASK=255.255.255.0

BOOTPROTO=static

ONBOOT=yes

#

# The following settings are optional

#

BROADCAST=192.168.1.255

NETWORK=192.168.1.0

root@Basil15099/~#

-------------

Please note that the above steps will only work with fedora linux and redhat versions.

Once the file is modified, you need to active the newly configured interface using the following commands.

-------------
root@Basil15099/~# ifdown interface_name

root@Basil15099/~# ifup interface_name
-------------

Eg:

-------------
root@Basil15099/~# ifdown eth0

root@Basil15099/~# ifup eth0
-------------

- Are you NOT USING Fedora Linux ? No worries....

As I have already told, the above method will only work with fedora and redhat versions of Linux. Here I am going to discuss some general tips to configure IP address by the use of a single command. This will work around all versions of linux so far :-)

Here is the command that assign an IP address to an interface.

-------------
root@Basil15099/~# ifconfig Interface_name IP_address netmask NET_MASK up
-------------

The "up" at the end of the command activates the interface.

Similar way, I have used the following command to configure an IP address 192.168.1.100 to my interface eth0.

-------------
root@Basil15099/~# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
-------------

That's all!

NOTE: Once the IP address is configures using this method, what will happen when you reboot your machine ?

Of coarse, all configurations will be reset. So in order to make the configuration permanent, you need to put the above command in /etc/rc.local file. As you know, the script /etc/rc.local will be executed at the end of every reboot. So, if you add the command in the specified file, eth0 will automatically be configured with the given IP address in every reboot!!

Linux Networking- Introduction

Linux Networking- Introduction

Introduction

As you may know the the command ifconfig can be used to get the IP address of your interface. I am pasting a sample output of ifconfig command for reference.

^{_{-------------
root@Basil15099/~# ifconfig -a}}

^{_{eth0 Link encap:Ethernet HWaddr 00:0C:29:3B:66:D1}}

^{_{inet addr:83.166.168.139 Bcast:83.166.168.159 Mask:255.255.255.224}}

^{_{inet6 addr: fe80::20c:29ff:fe3b:66d1/64 Scope:Link}}

^{_{UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1}}

^{_{RX packets:403929286 errors:2261 dropped:5757 overruns:0 frame:0}}

^{_{TX packets:540873029 errors:0 dropped:0 overruns:0 carrier:0}}

^{_{collisions:0 txqueuelen:1000}}

^{_{RX bytes:3650916530 (3.4 GiB) TX bytes:2670561852 (2.4 GiB)}}

^{_{Interrupt:177 Base address:0x1400}}

^{_{lo Link encap:Local Loopback}}

^{_{inet addr:127.0.0.1 Mask:255.0.0.0}}

^{_{inet6 addr: ::1/128 Scope:Host}}

^{_{UP LOOPBACK RUNNING MTU:16436 Metric:1}}

^{_{RX packets:89800080 errors:0 dropped:0 overruns:0 frame:0}}

^{_{TX packets:89800080 errors:0 dropped:0 overruns:0 carrier:0}}

^{_{collisions:0 txqueuelen:0}}

^{_{RX bytes:3330076384 (3.1 GiB) TX bytes:3330076384 (3.1 GiB)}}

^{_{sit0 Link encap:IPv6-in-IPv4}}

^{_{NOARP MTU:1480 Metric:1}}

^{_{RX packets:0 errors:0 dropped:0 overruns:0 frame:0}}

^{_{TX packets:0 errors:0 dropped:0 overruns:0 carrier:0}}

^{_{collisions:0 txqueuelen:0}}

^{_{RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)}}

-------------

The option -a will show all interfaces associated with your machine (Both active and inactive), where ifconfig will only show the active interfaces.

As you can see this command gives good information on the interrupts, or PCI bus ID, used by each card. You may ignore any further information's in order to avoid confusion. But it matters when it came to troubleshooting which we will discuss at the end of his chapter.