Category Archives: SysAdmin

Searching logfiles with Powershell, Log parser, Findstr, QGrep – Steve Schofield Weblog

Searching logfiles with Powershell, Log parser, Findstr, QGrep – Steve Schofield Weblog: “http://www.ss64.com/nt/qgrep.html

In conclusion, the clear winner�was Log parser, speed and accuracy were great.� Powershell was ‘cool’ but took too long.� Maybe as I get better at�Powershell, that will�change.��Findstr & QGrep�appear to be more for parsing out entire lines of�text.� That was my experience, it�could be my lack of advanced knowledge with these tools.��I use FINDSTR�a lot�for doing quick searches, it is faster than FIND.� I was hoping to use regular expressions, but”

Install Python from Source on Linux

\r\n\r\n\r\nThis article is helpful for you to install Python from source on Linux system. Follow the steps as describes below:\r\n\r\nlocalhost:~$ su −\r\n\r\n\r\nPassword: [enter your root password]\r\n\r\n\r\nlocalhost:~# wget http://www.python.org/ftp/python/2.3/Python−2.3.tgz\r\n\r\n\r\n Resolving www.python.org… done.\r\n\r\n\r\n Connecting to www.python.org[194.109.137.226]:80… connected.\r\n\r\n\r\n HTTP request sent, awaiting response… 200 OK\r\n\r\n\r\n Length: 8,436,880 [application/x−tar]\r\n\r\n\r\n …\r\n\r\n\r\nlocalhost:~# tar xfz Python−2.3.tgz\r\n\r\n\r\nlocalhost:~# cd Python−2.3\r\n\r\n\r\nlocalhost:~#/Python−2.3# ./configure\r\n\r\n\r\n checking MACHDEP… linux2\r\n\r\n\r\n checking EXTRAPLATDIR…\r\n\r\n\r\n checking for −−without−gcc… no\r\n\r\n\r\n …\r\n\r\n\r\nlocalhost:~#/Python−2.3# make\r\n\r\n

gcc −pthread −c −fno−strict−aliasing −DNDEBUG −g −O3 −Wall −Wstrict−prototypes\r\n

\r\n

−I. −I./Include −DPy_BUILD_CORE −o Modules/python.o Modules/python.c\r\n

\r\n

gcc −pthread −c −fno−strict−aliasing −DNDEBUG −g −O3 −Wall −Wstrict−prototypes\r\n

\r\n

−I. −I./Include −DPy_BUILD_CORE −o Parser/acceler.o Parser/acceler.c\r\n

\r\n

gcc −pthread −c −fno−strict−aliasing −DNDEBUG −g −O3 −Wall −Wstrict−prototypes\r\n

\r\n

−I. −I./Include −DPy_BUILD_CORE −o Parser/grammar1.o Parser/grammar1.c\r\n

\r\n…\r\n\r\n\r\nlocalhost:~/Python−2.3# make install /usr/bin/install −c python /usr/local/bin/python2.3\r\n\r\n\r\n…\r\n\r\n\r\nlocalhost:~/Python−2.3# exit\r\n\r\n\r\n# logout\r\n\r\n\r\nlocalhost:~$ which python\r\n\r\n\r\n /usr/local/bin/python\r\n\r\n\r\nlocalhost:~$ python\r\n\r\n

Python 2.3.1 (#2, Sep 24 2003, 11:39:14)\r\n

\r\n

[GCC 3.3.2 20030908 (Debian prerelease)] on linux2\r\n

\r\n

Type “help”, “copyright”, “credits” or “license” for more information\r\n

\r\n

 

\r\n

>>> [press Ctrl+D to get back to the command prompt]\r\n

\r\n \r\n\r\nlocalhost:~$\r\n\r\n\r\n \r\n\r\n \r\n\r\nNote: All images, logos and trademarks shown on this site are property of their respective organizations

The GNOME Desktop Project Unleashes GNOME 3.0

\r\n\r\n\r\nAfter five years of planning and design, GNOME 3.0 has been officially released. The totally rewritten desktop has had its share of both praise and condemnation in recent months due to what the project describes as “its most significant redesign of the computer experience in nine years.” They further say, the “revolutionary new user interface and new features for developers make this a historic moment for the free and open source desktop.”\r\n\r\n\r\nThe main idea in the redesign was to allow “users to focus on tasks while minimizing distractions such as notifications, extra workspaces, and background windows. Jon McCann is quoted as saying, “we’ve taken a pretty different approach in the GNOME 3 design that focuses on the desired experience and lets the interface design follow from that. With any luck you will feel more focused, aware, effective, capable, respected, delighted, and at ease.” GNOME 3.0 aims to “help us cope with modern life in a busy world. Help us connect, stay on track, feel at ease and in control.” In summary, GNOME 3.0 helps users stay “informed without being disrupted.”\r\n\r\n\r\nMatt Zimmerman, Ubuntu CTO, said, “In the face of constant change, both in software technology itself and in people’s attitudes toward it, long-term software projects need to reinvent themselves in order to stay relevant. I’m encouraged to see the GNOME community taking up this challenge, responding to the evolving needs of users and questioning the status quo.”\r\n\r\n\r\nGNOME founder, Miguel de Icaza adds, “GNOME continues to innovate in the desktop space. The new GNOME Shell is an entire new user experience that was designed from the ground up to improve the usability of the desktop and giving both designers and developers a quick way to improve the desktop and adapt the user interface to new needs. By tightly integrating Javascript with the GNOME platform, designers were able to create and quickly iterate on creating an interface that is both pleasant and exciting to use. I could not be happier with the results.”\r\n\r\n\r\nSome of the new features include:\r\n\r\n

    \r\n

  • Activities Overview at a Glance\r\n
  • \r\n

  • Built-in Messaging\r\n
  • \r\n

  • Redesigned System Settings\r\n
  • \r\n

  • Side-by-side window tiling\r\n
  • \r\n

  • Redesigned file manager\r\n
  • \r\n

  • Faster performance\r\n
  • \r\n

  • Beautiful interface\r\n
  • \r\n

\r\nThe official press release:\r\n\r\n

Groton, MA, April 6 2011: Today, the GNOME Desktop project released GNOME 3.0, its most significant redesign of the computer experience in nine years. A revolutionary new user interface and new features for developers make this a historic moment for the free and open source desktop.\r\n

\r\n

Within GNOME 3, GNOME Shell reimagines the user interface for the next generation of the desktop. This innovative interface allows users to focus on tasks while minimizing distractions such as notifications, extra workspaces, and background windows.\r\n

\r\n

Jon McCann, one of GNOME Shell’s designers, says of the design team, “we’ve taken a pretty different approach in the GNOME 3 design that focuses on the desired experience and lets the interface design follow from that.” The result: “With any luck you will feel more focused, aware, effective, capable, respected, delighted, and at ease.” GNOME Shell aims to “help us cope with modern life in a busy world. Help us connect, stay on track, feel at ease and in control.” GNOME Shell, he says, will keep users “informed without being disrupted.”\r\n

\r\n

The GNOME 3 development platform includes improvements in the display backend, a new API, improvements in search, user messaging, system settings, and streamlined libraries. GNOME 2 applications will continue to work in the GNOME 3 environment without modification, allowing developers to move to the GNOME 3 environment at their own pace. The GNOME 3 release notes include further details.\r\n

\r\n

Matt Zimmerman, Ubuntu CTO at Canonical, praises GNOME 3: “In the face of constant change, both in software technology itself and in people’s attitudes toward it, long-term software projects need to reinvent themselves in order to stay relevant. I’m encouraged to see the GNOME community taking up this challenge, responding to the evolving needs of users and questioning the status quo.”\r\n

\r\n

Miguel de Icaza, one of GNOME’s founders, celebrates the new release: “GNOME continues to innovate in the desktop space. The new GNOME Shell is an entire new user experience that was designed from the ground up to improve the usability of the desktop and giving both designers and developers a quick way to improve the desktop and adapt the user interface to new needs. By tightly integrating Javascript with the GNOME platform, designers were able to create and quickly iterate on creating an interface that is both pleasant and exciting to use. I could not be happier with the results.”\r\n

\r\n

GNOME 3 is the cumulative work of five years of planning and design by the GNOME community. McCann notes: “Perhaps the most notable part of the design process is that everything has been done in the open. We’ve had full transparency for every decision (good and bad) and every change we’ve made. We strongly believe in this model. It is not only right in principle — it is just the best way in the long run to build great software sustainably in a large community.”\r\n

\r\n

In partnership with Novell, Red Hat, other distributors, schools and governments, and user groups, GNOME 3 will reach millions of users around the world. Over 3500 people have contributed changes to the project’s code repositories, including the employees of 106 companies. GNOME 3 includes innumerable code changes since the 2.0 release 9 years ago.\r\n

\r\n

Users and fans of GNOME have planned more than a hundred launch parties around the world. Users can download GNOME 3 from http://gnome3.org to try it immediately, or wait for distributions to carry it over the coming months. GNOME 3 continues to push new frontiers in user interaction.\r\n

\r\n

—–\r\n

\r\n

The GNOME Project was started in 1997 by two then-university students, Miguel de Icaza and Federico Mena Quintero. Their aim: to produce a free (as in freedom) desktop environment. Since then, GNOME has grown into a hugely successful enterprise. Used by millions of people across the world, it is the most popular desktop environment for GNU/Linux and UNIX-type operating systems. The desktop has been utilised in successful, large-scale enterprise and public deployments, and the project’s developer technologies are utilised in a large number of popular mobile devices. For further comments and information, contact the GNOME press contact team atgnome-press-contact@gnome.org.

\r\n

 

\r\n

 

\r\n

Credits: Susan Linton, Linux Journal

Wi-Fi on the Command Line

More people than ever are using wireless networks as their primary networking medium. Great programs are available under X11 that give users a graphical interface to their wireless cards. Both GNOME and KDE include network management utilities, and a desktop-environment-agnostic utility called wicd also offers great functionality. But, what if you aren’t running X11 and want to manage your wireless card? I don’t cover how to install and activate your card here (for that, take a look at projects like madwifi or ndiswrapper). I assume your card is installed and configured properly, and that it is called wlan0. Most of the utilities mentioned below need to talk directly to your wireless card (or at least the card driver), so they need to be run with root privileges (just remember to use sudo). The first step is to see what wireless networks are available in your area. A utility called iwlist provides all sorts of information about your wireless environment. To scan your environment for available networks, do the following: \r\n

sudo iwlist wlan0 scan

\r\nYou’ll see output resembling:\r\n

Cell 01 – Address: 00:11:22:33:44:55

\r\n

ESSID:”network-essid”

\r\n

Mode:Master

\r\n

Channel:11

\r\n

Frequency:2.462 GHz (Channel 11)

\r\n

Quality=100/100 Signal level:-47dBm Noise level=-100dBm

\r\n

Encryption key:off

\r\nThe details (address and essid) have been changed to protect the guilty. Also, the … represents extra output that may or may not be available, depending on your hardware. You will get a separate cell entry for each access point within your wireless card’s range. For each access point, you can find the hardware address, the essid and the channel on which it’s operating. Also, you can learn in what mode the access point is operating (whether master or ad hoc). Usually, you will be most interested in the essid and what encryption is being used. Once you know what’s available in your immediate environment, configure your wireless card to use one of these access points using the iwconfig utility to set the parameters for your wireless card. First, set the essid, which identifies the network access point you want: \r\n

sudo iwconfig wlan0 essid network-essid

\r\nDepending on your card and its driver, you may have the option to set the essid to the special value “any”. In this case, your card will pick the first available access point. This is called promiscuous mode. You also may need to set the mode to be used by your wireless card. This depends on your network topology. You may have a central access point to which all of the other devices connect, or you may have an ad hoc wireless network, where all of the devices communicate as peers. You may want to have your computer act as an access point. If so, you can set the mode to master using iwconfig. Or, you simply may want to sniff what’s happening around you. You can do so by setting the mode to monitor and passively monitor all packets on the frequency to which your card is set. You can set the frequency, or channel, by running: \r\n

sudo iwconfig wlan0 freq 2.422G

\r\nOr by running: \r\n

sudo iwconfig wlan0 channel 3

\r\nYou can set other parameters, but you should consider doing so only if you have a really good reason. One option is the sensitivity threshold, which defines how sensitive the card is to noise and signal strength, and you can set the behavior of the retry mechanism for the wireless card. You may need to play with this in very noisy environments. Set the maximum number of retries with: \r\n

sudo iwconfig wlan0 retry 16

\r\nOr, set the maximum lifetime to keep retrying to 300 milliseconds with: \r\n

sudo iwconfig wlan0 retry lifetime 300m

\r\nIn a very noisy environment, you also may need to play with packet fragmentation. If entire packets can’t make it from point to point without corruption, your wireless card may have to break down packets into smaller chunks to avoid this. You can tell the card what to use as a maximum fragment size with: \r\n

sudo iwconfig wlan0 frag 512

\r\nThis value can be anything less than the size of a packet. Some cards may not apply these settings changes immediately. In that case, run this command to flush all pending changes to the card and apply them: \r\n

sudo iwconfig wlan0 commit

\r\nTwo other useful commands are iwspy and iwpriv. If your card supports it, you can collect wireless statistics by using: \r\n

sudo iwspy wlan0

\r\nThe second command gives you access to optional parameters for your particular card. iwconfig is used for the generic options available. If you run it without any parameters (sudo iwpriv wlan0), it lists all available options for the card. If no extra options exist, you will see output like this: \r\n

wlan0 no private ioctls

\r\nTo set one of these private options, run: \r\n

sudo iwpriv wlan0 private-command [private parameters]

\r\nNow that your card is configured and connected to the wireless network, you need to configure your networking options to use it. If you are using DHCP on the network, you simply can run dhclient to query the DHCP server and get your IP address and other network settings. If you want to set these options manually, use the ifconfig command (see the man page for more information). \r\n\r\n Tips: \r\n

    \r\n

  • \r\n
    You can also change the MAC address with ifconfig if need be.

    \r\n$ ifconfig wlan0 down \r\n\r\n$ ifconfig wlan0 hw ether 00:11:22:33:44:55 \r\n\r\n$ ifconfig wlan0 up \r\n\r\n OR \r\n\r\nUse macchanger

  • \r\n

  • \r\n
    You will probably want to look into wpa_supplicant for all your WPA etc needs (I typed in the status command):

    \r\n—————–8<—————–\r\n# wpa_cli\r\nwpa_cli v0.7.3\r\nCopyright (c) 2004-2010, Jouni Malinen and contributors\r\n…..\r\nSelected interface ‘wlan0’\r\n\r\nInteractive mode\r\n\r\n> status\r\nbssid=00:50:7f:95:c1:e0\r\nssid=\r\nid=0\r\nmode=station\r\npairwise_cipher=CCMP\r\ngroup_cipher=CCMP\r\nkey_mgmt=WPA2-PSK\r\nwpa_state=COMPLETED\r\nip_address=\r\n>\r\n—————–8<—————–\r\n\r\nOn Gentoo, make sure driver is compiled in, emerge wpa_supplicant, add this (or similar) to /etc/conf.d/net:\r\n\r\nwpa_supplicant_wlan0=”-Dwext”\r\nconfig_wlan0=”dhcp”\r\n\r\nThen add a stanza like the following to /etc/wpa_supplicant/wpa_supplicant.conf:\r\n\r\nnetwork={\r\nssid=”My_SSID”\r\npsk=”My_WPA(2)_shared_key”\r\n}\r\n\r\nAdd net.wlan0 to default runlevel, start it and forget about it!\r\n\r\nI’m sure that shouldn’t be too hard to replicate on another Linux distro.\r\n\r\nFinally, check the output from:\r\n\r\n#ip a\r\n#ip r\r\n(#ifconfig and netstat -r for the old school)\r\n#dmesg\r\n#less /var/log/messages (or syslog)\r\n\r\nOf course wpa_cli (type help for some command to use)

  • \r\n

\r\nNote: \r\n

    \r\n

  • \r\n
    You cannot use “iwlist ra0 scan” while your interface is in monitor mode. Try this:

    \r\nifconfig ra0 down \r\n\r\niwconfig ra0 mode managed \r\n\r\nifconfig ra0 up \r\n\r\niwlist ra0 scan

  • \r\n

  • You can use wireshark to monitor your outcomming packets and see that none of them is bigger than that
  • \r\n

\r\n

\r\n

\r\n

\r\n

\r\n

Credits: Joey Bernard, Linux Journal

Fedora Server Installation Guide

After reading this article you you should able to configure Fedore server for post installation and configuration of\r\n

    \r\n

  • NTP Server
  • \r\n

  • SSH Server
  • \r\n

  • Apache Web Server
  • \r\n

  • SSL installation and Configuration
  • \r\n

  • FTP Server
  • \r\n

  • Setup Samba File Server
  • \r\n

  • MySQL Server
  • \r\n

  • PHPmyAdmin to manage mySQL database from remote locations.
  • \r\n

\r\n[1] Download Fedora and Make a DVD for installing Fedora. \r\n\r\nDownload Fedora installation DVD ISO-file from Fedora website http://fedoraproject.org/get-fedora. Burn DVD according to instructions described on Fedora website and install Fedora according to instructions. Documentation for Fedora installation is available at their web sites and links are listed as below: \r\n

\r\n[2] Install Fedora\r\n\r\nIn this article we’re focussing to setup Fedora 11 Server.\r\n\r\n[3] Configure Fedora 11\r\nInitial Configuration After Installing Fedora.\r\n\r\n[a] Add a new user. \r\n\r\nI used user name as ‘fedora’ on following examples, but set any names you like to use.\r\n\r\n[root@dlp ~]#useradd fedora\r\n[root@dlp ~]#passwd fedora\r\nChanging password for user fedora.\r\nNew UNIX password: # input password you want to set\r\nRetype new UNIX password: # verify\r\npasswd: all authentication tokens updated successfully.\r\n[root@dlp ~]#exit # logout\r\n\r\n[b] Try to switch by user that was added in section [1].\r\n\r\nns login: fedora # input user name\r\npassword: # input password\r\n[pixel@dlp ~]$su - # switch to root\r\nPassword: # input password for root\r\n[root@dlp ~]# # done to switching to root\r\n\r\n[c] Make ‘fedora’ user that was added in section [1] be only a user who can switch to root.\r\n\r\n[root@dlp ~]#vi /etc/group\r\n\r\n# line 11: add user\r\nWheel:x:10:root,fedora\r\n[root@dlp ~]#vi /etc/pam.d/su\r\n#%PAM-1.0\r\nauth sufficient pam_rootok.so\r\n# Uncomment the following line to implicitly trust users in the “wheel” group.\r\n#auth sufficient pam_wheel.so trust use_uid\r\n# Uncomment the following line to require a user to be in the “wheel” group.\r\n# remove ‘#’ that was on the head of line\r\nauth required pam_wheel.so use_uid\r\nauth include system-auth\r\naccount sufficient pam_succeed_if.so uid = 0 use_uid quiet\r\naccount include system-auth\r\npassword include system-auth\r\nsession include system-auth\r\nsession optional pam_xauth.so\r\n\r\n[root@dlp ~]#vi /etc/login.defs\r\n\r\n# add this line at the bottom\r\nSU_WHEEL_ONLY yes\r\n\r\n[d] Set config to forward mails for root to a user who is a system administrator you set as.\r\n\r\n[root@dlp ~]#vi /etc/aliases\r\n\r\n# Person who should get root’s mail\r\n# bottom: remove ‘#’ and add user name\r\nroot:fedora\r\n\r\n[root@dlp ~]#newaliases # set new aliases\r\n/etc/aliases: 77 aliases, longest 10 bytes, 776 bytes total\r\n\r\nFw & SELinux :\r\n\r\n[1] It’s unnecessarry to enable FireWall because it’s enable on the Routers, so Change it to disabled.\r\n\r\n[root@dlp ~]#/etc/rc.d/init.d/iptables stop\r\niptables: Flushing firewall rules: [OK]\r\niptables: Setting chains to policy ACCEPT: filter [OK]\r\niptables: Unloading iptables modules: [OK]\r\n\r\n[root@dlp ~]#chkconfig iptables off\r\n[root@dlp ~]#chkconfig ip6tables off\r\n\r\n[2] Change to disabled SELinux (Security-Enhanced Linux).\r\n\r\n[root@dlp ~]#vi /etc/sysconfig/selinux\r\n# This file controls the state of SELinux on the system.\r\n# SELINUX= can take one of these three values:\r\n# enforcing – SELinux security policy is enforced.\r\n# permissive – SELinux prints warnings instead of enforcing.\r\n# disabled – SELinux is fully disabled.\r\nSELINUX=disabled # change\r\n# SELINUXTYPE= type of policy in use. Possible values are:\r\n# targeted – Only targeted network daemons are protected.\r\n# strict – Full SELinux protection.\r\nSELINUXTYPE=targeted\r\n\r\n[4] Installing NTP Server :\r\n

It’s an example to install and Configure NTP server for system clock.

\r\n[root@dlp ~]#yum -y install ntp\r\nIt will install NTP packages\r\n\r\n[root@dlp ~]#mv /etc/ntp.conf /etc/ntp.conf.bk\r\n[root@dlp ~]#vi /etc/ntp.conf\r\n

# Set servers for synchronizing

\r\n

server ntp1.ssysadmin.com

\r\n

server ntp2.ssysadmin.com

\r\n[root@dlp ~]#/etc/rc.d/init.d/ntpd start\r\nStarting ntpd: [ OK ]\r\n\r\n[root@dlp ~]#chkconfig ntpd on\r\n[root@dlp ~]#ntpq -p\r\n\r\n[5] Installing SSH Server\r\n\r\n[1] Configure SSH server for Windows clietnts computer to be able to login from them. This is the way with Password Authentication.\r\n\r\n[root@dlp ~]#vi /etc/ssh/sshd_config\r\n

\r\n

# line 42: make valid and change ‘no’

\r\nPermitRootLogin no\r\n

# line 63: make valid

\r\nPermitEmptyPasswords no\r\nPasswordAuthentication yes\r\n[root@dlp ~]#/etc/rc.d/init.d/sshd restart\r\n\r\n[2] Get an appreciation which you can login from Windows clients by using PUTTY.\r\n\r\n

\r\n[6] Installing Apache Web Server\r\n\r\nThis is an example to build Web Server. Install Apache for it. In addition to do it, Install PHP and SSL because there are often used with Web Server. And it’s also neccessary to configure router so that TCP and UDP packets to 80 and 443 can pass through.\r\n\r\n[root@www ~]#yum -y install httpd php php-mbstring php-pear mod_ssl\r\n\r\n[root@www ~]#rm -f /etc/httpd/conf.d/welcome.conf\r\n\r\n[root@www ~]#rm -f /var/www/error/noindex.html\r\n[root@www ~]#ln -s /usr/bin/perl /usr/local/bin/perl\r\n\r\nHere is an example to configure Apache. I set it that users can open to the public their Web site and can execute CGI in any directories. ( SSI is disabled because it’s not used so often )\r\n\r\n[root@www ~]#vi /etc/httpd/conf/httpd.conf\r\n\r\nServerTokens Prod // line 44: change\r\nKeepAlive On // line 74: change to ON\r\nServerAdmin root@server-linux.info // line 250: Admin’s address\r\nServerName www.server-linux.info:80 // line 264: server’s name\r\nOptions FollowSymLinks ExecCGI // line 319: change (disable Indexes)\r\nAllowOverride All // line 326: change\r\n

#UserDir disable // line 354: make it comment

\r\nUserDir public_html // line 361: make valid\r\n

// line 369 – 380 : remove # and make valid

\r\nAllowOverride All // change\r\nOptions ExecCGI // CGI enabled\r\nOrder allow,deny\r\nAllow from all\r\nOrder deny,allow\r\nDeny from all\r\n

// line 390: add file name that it can access only with directory’s name

\r\nDirectoryIndex index.html index.cgi index.php\r\nServerSignature Off // line 523: change\r\n

#AddDefaultCharset UTF-8 // line 746: make it comment

\r\n

// line 777: make valid and add file-type that apache looks them CGI

\r\nAddHandler cgi-script .cgi.pl\r\n\r\n[root@www ~]#/etc/rc.d/init.d/httpd start\r\nStarting httpd:[ OK ]\r\n[root@www ~]#chkconfig httpd on\r\n\r\n[2] Create HTML test page to make sure Apache is working.\r\n\r\n[7] Config SSL\r\n\r\nConfigure for SSL that is installed in above section. We made a Certification File for SSL in this example, but if you use server for business, It’s better to buy and use a Certification File from CA like verisign.com, thawte.com, etc…\r\n\r\n[root@www ~]#cd /etc/pki/tls/certs\r\n[root@www certs]#make server.key\r\numask 77 ; \\r\n

/usr/bin/openssl genrsa -des3 1024 > server.key

\r\nGenerating RSA private key, 1024 bit long modulus\r\n………………………………………………++++++\r\n………….++++++\r\ne is 61251 (0x10001)\r\nEnter pass phrase: // input pass phrase\r\nVerifying – Enter pass phrase: // verify\r\n

// it’s troublesome to input pass phrase always, so remove it from private key

\r\n[root@www certs]#openssl rsa -in server.key -out server.key\r\nEnter pass phrase for server.key: // input pass phrase\r\nwriting RSA key\r\n[root@www certs]#make server.csr\r\numask 77 ; \\r\n

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter ‘.’, the field will be left blank.\r\n—–\r\nCountry Name (2 letter code) [GB]: US\r\nState or Province Name (full name) [Berkshire]:CO\r\nLocality Name (eg, city) [Newbury]:Denver\r\nOrganization Name (eg, company) [My Company Ltd]:sSysAdmin\r\nOrganizational Unit Name (eg, section) []:Security\r\nCommon Name (eg, your server’s hostname) []:www.ssysadmin.com\r\nEmail Address []:root@ssysadmin.com\r\nPlease enter the following ‘extra’ attributes\r\nto be sent with your certificate request\r\nA challenge password []: // Enter with empty\r\nAn optional company name []:// Enter with empty\r\n\r\n[root@www certs]#openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 // make CertificateFile\r\nSignature ok\r\nsubject=/C=US/ST=CO/L=Denver/O=sSysAdmin/OU=Security/CN=www.ssysadmin.com/\r\nemailAddress=root@ssysadmin.com Getting Private key\r\n[root@www certs]#chmod 400 server.*\r\n[root@www certs]#vi /etc/httpd/conf.d/ssl.conf\r\n\r\nDocumentRoot “/var/www/html” // line 84: make valid\r\nServerName www.ssysadmin.com:443 // line 85: make valid and change\r\nSSLCertificateFile /etc/pki/tls/certs/server.crt // line 112: change\r\nSSLCertificateKeyFile /etc/pki/tls/certs/server.key // line 119: change\r\n

[root@www certs]#/etc/rc.d/init.d/httpd restart\r\nStopping httpd: [ OK ]\r\nStarting httpd: [ OK ]

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

  Access to the page that is made in section (2) with https. Following window is shown because Certification File is not by CA. Click Ok to proceed.

\r\n[8] Installing FTP Server\r\n[1] Build FTP server to transfer files. Install and configure vsftpd for it.\r\n\r\n[root@www ~]#yum -y install vsftpd\r\n\r\n[root@www ~]#vi /etc/vsftpd/vsftpd.conf\r\n\r\nanonymous_enable= NO // line 12: no anonymous\r\nascii_upload_enable=YES // line 79: make valid\r\nascii_download_enable=YES (permit ascii mode transfer)\r\nchroot_list_enable=YES // line 94: make valid\r\n

\r\n

(enable chroot list)

\r\n

\r\nchroot_list_file=/etc/vsftpd/chroot_list // line 96: make valid\r\nls_recurse_enable=YES // line 102: make valid\r\nchroot_local_user=YES // bottom: enable chroot\r\n

local_root=public_html // root directory

\r\n

use_localtime=YES // use local time

\r\n[root@www ~]#vi /etc/vsftpd/chroot_list\r\n

fedora // write users you permit

\r\n[root@www ~]# /etc/rc.d/init.d/vsftpd start\r\nStarting vsftpd for vsftpd: [ OK ]\r\n[root@www ~]#chkconfig vsftpd on\r\n\r\n[9] Samba File Server\r\n\r\nBuild File server to share files between Windows computer and Linux Server computer. Install Samba for it. I created this File server in a GuestOS named ‘lan’ in this example.\r\n\r\n[root@lan ~]#yum -y install samba\r\nCreate a shared directory that anybody can read and write, and authentication is not needed.\r\n\r\n[1] Configure Samba\r\n[root@lan ~]#mkdir /home/share\r\n[root@lan ~]#chmod 777 /home/share\r\n[root@lan ~]#vi /etc/samba/smb.conf\r\n\r\nunix charset = UTF-8 // line 24: add the line\r\nworkgroup =WORKGROUP // line 27: change (Windows’ default)\r\nsecurity =share// line 35: change\r\nhosts allow =192.168.0. 127. // line 41: change IP address you permit\r\n

// add these lines at the bottom

\r\n

[Share] // any name you like\r\npath = /home/share // shared directory\r\nwritable = yes // OK to write\r\nguest ok = yes // guest OK\r\nguest only = yes // guest only\r\ncreate mode = 0777 // fully accessed\r\ndirectory mode = 0777 // fully accessed\r\nshare modes = yes

\r\n[root@lan ~]#/etc/rc.d/init.d/smb start\r\nStarting SMB services:[ OK ]\r\nStarting NMB services:[ OK ]\r\n[root@lan ~]#chkconfig smb on\r\n\r\n[10] Mysql\r\n\r\nInstall MySQL for database server.\r\n\r\n[root@www1 ~]# yum -y install mysql-server\r\n[root@www1 ~]# /etc/rc.d/init.d/mysqld start\r\n\r\n[root@www1 ~]#mysql -u root # login to MySQL\r\nWelcome to the MySQL monitor. Commands end with ; or \g.\r\nYour MySQL connection id is 2 to server version: 5.0.22\r\n\r\nType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.\r\n

# show user info

\r\nmysql>select user, host, password from mysql.user;\r\n

# delete user that has no password

\r\nmysql>delete from mysql.user where user=”;\r\nQuery OK, 2 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@localhost=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@’www1.server-linux.info’=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@127.0.0.1=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# show user info

\r\nmysql>select user,host,password from mysql.user;\r\n\r\nmysql>exit # logout\r\nBye\r\n[root@www1 ~]#mysql -u root -p # login with root\r\nEnter password: # password\r\nWelcome to the MySQL monitor. Commands end with ; or \g.\r\nYour MySQL connection id is 4 to server version: 5.0.22\r\n\r\nType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.\r\n\r\nmysql>exit\r\nBye\r\n\r\nInstall phpmyadmin to operate MySQL from Web browser. Webserver is also needed.\r\n\r\n[1] Install and configure phpmyadmin\r\n\r\n[root@www1 ~]#yum -y install phpMyAdmin php-mysql php-mcrypt\r\n[root@www1 ~]#vi /etc/phpMyAdmin/config.inc.php\r\n

# add this line around line 13

\r\n

# set password

\r\n

$cfg[‘blowfish_secret’] = ‘password’;

\r\n

# line 28: change

\r\n$cfg[‘Servers’][$i][‘auth_type’] = ‘cookie’;\r\n\r\n[root@www1 ~]#vi /etc/httpd/conf.d/phpMyAdmin.conf\r\n

# line 8: change

\r\nAlias /mysql /usr/share/phpMyAdmin\r\n# line 13: add IPs you permit\r\nAllow from 127.0.0.1 192.168.0.0/24\r\n\r\n[root@www1 ~]#/etc/rc.d/init.d/httpd reload\r\nReloading httpd: [ OK ]\r\n\r\n[2] Access to ‘http://(your hostname)/(alias name you set)/’  i.e. http://localhost/phpMyAdmin through  web browser.\r\n\r\nCredits: yuvalinux @ bs

How to Identify I/O Bottlenecks in MS SQL Server

Problem

\r\nWe experience regular slowdowns on our SQL Server databases. After analyzing the memory and CPU usage we would like to continue the root cause investigation by examining I/O bottlenecks. What is your recommendation to recognize I/O related bottlenecks in SQL Server?\r\n

Solution

\r\nThe I/O subsystem is a key factor when it comes to SQL Server performance since database pages are constantly moved in and out of the buffer pool. Also the transaction logs and tempDB generate significant I/O traffic. Therefore you have to ensure that your I/O subsystem performs as expected, otherwise you will be a victim of increased response times and frequent time-outs. In this tip I will describe some of the ways to identify I/O related bottlenecks using the built-in tools and provide some disk configuration ideas.\r\n\r\n


\r\n\r\n

Performance Monitor

\r\nYou can use Performance Monitor to check the load on your I/O subsystem. The following performance counters can be setup to check disk performance.\r\n\r\nThe PhysicalDisk Object: Avg. Disk Queue Length counter shows you the average number of read and write requests that were queued on the selected physical disk. The higher the number the more disk operations are waiting. It requires attention if this value frequently exceeds a value of 2 during peak usage of SQL Server.  If you have multiple drives you should take this number and divide by the number of drives in the array to see if the number is above 2.  For example, you have 4 drives and a disk queue length of 10, this would be 10/4 = 2.5, so this would be the value you want to use not 10.\r\n\r\nAvg. Disk Sec/Read and Avg. Disk Sec/Write shows the average time of a data reads and writes from/to the disk. It is good up to 10 ms, but it is still acceptable if less than 20 ms. Any higher value needs further investigation.\r\n\r\nPhysical Disk: %Disk Time is the ratio of elapsed time when the disk drive was busy with read or write requests. The rule of thumb for this value is that it should be below 50 percent.\r\n\r\nThe counters Disk Reads/Sec and Disk Writes/Sec show you the rate of read/write operations on the disk. It should be less than 85 percent of the disk capacity since the disk access time increases exponentially beyond this value.\r\n\r\nYou can determine the disk capacity by gradually increasing the load on the system. One way to do this is to use SQLIO.  You should look for the point where the throughput is constant, but the latency increases.\r\n\r\nYou can use the counters for RAID configurations with the following calculations:\r\nRaid 0: I/O per disk = (reads + writes) / number of disks\r\nRaid 1: I/O per disk = [reads + (writes*2)] / 2\r\nRaid 5: I/O per disk = [reads + (writes*4)] / number of disks\r\nRaid 10: I/O per disk = [reads + (writes*2)] / number of disks\r\n\r\nHere is an example of your I/O per disk for RAID 1, if we get these values from the counters:\r\n\r\nDisk Reads/sec = 90\r\nDisk Writes/sec = 75\r\nThe formula for I/O on a RAID-1 array is [reads + (writes*2)] / 2 or [90 + (75*2)] / 2 = 120 I/Os per disk\r\n\r\n


\r\n\r\n

Dynamic Management Views

\r\nThere are some useful Dynamic Management Views (DMVs) to check I/O bottlenecks.\r\n\r\nAn I/O latch wait occurs when a page is accessed for reading or writing but the page is not available in the buffer pool. It causes waits on PAGEIOLATCH_EX or PAGEIOLATCH_SH, depending upon the type of request. These wait types can indicate an I/O bottleneck. You can query the sys.dm_os_wait_stats DMV to find latch wait statistics. You can identify I/O problems if you save query outputs of waiting_task_counts and wait_time_ms values from a normal working state of your SQL Server and compare these values when performance is degraded.\r\n

\r\n

select *\r\nfrom sys.dm_os_wait_stats\r\nwhere wait_type like 'PAGEIOLATCH%'\r\norder by wait_type asc

\r\n

\r\nPending I/O requests can be found by querying the following DMVs and can be used to identify which disk is responsible for the bottleneck.\r\n

\r\n

select database_id,\r\n       file_id,\r\n       io_stall,\r\n       io_pending_ms_ticks,\r\n       scheduler_address\r\nfrom sys.dm_io_virtual_file_stats(NULL, NULL) iovfs,\r\n     sys.dm_io_pending_io_requests as iopior\r\nwhere iovfs.file_handle = iopior.io_handle

\r\n

\r\n \r\n\r\n


\r\n\r\n

Disk Fragmentation

\r\nI would recommend that you check the disk fragmentation and the configuration of your disks used by the SQL Server instance.\r\n\r\nFragmentation of files on NTFS can cause significant reductions in performance. Disks should be defragmented regularly and a defragmentation policy and plan should be put in place.  Research shows that in some cases a SAN can actually perform worse with defragmentation enabled thus SANs need to be treated on a case-by-case basis.\r\n\r\nFragmentation of indexes can also cause high I/O utilization on NTFS, but this does not have the same affect on SANs which perform better on random I/Os.\r\n\r\n


\r\n\r\n

Disk Configuration / Best Practices

\r\nAs a general rule, you should have log files on a physical disk that is separate from the data files for better performance.  The I/O profile for a heavily used database data files (including tempDB) are random. The I/O profile for all database log files are sequential except when a transaction needs to be rolled back.\r\n\r\nThe internal disks should only be used for database log files, because they excel at sequential I/O, but perform poorly on random I/Os.\r\n\r\nThe database data and log files should each be placed on their own dedicated disk packs. To ensure optimal performance, I recommend that the database log file be placed on two internal disks configured as RAID 1.  The database data file should reside on a SAN system which is only accessed by SQL Server and has controlled querying and reporting.  Ad hoc access should be disallowed.\r\n\r\nWrite caching should be enabled where possible and you should make sure the cache is protected from power failures and other possible failures.\r\n\r\nTo limit possible I/O bottlenecks for your OLTP system you should not mix OLAP and OLTP environments.   Also, make sure your code is tuned and create indexes where necessary to avoid unnecessary I/Os.\r\n\r\n \r\n

Next Steps

\r\n

    \r\n

  • Collect and compare performance counters
  • \r\n

  • Analyze DMV information
  • \r\n

  • Run SQL Server Profiler to find high Read and Write queries that can be tuned
  • \r\n

\r\n \r\n\r\n \r\n\r\nReference: Tybor Nagi, sql t!p\r\n\r\n 

Windows Vista Tip – EnabledLinkedConnections

Windows Vista LogoOn Windows Vista when you map a drive under your admin account you will find that your mapped drive is not available after you switch to your full token via a RunAs or Consent dialog. This is by design because there are actually two tokens in play here. What happens is the LSA recognized that you are admin at logon and creates two logons. The first with a “filtered” token or non-admin which is used to render your desktop and the other containing your full token to be available after consent dialogs.\r\n\r\nBecause there are two separate logons there are separate logon ID’s.  When network shares are mapped they are linked to the current logon session for the current process token. Meaning you don’t have access to the network drive from the alternate logon. This can come into play with logon scripts and a number of other areas where you may require access to a network share from both tokens.\r\n\r\nIf you set the following key it will change how SMB shares are mapped. They will be mapped to a token, which means that LSA will check to see if there is a linked token associated with the user session and add the network share to that location as well. Basically all of this means that after setting this drives will be accessible from both tokens no matter which they are mapped under.\r\n\r\nHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\r\n\r\nEnableLinkedConnections = 1 (DWord)\r\n\r\nDisclaimer: This is not supported by Microsoft and was never tested. Use at your own risk.\r\n\r\nNote: All images, brand names and code used in articles are property of their respective owners. Do not use them without written approval of the respective owner. Windows/ Windows 7 is trade mark of Microsoft Corporation.\r\n\r\n \r\n\r\n \r\n\r\nCredits to: Josh Phillips, Windows Connected