How to Improve Prerformance on Windows XP


Increase Startup and Navigation Speed of files and folders
1.    Open My Computer.
2.    Tools
3.    Options
4.    View tab
5.    Then uncheck automatically search for network folders and printers

Speed up Win Xp
1.    Open Regedit
2.    Hkey local machine
3.    Systems
4.    Current control set
5.    Control
6.    Session manager
7.    Memory management
8.    Disable paging execution – set value to 1
Improve NTFS Performance
1.    Regedit
2.    Hkey local machine
3.    Systems
4.    Current control set
5.    Control
6.    File system
7.    Add new DWORD Value
8.    ntfsDisableLastAccessUpdate- set value to 1
9.    reboot the system
Speedup Windows Menu
1.    regedit
2.    hkey current user
3.    control panel
4.    desktop
5.    menu show delay –set value to 0/1

Ext4 File System

The fourth extended file system was developed as the successor of the commonly used ext3 journaled file system. The ext4 file system has significant advantages over the ext3 and ext2 file systems.
Support for the ext4 file system has been available from the Linux kernel version 2.6.19 onwards and was officially declared stable in the Linux kernel version 2.6.28. All the latest versions of distributions like Ubuntu (9.04), Fedora (11) etc. include the ext4 file system.
The ext4 file system includes the “extent” approach to block management features used in JFS, and the delayed allocation feature of XFS.

The ext4 file system has major improvements in terms of performance, scalability, and reliability.
The following are a few notable features of ext4:

1. File System Size

Ext4 permits filesystems up to 1 exbibyte (2^60 bytes) size and files up to 16 tebibytes size (16 * 2^40 bytes). Whereas, the ext3 file system supports only a maximum filesystem size of 16 TB and a maximum file size of 2 TB. Another advantage of ext4 is its support for the creation of enormous number of sub directories under a directory. More than 64000 sub directories can be created under a directory(unlimited) in ext4, compared to 32000 in ext3.

2. Extents

The commonly used file systems of Unix/Linux like ext2 and ext3 use direct, indirect, double indirect, and triple indirect block mapping scheme to map file offsets to on-disk blocks. This is ideal for small files. However, in the case of large files, there will be a large number of mappings which will reduce performance, especially while seeking and deleting data. So extents were introduced to replace the block mapping scheme.
The concept extent means “a contiguous sequence of physical blocks”. Large files are split into several “extents”. The files are allocated to a ’single extent’ instead of a particular size, thus avoiding the indirect mapping of blocks. The inode stores up to 4 extents of a file and indexes the rest in an Htree (This is turned on by default in ext4). Thus extents allow less fragmentation (due to a sequential block allocation) and improves performance.

3. Delayed and Multiblock allocation

In ext4 file systems, multiblock allocation (mballoc) allocates multiple blocks for a file in a single operation, instead of allocating it one by one, as is the case in ext3. This will reduce the overhead of calling the “block allocator” several times and will optimize the allocation of memory.
In delayed allocation, if a function writes data onto a disk instead of allocating it at once, it will get stored in the cache. All data in the cache will be written only after “flush”-ing the cache. This technique is called “allocate-on-flush”. Thus the block allocator gets an opportunity to optimize the allocation using the “extents” concept.
The above mentioned techniques will reduce disk fragmentation.

4. Online defragmentation and fsck speed

The fragmentation rate is lesser in ext4 systems due to the utilization of techniques mentioned above. However, that does not mean zero percent fragmentation. Defragmentation, when required, can be done online using the tool “e4defrag”.
To do this, you will need to patch the kernel with some experimental features, which are available at:
http://www.kernel.org/pub/linux/kernel/people/tytso/ext4-patches/2.6.28-ext4-4/broken-out.tar.bz2.
The syntax is as follows:
e4defrag "path to file" : For defragmenting a file
e4defrag -r "directory/" : For defragmenting a directory
e4defrag /dev/sda1 : For defragmenting a partition
File system check (fsck) will normally take a lot of time to complete, especially in pass1 of e2fsck. To speed up the process in ext4, the inode table is updated with a list of unused blocks. This will allow the operation to skip these blocks while performing the check. In order to generate the list of unused blocks, you must run fsck atleast once.

5. Journal check summing

Ext4 uses the checksum of the journal to find out health of the journal blocks. This is used to avoid massive data corruption. You can turn off the journaling mode in ext4, if it causes overhead.

6. Persistent preallocation

Persistent preallocation allows the application to allocate contiguous blocks with a fixed size, before writing the data. This will ensure the following:
·         Lesser fragmentation (because blocks are allocated as contiguously as possible).
·         Ensure that applications have enough space to work.
This feature is appropriate for real time applications, databases and content streaming.

7. Inodes / Timestamps

The ext4 filesystem has a large inode size of 256 bytes by default whereas ext3 has only 128 bytes for inodes. The accuracy of the time stamp (Eg:- the modified time of a file) stored, is nano seconds instead of seconds in the case of ext3.

8. Backward compatibility

Ext3 file systems can be migrated to ext4 easily without formatting or reinstalling the OS, provided the kernel supports the ext4 file system.

Compiling the kernel with ext4 support

You can download the latest kernel from
http://www.kernel.org/pub/linux/kernel/v2.6/ and then enable ext4 support during “make menuconfig“.
Check out the steps in brief:
$ cp /boot/config- .config
$ make oldconfig
$ make menuconfig [Select ext4 under File systems]
The parameters in the config file are:
[root@bob linux-2.6.30]# cat .config | grep EXT4_FS
CONFIG_EXT4_FS=m
CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y

You can then compile the kernel with ‘make’ and install modules using ‘make modules_install’. The boot loader entries should then be edited followed by a machine reboot, to load the new kernel.
Refer http://bobcares.com/blog/?p=162 for more information about kernel recompilation.
The next step is to compile the latest stable version of e2fsprogs. This is available at:
http://ftp.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/.

$ ./configure
$ make && make install

Creating a new ext4 file system

This can be done using the command mkfs.ext4 [similar to mkfs.ext3]:
$ mkfs.ext4 /dev/sda1
OR
$ mke2fs -t ext4 /dev/sda1, where sda1 is the block device.
In order to mount the file system, use ‘-t ext4′ in the mount command:
$ mount -t ext4 /dev/sda1 /home1
To convert an ext3 file system to ext4, do the following:
Since ext4 is backward compatible you can simply mount the ext3 file system as ext4:

Make sure that you have a backup of the data before executing these commands.
$ mount -t ext4 /dev/sda2 /home2, where /dev/sda2 contains an ext3 file system.
You also have to tell the partition ‘/dev/sda2′ to use ext4 features since it was not formatted with ext4. To do this run:
$ tune2fs -O extents,uninit_bg,dir_index /dev/sda2
where extents will enable the “extents” feature, uninit_bg will enable the group checksums and dir_index will enable the “Htree indexes.”
Now, fsck has to be run on the partition, to check whether the settings altered by tune2fs are proper:
$ e2fsck -fpDC0 /dev/sda2, where f is for force checking, p is for automatic repair, D is for optimize directories and C0 is for printing a completion bar as it goes.
Ext2 file systems need to be converted to ext3 first using ‘tune2fs -j /dev/sda3‘ before being converted to ext4. This will enable the journal feature.

Limitations

After converting an existing file system to ext4, it will no longer be mountable as ext3 or ext2. Also, since the disk is not being formatted with the new file system, the ‘extents’ feature will not be available for existing files.
Another important thing to be noted is the ‘/boot/’ partition. If the machine does not have a separate partition for ‘/boot/’, converting the file system to ext4 will cause issues, since older versions of grub do not support ext4. A Fedora 11 fresh installation will not allow formatting of ‘/boot/’ with ext4. You will have to use ext3 instead. A newer version of grub [grub2 packages] is available with ext4 support, however it is not officially supported yet.

Conclusion

After the release of ext4 with the latest kernels, all new Linux distributions are switching the default file system to the faster ext4. The benchmark test conducted using the phoronix test suite for different file systems is available at: http://ftp.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/.
This file system will become the standard file system for Linux very soon.
http://www.ibm.com/developerworks/linux/library/l-ext4/
http://www.phoronix.com
http://kernelnewbies.org/Ext4
http://ext4.wiki.kernel.org/index.php/Ext4_Howto
http://www.ibm.com/developerworks/linux/library/l-anatomy-ext4/


SELinux: A Enhenced Secure Linux

Linux is a premium force in the web hosting industry, which is also achieving popularity as a PC operating system nowadays. When it comes to hosting a website, Linux web servers are primarily chosen due to their flexibility, stability and security of services. But as we all know, security of all operating systems revolve around controlling access and is hence subject to exploits. Since Linux is open source, vulnerabilities can be easily exploited by potential attackers to gain illegal access to a web server. As a measure of securing Linux at every level, from the kernel up, Security Enhanced Linux (SELinux) was developed.
The development of SELinux or Security Enhanced Linux was initiated by the National Security Agency, the University of Utah, and the Secure Computing Corporation. The architecture was called Flask operating system, implemented with mach micro kernel.
With this article, l will explain the basics of SELinux. SELinux implements MAC [Mandatory Access Control] instead of the traditional DAC [Discretionary Access Control].
DAC and Limitations
Linux distributions normally incorporate the Discretionary Access Control (DAC) mechanism, that lets resource owners decide who can access a resource and how.
DAC implements security by denying access based on the identity of groups to which the user belongs. Using DAC, there are two user levels in the OS; Administrator and Non-administrator. The administrator is simply the root user or a user with root privileges. If a non-administrator user is to have administrative privileges, the user has to be added, either to a wheel user group or in sudoers. Most often, full privileges will have to be given to this user.
It was soon realized that DAC was not the best solution, as it gave applications the privileges of the user running them. One compromised application running as root could ultimately affect the entire web server. In a compromised web server, through a global writable file or directory, malicious codes or softwares could get administrative privileges using setuid.
All these reasons led security experts to develop Mandatory Access Control (MAC), which grants access to resources as defined by a security policy, regardless of the user running the application.
MAC [Mandatory access control]
This is also called non-DAC. In simple terms, MAC uses the principle of least privilege, where processes/objects or users have the minimal privileges that are required for their normal functioning. Administrators can define security policies for subjects/objects, to interact with other parts of the system.
LSM (Linux Security Modules)
This framework was developed to support a variety of computing security models in the Linux kernel. LSM was released under GNU-GPL and is now part of all the latest Linux kernels. LSM enables the implementation of MAC, with least amount of changes in the Linux kernel.
In a web server, SELinux is based on two technologies: Type Enforcement and RBAC [role-based access control ]. Type enforcement, which is described in a policy file, defines a type for each subject/process and object. Each file has security labels and these labels contain the type of policy. They are stored in xattrs [called extended attributes]. By default, all interactions between subjects and objects will be denied in SELinux.
Using the policies, a matrix can be derived that defines the interactions of each process used by the Type Enforcement.
How to Enable/Disable SELinux?
SELinux is available in all major distros by default. During the installation of Linux [RedHat/Fedora], you will be prompted to enable or disable SELinux along with the firewall option.
In Fedora/Redhat, SELinux can be enabled or disabled by editing the file “/etc/selinux/config “. There are 3 modes for the parameter SELINUX. They are:
SELINUX = disabled
SELINUX = permissive
SELINUX = enforcing
The values ‘disabled‘ and ‘permissive‘ are mainly used to disable SELinux in a server.
The value “disabled” will completely switch off SELinux. All operations will be allowed to work normally and the policies of security attributes will not have any effect on the services or files.
The value “permissive” will allow all operations, but logs those which can be denied using the policy. All warnings get logged, thereby allowing the audit of each process interaction for creating corresponding policy rules.
To disable SELinux in a live server temporarily, you may change the value of /selinux/enforce to zero.
echo 1 >/selinux/enforce : Enable
echo 0 >/selinux/enforce : Disable
cat /selinux/enforce : Check status
If the Linux distro used in a web hosting server does not have the file /etc/selinux/config, SELinux can be disabled or enabled by adding the line “enforcing=0” or “enforcing=1” to grub.conf under /boot of the web server.
Re-enabling SELinux in a server needs relabeling of all files in the server. The server needs to be booted in permissive mode and then the following command has to be run to relabel the files.
fixfiles relabel
This can be also achieved by creating a file named autorelabel [like autofsck]. It will be processed in the next reboot of the web server.
After getting the system fully labelled, the status needs to be changed to “enforcing”, to make SELinux fully functional.
SELinux Boot Process
Unlike the normal boot process, the following are the steps performed during the boot up of an SELinux enabled kernel.
·         The kernel will run as kernel_t and all applications will use it.
·         The /sbin/init process which is also running as kernel_t will load the policy file to the kernel.
·         After the init load, it will be re-executed and gets labelled as init_exec_t
·         When kernel_t executes init_exec_t applications, it will be switched to init_t, which is a rule hard coded in the kernel. Now init will be running as init_t.
·         When init_t executes an application, say sysinit which is labelled as initrc_exec_t, the transition to initrc_exec will be performed as per the rule.
·         This process will continue.
For all other processes, the kernel will check the policy file and grant or deny access, as per the rules written. The denied messages will be logged for reference.
To know more about policy files, refer the following links.
If a program is compromised, SeLinux does not permit further access to the system, rather, it restricts access to the infected system. SELinux also protects data from being shared incorrectly. SELinux can also be used with distros other than Redhat and Fedora - Debian [as of etch release], Ubuntu [from version 8.x], Yellow Dog Linux, Gentoo, Slackware are supported.
With SELinux in place, it is possible for web hosts to offer a better and highly secure web space. There are other security models too, used in Linux, instead of SELinux. Grsecurity, AppArmor, Rule Set Based Access Control [RSBAC], PaX are a few of them.
REFERENCES

How install MRTG on linux?

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.

Here are the steps those I followed :

====
Installing Library zlib :

................
wget http://www.gzip.org/zlib/zlib-1.1.4.tar.gz
tar -xvzf zlib-1.1.4.tar.gz
mv zlib-1.1.4 zlib
cd zlib
./configure
make
cd ..
................

Installing Library libpng :

................
wget http://public.planetmirror.com/pub/sourceforge/l/li/libpng/libpng-1.0.15.tar.gz
tar -xvzf libpng-1.0.15.tar.g
mv libpng-1.0.15 libpng
cd libpng
make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
cd ..
................

Installing Library gd :

................
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz
tar -xvzf gd-1.8.4.tar.gz
mv gd-1.8.4 gd
cd gd

perl -i~ -p -e s/gd_jpeg.o//g Makefile
make INCLUDEDIRS="-I. -I../zlib -I../libpng" \
LIBDIRS="-L../zlib -L. -L../libpng" \
LIBS="-lgd -lpng -lz -lm" \
CFLAGS="-O -DHAVE_LIBPNG"
cd ..
................

Installing MRTG:

.................
cd /usr/local/src
wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.15.0.tar.gz
gunzip -c mrtg-2.15.0.tar.gz | tar xvf -
cd mrtg-2.15.0
./configure --prefix=/usr/local/mrtg-2 \
--with-gd=/usr/local/src/gd \
--with-z=/usr/local/src/zlib \
--with-png=/usr/local/src/libpng
make
make install
.................

Configuration :-

..................
cd /usr/local/src/mrtg-2.15.0/bin

cfgmaker --global 'WorkDir: /home/yourusername/public_html/mrtg' \
--global 'Options[_]: bits,growright' \
--output /usr/local/mrtg-2/mrtg.cfg \
public@localserver
..................

setup cron :

*/5 * * * * root "env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/mrtg.cfg" --logging /var/log/mrtg.log

View the MRTG :

htpp://localhost/mrtg

Compile & Upgrade Linux kernel 2.6

Compiling custom kernel has its own advantages and disadvantages. However, new Linux user / admin find it difficult to compile Linux kernel. Compiling kernel needs to understand few things and then just type couple of commands. This step by step howto covers compiling Linux kernel version 2.6.xx under Debian GNU Linux. However, instructions remains the same for any other distribution except for apt-get command.
Step # 1 Get Latest Linux kernel code
Visit http://kernel.org/ and download the latest source code. File name would be linux-x.y.z.tar.bz2, where x.y.z is actual version number. For example file inux-2.6.25.tar.bz2 represents 2.6.25 kernel version. Use wget command to download kernel source code:
$ cd /tmp
$ wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2
Note: Replace x.y.z with actual version number.
Step # 2 Extract tar (.tar.bz3) file
Type the following command:
# tar -xjvf linux-2.6.25.tar.bz2 -C /usr/src
# cd /usr/src
Step # 3 Configure kernel
Before you configure kernel make sure you have development tools (gcc compilers and related tools) are installed on your system. If gcc compiler and tools are not installed then use apt-get command under Debian Linux to install development tools.
# apt-get install gcc
Now you can start kernel configuration by typing any one of the command:
  • $ make menuconfig - Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
  • $ make xconfig - X windows (Qt) based configuration tool, works best under KDE desktop
  • $ make gconfig - X windows (Gtk) based configuration tool, works best under Gnome Dekstop.
For example make menuconfig command launches following screen:
$ make menuconfig
You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.
Step # 4 Compile kernel
Start compiling to create a compressed kernel image, enter:
$ make
Start compiling to kernel modules:
$ make modules
Install kernel modules (become a root user, use su command):
$ su -
# make modules_install
Step # 5 Install kernel
So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.
# make install
It will install three files into /boot directory as well as modification to your kernel grub configuration file:
  • System.map-2.6.25
  • config-2.6.25
  • vmlinuz-2.6.25
Step # 6: Create an initrd image
Type the following command at a shell prompt:
# cd /boot
# mkinitrd -o initrd.img-2.6.25 2.6.25
initrd images contains device driver which needed to load rest of the operating system later on. Not all computer requires initrd, but it is safe to create one.
Step # 7 Modify Grub configuration file - /boot/grub/menu.lst
Open file using vi:
# vi /boot/grub/menu.lst
title           Debian GNU/Linux, kernel 2.6.25 Default
root            (hd0,0)
kernel          /boot/vmlinuz root=/dev/hdb1 ro
initrd          /boot/initrd.img-2.6.25
savedefault
boot
Remember to setup correct root=/dev/hdXX device. Save and close the file. If you think editing and writing all lines by hand is too much for you, try out update-grub command to update the lines for each kernel in /boot/grub/menu.lst file. Just type the command:
# update-grub
Neat. Huh?
Step # 8 : Reboot computer and boot into your new kernel
Just issue reboot command:
# reboot